Tunnel-Private-Group-ID undefined tag.
Nathan Ward
lists+freeradius at daork.net
Mon Jan 21 22:55:23 CET 2019
> On 22/01/2019, at 10:40 AM, Fabrice Durand <fdurand at inverse.ca> wrote:
>
> Sorry for the screen capture.
>
> Here the reply with tag equal to 1:
>
> Frame 6: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) on interface 0
> Ethernet II, Src: Vmware_1c:1f:3d (00:0c:29:1c:1f:3d), Dst: Vmware_9d:00:59 (00:50:56:9d:00:59)
> Internet Protocol Version 4, Src: 172.20.135.4, Dst: 172.20.110.250
> User Datagram Protocol, Src Port: 1812, Dst Port: 34863
> RADIUS Protocol
> Code: Access-Accept (2)
> Packet identifier: 0x86 (134)
> Length: 38
> Authenticator: 9bbbb286df738ecf24be871d7b95de37
> [This is a response to a request in frame 5]
> [Time from request: 0.011010775 seconds]
> Attribute Value Pairs
> AVP: t=Tunnel-Type(64) l=6 Tag=0x01 val=VLAN(13)
> AVP: t=Tunnel-Medium-Type(65) l=6 Tag=0x01 val=IEEE-802(6)
> AVP: t=Tunnel-Private-Group-Id(81) l=6 Tag=0x01 val=195
>
> And the one with the tag unset:
>
> Frame 6: 79 bytes on wire (632 bits), 79 bytes captured (632 bits) on interface 0
> Ethernet II, Src: Vmware_1c:1f:3d (00:0c:29:1c:1f:3d), Dst: Vmware_9d:00:59 (00:50:56:9d:00:59)
> Internet Protocol Version 4, Src: 172.20.135.4, Dst: 172.20.110.250
> User Datagram Protocol, Src Port: 1812, Dst Port: 34863
> RADIUS Protocol
> Code: Access-Accept (2)
> Packet identifier: 0x87 (135)
> Length: 37
> Authenticator: 50e7dce3cdc0c2d5391576d11372c573
> [This is a response to a request in frame 5]
> [Time from request: 0.003153571 seconds]
> Attribute Value Pairs
> AVP: t=Tunnel-Type(64) l=6 Tag=0x00 val=VLAN(13)
> AVP: t=Tunnel-Medium-Type(65) l=6 Tag=0x00 val=IEEE-802(6)
> AVP: t=Tunnel-Private-Group-Id(81) l=5 val=195
>
>
> You can see that when there is no tag then it miss Tag=0x00 for the attribute 81.
Ah, I see. String type attributes in RFC2868 have a different treatment to Integer types. What a weird solution.
String types (incl Tunnel-Private-Group-ID) permit tag to be 0x01-0x1F if it’s to be interpreted as a “tag”, and greater than 0x1F it is interpreted as the first byte of the string.
Either way 0x00 is not a permitted tag value for string attributes, set it to 1 through 31 if you require it to be set to something.
The “tag” in those other attributes is “unused” per the RFC.
--
Nathan Ward
More information about the Freeradius-Users
mailing list