Wireshark · Ethereal-users: AW: [Ethereal-users] New to list: RADIUS VSA decode?

Ethereal-users: AW: [Ethereal-users] New to list: RADIUS VSA decode?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Stefan Auweiler" <stefan@xxxxxxxxxxxxxxxx>
Date: Wed, 4 Jun 2003 08:55:00 +0200
Wow Martin, 
I'm deeply impressed.
Thanks you. I will follow that hint, add the attributes and will check if I
can compile it all together.

What do I have to prepare for compiling the windows version? Which compiler
do I have to use? I'm not very familiar with that. I have MS C++ out of MS
Visual Studio 6.0 available. Will this be enough? And what then?

Is there possibly anyone out there, who would do this for me (please!)? I'd
do the changes and add the VSAs and would hand it over.

Thank you.


Rg.
Stefan (Germany)



> -----Ursprüngliche Nachricht-----
> Von: Martin Regner [mailto:martin.regner@xxxxxxxxx] 
> Gesendet: Mittwoch, 4. Juni 2003 07:36
> An: Stefan Auweiler
> Betreff: Re: [Ethereal-users] New to list: RADIUS VSA decode?
> 
> 
> Stefan Auweiler wrote:
> <I got a snoop file from a RADIUS Server, where some Cisco 
> VSAs are in. <Is there a solution, to get theses VSAs 
> decoded? <I've converted the file to a windows sniffer format 
> and a friend could print <it for me into an pdf. But that's 
> not the real experience !?! < <It seems that there is a 
> dictionary support like the DIAMETER dictionary. < <Is there 
> anybody out there, who can give me a hint?
> 
> There is no dictionary support in the RADIUS dissector, so 
> you have to add the VSAs into the source code and compile 
> Ethereal or get someone else to add them. 
> 
> Then of course it could be good to send in a patch so that 
> the new attributes are added to the standard version.
> 
> It's the file packet-radius.c that has to be changed. 
> http://www.ethereal.com/cgi-bin/viewcvs.cgi/ethereal/packet-ra
> dius.c?rev=HEAD&content-type=text/vnd.viewcvs-markup
> 
> There is already today support for some Cisco VSAs (Vendor id 
> 9) and some other VSAs, e.g. Shiva (vendor id 166).
> 
> According to the comments in the code the following documents 
> was used to get info about the Cisco VSAs:
> 
>  'dictionary.cisco' file from FreeRADIUS
>   http://www.freeradius.org/radiusd/raddb/dictionary.cisco
> 
>  
> http://www.cisco.com/univercd/cc/td/doc/product/access/acs_ser
> v/vapp_dev/vsaig3.htm
> 
>  
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios12
> 2/122cgcr/fsecur_c/fappendx/fradattr/scfrdat3.pdf
>  http://www.missl.cs.umd.edu/wireless/ethereal/cisco-vsa.pdf
> 
> If the vendor id is 9 for the VSAs in your captures then it 
> should just be to add the new attribute id:s to the existing 
> value_value_string radius_vendor_cisco_attrib[] definition.
> 
> If the new attributes are normal RADIUS_STRING attributes, 
> RADIUS_INTEGER4 attributes or similar then it's very 
> straightforward. Otherwise there is a little more work, you 
> could for example see that attribute VSA 195 is decoded as a 
> CISCO_DISCONNECT_CAUSE, and then there is some specific code 
> to handle that.
> 
> Some Radius servers has some dictionary files, e.g. 
> OpenRadius and Gnu-radius 
> http://www.gnu.org/software/radius/radius.html#downloading
> http://www.xs4all.nl/~evbergen/openradius/contrib-vsas.html
> 
> You can maybe find a dictionary file that describes the VSAs 
> that are missing, so that you know what the VSAs mean.
> 
> Below is an extract from the current Ethereal code.
> 
> So for example a VSA vith vendor id Cisco (9) and attribute 
> id 3 is dissected as a RADIUS_STRING attribute and will be 
> indicated as "Fax Account Id Origin".
> 
> VSA with vendor id Cisco (9) and attribute id 255 will be 
> dissected as a RADIUS_INTEGER4 atrtribute and will be 
> indicated as "Cisco Xmit Rate".
> 
> static value_value_string radius_vendor_cisco_attrib[] =
> {
>   /* stanard attributes */
>   {1, RADIUS_STRING,  "Cisco AV Pair"},
>   {2, RADIUS_STRING,  "Cisco NAS Port"},
>   /* fax */
>   {3, RADIUS_STRING,  "Fax Account Id Origin"},
>   {4, RADIUS_STRING,  "Fax Msg Id"},
>   {5, RADIUS_STRING,  "Fax Pages"},
>   {6, RADIUS_STRING,  "Fax Cover Page Flag"},
>   {7, RADIUS_STRING,  "Fax Modem Time"},
>   {8, RADIUS_STRING,  "Fax Connect Speed"},
>   {9, RADIUS_STRING,  "Fax Recipent Count"},
>   {10, RADIUS_STRING,  "Fax Process Abort Flag"},
>   {11, RADIUS_STRING,  "Fax DSN Address"},
>   {12, RADIUS_STRING,  "Fax DSN Flag"},
>   {13, RADIUS_STRING,  "Fax MDN Address"},
>   {14, RADIUS_STRING,  "Fax MDN Flag"},
>   {15, RADIUS_STRING,  "Fax Auth Status"},
>   {16, RADIUS_STRING,  "Email Server Address"},
>   {17, RADIUS_STRING,  "Email Server Ack Flag"},
>   {18, RADIUS_STRING,  "Gateway Id"},
>   {19, RADIUS_STRING,  "Call Type"},
>   {20, RADIUS_STRING,  "Port Used"},
>   {21, RADIUS_STRING,  "Abort Cause"},
>   /* #22 */
>   /* H323 - Voice over IP attributes. */
>   {23, RADIUS_STRING,  "H323 Remote Address"},
>   {24, RADIUS_STRING,  "H323 Conf Id"},
>   {25, RADIUS_STRING,  "H323 Setup Time"},
>   {26, RADIUS_STRING,  "H323 Call Origin"},
>   {27, RADIUS_STRING,  "H323 Call Type"},
>   {28, RADIUS_STRING,  "H323 Connect Time"},
>   {29, RADIUS_STRING,  "H323 Disconnect Time"},
>   {30, RADIUS_STRING,  "H323 Disconnect Cause"},
>   {31, RADIUS_STRING,  "H323 Voice Quality"},
>   /* #32 */
>   {33, RADIUS_STRING,  "H323 GW Id"},
>   /* #34 */
>   {35, RADIUS_STRING,  "H323 Incoming Conf Id"},
>   /* #36-#100 */
>   {101, RADIUS_STRING,  "H323 Credit Amount"},
>   {102, RADIUS_STRING,  "H323 Credit Time"},
>   {103, RADIUS_STRING,  "H323 Return Code"},
>   {104, RADIUS_STRING,  "H323 Prompt Id"},
>   {105, RADIUS_STRING,  "H323 Time And Day"},
>   {106, RADIUS_STRING,  "H323 Redirect Number"},
>   {107, RADIUS_STRING,  "H323 Preferred Lang"},
>   {108, RADIUS_STRING,  "H323 Redirect Ip Address"},
>   {109, RADIUS_STRING,  "H323 Billing Model"},
>   {110, RADIUS_STRING,  "H323 Currency Type"},
>   /* #111-#186 */
> /*
>        Extra attributes sent by the Cisco, if you configure
>        "radius-server vsa accounting" (requires IOS11.2+).
> */
>   {187, RADIUS_INTEGER4, "Cisco Multilink ID"},
>   {188, RADIUS_INTEGER4, "Cisco Num In Multilink"},
>   /* #189 */
>   {190, RADIUS_INTEGER4, "Cisco Pre Input Octets"},
>   {191, RADIUS_INTEGER4, "Cisco Pre Output Octets"},
>   {192, RADIUS_INTEGER4, "Cisco Pre Input Packets"},
>   {193, RADIUS_INTEGER4, "Cisco Pre Output Packets"},
>   {194, RADIUS_INTEGER4, "Cisco Maximum Time"},
>   {195, CISCO_DISCONNECT_CAUSE, "Cisco Disconnect Cause"},
>   /* #196 */
>   {197, RADIUS_INTEGER4, "Cisco Data Rate"},
>   {198, RADIUS_INTEGER4, "Cisco PreSession Time"},
>   /* #199-#207 */
>   {208, RADIUS_INTEGER4, "Cisco PW Lifetime"},
>   {209, RADIUS_INTEGER4, "Cisco IP Direct"},
>   {210, RADIUS_INTEGER4, "Cisco PPP VJ Slot Comp"},
>   /* #211 */
>   {212, RADIUS_INTEGER4, "Cisco PPP Async Map"},
>   /* #213-#216 */
>   {217, RADIUS_INTEGER4, "Cisco IP Pool Definition"},
>   {218, RADIUS_INTEGER4, "Cisco Asing IP Pool"},
>   /* #219-#227 */
>   {228, RADIUS_INTEGER4, "Cisco Route IP"},
>   /* #229-#232 */
>   {233, RADIUS_INTEGER4, "Cisco Link Compression"},
>   {234, RADIUS_INTEGER4, "Cisco Target Util"},
>   {235, RADIUS_INTEGER4, "Cisco Maximum Channels"},
>   /* #236-#241 */
>   {242, RADIUS_INTEGER4, "Cisco Data Filter"},
>   {243, RADIUS_INTEGER4, "Cisco Call Filter"},
>   {244, RADIUS_INTEGER4, "Cisco Idle Limit"},
>   {255, RADIUS_INTEGER4, "Cisco Xmit Rate"},
>   {0, 0, NULL}
> };
> 
> If the Vendor id is not 9 then you have to add to add some 
> more stuff. 
> 
> Below is some extracts from the source code.
> 
> #define VENDOR_ACC   5
> #define VENDOR_CISCO   9
> #define VENDOR_SHIVA   166
> #define VENDOR_LIVINGSTON  307
> #define VENDOR_MICROSOFT  311
> #define VENDOR_3COM   429
> #define VENDOR_ASCEND   529
> #define VENDOR_BAY   1584
> #define VENDOR_FOUNDRY   1991
> #define VENDOR_VERSANET   2180
> #define VENDOR_REDBACK   2352
> #define VENDOR_JUNIPER   2636
> #define VENDOR_APTIS   2637
> #define VENDOR_COSINE   3085
> #define VENDOR_SHASTA   3199
> #define VENDOR_NOMADIX   3309
> #define VENDOR_UNISPHERE  4874
> #define VENDOR_ISSANNI   5948
> #define VENDOR_QUINTUM   6618
> #define VENDOR_COLUBRIS   8744
> #define VENDOR_COLUMBIA_UNIVERSITY 11862
> #define VENDOR_THE3GPP   10415
> 
> 
> static value_string radius_vendor_specific_vendors[] =
> {
>   {VENDOR_ACC,   "ACC"},
>   {VENDOR_CISCO,  "Cisco"},
>   {VENDOR_SHIVA,  "Shiva"},
> 
> static rd_vsa_table radius_vsa_table[] =
> {
>   {VENDOR_ACC,   radius_vendor_acc_attrib},
>   {VENDOR_CISCO,  radius_vendor_cisco_attrib},
>   {VENDOR_SHIVA,  radius_vendor_shiva_attrib},
> 
> 
> You could maybe find some description of the VSAs by 
> searching with Google:
> 
> 
> The following message sent to ethereal-dev mailing list 
> indicates a patch to add some CoSine vendor specific 
> attributes. There is also a sample capture pppoe_radauth.cap 
> attached to the message.
> 
http://www.ethereal.com/lists/ethereal-dev/200110/msg00000.html

and here are some more ...

http://www.ethereal.com/lists/ethereal-dev/200109/msg00118.html

http://www.ethereal.com/lists/ethereal-dev/200203/msg00294.html
Prev by Date: [Ethereal-users] development doubt.
Next by Date: Re: AW: [Ethereal-users] New to list: RADIUS VSA decode?
Previous by thread: [Ethereal-users] development doubt.
Next by thread: Re: AW: [Ethereal-users] New to list: RADIUS VSA decode?
Index(es):
- Date
- Thread