]>
Commit | Line | Data |
---|---|---|
6fc6879b JM |
1 | /* |
2 | * hostapd / RADIUS Accounting | |
2fc98d02 | 3 | * Copyright (c) 2002-2008, Jouni Malinen <j@w1.fi> |
6fc6879b JM |
4 | * |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of the GNU General Public License version 2 as | |
7 | * published by the Free Software Foundation. | |
8 | * | |
9 | * Alternatively, this software may be distributed under the terms of BSD | |
10 | * license. | |
11 | * | |
12 | * See README and COPYING for more details. | |
13 | */ | |
14 | ||
15 | #include "includes.h" | |
16 | ||
17 | #include "hostapd.h" | |
18 | #include "radius/radius.h" | |
19 | #include "radius/radius_client.h" | |
20 | #include "eloop.h" | |
21 | #include "accounting.h" | |
22 | #include "ieee802_1x.h" | |
23 | #include "driver.h" | |
24 | ||
25 | ||
26 | /* Default interval in seconds for polling TX/RX octets from the driver if | |
27 | * STA is not using interim accounting. This detects wrap arounds for | |
28 | * input/output octets and updates Acct-{Input,Output}-Gigawords. */ | |
29 | #define ACCT_DEFAULT_UPDATE_INTERVAL 300 | |
30 | ||
2fc98d02 JM |
31 | static void accounting_sta_get_id(struct hostapd_data *hapd, |
32 | struct sta_info *sta); | |
33 | ||
6fc6879b JM |
34 | |
35 | static struct radius_msg * accounting_msg(struct hostapd_data *hapd, | |
36 | struct sta_info *sta, | |
37 | int status_type) | |
38 | { | |
39 | struct radius_msg *msg; | |
40 | char buf[128]; | |
41 | u8 *val; | |
42 | size_t len; | |
43 | int i; | |
44 | ||
45 | msg = radius_msg_new(RADIUS_CODE_ACCOUNTING_REQUEST, | |
46 | radius_client_get_id(hapd->radius)); | |
47 | if (msg == NULL) { | |
48 | printf("Could not create net RADIUS packet\n"); | |
49 | return NULL; | |
50 | } | |
51 | ||
52 | if (sta) { | |
53 | radius_msg_make_authenticator(msg, (u8 *) sta, sizeof(*sta)); | |
54 | ||
55 | os_snprintf(buf, sizeof(buf), "%08X-%08X", | |
56 | sta->acct_session_id_hi, sta->acct_session_id_lo); | |
57 | if (!radius_msg_add_attr(msg, RADIUS_ATTR_ACCT_SESSION_ID, | |
58 | (u8 *) buf, os_strlen(buf))) { | |
59 | printf("Could not add Acct-Session-Id\n"); | |
60 | goto fail; | |
61 | } | |
62 | } else { | |
63 | radius_msg_make_authenticator(msg, (u8 *) hapd, sizeof(*hapd)); | |
64 | } | |
65 | ||
66 | if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_STATUS_TYPE, | |
67 | status_type)) { | |
68 | printf("Could not add Acct-Status-Type\n"); | |
69 | goto fail; | |
70 | } | |
71 | ||
72 | if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_AUTHENTIC, | |
73 | hapd->conf->ieee802_1x ? | |
74 | RADIUS_ACCT_AUTHENTIC_RADIUS : | |
75 | RADIUS_ACCT_AUTHENTIC_LOCAL)) { | |
76 | printf("Could not add Acct-Authentic\n"); | |
77 | goto fail; | |
78 | } | |
79 | ||
80 | if (sta) { | |
81 | val = ieee802_1x_get_identity(sta->eapol_sm, &len); | |
82 | if (!val) { | |
83 | os_snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT, | |
84 | MAC2STR(sta->addr)); | |
85 | val = (u8 *) buf; | |
86 | len = os_strlen(buf); | |
87 | } | |
88 | ||
89 | if (!radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME, val, | |
90 | len)) { | |
91 | printf("Could not add User-Name\n"); | |
92 | goto fail; | |
93 | } | |
94 | } | |
95 | ||
96 | if (hapd->conf->own_ip_addr.af == AF_INET && | |
97 | !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS, | |
98 | (u8 *) &hapd->conf->own_ip_addr.u.v4, 4)) { | |
99 | printf("Could not add NAS-IP-Address\n"); | |
100 | goto fail; | |
101 | } | |
102 | ||
103 | #ifdef CONFIG_IPV6 | |
104 | if (hapd->conf->own_ip_addr.af == AF_INET6 && | |
105 | !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IPV6_ADDRESS, | |
106 | (u8 *) &hapd->conf->own_ip_addr.u.v6, 16)) { | |
107 | printf("Could not add NAS-IPv6-Address\n"); | |
108 | goto fail; | |
109 | } | |
110 | #endif /* CONFIG_IPV6 */ | |
111 | ||
112 | if (hapd->conf->nas_identifier && | |
113 | !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IDENTIFIER, | |
114 | (u8 *) hapd->conf->nas_identifier, | |
115 | os_strlen(hapd->conf->nas_identifier))) { | |
116 | printf("Could not add NAS-Identifier\n"); | |
117 | goto fail; | |
118 | } | |
119 | ||
120 | if (sta && | |
121 | !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT, sta->aid)) { | |
122 | printf("Could not add NAS-Port\n"); | |
123 | goto fail; | |
124 | } | |
125 | ||
126 | os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT ":%s", | |
127 | MAC2STR(hapd->own_addr), hapd->conf->ssid.ssid); | |
128 | if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLED_STATION_ID, | |
129 | (u8 *) buf, os_strlen(buf))) { | |
130 | printf("Could not add Called-Station-Id\n"); | |
131 | goto fail; | |
132 | } | |
133 | ||
134 | if (sta) { | |
135 | os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT, | |
136 | MAC2STR(sta->addr)); | |
137 | if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID, | |
138 | (u8 *) buf, os_strlen(buf))) { | |
139 | printf("Could not add Calling-Station-Id\n"); | |
140 | goto fail; | |
141 | } | |
142 | ||
143 | if (!radius_msg_add_attr_int32( | |
144 | msg, RADIUS_ATTR_NAS_PORT_TYPE, | |
145 | RADIUS_NAS_PORT_TYPE_IEEE_802_11)) { | |
146 | printf("Could not add NAS-Port-Type\n"); | |
147 | goto fail; | |
148 | } | |
149 | ||
150 | os_snprintf(buf, sizeof(buf), "CONNECT %d%sMbps %s", | |
151 | radius_sta_rate(hapd, sta) / 2, | |
152 | (radius_sta_rate(hapd, sta) & 1) ? ".5" : "", | |
153 | radius_mode_txt(hapd)); | |
154 | if (!radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO, | |
155 | (u8 *) buf, os_strlen(buf))) { | |
156 | printf("Could not add Connect-Info\n"); | |
157 | goto fail; | |
158 | } | |
159 | ||
160 | for (i = 0; ; i++) { | |
161 | val = ieee802_1x_get_radius_class(sta->eapol_sm, &len, | |
162 | i); | |
163 | if (val == NULL) | |
164 | break; | |
165 | ||
166 | if (!radius_msg_add_attr(msg, RADIUS_ATTR_CLASS, | |
167 | val, len)) { | |
168 | printf("Could not add Class\n"); | |
169 | goto fail; | |
170 | } | |
171 | } | |
172 | } | |
173 | ||
174 | return msg; | |
175 | ||
176 | fail: | |
177 | radius_msg_free(msg); | |
178 | os_free(msg); | |
179 | return NULL; | |
180 | } | |
181 | ||
182 | ||
183 | static int accounting_sta_update_stats(struct hostapd_data *hapd, | |
184 | struct sta_info *sta, | |
185 | struct hostap_sta_driver_data *data) | |
186 | { | |
187 | if (hostapd_read_sta_data(hapd, data, sta->addr)) | |
188 | return -1; | |
189 | ||
190 | if (sta->last_rx_bytes > data->rx_bytes) | |
191 | sta->acct_input_gigawords++; | |
192 | if (sta->last_tx_bytes > data->tx_bytes) | |
193 | sta->acct_output_gigawords++; | |
194 | sta->last_rx_bytes = data->rx_bytes; | |
195 | sta->last_tx_bytes = data->tx_bytes; | |
196 | ||
197 | hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, | |
198 | HOSTAPD_LEVEL_DEBUG, "updated TX/RX stats: " | |
199 | "Acct-Input-Octets=%lu Acct-Input-Gigawords=%u " | |
200 | "Acct-Output-Octets=%lu Acct-Output-Gigawords=%u", | |
201 | sta->last_rx_bytes, sta->acct_input_gigawords, | |
202 | sta->last_tx_bytes, sta->acct_output_gigawords); | |
203 | ||
204 | return 0; | |
205 | } | |
206 | ||
207 | ||
208 | static void accounting_interim_update(void *eloop_ctx, void *timeout_ctx) | |
209 | { | |
210 | struct hostapd_data *hapd = eloop_ctx; | |
211 | struct sta_info *sta = timeout_ctx; | |
212 | int interval; | |
213 | ||
214 | if (sta->acct_interim_interval) { | |
215 | accounting_sta_interim(hapd, sta); | |
216 | interval = sta->acct_interim_interval; | |
217 | } else { | |
218 | struct hostap_sta_driver_data data; | |
219 | accounting_sta_update_stats(hapd, sta, &data); | |
220 | interval = ACCT_DEFAULT_UPDATE_INTERVAL; | |
221 | } | |
222 | ||
223 | eloop_register_timeout(interval, 0, accounting_interim_update, | |
224 | hapd, sta); | |
225 | } | |
226 | ||
227 | ||
228 | void accounting_sta_start(struct hostapd_data *hapd, struct sta_info *sta) | |
229 | { | |
230 | struct radius_msg *msg; | |
231 | int interval; | |
232 | ||
233 | if (sta->acct_session_started) | |
234 | return; | |
235 | ||
2fc98d02 JM |
236 | accounting_sta_get_id(hapd, sta); |
237 | hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, | |
238 | HOSTAPD_LEVEL_INFO, | |
239 | "starting accounting session %08X-%08X", | |
240 | sta->acct_session_id_hi, sta->acct_session_id_lo); | |
241 | ||
6fc6879b JM |
242 | time(&sta->acct_session_start); |
243 | sta->last_rx_bytes = sta->last_tx_bytes = 0; | |
244 | sta->acct_input_gigawords = sta->acct_output_gigawords = 0; | |
245 | hostapd_sta_clear_stats(hapd, sta->addr); | |
246 | ||
247 | if (!hapd->conf->radius->acct_server) | |
248 | return; | |
249 | ||
250 | if (sta->acct_interim_interval) | |
251 | interval = sta->acct_interim_interval; | |
252 | else | |
253 | interval = ACCT_DEFAULT_UPDATE_INTERVAL; | |
254 | eloop_register_timeout(interval, 0, accounting_interim_update, | |
255 | hapd, sta); | |
256 | ||
257 | msg = accounting_msg(hapd, sta, RADIUS_ACCT_STATUS_TYPE_START); | |
258 | if (msg) | |
259 | radius_client_send(hapd->radius, msg, RADIUS_ACCT, sta->addr); | |
260 | ||
261 | sta->acct_session_started = 1; | |
262 | } | |
263 | ||
264 | ||
7e5ba1b9 JM |
265 | static void accounting_sta_report(struct hostapd_data *hapd, |
266 | struct sta_info *sta, int stop) | |
6fc6879b JM |
267 | { |
268 | struct radius_msg *msg; | |
269 | int cause = sta->acct_terminate_cause; | |
270 | struct hostap_sta_driver_data data; | |
271 | u32 gigawords; | |
272 | ||
273 | if (!hapd->conf->radius->acct_server) | |
274 | return; | |
275 | ||
276 | msg = accounting_msg(hapd, sta, | |
277 | stop ? RADIUS_ACCT_STATUS_TYPE_STOP : | |
278 | RADIUS_ACCT_STATUS_TYPE_INTERIM_UPDATE); | |
279 | if (!msg) { | |
280 | printf("Could not create RADIUS Accounting message\n"); | |
281 | return; | |
282 | } | |
283 | ||
284 | if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_SESSION_TIME, | |
285 | time(NULL) - sta->acct_session_start)) { | |
286 | printf("Could not add Acct-Session-Time\n"); | |
287 | goto fail; | |
288 | } | |
289 | ||
290 | if (accounting_sta_update_stats(hapd, sta, &data) == 0) { | |
291 | if (!radius_msg_add_attr_int32(msg, | |
292 | RADIUS_ATTR_ACCT_INPUT_PACKETS, | |
293 | data.rx_packets)) { | |
294 | printf("Could not add Acct-Input-Packets\n"); | |
295 | goto fail; | |
296 | } | |
297 | if (!radius_msg_add_attr_int32(msg, | |
298 | RADIUS_ATTR_ACCT_OUTPUT_PACKETS, | |
299 | data.tx_packets)) { | |
300 | printf("Could not add Acct-Output-Packets\n"); | |
301 | goto fail; | |
302 | } | |
303 | if (!radius_msg_add_attr_int32(msg, | |
304 | RADIUS_ATTR_ACCT_INPUT_OCTETS, | |
305 | data.rx_bytes)) { | |
306 | printf("Could not add Acct-Input-Octets\n"); | |
307 | goto fail; | |
308 | } | |
309 | gigawords = sta->acct_input_gigawords; | |
310 | #if __WORDSIZE == 64 | |
311 | gigawords += data.rx_bytes >> 32; | |
312 | #endif | |
313 | if (gigawords && | |
314 | !radius_msg_add_attr_int32( | |
315 | msg, RADIUS_ATTR_ACCT_INPUT_GIGAWORDS, | |
316 | gigawords)) { | |
317 | printf("Could not add Acct-Input-Gigawords\n"); | |
318 | goto fail; | |
319 | } | |
320 | if (!radius_msg_add_attr_int32(msg, | |
321 | RADIUS_ATTR_ACCT_OUTPUT_OCTETS, | |
322 | data.tx_bytes)) { | |
323 | printf("Could not add Acct-Output-Octets\n"); | |
324 | goto fail; | |
325 | } | |
326 | gigawords = sta->acct_output_gigawords; | |
327 | #if __WORDSIZE == 64 | |
328 | gigawords += data.tx_bytes >> 32; | |
329 | #endif | |
330 | if (gigawords && | |
331 | !radius_msg_add_attr_int32( | |
332 | msg, RADIUS_ATTR_ACCT_OUTPUT_GIGAWORDS, | |
333 | gigawords)) { | |
334 | printf("Could not add Acct-Output-Gigawords\n"); | |
335 | goto fail; | |
336 | } | |
337 | } | |
338 | ||
339 | if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_EVENT_TIMESTAMP, | |
340 | time(NULL))) { | |
341 | printf("Could not add Event-Timestamp\n"); | |
342 | goto fail; | |
343 | } | |
344 | ||
345 | if (eloop_terminated()) | |
346 | cause = RADIUS_ACCT_TERMINATE_CAUSE_ADMIN_REBOOT; | |
347 | ||
348 | if (stop && cause && | |
349 | !radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_TERMINATE_CAUSE, | |
350 | cause)) { | |
351 | printf("Could not add Acct-Terminate-Cause\n"); | |
352 | goto fail; | |
353 | } | |
354 | ||
355 | radius_client_send(hapd->radius, msg, | |
356 | stop ? RADIUS_ACCT : RADIUS_ACCT_INTERIM, | |
357 | sta->addr); | |
358 | return; | |
359 | ||
360 | fail: | |
361 | radius_msg_free(msg); | |
362 | os_free(msg); | |
363 | } | |
364 | ||
365 | ||
366 | void accounting_sta_interim(struct hostapd_data *hapd, struct sta_info *sta) | |
367 | { | |
368 | if (sta->acct_session_started) | |
369 | accounting_sta_report(hapd, sta, 0); | |
370 | } | |
371 | ||
372 | ||
373 | void accounting_sta_stop(struct hostapd_data *hapd, struct sta_info *sta) | |
374 | { | |
375 | if (sta->acct_session_started) { | |
376 | accounting_sta_report(hapd, sta, 1); | |
377 | eloop_cancel_timeout(accounting_interim_update, hapd, sta); | |
2fc98d02 JM |
378 | hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, |
379 | HOSTAPD_LEVEL_INFO, | |
380 | "stopped accounting session %08X-%08X", | |
381 | sta->acct_session_id_hi, | |
382 | sta->acct_session_id_lo); | |
6fc6879b JM |
383 | sta->acct_session_started = 0; |
384 | } | |
385 | } | |
386 | ||
387 | ||
2fc98d02 JM |
388 | static void accounting_sta_get_id(struct hostapd_data *hapd, |
389 | struct sta_info *sta) | |
6fc6879b JM |
390 | { |
391 | sta->acct_session_id_lo = hapd->acct_session_id_lo++; | |
392 | if (hapd->acct_session_id_lo == 0) { | |
393 | hapd->acct_session_id_hi++; | |
394 | } | |
395 | sta->acct_session_id_hi = hapd->acct_session_id_hi; | |
396 | } | |
397 | ||
398 | ||
399 | /* Process the RADIUS frames from Accounting Server */ | |
400 | static RadiusRxResult | |
401 | accounting_receive(struct radius_msg *msg, struct radius_msg *req, | |
402 | u8 *shared_secret, size_t shared_secret_len, void *data) | |
403 | { | |
404 | if (msg->hdr->code != RADIUS_CODE_ACCOUNTING_RESPONSE) { | |
405 | printf("Unknown RADIUS message code\n"); | |
406 | return RADIUS_RX_UNKNOWN; | |
407 | } | |
408 | ||
409 | if (radius_msg_verify(msg, shared_secret, shared_secret_len, req, 0)) { | |
410 | printf("Incoming RADIUS packet did not have correct " | |
411 | "Authenticator - dropped\n"); | |
412 | return RADIUS_RX_INVALID_AUTHENTICATOR; | |
413 | } | |
414 | ||
415 | return RADIUS_RX_PROCESSED; | |
416 | } | |
417 | ||
418 | ||
419 | static void accounting_report_state(struct hostapd_data *hapd, int on) | |
420 | { | |
421 | struct radius_msg *msg; | |
422 | ||
423 | if (!hapd->conf->radius->acct_server || hapd->radius == NULL) | |
424 | return; | |
425 | ||
426 | /* Inform RADIUS server that accounting will start/stop so that the | |
427 | * server can close old accounting sessions. */ | |
428 | msg = accounting_msg(hapd, NULL, | |
429 | on ? RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_ON : | |
430 | RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_OFF); | |
431 | if (!msg) | |
432 | return; | |
433 | ||
434 | if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_TERMINATE_CAUSE, | |
435 | RADIUS_ACCT_TERMINATE_CAUSE_NAS_REBOOT)) | |
436 | { | |
437 | printf("Could not add Acct-Terminate-Cause\n"); | |
438 | radius_msg_free(msg); | |
439 | os_free(msg); | |
440 | return; | |
441 | } | |
442 | ||
443 | radius_client_send(hapd->radius, msg, RADIUS_ACCT, NULL); | |
444 | } | |
445 | ||
446 | ||
447 | int accounting_init(struct hostapd_data *hapd) | |
448 | { | |
449 | /* Acct-Session-Id should be unique over reboots. If reliable clock is | |
450 | * not available, this could be replaced with reboot counter, etc. */ | |
451 | hapd->acct_session_id_hi = time(NULL); | |
452 | ||
453 | if (radius_client_register(hapd->radius, RADIUS_ACCT, | |
454 | accounting_receive, hapd)) | |
455 | return -1; | |
456 | ||
457 | accounting_report_state(hapd, 1); | |
458 | ||
459 | return 0; | |
460 | } | |
461 | ||
462 | ||
463 | void accounting_deinit(struct hostapd_data *hapd) | |
464 | { | |
465 | accounting_report_state(hapd, 0); | |
466 | } | |
467 | ||
468 | ||
469 | int accounting_reconfig(struct hostapd_data *hapd, | |
470 | struct hostapd_config *oldconf) | |
471 | { | |
472 | if (!hapd->radius_client_reconfigured) | |
473 | return 0; | |
474 | ||
475 | accounting_deinit(hapd); | |
476 | return accounting_init(hapd); | |
477 | } |