Bug #1618: Captive portal: Invalid AVP value in Radius accounting packet - pfSense - pfSense bugtracker

Actions

Copy link

Bug #1618

closed

Captive portal: Invalid AVP value in Radius accounting packet

Added by Serge ALEXANDRE over 13 years ago. Updated over 13 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Captive Portal

Target version:

2.0

Start date:

06/24/2011

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.0

Affected Architecture:

Description

Hello,

Using captive portal, with Radius authentication and accounting enabled, my server (tinyradius java lib) complains about malformed attribute value.
So, I launched Wireshark, and it seems there is effectivly a wrong attribute value. (I am no a Radius expert).
In accounting STOP packet, The NAS-Port attribute is of type Integer, and, as such should be of length=6 and in fact is of l=3, which is incorrect.

Frame 451: 232 bytes on wire (1856 bits), 232 bytes captured (1856 bits)
Ethernet II, Src: Vmware_d2:01:b6 (00:0c:29:d2:01:b6), Dst: Dell_68:e6:04 (b8:ac:6f:68:e6:04)
Internet Protocol, Src: 192.168.0.140 (192.168.0.140), Dst: 192.168.0.5 (192.168.0.5)
User Datagram Protocol, Src Port: 22796 (22796), Dst Port: radius-acct (1813)
Radius Protocol
    Code: Accounting-Request (4)
    Packet identifier: 0xf1 (241)
    Length: 190
    Authenticator: 6ac936e7ef0288e6fb62c89f9ef25ac6
    [The response to this request is in frame 452]
    Attribute Value Pairs
        AVP: l=6  t=NAS-IP-Address(4): 192.168.0.140
        AVP: l=21  t=NAS-Identifier(32): pfSense.localdomain
        AVP: l=4  t=User-Name(1): sa
        AVP: l=6  t=Acct-Status-Type(40): Stop(2)
        AVP: l=6  t=Acct-Session-Time(46): 43
        AVP: l=6  t=Acct-Authentic(45): RADIUS(1)
        AVP: l=6  t=Service-Type(6): Login(1)
        AVP: l=6  t=NAS-Port-Type(61): Ethernet(15)
        AVP:[l=3]  t=NAS-Port(5): 51
            NAS-Port: 51
        AVP: l=18  t=Acct-Session-Id(44): b7cafc4004ed6345
        AVP: l=6  t=Framed-IP-Address(Cool: 192.168.20.128
        AVP: l=15  t=Called-Station-Id(30): 192.168.0.140
        AVP: l=19  t=Calling-Station-Id(31): 00:0c:29:b7:fc:c9
        AVP: l=6  t=Acct-Input-Packets(47): 5
        AVP: l=6  t=Acct-Input-Octets(42): 701
        AVP: l=6  t=Acct-Input-Gigawords(52): 0
        AVP: l=6  t=Acct-Output-Packets(48): 4
        AVP: l=6  t=Acct-Output-Octets(43): 951
        AVP: l=6  t=Acct-Output-Gigawords(53): 0
        AVP: l=6  t=Acct-Session-Time(46): 43
        AVP: l=6  t=Acct-Terminate-Cause(49): NAS-Request(10)

Corresponding hexa dump:

0070  06 00 00 00 01 3d 06 00  00 00 0f[05 03 33]2c 12   .....=.. .....3,.

In all other packet types, this attribute is encoded properly, such as in Accounting START packet:

Frame 119: 181 bytes on wire (1448 bits), 181 bytes captured (1448 bits)
Ethernet II, Src: Vmware_d2:01:b6 (00:0c:29:d2:01:b6), Dst: Dell_68:e6:04 (b8:ac:6f:68:e6:04)
Internet Protocol, Src: 192.168.0.140 (192.168.0.140), Dst: 192.168.0.5 (192.168.0.5)
User Datagram Protocol, Src Port: 56404 (56404), Dst Port: radius-acct (1813)
Radius Protocol
    Code: Accounting-Request (4)
    Packet identifier: 0xf6 (246)
    Length: 139
    Authenticator: fb7f69fee8eebf252e73122c10af4c0f
    [The response to this request is in frame 120]
    Attribute Value Pairs
        AVP: l=6  t=NAS-IP-Address(4): 192.168.0.140
        AVP: l=21  t=NAS-Identifier(32): pfSense.localdomain
        AVP: l=4  t=User-Name(1): sa
        AVP: l=6  t=Acct-Status-Type(40): Start(1)
        AVP: l=6  t=Acct-Authentic(45): RADIUS(1)
        AVP: l=6  t=Service-Type(6): Login(1)
        AVP: l=6  t=NAS-Port-Type(61): Ethernet(15)
        AVP:[l=6]  t=NAS-Port(5): 3
            NAS-Port: 3
        AVP: l=18  t=Acct-Session-Id(44): b7cafc4004ed6345
        AVP: l=6  t=Framed-IP-Address(Cool: 192.168.20.128
        AVP: l=15  t=Called-Station-Id(30): 192.168.0.140
        AVP: l=19  t=Calling-Station-Id(31): 00:0c:29:b7:fc:c9

0070  06 00 00 00 0f[05 06 00  00 00 03]2c 12 62 37 63   ........ ...,.b7c

Actions

Copy link

Updated by Chris Buechler over 13 years ago

Project changed from pfSense Packages to pfSense

Actions

Copy link

Updated by Chris Buechler over 13 years ago

Category set to Captive Portal
Target version set to 2.0
Affected Version set to 2.0

Actions

Copy link

Updated by Ermal Luçi over 13 years ago

Status changed from New to Feedback

This should be fixed in latest snapshots.

Actions

Copy link

Updated by Ermal Luçi over 13 years ago

% Done changed from 0 to 100

Applied in changeset e6bd231242cb43ad7e8fca8635d6adcb17f38186.

Actions

Copy link

Updated by Ermal Luçi over 13 years ago

Applied in changeset b451691f08e5615158b04c767bc6c7cb876bc913.

Actions

Copy link

Updated by Chris Buechler over 13 years ago

Serge: can you confirm this fix please?

Actions

Copy link

Updated by Chris Buechler over 13 years ago

Status changed from Feedback to Resolved

confirmed fixed

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #1618

Captive portal: Invalid AVP value in Radius accounting packet

Updated by Chris Buechler over 13 years ago

Updated by Chris Buechler over 13 years ago

Updated by Ermal Luçi over 13 years ago

Updated by Ermal Luçi over 13 years ago

Updated by Ermal Luçi over 13 years ago

Updated by Chris Buechler over 13 years ago

Updated by Chris Buechler over 13 years ago