Expand PMF_FN_* macros.
[netbsd-mini2440.git] / dist / tcpdump / print-radius.c
blob545affa749ff0fefcfebe3da27fe3b19cda2f547
1 /* $NetBSD$ */
3 /*
4 * Copyright (C) 2000 Alfredo Andres Omella. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 * 3. The names of the authors may not be used to endorse or promote
17 * products derived from this software without specific prior
18 * written permission.
20 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
21 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
22 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
25 * Radius printer routines as specified on:
27 * RFC 2865:
28 * "Remote Authentication Dial In User Service (RADIUS)"
30 * RFC 2866:
31 * "RADIUS Accounting"
33 * RFC 2867:
34 * "RADIUS Accounting Modifications for Tunnel Protocol Support"
36 * RFC 2868:
37 * "RADIUS Attributes for Tunnel Protocol Support"
39 * RFC 2869:
40 * "RADIUS Extensions"
42 * Alfredo Andres Omella (aandres@s21sec.com) v0.1 2000/09/15
44 * TODO: Among other things to print ok MacIntosh and Vendor values
47 #include <sys/cdefs.h>
48 #ifndef lint
49 #if 0
50 static const char rcsid[] _U_ =
51 "Id: print-radius.c,v 1.27.2.1 2005/09/26 01:02:40 guy Exp";
52 #else
53 __RCSID("$NetBSD: tcpdump2rcsid.ex,v 1.1 2001/06/25 20:09:58 itojun Exp $");
54 #endif
55 #endif
57 #ifdef HAVE_CONFIG_H
58 #include "config.h"
59 #endif
61 #include <tcpdump-stdinc.h>
63 #include <string.h>
65 #include <stdio.h>
67 #include "interface.h"
68 #include "addrtoname.h"
69 #include "extract.h"
70 #include "oui.h"
72 #define TAM_SIZE(x) (sizeof(x)/sizeof(x[0]) )
74 #define PRINT_HEX(bytes_len, ptr_data) \
75 while(bytes_len) \
76 { \
77 printf("%02X", *ptr_data ); \
78 ptr_data++; \
79 bytes_len--; \
83 /* Radius packet codes */
84 #define RADCMD_ACCESS_REQ 1 /* Access-Request */
85 #define RADCMD_ACCESS_ACC 2 /* Access-Accept */
86 #define RADCMD_ACCESS_REJ 3 /* Access-Reject */
87 #define RADCMD_ACCOUN_REQ 4 /* Accounting-Request */
88 #define RADCMD_ACCOUN_RES 5 /* Accounting-Response */
89 #define RADCMD_ACCESS_CHA 11 /* Access-Challenge */
90 #define RADCMD_STATUS_SER 12 /* Status-Server */
91 #define RADCMD_STATUS_CLI 13 /* Status-Client */
92 #define RADCMD_RESERVED 255 /* Reserved */
94 static struct tok radius_command_values[] = {
95 { RADCMD_ACCESS_REQ, "Access Request" },
96 { RADCMD_ACCESS_ACC, "Access Accept" },
97 { RADCMD_ACCESS_REJ, "Access Reject" },
98 { RADCMD_ACCOUN_REQ, "Accounting Request" },
99 { RADCMD_ACCOUN_RES, "Accounting Response" },
100 { RADCMD_ACCESS_CHA, "Access Challenge" },
101 { RADCMD_STATUS_SER, "Status Server" },
102 { RADCMD_STATUS_CLI, "Status Client" },
103 { RADCMD_RESERVED, "Reserved" },
104 { 0, NULL}
107 /********************************/
108 /* Begin Radius Attribute types */
109 /********************************/
110 #define SERV_TYPE 6
111 #define FRM_IPADDR 8
112 #define LOG_IPHOST 14
113 #define LOG_SERVICE 15
114 #define FRM_IPX 23
115 #define SESSION_TIMEOUT 27
116 #define IDLE_TIMEOUT 28
117 #define FRM_ATALK_LINK 37
118 #define FRM_ATALK_NETWORK 38
120 #define ACCT_DELAY 41
121 #define ACCT_SESSION_TIME 46
123 #define TUNNEL_TYPE 64
124 #define TUNNEL_MEDIUM 65
125 #define TUNNEL_CLIENT_END 66
126 #define TUNNEL_SERVER_END 67
127 #define TUNNEL_PASS 69
129 #define ARAP_PASS 70
130 #define ARAP_FEATURES 71
132 #define TUNNEL_PRIV_GROUP 81
133 #define TUNNEL_ASSIGN_ID 82
134 #define TUNNEL_PREFERENCE 83
136 #define ARAP_CHALLENGE_RESP 84
137 #define ACCT_INT_INTERVAL 85
139 #define TUNNEL_CLIENT_AUTH 90
140 #define TUNNEL_SERVER_AUTH 91
141 /********************************/
142 /* End Radius Attribute types */
143 /********************************/
146 static void print_attr_string(register u_char *, u_int, u_short );
147 static void print_attr_num(register u_char *, u_int, u_short );
148 static void print_vendor_attr(register u_char *, u_int, u_short );
149 static void print_attr_address(register u_char *, u_int, u_short);
150 static void print_attr_time(register u_char *, u_int, u_short);
151 static void print_attr_strange(register u_char *, u_int, u_short);
154 struct radius_hdr { u_int8_t code; /* Radius packet code */
155 u_int8_t id; /* Radius packet id */
156 u_int16_t len; /* Radius total length */
157 u_int8_t auth[16]; /* Authenticator */
160 #define MIN_RADIUS_LEN 20
162 struct radius_attr { u_int8_t type; /* Attribute type */
163 u_int8_t len; /* Attribute length */
167 /* Service-Type Attribute standard values */
168 static const char *serv_type[]={ NULL,
169 "Login",
170 "Framed",
171 "Callback Login",
172 "Callback Framed",
173 "Outbound",
174 "Administrative",
175 "NAS Prompt",
176 "Authenticate Only",
177 "Callback NAS Prompt",
178 "Call Check",
179 "Callback Administrative",
182 /* Framed-Protocol Attribute standard values */
183 static const char *frm_proto[]={ NULL,
184 "PPP",
185 "SLIP",
186 "ARAP",
187 "Gandalf proprietary",
188 "Xylogics IPX/SLIP",
189 "X.75 Synchronous",
192 /* Framed-Routing Attribute standard values */
193 static const char *frm_routing[]={ "None",
194 "Send",
195 "Listen",
196 "Send&Listen",
199 /* Framed-Compression Attribute standard values */
200 static const char *frm_comp[]={ "None",
201 "VJ TCP/IP",
202 "IPX",
203 "Stac-LZS",
206 /* Login-Service Attribute standard values */
207 static const char *login_serv[]={ "Telnet",
208 "Rlogin",
209 "TCP Clear",
210 "PortMaster(proprietary)",
211 "LAT",
212 "X.25-PAD",
213 "X.25-T3POS",
214 "Unassigned",
215 "TCP Clear Quiet",
219 /* Termination-Action Attribute standard values */
220 static const char *term_action[]={ "Default",
221 "RADIUS-Request",
224 /* NAS-Port-Type Attribute standard values */
225 static const char *nas_port_type[]={ "Async",
226 "Sync",
227 "ISDN Sync",
228 "ISDN Async V.120",
229 "ISDN Async V.110",
230 "Virtual",
231 "PIAFS",
232 "HDLC Clear Channel",
233 "X.25",
234 "X.75",
235 "G.3 Fax",
236 "SDSL",
237 "ADSL-CAP",
238 "ADSL-DMT",
239 "ISDN-DSL",
240 "Ethernet",
241 "xDSL",
242 "Cable",
243 "Wireless - Other",
244 "Wireless - IEEE 802.11",
247 /* Acct-Status-Type Accounting Attribute standard values */
248 static const char *acct_status[]={ NULL,
249 "Start",
250 "Stop",
251 "Interim-Update",
252 "Unassigned",
253 "Unassigned",
254 "Unassigned",
255 "Accounting-On",
256 "Accounting-Off",
257 "Tunnel-Start",
258 "Tunnel-Stop",
259 "Tunnel-Reject",
260 "Tunnel-Link-Start",
261 "Tunnel-Link-Stop",
262 "Tunnel-Link-Reject",
263 "Failed",
266 /* Acct-Authentic Accounting Attribute standard values */
267 static const char *acct_auth[]={ NULL,
268 "RADIUS",
269 "Local",
270 "Remote",
273 /* Acct-Terminate-Cause Accounting Attribute standard values */
274 static const char *acct_term[]={ NULL,
275 "User Request",
276 "Lost Carrier",
277 "Lost Service",
278 "Idle Timeout",
279 "Session Timeout",
280 "Admin Reset",
281 "Admin Reboot",
282 "Port Error",
283 "NAS Error",
284 "NAS Request",
285 "NAS Reboot",
286 "Port Unneeded",
287 "Port Preempted",
288 "Port Suspended",
289 "Service Unavailable",
290 "Callback",
291 "User Error",
292 "Host Request",
295 /* Tunnel-Type Attribute standard values */
296 static const char *tunnel_type[]={ NULL,
297 "PPTP",
298 "L2F",
299 "L2TP",
300 "ATMP",
301 "VTP",
302 "AH",
303 "IP-IP",
304 "MIN-IP-IP",
305 "ESP",
306 "GRE",
307 "DVS",
308 "IP-in-IP Tunneling",
311 /* Tunnel-Medium-Type Attribute standard values */
312 static const char *tunnel_medium[]={ NULL,
313 "IPv4",
314 "IPv6",
315 "NSAP",
316 "HDLC",
317 "BBN 1822",
318 "802",
319 "E.163",
320 "E.164",
321 "F.69",
322 "X.121",
323 "IPX",
324 "Appletalk",
325 "Decnet IV",
326 "Banyan Vines",
327 "E.164 with NSAP subaddress",
330 /* ARAP-Zone-Access Attribute standard values */
331 static const char *arap_zone[]={ NULL,
332 "Only access to dfl zone",
333 "Use zone filter inc.",
334 "Not used",
335 "Use zone filter exc.",
338 static const char *prompt[]={ "No Echo",
339 "Echo",
343 struct attrtype { const char *name; /* Attribute name */
344 const char **subtypes; /* Standard Values (if any) */
345 u_char siz_subtypes; /* Size of total standard values */
346 u_char first_subtype; /* First standard value is 0 or 1 */
347 void (*print_func)(register u_char *, u_int, u_short );
348 } attr_type[]=
350 { NULL, NULL, 0, 0, NULL },
351 { "Username", NULL, 0, 0, print_attr_string },
352 { "Password", NULL, 0, 0, NULL },
353 { "CHAP Password", NULL, 0, 0, NULL },
354 { "NAS IP Address", NULL, 0, 0, print_attr_address },
355 { "NAS Port", NULL, 0, 0, print_attr_num },
356 { "Service Type", serv_type, TAM_SIZE(serv_type)-1, 1, print_attr_num },
357 { "Framed Protocol", frm_proto, TAM_SIZE(frm_proto)-1, 1, print_attr_num },
358 { "Framed IP Address", NULL, 0, 0, print_attr_address },
359 { "Framed IP Network", NULL, 0, 0, print_attr_address },
360 { "Framed Routing", frm_routing, TAM_SIZE(frm_routing), 0, print_attr_num },
361 { "Filter ID", NULL, 0, 0, print_attr_string },
362 { "Framed MTU", NULL, 0, 0, print_attr_num },
363 { "Framed Compression", frm_comp, TAM_SIZE(frm_comp), 0, print_attr_num },
364 { "Login IP Host", NULL, 0, 0, print_attr_address },
365 { "Login Service", login_serv, TAM_SIZE(login_serv), 0, print_attr_num },
366 { "Login TCP Port", NULL, 0, 0, print_attr_num },
367 { "Unassigned", NULL, 0, 0, NULL }, /*17*/
368 { "Reply", NULL, 0, 0, print_attr_string },
369 { "Callback-number", NULL, 0, 0, print_attr_string },
370 { "Callback-ID", NULL, 0, 0, print_attr_string },
371 { "Unassigned", NULL, 0, 0, NULL }, /*21*/
372 { "Framed Route", NULL, 0, 0, print_attr_string },
373 { "Framed IPX Network", NULL, 0, 0, print_attr_num },
374 { "State", NULL, 0, 0, print_attr_string },
375 { "Class", NULL, 0, 0, print_attr_string },
376 { "Vendor Specific", NULL, 0, 0, print_vendor_attr },
377 { "Session Timeout", NULL, 0, 0, print_attr_num },
378 { "Idle Timeout", NULL, 0, 0, print_attr_num },
379 { "Termination Action", term_action, TAM_SIZE(term_action), 0, print_attr_num },
380 { "Called Station", NULL, 0, 0, print_attr_string },
381 { "Calling Station", NULL, 0, 0, print_attr_string },
382 { "NAS ID", NULL, 0, 0, print_attr_string },
383 { "Proxy State", NULL, 0, 0, print_attr_string },
384 { "Login LAT Service", NULL, 0, 0, print_attr_string },
385 { "Login LAT Node", NULL, 0, 0, print_attr_string },
386 { "Login LAT Group", NULL, 0, 0, print_attr_string },
387 { "Framed Appletalk Link", NULL, 0, 0, print_attr_num },
388 { "Framed Appltalk Net", NULL, 0, 0, print_attr_num },
389 { "Framed Appletalk Zone", NULL, 0, 0, print_attr_string },
390 { "Accounting Status", acct_status, TAM_SIZE(acct_status)-1, 1, print_attr_num },
391 { "Accounting Delay", NULL, 0, 0, print_attr_num },
392 { "Accounting Input Octets", NULL, 0, 0, print_attr_num },
393 { "Accounting Output Octets", NULL, 0, 0, print_attr_num },
394 { "Accounting Session ID", NULL, 0, 0, print_attr_string },
395 { "Accounting Authentication", acct_auth, TAM_SIZE(acct_auth)-1, 1, print_attr_num },
396 { "Accounting Session Time", NULL, 0, 0, print_attr_num },
397 { "Accounting Input Packets", NULL, 0, 0, print_attr_num },
398 { "Accounting Output Packets", NULL, 0, 0, print_attr_num },
399 { "Accounting Termination Cause", acct_term, TAM_SIZE(acct_term)-1, 1, print_attr_num },
400 { "Accounting Multilink Session ID", NULL, 0, 0, print_attr_string },
401 { "Accounting Link Count", NULL, 0, 0, print_attr_num },
402 { "Accounting Input Giga", NULL, 0, 0, print_attr_num },
403 { "Accounting Output Giga", NULL, 0, 0, print_attr_num },
404 { "Unassigned", NULL, 0, 0, NULL }, /*54*/
405 { "Event Timestamp", NULL, 0, 0, print_attr_time },
406 { "Unassigned", NULL, 0, 0, NULL }, /*56*/
407 { "Unassigned", NULL, 0, 0, NULL }, /*57*/
408 { "Unassigned", NULL, 0, 0, NULL }, /*58*/
409 { "Unassigned", NULL, 0, 0, NULL }, /*59*/
410 { "CHAP challenge", NULL, 0, 0, print_attr_string },
411 { "NAS Port Type", nas_port_type, TAM_SIZE(nas_port_type), 0, print_attr_num },
412 { "Port Limit", NULL, 0, 0, print_attr_num },
413 { "Login LAT Port", NULL, 0, 0, print_attr_string }, /*63*/
414 { "Tunnel Type", tunnel_type, TAM_SIZE(tunnel_type)-1, 1, print_attr_num },
415 { "Tunnel Medium", tunnel_medium, TAM_SIZE(tunnel_medium)-1, 1, print_attr_num },
416 { "Tunnel Client End", NULL, 0, 0, print_attr_string },
417 { "Tunnel Server End", NULL, 0, 0, print_attr_string },
418 { "Accounting Tunnel connect", NULL, 0, 0, print_attr_string },
419 { "Tunnel Password", NULL, 0, 0, print_attr_string },
420 { "ARAP Password", NULL, 0, 0, print_attr_strange },
421 { "ARAP Feature", NULL, 0, 0, print_attr_strange },
422 { "ARAP Zone Acces", arap_zone, TAM_SIZE(arap_zone)-1, 1, print_attr_num }, /*72*/
423 { "ARAP Security", NULL, 0, 0, print_attr_string },
424 { "ARAP Security Data", NULL, 0, 0, print_attr_string },
425 { "Password Retry", NULL, 0, 0, print_attr_num },
426 { "Prompt", prompt, TAM_SIZE(prompt), 0, print_attr_num },
427 { "Connect Info", NULL, 0, 0, print_attr_string },
428 { "Config Token", NULL, 0, 0, print_attr_string },
429 { "EAP Message", NULL, 0, 0, print_attr_string },
430 { "Message Authentication", NULL, 0, 0, print_attr_string }, /*80*/
431 { "Tunnel Private Group", NULL, 0, 0, print_attr_string },
432 { "Tunnel Assigned ID", NULL, 0, 0, print_attr_string },
433 { "Tunnel Preference", NULL, 0, 0, print_attr_num },
434 { "ARAP Challenge Response", NULL, 0, 0, print_attr_strange },
435 { "Accounting Interim Interval", NULL, 0, 0, print_attr_num },
436 { "Accounting Tunnel packets lost", NULL, 0, 0, print_attr_num }, /*86*/
437 { "NAS Port ID", NULL, 0, 0, print_attr_string },
438 { "Framed Pool", NULL, 0, 0, print_attr_string },
439 { "Unassigned", NULL, 0, 0, NULL },
440 { "Tunnel Client Authentication ID", NULL, 0, 0, print_attr_string },
441 { "Tunnel Server Authentication ID", NULL, 0, 0, print_attr_string },
442 { "Unassigned", NULL, 0, 0, NULL }, /*92*/
443 { "Unassigned", NULL, 0, 0, NULL } /*93*/
447 /*****************************/
448 /* Print an attribute string */
449 /* value pointed by 'data' */
450 /* and 'length' size. */
451 /*****************************/
452 /* Returns nothing. */
453 /*****************************/
454 static void
455 print_attr_string(register u_char *data, u_int length, u_short attr_code )
457 register u_int i;
459 TCHECK2(data[0],length);
461 switch(attr_code)
463 case TUNNEL_PASS:
464 if (length < 3)
466 printf(" [|radius]");
467 return;
469 if (*data && (*data <=0x1F) )
470 printf("Tag %u, ",*data);
471 data++;
472 length--;
473 printf("Salt %u ",EXTRACT_16BITS(data) );
474 data+=2;
475 length-=2;
476 break;
477 case TUNNEL_CLIENT_END:
478 case TUNNEL_SERVER_END:
479 case TUNNEL_PRIV_GROUP:
480 case TUNNEL_ASSIGN_ID:
481 case TUNNEL_CLIENT_AUTH:
482 case TUNNEL_SERVER_AUTH:
483 if (*data <= 0x1F)
485 if (length < 1)
487 printf(" [|radius]");
488 return;
490 printf("Tag %u",*data);
491 data++;
492 length--;
494 break;
497 for (i=0; *data && i < length ; i++, data++)
498 printf("%c",(*data < 32 || *data > 128) ? '.' : *data );
500 return;
502 trunc:
503 printf(" [|radius]");
507 * print vendor specific attributes
510 static void
511 print_vendor_attr(register u_char *data, u_int length, u_short attr_code _U_)
513 u_int idx;
514 u_int vendor_id;
515 u_int vendor_type;
516 u_int vendor_length;
518 if (length < 4)
519 goto trunc;
520 TCHECK2(*data, 4);
521 vendor_id = EXTRACT_32BITS(data);
522 data+=4;
523 length-=4;
525 printf("Vendor: %s (%u)",
526 tok2str(smi_values,"Unknown",vendor_id),
527 vendor_id);
529 while (length >= 2) {
530 TCHECK2(*data, 2);
532 vendor_type = *(data);
533 vendor_length = *(data+1);
535 if (vendor_length < 2)
537 printf("\n\t Vendor Attribute: %u, Length: %u (bogus, must be >= 2)",
538 vendor_type,
539 vendor_length);
540 return;
542 if (vendor_length > length)
544 printf("\n\t Vendor Attribute: %u, Length: %u (bogus, goes past end of vendor-specific attribute)",
545 vendor_type,
546 vendor_length);
547 return;
549 data+=2;
550 vendor_length-=2;
551 length-=2;
552 TCHECK2(*data, vendor_length);
554 printf("\n\t Vendor Attribute: %u, Length: %u, Value: ",
555 vendor_type,
556 vendor_length);
557 for (idx = 0; idx < vendor_length ; idx++, data++)
558 printf("%c",(*data < 32 || *data > 128) ? '.' : *data );
559 length-=vendor_length;
561 return;
563 trunc:
564 printf(" [|radius]");
569 /******************************/
570 /* Print an attribute numeric */
571 /* value pointed by 'data' */
572 /* and 'length' size. */
573 /******************************/
574 /* Returns nothing. */
575 /******************************/
576 static void
577 print_attr_num(register u_char *data, u_int length, u_short attr_code )
579 u_int8_t tag;
580 u_int32_t timeout;
582 if (length != 4)
584 printf("ERROR: length %u != 4", length);
585 return;
588 TCHECK2(data[0],4);
589 /* This attribute has standard values */
590 if (attr_type[attr_code].siz_subtypes)
592 static const char **table;
593 u_int32_t data_value;
594 table = attr_type[attr_code].subtypes;
596 if ( (attr_code == TUNNEL_TYPE) || (attr_code == TUNNEL_MEDIUM) )
598 if (!*data)
599 printf("Tag[Unused]");
600 else
601 printf("Tag[%d]", *data);
602 data++;
603 data_value = EXTRACT_24BITS(data);
605 else
607 data_value = EXTRACT_32BITS(data);
609 if ( data_value <= (u_int32_t)(attr_type[attr_code].siz_subtypes - 1 +
610 attr_type[attr_code].first_subtype) &&
611 data_value >= attr_type[attr_code].first_subtype )
612 printf("%s",table[data_value]);
613 else
614 printf("#%u",data_value);
616 else
618 switch(attr_code) /* Be aware of special cases... */
620 case FRM_IPX:
621 if (EXTRACT_32BITS( data) == 0xFFFFFFFE )
622 printf("NAS Select");
623 else
624 printf("%d",EXTRACT_32BITS( data) );
625 break;
627 case SESSION_TIMEOUT:
628 case IDLE_TIMEOUT:
629 case ACCT_DELAY:
630 case ACCT_SESSION_TIME:
631 case ACCT_INT_INTERVAL:
632 timeout = EXTRACT_32BITS( data);
633 if ( timeout < 60 )
634 printf( "%02d secs", timeout);
635 else
637 if ( timeout < 3600 )
638 printf( "%02d:%02d min",
639 timeout / 60, timeout % 60);
640 else
641 printf( "%02d:%02d:%02d hours",
642 timeout / 3600, (timeout % 3600) / 60,
643 timeout % 60);
645 break;
647 case FRM_ATALK_LINK:
648 if (EXTRACT_32BITS(data) )
649 printf("%d",EXTRACT_32BITS(data) );
650 else
651 printf("Unnumbered" );
652 break;
654 case FRM_ATALK_NETWORK:
655 if (EXTRACT_32BITS(data) )
656 printf("%d",EXTRACT_32BITS(data) );
657 else
658 printf("NAS assigned" );
659 break;
661 case TUNNEL_PREFERENCE:
662 tag = *data;
663 data++;
664 if (tag == 0)
665 printf("Tag (Unused) %d",EXTRACT_24BITS(data) );
666 else
667 printf("Tag (%d) %d", tag, EXTRACT_24BITS(data) );
668 break;
670 default:
671 printf("%d",EXTRACT_32BITS( data) );
672 break;
674 } /* switch */
676 } /* if-else */
678 return;
680 trunc:
681 printf(" [|radius]");
685 /*****************************/
686 /* Print an attribute IPv4 */
687 /* address value pointed by */
688 /* 'data' and 'length' size. */
689 /*****************************/
690 /* Returns nothing. */
691 /*****************************/
692 static void
693 print_attr_address(register u_char *data, u_int length, u_short attr_code )
695 if (length != 4)
697 printf("ERROR: length %u != 4", length);
698 return;
701 TCHECK2(data[0],4);
703 switch(attr_code)
705 case FRM_IPADDR:
706 case LOG_IPHOST:
707 if (EXTRACT_32BITS(data) == 0xFFFFFFFF )
708 printf("User Selected");
709 else
710 if (EXTRACT_32BITS(data) == 0xFFFFFFFE )
711 printf("NAS Select");
712 else
713 printf("%s",ipaddr_string(data));
714 break;
716 default:
717 printf("%s",ipaddr_string(data) );
718 break;
721 return;
723 trunc:
724 printf(" [|radius]");
728 /*************************************/
729 /* Print an attribute of 'secs since */
730 /* January 1, 1970 00:00 UTC' value */
731 /* pointed by 'data' and 'length' */
732 /* size. */
733 /*************************************/
734 /* Returns nothing. */
735 /*************************************/
736 static void print_attr_time(register u_char *data, u_int length, u_short attr_code _U_)
738 time_t attr_time;
739 char string[26];
741 if (length != 4)
743 printf("ERROR: length %u != 4", length);
744 return;
747 TCHECK2(data[0],4);
749 attr_time = EXTRACT_32BITS(data);
750 strlcpy(string, ctime(&attr_time), sizeof(string));
751 /* Get rid of the newline */
752 string[24] = '\0';
753 printf("%.24s", string);
754 return;
756 trunc:
757 printf(" [|radius]");
761 /***********************************/
762 /* Print an attribute of 'strange' */
763 /* data format pointed by 'data' */
764 /* and 'length' size. */
765 /***********************************/
766 /* Returns nothing. */
767 /***********************************/
768 static void print_attr_strange(register u_char *data, u_int length, u_short attr_code)
770 u_short len_data;
772 switch(attr_code)
774 case ARAP_PASS:
775 if (length != 16)
777 printf("ERROR: length %u != 16", length);
778 return;
780 printf("User_challenge (");
781 TCHECK2(data[0],8);
782 len_data = 8;
783 PRINT_HEX(len_data, data);
784 printf(") User_resp(");
785 TCHECK2(data[0],8);
786 len_data = 8;
787 PRINT_HEX(len_data, data);
788 printf(")");
789 break;
791 case ARAP_FEATURES:
792 if (length != 14)
794 printf("ERROR: length %u != 14", length);
795 return;
797 TCHECK2(data[0],1);
798 if (*data)
799 printf("User can change password");
800 else
801 printf("User cannot change password");
802 data++;
803 TCHECK2(data[0],1);
804 printf(", Min password length: %d",*data);
805 data++;
806 printf(", created at: ");
807 TCHECK2(data[0],4);
808 len_data = 4;
809 PRINT_HEX(len_data, data);
810 printf(", expires in: ");
811 TCHECK2(data[0],4);
812 len_data = 4;
813 PRINT_HEX(len_data, data);
814 printf(", Current Time: ");
815 TCHECK2(data[0],4);
816 len_data = 4;
817 PRINT_HEX(len_data, data);
818 break;
820 case ARAP_CHALLENGE_RESP:
821 if (length < 8)
823 printf("ERROR: length %u != 8", length);
824 return;
826 TCHECK2(data[0],8);
827 len_data = 8;
828 PRINT_HEX(len_data, data);
829 break;
831 return;
833 trunc:
834 printf(" [|radius]");
839 static void
840 radius_attrs_print(register const u_char *attr, u_int length)
842 register const struct radius_attr *rad_attr = (struct radius_attr *)attr;
843 const char *attr_string;
845 while (length > 0)
847 if (length < 2)
848 goto trunc;
849 TCHECK(*rad_attr);
851 if (rad_attr->type > 0 && rad_attr->type < TAM_SIZE(attr_type))
852 attr_string = attr_type[rad_attr->type].name;
853 else
854 attr_string = "Unknown";
855 if (rad_attr->len < 2)
857 printf("\n\t %s Attribute (%u), length: %u (bogus, must be >= 2)",
858 attr_string,
859 rad_attr->type,
860 rad_attr->len);
861 return;
863 if (rad_attr->len > length)
865 printf("\n\t %s Attribute (%u), length: %u (bogus, goes past end of packet)",
866 attr_string,
867 rad_attr->type,
868 rad_attr->len);
869 return;
871 printf("\n\t %s Attribute (%u), length: %u, Value: ",
872 attr_string,
873 rad_attr->type,
874 rad_attr->len);
876 if (rad_attr->type < TAM_SIZE(attr_type))
878 if (rad_attr->len > 2)
880 if ( attr_type[rad_attr->type].print_func )
881 (*attr_type[rad_attr->type].print_func)(
882 ((u_char *)(rad_attr+1)),
883 rad_attr->len - 2, rad_attr->type);
886 /* do we also want to see a hex dump ? */
887 if (vflag> 1)
888 print_unknown_data((u_char *)rad_attr+2,"\n\t ",(rad_attr->len)-2);
890 length-=(rad_attr->len);
891 rad_attr = (struct radius_attr *)( ((char *)(rad_attr))+rad_attr->len);
893 return;
895 trunc:
896 printf(" [|radius]");
900 void
901 radius_print(const u_char *dat, u_int length)
903 register const struct radius_hdr *rad;
904 u_int len, auth_idx;
906 TCHECK2(*dat, MIN_RADIUS_LEN);
907 rad = (struct radius_hdr *)dat;
908 len = EXTRACT_16BITS(&rad->len);
910 if (len < MIN_RADIUS_LEN)
912 printf(" [|radius]");
913 return;
916 if (len > length)
917 len = length;
919 if (vflag < 1) {
920 printf("RADIUS, %s (%u), id: 0x%02x length: %u",
921 tok2str(radius_command_values,"Unknown Command",rad->code),
922 rad->code,
923 rad->id,
924 len);
925 return;
927 else {
928 printf("RADIUS, length: %u\n\t%s (%u), id: 0x%02x, Authenticator: ",
929 len,
930 tok2str(radius_command_values,"Unknown Command",rad->code),
931 rad->code,
932 rad->id);
934 for(auth_idx=0; auth_idx < 16; auth_idx++)
935 printf("%02x", rad->auth[auth_idx] );
938 if (len > MIN_RADIUS_LEN)
939 radius_attrs_print( dat + MIN_RADIUS_LEN, len - MIN_RADIUS_LEN);
940 return;
942 trunc:
943 printf(" [|radius]");