📄 pana_client.cxx
字号:
diameter_address_t *epId = epIdAvp.GetAvp(PANA_AVPNAME_DEVICEID); if (epId) { epIdPresent = true; for (int ndx=1; epId; ndx++) { PANA_DeviceId *newId = new PANA_DeviceId(*epId); EpDeviceIds().push_back(newId); epId = epIdAvp.GetAvp(PANA_AVPNAME_DEVICEID, ndx); } } // update session lifetime AAA_UInt32AvpContainerWidget slAvp(msg.avpList()); diameter_unsigned32_t *sl = slAvp.GetAvp(PANA_AVPNAME_SESSIONLIFETIME); if (sl) { SessionLifetime() = ACE_NTOHL(*sl); } // update protection capability AAA_UInt32AvpContainerWidget pcapAvp(msg.avpList()); diameter_unsigned32_t *pcap = pcapAvp.GetAvp(PANA_AVPNAME_PROTECTIONCAP); if (pcap && PANA_RCODE_SUCCESS(rcode)) { if (ACE_NTOHL(*pcap) != PANA_CFG_GENERAL().m_ProtectionCap) { ACE_DEBUG((LM_ERROR, "No matchig protection-capability ... session will close")); m_Flags.i.PcapNotSupported = true; } ProtectionCapability() = ACE_NTOHL(*pcap); } // update post pana address config AAA_UInt32AvpContainerWidget ppacAvp(msg.avpList()); diameter_unsigned32_t *ppac = ppacAvp.GetAvp(PANA_AVPNAME_PPAC); if (ppac && PANA_RCODE_SUCCESS(rcode)) { if (! (PPAC().common(ACE_NTOHL(*ppac)))) { ACE_DEBUG((LM_ERROR, "No matching PPAC ... session will close")); m_Flags.i.PpacNotSupported = true; } PPAC().set(ACE_NTOHL(*ppac)); } // update current authentication mode AuxVariables().NapAuthentication() = msg.flags().nap; // update dhcp bootstrapping if (PPAC().DhcpV6() && DhcpBootstrap().Enable()) { DhcpBootstrap().CheckPBR(msg); } // extract eap AAA_StringAvpContainerWidget eapAvp(msg.avpList()); diameter_octetstring_t *payload = eapAvp.GetAvp(PANA_AVPNAME_EAP); if (AuxVariables().FirstEapResult() == 0) { if (AuxVariables().SeparateAuthentication() == false) { if (PANA_RCODE_SUCCESS(rcode)) { if (AuxVariables().SecAssociationResumed() == false) { if (epIdPresent) { AuxVariables().CarryDeviceId() = true; } if (payload) { NotifyEapRequest(*payload); } else { Error(rcode); } } else { // session resumption verification AAA_StringAvpContainerWidget nonceAvp(msg.avpList()); diameter_octetstring_t *nonce = nonceAvp.GetAvp(PANA_AVPNAME_NONCE); if (! nonce) { throw (PANA_Exception(PANA_Exception::FAILED, "Session resumption failed, missing nonce in PBR")); } PANA_Nonce ncheck(*nonce); if (! (ncheck == SecurityAssociation().PaaNonce())) { throw (PANA_Exception(PANA_Exception::FAILED, "Session resumption failed, invalid PAA nonce")); } if (! SecurityAssociation().ValidateAuthAvp(msg)) { throw (PANA_Exception(PANA_Exception::FAILED, "Session resumption failed, invalid AUTH received")); } AAA_UInt32AvpContainerWidget keyIdAvp(msg.avpList()); diameter_unsigned32_t *keyid = keyIdAvp.GetAvp(PANA_AVPNAME_KEYID); if (! keyid) { throw (PANA_Exception(PANA_Exception::FAILED, "Session resumption failed, missing keyid in PBR")); } if (ACE_NTOHL(*keyid) != SecurityAssociation().AAAKey1().Id()) { throw (PANA_Exception(PANA_Exception::FAILED, "Session resumption failed, mis-match keyid")); } TxPBA(false); // TBD: resolve this NotifyAuthorization(); NotifyScheduleLifetime(); } return; } } else { throw (PANA_Exception(PANA_Exception::FAILED, "PBR received during separate auth w/o PFER")); } } // update device id if (PANA_RCODE_SUCCESS(rcode) && epIdPresent) { AuxVariables().CarryDeviceId() = true; } if (payload) { NotifyEapRequest(*payload); } else { m_Event.EapAltReject(); if (! PANA_RCODE_SUCCESS(rcode)) { Error(rcode); } return; } if (PANA_RCODE_SUCCESS(rcode)) { // update verification flags m_Flags.i.BindSuccess = 1; // key id update AAA_UInt32AvpContainerWidget keyIdAvp(msg.avpList()); diameter_unsigned32_t *keyId = keyIdAvp.GetAvp(PANA_AVPNAME_KEYID); if (keyId) { SecurityAssociation().UpdateKeyId2(ACE_NTOHL(*keyId)); } } else { Error(rcode); }}void PANA_Client::TxPBA(bool close){ /* 7.9 PANA-Bind-Answer (PBA) The PANA-Bind-Answer (PBA) message is sent by the PaC to the PAA in response to a PANA-Bind-Request message. PANA-Bind-Answer ::= < PANA-Header: 5 [,SEP] [,NAP] > < Session-Id > [ PPAC ] [ Device-Id ] [ Key-Id ] [ Notification ] * [ AVP ] 0*1 < AUTH > */ boost::shared_ptr<PANA_Message> msg(new PANA_Message); // Populate header msg->type() = PANA_MTYPE_PBA; msg->seq() = LastRxSeqNum().Value(); msg->flags().separate = AuxVariables().SeparateAuthentication(); msg->flags().nap = AuxVariables().NapAuthentication(); // add session id AAA_Utf8AvpWidget sessionIdAvp(PANA_AVPNAME_SESSIONID); sessionIdAvp.Get() = SessionId(); msg->avpList().add(sessionIdAvp()); if (! close) { // add ppac AAA_UInt32AvpWidget ppacAvp(PANA_AVPNAME_PPAC); ppacAvp.Get() = ACE_HTONL(PPAC()()); msg->avpList().add(ppacAvp()); // add device-id if (AuxVariables().CarryDeviceId()) { AAA_AddressAvpWidget deviceAvp(PANA_AVPNAME_DEVICEID); deviceAvp.Get() = PacDeviceId()(); msg->avpList().add(deviceAvp()); } // update the aaa key's diameter_octetstring_t newKey; if (m_Event.IsKeyAvailable(newKey)) { if (AuxVariables().SeparateAuthentication() == false) { SecurityAssociation().UpdateAAAKey(newKey); } else { SecurityAssociation().UpdateAAAKey2(newKey); } SecurityAssociation().GenerateAuthKey(SessionId()); } } // add notification if any AddNotification(*msg); // auth and key-id if (SecurityAssociation().IsSet()) { // add Dhcp-AVP if (PPAC().DhcpV6() && DhcpBootstrap().Enable()) { DhcpBootstrap().AffixToPBA(*msg); } SecurityAssociation().AddKeyIdAvp(*msg); SecurityAssociation().AddAuthAvp(*msg); } ACE_DEBUG((LM_INFO, "(%P|%t) TxPBA: S-flag %d, N-flag=%d, seq=%d\n", msg->flags().separate, msg->flags().nap, msg->seq())); SendAnsMsg(msg);}void PANA_Client::TxPFEA(bool closed){ /* 7.17 PANA-FirstAuth-End-Answer (PFEA) The PANA-FirstAuth-End-Answer (PFEA) message is sent by the PaC to the PAA in response to a PANA-FirstAuth-End-Request message. PANA-FirstAuth-End-Answer ::= < PANA-Header: 9, REQ [,SEP] [,NAP] > < Session-Id > [ Key-Id ] [ Notification ] * [ AVP ] 0*1 < AUTH > */ boost::shared_ptr<PANA_Message> msg(new PANA_Message); // Populate header msg->type() = PANA_MTYPE_PFEA; msg->seq() = LastRxSeqNum().Value(); if (closed) { msg->flags().separate = false; msg->flags().nap = false; } else { msg->flags().separate = true; msg->flags().nap = AuxVariables().NapAuthentication(); } // add session id AAA_Utf8AvpWidget sessionIdAvp(PANA_AVPNAME_SESSIONID); sessionIdAvp.Get() = SessionId(); msg->avpList().add(sessionIdAvp()); // update aaa key if any diameter_octetstring_t newKey; if (m_Event.IsKeyAvailable(newKey)) { SecurityAssociation().UpdateAAAKey1(newKey); SecurityAssociation().GenerateAuthKey(SessionId()); } // add notification if any AddNotification(*msg); // auth and key-id if (SecurityAssociation().IsSet()) { SecurityAssociation().AddKeyIdAvp(*msg); SecurityAssociation().AddAuthAvp(*msg); } ACE_DEBUG((LM_INFO, "(%P|%t) TxPFEA: S-flag %d, N-flag=%d, seq=%d\n", msg->flags().separate, msg->flags().nap, msg->seq())); SendAnsMsg(msg);}void PANA_Client::TxPRAR(){ /* 7.6 PANA-Reauth-Request (PRAR) The PANA-Reauth-Request (PRAR) message is sent by the PaC to the PAA to re-initiate EAP authentication. PANA-Reauth-Request ::= < PANA-Header: 4, REQ > < Session-Id > [ Notification ] * [ AVP ] 0*1 < AUTH > */ boost::shared_ptr<PANA_Message> msg(new PANA_Message); // Populate header msg->type() = PANA_MTYPE_PRAR; msg->flags().request = true; // adjust serial num ++ LastTxSeqNum(); msg->seq() = LastTxSeqNum().Value(); // reset values AuxVariables().FirstEapResult() = 0; AuxVariables().SecAssociationResumed() = false; AuxVariables().SeparateAuthentication() = PANA_CFG_GENERAL().m_SeparateAuth; // add session id AAA_Utf8AvpWidget sessionIdAvp(PANA_AVPNAME_SESSIONID); sessionIdAvp.Get() = SessionId(); msg->avpList().add(sessionIdAvp()); // add notification if any AddNotification(*msg); // auth avp if (SecurityAssociation().IsSet()) { SecurityAssociation().AddAuthAvp(*msg); } // Cancel session timers m_Timer.CancelSession(); ACE_DEBUG((LM_INFO, "(%P|%t) TxPRAR: S-flag %d, N-flag=%d, seq=%d\n", msg->flags().separate, msg->flags().nap, msg->seq())); SendReqMsg(msg);}void PANA_Client::RxPRAA(){ /* 7.7 PANA-Reauth-Answer (PRAA) The PANA-Reauth-Answer (PRAA) message is sent by the PAA to the PaC in response to a PANA-Reauth-Request message. PANA-Reauth-Answer ::= < PANA-Header: 4 > < Session-Id > [ Notification ] * [ AVP ] 0*1 < AUTH > */ std::auto_ptr<PANA_Message> cleanup(AuxVariables(). RxMsgQueue().Dequeue()); PANA_Message &msg = *cleanup; ACE_DEBUG((LM_INFO, "(%P|%t) RxPRAA: S-flag %d, N-flag=%d, seq=%d\n", msg.flags().separate, msg.flags().nap, msg.seq())); // process notification ProcessNotification(msg); m_Timer.CancelTxRetry(); // re-start eap for new conversation NotifyEapRestart();}void PANA_Client::TxFormatAddress(PANA_Message &msg){ PANA_CfgClient &c = PANA_CFG_PAC(); // Proper destination IP address hierarchy is as follows: // a. try the known Paa IP address from previous rx msg // b. try locally config unicast addr // c. try locally config mcast address if present // d. undeliverable if not found if (PaaIpAddress().get_port_number() > 0) { PANA_DeviceId *ipId = PANA_DeviceIdConverter::CreateFromAddr (PaaIpAddress()); if (ipId == NULL) { throw (PANA_Exception(PANA_Exception::NO_MEMORY, "Failed to allocate IP device id")); } msg.srcDevices().push_back(ipId); msg.srcPort() = PaaIpAddress().get_port_number(); } else { // have to compute peer IP address std::string *destIp; msg.srcPort() = c.m_PaaPortNumber; if (c.m_PaaIpAddress.size() > 0) { destIp = &c.m_PaaIpAddress; } else if (c.m_PaaMcastAddress.size() > 0) { destIp = &c.m_PaaMcastAddress; } else { throw (PANA_Exception(PANA_Exception::FAILED, "Unable to configure a destination address")); } char buf[256]; ACE_OS::sprintf(buf, "%s:%d", destIp->data(), c.m_PaaPortNumber); ACE_INET_Addr paaAddr(buf); PANA_DeviceId *ipId = PANA_DeviceIdConverter::CreateFromAddr(paaAddr); if (ipId == NULL) { throw (PANA_Exception(PANA_Exception::NO_MEMORY, "Failed to allocate IP device id")); } msg.srcDevices().push_back(ipId); }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -