From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 14 Sep 2023 19:25:34 +0000 (-0400)
Subject: decode WiMAX as nested
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=15515716478a071d6c75b30fd50fc5d80cbb95de;p=thirdparty%2Ffreeradius-server.git

decode WiMAX as nested
---

diff --git a/src/protocols/radius/decode.c b/src/protocols/radius/decode.c
index 73399332d7c..9e68836aba8 100644
--- a/src/protocols/radius/decode.c
+++ b/src/protocols/radius/decode.c
@@ -1041,6 +1041,7 @@ static ssize_t decode_wimax(TALLOC_CTX *ctx, fr_pair_list_t *out,
 	uint8_t			*head, *tail;
 	uint8_t	const		*attr, *end;
 	fr_dict_attr_t const	*da;
+	fr_pair_t		*vsa, *vendor;
 
 #ifdef STATIC_ANALYZER
 	if (!packet_ctx->tmp_ctx) return -1;
@@ -1073,17 +1074,21 @@ static ssize_t decode_wimax(TALLOC_CTX *ctx, fr_pair_list_t *out,
 		return -1;
 	}
 
+	if (fr_pair_find_or_append_by_da(ctx, &vsa, out, attr_vendor_specific) < 0) return PAIR_DECODE_OOM;
+
+	if (fr_pair_find_or_append_by_da(vsa, &vendor, &vsa->vp_group, parent) < 0) return PAIR_DECODE_OOM;
+
 	da = fr_dict_attr_child_by_num(parent, data[4]);
 	if (!da) da = fr_dict_unknown_attr_afrom_num(packet_ctx->tmp_ctx, parent, data[4]);
 	if (!da) return -1;
 	FR_PROTO_TRACE("decode context changed %s -> %s", da->parent->name, da->name);
 
 	/*
-	 *	No continuation, just decode the attributre in place.
+	 *	No continuation, just decode the attribute in place.
 	 */
 	if ((data[6] & 0x80) == 0) {
 		FR_PROTO_TRACE("WiMAX no continuation");
-		ret = fr_radius_decode_pair_value(ctx, out,
+		ret = fr_radius_decode_pair_value(vendor, &vendor->vp_group,
 						  da, data + 7, data[5] - 3, packet_ctx);
 		if (ret < 0) return ret;
 
@@ -1369,9 +1374,9 @@ static ssize_t  CC_HINT(nonnull) decode_vsa(TALLOC_CTX *ctx, fr_pair_list_t *out
 	 *	Vendor-Specific.  If so, loop over them all.
 	 */
 create_attrs:
-	if (fr_pair_find_or_append_by_da(ctx, &vsa, out, parent) < 0) return  PAIR_DECODE_OOM;
+	if (fr_pair_find_or_append_by_da(ctx, &vsa, out, parent) < 0) return PAIR_DECODE_OOM;
 
-	if (fr_pair_find_or_append_by_da(vsa, &vendor, &vsa->vp_group, vendor_da) < 0) return  PAIR_DECODE_OOM;
+	if (fr_pair_find_or_append_by_da(vsa, &vendor, &vsa->vp_group, vendor_da) < 0) return PAIR_DECODE_OOM;
 
 	data += 4;
 	attr_len -= 4;
diff --git a/src/tests/unit/protocols/radius/wimax.txt b/src/tests/unit/protocols/radius/wimax.txt
index b71e7f52bf9..25edadb0802 100644
--- a/src/tests/unit/protocols/radius/wimax.txt
+++ b/src/tests/unit/protocols/radius/wimax.txt
@@ -9,19 +9,19 @@ encode-pair Vendor-Specific.WiMAX.Capability.Release  = "1.0"
 match 1a 0e 00 00 60 b5 01 08 00 01 05 31 2e 30
 
 decode-pair -
-match Vendor-Specific.WiMAX.Capability = { Release = "1.0" }
+match Vendor-Specific = { WiMAX = { Capability = { Release = "1.0" } } }
 
 encode-pair Vendor-Specific.WiMAX.Capability.Accounting-Capabilities = 1
 match 1a 0c 00 00 60 b5 01 06 00 02 03 01
 
 decode-pair -
-match Vendor-Specific.WiMAX.Capability = { Accounting-Capabilities = IP-Session-Based }
+match Vendor-Specific = { WiMAX = { Capability = { Accounting-Capabilities = IP-Session-Based } } }
 
 encode-pair Vendor-Specific.WiMAX.Capability.Release = "1.0", Vendor-Specific.WiMAX.Capability.Accounting-Capabilities = 1
 match 1a 11 00 00 60 b5 01 0b 00 01 05 31 2e 30 02 03 01
 
 decode-pair -
-match Vendor-Specific.WiMAX.Capability = { Release = "1.0", Accounting-Capabilities = IP-Session-Based }
+match Vendor-Specific = { WiMAX = { Capability = { Release = "1.0", Accounting-Capabilities = IP-Session-Based } } }
 
 encode-pair -
 match 1a 11 00 00 60 b5 01 0b 00 01 05 31 2e 30 02 03 01
@@ -88,10 +88,10 @@ encode-pair Vendor-Specific.WiMAX.Packet-Flow-Descriptor-v2.Classifier.Direction
 match 1a 14 00 00 60 b5 54 0e 00 09 0b 04 03 01 05 06 04 04 1a 99
 
 decode-pair -
-match Vendor-Specific.WiMAX.Packet-Flow-Descriptor-v2 = { Classifier = { Direction = 1, Src-Spec = { Port = 6809 } } }
+match Vendor-Specific = { WiMAX = { Packet-Flow-Descriptor-v2 = { Classifier = { Direction = 1, Src-Spec = { Port = 6809 } } } } }
 
 decode-pair 1a 11 00 00 60 b5 54 0b 00 09 08 05 06 04 04 1a 99
-match Vendor-Specific.WiMAX.Packet-Flow-Descriptor-v2 = { Classifier = { Src-Spec = { Port = 6809 } } }
+match Vendor-Specific = { WiMAX = { Packet-Flow-Descriptor-v2 = { Classifier = { Src-Spec = { Port = 6809 } } } } }
 
 encode-pair -
 match 1a 11 00 00 60 b5 54 0b 00 09 08 05 06 04 04 1a 99
@@ -100,15 +100,12 @@ match 1a 11 00 00 60 b5 54 0b 00 09 08 05 06 04 04 1a 99
 # 26.24757.84.9.5 has the correct length.
 # 26.24757.84.9.5.4 has the wrong length.
 decode-pair 1a 14 00 00 60 b5 54 0e 00 09 0b 04 03 01 05 06 04 05 1a 99
-match Vendor-Specific.WiMAX.Packet-Flow-Descriptor-v2 = { Classifier = { Direction = 1, raw.Src-Spec = 0x04051a99 } }
+match Vendor-Specific = { WiMAX = { Packet-Flow-Descriptor-v2 = { Classifier = { Direction = 1, raw.Src-Spec = 0x04051a99 } } } }
 
 # The 26.24757.1 has the wrong length
 decode-pair 1a 11 00 00 60 b5 01 0a 00 01 05 31 2e 30 02 03 01
 match raw.Vendor-Specific = 0x000060b5010a000105312e30020301
 
-encode-pair -
-match 1a 11 00 00 60 b5 01 0a 00 01 05 31 2e 30 02 03 01
-
 decode-pair 1a 11 00 00 60 b5 01 0c 00 01 05 31 2e 30 02 03 01
 match raw.Vendor-Specific = 0x000060b5010c000105312e30020301
 
@@ -117,10 +114,10 @@ match 1a 11 00 00 60 b5 01 0c 00 01 05 31 2e 30 02 03 01
 
 # 26.24757.1.1 has the wrong length
 decode-pair 1a 11 00 00 60 b5 01 0b 00 01 04 31 2e 30 02 03 01
-match raw.Vendor-Specific.WiMAX.Capability = 0x0104312e30020301
+match Vendor-Specific = { WiMAX = { raw.Capability = 0x0104312e30020301 } }
 
 decode-pair 1a 11 00 00 60 b5 01 0b 00 01 06 31 2e 30 02 03 01
-match raw.Vendor-Specific.WiMAX.Capability = 0x0106312e30020301
+match Vendor-Specific = { WiMAX = { raw.Capability = 0x0106312e30020301 } }
 
 encode-pair -
 match 1a 11 00 00 60 b5 01 0b 00 01 06 31 2e 30 02 03 01
@@ -150,7 +147,7 @@ match 1a 11 00 00 60 b5 01 0b 00 01 06 31 2e 30 02 03 01
 
 # 26.24757.1.2 has the wrong length
 decode-pair 1a 11 00 00 60 b5 01 0b 00 01 05 31 2e 30 02 02 01
-match raw.Vendor-Specific.WiMAX.Capability = 0x0105312e30020201
+match Vendor-Specific = { WiMAX = { raw.Capability = 0x0105312e30020201 } }
 
 encode-pair -
 match 1a 11 00 00 60 b5 01 0b 00 01 05 31 2e 30 02 02 01
@@ -162,7 +159,7 @@ match 1a 11 00 00 60 b5 01 0b 00 01 05 31 2e 30 02 02 01
 # 26.24757.1.2 has the wrong length
 # This means that 26.24757.1 is invalid, and we create a raw attribute.
 decode-pair 1a 11 00 00 60 b5 01 0b 00 01 05 31 2e 30 02 04 01
-match raw.Vendor-Specific.WiMAX.Capability = 0x0105312e30020401
+match Vendor-Specific = { WiMAX = { raw.Capability = 0x0105312e30020401 } }
 
 encode-pair -
 match 1a 11 00 00 60 b5 01 0b 00 01 05 31 2e 30 02 04 01
@@ -177,34 +174,34 @@ encode-pair Vendor-Specific.WiMAX.Packet-Flow-Descriptor-v2.Classifier.Classifie
 match 1a 15 00 00 60 b5 54 0f 00 09 0c 09 0a 03 08 01 03 37 02 03 54
 
 decode-pair -
-match Vendor-Specific.WiMAX.Packet-Flow-Descriptor-v2 = { Classifier = { Classifier-Eth-Option = { Eth-Priority-Range = { Low = 55, High = 84 } } } }
+match Vendor-Specific = { WiMAX = { Packet-Flow-Descriptor-v2 = { Classifier = { Classifier-Eth-Option = { Eth-Priority-Range = { Low = 55, High = 84 } } } } } }
 
 #  A less efficient encoding of the above data
 decode-pair 1a 17 00 00 60 b5 54 11 00 09 0e 09 0c 03 05 01 03 37 03 05 02 03 54
-match Vendor-Specific.WiMAX.Packet-Flow-Descriptor-v2 = { Classifier = { Classifier-Eth-Option = { Eth-Priority-Range = { Low = 55 }, Eth-Priority-Range = { High = 84 } } } }
+match Vendor-Specific = { WiMAX = { Packet-Flow-Descriptor-v2 = { Classifier = { Classifier-Eth-Option = { Eth-Priority-Range = { Low = 55 }, Eth-Priority-Range = { High = 84 } } } } } }
 
 # 26.24757.84.9.9.3.1 has the wrong length
 decode-pair 1a 15 00 00 60 b5 54 0f 00 09 0c 09 0a 03 08 01 04 37 02 03 54
-match Vendor-Specific.WiMAX.Packet-Flow-Descriptor-v2 = { Classifier = { Classifier-Eth-Option = { raw.Eth-Priority-Range = 0x010437020354 } } }
+match Vendor-Specific = { WiMAX = { Packet-Flow-Descriptor-v2 = { Classifier = { Classifier-Eth-Option = { raw.Eth-Priority-Range = 0x010437020354 } } } } }
 
 # 26.24757.84.9.9.3.2 has the wrong length
 decode-pair 1a 15 00 00 60 b5 54 0f 00 09 0c 09 0a 03 08 01 03 37 02 04 54
-match Vendor-Specific.WiMAX.Packet-Flow-Descriptor-v2 = { Classifier = { Classifier-Eth-Option = { raw.Eth-Priority-Range = 0x010337020454 } } }
+match Vendor-Specific = { WiMAX = { Packet-Flow-Descriptor-v2 = { Classifier = { Classifier-Eth-Option = { raw.Eth-Priority-Range = 0x010337020454 } } } } }
 
 # 26.24757.84.9.9.3.2 has the wrong length
 # This means that the SECOND 26.24757.84.9.9.3 is invalid.
 decode-pair 1a 17 00 00 60 b5 54 11 00 09 0e 09 0c 03 05 01 03 37 03 05 02 04 54
-match Vendor-Specific.WiMAX.Packet-Flow-Descriptor-v2 = { Classifier = { Classifier-Eth-Option = { Eth-Priority-Range = { Low = 55 }, raw.Eth-Priority-Range = 0x020454 } } }
+match Vendor-Specific = { WiMAX = { Packet-Flow-Descriptor-v2 = { Classifier = { Classifier-Eth-Option = { Eth-Priority-Range = { Low = 55 }, raw.Eth-Priority-Range = 0x020454 } } } } }
 
 # 26.24757.84.9.9.3.1 has the wrong length
 # This means that 26.24757.84.9.9.3 is invalid.
 decode-pair 1a 17 00 00 60 b5 54 11 00 09 0e 09 0c 03 05 01 02 37 03 05 02 03 54
-match Vendor-Specific.WiMAX.Packet-Flow-Descriptor-v2 = { Classifier = { Classifier-Eth-Option = { raw.Eth-Priority-Range = 0x010237, Eth-Priority-Range = { High = 84 } } } }
+match Vendor-Specific = { WiMAX = { Packet-Flow-Descriptor-v2 = { Classifier = { Classifier-Eth-Option = { raw.Eth-Priority-Range = 0x010237, Eth-Priority-Range = { High = 84 } } } } } }
 #
 #  Simple test for continued attributes
 #
 decode-pair 1a 0e 00 00 60 b5 01 08 80 01 05 31 2e 30 1a 0c 00 00 60 b5 01 06 00 02 03 00
-match Vendor-Specific.WiMAX.Capability = { Release = "1.0", Accounting-Capabilities = No-Accounting }
+match Vendor-Specific = { WiMAX = { } }, Vendor-Specific.WiMAX.Capability = { Release = "1.0", Accounting-Capabilities = No-Accounting }
 
 #
 #  See if encoding multiple attributes works
@@ -228,10 +225,10 @@ encode-pair Vendor-Specific.WiMAX.Packet-Flow-Descriptor.Packet-Data-Flow-Id :=
 match 1a 25 00 00 60 b5 1c 1f 00 01 04 00 20 02 04 00 20 03 06 00 00 00 20 01 04 00 21 02 04 00 21 03 06 00 00 00 21 1b 06 00 00 1c 20
 
 decode-pair -
-match Vendor-Specific.WiMAX.Packet-Flow-Descriptor = { Packet-Data-Flow-Id = 32, Service-Data-Flow-Id = 32, Service-Profile-Id = 32, Packet-Data-Flow-Id = 33, Service-Data-Flow-Id = 33, Service-Profile-Id = 33 }, Session-Timeout = 7200
+match Vendor-Specific = { WiMAX = { Packet-Flow-Descriptor = { Packet-Data-Flow-Id = 32, Service-Data-Flow-Id = 32, Service-Profile-Id = 32, Packet-Data-Flow-Id = 33, Service-Data-Flow-Id = 33, Service-Profile-Id = 33 } } }, Session-Timeout = 7200
 
 decode-pair 1a 17 00 00 60 b5 1c 11 00 01 04 00 20 02 04 00 20 03 06 00 00 00 20 1b 06 00 00 1c 20 1a 17 00 00 60 b5 1c 11 00 01 04 00 21 02 04 00 21 03 06 00 00 00 21
-match Vendor-Specific.WiMAX.Packet-Flow-Descriptor = { Packet-Data-Flow-Id = 32, Service-Data-Flow-Id = 32, Service-Profile-Id = 32 }, Session-Timeout = 7200, Vendor-Specific.WiMAX.Packet-Flow-Descriptor = { Packet-Data-Flow-Id = 33, Service-Data-Flow-Id = 33, Service-Profile-Id = 33 }
+match Vendor-Specific = { WiMAX = { Packet-Flow-Descriptor = { Packet-Data-Flow-Id = 32, Service-Data-Flow-Id = 32, Service-Profile-Id = 32 }, Packet-Flow-Descriptor = { Packet-Data-Flow-Id = 33, Service-Data-Flow-Id = 33, Service-Profile-Id = 33 } } }, Session-Timeout = 7200
 
 #
 #  For now, we disallow the create of VPs with an attribute of type TLV, and octets data.
@@ -251,7 +248,7 @@ encode-pair Vendor-Specific.WiMAX.Packet-Flow-Descriptor.Classifier.Src-Spec.IP-
 match 1a 1d 00 00 60 b5 1c 17 00 0b 14 05 12 01 06 7f 00 00 01 04 04 08 40 05 06 08 40 1a 99
 
 decode-pair -
-match Vendor-Specific.WiMAX.Packet-Flow-Descriptor = { Classifier = { Src-Spec = { IP-Address = 127.0.0.1, Port = 2112, Port-Range = { Start = 2112, End = 6809 } } } }
+match Vendor-Specific = { WiMAX = { Packet-Flow-Descriptor = { Classifier = { Src-Spec = { IP-Address = 127.0.0.1, Port = 2112, Port-Range = { Start = 2112, End = 6809 } } } } } }
 
 encode-pair Vendor-Specific.WiMAX.DNS-Server = ::1
 match 1a 19 00 00 60 b5 34 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
@@ -266,29 +263,28 @@ encode-pair Vendor-Specific.WiMAX.Capability.Release = "xxxxxxxxxxxxxxxxxxxxxxxx
 match 1a ff 00 00 60 b5 01 f9 80 01 fd 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 1a 10 00 00 60 b5 01 0a 00 78 78 78 78 78 78 78
 
 decode-pair -
-match Vendor-Specific.WiMAX.Capability = { Release = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" }
-
+match Vendor-Specific = { WiMAX = { } }, Vendor-Specific.WiMAX.Capability = { Release = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" }
 
 #
-#  If you're a vendor, don't do this.
+#  If you're a vendor, don't use the WiMAX format.  It's annoying.
 #
 encode-pair Vendor-Specific.Telrad.TSDF-Table.TSDF-Parameters.Reference-QOS-Profile-Name = "garbage"
 match 1a 14 00 00 14 cb 01 0e 00 03 0b 04 09 67 61 72 62 61 67 65
 
 decode-pair -
-match Vendor-Specific.Telrad.TSDF-Table = { TSDF-Parameters = { Reference-QOS-Profile-Name = "garbage" } }
+match Vendor-Specific = { Telrad = { TSDF-Table = { TSDF-Parameters = { Reference-QOS-Profile-Name = "garbage" } } } }
 
 encode-pair Vendor-Specific.WiMAX.Capability = { Release = "1.0" }
 match 1a 0e 00 00 60 b5 01 08 00 01 05 31 2e 30
 
 decode-pair -
-match Vendor-Specific.WiMAX.Capability = { Release = "1.0" }
+match  Vendor-Specific = { WiMAX = { Capability = { Release = "1.0" } } }
 
 encode-pair Vendor-Specific = { WiMAX = { Capability = { Release = "1.0" } } }
 match 1a 0e 00 00 60 b5 01 08 00 01 05 31 2e 30
 
 decode-pair -
-match Vendor-Specific.WiMAX.Capability = { Release = "1.0" }
+match Vendor-Specific = { WiMAX = { Capability = { Release = "1.0" } } }
 
 #
 #  two VSAs in "flat" form, create two VSAs.
@@ -303,8 +299,8 @@ encode-pair Vendor-Specific.WiMAX.Capability = { Release = "1.0", Accounting-Cap
 match 1a 11 00 00 60 b5 01 0b 00 01 05 31 2e 30 02 03 00
 
 decode-pair -
-match Vendor-Specific.WiMAX.Capability = { Release = "1.0", Accounting-Capabilities = No-Accounting }
+match Vendor-Specific = { WiMAX = { Capability = { Release = "1.0", Accounting-Capabilities = No-Accounting } } }
 
 
 count
-match 147
+match 145