Re: strange packets from Patton

Thu, 03 Jul 2003 10:50:22 -0700 

> I might have got the wrong packet. Here are two, with the lines 
> from radius.log:
>
>0x0000   4500 00e0 1e5f 0000 4011 1e69 0a0a 1434        [EMAIL PROTECTED]
>0x0010   0a0a 14fe 0201 0715 00cc 0000 040a 00c4        ................
>0x0020   3c4a 8e9b 4477 bae8 8428 3442 a531 59ab        <J..Dw...(4B.1Y.
>0x0030   2c0e 3038 3335 3044 3030 3035 3646 320e        ,.08350D00056F2.
>0x0040   3038 3335 3044 3030 3035 3646 2008 5061        08350D00056F..Pa
>0x0050   7474 6f6e 0506 0000 0000 3d06 0000 0000        tton......=.....
>0x0060   1a80 0000 06e8 0014 717e e200 364e 6bd8        ........q~..6Nk.
>0x0070   717e e200 364e b069 717e e200 364e 0046        q~..6N.iq~..6N.F
>0x0080   717e e200 364e 0c1e 717e e200 024e 0000        q~..6N..q~...N..
>0x0090   947e e200 434e 0200 947e e200 434e 780b        .~..CN...~..CNx.
>0x00a0   947e e200 434e 80ba 947e e200 434e 0700        .~..CN...~..CN..
>0x00b0   947e e200 014e 0000 f380 e200 374e ffff        .~...N......7N..
>0x00c0   f380 e200 374e d18c f380 e200 374e f1ff        ....7N......7N..
>0x00d0   f380 e200 374e 0400 f380 e200 374e 8034        ....7N......7N.4
>
>Vendor specific attribute has invalid length -2

that warning is correct. If we start decoding the packet, and 
get to the vendor specific attribute:

1a 80  -> tag indicating its a VSA, and the length 
0000 06e8 -> vendor ID (1768) which is assigned to "Patton Electronics Company"
00 14 -> ID=0 and 0x14 (20) bytes attribute, meaning 20 byte attribute, with 18 bytes 
data 
717e e200 364e 6bd8 717e e200 364e b069 717e 
e2 00 -> the attribute tag is 0xE2, but the length is 0 bytes??? This is
         the problem. The length has to be atleast 2 (for the tag and length)
         size of data = length-2, which in this case turns out to be -2.
         This is where freeRadius would complain.
364e 0046 717e e200 364e 0c1e 
717e e200 
024e 0000 947e 
e200 434e 0200 947e e200 434e 780b 947e 
e200 434e 80ba 947e e200 434e 0700 947e 
e200 014e 0000 f380 e200 374e ffff f380 
e200 374e d18c f380 e200 374e f1ff f380 
e200 374e 0400 f380 e200 374e 8034

I have not decoded the other packet, but apparently Patton packs
their Vendor Specific Attributes in a manner that is different from
what the RFC recommends. Unfortunately the RFC does not mandate, just
recommends a format, and implementors are free to choose their own.

> None of these contain Acct-Status-Type , what does piss off freeradius

I think you need to check with your NAS/RAS vendor (Patton) why 
invalid accounting packets (without the Acct-Status-Type) are being
sent by them. 

Puneet

_______________________________________________
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to