Actions
Bug #1618
closed
Captive portal: Invalid AVP value in Radius accounting packet
Start date:
06/24/2011
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:
Description
Hello,
Using captive portal, with Radius authentication and accounting enabled, my server (tinyradius java lib) complains about malformed attribute value.
So, I launched Wireshark, and it seems there is effectivly a wrong attribute value. (I am no a Radius expert).
In accounting STOP packet, The NAS-Port attribute is of type Integer, and, as such should be of length=6 and in fact is of l=3, which is incorrect.
Frame 451: 232 bytes on wire (1856 bits), 232 bytes captured (1856 bits)
Ethernet II, Src: Vmware_d2:01:b6 (00:0c:29:d2:01:b6), Dst: Dell_68:e6:04 (b8:ac:6f:68:e6:04)
Internet Protocol, Src: 192.168.0.140 (192.168.0.140), Dst: 192.168.0.5 (192.168.0.5)
User Datagram Protocol, Src Port: 22796 (22796), Dst Port: radius-acct (1813)
Radius Protocol
Code: Accounting-Request (4)
Packet identifier: 0xf1 (241)
Length: 190
Authenticator: 6ac936e7ef0288e6fb62c89f9ef25ac6
[The response to this request is in frame 452]
Attribute Value Pairs
AVP: l=6 t=NAS-IP-Address(4): 192.168.0.140
AVP: l=21 t=NAS-Identifier(32): pfSense.localdomain
AVP: l=4 t=User-Name(1): sa
AVP: l=6 t=Acct-Status-Type(40): Stop(2)
AVP: l=6 t=Acct-Session-Time(46): 43
AVP: l=6 t=Acct-Authentic(45): RADIUS(1)
AVP: l=6 t=Service-Type(6): Login(1)
AVP: l=6 t=NAS-Port-Type(61): Ethernet(15)
AVP:[l=3] t=NAS-Port(5): 51
NAS-Port: 51
AVP: l=18 t=Acct-Session-Id(44): b7cafc4004ed6345
AVP: l=6 t=Framed-IP-Address(Cool: 192.168.20.128
AVP: l=15 t=Called-Station-Id(30): 192.168.0.140
AVP: l=19 t=Calling-Station-Id(31): 00:0c:29:b7:fc:c9
AVP: l=6 t=Acct-Input-Packets(47): 5
AVP: l=6 t=Acct-Input-Octets(42): 701
AVP: l=6 t=Acct-Input-Gigawords(52): 0
AVP: l=6 t=Acct-Output-Packets(48): 4
AVP: l=6 t=Acct-Output-Octets(43): 951
AVP: l=6 t=Acct-Output-Gigawords(53): 0
AVP: l=6 t=Acct-Session-Time(46): 43
AVP: l=6 t=Acct-Terminate-Cause(49): NAS-Request(10)
Corresponding hexa dump:
0070 06 00 00 00 01 3d 06 00 00 00 0f[05 03 33]2c 12 .....=.. .....3,.
In all other packet types, this attribute is encoded properly, such as in Accounting START packet:
Frame 119: 181 bytes on wire (1448 bits), 181 bytes captured (1448 bits)
Ethernet II, Src: Vmware_d2:01:b6 (00:0c:29:d2:01:b6), Dst: Dell_68:e6:04 (b8:ac:6f:68:e6:04)
Internet Protocol, Src: 192.168.0.140 (192.168.0.140), Dst: 192.168.0.5 (192.168.0.5)
User Datagram Protocol, Src Port: 56404 (56404), Dst Port: radius-acct (1813)
Radius Protocol
Code: Accounting-Request (4)
Packet identifier: 0xf6 (246)
Length: 139
Authenticator: fb7f69fee8eebf252e73122c10af4c0f
[The response to this request is in frame 120]
Attribute Value Pairs
AVP: l=6 t=NAS-IP-Address(4): 192.168.0.140
AVP: l=21 t=NAS-Identifier(32): pfSense.localdomain
AVP: l=4 t=User-Name(1): sa
AVP: l=6 t=Acct-Status-Type(40): Start(1)
AVP: l=6 t=Acct-Authentic(45): RADIUS(1)
AVP: l=6 t=Service-Type(6): Login(1)
AVP: l=6 t=NAS-Port-Type(61): Ethernet(15)
AVP:[l=6] t=NAS-Port(5): 3
NAS-Port: 3
AVP: l=18 t=Acct-Session-Id(44): b7cafc4004ed6345
AVP: l=6 t=Framed-IP-Address(Cool: 192.168.20.128
AVP: l=15 t=Called-Station-Id(30): 192.168.0.140
AVP: l=19 t=Calling-Station-Id(31): 00:0c:29:b7:fc:c9
0070 06 00 00 00 0f[05 06 00 00 00 03]2c 12 62 37 63 ........ ...,.b7c
Updated by 
Updated by Ermal Luçi
Actions