Added RADIUS attribute from RFC5176/RFC5580
Error Cause (101)
diff --git a/print-radius.c b/print-radius.c
index e33d4b2..71f3f10 100644
--- a/print-radius.c
+++ b/print-radius.c
@@ -56,6 +56,9 @@
* RFC 5176:
* "Dynamic Authorization Extensions to RADIUS"
*
+ * RFC 5580:
+ * "Carrying Location Objects in RADIUS and Diameter"
+ *
* RFC 7155:
* "Diameter Network Access Server Application"
*
@@ -163,6 +166,8 @@
#define TUNNEL_CLIENT_AUTH 90
#define TUNNEL_SERVER_AUTH 91
+
+#define ERROR_CAUSE 101
/********************************/
/* End Radius Attribute types */
/********************************/
@@ -382,6 +387,47 @@
"Echo",
};
+/* Error-Cause standard values */
+#define ERROR_CAUSE_RESIDUAL_CONTEXT_REMOVED 201
+#define ERROR_CAUSE_INVALID_EAP_PACKET 202
+#define ERROR_CAUSE_UNSUPPORTED_ATTRIBUTE 401
+#define ERROR_CAUSE_MISSING_ATTRIBUTE 402
+#define ERROR_CAUSE_NAS_IDENTIFICATION_MISMATCH 403
+#define ERROR_CAUSE_INVALID_REQUEST 404
+#define ERROR_CAUSE_UNSUPPORTED_SERVICE 405
+#define ERROR_CAUSE_UNSUPPORTED_EXTENSION 406
+#define ERROR_CAUSE_INVALID_ATTRIBUTE_VALUE 407
+#define ERROR_CAUSE_ADMINISTRATIVELY_PROHIBITED 501
+#define ERROR_CAUSE_PROXY_REQUEST_NOT_ROUTABLE 502
+#define ERROR_CAUSE_SESSION_CONTEXT_NOT_FOUND 503
+#define ERROR_CAUSE_SESSION_CONTEXT_NOT_REMOVABLE 504
+#define ERROR_CAUSE_PROXY_PROCESSING_ERROR 505
+#define ERROR_CAUSE_RESOURCES_UNAVAILABLE 506
+#define ERROR_CAUSE_REQUEST_INITIATED 507
+#define ERROR_CAUSE_MULTIPLE_SESSION_SELECTION_UNSUPPORTED 508
+#define ERROR_CAUSE_LOCATION_INFO_REQUIRED 509
+static const struct tok errorcausetype[] = {
+ { ERROR_CAUSE_RESIDUAL_CONTEXT_REMOVED, "Residual Session Context Removed" },
+ { ERROR_CAUSE_INVALID_EAP_PACKET, "Invalid EAP Packet (Ignored)" },
+ { ERROR_CAUSE_UNSUPPORTED_ATTRIBUTE, "Unsupported Attribute" },
+ { ERROR_CAUSE_MISSING_ATTRIBUTE, "Missing Attribute" },
+ { ERROR_CAUSE_NAS_IDENTIFICATION_MISMATCH, "NAS Identification Mismatch" },
+ { ERROR_CAUSE_INVALID_REQUEST, "Invalid Request" },
+ { ERROR_CAUSE_UNSUPPORTED_SERVICE, "Unsupported Service" },
+ { ERROR_CAUSE_UNSUPPORTED_EXTENSION, "Unsupported Extension" },
+ { ERROR_CAUSE_INVALID_ATTRIBUTE_VALUE, "Invalid Attribute Value" },
+ { ERROR_CAUSE_ADMINISTRATIVELY_PROHIBITED, "Administratively Prohibited" },
+ { ERROR_CAUSE_PROXY_REQUEST_NOT_ROUTABLE, "Request Not Routable (Proxy)" },
+ { ERROR_CAUSE_SESSION_CONTEXT_NOT_FOUND, "Session Context Not Found" },
+ { ERROR_CAUSE_SESSION_CONTEXT_NOT_REMOVABLE, "Session Context Not Removable" },
+ { ERROR_CAUSE_PROXY_PROCESSING_ERROR, "Other Proxy Processing Error" },
+ { ERROR_CAUSE_RESOURCES_UNAVAILABLE, "Resources Unavailable" },
+ { ERROR_CAUSE_REQUEST_INITIATED, "Request Initiated" },
+ { ERROR_CAUSE_MULTIPLE_SESSION_SELECTION_UNSUPPORTED, "Multiple Session Selection Unsupported" },
+ { ERROR_CAUSE_LOCATION_INFO_REQUIRED, "Location Info Required" },
+ { 0, NULL }
+ };
+
static struct attrtype {
const char *name; /* Attribute name */
@@ -491,7 +537,8 @@
{ "Framed-IPv6-Prefix", NULL, 0, 0, print_attr_netmask6 },
{ "Login-IPv6-Host", NULL, 0, 0, print_attr_address6 },
{ "Framed-IPv6-Route", NULL, 0, 0, print_attr_string },
- { "Framed-IPv6-Pool", NULL, 0, 0, print_attr_string }
+ { "Framed-IPv6-Pool", NULL, 0, 0, print_attr_string },
+ { "Error-Cause", NULL, 0, 0, print_attr_strange }
};
@@ -893,6 +940,7 @@
register const u_char *data, u_int length, u_short attr_code)
{
u_short len_data;
+ u_int error_cause_value;
switch(attr_code)
{
@@ -952,6 +1000,18 @@
len_data = 8;
PRINT_HEX(len_data, data);
break;
+
+ case ERROR_CAUSE:
+ if (length != 4)
+ {
+ ND_PRINT((ndo, "Error: length %u != 4", length));
+ return;
+ }
+ ND_TCHECK2(data[0],4);
+
+ error_cause_value = EXTRACT_32BITS(data);
+ ND_PRINT((ndo, "Error cause %u: %s", error_cause_value, tok2str(errorcausetype, "Error-Cause %u not known", error_cause_value)));
+ break;
}
return;
diff --git a/tests/RADIUS-RFC5176-2.pcap b/tests/RADIUS-RFC5176-2.pcap
new file mode 100644
index 0000000..9c2a455
--- /dev/null
+++ b/tests/RADIUS-RFC5176-2.pcap
Binary files differ
diff --git a/tests/TESTLIST b/tests/TESTLIST
index 41b09df..2268728 100644
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -279,6 +279,7 @@
radius-rfc4675 RADIUS-RFC4675.pcap radius-rfc4675-v.out -v
radius-rfc5176 RADIUS-RFC5176.pcap radius-rfc5176-v.out -v
radius-port1700 RADIUS-port1700.pcap radius-port1700-v.out -v
+radius-rfc5176-2 RADIUS-RFC5176-2.pcap radius-rfc5176-2-v.out -v
# link-level protocols
dtp-v DTP.pcap dtp-v.out -v
diff --git a/tests/radius-rfc5176-2-v.out b/tests/radius-rfc5176-2-v.out
new file mode 100644
index 0000000..cebbffc
--- /dev/null
+++ b/tests/radius-rfc5176-2-v.out
@@ -0,0 +1,7 @@
+IP (tos 0x0, ttl 64, id 41789, offset 0, flags [none], proto UDP (17), length 83)
+ 127.0.0.1.43124 > 127.0.0.1.1812: RADIUS, length: 55
+ Access-Request (1), id: 0xc8, Authenticator: bc6e7022445e359835692c8c121c1985
+ User-Name Attribute (1), length: 5, Value: bob
+ User-Password Attribute (2), length: 18, Value:
+ Error-Cause Attribute (101), length: 6, Value: Error cause 201: Residual Session Context Removed
+ Error-Cause Attribute (101), length: 6, Value: Error cause 209: Error-Cause 209 not known