Captive portal: Invalid AVP value in Radius accounting packet
-
Hello,
Using captive portal, with Radius authentication and accounting enabled, my server (tinyradius java lib) complains about malformed attribute value.
So, I launched Wireshark, and it seems there is effectivly a wrong attribute value. (I am no a Radius expert).
In accounting STOP packet, The NAS-Port attribute is of type Integer, and, as such should be of length=6 and in fact is of l=3, which is incorrect.Frame 451: 232 bytes on wire (1856 bits), 232 bytes captured (1856 bits) Ethernet II, Src: Vmware_d2:01:b6 (00:0c:29:d2:01:b6), Dst: Dell_68:e6:04 (b8:ac:6f:68:e6:04) Internet Protocol, Src: 192.168.0.140 (192.168.0.140), Dst: 192.168.0.5 (192.168.0.5) User Datagram Protocol, Src Port: 22796 (22796), Dst Port: radius-acct (1813) Radius Protocol Code: Accounting-Request (4) Packet identifier: 0xf1 (241) Length: 190 Authenticator: 6ac936e7ef0288e6fb62c89f9ef25ac6 [The response to this request is in frame 452] Attribute Value Pairs AVP: l=6 t=NAS-IP-Address(4): 192.168.0.140 AVP: l=21 t=NAS-Identifier(32): pfSense.localdomain AVP: l=4 t=User-Name(1): sa AVP: l=6 t=Acct-Status-Type(40): Stop(2) AVP: l=6 t=Acct-Session-Time(46): 43 AVP: l=6 t=Acct-Authentic(45): RADIUS(1) AVP: l=6 t=Service-Type(6): Login(1) AVP: l=6 t=NAS-Port-Type(61): Ethernet(15) AVP: **l=3** t=NAS-Port(5): 51 NAS-Port: 51 AVP: l=18 t=Acct-Session-Id(44): b7cafc4004ed6345 AVP: l=6 t=Framed-IP-Address(8): 192.168.20.128 AVP: l=15 t=Called-Station-Id(30): 192.168.0.140 AVP: l=19 t=Calling-Station-Id(31): 00:0c:29:b7:fc:c9 AVP: l=6 t=Acct-Input-Packets(47): 5 AVP: l=6 t=Acct-Input-Octets(42): 701 AVP: l=6 t=Acct-Input-Gigawords(52): 0 AVP: l=6 t=Acct-Output-Packets(48): 4 AVP: l=6 t=Acct-Output-Octets(43): 951 AVP: l=6 t=Acct-Output-Gigawords(53): 0 AVP: l=6 t=Acct-Session-Time(46): 43 AVP: l=6 t=Acct-Terminate-Cause(49): NAS-Request(10)Corresponding hexa dump:
0070 06 00 00 00 01 3d 06 00 00 00 0f **05 03 33** 2c 12 …..=.. .....3,.In all other packet types, this attribute is encoded properly, such as in Accounting START packet:
Frame 119: 181 bytes on wire (1448 bits), 181 bytes captured (1448 bits) Ethernet II, Src: Vmware_d2:01:b6 (00:0c:29:d2:01:b6), Dst: Dell_68:e6:04 (b8:ac:6f:68:e6:04) Internet Protocol, Src: 192.168.0.140 (192.168.0.140), Dst: 192.168.0.5 (192.168.0.5) User Datagram Protocol, Src Port: 56404 (56404), Dst Port: radius-acct (1813) Radius Protocol Code: Accounting-Request (4) Packet identifier: 0xf6 (246) Length: 139 Authenticator: fb7f69fee8eebf252e73122c10af4c0f [The response to this request is in frame 120] Attribute Value Pairs AVP: l=6 t=NAS-IP-Address(4): 192.168.0.140 AVP: l=21 t=NAS-Identifier(32): pfSense.localdomain AVP: l=4 t=User-Name(1): sa AVP: l=6 t=Acct-Status-Type(40): Start(1) AVP: l=6 t=Acct-Authentic(45): RADIUS(1) AVP: l=6 t=Service-Type(6): Login(1) AVP: l=6 t=NAS-Port-Type(61): Ethernet(15) AVP: **l=6** t=NAS-Port(5): 3 NAS-Port: 3 AVP: l=18 t=Acct-Session-Id(44): b7cafc4004ed6345 AVP: l=6 t=Framed-IP-Address(8): 192.168.20.128 AVP: l=15 t=Called-Station-Id(30): 192.168.0.140 AVP: l=19 t=Calling-Station-Id(31): 00:0c:29:b7:fc:c90070 06 00 00 00 0f **05 06 00 00 00 03** 2c 12 62 37 63 …..... ...,.b7c -
Can you please opena ticket on redmine.pfsense.org about this?
-
@ermal:
Can you please opena ticket on redmine.pfsense.org about this?
OK, done.
Bug #1618 -
Yes I see this bug as well and (sorry for offtopic) I do not see any 'Octets' statistics, only packets. 'Output Octets' and 'Input Octets' in all messages are zero:
11:12:01.336823 IP (tos 0x0, ttl 64, id 222, offset 0, flags [none], proto UDP (17), length 210, bad cksum 0 (->7b3b)!)
localhost.4736 > localhost.radacct: [udp sum ok] RADIUS, length: 182
Accounting Request (4), id: 0x55, Authenticator: 85f5401484fb6adafe8c91815222baaa
NAS IP Address Attribute (4), length: 6, Value: 10.0.3.15
0x0000: 0a00 030f
NAS ID Attribute (32), length: 21, Value: pfsense.localdomain
0x0000: 7066 7365 6e73 652e 6c6f 6361 6c64 6f6d
0x0010: 6169 6e
Username Attribute (1), length: 6, Value: test
0x0000: 7465 7374
Accounting Status Attribute (40), length: 6, Value: Interim-Update
0x0000: 0000 0003
Accounting Session Time Attribute (46), length: 6, Value: 48 secs
0x0000: 0000 0030
Accounting Authentication Attribute (45), length: 6, Value: RADIUS
0x0000: 0000 0001
Service Type Attribute (6), length: 6, Value: Login
0x0000: 0000 0001
NAS Port Type Attribute (61), length: 6, Value: Ethernet
0x0000: 0000 000f
NAS Port Attribute (5), length: 3, Value: ERROR: length 1 != 4
0x0000: 32
Accounting Session ID Attribute (44), length: 18, Value: b6a8f3886c2682ec
0x0000: 6236 6138 6633 3838 3663 3236 3832 6563
Framed IP Address Attribute (8), length: 6, Value: 192.168.56.10
0x0000: c0a8 380a
Called Station Attribute (30), length: 11, Value: 10.0.3.15
0x0000: 3130 2e30 2e33 2e31 35
Calling Station Attribute (31), length: 19, Value: 08:00:27:bf:b7:fc
0x0000: 3038 3a30 303a 3237 3a62 663a 6237 3a66
0x0010: 63
Accounting Input Packets Attribute (47), length: 6, Value: 726
0x0000: 0000 02d6
Accounting Input Octets Attribute (42), length: 6, Value: 0
0x0000: 0000 0000
Accounting Input Giga Attribute (52), length: 6, Value: 0
0x0000: 0000 0000
Accounting Output Packets Attribute (48), length: 6, Value: 868
0x0000: 0000 0364
Accounting Output Octets Attribute (43), length: 6, Value: 0
0x0000: 0000 0000
Accounting Output Giga Attribute (53), length: 6, Value: 0
0x0000: 0000 0000
Accounting Session Time Attribute (46), length: 6, Value: 48 secs
0x0000: 0000 0030How come you have them not zero???
I am on 2.0-RC3 (i386) built on Mon Jul 4 16:48:37 EDT 2011. -
Upgrade.
-
Yes, upgrade to the latest snapshot fixed my problem.
Thanks.