app/src/main/java/org/opencord/aaa/impl/PortBasedRadiusCommunicator.java

/*
 * Copyright 2017-present Open Networking Foundation
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.opencord.aaa.impl;

import com.google.common.collect.Maps;
import org.onlab.packet.ARP;
import org.onlab.packet.DeserializationException;
import org.onlab.packet.EthType;
import org.onlab.packet.Ethernet;
import org.onlab.packet.IPv4;
import org.onlab.packet.Ip4Address;
import org.onlab.packet.MacAddress;
import org.onlab.packet.RADIUS;
import org.onlab.packet.TpPort;
import org.onlab.packet.UDP;
import org.onosproject.core.ApplicationId;
import org.onosproject.mastership.MastershipEvent;
import org.onosproject.mastership.MastershipListener;
import org.onosproject.mastership.MastershipService;
import org.onosproject.net.ConnectPoint;
import org.onosproject.net.device.DeviceEvent;
import org.onosproject.net.device.DeviceListener;
import org.onosproject.net.device.DeviceService;
import org.onosproject.net.flow.DefaultTrafficSelector;
import org.onosproject.net.flow.DefaultTrafficTreatment;
import org.onosproject.net.flow.TrafficSelector;
import org.onosproject.net.flow.TrafficTreatment;
import org.onosproject.net.packet.DefaultOutboundPacket;
import org.onosproject.net.packet.InboundPacket;
import org.onosproject.net.packet.OutboundPacket;
import org.onosproject.net.packet.PacketContext;
import org.onosproject.net.packet.PacketService;
import org.opencord.aaa.AaaConfig;
import org.opencord.aaa.RadiusCommunicator;
import org.opencord.sadis.BaseInformationService;
import org.opencord.sadis.SubscriberAndDeviceInformation;
import org.slf4j.Logger;

import java.net.InetAddress;
import java.nio.ByteBuffer;
import java.util.Map;
import java.util.Set;

import static org.onosproject.net.packet.PacketPriority.CONTROL;
import static org.slf4j.LoggerFactory.getLogger;

/**
 * Handles communication with the RADIUS server through ports
 * of the SDN switches.
 */
public class PortBasedRadiusCommunicator implements RadiusCommunicator {

    // for verbose output
    private final Logger log = getLogger(getClass());

    // our unique identifier
    private ApplicationId appId;

    // to receive Packet-in events that we'll respond to
    PacketService packetService;

    DeviceService deviceService;

    MastershipService mastershipService;

    BaseInformationService<SubscriberAndDeviceInformation> subsService;

    // to store local mapping of IP Address and Serial No of Device
    private Map<Ip4Address, String> ipToSnMap;

    // connect points to the RADIUS server
    Set<ConnectPoint> radiusConnectPoints;

    // Parsed RADIUS server addresses
    protected InetAddress radiusIpAddress;

    // RADIUS server TCP port number
    protected short radiusServerPort;

    protected String radiusMacAddress;

    // NAS IP address
    protected InetAddress nasIpAddress;

    protected String nasMacAddress;

    // RADIUS server Vlan ID
    private short radiusVlanID;

    // RADIUS p-bit
    private byte radiusPBit;

    PacketCustomizer pktCustomizer;
    AaaManager aaaManager;
    ConnectPoint radiusServerConnectPoint = null;

    InnerMastershipListener changeListener = new InnerMastershipListener();
    InnerDeviceListener deviceListener = new InnerDeviceListener();

    PortBasedRadiusCommunicator(ApplicationId appId, PacketService pktService,
                                MastershipService masService, DeviceService devService,
                                BaseInformationService<SubscriberAndDeviceInformation> subsService,
                                PacketCustomizer pktCustomizer, AaaManager aaaManager) {
        this.appId = appId;
        this.packetService = pktService;
        this.mastershipService = masService;
        this.deviceService = devService;
        this.subsService = subsService;
        this.pktCustomizer = pktCustomizer;
        this.aaaManager = aaaManager;

        ipToSnMap = Maps.newConcurrentMap();
        mastershipService.addListener(changeListener);
        deviceService.addListener(deviceListener);

        log.info("Created PortBased");
    }

    private void initializeLocalState() {
        synchronized (this) {
            radiusServerConnectPoint = null;
            if (radiusConnectPoints != null) {
                // find a connect point through a device for which we are master
                for (ConnectPoint cp: radiusConnectPoints) {
                    if (mastershipService.isLocalMaster(cp.deviceId())) {
                        if (deviceService.isAvailable(cp.deviceId())) {
                            radiusServerConnectPoint = cp;
                        }
                        break;
                    }
                }
            }

            log.info("RADIUS connectPoint in initializeLocalState is {}", radiusServerConnectPoint);

            if (radiusServerConnectPoint == null) {
                log.error("Master of none, can't send radius Message to server");
            }
        }
    }

    @Override
    public void initializeLocalState(AaaConfig newCfg) {
        if (newCfg.nasIp() != null) {
            nasIpAddress = newCfg.nasIp();
        }
        if (newCfg.radiusIp() != null) {
            radiusIpAddress = newCfg.radiusIp();
        }
        if (newCfg.radiusMac() != null) {
            radiusMacAddress = newCfg.radiusMac();
        }
        if (newCfg.nasMac() != null) {
            nasMacAddress = newCfg.nasMac();
        }

        radiusServerPort = newCfg.radiusServerUdpPort();
        radiusVlanID = newCfg.radiusServerVlanId();
        radiusPBit = newCfg.radiusServerPBit();

        radiusConnectPoints = newCfg.radiusServerConnectPoints();

        initializeLocalState();
    }

    @Override
    public void clearLocalState() {
        mastershipService.removeListener(changeListener);
        deviceService.removeListener(deviceListener);
    }

    @Override
    public void deactivate() {
        mastershipService.removeListener(changeListener);
        deviceService.removeListener(deviceListener);
    }

    @Override
    public void requestIntercepts() {
        TrafficSelector.Builder selectorArpServer = DefaultTrafficSelector.builder()
                .matchEthType(Ethernet.TYPE_ARP);
        packetService.requestPackets(selectorArpServer.build(), CONTROL, appId);

        TrafficSelector.Builder selectorServer = DefaultTrafficSelector.builder()
                .matchEthType(Ethernet.TYPE_IPV4)
                .matchIPProtocol(IPv4.PROTOCOL_UDP)
                .matchUdpSrc(TpPort.tpPort(radiusServerPort));
        packetService.requestPackets(selectorServer.build(), CONTROL, appId);

        TrafficSelector.Builder selector = DefaultTrafficSelector.builder();
               selector.matchEthType(EthType.EtherType.EAPOL.ethType().toShort());
               packetService.requestPackets(selector.build(), CONTROL, appId);
    }

    @Override
    public void withdrawIntercepts() {
        TrafficSelector.Builder selectorArpServer = DefaultTrafficSelector.builder()
                .matchEthType(Ethernet.TYPE_ARP);
        packetService.cancelPackets(selectorArpServer.build(), CONTROL, appId);

        TrafficSelector.Builder selectorServer = DefaultTrafficSelector.builder()
                .matchEthType(Ethernet.TYPE_IPV4)
                .matchIPProtocol(IPv4.PROTOCOL_UDP)
                .matchUdpSrc(TpPort.tpPort(radiusServerPort));
        packetService.cancelPackets(selectorServer.build(), CONTROL, appId);

        TrafficSelector.Builder selector = DefaultTrafficSelector.builder();
        selector.matchEthType(EthType.EtherType.EAPOL.ethType().toShort());
        packetService.cancelPackets(selector.build(), CONTROL, appId);
    }

    @Override
    public void sendRadiusPacket(RADIUS radiusPacket, InboundPacket inPkt) {
        // create the packet
        Ethernet ethReply = new Ethernet();
        ethReply.setSourceMACAddress(nasMacAddress);
        ethReply.setDestinationMACAddress(radiusMacAddress);
        ethReply.setEtherType(Ethernet.TYPE_IPV4);
        ethReply.setVlanID(radiusVlanID);
        ethReply.setPriorityCode(radiusPBit);

        IPv4 ipv4Packet = new IPv4();
        ipv4Packet.setTtl((byte) 64);
        ipv4Packet.setSourceAddress(Ip4Address.
                valueOf(nasIpAddress).toInt());
        ipv4Packet.setDestinationAddress(Ip4Address.
                valueOf(radiusIpAddress).toInt());

        UDP udpPacket = new UDP();
        udpPacket.setSourcePort(radiusServerPort);
        udpPacket.setDestinationPort(radiusServerPort);

        udpPacket.setPayload(radiusPacket);
        ipv4Packet.setPayload(udpPacket);
        ethReply.setPayload(ipv4Packet);

        // store the IP address and SN of the device, later to be used
        // for ARP responses
        String serialNo = deviceService.getDevice(inPkt.
                receivedFrom().deviceId()).serialNumber();

        SubscriberAndDeviceInformation deviceInfo = subsService.get(serialNo);

        if (deviceInfo == null) {
            log.warn("No Device found with SN {}", serialNo);
            aaaManager.radiusOperationalStatusService.setStatusServerReqSent(false);
            return;
        }

        if (radiusPacket.getIdentifier() == RadiusOperationalStatusManager.AAA_REQUEST_ID_STATUS_REQUEST ||
                radiusPacket.getIdentifier() == RadiusOperationalStatusManager.AAA_REQUEST_ID_FAKE_ACCESS_REQUEST) {
            aaaManager.radiusOperationalStatusService.setOutTimeInMillis(radiusPacket.getIdentifier());
        } else {
            aaaManager.aaaStatisticsManager.putOutgoingIdentifierToMap(radiusPacket.getIdentifier());
        }

        Ip4Address ipAddress = deviceInfo.ipAddress();
        if (ipAddress != null) {
            ipToSnMap.put(ipAddress, serialNo);
        } else {
            log.warn("Cannot Map IpAddress to SerialNo : ipAddress = {}", ipAddress);
        }

        // send the message out
        sendFromRadiusServerPort(pktCustomizer.
                customizeEthernetIPHeaders(ethReply, inPkt));
        aaaManager.radiusOperationalStatusService.setStatusServerReqSent(true);
    }

    /**
     * Sends packet to the RADIUS server using one of the switch ports.
     *
     * @param packet Ethernet packet to be sent
     */
    private void sendFromRadiusServerPort(Ethernet packet) {
        if (radiusServerConnectPoint != null) {
            log.trace("AAA Manager sending Ethernet packet = {}", packet);
            TrafficTreatment t = DefaultTrafficTreatment.builder()
                    .setOutput(radiusServerConnectPoint.port()).build();
            OutboundPacket o = new DefaultOutboundPacket(
                    radiusServerConnectPoint.deviceId(), t, ByteBuffer.wrap(packet.serialize()));
            packetService.emit(o);
        } else {
            log.error("Unable to send RADIUS packet, connectPoint is null");
        }
    }

    @Override
    public void handlePacketFromServer(PacketContext context) {
        // Extract the original Ethernet frame from the packet information
        InboundPacket pkt = context.inPacket();
        Ethernet ethPkt = pkt.parsed();
        if (ethPkt == null) {
            return;
        }

        // identify if incoming packet
        switch (EthType.EtherType.lookup(ethPkt.getEtherType())) {
            case ARP:
                handleArpPacketFromServer(context);
                break;
            case IPV4:
                handleIPv4PacketFromServer(context);
                break;
            default:
                log.debug("Skipping Ethernet packet type {}",
                        EthType.EtherType.lookup(ethPkt.getEtherType()));
        }
    }

    /**
     * Handles ARP packets from RADIUS server.
     *
     * @param context Context for the packet
     */
    private void handleArpPacketFromServer(PacketContext context) {
        // Extract the original Ethernet frame from the packet information
        InboundPacket pkt = context.inPacket();
        Ethernet ethPkt = pkt.parsed();
        if (ethPkt == null) {
            return;
        }

        ARP arpPacket = (ARP) ethPkt.getPayload();

        Ip4Address targetAddress = Ip4Address.valueOf(arpPacket.
                getTargetProtocolAddress());

        String serialNo = ipToSnMap.get(targetAddress);
        if (serialNo == null) {
            log.info("No mapping found for ARP reply, target address {}",
                    targetAddress);
            return;
        }
        MacAddress senderMac = subsService.get(serialNo).hardwareIdentifier();
        if (senderMac == null) {
            log.warn("ARP resolution, MAC address not found for SN {}", serialNo);
            return;
        }

        ARP arpReply = (ARP) arpPacket.clone();
        arpReply.setOpCode(ARP.OP_REPLY);
        arpReply.setTargetProtocolAddress(arpPacket.getSenderProtocolAddress());
        arpReply.setTargetHardwareAddress(arpPacket.getSenderHardwareAddress());
        arpReply.setSenderProtocolAddress(arpPacket.getTargetProtocolAddress());
        arpReply.setSenderHardwareAddress(senderMac.toBytes());

        log.debug("AAA Manager: Query for ARP of IP : {}", arpPacket.getTargetProtocolAddress());

        // Ethernet Frame.
        Ethernet ethReply = new Ethernet();
        ethReply.setSourceMACAddress(senderMac);
        ethReply.setDestinationMACAddress(ethPkt.getSourceMAC());
        ethReply.setEtherType(Ethernet.TYPE_ARP);
        ethReply.setVlanID(radiusVlanID);
        ethReply.setPriorityCode(ethPkt.getPriorityCode());

        ethReply.setPayload(arpReply);
        sendFromRadiusServerPort(ethReply);
    }

    /**
     * Handles IP packets from RADIUS server.
     *
     * @param context Context for the packet
     */
    private void handleIPv4PacketFromServer(PacketContext context) {
        // Extract the original Ethernet frame from the packet information
        InboundPacket pkt = context.inPacket();
        Ethernet ethPkt = pkt.parsed();
        if (ethPkt == null) {
            return;
        }

        IPv4 ipv4Packet = (IPv4) ethPkt.getPayload();

        if (ipv4Packet.getProtocol() == IPv4.PROTOCOL_UDP) {
            UDP udpPacket = (UDP) ipv4Packet.getPayload();

            if (udpPacket.getSourcePort() == radiusServerPort) {
                //This packet is RADIUS packet from the server.
                RADIUS radiusMsg;
                try {
                    radiusMsg =
                            RADIUS.deserializer()
                                    .deserialize(udpPacket.serialize(),
                                            8,
                                            udpPacket.getLength() - 8);
                    aaaManager.aaaStatisticsManager.handleRoundtripTime(radiusMsg.getIdentifier());
                    aaaManager.handleRadiusPacket(radiusMsg);
                } catch (DeserializationException dex) {
                    log.error("Cannot deserialize packet", dex);
                }
            }
        }
    }

    /**
     * Handles Mastership changes for the devices which connect
     * to the RADIUS server.
     */
    private class InnerMastershipListener implements MastershipListener {
        @Override
        public void event(MastershipEvent event) {
            if (radiusServerConnectPoint != null &&
                    radiusServerConnectPoint.deviceId().
                            equals(event.subject())) {
                log.trace("Mastership Event recevived for {}", event.subject());
                // mastership of the device for our connect point has changed
                // reselect
                initializeLocalState();
            }
        }
    }

    /**
     * Handles Device status change for the devices which connect
     * to the RADIUS server.
     */
    private class InnerDeviceListener implements DeviceListener {
        @Override
        public void event(DeviceEvent event) {
            log.trace("Device Event recevived for {} event {}", event.subject(), event.type());
            if (radiusServerConnectPoint == null) {
                switch (event.type()) {
                    case DEVICE_ADDED:
                    case DEVICE_AVAILABILITY_CHANGED:
                        // some device is available check if we can get one
                        initializeLocalState();
                        break;
                    default:
                        break;
                }
                return;
            }
            if (radiusServerConnectPoint.deviceId().
                    equals(event.subject().id())) {
                switch (event.type()) {
                    case DEVICE_AVAILABILITY_CHANGED:
                    case DEVICE_REMOVED:
                    case DEVICE_SUSPENDED:
                        // state of our device has changed, check if we need
                        // to re-select
                        initializeLocalState();
                        break;
                    default:
                        break;
                }
            }
        }
    }
}