The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Macros | Functions | Variables
state_machine.c File Reference

Implement a common state machine for EAP-SIM, EAP-AKA, EAP-AKA'. More...

#include <freeradius-devel/eap/base.h>
#include <freeradius-devel/eap/types.h>
#include <freeradius-devel/server/pair.h>
#include <freeradius-devel/unlang/interpret.h>
#include <freeradius-devel/unlang/module.h>
#include <freeradius-devel/util/table.h>
#include <freeradius-devel/util/rand.h>
#include "base.h"
#include "state_machine.h"
#include "attrs.h"
+ Include dependency graph for state_machine.c:

Go to the source code of this file.

Macros

#define CALL_SECTION(_x)
 
#define EAP_TLS_MPPE_KEY_LEN   32
 
#define RESUME(_x)
 
#define SECTION_RCODE_IGNORED
 Warn the user that the rcode they provided is being ignored in this section. More...
 
#define SECTION_RCODE_PROCESS
 Trigger a state transition to FAILURE-NOTIFICATION if the section returned a failure code. More...
 
#define STATE(_x)
 
#define STATE_GUARD(_x)
 
#define STATE_SET(_new_state)   state_set(request, talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t), state_ ## _new_state)
 
#define STATE_TRANSITION(_x)   guard_ ## _x(p_result, mctx, request)
 

Functions

static int _eap_aka_sim_session_free (eap_aka_sim_session_t *eap_aka_sim_session)
 Zero out the eap_aka_sim_session when we free it to clear knowledge of secret keys. More...
 
static bool after_authentication (eap_aka_sim_session_t *eap_aka_sim_session)
 Determine if we're after authentication. More...
 
static unlang_action_t aka_challenge_request_send (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
 Called after 'store session { ... More...
 
return CALL_SECTION (recv_common_identity_response)
 
return CALL_SECTION (recv_common_success_notification_ack)
 
static int checkcode_validate (request_t *request)
 Check &control.checkcode matches &reply.checkcode. More...
 
static void client_error_debug (request_t *request)
 Print out the error the client returned. More...
 
static void common_crypto_export (request_t *request, eap_aka_sim_session_t *eap_aka_sim_session, uint8_t const *hmac_extra_request, size_t hmac_extra_request_len, uint8_t const *hmac_extra_response, size_t hmac_extra_response_len)
 
static unlang_action_t common_reauthentication_request_compose (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request, eap_aka_sim_session_t *eap_aka_sim_session)
 Send a EAP-Request/(AKA|SIM)-Reauthenticate message to the supplicant. More...
 
static unlang_action_t common_reauthentication_request_send (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
 Called after 'store session { ... More...
 
static void common_reply (request_t *request, eap_aka_sim_session_t *eap_aka_sim_session, uint16_t subtype)
 Export EAP-SIM/AKA['] attributes. More...
 
 crypto_identity_set (request, eap_aka_sim_session,(uint8_t const *) eap_session->identity, talloc_array_length(eap_session->identity) - 1)
 
static void crypto_identity_set (request_t *request, eap_aka_sim_session_t *eap_aka_sim_session, uint8_t const *identity, size_t len)
 Set the crypto identity from a received identity. More...
 
unlang_action_t eap_aka_sim_state_machine_process (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
 Resumes the state machine when receiving a new response packet. More...
 
 fr_assert (0)
 
 fr_pair_value_bstrdup_buffer (vp, eap_session->identity, true)
 
static void identity_hint_pairs_add (fr_aka_sim_id_type_t *type_p, fr_aka_sim_method_hint_t *method_p, request_t *request, char const *identity)
 Based on the hint byte in the identity, add &Identity-Type and &Method-Hint attributes. More...
 
static int identity_req_pairs_add (request_t *request, eap_aka_sim_session_t *eap_aka_sim_session)
 Add an Identity Request attribute to the reply. More...
 
static bool identity_req_set_by_user (request_t *request, eap_aka_sim_session_t *eap_aka_sim_session)
 Sync up what identity we're requesting with attributes in the reply. More...
 
static int identity_to_permanent_identity (request_t *request, fr_pair_t *in, eap_type_t eap_type, bool strip_hint)
 Copy the incoming identity to the permanent identity attribute. More...
 
 if (!eap_session->identity)
 
 if (!fr_cond_assert(request &&mctx &&eap_aka_sim_session)) RETURN_MODULE_FAIL
 
 if (!subtype_vp) goto fail
 
 if (type==AKA_SIM_ID_TYPE_PERMANENT)
 
static int mac_validate (request_t *request)
 Check &control.mac matches &reply.mac. More...
 
 MEM (pair_append_request(&vp, attr_eap_aka_sim_identity) >=0)
 
static void mod_signal (module_ctx_t const *mctx, request_t *request, UNUSED fr_signal_t action)
 Cancel a call to a submodule. More...
 
 RESUME (clear_pseudonym)
 Resume after 'clear pseudonym { ... More...
 
 RESUME (clear_session)
 Resume after 'clear session { ... More...
 
 RESUME (load_pseudonym)
 Resume after 'load pseudonym { ... More...
 
 RESUME (load_session)
 Resume after 'load session { ... More...
 
 RESUME (recv_aka_authentication_reject)
 Resume after 'recv Authentication-Reject { ... More...
 
 RESUME (recv_aka_challenge_response)
 Resume after 'recv Challenge-Response { ... More...
 
 RESUME (recv_aka_identity_response)
 Resume after 'recv Identity-Response { ... More...
 
 RESUME (recv_aka_synchronization_failure)
 Resume after 'recv Synchronization-Failure { ... More...
 
 RESUME (recv_common_client_error)
 Resume after 'recv Client-Error { ... More...
 
 RESUME (recv_common_failure_notification_ack)
 Resume after 'recv Failure-Notification-Ack { ... More...
 
 RESUME (recv_common_identity_response)
 Resume after 'recv Identity-Response { ... More...
 
 RESUME (recv_common_reauthentication_response)
 Resume after 'recv Reauthentication-Response { ... More...
 
 RESUME (recv_common_success_notification_ack)
 Resume after 'recv Success-Notification-Ack { ... More...
 
 RESUME (recv_sim_challenge_response)
 Resume after 'recv Challenge-Response { ... More...
 
 RESUME (recv_sim_start_response)
 Resume after 'recv Identity-Response { ... More...
 
 RESUME (send_aka_challenge_request)
 Resume after 'send Challenge-Request { ... More...
 
 RESUME (send_aka_identity_request)
 Resume after 'send Identity-Request { ... More...
 
 RESUME (send_common_failure_notification)
 Resume after 'send Failure-Notification { ... More...
 
 RESUME (send_common_reauthentication_request)
 Resume after 'send Reauthentication-Request { ... More...
 
 RESUME (send_common_success_notification)
 Resume after 'send Success-Notification { ... More...
 
 RESUME (send_eap_failure)
 Resume after 'send EAP-Failure { ... More...
 
 RESUME (send_eap_success)
 Resume after 'send EAP-Success { ... More...
 
 RESUME (send_sim_challenge_request)
 Resume after 'send Challenge-Request { ... More...
 
 RESUME (send_sim_start)
 Resume after 'send Start { ... More...
 
 RESUME (store_pseudonym)
 Resume after 'store pseudonym { ... More...
 
 RESUME (store_session)
 Resume after 'store session { ... More...
 
static unlang_action_t session_and_pseudonym_clear (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request, eap_aka_sim_session_t *eap_aka_sim_session, module_method_t next)
 Implements a set of states for clearing out pseudonym and fastauth identities. More...
 
static unlang_action_t session_and_pseudonym_store (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request, eap_aka_sim_session_t *eap_aka_sim_session, module_method_t next)
 Implements a set of states for storing pseudonym and fastauth identities. More...
 
static unlang_action_t sim_challenge_request_send (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
 Called after 'store session { ... More...
 
static int sim_start_nonce_mt_check (request_t *request, eap_aka_sim_session_t *eap_aka_sim_session)
 Helper function to check for the presence and length of AT_NONCE_MT and copy its value into the keys structure. More...
 
static int sim_start_selected_version_check (request_t *request, eap_aka_sim_session_t *eap_aka_sim_session)
 Helper function to check for the presence and length of AT_SELECTED_VERSION and copy its value into the keys structure. More...
 
 STATE_GUARD (aka_challenge)
 Enter the AKA-CHALLENGE state. More...
 
 STATE_GUARD (aka_identity)
 Enter the AKA-IDENTITY state. More...
 
 STATE_GUARD (common_challenge)
 Enter the SIM-CHALLENGE or AKA-CHALLENGE state. More...
 
 STATE_GUARD (common_failure_notification)
 Enter the FAILURE-NOTIFICATION state. More...
 
 STATE_GUARD (common_identity)
 Enter the SIM-START or AKA-IDENTITY state. More...
 
 STATE_GUARD (common_reauthentication)
 Enter the REAUTHENTICATION state. More...
 
 STATE_GUARD (common_success_notification)
 Enter the SUCCESS-NOTIFICATION state. More...
 
 STATE_GUARD (eap_failure)
 Enter EAP-FAILURE state. More...
 
 STATE_GUARD (eap_success)
 Enter EAP-SUCCESS state. More...
 
 STATE_GUARD (sim_challenge)
 Enter the SIM-CHALLENGE state. More...
 
 STATE_GUARD (sim_start)
 Enter the SIM-START state. More...
 
static void state_set (request_t *request, eap_aka_sim_session_t *eap_aka_sim_session, module_method_t new_state)
 Print debugging information, and write new state to eap_aka_sim_session->state. More...
 
 switch (subtype_vp->vp_uint16)
 

Variables

 aka_challenge
 AKA-CHALLENGE state - Continue the state machine after receiving a response to our EAP-Request/SIM-Challenge. More...
 
 aka_identity
 AKA-IDENTITY state - Continue the state machine after receiving a response to our EAP-Request/AKA-Identity. More...
 
static fr_table_ptr_ordered_t const aka_sim_state_table []
 
static size_t aka_sim_state_table_len = NUM_ELEMENTS(aka_sim_state_table)
 
 common_failure_notification
 FAILURE-NOTIFICATION state - Continue the state machine after receiving a response to our EAP-Request/(AKA|SIM)-Notification. More...
 
 common_reauthentication
 REAUTHENTICATION state - Continue the state machine after receiving a response to our EAP-Request/SIM-Start. More...
 
 common_success_notification
 SUCCESS-NOTIFICATION state - Continue the state machine after receiving a response to our EAP-Request/(AKA|SIM)-Notification. More...
 
eap_aka_sim_session_teap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t)
 
 eap_failure
 FAILURE state - State machine exit point after sending EAP-Failure. More...
 
 eap_success
 SUCCESS state - State machine exit point after sending EAP-Success. More...
 
 init
 Enter the EAP-IDENTITY state. More...
 
eap_aka_sim_process_conf_tinst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_process_conf_t)
 
 RETURN_MODULE_FAIL
 
 sim_challenge
 SIM-CHALLENGE state - Continue the state machine after receiving a response to our EAP-Request/SIM-Challenge. More...
 
 sim_start
 SIM-START state - Continue the state machine after receiving a response to our EAP-Request/SIM-Start. More...
 
fr_pair_tsubtype_vp = NULL
 
fr_aka_sim_id_type_t type
 
fr_pair_tvp
 

Detailed Description

Implement a common state machine for EAP-SIM, EAP-AKA, EAP-AKA'.

Author
Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)

Definition in file state_machine.c.

Macro Definition Documentation

◆ CALL_SECTION

#define CALL_SECTION (   _x)
Value:
request, \
inst->actions._x, \
resume_ ## _x, \
~FR_SIGNAL_CANCEL, \
talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t))
@ RLM_MODULE_NOOP
Module succeeded without doing anything.
Definition: rcode.h:48
unlang_action_t unlang_module_yield_to_section(rlm_rcode_t *p_result, request_t *request, CONF_SECTION *subcs, rlm_rcode_t default_rcode, module_method_t resume, unlang_module_signal_t signal, fr_signal_t sigmask, void *rctx)
Definition: module.c:516
static void mod_signal(module_ctx_t const *mctx, request_t *request, UNUSED fr_signal_t action)
Cancel a call to a submodule.
eap_aka_sim_process_conf_t * inst
eap_aka_sim_actions_t actions
Pre-compiled virtual server sections.

Definition at line 57 of file state_machine.c.

◆ EAP_TLS_MPPE_KEY_LEN

#define EAP_TLS_MPPE_KEY_LEN   32

Definition at line 41 of file state_machine.c.

◆ RESUME

#define RESUME (   _x)
Value:
static inline unlang_action_t resume_ ## _x(rlm_rcode_t *p_result, \
module_ctx_t const *mctx, \
request_t *request)
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition: action.h:35
Temporary structure to hold arguments for module calls.
Definition: module_ctx.h:41
rlm_rcode_t
Return codes indicating the result of the module call.
Definition: rcode.h:40

Definition at line 51 of file state_machine.c.

◆ SECTION_RCODE_IGNORED

#define SECTION_RCODE_IGNORED
Value:
do { \
switch (unlang_interpret_stack_result(request)) { \
RWDEBUG("Ignoring rcode (%s)", \
break; \
default: \
break; \
} \
} while(0)
rlm_rcode_t unlang_interpret_stack_result(request_t *request)
Get the current rcode for the frame.
Definition: interpret.c:1280
fr_table_num_sorted_t const rcode_table[]
Definition: rcode.c:35
#define RLM_MODULE_USER_SECTION_REJECT
Rcodes that translate to a user configurable section failing overall.
Definition: rcode.h:72
#define fr_table_str_by_value(_table, _number, _def)
Convert an integer to a string.
Definition: table.h:253

Warn the user that the rcode they provided is being ignored in this section.

Definition at line 134 of file state_machine.c.

◆ SECTION_RCODE_PROCESS

#define SECTION_RCODE_PROCESS
Value:
do { \
switch (unlang_interpret_stack_result(request)) { \
eap_aka_sim_session->failure_type = FR_NOTIFICATION_VALUE_TEMPORARILY_DENIED; \
eap_aka_sim_session->failure_type = FR_NOTIFICATION_VALUE_NOT_SUBSCRIBED; \
eap_aka_sim_session->failure_type = FR_NOTIFICATION_VALUE_GENERAL_FAILURE_AFTER_AUTHENTICATION;\
default: \
break; \
} \
} else { \
switch (unlang_interpret_stack_result(request)) { \
REDEBUG("Section rcode (%s) indicates we should reject the user", \
default: \
break; \
} \
} \
} while(0)
@ RLM_MODULE_INVALID
The module considers the request invalid.
Definition: rcode.h:45
@ RLM_MODULE_FAIL
Module failed, don't reply.
Definition: rcode.h:42
@ RLM_MODULE_DISALLOW
Reject the request (user is locked out).
Definition: rcode.h:46
@ RLM_MODULE_REJECT
Immediately reject the request.
Definition: rcode.h:41
@ RLM_MODULE_NOTFOUND
User not found.
Definition: rcode.h:47
eap_aka_sim_session_t * eap_aka_sim_session
common_failure_notification
FAILURE-NOTIFICATION state - Continue the state machine after receiving a response to our EAP-Request...
Definition: state_machine.c:72
static bool after_authentication(eap_aka_sim_session_t *eap_aka_sim_session)
Determine if we're after authentication.
#define STATE_TRANSITION(_x)
Definition: state_machine.c:55

Trigger a state transition to FAILURE-NOTIFICATION if the section returned a failure code.

Definition at line 149 of file state_machine.c.

◆ STATE

#define STATE (   _x)
Value:
static inline unlang_action_t state_ ## _x(rlm_rcode_t *p_result, \
module_ctx_t const *mctx, \
request_t *request)

Definition at line 44 of file state_machine.c.

◆ STATE_GUARD

#define STATE_GUARD (   _x)
Value:
static unlang_action_t guard_ ## _x(rlm_rcode_t *p_result, \
module_ctx_t const *mctx, \
request_t *request)

Definition at line 47 of file state_machine.c.

◆ STATE_SET

#define STATE_SET (   _new_state)    state_set(request, talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t), state_ ## _new_state)

Definition at line 199 of file state_machine.c.

◆ STATE_TRANSITION

#define STATE_TRANSITION (   _x)    guard_ ## _x(p_result, mctx, request)

Definition at line 55 of file state_machine.c.

Function Documentation

◆ _eap_aka_sim_session_free()

static int _eap_aka_sim_session_free ( eap_aka_sim_session_t eap_aka_sim_session)
static

Zero out the eap_aka_sim_session when we free it to clear knowledge of secret keys.

Parameters
[in]eap_aka_sim_sessionto free.
Returns
0

Definition at line 3681 of file state_machine.c.

+ Here is the caller graph for this function:

◆ after_authentication()

static bool after_authentication ( eap_aka_sim_session_t eap_aka_sim_session)
inlinestatic

Determine if we're after authentication.

Definition at line 204 of file state_machine.c.

+ Here is the caller graph for this function:

◆ aka_challenge_request_send()

static unlang_action_t aka_challenge_request_send ( rlm_rcode_t p_result,
module_ctx_t const *  mctx,
request_t request 
)
static

Called after 'store session { ...

}' and 'store pseudonym { ... }'

Definition at line 1058 of file state_machine.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ CALL_SECTION() [1/2]

return CALL_SECTION ( recv_common_identity_response  )

◆ CALL_SECTION() [2/2]

return CALL_SECTION ( recv_common_success_notification_ack  )

◆ checkcode_validate()

static int checkcode_validate ( request_t request)
static

Check &control.checkcode matches &reply.checkcode.

Parameters
[in]requestThe current request.
Returns
  • 1 if the check was skipped.
  • 0 if the check was successful.
  • -1 if the check failed.

Definition at line 533 of file state_machine.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ client_error_debug()

static void client_error_debug ( request_t request)
inlinestatic

Print out the error the client returned.

Definition at line 212 of file state_machine.c.

+ Here is the call graph for this function:

◆ common_crypto_export()

static void common_crypto_export ( request_t request,
eap_aka_sim_session_t eap_aka_sim_session,
uint8_t const *  hmac_extra_request,
size_t  hmac_extra_request_len,
uint8_t const *  hmac_extra_response,
size_t  hmac_extra_response_len 
)
static

Definition at line 977 of file state_machine.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ common_reauthentication_request_compose()

static unlang_action_t common_reauthentication_request_compose ( rlm_rcode_t p_result,
module_ctx_t const *  mctx,
request_t request,
eap_aka_sim_session_t eap_aka_sim_session 
)
static

Send a EAP-Request/(AKA|SIM)-Reauthenticate message to the supplicant.

Definition at line 1779 of file state_machine.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ common_reauthentication_request_send()

static unlang_action_t common_reauthentication_request_send ( rlm_rcode_t p_result,
module_ctx_t const *  mctx,
request_t request 
)
static

Called after 'store session { ...

}' and 'store pseudonym { ... }'

Definition at line 1014 of file state_machine.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ common_reply()

static void common_reply ( request_t request,
eap_aka_sim_session_t eap_aka_sim_session,
uint16_t  subtype 
)
static

Export EAP-SIM/AKA['] attributes.

Makes any internal data available as attributes in the response. This allows test frameworks and the encoder to access any data they need without needing to look at the eap_aka_session_t.

Definition at line 954 of file state_machine.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ crypto_identity_set() [1/2]

crypto_identity_set ( request  ,
eap_aka_sim_session  ,
(uint8_t const *) eap_session->  identity,
talloc_array_length(eap_session->identity) -  1 
)

◆ crypto_identity_set() [2/2]

static void crypto_identity_set ( request_t request,
eap_aka_sim_session_t eap_aka_sim_session,
uint8_t const *  identity,
size_t  len 
)
static

Set the crypto identity from a received identity.

Definition at line 620 of file state_machine.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ eap_aka_sim_state_machine_process()

unlang_action_t eap_aka_sim_state_machine_process ( rlm_rcode_t p_result,
module_ctx_t const *  mctx,
request_t request 
)

Resumes the state machine when receiving a new response packet.

Definition at line 3690 of file state_machine.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_assert()

fr_assert ( )

◆ fr_pair_value_bstrdup_buffer()

fr_pair_value_bstrdup_buffer ( vp  ,
eap_session->  identity,
true   
)
+ Here is the caller graph for this function:

◆ identity_hint_pairs_add()

static void identity_hint_pairs_add ( fr_aka_sim_id_type_t type_p,
fr_aka_sim_method_hint_t method_p,
request_t request,
char const *  identity 
)
static

Based on the hint byte in the identity, add &Identity-Type and &Method-Hint attributes.

Definition at line 266 of file state_machine.c.

+ Here is the call graph for this function:

◆ identity_req_pairs_add()

static int identity_req_pairs_add ( request_t request,
eap_aka_sim_session_t eap_aka_sim_session 
)
static

Add an Identity Request attribute to the reply.

Verify the progression of identity requests is valid.

Parameters
[in]requestThe current request.
[in]eap_aka_sim_sessionThe current eap_aka_sim_session.
Returns
  • 0 on success.
  • -1 on failure (progression of identities was not valid).

Definition at line 348 of file state_machine.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ identity_req_set_by_user()

static bool identity_req_set_by_user ( request_t request,
eap_aka_sim_session_t eap_aka_sim_session 
)
static

Sync up what identity we're requesting with attributes in the reply.

Definition at line 227 of file state_machine.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ identity_to_permanent_identity()

static int identity_to_permanent_identity ( request_t request,
fr_pair_t in,
eap_type_t  eap_type,
bool  strip_hint 
)
static

Copy the incoming identity to the permanent identity attribute.

If the incoming ID really looks like a permanent ID, and we were told it was a permanent ID, then (optionally) trim the first byte to form the real permanent ID.

Otherwise copy the entire incoming Identity to the &session-state.Permanent-Identity attribute.

Parameters
[in]requestThe current request.
[in]incurrent identity.
[in]eap_typeThe current eap_type.
[in]strip_hintWhether to strip the hint byte off the permanent identity

Definition at line 443 of file state_machine.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ if() [1/4]

if ( !eap_session->  identity)

Definition at line 3643 of file state_machine.c.

◆ if() [2/4]

if ( fr_cond_assertrequest &&mctx &&eap_aka_sim_session)

◆ if() [3/4]

if ( subtype_vp)

Definition at line 1734 of file state_machine.c.

◆ if() [4/4]

Definition at line 3660 of file state_machine.c.

+ Here is the call graph for this function:

◆ mac_validate()

static int mac_validate ( request_t request)
static

Check &control.mac matches &reply.mac.

Parameters
[in]requestThe current request.
Returns
  • 0 if the check was successful.
  • -1 if the check failed.

Definition at line 578 of file state_machine.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ MEM()

◆ mod_signal()

static void mod_signal ( module_ctx_t const *  mctx,
request_t request,
UNUSED fr_signal_t  action 
)
static

Cancel a call to a submodule.

Parameters
[in]mctxUNUSED.
[in]requestThe current request.
[in]actionto perform.

Definition at line 118 of file state_machine.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ RESUME() [1/26]

RESUME ( clear_pseudonym  )

Resume after 'clear pseudonym { ...

}'

Definition at line 880 of file state_machine.c.

+ Here is the call graph for this function:

◆ RESUME() [2/26]

RESUME ( clear_session  )

Resume after 'clear session { ...

}'

Definition at line 868 of file state_machine.c.

◆ RESUME() [3/26]

RESUME ( load_pseudonym  )

Resume after 'load pseudonym { ...

}'

Definition at line 1970 of file state_machine.c.

+ Here is the call graph for this function:

◆ RESUME() [4/26]

RESUME ( load_session  )

Resume after 'load session { ...

}'

Definition at line 2032 of file state_machine.c.

+ Here is the call graph for this function:

◆ RESUME() [5/26]

RESUME ( recv_aka_authentication_reject  )

Resume after 'recv Authentication-Reject { ...

}'

  • Enter the FAILURE-NOTIFICATION state.

Definition at line 2173 of file state_machine.c.

◆ RESUME() [6/26]

RESUME ( recv_aka_challenge_response  )

Resume after 'recv Challenge-Response { ...

}'

  • If the previous section returned a failure rcode, enter the FAILURE-NOTIFICATION state.
  • ...or call a function to process the contents of the AKA-Challenge message.

Verify that MAC, and RES match what we expect.

Definition at line 2190 of file state_machine.c.

+ Here is the call graph for this function:

◆ RESUME() [7/26]

RESUME ( recv_aka_identity_response  )

Resume after 'recv Identity-Response { ...

}' or 'recv AKA-Identity { ... }'

  • If the previous section returned a failure rcode, enter the FAILURE-NOTIFICATION state.
  • ...or call a function to process the contents of the AKA-Identity message, mainly the AT_IDENTITY value.
  • If the message does not contain AT_IDENTITY, then enter the FAILURE-NOTIFICATION state.
  • If the user requested another identity, re-enter the AKA-Identity state.
  • ...or continue based on the value of &Identity-Type which was added by aka_identity, and possibly modified by the user.
    • Fastauth - Enter the REAUTHENTICATION state.
    • Pseudonym - Call 'load pseudonym { ... }'
    • Permanent - Enter the CHALLENGE state.

Definition at line 2809 of file state_machine.c.

+ Here is the call graph for this function:

◆ RESUME() [8/26]

RESUME ( recv_aka_synchronization_failure  )

Resume after 'recv Synchronization-Failure { ...

}'

  • If 'recv Synchronization-Failure { ... }' returned a failure rcode, enter the FAILURE-NOTIFICATION state.
  • ...or if no 'recv Synchronization-Failure { ... }' section was defined, then enter the FAILURE-NOTIFICATION state.
  • ...or if the user didn't provide a new SQN value in &control.SQN then enter the FAILURE-NOTIFICATION state.
  • ...or enter the AKA-CHALLENGE state.

Definition at line 2127 of file state_machine.c.

+ Here is the call graph for this function:

◆ RESUME() [9/26]

RESUME ( recv_common_client_error  )

Resume after 'recv Client-Error { ...

}'

  • Enter the EAP-FAILURE state.

Definition at line 1647 of file state_machine.c.

◆ RESUME() [10/26]

RESUME ( recv_common_failure_notification_ack  )

Resume after 'recv Failure-Notification-Ack { ...

}'

  • Enter the EAP-FAILURE state.

Definition at line 1269 of file state_machine.c.

◆ RESUME() [11/26]

RESUME ( recv_common_identity_response  )

Resume after 'recv Identity-Response { ...

}'

  • Perform the majority of eap_aka_sim_session_t initialisation.
  • If 'recv Identity-Response { ... }' returned a failure rcode, enter the FAILURE-NOTIFICATION state.
  • ...or continue based on the identity hint byte in the AT_IDENTITY value or EAP-Identity-Response value:
    • If identity is a pseudonym, call load pseudonym { ... }.
    • If identity is a fastauth identity, enter the REAUTHENTICATE state.
    • If identity is a permanent identity, enter the CHALLENGE state.

Definition at line 3463 of file state_machine.c.

+ Here is the call graph for this function:

◆ RESUME() [12/26]

RESUME ( recv_common_reauthentication_response  )

Resume after 'recv Reauthentication-Response { ...

}'

  • If 'recv Reauthentication-Response { ... }' returned a failure rcode, enter the FAILURE-NOTIFICATION state.
  • ...or call the EAP-Request/Reauthentication-Response function to act on the contents of the response.

Definition at line 1661 of file state_machine.c.

+ Here is the call graph for this function:

◆ RESUME() [13/26]

RESUME ( recv_common_success_notification_ack  )

Resume after 'recv Success-Notification-Ack { ...

}'

  • Enter the EAP-SUCCESS state.

Definition at line 1540 of file state_machine.c.

◆ RESUME() [14/26]

RESUME ( recv_sim_challenge_response  )

Resume after 'recv Challenge-Response { ...

}'

  • If the previous section returned a failure rcode, enter the FAILURE-NOTIFICATION state.
  • ...or call a function to process the contents of the SIM-Challenge message.

Verify that MAC, and RES match what we expect.

Definition at line 2571 of file state_machine.c.

+ Here is the call graph for this function:

◆ RESUME() [15/26]

RESUME ( recv_sim_start_response  )

Resume after 'recv Identity-Response { ...

}' or 'recv SIM-Start { ... }'

  • If the previous section returned a failure rcode, enter the FAILURE-NOTIFICATION state.
  • ...or call a function to process the contents of the SIM-Start message, mainly the AT_IDENTITY value.
  • If the message does not contain AT_IDENTITY, then enter the FAILURE-NOTIFICATION state.
  • If the user requested another identity, re-enter the SIM-START state.
  • ...or continue based on the value of &Identity-Type which was added by sim_start, and possibly modified by the user.
    • Fastauth
      • If AT_NONCE_MT or AT_SELECTED_VERSION are present, enter the FAILURE-NOTIFICATION state.
      • ...or enter the REAUTHENTICATION state.
    • Pseudonym - Verify selected version and AT_NONCE_MT, then call 'load pseudonym { ... }'
    • Permanent - Verify selected version and AT_NONCE_MT, then enter the CHALLENGE state.

Definition at line 3078 of file state_machine.c.

+ Here is the call graph for this function:

◆ RESUME() [16/26]

RESUME ( send_aka_challenge_request  )

Resume after 'send Challenge-Request { ...

}'

Definition at line 2358 of file state_machine.c.

+ Here is the call graph for this function:

◆ RESUME() [17/26]

RESUME ( send_aka_identity_request  )

Resume after 'send Identity-Request { ...

}'

There are three types of user identities that can be implemented

  • Permanent identities such as 01234.nosp@m.5678.nosp@m.90987.nosp@m.65@m.nosp@m.yoper.nosp@m.ator.nosp@m..com Permanent identities can be identified by the leading zero followed by by 15 digits (the IMSI number).
  • Ephemeral identities (pseudonyms). These are identities assigned for identity privacy so the user can't be tracked. These can identities can either be generated as per the 3GPP 'Security aspects of non-3GPP accesses' document section 14, where a set of up to 16 encryption keys are used to reversibly encrypt the IMSI. Alternatively the pseudonym can be completely randomised and stored in a datastore.
  • A fast resumption ID which resolves to data used for fast resumption.

In order to perform full authentication the original IMSI is required for forwarding to the HLR. In the case where we can't match/decrypt the pseudonym, or can't perform fast resumption, we need to request the full identity from the supplicant.

Definition at line 3001 of file state_machine.c.

+ Here is the call graph for this function:

◆ RESUME() [18/26]

RESUME ( send_common_failure_notification  )

Resume after 'send Failure-Notification { ...

}'

Ignores return code from send Failure-Notification { ... } section.

Definition at line 1309 of file state_machine.c.

+ Here is the call graph for this function:

◆ RESUME() [19/26]

RESUME ( send_common_reauthentication_request  )

Resume after 'send Reauthentication-Request { ...

}'

Definition at line 1912 of file state_machine.c.

+ Here is the call graph for this function:

◆ RESUME() [20/26]

RESUME ( send_common_success_notification  )

Resume after 'send Success-Notification { ...

}'

Definition at line 1575 of file state_machine.c.

+ Here is the call graph for this function:

◆ RESUME() [21/26]

RESUME ( send_eap_failure  )

Resume after 'send EAP-Failure { ...

}'

Definition at line 1226 of file state_machine.c.

◆ RESUME() [22/26]

RESUME ( send_eap_success  )

Resume after 'send EAP-Success { ...

}'

Add MPPE keys to the request being sent to the supplicant

The only work to be done is the add the appropriate SEND/RECV attributes derived from the MSK.

Definition at line 1475 of file state_machine.c.

+ Here is the call graph for this function:

◆ RESUME() [23/26]

RESUME ( send_sim_challenge_request  )

Resume after 'send Challenge-Request { ...

}'

Definition at line 2661 of file state_machine.c.

+ Here is the call graph for this function:

◆ RESUME() [24/26]

RESUME ( send_sim_start  )

Resume after 'send Start { ...

}'

Send a EAP-Request/SIM-Start message to the supplicant

There are three types of user identities that can be implemented

  • Permanent identities such as 01234.nosp@m.5678.nosp@m.90987.nosp@m.65@m.nosp@m.yoper.nosp@m.ator.nosp@m..com Permanent identities can be identified by the leading zero followed by by 15 digits (the IMSI number).
  • Ephemeral identities (pseudonyms). These are identities assigned for identity privacy so the user can't be tracked. These can identities can either be generated as per the 3GPP 'Security aspects of non-3GPP accesses' document section 14, where a set of up to 16 encryption keys are used to reversibly encrypt the IMSI. Alternatively the pseudonym can be completely randomised and stored in a datastore.
  • A fast resumption ID which resolves to data used for fast resumption.

In order to perform full authentication the original IMSI is required for forwarding to the HLR. In the case where we can't match/decrypt the pseudonym, or can't perform fast resumption, we need to request the full identity from the supplicant.

Definition at line 3340 of file state_machine.c.

+ Here is the call graph for this function:

◆ RESUME() [25/26]

RESUME ( store_pseudonym  )

Resume after 'store pseudonym { ...

}'

Stores session data if required.

Definition at line 659 of file state_machine.c.

+ Here is the call graph for this function:

◆ RESUME() [26/26]

RESUME ( store_session  )

Resume after 'store session { ...

}'

Definition at line 634 of file state_machine.c.

+ Here is the call graph for this function:

◆ session_and_pseudonym_clear()

static unlang_action_t session_and_pseudonym_clear ( rlm_rcode_t p_result,
module_ctx_t const *  mctx,
request_t request,
eap_aka_sim_session_t eap_aka_sim_session,
module_method_t  next 
)
static

Implements a set of states for clearing out pseudonym and fastauth identities.

If either a Challenge round or Reauthentication round fail, we need to clear any identities that were provided during those rounds, as the supplicant will have discarded them.

Parameters
[out]p_resultResult of calling the module.
[in]mctxmodule calling ctx.
[in]requestthe current request.
[in]eap_aka_sim_sessionthe current EAP session
[in]nextfunction to call after clearing sessions and pseudonyms.

Definition at line 919 of file state_machine.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ session_and_pseudonym_store()

static unlang_action_t session_and_pseudonym_store ( rlm_rcode_t p_result,
module_ctx_t const *  mctx,
request_t request,
eap_aka_sim_session_t eap_aka_sim_session,
module_method_t  next 
)
static

Implements a set of states for storing pseudonym and fastauth identities.

At the end of challenge or reauthentication rounds, the user may have specified a pseudonym and fastauth identity to return to the supplicant.

Call the appropriate sections to persist those values.

Parameters
[out]p_resultResult of calling the module.
[in]mctxModule calling ctx.
[in]requestthe current request.
[in]eap_aka_sim_sessionthe EAP session
[in]nextfunction to call after storing sessions and pseudonyms.

Definition at line 803 of file state_machine.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ sim_challenge_request_send()

static unlang_action_t sim_challenge_request_send ( rlm_rcode_t p_result,
module_ctx_t const *  mctx,
request_t request 
)
static

Called after 'store session { ...

}' and 'store pseudonym { ... }'

Definition at line 1088 of file state_machine.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ sim_start_nonce_mt_check()

static int sim_start_nonce_mt_check ( request_t request,
eap_aka_sim_session_t eap_aka_sim_session 
)
static

Helper function to check for the presence and length of AT_NONCE_MT and copy its value into the keys structure.

Does not actually perform cryptographic validation of AT_NONCE_MT, this is done later.

Definition at line 1184 of file state_machine.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ sim_start_selected_version_check()

static int sim_start_selected_version_check ( request_t request,
eap_aka_sim_session_t eap_aka_sim_session 
)
static

Helper function to check for the presence and length of AT_SELECTED_VERSION and copy its value into the keys structure.

Also checks the version matches one of the ones we advertised in our version list, which is a bit redundant seeing as there's only one version of EAP-SIM.

Definition at line 1131 of file state_machine.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ STATE_GUARD() [1/11]

STATE_GUARD ( aka_challenge  )

Enter the AKA-CHALLENGE state.

Definition at line 2501 of file state_machine.c.

+ Here is the call graph for this function:

◆ STATE_GUARD() [2/11]

STATE_GUARD ( aka_identity  )

Enter the AKA-IDENTITY state.

Definition at line 3040 of file state_machine.c.

+ Here is the call graph for this function:

◆ STATE_GUARD() [3/11]

STATE_GUARD ( common_challenge  )

Enter the SIM-CHALLENGE or AKA-CHALLENGE state.

Called by functions which are common to both the EAP-SIM and EAP-AKA state machines to enter the correct challenge state.

Definition at line 2777 of file state_machine.c.

+ Here is the call graph for this function:

◆ STATE_GUARD() [4/11]

STATE_GUARD ( common_failure_notification  )

Enter the FAILURE-NOTIFICATION state.

Definition at line 1419 of file state_machine.c.

+ Here is the call graph for this function:

◆ STATE_GUARD() [5/11]

STATE_GUARD ( common_identity  )

Enter the SIM-START or AKA-IDENTITY state.

Called by functions which are common to both the EAP-SIM and EAP-AKA state machines to enter the correct Identity-Request state.

Definition at line 3434 of file state_machine.c.

+ Here is the call graph for this function:

◆ STATE_GUARD() [6/11]

STATE_GUARD ( common_reauthentication  )

Enter the REAUTHENTICATION state.

Definition at line 2098 of file state_machine.c.

+ Here is the call graph for this function:

◆ STATE_GUARD() [7/11]

STATE_GUARD ( common_success_notification  )

Enter the SUCCESS-NOTIFICATION state.

Definition at line 1634 of file state_machine.c.

◆ STATE_GUARD() [8/11]

STATE_GUARD ( eap_failure  )

Enter EAP-FAILURE state.

Definition at line 1240 of file state_machine.c.

+ Here is the call graph for this function:

◆ STATE_GUARD() [9/11]

STATE_GUARD ( eap_success  )

Enter EAP-SUCCESS state.

Definition at line 1527 of file state_machine.c.

◆ STATE_GUARD() [10/11]

STATE_GUARD ( sim_challenge  )

Enter the SIM-CHALLENGE state.

Definition at line 2741 of file state_machine.c.

+ Here is the call graph for this function:

◆ STATE_GUARD() [11/11]

STATE_GUARD ( sim_start  )

Enter the SIM-START state.

Definition at line 3410 of file state_machine.c.

+ Here is the call graph for this function:

◆ state_set()

static void state_set ( request_t request,
eap_aka_sim_session_t eap_aka_sim_session,
module_method_t  new_state 
)
inlinestatic

Print debugging information, and write new state to eap_aka_sim_session->state.

Definition at line 182 of file state_machine.c.

◆ switch()

switch ( subtype_vp->  vp_uint16)

Definition at line 1293 of file state_machine.c.

Variable Documentation

◆ aka_challenge

aka_challenge
Initial value:

AKA-CHALLENGE state - Continue the state machine after receiving a response to our EAP-Request/SIM-Challenge.

  • Continue based on received AT_SUBTYPE value:
    • EAP-Response/AKA-Challenge - call 'recv Challenge-Response { ... }'.
    • EAP-Response/AKA-Authentication-Reject - call 'recv Authentication-Reject { ... }' and after that send a EAP-Request/SIM-Notification indicating a General Failure.
    • EAP-Response/AKA-Synchronization-Failure - call 'recv Synchronization-Failure { ... }'.
    • EAP-Response/AKA-Client-Error - call 'recv Client-Error { ... }' and after that send a EAP-Request/AKA-Notification indicating a General Failure.
    • Anything else, enter the FAILURE-NOTIFICATION state.

Definition at line 80 of file state_machine.c.

◆ aka_identity

aka_identity
Initial value:
{
eap_aka_sim_process_conf_t *inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_process_conf_t)

AKA-IDENTITY state - Continue the state machine after receiving a response to our EAP-Request/AKA-Identity.

  • Continue based on received AT_SUBTYPE value:
    • EAP-Response/AKA-Identity - call either 'recv Identity-Response { ... }' or if provided 'recv AKA-Identity-Response { ... }'. The idea here is that the EAP-Identity-Response is really the first round in identity negotiation and there's no real value distinguishing between the first round and subsequent rounds, but if users do want to run different logic, then give them a way of doing that.
    • EAP-Response/AKA-Client-Error - call 'recv Client-Error { ... }' and after that send a EAP-Request/SIM-Notification indicating a General Failure.
    • Anything else, enter the FAILURE-NOTIFICATION state.

Definition at line 85 of file state_machine.c.

◆ aka_sim_state_table

fr_table_ptr_ordered_t const aka_sim_state_table[]
static
Initial value:
= {
{ L("INIT"), NULL },
{ L("EAP-IDENTITY"), (void *)state_init },
{ L("SIM-START"), (void *)state_sim_start },
{ L("AKA-IDENTITY"), (void *)state_aka_identity },
{ L("SIM-CHALLENGE"), (void *)state_sim_challenge },
{ L("AKA-CHALLENGE"), (void *)state_aka_challenge },
{ L("SUCCESS-NOTIFICATION"), (void *)state_common_success_notification },
{ L("FAILURE-NOTIFICATION"), (void *)state_common_failure_notification },
{ L("REAUTHENTICATION"), (void *)state_common_reauthentication },
{ L("EAP-SUCCESS"), (void *)state_eap_success },
{ L("EAP-FAILURE"), (void *)state_eap_failure }
}
#define L(_str)
Helper for initialising arrays of string literals.
Definition: build.h:207

Definition at line 92 of file state_machine.c.

◆ aka_sim_state_table_len

size_t aka_sim_state_table_len = NUM_ELEMENTS(aka_sim_state_table)
static

Definition at line 110 of file state_machine.c.

◆ common_failure_notification

common_failure_notification
Initial value:
{
eap_aka_sim_process_conf_t *inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_process_conf_t)

FAILURE-NOTIFICATION state - Continue the state machine after receiving a response to our EAP-Request/(AKA|SIM)-Notification.

  • Continue based on received AT_SUBTYPE value:
    • EAP-Response/SIM-Client-Error - Call 'recv Failure-Notification-Ack { ... }'
    • Anything else, enter the FAILURE-NOTIFICATION state.

Definition at line 72 of file state_machine.c.

◆ common_reauthentication

common_reauthentication
Initial value:
{
eap_aka_sim_process_conf_t *inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_process_conf_t)

REAUTHENTICATION state - Continue the state machine after receiving a response to our EAP-Request/SIM-Start.

  • Continue based on received AT_SUBTYPE value:
    • EAP-Response/(SIM|AKA)-Reauthentication - call 'recv Reauthentication-Response { ... }'
    • EAP-Response/(SIM|AKA)-Client-Error - call 'recv Client-Error { ... }' and after that send a EAP-Request/(SIM|AKA)-Notification indicating a General Failure.
    • Anything else, enter the FAILURE-NOTIFICATION state.

Definition at line 78 of file state_machine.c.

◆ common_success_notification

common_success_notification
Initial value:
{
eap_aka_sim_process_conf_t *inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_process_conf_t)

SUCCESS-NOTIFICATION state - Continue the state machine after receiving a response to our EAP-Request/(AKA|SIM)-Notification.

  • Call 'recv Success-Notification-Ack { ... }'

Definition at line 76 of file state_machine.c.

◆ eap_aka_sim_session

eap_aka_sim_session_t * eap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t)

Definition at line 1730 of file state_machine.c.

◆ eap_failure

eap_failure
Initial value:
{
if (!fr_cond_assert(request && mctx && mctx->rctx)) RETURN_MODULE_FAIL
#define fr_cond_assert(_x)
Calls panic_action ifndef NDEBUG, else logs error and evaluates to value of _x.
Definition: debug.h:139
RETURN_MODULE_FAIL

FAILURE state - State machine exit point after sending EAP-Failure.

Should never actually be called. Is just a placeholder function to represent the FAILURE termination state. Could equally be a NULL pointer, but then on a logic error we'd get a SEGV instead of a more friendly assert/failure rcode.

Definition at line 70 of file state_machine.c.

◆ eap_success

eap_success
Initial value:
{
eap_aka_sim_session_t *eap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t)

SUCCESS state - State machine exit point after sending EAP-Success.

Should never actually be called. Is just a placeholder function to represent the SUCCESS termination state. Could equally be a NULL pointer, but then on a logic error we'd get a SEGV instead of a more friendly assert/failure rcode.

Definition at line 74 of file state_machine.c.

◆ init

init
Initial value:
{
eap_session_t *eap_session = eap_session_get(request->parent)
static eap_session_t * eap_session_get(request_t *request)
Definition: session.h:82
Tracks the progress of a single session of any EAP method.
Definition: session.h:40

Enter the EAP-IDENTITY state.

  • Process the incoming EAP-Identity-Response
  • Start EAP-SIM/EAP-AKA/EAP-AKA' state machine optionally calling 'recv Identity-Response { ... }'

Definition at line 90 of file state_machine.c.

◆ inst

eap_aka_sim_process_conf_t* inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_process_conf_t)

Definition at line 3633 of file state_machine.c.

◆ RETURN_MODULE_FAIL

RETURN_MODULE_FAIL

Definition at line 1220 of file state_machine.c.

◆ sim_challenge

sim_challenge
Initial value:
{
eap_aka_sim_process_conf_t *inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_process_conf_t)

SIM-CHALLENGE state - Continue the state machine after receiving a response to our EAP-Request/SIM-Challenge.

  • Continue based on received AT_SUBTYPE value:
    • EAP-Response/SIM-Challenge - call 'recv Challenge-Response { ... }'.
    • EAP-Response/SIM-Client-Error - call 'recv Client-Error { ... }' and after that send a EAP-Request/SIM-Notification indicating a General Failure.
    • Anything else, enter the FAILURE-NOTIFICATION state.

Definition at line 82 of file state_machine.c.

◆ sim_start

sim_start
Initial value:
{
eap_aka_sim_process_conf_t *inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_process_conf_t)

SIM-START state - Continue the state machine after receiving a response to our EAP-Request/SIM-Start.

  • Continue based on received AT_SUBTYPE value:
    • EAP-Response/SIM-Start - call either 'recv Identity-Response { ... }' or if provided 'recv SIM-Start-Response { ... }'. The idea here is that the EAP-Identity-Response is really the first round in identity negotiation and there's no real value distinguishing between the first round and subsequent rounds, but if users do want to run different logic, then give them a way of doing that.
    • EAP-Response/SIM-Client-Error - call 'recv Client-Error { ... }' and after that send a EAP-Request/SIM-Notification indicating a General Failure.
    • Anything else, enter the FAILURE-NOTIFICATION state.

Definition at line 87 of file state_machine.c.

◆ subtype_vp

fr_pair_t * subtype_vp = NULL

Definition at line 1288 of file state_machine.c.

◆ type

Definition at line 3636 of file state_machine.c.

◆ vp

fr_pair_t * vp

Definition at line 2271 of file state_machine.c.