Gitiles
Code Review Sign In
gerrit.opencord.org / aaa / refs/heads/aaa-1.10 / . / app / src / main / java / org / opencord / aaa / impl / AaaManager.java
blob: 1c42ef5324118373285dbc7f0c898d42e6cdc29e [file] [log] [blame]
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]1/*
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]2 * Copyright 2017-present Open Networking Foundation
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
Matteo Scandolocf847b82019-04-26 15:00:00 -0700[diff] [blame]16package org.opencord.aaa.impl;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]17
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]18import static org.onosproject.net.config.basics.SubjectFactories.APP_SUBJECT_FACTORY;
19import static org.slf4j.LoggerFactory.getLogger;
20
Girish Kumar8bc4eb32020-02-04 08:32:46 +0000[diff] [blame]21import com.google.common.collect.Sets;
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]22import java.net.InetAddress;
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]23import java.net.UnknownHostException;
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]24import java.nio.ByteBuffer;
25import java.util.Map;
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]26import java.util.Dictionary;
27import java.util.HashSet;
Vijaykumar Kushwaha056e4cd2019-08-06 13:16:25 +0000[diff] [blame]28import java.util.Arrays;
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]29import java.util.List;
Girish Kumar8bc4eb32020-02-04 08:32:46 +0000[diff] [blame]30import java.util.Set;
31import java.util.Map.Entry;
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]32
Jonathan Hart932bedc2018-07-12 13:46:09 -0700[diff] [blame]33import org.apache.commons.lang3.builder.ToStringBuilder;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]34import org.apache.felix.scr.annotations.Component;
35import org.apache.felix.scr.annotations.Deactivate;
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]36import org.apache.felix.scr.annotations.Property;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]37import org.apache.felix.scr.annotations.Reference;
38import org.apache.felix.scr.annotations.ReferenceCardinality;
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]39import org.apache.felix.scr.annotations.Service;
Jonathan Hart4731dd92018-05-02 17:30:05 -0700[diff] [blame]40import org.onlab.packet.DeserializationException;
Jonathan Harta46dddf2015-06-30 15:31:20 -0700[diff] [blame]41import org.onlab.packet.EAP;
42import org.onlab.packet.EAPOL;
43import org.onlab.packet.EthType;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]44import org.onlab.packet.Ethernet;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]45import org.onlab.packet.MacAddress;
Jonathan Harta46dddf2015-06-30 15:31:20 -0700[diff] [blame]46import org.onlab.packet.RADIUS;
47import org.onlab.packet.RADIUSAttribute;
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]48import org.onlab.util.Tools;
49import org.onosproject.cfg.ComponentConfigService;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]50import org.onosproject.core.ApplicationId;
51import org.onosproject.core.CoreService;
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]52import org.onosproject.event.AbstractListenerManager;
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]53import org.onosproject.mastership.MastershipService;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]54import org.onosproject.net.ConnectPoint;
55import org.onosproject.net.DeviceId;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]56import org.onosproject.net.PortNumber;
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]57import org.onosproject.net.config.ConfigFactory;
58import org.onosproject.net.config.NetworkConfigEvent;
59import org.onosproject.net.config.NetworkConfigListener;
60import org.onosproject.net.config.NetworkConfigRegistry;
Amit Ghoshf739be52017-09-21 15:49:37 +0100[diff] [blame]61import org.onosproject.net.device.DeviceEvent;
62import org.onosproject.net.device.DeviceListener;
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]63import org.onosproject.net.device.DeviceService;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]64import org.onosproject.net.flow.DefaultTrafficTreatment;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]65import org.onosproject.net.flow.TrafficTreatment;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]66import org.onosproject.net.packet.DefaultOutboundPacket;
67import org.onosproject.net.packet.InboundPacket;
68import org.onosproject.net.packet.OutboundPacket;
69import org.onosproject.net.packet.PacketContext;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]70import org.onosproject.net.packet.PacketProcessor;
71import org.onosproject.net.packet.PacketService;
Matteo Scandolocf847b82019-04-26 15:00:00 -0700[diff] [blame]72import org.opencord.aaa.AaaConfig;
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]73import org.opencord.aaa.AaaMachineStatisticsEvent;
74import org.opencord.aaa.AaaMachineStatisticsService;
75import org.opencord.aaa.AaaSupplicantMachineStats;
Matteo Scandolocf847b82019-04-26 15:00:00 -0700[diff] [blame]76import org.opencord.aaa.AuthenticationEvent;
77import org.opencord.aaa.AuthenticationEventListener;
78import org.opencord.aaa.AuthenticationService;
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]79import org.opencord.aaa.AuthenticationStatisticsEvent;
80import org.opencord.aaa.AuthenticationStatisticsService;
Matteo Scandolocf847b82019-04-26 15:00:00 -0700[diff] [blame]81import org.opencord.aaa.RadiusCommunicator;
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]82import org.opencord.aaa.RadiusOperationalStatusEvent;
83import org.opencord.aaa.RadiusOperationalStatusService;
Matteo Scandolocf847b82019-04-26 15:00:00 -0700[diff] [blame]84import org.opencord.aaa.StateMachineDelegate;
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]85import org.opencord.aaa.RadiusOperationalStatusService.RadiusOperationalStatusEvaluationMode;
Gamze Abaka1cfdb192018-10-25 11:39:19 +0000[diff] [blame]86import org.opencord.sadis.BaseInformationService;
87import org.opencord.sadis.SadisService;
88import org.opencord.sadis.SubscriberAndDeviceInformation;
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]89import org.osgi.service.component.ComponentContext;
Kartikey Dubeyf72e1952019-06-24 07:09:00 +0000[diff] [blame]90import org.apache.felix.scr.annotations.Modified;
91import org.apache.felix.scr.annotations.Activate;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]92import org.slf4j.Logger;
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]93import com.google.common.base.Strings;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]94
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]95import java.util.concurrent.Executors;
96import java.util.concurrent.ScheduledExecutorService;
97import java.util.concurrent.ScheduledFuture;
98import java.util.concurrent.TimeUnit;
Vijaykumar Kushwaha056e4cd2019-08-06 13:16:25 +0000[diff] [blame]99
100import javax.crypto.Mac;
101import javax.crypto.spec.SecretKeySpec;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]102/**
Jonathan Harta46dddf2015-06-30 15:31:20 -0700[diff] [blame]103 * AAA application for ONOS.
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]104 */
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]105@Service
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]106@Component(immediate = true)
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]107public class AaaManager
108 extends AbstractListenerManager<AuthenticationEvent, AuthenticationEventListener>
109 implements AuthenticationService {
110
Charles Chandf7ff862017-01-20 11:22:05 -0800[diff] [blame]111 private static final String APP_NAME = "org.opencord.aaa";
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]112
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]113 private final Logger log = getLogger(getClass());
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]114
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]115 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
116 protected CoreService coreService;
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]117
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]118 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
119 protected PacketService packetService;
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]120
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]121 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]122 protected NetworkConfigRegistry netCfgService;
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]123
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]124 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
125 protected DeviceService deviceService;
126
127 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
Gamze Abaka1cfdb192018-10-25 11:39:19 +0000[diff] [blame]128 protected SadisService sadisService;
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]129
130 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
131 protected MastershipService mastershipService;
132
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]133 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
134 protected AuthenticationStatisticsService aaaStatisticsManager;
Gamze Abaka1cfdb192018-10-25 11:39:19 +0000[diff] [blame]135
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]136 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]137 protected AaaMachineStatisticsService aaaSupplicantStatsManager;
138
139 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]140 protected ComponentConfigService cfgService;
141
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]142 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
143 protected RadiusOperationalStatusService radiusOperationalStatusService;
144
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]145 protected AuthenticationStatisticsEventPublisher authenticationStatisticsPublisher;
146 protected BaseInformationService<SubscriberAndDeviceInformation> subsService;
Sonal Kasliwal6f2246d2020-01-30 08:42:42 +0000[diff] [blame]147 protected final DeviceListener deviceListener = new InternalDeviceListener();
Amit Ghoshf739be52017-09-21 15:49:37 +0100[diff] [blame]148
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]149 private static final int DEFAULT_REPEAT_DELAY = 20;
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]150 @Property(name = "statisticsGenerationPeriodInSeconds", intValue = DEFAULT_REPEAT_DELAY,
151 label = "AAA Statistics generation frequency in seconds")
152 private int statisticsGenerationPeriodInSeconds = DEFAULT_REPEAT_DELAY;
153
154 private static final int DEFAULT_OPERATIONAL_STATUS_SERVER_EVENT_GENERATION = 30;
155 @Property(name = "operationalStatusEventGenerationPeriodInSeconds",
156 intValue = DEFAULT_OPERATIONAL_STATUS_SERVER_EVENT_GENERATION, label = "AAA Radius Server Operational "
157 + "Status Frequency in seconds")
158 private int operationalStatusEventGenerationPeriodInSeconds = DEFAULT_OPERATIONAL_STATUS_SERVER_EVENT_GENERATION;
159
160 private static final int DEFAULT_OPERATIONAL_STATUS_SERVER_TIMEOUT = 10;
161 @Property(name = "operationalStatusServerTimeoutInSeconds",
162 intValue = DEFAULT_OPERATIONAL_STATUS_SERVER_TIMEOUT, label = "Maximum period(in Seconds) to "
163 + "wait for Status response from AAA Server ")
164 private int operationalStatusServerTimeoutInSeconds = DEFAULT_OPERATIONAL_STATUS_SERVER_TIMEOUT;
165
166 private static final String DEFAULT_STATUS_SERVER_MODE = "AUTO";
167 @Property(name = "operationalStatusEvaluationMode", value = DEFAULT_STATUS_SERVER_MODE,
168 label = "Evaluation mode for determining the Operational Status of Radius Server. Valid values are AUTO "
169 + "(default), STATUS_REQUEST and ACCESS_REQUEST")
170 protected String operationalStatusEvaluationMode = DEFAULT_STATUS_SERVER_MODE;
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]171
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]172 // NAS IP address
173 protected InetAddress nasIpAddress;
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]174
175 // self MAC address
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]176 protected String nasMacAddress;
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]177
178 // Parsed RADIUS server addresses
179 protected InetAddress radiusIpAddress;
180
181 // MAC address of RADIUS server or net hop router
182 protected String radiusMacAddress;
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]183
184 // RADIUS server secret
185 protected String radiusSecret;
186
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]187 // bindings
188 protected CustomizationInfo customInfo;
Ray Milkey5d99bd12015-10-06 15:41:30 -0700[diff] [blame]189
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]190 // our application-specific event handler
191 private ReactivePacketProcessor processor = new ReactivePacketProcessor();
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]192
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]193 // our unique identifier
194 private ApplicationId appId;
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]195
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]196 // TimeOut time for cleaning up stateMachines stuck due to pending AAA/EAPOL message.
197 protected int cleanupTimerTimeOutInMins;
198
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]199 // Setup specific customization/attributes on the RADIUS packets
200 PacketCustomizer pktCustomizer;
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]201
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]202 // packet customizer to use
203 private String customizer;
204
205 // Type of connection to use to communicate with Radius server, options are
206 // "socket" or "packet_out"
207 private String radiusConnectionType;
208
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]209 // Object for the specific type of communication with the RADIUS
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]210 // server, socket based or packet_out based
211 RadiusCommunicator impl = null;
212
213 // latest configuration
214 AaaConfig newCfg;
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]215
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]216 ScheduledFuture<?> scheduledFuture;
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]217 ScheduledFuture<?> scheduledStatusServerChecker;
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]218 ScheduledExecutorService executor;
219 String configuredAaaServerAddress;
220 HashSet<Byte> outPacketSet = new HashSet<Byte>();
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]221 HashSet<Byte> outPacketSupp = new HashSet<Byte>();
222 static final List<Byte> VALID_EAPOL_TYPE = Arrays.asList(EAPOL.EAPOL_START, EAPOL.EAPOL_LOGOFF, EAPOL.EAPOL_PACKET);
223 static final int HEADER_LENGTH = 4;
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]224 // Configuration properties factory
225 private final ConfigFactory factory =
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]226 new ConfigFactory<ApplicationId, AaaConfig>(APP_SUBJECT_FACTORY,
227 AaaConfig.class,
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]228 "AAA") {
229 @Override
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]230 public AaaConfig createConfig() {
231 return new AaaConfig();
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]232 }
233 };
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]234
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]235 // Listener for config changes
236 private final InternalConfigListener cfgListener = new InternalConfigListener();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]237
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]238 private StateMachineDelegate delegate = new InternalStateMachineDelegate();
239
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]240 /**
241 * Builds an EAPOL packet based on the given parameters.
242 *
243 * @param dstMac destination MAC address
244 * @param srcMac source MAC address
245 * @param vlan vlan identifier
246 * @param eapolType EAPOL type
247 * @param eap EAP payload
248 * @return Ethernet frame
249 */
250 private static Ethernet buildEapolResponse(MacAddress dstMac, MacAddress srcMac,
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]251 short vlan, byte eapolType, EAP eap, byte priorityCode) {
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]252
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]253 Ethernet eth = new Ethernet();
254 eth.setDestinationMACAddress(dstMac.toBytes());
255 eth.setSourceMACAddress(srcMac.toBytes());
256 eth.setEtherType(EthType.EtherType.EAPOL.ethType().toShort());
257 if (vlan != Ethernet.VLAN_UNTAGGED) {
258 eth.setVlanID(vlan);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]259 eth.setPriorityCode(priorityCode);
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]260 }
261 //eapol header
262 EAPOL eapol = new EAPOL();
263 eapol.setEapolType(eapolType);
264 eapol.setPacketLength(eap.getLength());
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]265
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]266 //eap part
267 eapol.setPayload(eap);
268
269 eth.setPayload(eapol);
270 eth.setPad(true);
271 return eth;
272 }
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]273
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]274 @Activate
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]275 public void activate(ComponentContext context) {
Charles Chandf7ff862017-01-20 11:22:05 -0800[diff] [blame]276 appId = coreService.registerApplication(APP_NAME);
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]277 eventDispatcher.addSink(AuthenticationEvent.class, listenerRegistry);
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]278 netCfgService.addListener(cfgListener);
279 netCfgService.registerConfigFactory(factory);
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]280 cfgService.registerProperties(getClass());
281 modified(context);
Gamze Abaka1cfdb192018-10-25 11:39:19 +0000[diff] [blame]282 subsService = sadisService.getSubscriberInfoService();
Deepa Vaddireddye0e10722017-09-27 05:00:10 +0530[diff] [blame]283 customInfo = new CustomizationInfo(subsService, deviceService);
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]284 cfgListener.reconfigureNetwork(netCfgService.getConfig(appId, AaaConfig.class));
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]285 log.info("Starting with config {} {}", this, newCfg);
Deepa Vaddireddye0e10722017-09-27 05:00:10 +0530[diff] [blame]286 configureRadiusCommunication();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]287 // register our event handler
Brian O'Connord9c7da02015-07-29 17:49:24 -0700[diff] [blame]288 packetService.addProcessor(processor, PacketProcessor.director(2));
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]289 StateMachine.initializeMaps();
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]290 StateMachine.setDelegate(delegate);
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]291 cleanupTimerTimeOutInMins = newCfg.sessionCleanupTimer();
292 StateMachine.setcleanupTimerTimeOutInMins(cleanupTimerTimeOutInMins);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]293 impl.initializeLocalState(newCfg);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]294 impl.requestIntercepts();
Amit Ghoshf739be52017-09-21 15:49:37 +0100[diff] [blame]295 deviceService.addListener(deviceListener);
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]296 getConfiguredAaaServerAddress();
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]297 radiusOperationalStatusService.initialize(nasIpAddress.getAddress(), radiusSecret, impl);
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]298 authenticationStatisticsPublisher =
299 new AuthenticationStatisticsEventPublisher();
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]300 executor = Executors.newScheduledThreadPool(3);
301
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]302 scheduledFuture = executor.scheduleAtFixedRate(authenticationStatisticsPublisher,
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]303 0, statisticsGenerationPeriodInSeconds, TimeUnit.SECONDS);
304 scheduledStatusServerChecker = executor.scheduleAtFixedRate(new ServerStatusChecker(), 0,
305 operationalStatusEventGenerationPeriodInSeconds, TimeUnit.SECONDS);
Amit Ghoshf739be52017-09-21 15:49:37 +0100[diff] [blame]306
Jian Li13c67162015-12-09 13:20:34 -0800[diff] [blame]307 log.info("Started");
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]308 }
309
310 @Deactivate
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]311 public void deactivate(ComponentContext context) {
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]312 impl.withdrawIntercepts();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]313 packetService.removeProcessor(processor);
Deepa Vaddireddyb9c24c62017-09-21 13:45:30 +0530[diff] [blame]314 netCfgService.removeListener(cfgListener);
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]315 cfgService.unregisterProperties(getClass(), false);
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]316 StateMachine.unsetDelegate(delegate);
Deepa Vaddireddye0e10722017-09-27 05:00:10 +0530[diff] [blame]317 StateMachine.destroyMaps();
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]318 impl.deactivate();
Amit Ghoshf739be52017-09-21 15:49:37 +0100[diff] [blame]319 deviceService.removeListener(deviceListener);
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]320 eventDispatcher.removeSink(AuthenticationEvent.class);
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]321 scheduledFuture.cancel(true);
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]322 scheduledStatusServerChecker.cancel(true);
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]323 executor.shutdown();
Jian Li13c67162015-12-09 13:20:34 -0800[diff] [blame]324 log.info("Stopped");
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]325 }
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]326 @Modified
327 public void modified(ComponentContext context) {
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]328 Dictionary<String, Object> properties = context.getProperties();
329 String s = Tools.get(properties, "statisticsGenerationPeriodInSeconds");
330 statisticsGenerationPeriodInSeconds = Strings.isNullOrEmpty(s) ? DEFAULT_REPEAT_DELAY
331 : Integer.parseInt(s.trim());
332
333 s = Tools.get(properties, "operationalStatusEventGenerationPeriodInSeconds");
334 operationalStatusEventGenerationPeriodInSeconds = Strings.isNullOrEmpty(s)
335 ? DEFAULT_OPERATIONAL_STATUS_SERVER_EVENT_GENERATION
336 : Integer.parseInt(s.trim());
337
338 s = Tools.get(properties, "operationalStatusServerTimeoutInSeconds");
339 operationalStatusServerTimeoutInSeconds = Strings.isNullOrEmpty(s) ? DEFAULT_OPERATIONAL_STATUS_SERVER_TIMEOUT
340 : Integer.parseInt(s.trim());
341
342 s = Tools.get(properties, "operationalStatusEvaluationMode");
343 String newEvaluationModeString = Strings.isNullOrEmpty(s) ? DEFAULT_STATUS_SERVER_MODE : s.trim();
344
345 radiusOperationalStatusService
346 .setOperationalStatusServerTimeoutInMillis(operationalStatusServerTimeoutInSeconds * 1000);
347 RadiusOperationalStatusEvaluationMode newEvaluationMode =
348 RadiusOperationalStatusEvaluationMode.getValue(newEvaluationModeString);
349 if (newEvaluationMode != null) {
350 radiusOperationalStatusService.setRadiusOperationalStatusEvaluationMode(newEvaluationMode);
351 operationalStatusEvaluationMode = newEvaluationModeString;
352 } else {
353 properties.put("operationalStatusEvaluationMode", operationalStatusEvaluationMode);
354 }
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]355 }
356
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]357 protected void configureRadiusCommunication() {
Deepa Vaddireddye0e10722017-09-27 05:00:10 +0530[diff] [blame]358 if (radiusConnectionType.toLowerCase().equals("socket")) {
359 impl = new SocketBasedRadiusCommunicator(appId, packetService, this);
360 } else {
361 impl = new PortBasedRadiusCommunicator(appId, packetService, mastershipService,
362 deviceService, subsService, pktCustomizer, this);
363 }
364 }
365
366 private void configurePacketCustomizer() {
367 switch (customizer.toLowerCase()) {
368 case "sample":
369 pktCustomizer = new SamplePacketCustomizer(customInfo);
370 log.info("Created SamplePacketCustomizer");
371 break;
Saurav Dase72358a2018-11-13 21:56:46 -0800[diff] [blame]372 case "att":
373 pktCustomizer = new AttPacketCustomizer(customInfo);
374 log.info("Created AttPacketCustomizer");
375 break;
Deepa Vaddireddye0e10722017-09-27 05:00:10 +0530[diff] [blame]376 default:
377 pktCustomizer = new PacketCustomizer(customInfo);
378 log.info("Created default PacketCustomizer");
379 break;
380 }
381 }
382
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]383 private void getConfiguredAaaServerAddress() {
384 try {
385 InetAddress address;
386 if (newCfg.radiusHostName() != null) {
387 address = InetAddress.getByName(newCfg.radiusHostName());
388 } else {
389 address = newCfg.radiusIp();
390 }
391
392 configuredAaaServerAddress = address.getHostAddress();
393 } catch (UnknownHostException uhe) {
394 log.warn("Unable to resolve host {}", newCfg.radiusHostName());
395 }
396 }
397
Vijaykumar Kushwaha056e4cd2019-08-06 13:16:25 +0000[diff] [blame]398 private void checkReceivedPacketForValidValidator(RADIUS radiusPacket, byte[] requestAuthenticator) {
399 if (!checkResponseMessageAuthenticator(radiusSecret, radiusPacket, requestAuthenticator)) {
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]400 aaaStatisticsManager.getAaaStats().increaseInvalidValidatorsRx();
401 }
402 }
Vijaykumar Kushwaha056e4cd2019-08-06 13:16:25 +0000[diff] [blame]403
404 private boolean checkResponseMessageAuthenticator(String key, RADIUS radiusPacket, byte[] requestAuthenticator) {
405 byte[] newHash = new byte[16];
406 Arrays.fill(newHash, (byte) 0);
407 byte[] messageAuthenticator = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_MESSAGE_AUTH).getValue();
408 byte[] authenticator = radiusPacket.getAuthenticator();
409 radiusPacket.updateAttribute(RADIUSAttribute.RADIUS_ATTR_MESSAGE_AUTH, newHash);
410 radiusPacket.setAuthenticator(requestAuthenticator);
411 // Calculate the MD5 HMAC based on the message
412 try {
413 SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), "HmacMD5");
414 Mac mac = Mac.getInstance("HmacMD5");
415 mac.init(keySpec);
416 newHash = mac.doFinal(radiusPacket.serialize());
417 } catch (Exception e) {
418 log.error("Failed to generate message authenticator: {}", e.getMessage());
419 }
420 radiusPacket.updateAttribute(RADIUSAttribute.RADIUS_ATTR_MESSAGE_AUTH, messageAuthenticator);
421 radiusPacket.setAuthenticator(authenticator);
422 // Compare the calculated Message-Authenticator with the one in the message
423 return Arrays.equals(newHash, messageAuthenticator);
424 }
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]425 public void checkForPacketFromUnknownServer(String hostAddress) {
426 if (!hostAddress.equals(configuredAaaServerAddress)) {
Vijaykumar Kushwahafffd3d12019-08-01 11:09:59 +0000[diff] [blame]427 getConfiguredAaaServerAddress();
428 if (!hostAddress.equals(configuredAaaServerAddress)) {
429 aaaStatisticsManager.getAaaStats().incrementUnknownServerRx();
430 }
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]431 }
432 }
433
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]434 /**
435 * Send RADIUS packet to the RADIUS server.
436 *
437 * @param radiusPacket RADIUS packet to be sent to server.
438 * @param inPkt Incoming EAPOL packet
439 */
440 protected void sendRadiusPacket(RADIUS radiusPacket, InboundPacket inPkt) {
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]441 outPacketSet.add(radiusPacket.getIdentifier());
442 aaaStatisticsManager.getAaaStats().increaseOrDecreasePendingRequests(true);
443 aaaStatisticsManager.getAaaStats().increaseAccessRequestsTx();
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]444 aaaStatisticsManager.putOutgoingIdentifierToMap(radiusPacket.getIdentifier());
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]445 impl.sendRadiusPacket(radiusPacket, inPkt);
446 }
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]447
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]448 /**
449 * For scheduling the timer required for cleaning up StateMachine
450 * when no response
451 * from RADIUS SERVER.
452 *
453 * @param sessionId SessionId of the current session
454 * @param stateMachine StateMachine for the id
455 */
456 public void scheduleStateMachineCleanupTimer(String sessionId, StateMachine stateMachine) {
457 StateMachine.CleanupTimerTask cleanupTask = stateMachine.new CleanupTimerTask(sessionId, this);
458 ScheduledFuture<?> cleanupTimer = executor.schedule(cleanupTask, cleanupTimerTimeOutInMins, TimeUnit.MINUTES);
459 stateMachine.setCleanupTimer(cleanupTimer);
460
461 }
462
463 /**
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]464 * Handles RADIUS packets.
465 *
466 * @param radiusPacket RADIUS packet coming from the RADIUS server.
467 * @throws StateMachineException if an illegal state transition is triggered
Jonathan Hart4731dd92018-05-02 17:30:05 -0700[diff] [blame]468 * @throws DeserializationException if packet deserialization fails
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]469 */
Jonathan Hart4731dd92018-05-02 17:30:05 -0700[diff] [blame]470 public void handleRadiusPacket(RADIUS radiusPacket)
471 throws StateMachineException, DeserializationException {
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]472 if (log.isTraceEnabled()) {
473 log.trace("Received RADIUS packet {}", radiusPacket);
474 }
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]475 if (radiusOperationalStatusService.isRadiusResponseForOperationalStatus(radiusPacket.getIdentifier())) {
476 radiusOperationalStatusService.handleRadiusPacketForOperationalStatus(radiusPacket);
477 return;
478 }
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]479 StateMachine stateMachine = StateMachine.lookupStateMachineById(radiusPacket.getIdentifier());
480 if (stateMachine == null) {
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]481 log.error("Invalid packet identifier {}, could not find corresponding "
482 + "state machine ... exiting", radiusPacket.getIdentifier());
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]483 aaaStatisticsManager.getAaaStats().incrementNumberOfSessionsExpired();
484 aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]485 return;
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]486 }
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]487
488 //instance of StateMachine using the sessionId for updating machine stats
489 StateMachine machineStats = StateMachine.lookupStateMachineBySessionId(stateMachine.sessionId());
490
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]491 EAP eapPayload;
492 Ethernet eth;
Vijaykumar Kushwaha056e4cd2019-08-06 13:16:25 +0000[diff] [blame]493 checkReceivedPacketForValidValidator(radiusPacket, stateMachine.requestAuthenticator());
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]494
495 //increasing packets and octets received from server
496 machineStats.incrementTotalPacketsReceived();
497 machineStats.incrementTotalOctetReceived(radiusPacket.decapsulateMessage().getLength());
498
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]499 if (outPacketSet.contains(radiusPacket.getIdentifier())) {
500 aaaStatisticsManager.getAaaStats().increaseOrDecreasePendingRequests(false);
501 outPacketSet.remove(new Byte(radiusPacket.getIdentifier()));
502 }
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]503 switch (radiusPacket.getCode()) {
504 case RADIUS.RADIUS_CODE_ACCESS_CHALLENGE:
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]505 log.debug("RADIUS packet: RADIUS_CODE_ACCESS_CHALLENGE");
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]506 RADIUSAttribute radiusAttrState = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_STATE);
507 byte[] challengeState = null;
508 if (radiusAttrState != null) {
509 challengeState = radiusAttrState.getValue();
510 }
511 eapPayload = radiusPacket.decapsulateMessage();
512 stateMachine.setChallengeInfo(eapPayload.getIdentifier(), challengeState);
513 eth = buildEapolResponse(stateMachine.supplicantAddress(),
514 MacAddress.valueOf(nasMacAddress),
515 stateMachine.vlanId(),
516 EAPOL.EAPOL_PACKET,
517 eapPayload, stateMachine.priorityCode());
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]518 log.debug("Send EAP challenge response to supplicant {}", stateMachine.supplicantAddress().toString());
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]519 sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), true);
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]520 aaaStatisticsManager.getAaaStats().increaseChallengeResponsesRx();
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]521 outPacketSupp.add(eapPayload.getIdentifier());
522 aaaStatisticsManager.getAaaStats().incrementPendingResSupp();
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]523 //increasing packets send to server
524 machineStats.incrementTotalPacketsSent();
525 machineStats.incrementTotalOctetSent(eapPayload.getLength());
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]526 break;
527 case RADIUS.RADIUS_CODE_ACCESS_ACCEPT:
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]528 log.debug("RADIUS packet: RADIUS_CODE_ACCESS_ACCEPT");
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]529 //send an EAPOL - Success to the supplicant.
530 byte[] eapMessageSuccess =
531 radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE).getValue();
Jonathan Hart4731dd92018-05-02 17:30:05 -0700[diff] [blame]532 eapPayload = EAP.deserializer().deserialize(
533 eapMessageSuccess, 0, eapMessageSuccess.length);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]534 eth = buildEapolResponse(stateMachine.supplicantAddress(),
535 MacAddress.valueOf(nasMacAddress),
536 stateMachine.vlanId(),
537 EAPOL.EAPOL_PACKET,
538 eapPayload, stateMachine.priorityCode());
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]539 log.info("Send EAP success message to supplicant {}", stateMachine.supplicantAddress().toString());
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]540 sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
541 aaaStatisticsManager.getAaaStats().incrementEapolAuthSuccessTrans();
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]542
543 stateMachine.authorizeAccess();
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]544 aaaStatisticsManager.getAaaStats().increaseAcceptResponsesRx();
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]545 //increasing packets send to server
546 machineStats.incrementTotalPacketsSent();
547 machineStats.incrementTotalOctetSent(eapPayload.getLength());
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]548 break;
549 case RADIUS.RADIUS_CODE_ACCESS_REJECT:
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]550 log.debug("RADIUS packet: RADIUS_CODE_ACCESS_REJECT");
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]551 //send an EAPOL - Failure to the supplicant.
552 byte[] eapMessageFailure;
553 eapPayload = new EAP();
554 RADIUSAttribute radiusAttrEap = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE);
555 if (radiusAttrEap == null) {
556 eapPayload.setCode(EAP.FAILURE);
557 eapPayload.setIdentifier(stateMachine.challengeIdentifier());
558 eapPayload.setLength(EAP.EAP_HDR_LEN_SUC_FAIL);
559 } else {
560 eapMessageFailure = radiusAttrEap.getValue();
Jonathan Hart4731dd92018-05-02 17:30:05 -0700[diff] [blame]561 eapPayload = EAP.deserializer().deserialize(
562 eapMessageFailure, 0, eapMessageFailure.length);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]563 }
564 eth = buildEapolResponse(stateMachine.supplicantAddress(),
565 MacAddress.valueOf(nasMacAddress),
566 stateMachine.vlanId(),
567 EAPOL.EAPOL_PACKET,
568 eapPayload, stateMachine.priorityCode());
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]569 log.warn("Send EAP failure message to supplicant {}", stateMachine.supplicantAddress().toString());
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]570 sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
571 aaaStatisticsManager.getAaaStats().incrementEapolauthFailureTrans();
572
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]573 stateMachine.denyAccess();
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]574 aaaStatisticsManager.getAaaStats().increaseRejectResponsesRx();
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]575 //increasing packets send to server
576 machineStats.incrementTotalPacketsSent();
577 machineStats.incrementTotalOctetSent(eapPayload.getLength());
578 //pushing machine stats to kafka
579 AaaSupplicantMachineStats machineObj = aaaSupplicantStatsManager.getSupplicantStats(machineStats);
580 aaaSupplicantStatsManager.getMachineStatsDelegate()
Sonal Kasliwal6f2246d2020-01-30 08:42:42 +0000[diff] [blame]581 .notify(new AaaMachineStatisticsEvent(
582 AaaMachineStatisticsEvent.Type.STATS_UPDATE, machineObj));
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]583 break;
584 default:
585 log.warn("Unknown RADIUS message received with code: {}", radiusPacket.getCode());
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]586 aaaStatisticsManager.getAaaStats().increaseUnknownTypeRx();
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]587 //increasing packets received to server
588 machineStats.incrementTotalPacketsReceived();
589 machineStats.incrementTotalOctetReceived(radiusPacket.decapsulateMessage().getLength());
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]590 }
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]591 aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
Aaron Kruglikovd39d99e2015-07-03 13:30:57 -0700[diff] [blame]592 }
593
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]594 /**
595 * Send the ethernet packet to the supplicant.
596 *
597 * @param ethernetPkt the ethernet packet
598 * @param connectPoint the connect point to send out
599 */
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]600 private void sendPacketToSupplicant(Ethernet ethernetPkt, ConnectPoint connectPoint, boolean isChallengeResponse) {
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]601 TrafficTreatment treatment = DefaultTrafficTreatment.builder().setOutput(connectPoint.port()).build();
602 OutboundPacket packet = new DefaultOutboundPacket(connectPoint.deviceId(),
603 treatment, ByteBuffer.wrap(ethernetPkt.serialize()));
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]604 EAPOL eap = ((EAPOL) ethernetPkt.getPayload());
605 EAP eapPkt = (EAP) eap.getPayload();
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]606 if (log.isTraceEnabled()) {
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]607 log.trace("Sending eapol payload {} enclosed in {} to supplicant at {}",
608 eap, ethernetPkt, connectPoint);
609 }
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]610 packetService.emit(packet);
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]611 if (isChallengeResponse) {
612 aaaStatisticsManager.getAaaStats().incrementEapPktTxauthEap();
613 }
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]614 aaaStatisticsManager.getAaaStats().incrementEapolFramesTx();
615 aaaStatisticsManager.getAaaStats().countReqEapFramesTx();
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]616 }
617
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]618 @Override
619 public String toString() {
620 return ToStringBuilder.reflectionToString(this);
621 }
622
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]623 // our handler defined as a private inner class
624
625 /**
626 * Packet processor responsible for forwarding packets along their paths.
627 */
628 private class ReactivePacketProcessor implements PacketProcessor {
629 @Override
630 public void process(PacketContext context) {
631
632 // Extract the original Ethernet frame from the packet information
633 InboundPacket pkt = context.inPacket();
634 Ethernet ethPkt = pkt.parsed();
635 if (ethPkt == null) {
636 return;
637 }
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]638
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]639 try {
640 // identify if incoming packet comes from supplicant (EAP) or RADIUS
641 switch (EthType.EtherType.lookup(ethPkt.getEtherType())) {
642 case EAPOL:
643 handleSupplicantPacket(context.inPacket());
644 break;
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]645 default:
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]646 // any other packets let the specific implementation handle
647 impl.handlePacketFromServer(context);
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]648 }
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]649 } catch (StateMachineException e) {
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]650 log.warn("Unable to process packet:", e);
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]651 }
652 }
653
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]654 /**
655 * Creates and initializes common fields of a RADIUS packet.
656 *
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]657 * @param stateMachine state machine for the request
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]658 * @param eapPacket EAP packet
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]659 * @return RADIUS packet
660 */
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]661 private RADIUS getRadiusPayload(StateMachine stateMachine, byte identifier, EAP eapPacket) {
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]662 RADIUS radiusPayload =
663 new RADIUS(RADIUS.RADIUS_CODE_ACCESS_REQUEST,
664 eapPacket.getIdentifier());
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]665
666 // set Request Authenticator in StateMachine
667 stateMachine.setRequestAuthenticator(radiusPayload.generateAuthCode());
668
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]669 radiusPayload.setIdentifier(identifier);
670 radiusPayload.setAttribute(RADIUSAttribute.RADIUS_ATTR_USERNAME,
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]671 stateMachine.username());
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]672
673 radiusPayload.setAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP,
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]674 AaaManager.this.nasIpAddress.getAddress());
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]675
676 radiusPayload.encapsulateMessage(eapPacket);
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]677
678 return radiusPayload;
679 }
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]680
681 /**
Jonathan Harta46dddf2015-06-30 15:31:20 -0700[diff] [blame]682 * Handles PAE packets (supplicant).
683 *
684 * @param inPacket Ethernet packet coming from the supplicant
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]685 */
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]686 private void handleSupplicantPacket(InboundPacket inPacket) throws StateMachineException {
Jonathan Harta46dddf2015-06-30 15:31:20 -0700[diff] [blame]687 Ethernet ethPkt = inPacket.parsed();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]688 // Where does it come from?
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]689 MacAddress srcMac = ethPkt.getSourceMAC();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]690
Jonathan Harta46dddf2015-06-30 15:31:20 -0700[diff] [blame]691 DeviceId deviceId = inPacket.receivedFrom().deviceId();
692 PortNumber portNumber = inPacket.receivedFrom().port();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]693 String sessionId = deviceId.toString() + portNumber.toString();
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]694 EAPOL eapol = (EAPOL) ethPkt.getPayload();
695 if (log.isTraceEnabled()) {
696 log.trace("Received EAPOL packet {} in enclosing packet {} from "
697 + "dev/port: {}/{}", eapol, ethPkt, deviceId,
698 portNumber);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]699 }
Jonathan Harta46dddf2015-06-30 15:31:20 -0700[diff] [blame]700
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]701 short pktlen = eapol.getPacketLength();
702 byte[] eapPayLoadBuffer = eapol.serialize();
703 int len = eapPayLoadBuffer.length;
704 if (len != (HEADER_LENGTH + pktlen)) {
705 aaaStatisticsManager.getAaaStats().incrementInvalidBodyLength();
706 return;
707 }
708 if (!VALID_EAPOL_TYPE.contains(eapol.getEapolType())) {
709 aaaStatisticsManager.getAaaStats().incrementInvalidPktType();
710 return;
711 }
712 if (pktlen >= 0 && ethPkt.getEtherType() == EthType.EtherType.EAPOL.ethType().toShort()) {
713 aaaStatisticsManager.getAaaStats().incrementValidEapolFramesRx();
714 }
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]715 StateMachine stateMachine = StateMachine.lookupStateMachineBySessionId(sessionId);
716 if (stateMachine == null) {
717 log.debug("Creating new state machine for sessionId: {} for "
718 + "dev/port: {}/{}", sessionId, deviceId, portNumber);
719 stateMachine = new StateMachine(sessionId);
720 } else {
721 log.debug("Using existing state-machine for sessionId: {}", sessionId);
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]722 stateMachine.setEapolTypeVal(eapol.getEapolType());
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]723 }
724
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]725 switch (eapol.getEapolType()) {
726 case EAPOL.EAPOL_START:
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]727 log.debug("EAP packet: EAPOL_START");
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]728 stateMachine.setSupplicantConnectpoint(inPacket.receivedFrom());
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]729 if (stateMachine.getCleanupTimer() == null) {
730 scheduleStateMachineCleanupTimer(sessionId, stateMachine);
731 }
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]732 stateMachine.start();
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]733 aaaStatisticsManager.getAaaStats().incrementEapolStartReqTrans();
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]734 //send an EAP Request/Identify to the supplicant
735 EAP eapPayload = new EAP(EAP.REQUEST, stateMachine.identifier(), EAP.ATTR_IDENTITY, null);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]736 if (ethPkt.getVlanID() != Ethernet.VLAN_UNTAGGED) {
737 stateMachine.setPriorityCode(ethPkt.getPriorityCode());
738 }
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]739 Ethernet eth = buildEapolResponse(srcMac, MacAddress.valueOf(nasMacAddress),
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]740 ethPkt.getVlanID(), EAPOL.EAPOL_PACKET,
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]741 eapPayload, stateMachine.priorityCode());
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]742
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]743 stateMachine.setSupplicantAddress(srcMac);
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]744 stateMachine.setVlanId(ethPkt.getVlanID());
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]745 log.debug("Getting EAP identity from supplicant {}", stateMachine.supplicantAddress().toString());
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]746 sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]747 aaaStatisticsManager.getAaaStats().incrementRequestIdFramesTx();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]748
749 break;
Qianqian Hub55a1ac2015-12-23 20:44:48 +0800[diff] [blame]750 case EAPOL.EAPOL_LOGOFF:
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]751 log.debug("EAP packet: EAPOL_LOGOFF");
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]752 //posting the machine stat data for current supplicant device.
753 if (stateMachine.getSessionTerminateReason() == null ||
754 stateMachine.getSessionTerminateReason().equals("")) {
755 stateMachine.setSessionTerminateReason(
756 StateMachine.SessionTerminationReasons.SUPPLICANT_LOGOFF.getReason());
757 }
758 AaaSupplicantMachineStats obj = aaaSupplicantStatsManager.getSupplicantStats(stateMachine);
759 aaaSupplicantStatsManager.getMachineStatsDelegate()
Sonal Kasliwal6f2246d2020-01-30 08:42:42 +0000[diff] [blame]760 .notify(new AaaMachineStatisticsEvent(
761 AaaMachineStatisticsEvent.Type.STATS_UPDATE, obj));
Ray Milkeyb34b4962016-01-04 10:24:43 -0800[diff] [blame]762 if (stateMachine.state() == StateMachine.STATE_AUTHORIZED) {
763 stateMachine.logoff();
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]764 aaaStatisticsManager.getAaaStats().incrementEapolLogoffRx();
Qianqian Hub55a1ac2015-12-23 20:44:48 +0800[diff] [blame]765 }
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]766 if (stateMachine.state() == StateMachine.STATE_IDLE) {
767 aaaStatisticsManager.getAaaStats().incrementAuthStateIdle();
768 }
Qianqian Hub55a1ac2015-12-23 20:44:48 +0800[diff] [blame]769
770 break;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]771 case EAPOL.EAPOL_PACKET:
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]772 RADIUS radiusPayload;
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]773 // check if this is a Response/Identify or a Response/TLS
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]774 EAP eapPacket = (EAP) eapol.getPayload();
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]775 Byte identifier = new Byte(eapPacket.getIdentifier());
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]776
777 byte dataType = eapPacket.getDataType();
778 switch (dataType) {
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]779
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]780 case EAP.ATTR_IDENTITY:
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]781 log.debug("EAP packet: EAPOL_PACKET ATTR_IDENTITY");
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]782 //Setting the time of this response from RG, only when its not a re-transmission.
783 if (stateMachine.getLastPacketReceivedTime() == 0) {
784 stateMachine.setLastPacketReceivedTime(System.currentTimeMillis());
785 }
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]786 // request id access to RADIUS
787 stateMachine.setUsername(eapPacket.getData());
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]788
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]789 radiusPayload = getRadiusPayload(stateMachine, stateMachine.identifier(), eapPacket);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]790 radiusPayload = pktCustomizer.customizePacket(radiusPayload, inPacket);
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]791 radiusPayload.addMessageAuthenticator(AaaManager.this.radiusSecret);
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]792
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]793 sendRadiusPacket(radiusPayload, inPacket);
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]794 stateMachine.setWaitingForRadiusResponse(true);
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]795 aaaStatisticsManager.getAaaStats().incrementEapolAtrrIdentity();
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]796 // change the state to "PENDING"
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]797 if (stateMachine.state() == StateMachine.STATE_PENDING) {
798 aaaStatisticsManager.getAaaStats().increaseRequestReTx();
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]799 stateMachine.incrementTotalPacketsSent();
800 stateMachine.incrementTotalOctetSent(eapol.getPacketLength());
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]801 }
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]802 stateMachine.requestAccess();
803 break;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]804 case EAP.ATTR_MD5:
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]805 stateMachine.setLastPacketReceivedTime(System.currentTimeMillis());
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]806 log.debug("EAP packet: EAPOL_PACKET ATTR_MD5");
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]807 // verify if the EAP identifier corresponds to the
808 // challenge identifier from the client state
809 // machine.
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]810 if (eapPacket.getIdentifier() == stateMachine.challengeIdentifier()) {
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]811 //send the RADIUS challenge response
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]812 radiusPayload =
813 getRadiusPayload(stateMachine,
814 stateMachine.identifier(),
815 eapPacket);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]816 radiusPayload = pktCustomizer.customizePacket(radiusPayload, inPacket);
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]817
Qianqian Hub55a1ac2015-12-23 20:44:48 +0800[diff] [blame]818 if (stateMachine.challengeState() != null) {
819 radiusPayload.setAttribute(RADIUSAttribute.RADIUS_ATTR_STATE,
820 stateMachine.challengeState());
821 }
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]822 radiusPayload.addMessageAuthenticator(AaaManager.this.radiusSecret);
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]823 if (outPacketSupp.contains(eapPacket.getIdentifier())) {
824 aaaStatisticsManager.getAaaStats().decrementPendingResSupp();
825 outPacketSupp.remove(identifier);
826 }
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]827 sendRadiusPacket(radiusPayload, inPacket);
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]828 stateMachine.setWaitingForRadiusResponse(true);
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]829 aaaStatisticsManager.getAaaStats().incrementEapolMd5RspChall();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]830 }
831 break;
832 case EAP.ATTR_TLS:
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]833 log.debug("EAP packet: EAPOL_PACKET ATTR_TLS");
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]834 // request id access to RADIUS
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]835 radiusPayload = getRadiusPayload(stateMachine, stateMachine.identifier(), eapPacket);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]836 radiusPayload = pktCustomizer.customizePacket(radiusPayload, inPacket);
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]837
Qianqian Hub55a1ac2015-12-23 20:44:48 +0800[diff] [blame]838 if (stateMachine.challengeState() != null) {
839 radiusPayload.setAttribute(RADIUSAttribute.RADIUS_ATTR_STATE,
840 stateMachine.challengeState());
841 }
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]842 stateMachine.setRequestAuthenticator(radiusPayload.generateAuthCode());
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]843
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]844 radiusPayload.addMessageAuthenticator(AaaManager.this.radiusSecret);
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]845 if (outPacketSupp.contains(eapPacket.getIdentifier())) {
846 aaaStatisticsManager.getAaaStats().decrementPendingResSupp();
847 outPacketSupp.remove(identifier);
848 }
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]849 sendRadiusPacket(radiusPayload, inPacket);
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]850 stateMachine.setWaitingForRadiusResponse(true);
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]851 aaaStatisticsManager.getAaaStats().incrementEapolTlsRespChall();
Ray Milkey5493b512015-10-21 12:13:49 -0700[diff] [blame]852
Ray Milkeyf3790b82015-10-21 16:28:08 -0700[diff] [blame]853 if (stateMachine.state() != StateMachine.STATE_PENDING) {
854 stateMachine.requestAccess();
855 }
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]856
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]857 break;
858 default:
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]859 log.warn("Unknown EAP packet type");
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]860 return;
861 }
862 break;
863 default:
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]864 log.debug("Skipping EAPOL message {}", eapol.getEapolType());
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]865 }
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]866 aaaStatisticsManager.getAaaStats().countTransRespNotNak();
867 aaaStatisticsManager.getAaaStats().countEapolResIdentityMsgTrans();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]868 }
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]869 }
870
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]871 /**
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]872 * Delegate allowing the StateMachine to notify us of events.
873 */
874 private class InternalStateMachineDelegate implements StateMachineDelegate {
875
876 @Override
877 public void notify(AuthenticationEvent authenticationEvent) {
878 log.info("Auth event {} for {}",
879 authenticationEvent.type(), authenticationEvent.subject());
880 post(authenticationEvent);
881 }
882 }
883
884 /**
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]885 * Configuration Listener, handles change in configuration.
886 */
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]887 private class InternalConfigListener implements NetworkConfigListener {
888
889 /**
Ray Milkeyc9e8dcc2015-12-30 10:31:32 -0800[diff] [blame]890 * Reconfigures the AAA application according to the
891 * configuration parameters passed.
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]892 *
893 * @param cfg configuration object
894 */
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]895 private void reconfigureNetwork(AaaConfig cfg) {
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]896 log.info("Reconfiguring AaaConfig from config: {}", cfg);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]897
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]898 if (cfg == null) {
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]899 newCfg = new AaaConfig();
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]900 } else {
901 newCfg = cfg;
902 }
903 if (newCfg.nasIp() != null) {
904 nasIpAddress = newCfg.nasIp();
905 }
906 if (newCfg.radiusIp() != null) {
907 radiusIpAddress = newCfg.radiusIp();
908 }
909 if (newCfg.radiusMac() != null) {
910 radiusMacAddress = newCfg.radiusMac();
911 }
912 if (newCfg.nasMac() != null) {
913 nasMacAddress = newCfg.nasMac();
914 }
915 if (newCfg.radiusSecret() != null) {
916 radiusSecret = newCfg.radiusSecret();
917 }
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]918
Deepa Vaddireddye0e10722017-09-27 05:00:10 +0530[diff] [blame]919 boolean reconfigureCustomizer = false;
920 if (customizer == null || !customizer.equals(newCfg.radiusPktCustomizer())) {
921 customizer = newCfg.radiusPktCustomizer();
922 configurePacketCustomizer();
923 reconfigureCustomizer = true;
924 }
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]925
Deepa Vaddireddye0e10722017-09-27 05:00:10 +0530[diff] [blame]926 if (radiusConnectionType == null
927 || reconfigureCustomizer
928 || !radiusConnectionType.equals(newCfg.radiusConnectionType())) {
929 radiusConnectionType = newCfg.radiusConnectionType();
930 if (impl != null) {
931 impl.withdrawIntercepts();
932 impl.clearLocalState();
933 }
934 configureRadiusCommunication();
935 impl.initializeLocalState(newCfg);
936 impl.requestIntercepts();
937 } else if (impl != null) {
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]938 impl.clearLocalState();
939 impl.initializeLocalState(newCfg);
Ray Milkey5d99bd12015-10-06 15:41:30 -0700[diff] [blame]940 }
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]941 }
942
943 @Override
944 public void event(NetworkConfigEvent event) {
945
946 if ((event.type() == NetworkConfigEvent.Type.CONFIG_ADDED ||
947 event.type() == NetworkConfigEvent.Type.CONFIG_UPDATED) &&
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]948 event.configClass().equals(AaaConfig.class)) {
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]949
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]950 AaaConfig cfg = netCfgService.getConfig(appId, AaaConfig.class);
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]951 reconfigureNetwork(cfg);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]952
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]953 log.info("Reconfigured: {}", cfg.toString());
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]954 }
955 }
956 }
Amit Ghoshf739be52017-09-21 15:49:37 +0100[diff] [blame]957
958 private class InternalDeviceListener implements DeviceListener {
959 @Override
960 public void event(DeviceEvent event) {
961
Girish Kumar9f4d5a22020-02-14 13:07:16 +0000[diff] [blame]962 switch (event.type()) {
963 case PORT_REMOVED:
964 DeviceId devId = event.subject().id();
965 PortNumber portNumber = event.port().number();
966 String sessionId = devId.toString() + portNumber.toString();
Amit Ghoshf739be52017-09-21 15:49:37 +0100[diff] [blame]967
Girish Kumar9f4d5a22020-02-14 13:07:16 +0000[diff] [blame]968 log.debug("Received PORT_REMOVED event. Clearing AAA Session with Id {}", sessionId);
969 flushStateMachineSession(sessionId,
970 StateMachine.SessionTerminationReasons.PORT_REMOVED.getReason());
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]971
Girish Kumar9f4d5a22020-02-14 13:07:16 +0000[diff] [blame]972 break;
Girish Kumar8bc4eb32020-02-04 08:32:46 +0000[diff] [blame]973
Girish Kumar9f4d5a22020-02-14 13:07:16 +0000[diff] [blame]974 case DEVICE_REMOVED:
975 DeviceId deviceId = event.subject().id();
976 log.debug("Received DEVICE_REMOVED event for {}", deviceId);
Girish Kumar8bc4eb32020-02-04 08:32:46 +0000[diff] [blame]977
Girish Kumar9f4d5a22020-02-14 13:07:16 +0000[diff] [blame]978 Set<String> associatedSessions = Sets.newHashSet();
979 for (Entry<String, StateMachine> stateMachineEntry : StateMachine.sessionIdMap().entrySet()) {
980 ConnectPoint cp = stateMachineEntry.getValue().supplicantConnectpoint();
981 if (cp != null && cp.deviceId().toString().equals(deviceId.toString())) {
982 associatedSessions.add(stateMachineEntry.getKey());
983 }
984 }
Girish Kumar8bc4eb32020-02-04 08:32:46 +0000[diff] [blame]985
Girish Kumar9f4d5a22020-02-14 13:07:16 +0000[diff] [blame]986 for (String session : associatedSessions) {
987 log.debug("Clearing AAA Session {} associated with Removed Device", session);
988 flushStateMachineSession(session,
989 StateMachine.SessionTerminationReasons.DEVICE_REMOVED.getReason());
990 }
Amit Ghoshf739be52017-09-21 15:49:37 +0100[diff] [blame]991
Girish Kumar9f4d5a22020-02-14 13:07:16 +0000[diff] [blame]992 break;
Girish Kumar8bc4eb32020-02-04 08:32:46 +0000[diff] [blame]993
Girish Kumar9f4d5a22020-02-14 13:07:16 +0000[diff] [blame]994 default:
995 return;
996 }
Amit Ghoshf739be52017-09-21 15:49:37 +0100[diff] [blame]997 }
Girish Kumar8bc4eb32020-02-04 08:32:46 +0000[diff] [blame]998
999 private void flushStateMachineSession(String sessionId, String terminationReason) {
1000 StateMachine stateMachine = StateMachine.lookupStateMachineBySessionId(sessionId);
Girish Kumar9f4d5a22020-02-14 13:07:16 +0000[diff] [blame]1001 if (stateMachine == null) {
1002 // No active AAA sessions for this UNI port
1003 log.debug("No Active AAA Session found with Id {}", sessionId);
1004 return;
Girish Kumar8bc4eb32020-02-04 08:32:46 +0000[diff] [blame]1005 }
1006
Girish Kumar9f4d5a22020-02-14 13:07:16 +0000[diff] [blame]1007 stateMachine.setSessionTerminateReason(terminationReason);
1008
Girish Kumar8bc4eb32020-02-04 08:32:46 +0000[diff] [blame]1009 //pushing captured machine stats to kafka
1010 AaaSupplicantMachineStats obj = aaaSupplicantStatsManager.getSupplicantStats(stateMachine);
1011 aaaSupplicantStatsManager.getMachineStatsDelegate()
1012 .notify(new AaaMachineStatisticsEvent(AaaMachineStatisticsEvent.Type.STATS_UPDATE, obj));
1013
1014 Map<String, StateMachine> sessionIdMap = StateMachine.sessionIdMap();
1015 StateMachine removed = sessionIdMap.remove(sessionId);
1016 if (removed != null) {
1017 StateMachine.deleteStateMachineMapping(removed);
1018 }
1019 }
Amit Ghoshf739be52017-09-21 15:49:37 +0100[diff] [blame]1020 }
Girish Kumar8bc4eb32020-02-04 08:32:46 +0000[diff] [blame]1021
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]1022 private class AuthenticationStatisticsEventPublisher implements Runnable {
1023 private final Logger log = getLogger(getClass());
1024 public void run() {
1025 log.info("Notifying AuthenticationStatisticsEvent");
1026 aaaStatisticsManager.calculatePacketRoundtripTime();
1027 log.debug("AcceptResponsesRx---" + aaaStatisticsManager.getAaaStats().getAcceptResponsesRx());
1028 log.debug("AccessRequestsTx---" + aaaStatisticsManager.getAaaStats().getAccessRequestsTx());
1029 log.debug("ChallengeResponsesRx---" + aaaStatisticsManager.getAaaStats().getChallengeResponsesRx());
1030 log.debug("DroppedResponsesRx---" + aaaStatisticsManager.getAaaStats().getDroppedResponsesRx());
1031 log.debug("InvalidValidatorsRx---" + aaaStatisticsManager.getAaaStats().getInvalidValidatorsRx());
1032 log.debug("MalformedResponsesRx---" + aaaStatisticsManager.getAaaStats().getMalformedResponsesRx());
1033 log.debug("PendingRequests---" + aaaStatisticsManager.getAaaStats().getPendingRequests());
1034 log.debug("RejectResponsesRx---" + aaaStatisticsManager.getAaaStats().getRejectResponsesRx());
1035 log.debug("RequestReTx---" + aaaStatisticsManager.getAaaStats().getRequestReTx());
1036 log.debug("RequestRttMilis---" + aaaStatisticsManager.getAaaStats().getRequestRttMilis());
1037 log.debug("UnknownServerRx---" + aaaStatisticsManager.getAaaStats().getUnknownServerRx());
1038 log.debug("UnknownTypeRx---" + aaaStatisticsManager.getAaaStats().getUnknownTypeRx());
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]1039 log.debug("TimedOutPackets----" + aaaStatisticsManager.getAaaStats().getTimedOutPackets());
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]1040 log.debug("EapolLogoffRx---" + aaaStatisticsManager.getAaaStats().getEapolLogoffRx());
1041 log.debug("EapolAuthSuccessTrans---" + aaaStatisticsManager.getAaaStats().getEapolAuthSuccessTrans());
1042 log.debug("EapolAuthFailureTrans---" +
1043 aaaStatisticsManager.getAaaStats().getEapolAuthFailureTrans());
1044 log.debug("EapolStartReqTrans---" +
1045 aaaStatisticsManager.getAaaStats().getEapolStartReqTrans());
1046 log.debug("EapolTransRespNotNak---" +
1047 aaaStatisticsManager.getAaaStats().getEapolTransRespNotNak());
1048 log.debug("EapPktTxauthChooseEap---" +
1049 aaaStatisticsManager.getAaaStats().getEapPktTxauthChooseEap());
1050 log.debug("EapolResIdentityMsgTrans---" +
1051 aaaStatisticsManager.getAaaStats().getEapolResIdentityMsgTrans());
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]1052 log.debug("EapolFramesTx---" + aaaStatisticsManager.getAaaStats().getEapolFramesTx());
1053 log.debug("AuthStateIdle---" + aaaStatisticsManager.getAaaStats().getAuthStateIdle());
1054 log.debug("RequestIdFramesTx---" + aaaStatisticsManager.getAaaStats().getRequestIdFramesTx());
1055 log.debug("ReqEapFramesTx---" + aaaStatisticsManager.getAaaStats().getReqEapFramesTx());
1056 log.debug("InvalidPktType---" + aaaStatisticsManager.getAaaStats().getInvalidPktType());
1057 log.debug("InvalidBodyLength---" + aaaStatisticsManager.getAaaStats().getInvalidBodyLength());
1058 log.debug("ValidEapolFramesRx---" + aaaStatisticsManager.getAaaStats().getValidEapolFramesRx());
1059 log.debug("PendingResSupp---" + aaaStatisticsManager.getAaaStats().getPendingResSupp());
1060 log.debug("ResIdEapFramesRx---" + aaaStatisticsManager.getAaaStats().getEapolattrIdentity());
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]1061 aaaStatisticsManager.getStatsDelegate().
1062 notify(new AuthenticationStatisticsEvent(AuthenticationStatisticsEvent.Type.STATS_UPDATE,
1063 aaaStatisticsManager.getAaaStats()));
1064 }
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]1065 }
1066
1067 private class ServerStatusChecker implements Runnable {
1068 @Override
1069 public void run() {
1070 log.info("Notifying RadiusOperationalStatusEvent");
1071 radiusOperationalStatusService.checkServerOperationalStatus();
1072 log.info("--POSTING--" + radiusOperationalStatusService.getRadiusServerOperationalStatus());
1073 radiusOperationalStatusService.getRadiusOprStDelegate()
1074 .notify(new RadiusOperationalStatusEvent(
1075 RadiusOperationalStatusEvent.Type.RADIUS_OPERATIONAL_STATUS,
1076 radiusOperationalStatusService.
1077 getRadiusServerOperationalStatus()));
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]1078 }
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]1079
1080 }
Girish Kumar8bc4eb32020-02-04 08:32:46 +0000[diff] [blame]1081}