2 * hostapd / RADIUS Accounting
3 * Copyright (c) 2002-2009, 2012-2015, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #include "utils/includes.h"
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "eapol_auth/eapol_auth_sm.h"
14 #include "eapol_auth/eapol_auth_sm_i.h"
15 #include "radius/radius.h"
16 #include "radius/radius_client.h"
18 #include "ieee802_1x.h"
19 #include "ap_config.h"
21 #include "ap_drv_ops.h"
22 #include "accounting.h"
25 /* Default interval in seconds for polling TX/RX octets from the driver if
26 * STA is not using interim accounting. This detects wrap arounds for
27 * input/output octets and updates Acct-{Input,Output}-Gigawords. */
28 #define ACCT_DEFAULT_UPDATE_INTERVAL 300
30 static void accounting_sta_interim(struct hostapd_data *hapd,
31 struct sta_info *sta);
34 static struct radius_msg * accounting_msg(struct hostapd_data *hapd,
38 struct radius_msg *msg;
46 msg = radius_msg_new(RADIUS_CODE_ACCOUNTING_REQUEST,
47 radius_client_get_id(hapd->radius));
49 wpa_printf(MSG_INFO, "Could not create new RADIUS packet");
53 if (radius_msg_make_authenticator(msg) < 0) {
54 wpa_printf(MSG_INFO, "Could not make Request Authenticator");
58 if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_STATUS_TYPE,
60 wpa_printf(MSG_INFO, "Could not add Acct-Status-Type");
65 if (!hostapd_config_get_radius_attr(
66 hapd->conf->radius_acct_req_attr,
67 RADIUS_ATTR_ACCT_AUTHENTIC) &&
68 !radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_AUTHENTIC,
69 hapd->conf->ieee802_1x ?
70 RADIUS_ACCT_AUTHENTIC_RADIUS :
71 RADIUS_ACCT_AUTHENTIC_LOCAL)) {
72 wpa_printf(MSG_INFO, "Could not add Acct-Authentic");
76 /* Use 802.1X identity if available */
77 val = ieee802_1x_get_identity(sta->eapol_sm, &len);
79 /* Use RADIUS ACL identity if 802.1X provides no identity */
80 if (!val && sta->identity) {
81 val = (u8 *) sta->identity;
82 len = os_strlen(sta->identity);
85 /* Use STA MAC if neither 802.1X nor RADIUS ACL provided
88 os_snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT,
94 if (!radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME, val,
96 wpa_printf(MSG_INFO, "Could not add User-Name");
101 if (add_common_radius_attr(hapd, hapd->conf->radius_acct_req_attr, sta,
107 val = ieee802_1x_get_radius_class(sta->eapol_sm, &len,
112 if (!radius_msg_add_attr(msg, RADIUS_ATTR_CLASS,
114 wpa_printf(MSG_INFO, "Could not add Class");
119 b = ieee802_1x_get_radius_cui(sta->eapol_sm);
121 !radius_msg_add_attr(msg,
122 RADIUS_ATTR_CHARGEABLE_USER_IDENTITY,
123 wpabuf_head(b), wpabuf_len(b))) {
124 wpa_printf(MSG_ERROR, "Could not add CUI");
128 if (!b && sta->radius_cui &&
129 !radius_msg_add_attr(msg,
130 RADIUS_ATTR_CHARGEABLE_USER_IDENTITY,
131 (u8 *) sta->radius_cui,
132 os_strlen(sta->radius_cui))) {
133 wpa_printf(MSG_ERROR, "Could not add CUI from ACL");
138 !radius_msg_add_attr_int32(msg,
139 RADIUS_ATTR_FRAMED_IP_ADDRESS,
140 be_to_host32(sta->ipaddr))) {
141 wpa_printf(MSG_ERROR,
142 "Could not add Framed-IP-Address");
148 if (now.sec > 1000000000 &&
149 !radius_msg_add_attr_int32(msg, RADIUS_ATTR_EVENT_TIMESTAMP,
151 wpa_printf(MSG_INFO, "Could not add Event-Timestamp");
156 * Add Acct-Delay-Time with zero value for the first transmission. This
157 * will be updated within radius_client.c when retransmitting the frame.
159 if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_DELAY_TIME, 0)) {
160 wpa_printf(MSG_INFO, "Could not add Acct-Delay-Time");
167 radius_msg_free(msg);
172 static int accounting_sta_update_stats(struct hostapd_data *hapd,
173 struct sta_info *sta,
174 struct hostap_sta_driver_data *data)
176 if (hostapd_drv_read_sta_data(hapd, data, sta->addr))
179 if (!data->bytes_64bit) {
180 /* Extend 32-bit counters from the driver to 64-bit counters */
181 if (sta->last_rx_bytes_lo > data->rx_bytes)
182 sta->last_rx_bytes_hi++;
183 sta->last_rx_bytes_lo = data->rx_bytes;
185 if (sta->last_tx_bytes_lo > data->tx_bytes)
186 sta->last_tx_bytes_hi++;
187 sta->last_tx_bytes_lo = data->tx_bytes;
190 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
192 "updated TX/RX stats: rx_bytes=%llu [%u:%u] tx_bytes=%llu [%u:%u] bytes_64bit=%d",
193 data->rx_bytes, sta->last_rx_bytes_hi,
194 sta->last_rx_bytes_lo,
195 data->tx_bytes, sta->last_tx_bytes_hi,
196 sta->last_tx_bytes_lo,
203 static void accounting_interim_update(void *eloop_ctx, void *timeout_ctx)
205 struct hostapd_data *hapd = eloop_ctx;
206 struct sta_info *sta = timeout_ctx;
209 if (sta->acct_interim_interval) {
210 accounting_sta_interim(hapd, sta);
211 interval = sta->acct_interim_interval;
213 struct hostap_sta_driver_data data;
214 accounting_sta_update_stats(hapd, sta, &data);
215 interval = ACCT_DEFAULT_UPDATE_INTERVAL;
218 eloop_register_timeout(interval, 0, accounting_interim_update,
224 * accounting_sta_start - Start STA accounting
225 * @hapd: hostapd BSS data
228 void accounting_sta_start(struct hostapd_data *hapd, struct sta_info *sta)
230 struct radius_msg *msg;
233 if (sta->acct_session_started)
236 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
238 "starting accounting session %016llX",
239 (unsigned long long) sta->acct_session_id);
241 os_get_reltime(&sta->acct_session_start);
242 sta->last_rx_bytes_hi = 0;
243 sta->last_rx_bytes_lo = 0;
244 sta->last_tx_bytes_hi = 0;
245 sta->last_tx_bytes_lo = 0;
246 hostapd_drv_sta_clear_stats(hapd, sta->addr);
248 if (!hapd->conf->radius->acct_server)
251 if (sta->acct_interim_interval)
252 interval = sta->acct_interim_interval;
254 interval = ACCT_DEFAULT_UPDATE_INTERVAL;
255 eloop_register_timeout(interval, 0, accounting_interim_update,
258 msg = accounting_msg(hapd, sta, RADIUS_ACCT_STATUS_TYPE_START);
260 radius_client_send(hapd->radius, msg, RADIUS_ACCT, sta->addr) < 0)
261 radius_msg_free(msg);
263 sta->acct_session_started = 1;
267 static void accounting_sta_report(struct hostapd_data *hapd,
268 struct sta_info *sta, int stop)
270 struct radius_msg *msg;
271 int cause = sta->acct_terminate_cause;
272 struct hostap_sta_driver_data data;
273 struct os_reltime now_r, diff;
276 if (!hapd->conf->radius->acct_server)
279 msg = accounting_msg(hapd, sta,
280 stop ? RADIUS_ACCT_STATUS_TYPE_STOP :
281 RADIUS_ACCT_STATUS_TYPE_INTERIM_UPDATE);
283 wpa_printf(MSG_INFO, "Could not create RADIUS Accounting message");
287 os_get_reltime(&now_r);
288 os_reltime_sub(&now_r, &sta->acct_session_start, &diff);
289 if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_SESSION_TIME,
291 wpa_printf(MSG_INFO, "Could not add Acct-Session-Time");
295 if (accounting_sta_update_stats(hapd, sta, &data) == 0) {
296 if (!radius_msg_add_attr_int32(msg,
297 RADIUS_ATTR_ACCT_INPUT_PACKETS,
299 wpa_printf(MSG_INFO, "Could not add Acct-Input-Packets");
302 if (!radius_msg_add_attr_int32(msg,
303 RADIUS_ATTR_ACCT_OUTPUT_PACKETS,
305 wpa_printf(MSG_INFO, "Could not add Acct-Output-Packets");
308 if (data.bytes_64bit)
309 bytes = data.rx_bytes;
311 bytes = ((u64) sta->last_rx_bytes_hi << 32) |
312 sta->last_rx_bytes_lo;
313 if (!radius_msg_add_attr_int32(msg,
314 RADIUS_ATTR_ACCT_INPUT_OCTETS,
316 wpa_printf(MSG_INFO, "Could not add Acct-Input-Octets");
319 if (!radius_msg_add_attr_int32(msg,
320 RADIUS_ATTR_ACCT_INPUT_GIGAWORDS,
321 (u32) (bytes >> 32))) {
322 wpa_printf(MSG_INFO, "Could not add Acct-Input-Gigawords");
325 if (data.bytes_64bit)
326 bytes = data.tx_bytes;
328 bytes = ((u64) sta->last_tx_bytes_hi << 32) |
329 sta->last_tx_bytes_lo;
330 if (!radius_msg_add_attr_int32(msg,
331 RADIUS_ATTR_ACCT_OUTPUT_OCTETS,
333 wpa_printf(MSG_INFO, "Could not add Acct-Output-Octets");
336 if (!radius_msg_add_attr_int32(msg,
337 RADIUS_ATTR_ACCT_OUTPUT_GIGAWORDS,
338 (u32) (bytes >> 32))) {
339 wpa_printf(MSG_INFO, "Could not add Acct-Output-Gigawords");
344 if (eloop_terminated())
345 cause = RADIUS_ACCT_TERMINATE_CAUSE_ADMIN_REBOOT;
348 !radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_TERMINATE_CAUSE,
350 wpa_printf(MSG_INFO, "Could not add Acct-Terminate-Cause");
354 if (radius_client_send(hapd->radius, msg,
355 stop ? RADIUS_ACCT : RADIUS_ACCT_INTERIM,
361 radius_msg_free(msg);
366 * accounting_sta_interim - Send a interim STA accounting report
367 * @hapd: hostapd BSS data
370 static void accounting_sta_interim(struct hostapd_data *hapd,
371 struct sta_info *sta)
373 if (sta->acct_session_started)
374 accounting_sta_report(hapd, sta, 0);
379 * accounting_sta_stop - Stop STA accounting
380 * @hapd: hostapd BSS data
383 void accounting_sta_stop(struct hostapd_data *hapd, struct sta_info *sta)
385 if (sta->acct_session_started) {
386 accounting_sta_report(hapd, sta, 1);
387 eloop_cancel_timeout(accounting_interim_update, hapd, sta);
388 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
390 "stopped accounting session %016llX",
391 (unsigned long long) sta->acct_session_id);
392 sta->acct_session_started = 0;
397 int accounting_sta_get_id(struct hostapd_data *hapd, struct sta_info *sta)
399 return radius_gen_session_id((u8 *) &sta->acct_session_id,
400 sizeof(sta->acct_session_id));
405 * accounting_receive - Process the RADIUS frames from Accounting Server
406 * @msg: RADIUS response message
407 * @req: RADIUS request message
408 * @shared_secret: RADIUS shared secret
409 * @shared_secret_len: Length of shared_secret in octets
410 * @data: Context data (struct hostapd_data *)
411 * Returns: Processing status
413 static RadiusRxResult
414 accounting_receive(struct radius_msg *msg, struct radius_msg *req,
415 const u8 *shared_secret, size_t shared_secret_len,
418 if (radius_msg_get_hdr(msg)->code != RADIUS_CODE_ACCOUNTING_RESPONSE) {
419 wpa_printf(MSG_INFO, "Unknown RADIUS message code");
420 return RADIUS_RX_UNKNOWN;
423 if (radius_msg_verify(msg, shared_secret, shared_secret_len, req, 0)) {
424 wpa_printf(MSG_INFO, "Incoming RADIUS packet did not have correct Authenticator - dropped");
425 return RADIUS_RX_INVALID_AUTHENTICATOR;
428 return RADIUS_RX_PROCESSED;
432 static void accounting_report_state(struct hostapd_data *hapd, int on)
434 struct radius_msg *msg;
436 if (!hapd->conf->radius->acct_server || hapd->radius == NULL)
439 /* Inform RADIUS server that accounting will start/stop so that the
440 * server can close old accounting sessions. */
441 msg = accounting_msg(hapd, NULL,
442 on ? RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_ON :
443 RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_OFF);
447 if (hapd->acct_session_id) {
450 os_snprintf(buf, sizeof(buf), "%016llX",
451 (unsigned long long) hapd->acct_session_id);
452 if (!radius_msg_add_attr(msg, RADIUS_ATTR_ACCT_SESSION_ID,
453 (u8 *) buf, os_strlen(buf)))
454 wpa_printf(MSG_ERROR, "Could not add Acct-Session-Id");
457 if (radius_client_send(hapd->radius, msg, RADIUS_ACCT, NULL) < 0)
458 radius_msg_free(msg);
462 static void accounting_interim_error_cb(const u8 *addr, void *ctx)
464 struct hostapd_data *hapd = ctx;
465 struct sta_info *sta;
466 unsigned int i, wait_time;
469 sta = ap_get_sta(hapd, addr);
472 sta->acct_interim_errors++;
473 if (sta->acct_interim_errors > 10 /* RADIUS_CLIENT_MAX_RETRIES */) {
474 wpa_printf(MSG_DEBUG,
475 "Interim RADIUS accounting update failed for " MACSTR
476 " - too many errors, abandon this interim accounting update",
478 sta->acct_interim_errors = 0;
479 /* Next update will be tried after normal update interval */
484 * Use a shorter update interval as an improved retransmission mechanism
485 * for failed interim accounting updates. This allows the statistics to
486 * be updated for each retransmission.
488 * RADIUS client code has already waited RADIUS_CLIENT_FIRST_WAIT.
489 * Schedule the first retry attempt immediately and every following one
490 * with exponential backoff.
492 if (sta->acct_interim_errors == 1) {
495 wait_time = 3; /* RADIUS_CLIENT_FIRST_WAIT */
496 for (i = 1; i < sta->acct_interim_errors; i++)
499 res = eloop_deplete_timeout(wait_time, 0, accounting_interim_update,
502 wpa_printf(MSG_DEBUG,
503 "Interim RADIUS accounting update failed for " MACSTR
504 " (error count: %u) - schedule next update in %u seconds",
505 MAC2STR(addr), sta->acct_interim_errors, wait_time);
507 wpa_printf(MSG_DEBUG,
508 "Interim RADIUS accounting update failed for " MACSTR
509 " (error count: %u)", MAC2STR(addr),
510 sta->acct_interim_errors);
512 wpa_printf(MSG_DEBUG,
513 "Interim RADIUS accounting update failed for " MACSTR
514 " (error count: %u) - no timer found", MAC2STR(addr),
515 sta->acct_interim_errors);
520 * accounting_init: Initialize accounting
521 * @hapd: hostapd BSS data
522 * Returns: 0 on success, -1 on failure
524 int accounting_init(struct hostapd_data *hapd)
526 if (radius_gen_session_id((u8 *) &hapd->acct_session_id,
527 sizeof(hapd->acct_session_id)) < 0)
530 if (radius_client_register(hapd->radius, RADIUS_ACCT,
531 accounting_receive, hapd))
533 radius_client_set_interim_error_cb(hapd->radius,
534 accounting_interim_error_cb, hapd);
536 accounting_report_state(hapd, 1);
543 * accounting_deinit: Deinitialize accounting
544 * @hapd: hostapd BSS data
546 void accounting_deinit(struct hostapd_data *hapd)
548 accounting_report_state(hapd, 0);
projects / mech_eap.git / blob