The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
packet.c
Go to the documentation of this file.
1/*
2 * This library is free software; you can redistribute it and/or
3 * modify it under the terms of the GNU Lesser General Public
4 * License as published by the Free Software Foundation; either
5 * version 2.1 of the License, or (at your option) any later version.
6 *
7 * This library is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
10 * Lesser General Public License for more details.
11 *
12 * You should have received a copy of the GNU Lesser General Public
13 * License along with this library; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: 91b1f1b915013f9c3dee8ac29a69a99e4ac655ea $
19 *
20 * @file protocols/radius/packet.c
21 * @brief Functions to deal with fr_packet_t data structures.
22 *
23 * @copyright 2000-2017 The FreeRADIUS server project
24 */
25RCSID("$Id: 91b1f1b915013f9c3dee8ac29a69a99e4ac655ea $")
26
27#include "attrs.h"
28
29#include <freeradius-devel/util/udp.h>
30#include <freeradius-devel/util/syserror.h>
31
32#include <fcntl.h>
33
34typedef struct {
35 uint8_t code;
36 uint8_t id;
37 uint8_t length[2];
38 uint8_t vector[RADIUS_AUTH_VECTOR_LENGTH];
39 uint8_t data[1];
40} radius_packet_t;
41
42
43/*
44 * Some messages get printed out only in debugging mode.
45 */
46#define FR_DEBUG_STRERROR_PRINTF if (fr_debug_lvl) fr_strerror_printf_push
47
48
49/** Encode a packet
50 *
51 */
52ssize_t fr_packet_encode(fr_packet_t *packet, fr_pair_list_t *list,
53 fr_packet_t const *original, char const *secret)
54{
55 ssize_t slen;
56 fr_radius_ctx_t common = {};
57 fr_radius_encode_ctx_t packet_ctx;
58
59 /*
60 * A 4K packet, aligned on 64-bits.
61 */
62 uint8_t data[MAX_PACKET_LEN];
63
64#ifndef NDEBUG
65 if (fr_debug_lvl >= L_DBG_LVL_4) fr_packet_log_hex(&default_log, packet);
66#endif
67
68 common.secret = secret;
69 common.secret_length = talloc_array_length(secret) - 1;
70
71 packet_ctx = (fr_radius_encode_ctx_t) {
72 .common = &common,
73 .request_authenticator = original ? original->data + 4 : NULL,
74 .rand_ctx = (fr_fast_rand_t) {
75 .a = fr_rand(),
76 .b = fr_rand(),
77 },
78 .request_code = original ? original->data[0] : 0,
79 .code = packet->code,
80 .id = packet->id,
81 };
82
83 slen = fr_radius_encode(&FR_DBUFF_TMP(data, sizeof(data)), list, &packet_ctx);
84 if (slen < 0) return slen;
85
86 /*
87 * Fill in the rest of the fields, and copy the data over
88 * from the local stack to the newly allocated memory.
89 *
90 * Yes, all this 'memcpy' is slow, but it means
91 * that we only allocate the minimum amount of
92 * memory for a request.
93 */
94 packet->data_len = (size_t) slen;
95 packet->data = talloc_array(packet, uint8_t, packet->data_len);
96 if (!packet->data) {
97 fr_strerror_const("Out of memory");
98 return -1;
99 }
100
101 memcpy(packet->data, data, packet->data_len);
102
103 return 0;
104}
105
106/** See if the data pointed to by PTR is a valid RADIUS packet.
107 *
108 * Packet is not 'const * const' because we may update data_len, if there's more data
109 * in the UDP packet than in the RADIUS packet.
110 *
111 * @param[in] packet to check.
112 * @param[in] max_attributes to decode.
113 * @param[in] require_message_authenticator to require Message-Authenticator.
114 * @param[out] reason if not NULL, will have the failure reason written to where it points.
115 * @return
116 * - True on success.
117 * - False on failure.
118 */
119bool fr_packet_ok(fr_packet_t *packet, uint32_t max_attributes, bool require_message_authenticator, fr_radius_decode_fail_t *reason)
120{
121 char host_ipaddr[INET6_ADDRSTRLEN];
122
123 if (!fr_radius_ok(packet->data, &packet->data_len, max_attributes, require_message_authenticator, reason)) {
124 FR_DEBUG_STRERROR_PRINTF("Bad packet received from host %s",
125 inet_ntop(packet->socket.inet.src_ipaddr.af, &packet->socket.inet.src_ipaddr.addr,
126 host_ipaddr, sizeof(host_ipaddr)));
127 return false;
128 }
129
130 /*
131 * Fill RADIUS header fields
132 */
133 packet->code = packet->data[0];
134 packet->id = packet->data[1];
135 memcpy(packet->vector, packet->data + 4, sizeof(packet->vector));
136 return true;
137}
138
139
140/** Verify the Request/Response Authenticator (and Message-Authenticator if present) of a packet
141 *
142 */
143int fr_packet_verify(fr_packet_t *packet, fr_packet_t *original, char const *secret)
144{
145 char buffer[INET6_ADDRSTRLEN];
146
147 if (!packet->data) return -1;
148
149 if (fr_radius_verify(packet->data, original ? original->data + 4 : NULL,
150 (uint8_t const *) secret, talloc_array_length(secret) - 1, false, false) < 0) {
151 fr_strerror_printf_push("Received invalid packet from %s",
152 inet_ntop(packet->socket.inet.src_ipaddr.af, &packet->socket.inet.src_ipaddr.addr,
153 buffer, sizeof(buffer)));
154 return -1;
155 }
156
157 return 0;
158}
159
160
161/** Sign a previously encoded packet
162 *
163 */
164int fr_packet_sign(fr_packet_t *packet, fr_packet_t const *original,
165 char const *secret)
166{
167 int ret;
168
169 ret = fr_radius_sign(packet->data, original ? original->data + 4 : NULL,
170 (uint8_t const *) secret, talloc_array_length(secret) - 1);
171 if (ret < 0) return ret;
172
173 memcpy(packet->vector, packet->data + 4, RADIUS_AUTH_VECTOR_LENGTH);
174 return 0;
175}
176
177
178/** Wrapper for recvfrom, which handles recvfromto, IPv6, and all possible combinations
179 *
180 */
181static ssize_t rad_recvfrom(int sockfd, fr_packet_t *packet, int flags)
182{
183 ssize_t data_len;
184
185 data_len = fr_radius_recv_header(sockfd, &packet->socket.inet.src_ipaddr, &packet->socket.inet.src_port, &packet->code);
186 if (data_len < 0) {
187 if ((errno == EAGAIN) || (errno == EINTR)) return 0;
188 return -1;
189 }
190
191 if (data_len == 0) return -1; /* invalid packet */
192
193 packet->data = talloc_array(packet, uint8_t, data_len);
194 if (!packet->data) return -1;
195
196 packet->data_len = data_len;
197
198 return udp_recv(sockfd, flags, &packet->socket, packet->data, packet->data_len, &packet->timestamp);
199}
200
201
202/** Receive UDP client requests, and fill in the basics of a fr_packet_t structure
203 *
204 */
205fr_packet_t *fr_packet_recv(TALLOC_CTX *ctx, int fd, int flags, uint32_t max_attributes, bool require_message_authenticator)
206{
207 ssize_t data_len;
208 fr_packet_t *packet;
209
210 /*
211 * Allocate the new request data structure
212 */
213 packet = fr_packet_alloc(ctx, false);
214 if (!packet) {
215 fr_strerror_const("out of memory");
216 return NULL;
217 }
218
219 data_len = rad_recvfrom(fd, packet, flags);
220 if (data_len < 0) {
221 FR_DEBUG_STRERROR_PRINTF("Error receiving packet: %s", fr_syserror(errno));
222 fr_packet_free(&packet);
223 return NULL;
224 }
225
226#ifdef WITH_VERIFY_PTR
227 /*
228 * Double-check that the fields we want are filled in.
229 */
230 if ((packet->socket.inet.src_ipaddr.af == AF_UNSPEC) ||
231 (packet->socket.inet.src_port == 0) ||
232 (packet->socket.inet.dst_ipaddr.af == AF_UNSPEC) ||
233 (packet->socket.inet.dst_port == 0)) {
234 FR_DEBUG_STRERROR_PRINTF("Error receiving packet: %s", fr_syserror(errno));
235 fr_packet_free(&packet);
236 return NULL;
237 }
238#endif
239
240 packet->data_len = data_len; /* unsigned vs signed */
241
242 /*
243 * If the packet is too big, then rad_recvfrom did NOT
244 * allocate memory. Instead, it just discarded the
245 * packet.
246 */
247 if (packet->data_len > MAX_PACKET_LEN) {
248 FR_DEBUG_STRERROR_PRINTF("Discarding packet: Larger than RFC limitation of 4096 bytes");
249 fr_packet_free(&packet);
250 return NULL;
251 }
252
253 /*
254 * Read no data. Continue.
255 * This check is AFTER the MAX_PACKET_LEN check above, because
256 * if the packet is larger than MAX_PACKET_LEN, we also have
257 * packet->data == NULL
258 */
259 if ((packet->data_len == 0) || !packet->data) {
260 FR_DEBUG_STRERROR_PRINTF("Empty packet: Socket is not ready");
261 fr_packet_free(&packet);
262 return NULL;
263 }
264
265 /*
266 * See if it's a well-formed RADIUS packet.
267 */
268 if (!fr_packet_ok(packet, max_attributes, require_message_authenticator, NULL)) {
269 fr_packet_free(&packet);
270 return NULL;
271 }
272
273 /*
274 * Remember which socket we read the packet from.
275 */
276 packet->socket.fd = fd;
277
278 /*
279 * FIXME: Do even more filtering by only permitting
280 * certain IP's. The problem is that we don't know
281 * how to do this properly for all possible clients...
282 */
283
284 return packet;
285}
286
287/** Reply to the request
288 *
289 * Also attach reply attribute value pairs and any user message provided.
290 */
291int fr_packet_send(fr_packet_t *packet, fr_pair_list_t *list,
292 fr_packet_t const *original, char const *secret)
293{
294 /*
295 * Maybe it's a fake packet. Don't send it.
296 */
297 if (packet->socket.fd < 0) {
298 return 0;
299 }
300
301 /*
302 * First time through, allocate room for the packet
303 */
304 if (!packet->data) {
305 /*
306 * Encode the packet.
307 */
308 if (fr_packet_encode(packet, list, original, secret) < 0) {
309 return -1;
310 }
311
312 /*
313 * Re-sign it, including updating the
314 * Message-Authenticator.
315 */
316 if (fr_packet_sign(packet, original, secret) < 0) {
317 return -1;
318 }
319
320 /*
321 * If packet->data points to data, then we print out
322 * the VP list again only for debugging.
323 */
324 }
325
326 /*
327 * If the socket is TCP, call write(). Calling sendto()
328 * is allowed on some platforms, but it's not nice.
329 */
330 if (packet->socket.type == SOCK_STREAM) {
331 ssize_t ret;
332
333 ret = write(packet->socket.fd, packet->data, packet->data_len);
334 if (ret >= 0) return ret;
335
336 fr_strerror_printf("sendto failed: %s", fr_syserror(errno));
337 return -1;
338 }
339
340 /*
341 * And send it on it's way.
342 *
343 * No need to call fr_socket_addr_swap as apparently
344 * the address is already inverted.
345 */
346 return udp_send(&packet->socket, 0, packet->data, packet->data_len);
347}
348
349void _fr_packet_log_hex(fr_log_t const *log, fr_packet_t const *packet, char const *file, int line)
350{
351 uint8_t const *attr, *end;
352 char buffer[1024];
353
354 if (!packet->data) return;
355
356 fr_log(log, L_DBG, file, line, " Socket : %d", packet->socket.fd);
357 fr_log(log, L_DBG, file, line, " Proto : %d", (packet->socket.type == SOCK_STREAM) ? IPPROTO_TCP : IPPROTO_UDP);
358
359 if ((packet->socket.inet.src_ipaddr.af == AF_INET) || (packet->socket.inet.src_ipaddr.af == AF_INET6)) {
360 fr_log(log, L_DBG, file, line, " Src IP : %pV", fr_box_ipaddr(packet->socket.inet.src_ipaddr));
361 fr_log(log, L_DBG, file, line, " Src Port : %u", packet->socket.inet.src_port);
362 fr_log(log, L_DBG, file, line, " Dst IP : %pV", fr_box_ipaddr(packet->socket.inet.dst_ipaddr));
363 fr_log(log, L_DBG, file, line, " Dst Port : %u", packet->socket.inet.dst_port);
364 }
365
366 if ((packet->data[0] > 0) && (packet->data[0] < FR_RADIUS_CODE_MAX)) {
367 fr_log(log, L_DBG, file, line, " Code : %s", fr_radius_packet_name[packet->data[0]]);
368 } else {
369 fr_log(log, L_DBG, file, line, " Code : %u", packet->data[0]);
370 }
371
372 fr_log(log, L_DBG, file, line, " Id : %u", packet->data[1]);
373 fr_log(log, L_DBG, file, line, " Length : %u", fr_nbo_to_uint16(packet->data + 2));
374 fr_log(log, L_DBG, file, line, " Vector : %pH", fr_box_octets(packet->data + 4, RADIUS_AUTH_VECTOR_LENGTH));
375
376 if (packet->data_len <= 20) return;
377
378 for (attr = packet->data + 20, end = packet->data + packet->data_len;
379 attr < end;
380 attr += attr[1]) {
381 int i, len, offset = 2;
382 unsigned int vendor = 0;
383 char *p;
384 char const *truncated = "";
385
386#ifndef NDEBUG
387 if (attr[1] < 2) break; /* Coverity */
388#endif
389
390 snprintf(buffer, sizeof(buffer), "%02x %02x ", attr[0], attr[1]);
391 p = buffer + strlen(buffer);
392 if ((attr[0] == FR_VENDOR_SPECIFIC) &&
393 (attr[1] > 6)) {
394 vendor = fr_nbo_to_uint32(attr + 2);
395
396 snprintf(p, buffer + sizeof(buffer) - p, "%02x%02x%02x%02x (%u) ",
397 attr[2], attr[3], attr[4], attr[5], vendor);
398 offset = 6;
399 p += strlen(p);
400 }
401
402 len = attr[1] - offset;
403 if (len > 15) {
404 len = 15;
405 truncated = "...";
406 }
407
408 for (i = 0; i < len; i++) {
409 snprintf(p, buffer + sizeof(buffer) - p, "%02x ", attr[offset + i]);
410 p += 3;
411 }
412
413 fr_log(log, L_DBG, file, line, " %s%s\n", buffer, truncated);
414 }
415}
416
417/*
418 * Debug the packet if requested.
419 */
420void fr_radius_packet_header_log(fr_log_t const *log, fr_packet_t *packet, bool received)
421{
422 char src_ipaddr[FR_IPADDR_STRLEN];
423 char dst_ipaddr[FR_IPADDR_STRLEN];
424#ifdef WITH_IFINDEX_NAME_RESOLUTION
425 char if_name[IFNAMSIZ];
426#endif
427
428 if (!log) return;
429 if (!packet) return;
430
431 /*
432 * Client-specific debugging re-prints the input
433 * packet into the client log.
434 *
435 * This really belongs in a utility library
436 */
437 if (FR_RADIUS_PACKET_CODE_VALID(packet->code)) {
438 fr_log(log, L_DBG, __FILE__, __LINE__,
439 "%s %s Id %i from %s%s%s:%i to %s%s%s:%i "
440#ifdef WITH_IFINDEX_NAME_RESOLUTION
441 "%s%s%s"
442#endif
443 "length %zu\n",
444 received ? "Received" : "Sent",
445 fr_radius_packet_name[packet->code],
446 packet->id,
447 packet->socket.inet.src_ipaddr.af == AF_INET6 ? "[" : "",
448 fr_inet_ntop(src_ipaddr, sizeof(src_ipaddr), &packet->socket.inet.src_ipaddr),
449 packet->socket.inet.src_ipaddr.af == AF_INET6 ? "]" : "",
450 packet->socket.inet.src_port,
451 packet->socket.inet.dst_ipaddr.af == AF_INET6 ? "[" : "",
452 fr_inet_ntop(dst_ipaddr, sizeof(dst_ipaddr), &packet->socket.inet.dst_ipaddr),
453 packet->socket.inet.dst_ipaddr.af == AF_INET6 ? "]" : "",
454 packet->socket.inet.dst_port,
455#ifdef WITH_IFINDEX_NAME_RESOLUTION
456 received ? "via " : "",
457 received ? fr_ifname_from_ifindex(if_name, packet->socket.inet.ifindex) : "",
458 received ? " " : "",
459#endif
460 packet->data_len);
461 } else {
462 fr_log(log, L_DBG, __FILE__, __LINE__,
463 "%s code %u Id %i from %s%s%s:%i to %s%s%s:%i "
464#ifdef WITH_IFINDEX_NAME_RESOLUTION
465 "%s%s%s"
466#endif
467 "length %zu\n",
468 received ? "Received" : "Sent",
469 packet->code,
470 packet->id,
471 packet->socket.inet.src_ipaddr.af == AF_INET6 ? "[" : "",
472 fr_inet_ntop(src_ipaddr, sizeof(src_ipaddr), &packet->socket.inet.src_ipaddr),
473 packet->socket.inet.src_ipaddr.af == AF_INET6 ? "]" : "",
474 packet->socket.inet.src_port,
475 packet->socket.inet.dst_ipaddr.af == AF_INET6 ? "[" : "",
476 fr_inet_ntop(dst_ipaddr, sizeof(dst_ipaddr), &packet->socket.inet.dst_ipaddr),
477 packet->socket.inet.dst_ipaddr.af == AF_INET6 ? "]" : "",
478 packet->socket.inet.dst_port,
479#ifdef WITH_IFINDEX_NAME_RESOLUTION
480 received ? "via " : "",
481 received ? fr_ifname_from_ifindex(if_name, packet->socket.inet.ifindex) : "",
482 received ? " " : "",
483#endif
484 packet->data_len);
485 }
486}
487
488/*
489 * Debug the packet header and all attributes. This function is only called by the client code.
490 */
491void fr_radius_packet_log(fr_log_t const *log, fr_packet_t *packet, fr_pair_list_t *list, bool received)
492{
493 fr_radius_packet_header_log(log, packet, received);
494
495 if (!fr_debug_lvl) return;
496
497 /*
498 * If we're auto-adding Message Authenticator, then print
499 * out that we're auto-adding it.
500 */
501 if (!received) switch (packet->code) {
502 case FR_RADIUS_CODE_ACCESS_REQUEST:
503 case FR_RADIUS_CODE_STATUS_SERVER:
504 if (!fr_pair_find_by_da(list, NULL, attr_message_authenticator)) {
505 fprintf(fr_log_fp, "\tMessage-Authenticator = 0x\n");
506 }
507 break;
508
509 default:
510 break;
511 }
512
513 fr_pair_list_log(log, 4, list);
514#ifndef NDEBUG
515 if (fr_debug_lvl >= L_DBG_LVL_4) fr_packet_log_hex(log, packet);
516#endif
517}
buffer
static int const char char buffer[256]
Definition acutest.h:576
file
int const char * file
Definition acutest.h:702
line
int const char int line
Definition acutest.h:702
RCSID
#define RCSID(id)
Definition build.h:483
FR_DBUFF_TMP
#define FR_DBUFF_TMP(_start, _len_or_end)
Creates a compound literal to pass into functions which accept a dbuff.
Definition dbuff.h:514
FR_RADIUS_CODE_ACCESS_REQUEST
@ FR_RADIUS_CODE_ACCESS_REQUEST
RFC2865 - Access-Request.
Definition defs.h:33
FR_RADIUS_CODE_MAX
@ FR_RADIUS_CODE_MAX
Maximum possible protocol code.
Definition defs.h:53
FR_RADIUS_CODE_STATUS_SERVER
@ FR_RADIUS_CODE_STATUS_SERVER
RFC2865/RFC5997 - Status Server (request)
Definition defs.h:44
MAX_PACKET_LEN
#define MAX_PACKET_LEN
Definition defs.h:68
sockfd
static int sockfd
Definition dhcpclient.c:56
fr_inet_ntop
char * fr_inet_ntop(char out[static FR_IPADDR_STRLEN], size_t outlen, fr_ipaddr_t const *addr)
Print the address portion of a fr_ipaddr_t.
Definition inet.c:1018
FR_IPADDR_STRLEN
#define FR_IPADDR_STRLEN
Like INET6_ADDRSTRLEN but includes space for the textual Zone ID.
Definition inet.h:89
fr_debug_lvl
int fr_debug_lvl
Definition log.c:43
fr_log_fp
FILE * fr_log_fp
Definition log.c:42
default_log
fr_log_t default_log
Definition log.c:291
fr_log
void fr_log(fr_log_t const *log, fr_log_type_t type, char const *file, int line, char const *fmt,...)
Send a server log message to its destination.
Definition log.c:583
L_DBG_LVL_4
@ L_DBG_LVL_4
4th highest priority debug messages (-xxxx | -Xxx).
Definition log.h:73
L_DBG
@ L_DBG
Only displayed when debugging is enabled.
Definition log.h:59
fr_packet_alloc
fr_packet_t * fr_packet_alloc(TALLOC_CTX *ctx, bool new_vector)
Allocate a new fr_packet_t.
Definition packet.c:38
fr_packet_free
void fr_packet_free(fr_packet_t **packet_p)
Free a fr_packet_t.
Definition packet.c:89
udp_recv
ssize_t udp_recv(int sockfd, int flags, fr_socket_t *socket_out, void *data, size_t data_len, fr_time_t *when)
Read a UDP packet.
Definition udp.c:145
udp_send
int udp_send(fr_socket_t const *sock, int flags, void *data, size_t data_len)
Send a packet via a UDP socket.
Definition udp.c:43
fr_radius_ok
bool fr_radius_ok(uint8_t const *packet, size_t *packet_len_p, uint32_t max_attributes, bool require_message_authenticator, decode_fail_t *reason)
Definition merged_model.c:259
uint32_t
unsigned int uint32_t
Definition merged_model.c:33
ssize_t
long int ssize_t
Definition merged_model.c:24
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
size_t
unsigned long int size_t
Definition merged_model.c:25
inet_ntop
char const * inet_ntop(int af, void const *src, char *dst, size_t cnt)
Definition missing.c:443
fr_nbo_to_uint16
static uint16_t fr_nbo_to_uint16(uint8_t const data[static sizeof(uint16_t)])
Read an unsigned 16bit integer from wire format (big endian)
Definition nbo.h:146
fr_nbo_to_uint32
static uint32_t fr_nbo_to_uint32(uint8_t const data[static sizeof(uint32_t)])
Read an unsigned 32bit integer from wire format (big endian)
Definition nbo.h:167
RADIUS_AUTH_VECTOR_LENGTH
#define RADIUS_AUTH_VECTOR_LENGTH
Definition net.h:89
fr_pair_find_by_da
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:693
fr_radius_sign
int fr_radius_sign(uint8_t *packet, uint8_t const *vector, uint8_t const *secret, size_t secret_len)
Sign a previously encoded packet.
Definition base.c:358
fr_radius_verify
int fr_radius_verify(uint8_t *packet, uint8_t const *vector, uint8_t const *secret, size_t secret_len, bool require_message_authenticator, bool limit_proxy_state)
Verify a request / response packet.
Definition base.c:778
fr_radius_encode
ssize_t fr_radius_encode(fr_dbuff_t *dbuff, fr_pair_list_t *vps, fr_radius_encode_ctx_t *packet_ctx)
Definition base.c:953
fr_radius_packet_name
char const * fr_radius_packet_name[FR_RADIUS_CODE_MAX]
Definition base.c:112
fr_radius_recv_header
ssize_t fr_radius_recv_header(int sockfd, fr_ipaddr_t *src_ipaddr, uint16_t *src_port, unsigned int *code)
Basic validation of RADIUS packet header.
Definition base.c:285
fr_packet_verify
int fr_packet_verify(fr_packet_t *packet, fr_packet_t *original, char const *secret)
Verify the Request/Response Authenticator (and Message-Authenticator if present) of a packet.
Definition packet.c:143
rad_recvfrom
static ssize_t rad_recvfrom(int sockfd, fr_packet_t *packet, int flags)
Wrapper for recvfrom, which handles recvfromto, IPv6, and all possible combinations.
Definition packet.c:181
fr_packet_sign
int fr_packet_sign(fr_packet_t *packet, fr_packet_t const *original, char const *secret)
Sign a previously encoded packet.
Definition packet.c:164
fr_packet_ok
bool fr_packet_ok(fr_packet_t *packet, uint32_t max_attributes, bool require_message_authenticator, fr_radius_decode_fail_t *reason)
See if the data pointed to by PTR is a valid RADIUS packet.
Definition packet.c:119
fr_radius_packet_header_log
void fr_radius_packet_header_log(fr_log_t const *log, fr_packet_t *packet, bool received)
Definition packet.c:420
_fr_packet_log_hex
void _fr_packet_log_hex(fr_log_t const *log, fr_packet_t const *packet, char const *file, int line)
Definition packet.c:349
fr_packet_encode
ssize_t fr_packet_encode(fr_packet_t *packet, fr_pair_list_t *list, fr_packet_t const *original, char const *secret)
Encode a packet.
Definition packet.c:52
FR_DEBUG_STRERROR_PRINTF
#define FR_DEBUG_STRERROR_PRINTF
Definition packet.c:46
fr_packet_recv
fr_packet_t * fr_packet_recv(TALLOC_CTX *ctx, int fd, int flags, uint32_t max_attributes, bool require_message_authenticator)
Receive UDP client requests, and fill in the basics of a fr_packet_t structure.
Definition packet.c:205
fr_packet_send
int fr_packet_send(fr_packet_t *packet, fr_pair_list_t *list, fr_packet_t const *original, char const *secret)
Reply to the request.
Definition packet.c:291
fr_radius_packet_log
void fr_radius_packet_log(fr_log_t const *log, fr_packet_t *packet, fr_pair_list_t *list, bool received)
Definition packet.c:491
radius_packet_t
Definition radsniff.h:100
secret
static char * secret
Definition radclient-ng.c:69
fr_radius_encode_ctx_t::common
fr_radius_ctx_t const * common
Definition radius.h:104
fr_radius_decode_fail_t
fr_radius_decode_fail_t
Failure reasons.
Definition radius.h:162
fr_radius_ctx_t::secret
char const * secret
Definition radius.h:95
fr_packet_log_hex
#define fr_packet_log_hex(_log, _packet)
Definition radius.h:270
fr_radius_ctx_t::secret_length
size_t secret_length
Definition radius.h:96
FR_RADIUS_PACKET_CODE_VALID
#define FR_RADIUS_PACKET_CODE_VALID(_x)
Definition radius.h:52
fr_radius_ctx_t
Definition radius.h:94
fr_radius_encode_ctx_t
Definition radius.h:103
attr_message_authenticator
static fr_dict_attr_t const * attr_message_authenticator
Definition radsnmp.c:112
fr_rand
uint32_t fr_rand(void)
Return a 32-bit random number.
Definition rand.c:105
fr_fast_rand_t
Smaller fast random number generator.
Definition rand.h:54
snprintf
PUBLIC int snprintf(char *string, size_t length, char *format, va_alist)
Definition snprintf.c:689
fr_log_s
Definition log.h:96
pair_list_s
Definition pair.h:52
fr_syserror
char const * fr_syserror(int num)
Guaranteed to be thread-safe version of strerror.
Definition syserror.c:243
fr_packet_t::code
unsigned int code
Packet code (type).
Definition packet.h:61
fr_packet_t::socket
fr_socket_t socket
This packet was received on.
Definition packet.h:57
fr_packet_t::id
int id
Packet ID (used to link requests/responses).
Definition packet.h:60
fr_packet_t::data
uint8_t * data
Packet data (body).
Definition packet.h:63
fr_packet_t::data_len
size_t data_len
Length of packet data.
Definition packet.h:64
fr_packet_t::vector
uint8_t vector[RADIUS_AUTH_VECTOR_LENGTH]
RADIUS authentication vector.
Definition packet.h:69
fr_packet_t::timestamp
fr_time_t timestamp
When we received the packet.
Definition packet.h:58
fr_packet_t
Definition packet.h:56
fr_pair_list_log
#define fr_pair_list_log(_log, _lvl, _list)
Definition pair.h:857
fr_socket_t::af
int af
AF_INET, AF_INET6, or AF_UNIX.
Definition socket.h:78
fr_socket_t::fd
int fd
File descriptor if this is a live socket.
Definition socket.h:81
fr_socket_t::type
int type
SOCK_STREAM, SOCK_DGRAM, etc.
Definition socket.h:79
fr_strerror_printf
#define fr_strerror_printf(_fmt,...)
Log to thread local error buffer.
Definition strerror.h:64
fr_strerror_printf_push
#define fr_strerror_printf_push(_fmt,...)
Add a message to an existing stack of messages at the tail.
Definition strerror.h:84
fr_strerror_const
#define fr_strerror_const(_msg)
Definition strerror.h:223
fr_box_ipaddr
#define fr_box_ipaddr(_val)
Definition value.h:294
data
static fr_slen_t data
Definition value.h:1265
fr_box_octets
#define fr_box_octets(_val, _len)
Definition value.h:288
Generated by   doxygen 1.9.8