search

telekom / 5g-trace-visualizer

This set of Python scripts allow you to convert pcap, pcapnp or pdml 5G protocol traces (Wireshark, tcpdump, ...) into SVG sequence diagrams.
Apache License 2.0
264 stars 77 forks source link

RADIUS message related error #34

Closed rtommy closed 1 year ago

rtommy commented 1 year ago

The current version does not support RADIUS packets properly. The get_diam_description only looks for diameter which is not used in radius.

    elif 'Diameter' in protocol or 'RADIUS' in protocol or "GTP'" in protocol:
        note_color = ' {0}'.format(color_diameter_radius_gtpprime)
        protocol = get_diam_description(packet)

...

    diam_commandcode_regex = re.compile(r"diameter\.cmd\.code:\s+'Command\s+Code:\s+(.+)'")
    diam_application_regex = re.compile(r"diameter\.applicationId:\s+'ApplicationId:\s+(.+)'")
    diam_request_regex = re.compile(r"diameter\.flags\.request:\s+'(\d)")
    diam_session_regex = re.compile(r"diameter\.Session-Id:\s+'Session-Id:\s+(.+)'")

Error:

  File "trace_visualizer.py", line xxx, in packet_to_str
    protocol = get_diam_description(packet)
  File "trace_visualizer.py", line xxx, in get_diam_description
    if diam_request_regex.search(packet.msg_description).group(1) == '1':
AttributeError: 'NoneType' object has no attribute 'group'

Here is a RADIUS Access-Request example:

RADIUS Protocol:
    radius.code: 'Code: Access-Request (1)'
    radius.id: 'Packet identifier: 0x24 (36)'
    radius.length: 'Length: 97'
    radius.authenticator: 'Authenticator: 1d87536306c9628344109e29f90ba40c'
    radius.req: 'Request: True'
    radius.rspframe: The response to this request is in frame 19
    Attribute Value Pairs:
        'AVP: t=User-Name(1) l=6 val=void':
            radius.avp.type: 'Type: 1'
            radius.avp.length: 'Length: 6'
            radius.User_Name: 'User-Name: void'
        'AVP: t=User-Password(2) l=18 val=Encrypted':
            radius.avp.type: 'Type: 2'
            radius.avp.length: 'Length: 18'
            radius.User_Password_encrypted: 'User-Password (encrypted): 35853d707a452aabb06e9ece6b3f8c67'
        'AVP: t=NAS-IP-Address(4) l=6 val=10.10.10.10':
            radius.avp.type: 'Type: 4'
            radius.avp.length: 'Length: 6'
            radius.NAS_IP_Address: 'NAS-IP-Address: 10.10.10.10'
        'AVP: t=NAS-Identifier(32) l=11 val=SMF123':
            radius.avp.type: 'Type: 32'
            radius.avp.length: 'Length: 11'
            radius.NAS_Identifier: 'NAS-Identifier: SMF123'
        'AVP: t=Called-Station-Id(30) l=18 val=internet.apn':
            radius.avp.type: 'Type: 30'
            radius.avp.length: 'Length: 18'
            radius.Called_Station_Id: 'Called-Station-Id: internet.apn'
        'AVP: t=Framed-Protocol(7) l=6 val=GPRS-PDP-Context(7)':
            radius.avp.type: 'Type: 7'
            radius.avp.length: 'Length: 6'
            radius.Framed_Protocol: 'Framed-Protocol: GPRS-PDP-Context (7)'
        'AVP: t=Service-Type(6) l=6 val=Framed(2)':
            radius.avp.type: 'Type: 6'
            radius.avp.length: 'Length: 6'
            radius.Service_Type: 'Service-Type: Framed (2)'
        'AVP: t=NAS-Port-Type(61) l=6 val=Virtual(5)':
            radius.avp.type: 'Type: 61'
            radius.avp.length: 'Length: 6'
            radius.NAS_Port_Type: 'NAS-Port-Type: Virtual (5)'
jkolom commented 1 year ago

Could you send a trace to test? A single-packet trace would suffice. That would be appreciated :)

rtommy commented 1 year ago

PDML file ok? radius.txt

jkolom commented 1 year ago

This is what comes out after the last commit. I also did some refactoring because the code was too unreadable (even for me!) Thanks for your inputs! 😃 radius