Added support for RADIUS Change of Authorization messages

Defined in RFC 5176

diff --git a/print-radius.c b/print-radius.c
index 0dc3c102a4b17e03387d159e4de983b02940150f..b8f81e9cdc54857b23ba24fcc2ccd9a580114325 100644 (file)
--- a/print-radius.c
+++ b/print-radius.c
@@ -40,6 +40,9 @@
  * RFC 4675:
  *      "RADIUS Attributes for Virtual LAN and Priority Support"
  *
+ * RFC 5176:
+ *      "Dynamic Authorization Extensions to RADIUS"
+ *
  * Alfredo Andres Omella ([email protected]) v0.1 2000/09/15
  *
  * TODO: Among other things to print ok MacIntosh and Vendor values
@@ -81,6 +84,12 @@ static const char tstr[] = " [|radius]";
 #define RADCMD_ACCESS_CHA  11 /* Access-Challenge    */
 #define RADCMD_STATUS_SER  12 /* Status-Server       */
 #define RADCMD_STATUS_CLI  13 /* Status-Client       */
+#define RADCMD_DISCON_REQ  40 /* Disconnect-Request  */
+#define RADCMD_DISCON_ACK  41 /* Disconnect-ACK      */
+#define RADCMD_DISCON_NAK  42 /* Disconnect-NAK      */
+#define RADCMD_COA_REQ     43 /* CoA-Request         */
+#define RADCMD_COA_ACK     44 /* CoA-ACK             */
+#define RADCMD_COA_NAK     45 /* CoA-NAK             */
 #define RADCMD_RESERVED   255 /* Reserved            */
 
 static const struct tok radius_command_values[] = {
@@ -92,6 +101,12 @@ static const struct tok radius_command_values[] = {
     { RADCMD_ACCESS_CHA, "Access Challenge" },
     { RADCMD_STATUS_SER, "Status Server" },
     { RADCMD_STATUS_CLI, "Status Client" },
+    { RADCMD_DISCON_REQ, "Disconnect Request" },
+    { RADCMD_DISCON_ACK, "Disconnect ACK" },
+    { RADCMD_DISCON_NAK, "Disconnect NAK" },
+    { RADCMD_COA_REQ,    "Change of Authorization Request" },
+    { RADCMD_COA_ACK,    "Change of Authorization ACK" },
+    { RADCMD_COA_NAK,    "Change of Authorization NAK" },
     { RADCMD_RESERVED,   "Reserved" },
     { 0, NULL}
 };

diff --git a/print-udp.c b/print-udp.c
index 54d050c29d739f231ff0416ad04e8d249777ed9e..605cd3c7ca8e01f8005bb2cf8f5c5d93f89791c2 100644 (file)
--- a/print-udp.c
+++ b/print-udp.c
@@ -635,7 +635,8 @@ udp_print(netdissect_options *ndo, register const u_char *bp, u_int length,
                else if (ISPORT(RADIUS_PORT) ||
                         ISPORT(RADIUS_NEW_PORT) ||
                         ISPORT(RADIUS_ACCOUNTING_PORT) ||
-                        ISPORT(RADIUS_NEW_ACCOUNTING_PORT) )
+                        ISPORT(RADIUS_NEW_ACCOUNTING_PORT) ||
+                        ISPORT(RADIUS_COA_PORT) )
                        radius_print(ndo, (const u_char *)(up+1), length);
                else if (dport == HSRP_PORT)
                        hsrp_print(ndo, (const u_char *)(up + 1), length);

diff --git a/tests/RADIUS-RFC5176.pcap b/tests/RADIUS-RFC5176.pcap
new file mode 100644 (file)
index 0000000..132b6e4
Binary files /dev/null and b/tests/RADIUS-RFC5176.pcap differ

diff --git a/tests/TESTLIST b/tests/TESTLIST
index 79a56ecdc25c1909680b66ede67a781627ce2dd8..55841851fd07d9d30a60d51cc9b4f2f7b9e47742 100644 (file)
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -232,6 +232,7 @@ decnet              DECnet_Phone.pcap       decnet.out      -t
 # RADIUS tests
 radius-v       RADIUS.pcap     radius-v.out    -t -v
 radius-rfc4675 RADIUS-RFC4675.pcap     radius-rfc4675-v.out    -t -v
+radius-rfc5176 RADIUS-RFC5176.pcap     radius-rfc5176-v.out    -t -v
 
 # link-level protocols
 dtp-v          DTP.pcap                dtp-v.out               -t -v

diff --git a/tests/radius-rfc5176-v.out b/tests/radius-rfc5176-v.out
new file mode 100644 (file)
index 0000000..33695cd
--- /dev/null
+++ b/tests/radius-rfc5176-v.out
@@ -0,0 +1,24 @@
+IP (tos 0x0, ttl 4, id 29161, offset 0, flags [none], proto UDP (17), length 66)
+    10.0.0.10.12345 > 10.0.0.1.3799: RADIUS, length: 38
+       Disconnect Request (40), id: 0x01, Authenticator: e1792d2b4ab349f1a4c0fcc733d091c1
+         Message Authentication Attribute (80), length: 18, Value: XQ=f(G..sJ0.....
+IP (tos 0x0, ttl 4, id 18682, offset 0, flags [none], proto UDP (17), length 66)
+    10.0.0.1.3799 > 10.0.0.10.12345: RADIUS, length: 38
+       Disconnect ACK (41), id: 0x02, Authenticator: 3bc9c343f689990756b96c583a56890a
+         Message Authentication Attribute (80), length: 18, Value: .O........iC,'}.
+IP (tos 0x0, ttl 4, id 22542, offset 0, flags [none], proto UDP (17), length 66)
+    10.0.0.1.3799 > 10.0.0.10.12345: RADIUS, length: 38
+       Disconnect NAK (42), id: 0x03, Authenticator: d867c308c9c43112b3a669a0e8c0ab8c
+         Message Authentication Attribute (80), length: 18, Value: ...p.I...(."....
+IP (tos 0x0, ttl 4, id 16413, offset 0, flags [none], proto UDP (17), length 66)
+    10.0.0.10.12345 > 10.0.0.1.3799: RADIUS, length: 38
+       Change of Authorization Request (43), id: 0x04, Authenticator: 5f18309be67cd6150fe4c3a0b93536c9
+         Message Authentication Attribute (80), length: 18, Value: '..6|.F..._...[.
+IP (tos 0x0, ttl 4, id 170, offset 0, flags [none], proto UDP (17), length 66)
+    10.0.0.1.3799 > 10.0.0.10.12345: RADIUS, length: 38
+       Change of Authorization ACK (44), id: 0x05, Authenticator: 55ab6cb78aa161d692753fa9130c5019
+         Message Authentication Attribute (80), length: 18, Value: .........+.x...s
+IP (tos 0x0, ttl 4, id 29645, offset 0, flags [none], proto UDP (17), length 66)
+    10.0.0.1.3799 > 10.0.0.10.12345: RADIUS, length: 38
+       Change of Authorization NAK (45), id: 0x06, Authenticator: 40f21bdee27a87a5d757a30bfed62f28
+         Message Authentication Attribute (80), length: 18, Value: .%y.....x...&j..

diff --git a/udp.h b/udp.h
index 5aec6948abbf91c1734d039077fd7a2f431ff0d1..1df7e646a8c74cb396ad4eb9c492e3e46bb5f56d 100644 (file)
--- a/udp.h
+++ b/udp.h
@@ -74,6 +74,7 @@ struct udphdr {
 #define RADIUS_NEW_PORT 1812
 #define RADIUS_ACCOUNTING_PORT 1646
 #define RADIUS_NEW_ACCOUNTING_PORT 1813
+#define RADIUS_COA_PORT 3799
 #define HSRP_PORT 1985         /*XXX*/
 #define LMP_PORT                701 /* rfc4204 */
 #define LWRES_PORT             921