2 * Routines for RADIUS packet disassembly
3 * Copyright 1999 Johan Feyaerts
5 * RFC 2865, RFC 2866, RFC 2867, RFC 2868, RFC 2869
7 * $Id: packet-radius.c,v 1.55 2002/04/14 23:04:04 guy Exp $
9 * Ethereal - Network traffic analyzer
10 * By Gerald Combs <gerald@ethereal.com>
11 * Copyright 1998 Gerald Combs
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
32 #ifdef HAVE_SYS_TYPES_H
33 # include <sys/types.h>
36 #ifdef HAVE_NETINET_IN_H
37 #include <netinet/in.h>
46 #include <epan/packet.h>
47 #include <epan/resolv.h>
49 static int proto_radius = -1;
50 static int hf_radius_length = -1;
51 static int hf_radius_code = -1;
52 static int hf_radius_id =-1;
54 static gint ett_radius = -1;
55 static gint ett_radius_avp = -1;
56 static gint ett_radius_eap = -1;
58 static dissector_handle_t eap_fragment_handle;
60 #define UDP_PORT_RADIUS 1645
61 #define UDP_PORT_RADIUS_NEW 1812
62 #define UDP_PORT_RADACCT 1646
63 #define UDP_PORT_RADACCT_NEW 1813
65 typedef struct _e_radiushdr {
71 typedef struct _e_avphdr {
76 typedef struct _value_value_pair {
81 #define RADIUS_ACCESS_REQUEST 1
82 #define RADIUS_ACCESS_ACCEPT 2
83 #define RADIUS_ACCESS_REJECT 3
84 #define RADIUS_ACCOUNTING_REQUEST 4
85 #define RADIUS_ACCOUNTING_RESPONSE 5
86 #define RADIUS_ACCESS_CHALLENGE 11
87 #define RADIUS_STATUS_SERVER 12
88 #define RADIUS_STATUS_CLIENT 13
89 #define RADIUS_RESERVED 255
91 #define RD_TP_USER_NAME 1
92 #define RD_TP_USER_PASSWORD 2
93 #define RD_TP_CHAP_PASSWORD 3
94 #define RD_TP_NAS_IP_ADDRESS 4
95 #define RD_TP_NAS_PORT 5
96 #define RD_TP_SERVICE_TYPE 6
97 #define RD_TP_FRAMED_PROTOCOL 7
98 #define RD_TP_FRAMED_IP_ADDRESS 8
99 #define RD_TP_FRAMED_IP_NETMASK 9
100 #define RD_TP_FRAMED_ROUTING 10
101 #define RD_TP_FILTER_ID 11
102 #define RD_TP_FRAMED_MTU 12
103 #define RD_TP_FRAMED_COMPRESSION 13
104 #define RD_TP_LOGIN_IP_HOST 14
105 #define RD_TP_LOGIN_SERVICE 15
106 #define RD_TP_LOGIN_TCP_PORT 16
107 #define RD_TP_UNASSIGNED 17
108 #define RD_TP_REPLY_MESSAGE 18
109 #define RD_TP_CALLBACK_NUMBER 19
110 #define RD_TP_CALLBACK_ID 20
111 #define RD_TP_UNASSIGNED2 21
112 #define RD_TP_FRAMED_ROUTE 22
113 #define RD_TP_FRAMED_IPX_NETWORK 23
114 #define RD_TP_STATE 24
115 #define RD_TP_CLASS 25
116 #define RD_TP_VENDOR_SPECIFIC 26
117 #define RD_TP_SESSION_TIMEOUT 27
118 #define RD_TP_IDLE_TIMEOUT 28
119 #define RD_TP_TERMINATING_ACTION 29
120 #define RD_TP_CALLED_STATION_ID 30
121 #define RD_TP_CALLING_STATION_ID 31
122 #define RD_TP_NAS_IDENTIFIER 32
123 #define RD_TP_PROXY_STATE 33
124 #define RD_TP_LOGIN_LAT_SERVICE 34
125 #define RD_TP_LOGIN_LAT_NODE 35
126 #define RD_TP_LOGIN_LAT_GROUP 36
127 #define RD_TP_FRAMED_APPLETALK_LINK 37
128 #define RD_TP_FRAMED_APPLETALK_NETWORK 38
129 #define RD_TP_FRAMED_APPLETALK_ZONE 39
130 #define RD_TP_ACCT_STATUS_TYPE 40
131 #define RD_TP_ACCT_DELAY_TIME 41
132 #define RD_TP_ACCT_INPUT_OCTETS 42
133 #define RD_TP_ACCT_OUTPUT_OCTETS 43
134 #define RD_TP_ACCT_SESSION_ID 44
135 #define RD_TP_ACCT_AUTHENTIC 45
136 #define RD_TP_ACCT_SESSION_TIME 46
137 #define RD_TP_ACCT_INPUT_PACKETS 47
138 #define RD_TP_ACCT_OUTPUT_PACKETS 48
139 #define RD_TP_ACCT_TERMINATE_CAUSE 49
140 #define RD_TP_ACCT_MULTI_SESSION_ID 50
141 #define RD_TP_ACCT_LINK_COUNT 51
142 #define RD_TP_ACCT_INPUT_GIGAWORDS 52
143 #define RD_TP_ACCT_OUTPUT_GIGAWORDS 53
145 #define RD_TP_EVENT_TIMESTAMP 55
147 #define RD_TP_CHAP_CHALLENGE 60
148 #define RD_TP_NAS_PORT_TYPE 61
149 #define RD_TP_PORT_LIMIT 62
150 #define RD_TP_LOGIN_LAT_PORT 63
151 #define RD_TP_TUNNEL_TYPE 64
152 #define RD_TP_TUNNEL_MEDIUM_TYPE 65
153 #define RD_TP_TUNNEL_CLIENT_ENDPOINT 66
154 #define RD_TP_TUNNEL_SERVER_ENDPOINT 67
155 #define RD_TP_TUNNEL_CONNECTION 68
156 #define RD_TP_TUNNEL_PASSWORD 69
157 #define RD_TP_ARAP_PASSWORD 70
158 #define RD_TP_ARAP_FEATURES 71
159 #define RD_TP_ARAP_ZONE_ACCESS 72
160 #define RD_TP_ARAP_SECURITY 73
161 #define RD_TP_ARAP_SECURITY_DATA 74
162 #define RD_TP_PASSWORD_RETRY 75
163 #define RD_TP_PROMPT 76
164 #define RD_TP_CONNECT_INFO 77
165 #define RD_TP_CONFIGURATION_TOKEN 78
166 #define RD_TP_EAP_MESSAGE 79
167 #define RD_TP_MESSAGE_AUTHENTICATOR 80
168 #define RD_TP_TUNNEL_PRIVATE_GROUP_ID 81
169 #define RD_TP_TUNNEL_ASSIGNMENT_ID 82
170 #define RD_TP_TUNNEL_TUNNEL_PREFERENCE 83
171 #define RD_TP_TUNNEL_PACKETS_LOST 86
172 #define RD_TP_NAS_PORT_ID 87
173 #define RD_TP_TUNNEL_CLIENT_AUTH_ID 90
174 #define RD_TP_TUNNEL_SERVER_AUTH_ID 91
175 #define RD_TP_ASCEND_MODEM_PORTNO 120
176 #define RD_TP_ASCEND_MODEM_SLOTNO 121
177 #define RD_TP_ASCEND_MULTILINK_ID 187
178 #define RD_TP_ASCEND_NUM_IN_MULTILINK 188
179 #define RD_TP_ASCEND_FIRST_DEST 189
180 #define RD_TP_ASCEND_PRE_INPUT_OCTETS 190
181 #define RD_TP_ASCEND_PRE_OUTPUT_OCTETS 191
182 #define RD_TP_ASCEND_PRE_INPUT_PACKETS 192
183 #define RD_TP_ASCEND_PRE_OUTPUT_PACKETS 193
184 #define RD_TP_ASCEND_MAXIMUM_TIME 194
185 #define RD_TP_ASCEND_DISCONNECT_CAUSE 195
186 #define RD_TP_ASCEND_CONNECT_PROGRESS 196
187 #define RD_TP_ASCEND_DATA_RATE 197
188 #define RD_TP_ASCEND_PRESESSION_TIME 198
189 #define RD_TP_ASCEND_ASSIGN_IP_POOL 218
190 #define RD_TP_ASCEND_XMIT_RATE 255
196 #define AUTHENTICATOR_LENGTH 16
197 #define RD_HDR_LENGTH 4
200 #define RADIUS_STRING 1
201 #define RADIUS_BINSTRING 2
202 #define RADIUS_INTEGER4 3
203 #define RADIUS_IP_ADDRESS 4
204 #define RADIUS_SERVICE_TYPE 5
205 #define RADIUS_FRAMED_PROTOCOL 6
206 #define RADIUS_FRAMED_ROUTING 7
207 #define RADIUS_FRAMED_COMPRESSION 8
208 #define RADIUS_LOGIN_SERVICE 9
209 #define RADIUS_UNKNOWN 10
210 #define RADIUS_IPX_ADDRESS 11
211 #define RADIUS_TERMINATING_ACTION 12
212 #define RADIUS_ACCOUNTING_STATUS_TYPE 13
213 #define RADIUS_ACCT_AUTHENTIC 14
214 #define RADIUS_ACCT_TERMINATE_CAUSE 15
215 #define RADIUS_NAS_PORT_TYPE 16
216 #define RADIUS_TUNNEL_TYPE 17
217 #define RADIUS_TUNNEL_MEDIUM_TYPE 18
218 #define RADIUS_STRING_TAGGED 19
219 #define RADIUS_VENDOR_SPECIFIC 20
220 #define RADIUS_TIMESTAMP 21
221 #define RADIUS_INTEGER4_TAGGED 22
223 static value_string radius_vals[] = {
224 {RADIUS_ACCESS_REQUEST, "Access Request"},
225 {RADIUS_ACCESS_ACCEPT, "Access Accept"},
226 {RADIUS_ACCESS_REJECT, "Access Reject"},
227 {RADIUS_ACCOUNTING_REQUEST, "Accounting Request"},
228 {RADIUS_ACCOUNTING_RESPONSE, "Accounting Response"},
229 {RADIUS_ACCESS_CHALLENGE, "Access challenge"},
230 {RADIUS_STATUS_SERVER, "StatusServer"},
231 {RADIUS_STATUS_CLIENT, "StatusClient"},
232 {RADIUS_RESERVED, "Reserved"},
235 static value_string radius_service_type_vals[]=
238 {3, "Callback Login"},
239 {4, "Callback Framed"},
241 {6, "Administrative"},
243 {8, "Authenticate Only"},
244 {9, "Callback NAS Prompt"},
249 * These are SMI Network Management Private Enterprise Codes for
252 * http://www.isi.edu/in-notes/iana/assignments/enterprise-numbers
257 #define VENDOR_CISCO 9
258 #define VENDOR_SHIVA 166
259 #define VENDOR_LIVINGSTON 307
260 #define VENDOR_MICROSOFT 311
261 #define VENDOR_3COM 429
262 #define VENDOR_ASCEND 529
263 #define VENDOR_BAY 1584
264 #define VENDOR_JUNIPER 2636
265 #define VENDOR_COSINE 3085
266 #define VENDOR_UNISPHERE 4874
267 #define VENDOR_ISSANNI 5948
269 static value_string radius_vendor_specific_vendors[]=
271 {VENDOR_CISCO,"Cisco"},
272 {VENDOR_SHIVA,"Shiva"},
273 {VENDOR_MICROSOFT,"Microsoft"},
274 {VENDOR_LIVINGSTON,"Livingston"},
275 {VENDOR_3COM,"3Com"},
276 {VENDOR_ASCEND,"Ascend"},
277 {VENDOR_BAY,"Bay Networks"},
278 {VENDOR_JUNIPER,"Juniper Networks"},
279 {VENDOR_COSINE,"CoSine Communications"},
280 {VENDOR_UNISPHERE,"Unisphere Networks"},
281 {VENDOR_ISSANNI,"Issanni Communications"},
286 'dictoinary.cisco' file from FreeRADIUS
287 http://www.freeradius.org
288 radiusd/raddb/dictionary.cisco
290 http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/vapp_dev/vsaig3.htm
292 http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fappendx/fradattr/scfrdat3.pdf
293 http://www.missl.cs.umd.edu/wireless/ethereal/cisco-vsa.pdf
297 /* stanard sttributes */
298 #define VENDOR_CISCO_AVP_CISCO 1
299 #define VENDOR_CISCO_NAS_PORT 2
301 #define VENDOR_CISCO_FAX_ACCOUNT_ID_ORIGIN 3
302 #define VENDOR_CISCO_FAX_MSG_ID 4
303 #define VENDOR_CISCO_FAX_PAGES 5
304 #define VENDOR_CISCO_FAX_COVERPAGE_FLAG 6
305 #define VENDOR_CISCO_FAX_MODEM_TIME 7
306 #define VENDOR_CISCO_FAX_CONNECT_SPEED 8
307 #define VENDOR_CISCO_FAX_RECIPENT_COUNT 9
308 #define VENDOR_CISCO_FAX_PROCESS_ABORT_FLAG 10
309 #define VENDOR_CISCO_FAX_DSN_ADDRESS 11
310 #define VENDOR_CISCO_FAX_DSN_FLAG 12
311 #define VENDOR_CISCO_FAX_MDN_ADDRESS 13
312 #define VENDOR_CISCO_FAX_MDN_FLAG 14
313 #define VENDOR_CISCO_FAX_AUTH_STATUS 15
314 #define VENDOR_CISCO_EMAIL_SERVER_ADDRESS 16
315 #define VENDOR_CISCO_EMAIL_SERVER_ACK_FLAG 17
316 #define VENDOR_CISCO_GATEWAY_ID 18
317 #define VENDOR_CISCO_CALL_TYPE 19
318 #define VENDOR_CISCO_PORT_USED 20
319 #define VENDOR_CISCO_ABORT_CAUSE 21
321 /* H323 - Voice over IP attributes. */
322 #define VENDOR_CISCO_H323_REMOTE_ADDRESS 23
323 #define VENDOR_CISCO_H323_CONF_ID 24
324 #define VENDOR_CISCO_H323_SETUP_TIME 25
325 #define VENDOR_CISCO_H323_CALL_ORIGIN 26
326 #define VENDOR_CISCO_H323_CALL_TYPE 27
327 #define VENDOR_CISCO_H323_CONNECT_TIME 28
328 #define VENDOR_CISCO_H323_DISCONNECT_TIME 29
329 #define VENDOR_CISCO_H323_DISCONNECT_CAUSE 30
330 #define VENDOR_CISCO_H323_VOICE_QUALITY 31
332 #define VENDOR_CISCO_H323_GW_ID 33
334 #define VENDOR_CISCO_H323_INCOMING_CONF_ID 35
336 #define VENDOR_CISCO_H323_CREDIT_AMOUNT 101
337 #define VENDOR_CISCO_H323_CREDIT_TIME 102
338 #define VENDOR_CISCO_H323_RETURN_CODE 103
339 #define VENDOR_CISCO_H323_PROMPT_ID 104
340 #define VENDOR_CISCO_H323_TIME_AND_DAY 105
341 #define VENDOR_CISCO_H323_REDIRECT_NUMBER 106
342 #define VENDOR_CISCO_H323_PREFERRED_LANG 107
343 #define VENDOR_CISCO_H323_REDIRECT_IP_ADDRESS 108
344 #define VENDOR_CISCO_H323_BILLING_MODEL 109
345 #define VENDOR_CISCO_H323_CURRENCY_TYPE 110
348 Extra attributes sent by the Cisco, if you configure
349 "radius-server vsa accounting" (requires IOS11.2+).
351 #define VENDOR_CISCO_MULTILINK_ID 187
352 #define VENDOR_CISCO_NUM_IN_MULTILINK 188
354 #define VENDOR_CISCO_PRE_INPUT_OCTETS 190
355 #define VENDOR_CISCO_PRE_OUTPUT_OCTETS 191
356 #define VENDOR_CISCO_PRE_INPUT_PACKETS 192
357 #define VENDOR_CISCO_PRE_OUTPUT_PACKETS 193
358 #define VENDOR_CISCO_MAXIMUM_TIME 194
359 #define VENDOR_CISCO_DISCONNECT_CAUSE 195
361 #define VENDOR_CISCO_DATA_RATE 197
362 #define VENDOR_CISCO_PRESESSION_TIME 198
364 #define VENDOR_CISCO_PW_LIFETIME 208
365 #define VENDOR_CISCO_IP_DIRECT 209
366 #define VENDOR_CISCO_PPP_VJ_SLOT_COMP 210
368 #define VENDOR_CISCO_PPP_ASYNC_MAP 212
370 #define VENDOR_CISCO_IP_POOL_DEFINITION 217
371 #define VENDOR_CISCO_ASING_IP_POOL 218
373 #define VENDOR_CISCO_ROUTE_IP 228
375 #define VENDOR_CISCO_LINK_COMPRESSION 233
376 #define VENDOR_CISCO_TARGET_UTIL 234
377 #define VENDOR_CISCO_MAXIMUM_CHANNELS 235
379 #define VENDOR_CISCO_DATA_FILTER 242
380 #define VENDOR_CISCO_CALL_FILTER 243
381 #define VENDOR_CISCO_IDLE_LIMIT 244
382 #define VENDOR_CISCO_XMIT_RATE 255
384 static value_string radius_vendor_cisco_types[]=
385 {{VENDOR_CISCO_AVP_CISCO ,"Cisco AV Pair" },
386 { VENDOR_CISCO_NAS_PORT ,"Cisco NAS Port" },
387 { VENDOR_CISCO_FAX_ACCOUNT_ID_ORIGIN ,"Fax Account Id Origin" },
388 { VENDOR_CISCO_FAX_MSG_ID ,"Fax Msg Id" },
389 { VENDOR_CISCO_FAX_PAGES ,"Fax Pages" },
390 { VENDOR_CISCO_FAX_COVERPAGE_FLAG ,"Fax Cover Page Flag" },
391 { VENDOR_CISCO_FAX_MODEM_TIME ,"Fax Modem Time" },
392 { VENDOR_CISCO_FAX_CONNECT_SPEED ,"Fax Connect Speed" },
393 { VENDOR_CISCO_FAX_RECIPENT_COUNT ,"Fax Recipent Count" },
394 { VENDOR_CISCO_FAX_PROCESS_ABORT_FLAG ,"Fax Process Abort Flag" },
395 { VENDOR_CISCO_FAX_DSN_ADDRESS ,"Fax DSN Address" },
396 { VENDOR_CISCO_FAX_DSN_FLAG ,"Fax DSN Flag" },
397 { VENDOR_CISCO_FAX_MDN_ADDRESS ,"Fax MDN Address" },
398 { VENDOR_CISCO_FAX_MDN_FLAG ,"Fax MDN Flag" },
399 { VENDOR_CISCO_FAX_AUTH_STATUS ,"Fax Auth Status" },
400 { VENDOR_CISCO_EMAIL_SERVER_ADDRESS ,"Email Server Address" },
401 { VENDOR_CISCO_EMAIL_SERVER_ACK_FLAG ,"Email Server Ack Flag" },
402 { VENDOR_CISCO_GATEWAY_ID ,"Gateway Id" },
403 { VENDOR_CISCO_CALL_TYPE ,"Call Type" },
404 { VENDOR_CISCO_PORT_USED ,"Port Used" },
405 { VENDOR_CISCO_ABORT_CAUSE ,"Abort Cause" },
406 { VENDOR_CISCO_H323_REMOTE_ADDRESS ,"H323 Remote Address" },
407 { VENDOR_CISCO_H323_CONF_ID ,"H323 Conf Id" },
408 { VENDOR_CISCO_H323_SETUP_TIME ,"H323 Setup Time" },
409 { VENDOR_CISCO_H323_CALL_ORIGIN ,"H323 Call Origin" },
410 { VENDOR_CISCO_H323_CALL_TYPE ,"H323 Call Type" },
411 { VENDOR_CISCO_H323_CONNECT_TIME ,"H323 Connect Time" },
412 { VENDOR_CISCO_H323_DISCONNECT_TIME ,"H323 Disconnect Time" },
413 { VENDOR_CISCO_H323_DISCONNECT_CAUSE ,"H323 Disconnect Cause" },
414 { VENDOR_CISCO_H323_VOICE_QUALITY ,"H323 Voice Quality" },
415 { VENDOR_CISCO_H323_GW_ID ,"H323 GW Id" },
416 { VENDOR_CISCO_H323_INCOMING_CONF_ID ,"H323 Incoming Conf Id" },
417 { VENDOR_CISCO_H323_CREDIT_AMOUNT ,"H323 Credit Amount" },
418 { VENDOR_CISCO_H323_CREDIT_TIME ,"H323 Credit Time" },
419 { VENDOR_CISCO_H323_RETURN_CODE ,"H323 Return Code" },
420 { VENDOR_CISCO_H323_PROMPT_ID ,"H323 Prompt Id" },
421 { VENDOR_CISCO_H323_TIME_AND_DAY ,"H323 Time And Day" },
422 { VENDOR_CISCO_H323_REDIRECT_NUMBER ,"H323 Redirect Number" },
423 { VENDOR_CISCO_H323_PREFERRED_LANG ,"H323 Preferred Lang" },
424 { VENDOR_CISCO_H323_REDIRECT_IP_ADDRESS ,"H323 Redirect Ip Address" },
425 { VENDOR_CISCO_H323_BILLING_MODEL ,"H323 Billing Model" },
426 { VENDOR_CISCO_H323_CURRENCY_TYPE ,"H323 Currency Type" },
427 { VENDOR_CISCO_MULTILINK_ID ,"Cisco Multilink ID" },
428 { VENDOR_CISCO_NUM_IN_MULTILINK ,"Cisco Num In Multilink" },
429 { VENDOR_CISCO_PRE_INPUT_OCTETS ,"Cisco Pre Input Octets" },
430 { VENDOR_CISCO_PRE_OUTPUT_OCTETS ,"Cisco Pre Output Octets" },
431 { VENDOR_CISCO_PRE_INPUT_PACKETS ,"Cisco Pre Input Packets" },
432 { VENDOR_CISCO_PRE_OUTPUT_PACKETS ,"Cisco Pre Output Packets" },
433 { VENDOR_CISCO_MAXIMUM_TIME ,"Cisco Maximum Time" },
434 { VENDOR_CISCO_DISCONNECT_CAUSE ,"Cisco Disconnect Cause" },
435 { VENDOR_CISCO_DATA_RATE ,"Cisco Data Rate" },
436 { VENDOR_CISCO_PRESESSION_TIME ,"Cisco PreSession Time" },
437 { VENDOR_CISCO_PW_LIFETIME ,"Cisco PW Lifetime" },
438 { VENDOR_CISCO_IP_DIRECT ,"Cisco IP Direct" },
439 { VENDOR_CISCO_PPP_VJ_SLOT_COMP ,"Cisco PPP VJ Slot Comp" },
440 { VENDOR_CISCO_PPP_ASYNC_MAP ,"Cisco PPP Async Map" },
441 { VENDOR_CISCO_IP_POOL_DEFINITION ,"Cisco IP Pool Definition" },
442 { VENDOR_CISCO_ASING_IP_POOL ,"Cisco Asing IP Pool" },
443 { VENDOR_CISCO_ROUTE_IP ,"Cisco Route IP" },
444 { VENDOR_CISCO_LINK_COMPRESSION ,"Cisco Link Compression" },
445 { VENDOR_CISCO_TARGET_UTIL ,"Cisco Target Util" },
446 { VENDOR_CISCO_MAXIMUM_CHANNELS ,"Cisco Maximum Channels" },
447 { VENDOR_CISCO_DATA_FILTER ,"Cisco Data Filter" },
448 { VENDOR_CISCO_CALL_FILTER ,"Cisco Call Filter" },
449 { VENDOR_CISCO_IDLE_LIMIT ,"Cisco Idle Limit" },
450 { VENDOR_CISCO_XMIT_RATE ,"Cisco Xmit Rate" },
453 #define VENDOR_COSINE_VSA_CONNECTION_PROFILE_NAME 1
454 #define VENDOR_COSINE_VSA_ENTERPRISE_ID 2
455 #define VENDOR_COSINE_VSA_ADDRESS_POOL_NAME 3
456 #define VENDOR_COSINE_VSA_DS_BYTE 4
457 #define VENDOR_COSINE_VSA_VPI_VCI 5
458 #define VENDOR_COSINE_VSA_DLCI 6
459 #define VENDOR_COSINE_VSA_LNS_IP_ADDRESS 7
460 #define VENDOR_COSINE_VSA_CLI_USER_PERMISSION_ID 8
462 static value_string radius_vendor_cosine_types[]=
463 {{VENDOR_COSINE_VSA_CONNECTION_PROFILE_NAME,"Connection Profile Name"},
464 {VENDOR_COSINE_VSA_ENTERPRISE_ID,"Enterprise ID"},
465 {VENDOR_COSINE_VSA_ADDRESS_POOL_NAME,"Address Pool Name"},
466 {VENDOR_COSINE_VSA_DS_BYTE,"DS Byte"},
467 {VENDOR_COSINE_VSA_VPI_VCI,"VPI/VCI"},
468 {VENDOR_COSINE_VSA_DLCI,"DLCI"},
469 {VENDOR_COSINE_VSA_LNS_IP_ADDRESS,"LNS IP Address"},
470 {VENDOR_COSINE_VSA_CLI_USER_PERMISSION_ID,"CLI User Permission ID"},
473 #define VENDOR_ISSANNI_VSA_SOFTFLOW_TEMPLATE 1
474 #define VENDOR_ISSANNI_VSA_NAT_POOL_NAME 2
475 #define VENDOR_ISSANNI_VSA_VRD 3
476 #define VENDOR_ISSANNI_VSA_TUNNEL_NAME 4
477 #define VENDOR_ISSANNI_VSA_IP_POOL_NAME 5
478 #define VENDOR_ISSANNI_VSA_PPPOE_URL 6
479 #define VENDOR_ISSANNI_VSA_PPPOE_MOTM 7
480 #define VENDOR_ISSANNI_VSA_SERVICE 8
481 #define VENDOR_ISSANNI_VSA_PRI_DNS 9
482 #define VENDOR_ISSANNI_VSA_SEC_DNS 10
483 #define VENDOR_ISSANNI_VSA_PRI_NBNS 11
484 #define VENDOR_ISSANNI_VSA_SEC_NBNS 12
485 #define VENDOR_ISSANNI_VSA_TRAFFIC_CLASS 13
486 #define VENDOR_ISSANNI_VSA_TUNNEL_TYPE 14
487 #define VENDOR_ISSANNI_VSA_NAT_TYPE 15
488 #define VENDOR_ISSANNI_VSA_QOS_CLASS 16
489 #define VENDOR_ISSANNI_VSA_IFACE_NAME 17
491 static value_string radius_vendor_issanni_types[]=
492 {{VENDOR_ISSANNI_VSA_SOFTFLOW_TEMPLATE,"Softflow Template"},
493 {VENDOR_ISSANNI_VSA_NAT_POOL_NAME,"NAT Pool"},
494 {VENDOR_ISSANNI_VSA_VRD,"Virtual Routing Domain"},
495 {VENDOR_ISSANNI_VSA_TUNNEL_NAME,"Tunnel Name"},
496 {VENDOR_ISSANNI_VSA_IP_POOL_NAME,"IP Pool Name"},
497 {VENDOR_ISSANNI_VSA_PPPOE_URL,"PPPoE URL"},
498 {VENDOR_ISSANNI_VSA_PPPOE_MOTM,"PPPoE MOTM"},
499 {VENDOR_ISSANNI_VSA_SERVICE,"PPPoE Service"},
500 {VENDOR_ISSANNI_VSA_PRI_DNS,"Primary DNS"},
501 {VENDOR_ISSANNI_VSA_SEC_DNS,"Secondary DNS"},
502 {VENDOR_ISSANNI_VSA_PRI_NBNS,"Primary NBNS"},
503 {VENDOR_ISSANNI_VSA_SEC_NBNS,"Secondary NBNS"},
504 {VENDOR_ISSANNI_VSA_TRAFFIC_CLASS,"Policing Traffic Class"},
505 {VENDOR_ISSANNI_VSA_TUNNEL_TYPE,"Tunnel Type"},
506 {VENDOR_ISSANNI_VSA_NAT_TYPE,"NAT Type"},
507 {VENDOR_ISSANNI_VSA_QOS_CLASS,"QoS Traffic Class"},
508 {VENDOR_ISSANNI_VSA_IFACE_NAME,"Interface Name"},
511 static value_string radius_framed_protocol_vals[]=
514 {3, "Appletalk Remote Access Protocol (ARAP)"},
515 {4, "Gandalf proprietary Singlelink/Multilink Protocol"},
516 {5, "Xylogics proprietary IPX/SLIP"},
517 {6, "X.75 Synchronous"},
522 static value_string radius_framed_routing_vals[]=
523 {{1, "Send Routing Packets"},
524 {2, "Listen for routing packets"},
525 {3, "Send and Listen"},
529 static value_string radius_framed_compression_vals[]=
530 {{1, "VJ TCP/IP Header Compression"},
531 {2, "IPX Header Compression"},
532 {3, "Stac-LZS compression"},
536 static value_string radius_login_service_vals[]=
543 {8, "TCP Clear Quit"},
547 static value_string radius_terminating_action_vals[]=
548 {{1, "RADIUS-Request"},
552 static value_string radius_accounting_status_type_vals[]=
555 {3, "Interim-Update"},
557 {8,"Accounting-Off"},
558 {9, "Tunnel-Start"}, /* Tunnel accounting */
559 {10, "Tunnel-Stop"}, /* Tunnel accounting */
560 {11, "Tunnel-Reject"}, /* Tunnel accounting */
561 {12, "Tunnel-Link-Start"}, /* Tunnel accounting */
562 {13, "Tunnel-Link-Stop"}, /* Tunnel accounting */
563 {14, "Tunnel-Link-Reject"}, /* Tunnel accounting */
566 static value_string radius_accounting_authentication_vals[]=
570 /* RFC 2866 says 3 is Remote. Is 7 a mistake? */
574 static value_string radius_acct_terminate_cause_vals[]=
575 {{1, "User Request"},
579 {5,"Session Timeout"},
586 {12, "Port Unneeded"},
587 {13, "Port Preempted"},
588 {14,"Port Suspended"},
589 {15,"Service Unavailable"},
595 static value_string radius_tunnel_type_vals[]=
610 static value_string radius_tunnel_medium_type_vals[]=
628 static value_string radius_nas_port_type_vals[]=
632 {3, "ISDN Async V.120"},
633 {4,"ISDN Async V.110"},
636 {7, "HDLC Clear Channel"},
647 {18,"Wireless Other"},
648 {19,"Wireless IEEE 802.11"},
651 static value_value_pair radius_printinfo[] = {
652 { RD_TP_USER_NAME, RADIUS_STRING },
653 { RD_TP_USER_PASSWORD,RADIUS_BINSTRING },
654 { RD_TP_CHAP_PASSWORD, RADIUS_BINSTRING },
655 { RD_TP_NAS_IP_ADDRESS, RADIUS_IP_ADDRESS },
656 { RD_TP_NAS_PORT, RADIUS_INTEGER4},
657 { RD_TP_SERVICE_TYPE, RADIUS_SERVICE_TYPE},
658 { RD_TP_FRAMED_PROTOCOL, RADIUS_FRAMED_PROTOCOL},
659 { RD_TP_FRAMED_IP_ADDRESS, RADIUS_IP_ADDRESS},
660 { RD_TP_FRAMED_IP_NETMASK, RADIUS_IP_ADDRESS},
661 { RD_TP_FRAMED_ROUTING, RADIUS_FRAMED_ROUTING},
662 { RD_TP_FILTER_ID, RADIUS_STRING},
663 { RD_TP_FRAMED_MTU, RADIUS_INTEGER4},
664 { RD_TP_FRAMED_COMPRESSION, RADIUS_FRAMED_COMPRESSION},
665 { RD_TP_LOGIN_IP_HOST, RADIUS_IP_ADDRESS},
666 { RD_TP_LOGIN_SERVICE, RADIUS_LOGIN_SERVICE},
667 { RD_TP_LOGIN_TCP_PORT, RADIUS_INTEGER4},
668 { RD_TP_UNASSIGNED, RADIUS_UNKNOWN},
669 { RD_TP_REPLY_MESSAGE, RADIUS_STRING},
670 { RD_TP_CALLBACK_NUMBER, RADIUS_BINSTRING},
671 { RD_TP_CALLBACK_ID, RADIUS_BINSTRING},
672 { RD_TP_UNASSIGNED2, RADIUS_UNKNOWN},
673 { RD_TP_FRAMED_ROUTE, RADIUS_STRING},
674 { RD_TP_FRAMED_IPX_NETWORK, RADIUS_IPX_ADDRESS},
675 { RD_TP_STATE, RADIUS_BINSTRING},
676 { RD_TP_CLASS, RADIUS_BINSTRING},
677 { RD_TP_VENDOR_SPECIFIC, RADIUS_VENDOR_SPECIFIC},
678 { RD_TP_SESSION_TIMEOUT, RADIUS_INTEGER4},
679 { RD_TP_IDLE_TIMEOUT, RADIUS_INTEGER4},
680 { RD_TP_TERMINATING_ACTION, RADIUS_TERMINATING_ACTION},
681 { RD_TP_CALLED_STATION_ID, RADIUS_BINSTRING},
682 { RD_TP_CALLING_STATION_ID, RADIUS_BINSTRING},
683 { RD_TP_NAS_IDENTIFIER, RADIUS_BINSTRING},
684 { RD_TP_PROXY_STATE, RADIUS_BINSTRING},
685 { RD_TP_LOGIN_LAT_SERVICE, RADIUS_BINSTRING},
686 { RD_TP_LOGIN_LAT_NODE, RADIUS_BINSTRING},
687 { RD_TP_LOGIN_LAT_GROUP, RADIUS_BINSTRING},
688 { RD_TP_FRAMED_APPLETALK_LINK, RADIUS_INTEGER4},
689 { RD_TP_FRAMED_APPLETALK_NETWORK, RADIUS_INTEGER4},
690 { RD_TP_FRAMED_APPLETALK_ZONE, RADIUS_BINSTRING},
691 { RD_TP_ACCT_STATUS_TYPE, RADIUS_ACCOUNTING_STATUS_TYPE},
692 { RD_TP_ACCT_DELAY_TIME, RADIUS_INTEGER4},
693 { RD_TP_ACCT_INPUT_OCTETS, RADIUS_INTEGER4},
694 { RD_TP_ACCT_OUTPUT_OCTETS, RADIUS_INTEGER4},
695 { RD_TP_ACCT_SESSION_ID, RADIUS_STRING},
696 { RD_TP_ACCT_AUTHENTIC, RADIUS_ACCT_AUTHENTIC},
697 { RD_TP_ACCT_SESSION_TIME, RADIUS_INTEGER4},
698 { RD_TP_ACCT_INPUT_PACKETS, RADIUS_INTEGER4},
699 { RD_TP_ACCT_OUTPUT_PACKETS, RADIUS_INTEGER4},
700 { RD_TP_ACCT_TERMINATE_CAUSE, RADIUS_ACCT_TERMINATE_CAUSE},
701 { RD_TP_ACCT_MULTI_SESSION_ID, RADIUS_STRING},
702 { RD_TP_ACCT_LINK_COUNT, RADIUS_INTEGER4},
703 { RD_TP_ACCT_INPUT_GIGAWORDS, RADIUS_INTEGER4},
704 { RD_TP_ACCT_OUTPUT_GIGAWORDS, RADIUS_INTEGER4},
705 { RD_TP_EVENT_TIMESTAMP, RADIUS_TIMESTAMP},
706 { RD_TP_CHAP_CHALLENGE, RADIUS_BINSTRING},
707 { RD_TP_NAS_PORT_TYPE, RADIUS_NAS_PORT_TYPE},
708 { RD_TP_PORT_LIMIT, RADIUS_INTEGER4},
709 { RD_TP_LOGIN_LAT_PORT, RADIUS_BINSTRING},
710 { RD_TP_TUNNEL_TYPE, RADIUS_TUNNEL_TYPE},
711 { RD_TP_TUNNEL_MEDIUM_TYPE, RADIUS_TUNNEL_MEDIUM_TYPE},
712 { RD_TP_TUNNEL_CLIENT_ENDPOINT, RADIUS_STRING_TAGGED},
713 { RD_TP_TUNNEL_SERVER_ENDPOINT, RADIUS_STRING_TAGGED},
714 { RD_TP_TUNNEL_CONNECTION, RADIUS_BINSTRING},
715 { RD_TP_TUNNEL_PASSWORD, RADIUS_STRING_TAGGED},
716 { RD_TP_ARAP_PASSWORD, RADIUS_BINSTRING},
717 { RD_TP_ARAP_FEATURES, RADIUS_BINSTRING},
718 { RD_TP_ARAP_ZONE_ACCESS, RADIUS_BINSTRING},
719 { RD_TP_ARAP_SECURITY, RADIUS_BINSTRING},
720 { RD_TP_ARAP_SECURITY_DATA, RADIUS_BINSTRING},
721 { RD_TP_PASSWORD_RETRY, RADIUS_BINSTRING},
722 { RD_TP_PROMPT, RADIUS_BINSTRING},
723 { RD_TP_CONNECT_INFO, RADIUS_STRING},
724 { RD_TP_CONFIGURATION_TOKEN, RADIUS_BINSTRING},
725 { RD_TP_EAP_MESSAGE, RADIUS_BINSTRING},
726 { RD_TP_MESSAGE_AUTHENTICATOR, RADIUS_BINSTRING},
727 { RD_TP_TUNNEL_PRIVATE_GROUP_ID, RADIUS_STRING_TAGGED},
728 { RD_TP_TUNNEL_ASSIGNMENT_ID, RADIUS_STRING_TAGGED},
729 { RD_TP_TUNNEL_TUNNEL_PREFERENCE, RADIUS_INTEGER4_TAGGED},
730 { RD_TP_TUNNEL_PACKETS_LOST, RADIUS_INTEGER4},
731 { RD_TP_NAS_PORT_ID, RADIUS_STRING},
732 { RD_TP_TUNNEL_CLIENT_AUTH_ID, RADIUS_STRING_TAGGED},
733 { RD_TP_TUNNEL_SERVER_AUTH_ID, RADIUS_STRING_TAGGED},
734 { RD_TP_ASCEND_MODEM_PORTNO, RADIUS_INTEGER4},
735 { RD_TP_ASCEND_MODEM_SLOTNO, RADIUS_INTEGER4},
736 { RD_TP_ASCEND_MULTILINK_ID, RADIUS_INTEGER4},
737 { RD_TP_ASCEND_NUM_IN_MULTILINK, RADIUS_INTEGER4},
738 { RD_TP_ASCEND_FIRST_DEST, RADIUS_IP_ADDRESS},
739 { RD_TP_ASCEND_PRE_INPUT_OCTETS, RADIUS_INTEGER4},
740 { RD_TP_ASCEND_PRE_OUTPUT_OCTETS, RADIUS_INTEGER4},
741 { RD_TP_ASCEND_PRE_INPUT_PACKETS, RADIUS_INTEGER4},
742 { RD_TP_ASCEND_PRE_OUTPUT_PACKETS, RADIUS_INTEGER4},
743 { RD_TP_ASCEND_MAXIMUM_TIME, RADIUS_INTEGER4},
744 { RD_TP_ASCEND_DISCONNECT_CAUSE, RADIUS_INTEGER4},
745 { RD_TP_ASCEND_CONNECT_PROGRESS, RADIUS_INTEGER4},
746 { RD_TP_ASCEND_DATA_RATE, RADIUS_INTEGER4},
747 { RD_TP_ASCEND_PRESESSION_TIME, RADIUS_INTEGER4},
748 { RD_TP_ASCEND_ASSIGN_IP_POOL, RADIUS_INTEGER4},
749 { RD_TP_ASCEND_XMIT_RATE, RADIUS_INTEGER4},
753 static value_string radius_attrib_type_vals[] = {
754 { RD_TP_USER_NAME, "User Name"},
755 { RD_TP_USER_PASSWORD, "User Password"},
756 { RD_TP_CHAP_PASSWORD, "Chap Password"},
757 { RD_TP_NAS_IP_ADDRESS, "NAS IP Address"},
758 { RD_TP_NAS_PORT, "NAS Port"},
759 { RD_TP_SERVICE_TYPE, "Service Type"},
760 { RD_TP_FRAMED_PROTOCOL, "Framed Protocol"},
761 { RD_TP_FRAMED_IP_ADDRESS, "Framed IP Address"},
762 { RD_TP_FRAMED_IP_NETMASK, "Framed IP Netmask"},
763 { RD_TP_FRAMED_ROUTING, "Framed Routing"},
764 { RD_TP_FILTER_ID, "Filter Id"},
765 { RD_TP_FRAMED_MTU, "Framed MTU"},
766 { RD_TP_FRAMED_COMPRESSION, "Framed Compression"},
767 { RD_TP_LOGIN_IP_HOST, "Login IP Host"},
768 { RD_TP_LOGIN_SERVICE, "Login Service"},
769 { RD_TP_LOGIN_TCP_PORT, "Login TCP Port"},
770 { RD_TP_UNASSIGNED, "Unassigned"},
771 { RD_TP_REPLY_MESSAGE, "Reply Message"},
772 { RD_TP_CALLBACK_NUMBER, "Callback Number"},
773 { RD_TP_CALLBACK_ID, "Callback Id"},
774 { RD_TP_UNASSIGNED2, "Unassigned"},
775 { RD_TP_FRAMED_ROUTE, "Framed Route"},
776 { RD_TP_FRAMED_IPX_NETWORK, "Framed IPX network"},
777 { RD_TP_STATE, "State"},
778 { RD_TP_CLASS, "Class"},
779 { RD_TP_VENDOR_SPECIFIC, "Vendor Specific" },
780 { RD_TP_SESSION_TIMEOUT, "Session Timeout"},
781 { RD_TP_IDLE_TIMEOUT, "Idle Timeout"},
782 { RD_TP_TERMINATING_ACTION, "Terminating Action"},
783 { RD_TP_CALLED_STATION_ID, "Called Station Id"},
784 { RD_TP_CALLING_STATION_ID, "Calling Station Id"},
785 { RD_TP_NAS_IDENTIFIER, "NAS identifier"},
786 { RD_TP_PROXY_STATE, "Proxy State"},
787 { RD_TP_LOGIN_LAT_SERVICE, "Login LAT Service"},
788 { RD_TP_LOGIN_LAT_NODE, "Login LAT Node"},
789 { RD_TP_LOGIN_LAT_GROUP, "Login LAT Group"},
790 { RD_TP_FRAMED_APPLETALK_LINK, "Framed Appletalk Link"},
791 { RD_TP_FRAMED_APPLETALK_NETWORK, "Framed Appletalk Network"},
792 { RD_TP_FRAMED_APPLETALK_ZONE, "Framed Appletalk Zone"},
793 { RD_TP_ACCT_STATUS_TYPE, "Acct Status Type"},
794 { RD_TP_ACCT_DELAY_TIME, "Acct Delay Time"},
795 { RD_TP_ACCT_INPUT_OCTETS, "Acct Input Octets"},
796 { RD_TP_ACCT_OUTPUT_OCTETS, "Acct Output Octets"},
797 { RD_TP_ACCT_SESSION_ID, "Acct Session Id"},
798 { RD_TP_ACCT_AUTHENTIC, "Acct Authentic"},
799 { RD_TP_ACCT_SESSION_TIME, "Acct Session Time"},
800 { RD_TP_ACCT_INPUT_PACKETS, "Acct Input Packets"},
801 { RD_TP_ACCT_OUTPUT_PACKETS, "Acct Output Packets"},
802 { RD_TP_ACCT_TERMINATE_CAUSE, "Acct Terminate Cause"},
803 { RD_TP_ACCT_MULTI_SESSION_ID, "Acct Multi Session Id"},
804 { RD_TP_ACCT_LINK_COUNT, "Acct Link Count"},
805 { RD_TP_ACCT_INPUT_GIGAWORDS, "Acct Input Gigawords"},
806 { RD_TP_ACCT_OUTPUT_GIGAWORDS, "Acct Output Gigawords"},
807 { RD_TP_EVENT_TIMESTAMP, "Event Timestamp"},
808 { RD_TP_CHAP_CHALLENGE, "Chap Challenge"},
809 { RD_TP_NAS_PORT_TYPE, "NAS Port Type"},
810 { RD_TP_PORT_LIMIT, "Port Limit"},
811 { RD_TP_LOGIN_LAT_PORT, "Login LAT Port"},
812 { RD_TP_TUNNEL_TYPE, "Tunnel Type"},
813 { RD_TP_TUNNEL_MEDIUM_TYPE, "Tunnel Medium Type"},
814 { RD_TP_TUNNEL_CLIENT_ENDPOINT, "Tunnel Client Endpoint"},
815 { RD_TP_TUNNEL_SERVER_ENDPOINT, "Tunnel Server Endpoint"},
816 { RD_TP_TUNNEL_CONNECTION, "Tunnel Connection"},
817 { RD_TP_TUNNEL_PASSWORD, "Tunnel Password"},
818 { RD_TP_ARAP_PASSWORD, "ARAP-Password"},
819 { RD_TP_ARAP_FEATURES, "ARAP-Features"},
820 { RD_TP_ARAP_ZONE_ACCESS, "ARAP-Zone-Access"},
821 { RD_TP_ARAP_SECURITY, "ARAP-Security"},
822 { RD_TP_ARAP_SECURITY_DATA, "ARAP-Security-Data"},
823 { RD_TP_PASSWORD_RETRY, "Password-Retry"},
824 { RD_TP_PROMPT, "Prompt"},
825 { RD_TP_CONNECT_INFO, "Connect-Info"},
826 { RD_TP_CONFIGURATION_TOKEN, "Configuration-Token"},
827 { RD_TP_EAP_MESSAGE, "EAP-Message"},
828 { RD_TP_MESSAGE_AUTHENTICATOR, "Message Authenticator"},
829 { RD_TP_TUNNEL_PRIVATE_GROUP_ID, "Tunnel Private Group ID"},
830 { RD_TP_TUNNEL_ASSIGNMENT_ID, "Tunnel Assignment ID"},
831 { RD_TP_TUNNEL_TUNNEL_PREFERENCE, "Tunnel Preference"},
832 { RD_TP_TUNNEL_PACKETS_LOST, "Tunnel Packets Lost"},
833 { RD_TP_NAS_PORT_ID, "NAS Port ID"},
834 { RD_TP_TUNNEL_CLIENT_AUTH_ID, "Tunnel Client Auth ID"},
835 { RD_TP_TUNNEL_SERVER_AUTH_ID, "Tunnel Server Auth ID"},
836 { RD_TP_ASCEND_MODEM_PORTNO, "Ascend Modem Port No"},
837 { RD_TP_ASCEND_MODEM_SLOTNO, "Ascend Modem Slot No"},
838 { RD_TP_ASCEND_MULTILINK_ID, "Ascend Multilink ID"},
839 { RD_TP_ASCEND_NUM_IN_MULTILINK, "Ascend Num In Multilink"},
840 { RD_TP_ASCEND_FIRST_DEST, "Ascend First Dest"},
841 { RD_TP_ASCEND_PRE_INPUT_OCTETS, "Ascend Pre Input Octets"},
842 { RD_TP_ASCEND_PRE_OUTPUT_OCTETS, "Ascend Pre Output Octets"},
843 { RD_TP_ASCEND_PRE_INPUT_PACKETS, "Ascend Pre Input Packets"},
844 { RD_TP_ASCEND_PRE_OUTPUT_PACKETS, "Ascend Pre Output Packets"},
845 { RD_TP_ASCEND_MAXIMUM_TIME, "Ascend Maximum Time"},
846 { RD_TP_ASCEND_DISCONNECT_CAUSE, "Ascend Disconnect Cause"},
847 { RD_TP_ASCEND_CONNECT_PROGRESS, "Ascend Connect Progress"},
848 { RD_TP_ASCEND_DATA_RATE, "Ascend Data Rate"},
849 { RD_TP_ASCEND_PRESESSION_TIME, "Ascend PreSession Time"},
850 { RD_TP_ASCEND_ASSIGN_IP_POOL, "Ascend Assign IP Pool"},
851 { RD_TP_ASCEND_XMIT_RATE, "Ascend Xmit Rate"},
855 static guint32 match_numval(guint32 val, const value_value_pair *vs)
860 if (vs[i].val1 == val)
868 static gchar textbuffer[2000];
871 rdconvertbufftostr(gchar *dest, tvbuff_t *tvb, int offset, int length)
873 /*converts the raw buffer into printable text */
876 const guint8 *pd = tvb_get_ptr(tvb, offset, length);
881 for (i=0; i < (guint32)length; i++)
883 if( isalnum((int)pd[i])||ispunct((int)pd[i])
884 ||((int)pd[i]==' ')) {
885 dest[totlen]=(gchar)pd[i];
890 sprintf(&(dest[totlen]), "\\%03u", pd[i]);
891 totlen=totlen+strlen(&(dest[totlen]));
899 static gchar *rd_match_strval(guint32 val, const value_string *vs) {
900 return val_to_str(val, vs, "Undefined (%u)");
903 static gchar *rd_value_to_str(e_avphdr *avph, tvbuff_t *tvb, int offset)
907 value_string *valstrarr;
913 extern char *tzname[2];
915 /* prints the values of the attribute value pairs into a text buffer */
916 print_type=match_numval(avph->avp_type,radius_printinfo);
919 strcpy(textbuffer,"Value:");
920 cont=&textbuffer[strlen(textbuffer)];
923 case( RADIUS_STRING ):
924 case( RADIUS_BINSTRING ):
925 rdconvertbufftostr(cont,tvb,offset+2,avph->avp_length-2);
927 case( RADIUS_INTEGER4 ):
928 sprintf(cont,"%u", tvb_get_ntohl(tvb,offset+2));
930 case( RADIUS_IP_ADDRESS ):
931 ip_to_str_buf(tvb_get_ptr(tvb,offset+2,4),cont);
933 case( RADIUS_SERVICE_TYPE ):
934 valstrarr=radius_service_type_vals;
935 strcpy(cont,rd_match_strval(tvb_get_ntohl(tvb,offset+2),valstrarr));
937 case( RADIUS_FRAMED_PROTOCOL ):
938 valstrarr= radius_framed_protocol_vals;
939 strcpy(cont,rd_match_strval(tvb_get_ntohl(tvb,offset+2),valstrarr));
941 case( RADIUS_FRAMED_ROUTING ):
942 valstrarr=radius_framed_routing_vals;
943 strcpy(cont,rd_match_strval(tvb_get_ntohl(tvb,offset+2),valstrarr));
945 case( RADIUS_FRAMED_COMPRESSION ):
946 valstrarr=radius_framed_compression_vals;
947 strcpy(cont,rd_match_strval(tvb_get_ntohl(tvb,offset+2),valstrarr));
949 case( RADIUS_LOGIN_SERVICE ):
950 valstrarr=radius_login_service_vals;
951 strcpy(cont,rd_match_strval(tvb_get_ntohl(tvb,offset+2),valstrarr));
953 case( RADIUS_IPX_ADDRESS ):
954 pd = tvb_get_ptr(tvb,offset+2,4);
955 sprintf(cont,"%u:%u:%u:%u",(guint8)pd[offset+2],
956 (guint8)pd[offset+3],(guint8)pd[offset+4],
957 (guint8)pd[offset+5]);
958 case( RADIUS_TERMINATING_ACTION ):
959 valstrarr=radius_terminating_action_vals;
960 strcpy(cont,rd_match_strval(tvb_get_ntohl(tvb,offset+2),valstrarr));
962 case( RADIUS_ACCOUNTING_STATUS_TYPE ):
963 valstrarr=radius_accounting_status_type_vals;
964 strcpy(cont,rd_match_strval(tvb_get_ntohl(tvb,offset+2),valstrarr));
966 case( RADIUS_ACCT_AUTHENTIC ):
967 valstrarr=radius_accounting_authentication_vals;
968 strcpy(cont,rd_match_strval(tvb_get_ntohl(tvb,offset+2),valstrarr));
970 case( RADIUS_ACCT_TERMINATE_CAUSE ):
971 valstrarr=radius_acct_terminate_cause_vals;
972 strcpy(cont,rd_match_strval(tvb_get_ntohl(tvb,offset+2),valstrarr));
974 case( RADIUS_NAS_PORT_TYPE ):
975 valstrarr=radius_nas_port_type_vals;
976 strcpy(cont,rd_match_strval(tvb_get_ntohl(tvb,offset+2),valstrarr));
978 case( RADIUS_TUNNEL_TYPE ):
979 valstrarr=radius_tunnel_type_vals;
981 intval = tvb_get_ntohl(tvb,offset+2);
983 sprintf(textbuffer, "Tag:%u, Value:%s",
985 rd_match_strval(intval & 0xffffff,valstrarr));
988 strcpy(cont,rd_match_strval(intval,valstrarr));
990 case( RADIUS_TUNNEL_MEDIUM_TYPE ):
991 valstrarr=radius_tunnel_medium_type_vals;
992 intval = tvb_get_ntohl(tvb,offset+2);
995 sprintf(textbuffer, "Tag:%u, Value:%s",
997 rd_match_strval(intval & 0xffffff,valstrarr));
1000 strcpy(cont,rd_match_strval(intval,valstrarr));
1002 case( RADIUS_STRING_TAGGED ):
1004 tag = tvb_get_guint8(tvb,offset+2);
1006 sprintf(textbuffer, "Tag:%u, Value:",
1008 cont=&textbuffer[strlen(textbuffer)];
1009 rdconvertbufftostr(cont,tvb,offset+3,avph->avp_length-3);
1012 rdconvertbufftostr(cont,tvb,offset+2,avph->avp_length-2);
1014 case ( RADIUS_VENDOR_SPECIFIC ):
1015 valstrarr=radius_vendor_specific_vendors;
1016 sprintf(textbuffer,"Vendor:%s,",
1017 rd_match_strval(tvb_get_ntohl(tvb,offset+2),valstrarr));
1018 cont=&textbuffer[strlen(textbuffer)];
1019 switch (tvb_get_ntohl(tvb,offset+2)) {
1020 case ( VENDOR_CISCO ):
1021 vtype = tvb_get_guint8(tvb,offset+6);
1023 case ( VENDOR_CISCO_AVP_CISCO ):
1024 sprintf(cont," Type:%s, Len:%i Value:",
1025 rd_match_strval(vtype,radius_vendor_cisco_types),
1026 avph->avp_length-8);
1027 cont=&textbuffer[strlen(textbuffer)];
1028 rdconvertbufftostr(cont,tvb,offset+8,
1029 avph->avp_length-8);
1032 sprintf(cont," Type:%s, Len:%i Value:",
1033 rd_match_strval(vtype,radius_vendor_cisco_types),
1034 avph->avp_length-8);
1035 cont=&textbuffer[strlen(textbuffer)];
1036 rdconvertbufftostr(cont,tvb,offset+8,
1037 avph->avp_length-8);
1041 case ( VENDOR_COSINE ):
1042 vtype = tvb_get_guint8(tvb,offset+6);
1044 case ( VENDOR_COSINE_VSA_CONNECTION_PROFILE_NAME ):
1045 case ( VENDOR_COSINE_VSA_ENTERPRISE_ID ):
1046 case ( VENDOR_COSINE_VSA_ADDRESS_POOL_NAME ):
1047 case ( VENDOR_COSINE_VSA_CLI_USER_PERMISSION_ID ):
1048 sprintf(cont," Type:%s, Value:",
1049 rd_match_strval(vtype, radius_vendor_cosine_types));
1050 cont=&textbuffer[strlen(textbuffer)];
1051 rdconvertbufftostr(cont,tvb,offset+8,avph->avp_length-8);
1053 case ( VENDOR_COSINE_VSA_VPI_VCI ):
1054 sprintf(cont," Type:%s, Value:%u/%u",
1055 rd_match_strval(vtype, radius_vendor_cosine_types),
1056 tvb_get_ntohs(tvb,offset+8),
1057 tvb_get_ntohs(tvb,offset+10));
1059 case ( VENDOR_COSINE_VSA_DS_BYTE ):
1060 case ( VENDOR_COSINE_VSA_DLCI ):
1061 sprintf(cont," Type:%s, Value:%u",
1062 rd_match_strval(vtype, radius_vendor_cosine_types),
1063 tvb_get_ntohl(tvb,offset+8));
1065 case ( VENDOR_COSINE_VSA_LNS_IP_ADDRESS ):
1066 sprintf(cont," Type:%s, Value:",
1067 rd_match_strval(vtype, radius_vendor_cosine_types));
1068 cont=&textbuffer[strlen(textbuffer)];
1069 ip_to_str_buf(tvb_get_ptr(tvb,offset+8,4),cont);
1072 sprintf(cont," Unknown Value Type");
1076 case ( VENDOR_ISSANNI ):
1077 vtype = tvb_get_guint8(tvb,offset+6);
1079 case ( VENDOR_ISSANNI_VSA_SOFTFLOW_TEMPLATE ):
1080 case ( VENDOR_ISSANNI_VSA_NAT_POOL_NAME ):
1081 case ( VENDOR_ISSANNI_VSA_VRD ):
1082 case ( VENDOR_ISSANNI_VSA_TUNNEL_NAME ):
1083 case ( VENDOR_ISSANNI_VSA_IP_POOL_NAME ):
1084 case ( VENDOR_ISSANNI_VSA_PPPOE_URL ):
1085 case ( VENDOR_ISSANNI_VSA_PPPOE_MOTM ):
1086 case ( VENDOR_ISSANNI_VSA_SERVICE ):
1087 case ( VENDOR_ISSANNI_VSA_TRAFFIC_CLASS ):
1088 case ( VENDOR_ISSANNI_VSA_QOS_CLASS ):
1089 case ( VENDOR_ISSANNI_VSA_IFACE_NAME ):
1090 sprintf(cont," Type:%s, Value:",
1091 rd_match_strval(vtype, radius_vendor_issanni_types));
1092 cont=&textbuffer[strlen(textbuffer)];
1093 rdconvertbufftostr(cont,tvb,offset+8,avph->avp_length-8);
1095 case ( VENDOR_ISSANNI_VSA_NAT_TYPE ):
1096 case ( VENDOR_ISSANNI_VSA_TUNNEL_TYPE ):
1097 sprintf(cont," Type:%s, Value:%u",
1098 rd_match_strval(vtype, radius_vendor_issanni_types),
1099 tvb_get_ntohl(tvb,offset+8));
1101 case ( VENDOR_ISSANNI_VSA_PRI_DNS ):
1102 case ( VENDOR_ISSANNI_VSA_SEC_DNS ):
1103 case ( VENDOR_ISSANNI_VSA_PRI_NBNS ):
1104 case ( VENDOR_ISSANNI_VSA_SEC_NBNS ):
1105 sprintf(cont," Type:%s, Value:",
1106 rd_match_strval(vtype, radius_vendor_issanni_types));
1107 cont=&textbuffer[strlen(textbuffer)];
1108 ip_to_str_buf(tvb_get_ptr(tvb,offset+8,4),cont);
1111 sprintf(cont," Unknown Value Type");
1116 sprintf(cont, " Value:");
1117 rdconvertbufftostr(cont,tvb,offset+6,avph->avp_length-6);
1121 case( RADIUS_TIMESTAMP ):
1122 intval=tvb_get_ntohl(tvb,offset+2);
1123 rtimestamp=ctime((time_t*)&intval);
1124 rtimestamp[strlen(rtimestamp)-1]=0;
1125 sprintf(cont,"%d (%s %s)", tvb_get_ntohl(tvb,offset+2), rtimestamp, *tzname);
1127 case( RADIUS_INTEGER4_TAGGED ):
1128 intval = tvb_get_ntohl(tvb,offset+2);
1131 sprintf(textbuffer, "Tag:%u, Value:%u",
1136 sprintf(cont,"%u", intval);
1138 case( RADIUS_UNKNOWN ):
1140 strcpy(textbuffer,"Unknown Value Type");
1143 if (cont == textbuffer) {
1144 strcpy(cont,"Unknown Value");
1151 dissect_attribute_value_pairs(tvbuff_t *tvb, int offset,proto_tree *tree,
1152 int avplength,packet_info *pinfo)
1154 /* adds the attribute value pairs to the tree */
1158 guint8 *reassembled_data = NULL;
1159 int reassembled_data_len = 0;
1160 int data_needed = 0;
1165 proto_tree_add_text(tree, tvb,offset,0,"No Attribute Value Pairs Found");
1170 * In case we throw an exception, clean up whatever stuff we've
1171 * allocated (if any).
1173 CLEANUP_PUSH(g_free, reassembled_data);
1175 while (avplength > 0)
1177 tvb_memcpy(tvb,(guint8 *)&avph,offset,sizeof(e_avphdr));
1178 avptpstrval = match_strval(avph.avp_type, radius_attrib_type_vals);
1179 if (avptpstrval == NULL)
1180 avptpstrval = "Unknown Type";
1181 if (avph.avp_length < 2) {
1183 * This AVP is bogus - the length includes the type and length
1184 * fields, so it must be >= 2.
1187 proto_tree_add_text(tree, tvb, offset, avph.avp_length,
1188 "t:%s(%u) l:%u (length not >= 2)",
1189 avptpstrval, avph.avp_type, avph.avp_length);
1194 if (avph.avp_type == RD_TP_EAP_MESSAGE) {
1196 proto_tree *eap_tree = NULL;
1203 ti = proto_tree_add_text(tree, tvb, offset, avph.avp_length,
1205 avptpstrval, avph.avp_type, avph.avp_length);
1206 eap_tree = proto_item_add_subtree(ti, ett_radius_eap);
1208 tvb_len = tvb_length_remaining(tvb, offset+2);
1209 data_len = avph.avp_length-2;
1210 if (data_len < tvb_len)
1212 next_tvb = tvb_new_subset(tvb, offset+2, tvb_len, data_len);
1215 * Set the columns non-writable, so that the packet list
1216 * shows this as an RADIUS packet, not as an EAP packet.
1218 col_set_writable(pinfo->cinfo, FALSE);
1221 * RFC 2869 says, in section 5.13, describing the EAP-Message
1224 * The String field contains EAP packets, as defined in [3]. If
1225 * multiple EAP-Message attributes are present in a packet their
1226 * values should be concatenated; this allows EAP packets longer than
1227 * 253 octets to be passed by RADIUS.
1229 * Do reassembly of EAP-Message attributes.
1232 /* Are we in the process of reassembling? */
1233 if (reassembled_data != NULL) {
1234 /* Yes - show this as an EAP fragment. */
1236 proto_tree_add_text(eap_tree, next_tvb, 0, -1, "EAP fragment");
1239 * Do we have all of the data in this fragment?
1241 if (tvb_len >= data_len) {
1243 * Yes - add it to the reassembled data.
1245 tvb_memcpy(next_tvb, reassembled_data + reassembled_data_len,
1247 reassembled_data_len += data_len;
1248 data_needed -= data_len;
1249 if (data_needed <= 0) {
1251 * We got at least as much data as we needed; we're done
1253 * XXX - what if we got more?
1257 * Allocate a new tvbuff, referring to the reassembled payload.
1259 next_tvb = tvb_new_real_data(reassembled_data, reassembled_data_len,
1260 reassembled_data_len);
1263 * We have a tvbuff that refers to this data, so we shouldn't
1264 * free this data if we throw an exception; clear
1265 * "reassembled_data", so the cleanup handler won't free it.
1267 reassembled_data = NULL;
1268 reassembled_data_len = 0;
1272 * Arrange that the allocated packet data copy be freed when the
1275 tvb_set_free_cb(next_tvb, g_free);
1278 * Add the tvbuff to the list of tvbuffs to which the tvbuff we
1279 * were handed refers, so it'll get cleaned up when that tvbuff
1282 tvb_set_child_real_data_tvbuff(tvb, next_tvb);
1284 /* Add the defragmented data to the data source list. */
1285 add_new_data_source(pinfo->fd, next_tvb, "Reassembled EAP");
1287 /* Now dissect it. */
1288 call_dissector(eap_fragment_handle, next_tvb, pinfo, eap_tree);
1293 * No - hand it to the dissector.
1295 result = call_dissector(eap_fragment_handle, next_tvb, pinfo, eap_tree);
1297 /* This is only part of the full EAP packet; start reassembly. */
1298 proto_tree_add_text(eap_tree, next_tvb, 0, -1, "EAP fragment");
1299 reassembled_data_len = data_len;
1300 data_needed = -result;
1301 reassembled_data = g_malloc(reassembled_data_len + data_needed);
1302 tvb_memcpy(next_tvb, reassembled_data, 0, reassembled_data_len);
1307 valstr = rd_value_to_str(&avph, tvb, offset);
1308 proto_tree_add_text(tree, tvb, offset, avph.avp_length,
1309 "t:%s(%u) l:%u, %s",
1310 avptpstrval, avph.avp_type, avph.avp_length,
1315 offset = offset+avph.avp_length;
1316 avplength = avplength-avph.avp_length;
1320 * Call the cleanup handler to free any reassembled data we haven't
1321 * attached to a tvbuff, and pop the handler.
1323 CLEANUP_CALL_AND_POP;
1326 static void dissect_radius(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1328 proto_tree *radius_tree = NULL, *avptree = NULL;
1329 proto_item *ti,*avptf;
1333 int avplength,hdrlength;
1338 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1339 col_set_str(pinfo->cinfo, COL_PROTOCOL, "RADIUS");
1340 if (check_col(pinfo->cinfo, COL_INFO))
1341 col_clear(pinfo->cinfo, COL_INFO);
1343 tvb_memcpy(tvb,(guint8 *)&rh,0,sizeof(e_radiushdr));
1345 rhcode= (int)rh.rh_code;
1346 rhident= (int)rh.rh_ident;
1347 rhlength= (int)ntohs(rh.rh_pktlength);
1348 codestrval= match_strval(rhcode,radius_vals);
1349 if (codestrval==NULL)
1351 codestrval="Unknown Packet";
1353 if (check_col(pinfo->cinfo, COL_INFO))
1355 col_add_fstr(pinfo->cinfo,COL_INFO,"%s(%d) (id=%d, l=%d)",
1356 codestrval, rhcode, rhident, rhlength);
1361 ti = proto_tree_add_item(tree,proto_radius, tvb, 0, rhlength, FALSE);
1363 radius_tree = proto_item_add_subtree(ti, ett_radius);
1365 proto_tree_add_uint(radius_tree,hf_radius_code, tvb, 0, 1,
1367 proto_tree_add_uint_format(radius_tree,hf_radius_id, tvb, 1, 1,
1368 rh.rh_ident, "Packet identifier: 0x%01x (%d)",
1371 proto_tree_add_uint(radius_tree, hf_radius_length, tvb,
1373 proto_tree_add_text(radius_tree, tvb, 4,
1374 AUTHENTICATOR_LENGTH,
1378 hdrlength=RD_HDR_LENGTH+AUTHENTICATOR_LENGTH;
1379 avplength= rhlength -hdrlength;
1381 if (avplength > 0) {
1382 /* list the attribute value pairs */
1386 avptf = proto_tree_add_text(radius_tree,
1387 tvb,hdrlength,avplength,
1388 "Attribute value pairs");
1389 avptree = proto_item_add_subtree(avptf, ett_radius_avp);
1392 dissect_attribute_value_pairs(tvb, hdrlength, avptree, avplength, pinfo);
1395 /* registration with the filtering engine */
1397 proto_register_radius(void)
1399 static hf_register_info hf[] = {
1401 { "Code","radius.code", FT_UINT8, BASE_DEC, VALS(radius_vals), 0x0,
1405 { "Identifier", "radius.id", FT_UINT8, BASE_DEC, NULL, 0x0,
1408 { &hf_radius_length,
1409 { "Length","radius.length", FT_UINT16, BASE_DEC, NULL, 0x0,
1412 static gint *ett[] = {
1418 proto_radius = proto_register_protocol("Radius Protocol", "RADIUS",
1420 proto_register_field_array(proto_radius, hf, array_length(hf));
1421 proto_register_subtree_array(ett, array_length(ett));
1425 proto_reg_handoff_radius(void)
1427 dissector_handle_t radius_handle;
1430 * Get a handle for the EAP fragment dissector.
1432 eap_fragment_handle = find_dissector("eap_fragment");
1434 radius_handle = create_dissector_handle(dissect_radius, proto_radius);
1435 dissector_add("udp.port", UDP_PORT_RADIUS, radius_handle);
1436 dissector_add("udp.port", UDP_PORT_RADIUS_NEW, radius_handle);
1437 dissector_add("udp.port", UDP_PORT_RADACCT, radius_handle);
1438 dissector_add("udp.port", UDP_PORT_RADACCT_NEW, radius_handle);