(RADIATOR) 16bit VSA's in Radiator?

Mike McCauley mikem at open.com.au
Wed Jan 31 15:40:24 CST 2007


Hello Frank,

Thanks for the patch.
Its astounding a vendor could not only not comply with the RFC, but do it 
different to everybody else who is not compliant with the RFC! Sigh.

We have applied your patch and and issued a new patch set.
Thanks again.

On Thursday 01 February 2007 04:43, Frank Danielson wrote:
> I poked around a bit in the Radius.pm code and found that it is bailing out
> during the VSA decode when encountering an invalid length value. A small
> patch to use 16bit lengths for the VSA type and length fixed it right up.
>
> Here's a diff of the patched code made to Radius.pm version 3.15. If I had
> more time and ambition I think it would be possible to check to see if the
> length using 16bit values makes sense when the length is incorrect using
> 8bit values. This would allow proper decoding of any VSA using 16bit
> lengths for the type and length instead of hard coded per vendor configs.
> As an interesting note, FreeRadius handles this quite elegantly by defining
> that the parameters are 16 bits in the dictionary.
>
> diff /usr/lib/perl5/site_perl/5.8.5/Radius/Radius.pm
> /usr/lib/perl5/site_perl/5.8.5/Radius/Radius.pm.bak
>
> 918,924d917
> <                 elsif ($vendor == 8164)
> <                 {
> <                     # Silly Starent VSA format, 16 bit VS
> attribute/length <                     ($type, $vlength, $value)
> <                         = unpack "x x x x x x n n a${\($length-10)}",
> <                                  $attrdat;
> <                 }
>
> Frank Danielson
> Infrastructure Architect
>
> ClearSky Mobile Media
> 56 E. Pine St.
> Orlando, FL 32801
> USA
>
> fdanielson at csky.com
>
> -----Original Message-----
> From: Dave Kitabjian [mailto:dave at netcarrier.com]
> Sent: Wednesday, January 31, 2007 12:35 PM
> To: Frank Danielson; radiator at open.com.au
> Subject: RE: (RADIATOR) 16bit VSA's in Radiator?
>
>
> I haven't looked in the code, but it's a bit curious that Radiator shows
> exactly 50 attributes... Perhaps there's some static array limit in
> Radiator that you need to raise?
>
> Dave
>
> > -----Original Message-----
> > From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]
>
> On
>
> > Behalf Of Frank Danielson
> > Sent: Wednesday, January 31, 2007 10:09 AM
> > To: radiator at open.com.au
> > Subject: (RADIATOR) 16bit VSA's in Radiator?
> >
> > We've recently started receiving some accounting data from a Starent
>
> PDSN
>
> > that uses VSA's with 16bit legths instead of 8 bit lengths. I'm not
>
> sure
>
> > how
> > Radiator handles those or if it is related to the problem I am having.
> >
> > For some reason Radiator is unable to decode the complete incoming
> > accouning
> > packet and it appears to give up partway through the packet. In
>
> particular
>
> > I
> > need to get the Framed-IP-Address which is near the end of the packet
> > which
> > I can see in a tcpdump of the packet but Radiator is not decoding it.
> >
> > Here is an accounting request as logged by Radiator with level 4
>
> logging
>
> > and
> > a decode of the same request using Ethereal. The source and
>
> destination Ip
>
> > addresses and phone numbers have been obscured. You can see that the
>
> last
>
> > 9
> > attributes are not decoded by Radiator but are present in the request.
> > Also
> > interesting is that Radiator decodes some of the Starent VSA's as
> > attribute
> > number 0, 129, and 48 which are not in the Starent dictionary I have
>
> so I
>
> > put in dummy dictionary entries.
> >
> > Trace 4 radius.log -
> >
> > Wed Jan 31 14:47:49 2007: WARNING: Malformed request packet: Vendor
>
> 8164
>
> > Attribute 0 with length 1: ignored
> > Wed Jan 31 14:47:49 2007: DEBUG: Packet dump:
> > *** Received from aa.bbb.cc.ddd port 1814 ....
> > Code:       Accounting-Request
> > Identifier: 189
> > Authentic:  u<180>k<195>:R<197>wN<172><183><3><174><255><150><17>
> > Attributes:
> >         User-Name = "5558974471"
> >         Calling-Station-Id = "000005558974471"
> >         NAS-IP-Address = 10.0.0.1
> >         Acct-Status-Type = Start
> >         Acct-Session-Id = "12ZAzC4R"
> >         3GPP2-Correlation-Id = "12ZAzC4Q"
> >         3GPP2-S-Key = <0><0><0><0>
> >         3GPP2-PCF-Address = 10.0.1.4
> >         3GPP2-S-Lifetime = 9
> >         3GPP2-S-Request = 9
> >         3GPP2-Airlink-QOS = 5
> >         3GPP2-Service-Option = 33
> >         3GPP2-Forward-Type = Secondary
> >         3GPP2-Reverse-Type = Secondary
> >         3GPP2-Frame-Size = none
> >         3GPP2-Forward-Fundamental-RC = 3
> >         3GPP2-Reverse-Fundamental-RC = 3
> >         3GPP2-Num-Active = 0
> >         3GPP2-Mobile-Indicator = 2
> >         3GPP2-R-P-Session-ID = 1988
> >         3GPP2-Airlink-Sequence-Number = 1
> >         3GPP2-BSID = "155500011442"
> >         3GPP2-ESN = ""'<29>l"
> >         NAS-Port-Type = Wireless-Other
> >         3GPP2-Frame-Format = none
> >         3GPP2-SDB-Input-Octets = 0
> >         3GPP2-Num-SDB-Input = 0
> >         3GPP2-SDB-Output-Octets = 0
> >         3GPP2-Num-SDB-Output = 0
> >         Service-Type = Framed-User
> >         Framed-Protocol = PPP
> >         Event-Timestamp = 1170254869
> >         Acct-Authentic = RADIUS
> >         Starent-Dummy-Attr-0 = "<0><8><10><0><0><154>"
> >         Starent-Dummy-Attr-0 = "<0><8>@"
> >         Starent-Dummy-Attr-129 = "<243>"
> >         Starent-Dummy-Attr-0 = "<0><8>@<129>"
> >         Starent-Dummy-Attr-48 = ""
> >         Starent-Dummy-Attr-0 = "<0><8>"
> >         Starent-Dummy-Attr-0 = "<0><8>"
> >         3GPP2-Always-On = 0
> >         Framed-MTU = 1500
> >         Framed-Compression = Van-Jacobson-TCP-IP
> >         Starent-Dummy-Attr-0 = "<0><8>"
> >         Starent-Dummy-Attr-0 = "<0><8>"
> >         Starent-Dummy-Attr-0 = "<0><8>"
> >         3GPP2-IP-QOS = BestEffort
> >         Starent-Dummy-Attr-0 = ""
> >         Starent-Dummy-Attr-0 = "dest"
> >         Starent-Dummy-Attr-0 = "<0><8>"
> >
> > Wed Jan 31 14:47:49 2007: DEBUG: Handling request with Handler ''
> > Wed Jan 31 14:47:49 2007: DEBUG: Handling with Radius::AuthRADIUS
> > Wed Jan 31 14:47:49 2007: INFO: Empty string attribute
>
> Starent-Dummy-Attr-
>
> > 48
> > will be ignored
> > Wed Jan 31 14:47:49 2007: INFO: Empty string attribute
>
> Starent-Dummy-Attr-
>
> > 0
> > will be ignored
> >
> >
> > tcpdump decoded in Ethereal-
> >
> > No.     Time                       Source                Destination
> > Protocol Info
> >       9 2007-01-31 09:47:49.542135 aaa.bbb.ccc.ddd
>
> aaa.bbb.ccc.ddd
>
> > RADIUS   Accounting Request(4) (id=189, l=664)
> >
> > Frame 9 (706 bytes on wire, 706 bytes captured)
> > Ethernet II, Src: 00:e0:b6:01:24:64, Dst: 00:17:a4:3c:81:c2
> > Internet Protocol, Src Addr: aa.bbb.cc.ddd (aa.bbb.cc.ddd), Dst Addr:
> > aa.bbb.cc.ddd (aa.bbb.cc.ddd)
> > User Datagram Protocol, Src Port: 1814 (1814), Dst Port: radacct
>
> (1813)
>
> > Radius Protocol
> >     Code: Accounting Request (4)
> >     Packet identifier: 0xbd (189)
> >     Length: 664
> >     Authenticator: 0x75B46BC33A52C5774EACB703AEFF9611
> >     Attribute value pairs
> >         t:User Name(1) l:12, Value:"5558974471"
> >         t:Calling Station Id(31) l:17, Value:"000005558974471"
> >         t:NAS IP Address(4) l:6, Value:10.0.0.154
> >         t:Acct Status Type(40) l:6, Value:Start(1)
> >         t:Acct Session Id(44) l:10, Value:"12ZAzC4R"
> >         t:Vendor Specific(26) l:16, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:20, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:NAS Port Type(61) l:6, Value:Wireless Other(18)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Service Type(6) l:6, Value:Framed(2)
> >         t:Framed Protocol(7) l:6, Value:PPP(1)
> >         t:Event Timestamp(55) l:6, Value:1170254869 (Jan 31, 2007
> > 09:47:49)
> >         t:Acct Authentic(45) l:6, Value:Radius(1)
> >         t:Vendor Specific(26) l:14, Vendor:Undefined(8164)
> >         t:Vendor Specific(26) l:14, Vendor:Undefined(8164)
> >         t:Vendor Specific(26) l:14, Vendor:Undefined(8164)
> >         t:Vendor Specific(26) l:14, Vendor:Undefined(8164)
> >         t:Vendor Specific(26) l:14, Vendor:Undefined(8164)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Framed MTU(12) l:6, Value:1500
> >         t:Framed Compression(13) l:6, Value:VJ TCP/IP Header
> > Compression(1)
> >         t:Vendor Specific(26) l:14, Vendor:Undefined(8164)
> >         t:Vendor Specific(26) l:14, Vendor:Undefined(8164)
> >         t:Vendor Specific(26) l:14, Vendor:Undefined(8164)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:14, Vendor:Undefined(8164)
> >         t:Vendor Specific(26) l:14, Vendor:Undefined(8164)
> >         t:Vendor Specific(26) l:14, Vendor:Undefined(8164)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Vendor Specific(26) l:12, Vendor:3rd Generation Partnership
> > Project 2 (3GPP2)(5535)
> >         t:Framed IP Address(8) l:6, Value:64.129.49.150
> >         t:Framed IP Netmask(9) l:6, Value:255.255.255.255
> >         t:Vendor Specific(26) l:14, Vendor:Undefined(8164)
> >         t:NAS Port(5) l:6, Value:37673
> >         t:Proxy State(33) l:5, Value:313638
> >
> > 0000  00 17 a4 3c 81 c2 00 e0 b6 01 24 64 08 00 45 00
>
> ...<......$d..E.
>
> > 0010  02 b4 f6 f8 40 00 f2 11 67 d4 00 00 00 00 00 00
>
> .... at ...g.......
>
> > 0020  00 00 07 16 07 15 02 a0 2a 1d 04 bd 02 98 75 b4
>
> ........*.....u.
>
> > 0030  6b c3 3a 52 c5 77 4e ac b7 03 ae ff 96 11 01 0c
>
> k.:R.wN.........
>
> > 0040  35 35 35 38 39 37 34 34 37 31 1f 11 30 30 30 30
>
> 5558974471..0000
>
> > 0050  30 35 35 35 38 39 37 34 34 37 31 04 06 0a 00 00
>
> 05558974471.....
>
> > 0060  9a 28 06 00 00 00 01 2c 0a 31 32 5a 41 7a 43 34
>
> .(.....,.12ZAzC4
>
> > 0070  52 1a 10 00 00 15 9f 2c 0a 31 32 5a 41 7a 43 34
>
> R......,.12ZAzC4
>
> > 0080  51 1a 0c 00 00 15 9f 0b 06 00 00 00 00 1a 0c 00
>
> Q...............
>
> > 0090  00 15 9f 09 06 0a 00 01 04 1a 0c 00 00 15 9f 0c
>
> ................
>
> > 00a0  06 00 00 00 09 1a 0c 00 00 15 9f 0d 06 00 00 00
>
> ................
>
> > 00b0  09 1a 0c 00 00 15 9f 27 06 00 00 00 05 1a 0c 00
>
> .......'........
>
> > 00c0  00 15 9f 10 06 00 00 00 21 1a 0c 00 00 15 9f 11
>
> ........!.......
>
> > 00d0  06 00 00 00 01 1a 0c 00 00 15 9f 12 06 00 00 00
>
> ................
>
> > 00e0  01 1a 0c 00 00 15 9f 13 06 00 00 00 00 1a 0c 00
>
> ................
>
> > 00f0  00 15 9f 14 06 00 00 00 03 1a 0c 00 00 15 9f 15
>
> ................
>
> > 0100  06 00 00 00 03 1a 0c 00 00 15 9f 1e 06 00 00 00
>
> ................
>
> > 0110  00 1a 0c 00 00 15 9f 28 06 00 00 00 02 1a 0c 00
>
> .......(........
>
> > 0120  00 15 9f 29 06 00 00 07 c4 1a 0c 00 00 15 9f 2a
>
> ...)...........*
>
> > 0130  06 00 00 00 01 1a 14 00 00 15 9f 0a 0e 31 35 35
>
> .............155
>
> > 0140  35 30 30 30 31 31 34 34 32 1a 0c 00 00 15 9f 34
>
> 500011442......4
>
> > 0150  06 22 27 1d 6c 3d 06 00 00 00 12 1a 0c 00 00 15
>
> ."'.l=..........
>
> > 0160  9f 32 06 00 00 00 00 1a 0c 00 00 15 9f 1f 06 00
>
> .2..............
>
> > 0170  00 00 00 1a 0c 00 00 15 9f 21 06 00 00 00 00 1a
>
> .........!......
>
> > 0180  0c 00 00 15 9f 20 06 00 00 00 00 1a 0c 00 00 15   .....
>
> ..........
>
> > 0190  9f 22 06 00 00 00 00 06 06 00 00 00 02 07 06 00
>
> ."..............
>
> > 01a0  00 00 01 37 06 45 c0 ac 15 2d 06 00 00 00 01 1a
>
> ...7.E...-......
>
> > 01b0  0e 00 00 1f e4 00 0d 00 08 0a 00 00 9a 1a 0e 00
>
> ................
>
> > 01c0  00 1f e4 00 05 00 08 40 81 30 f3 1a 0e 00 00 1f
>
> ....... at .0......
>
> > 01d0  e4 00 06 00 08 40 81 30 f4 1a 0e 00 00 1f e4 00
>
> ..... at .0........
>
> > 01e0  94 00 08 00 00 00 00 1a 0e 00 00 1f e4 00 95 00
>
> ................
>
> > 01f0  08 00 00 00 00 1a 0c 00 00 15 9f 4e 06 00 00 00
>
> ...........N....
>
> > 0200  00 0c 06 00 00 05 dc 0d 06 00 00 00 01 1a 0e 00
>
> ................
>
> > 0210  00 1f e4 00 96 00 08 00 00 00 00 1a 0e 00 00 1f
>
> ................
>
> > 0220  e4 00 09 00 08 00 00 00 00 1a 0e 00 00 1f e4 00
>
> ................
>
> > 0230  13 00 08 00 00 00 00 1a 0c 00 00 15 9f 24 06 00
>
> .............$..
>
> > 0240  00 00 00 1a 0e 00 00 1f e4 00 02 00 08 64 65 73
>
> .............des
>
> > 0250  74 1a 0e 00 00 1f e4 00 34 00 08 00 00 00 00 1a
>
> t.......4.......
>
> > 0260  0e 00 00 1f e4 00 01 00 08 00 00 00 03 1a 0c 00
>
> ................
>
> > 0270  00 15 9f 16 06 00 00 00 01 1a 0c 00 00 15 9f 17
>
> ................
>
> > 0280  06 00 00 00 00 1a 0c 00 00 15 9f 2b 06 00 00 00
>
> ...........+....
>
> > 0290  00 1a 0c 00 00 15 9f 33 06 00 00 00 01 08 06 40
>
> .......3.......@
>
> > 02a0  81 31 96 09 06 ff ff ff ff 1a 0e 00 00 1f e4 00
>
> .1..............
>
> > 02b0  18 00 08 00 00 00 01 05 06 00 00 93 29 21 05 31
>
> ............)!.1
>
> > 02c0  36 38                                             68
> >
> > Frank Danielson
> > Infrastructure Architect
> >
> > ClearSky Mobile Media
> > 56 E. Pine St.
> > Orlando, FL 32801
> > USA
> >
> > fdanielson at csky.com
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list