SQL backend for MAVIS external module - Python
62 views
Skip to first unread message
Charles
Dec 23, 2024, 4:02:04 AM12/23/24
to Event-Driven Servers
I used Python wrote the SQL backend for MAVIS external module. It is working when I just login to device every time. But after a few seconds, the authorization will fail.
ASW-01#config
Enter configuration commands, one per line. End with CNTL/Z.
ASW-01(config)#exit
ASW-01#config
Enter configuration commands, one per line. End with CNTL/Z.
ASW-01(config)#end
ASW-01#config
Enter configuration commands, one per line. End with CNTL/Z.
ASW-01(config)#end
ASW-01#config
Enter configuration commands, one per line. End with CNTL/Z.
ASW-01(config)#end
ASW-01#config
Enter configuration commands, one per line. End with CNTL/Z.
ASW-01(config)#end
ASW-01#config
% Authorization failed.
ASW-01#config
% Authorization failed.
ASW-01#config
% Authorization failed.
ASW-01#
mavis_tacplus_sql.py
########################
#!/usr/bin/python3
import MySQLdb
import time
import sys
from mavis import ( Mavis,
MAVIS_DOWN, MAVIS_FINAL,
AV_V_RESULT_OK, AV_V_RESULT_ERROR, AV_V_RESULT_FAIL,
AV_V_RESULT_NOTFOUND
)
MEMBEROF = 'admin'
TACMEMBER = 'admin'
DELAY = 1
ERROR = None
FAULT = None
DB_CONFIG = {
'host': 'localhost',
'user': 'tacuser',
'passwd': 'tacpass',
'db': 'tacdb'
}
while True:
D = Mavis()
if not D.is_tacplus():
D.write(MAVIS_DOWN, None, None)
continue
if not D.valid():
D.write(MAVIS_FINAL, AV_V_RESULT_ERROR, "Invalid input.")
continue
time.sleep(float(DELAY))
if ERROR != None:
D.write(MAVIS_FINAL, AV_V_RESULT_ERROR, None)
continue
if FAULT != None:
sys.stderr.write("Pretended application fault.\n")
sys.exit(-1)
try:
connection = MySQLdb.connect(**DB_CONFIG)
cursor = connection.cursor()
query = "SELECT * FROM taccheck WHERE username='{username}' AND password='{password}';".format(
username=D.user,
password=D.password
)
cursor.execute(query)
tac_user = cursor.fetchall()
if (D.is_tacplus_authc and tac_user) or D.is_tacplus_authz:
if MEMBEROF != None:
D.set_memberof(MEMBEROF)
if TACMEMBER != None:
D.set_tacmember(TACMEMBER)
D.write(MAVIS_FINAL, AV_V_RESULT_OK, None)
continue
except MySQLdb.Error as e:
print(f"Error connecting to MySQL: {e}")
finally:
if cursor:
cursor.close()
if connection:
connection.close()
D.write(MAVIS_DOWN, AV_V_RESULT_NOTFOUND, None)
ASW-01#config
Enter configuration commands, one per line. End with CNTL/Z.
ASW-01(config)#exit
ASW-01#config
Enter configuration commands, one per line. End with CNTL/Z.
ASW-01(config)#end
ASW-01#config
Enter configuration commands, one per line. End with CNTL/Z.
ASW-01(config)#end
ASW-01#config
Enter configuration commands, one per line. End with CNTL/Z.
ASW-01(config)#end
ASW-01#config
Enter configuration commands, one per line. End with CNTL/Z.
ASW-01(config)#end
ASW-01#config
% Authorization failed.
ASW-01#config
% Authorization failed.
ASW-01#config
% Authorization failed.
ASW-01#
mavis_tacplus_sql.py
########################
#!/usr/bin/python3
import MySQLdb
import time
import sys
from mavis import ( Mavis,
MAVIS_DOWN, MAVIS_FINAL,
AV_V_RESULT_OK, AV_V_RESULT_ERROR, AV_V_RESULT_FAIL,
AV_V_RESULT_NOTFOUND
)
MEMBEROF = 'admin'
TACMEMBER = 'admin'
DELAY = 1
ERROR = None
FAULT = None
DB_CONFIG = {
'host': 'localhost',
'user': 'tacuser',
'passwd': 'tacpass',
'db': 'tacdb'
}
while True:
D = Mavis()
if not D.is_tacplus():
D.write(MAVIS_DOWN, None, None)
continue
if not D.valid():
D.write(MAVIS_FINAL, AV_V_RESULT_ERROR, "Invalid input.")
continue
time.sleep(float(DELAY))
if ERROR != None:
D.write(MAVIS_FINAL, AV_V_RESULT_ERROR, None)
continue
if FAULT != None:
sys.stderr.write("Pretended application fault.\n")
sys.exit(-1)
try:
connection = MySQLdb.connect(**DB_CONFIG)
cursor = connection.cursor()
query = "SELECT * FROM taccheck WHERE username='{username}' AND password='{password}';".format(
username=D.user,
password=D.password
)
cursor.execute(query)
tac_user = cursor.fetchall()
if (D.is_tacplus_authc and tac_user) or D.is_tacplus_authz:
if MEMBEROF != None:
D.set_memberof(MEMBEROF)
if TACMEMBER != None:
D.set_tacmember(TACMEMBER)
D.write(MAVIS_FINAL, AV_V_RESULT_OK, None)
continue
except MySQLdb.Error as e:
print(f"Error connecting to MySQL: {e}")
finally:
if cursor:
cursor.close()
if connection:
connection.close()
D.write(MAVIS_DOWN, AV_V_RESULT_NOTFOUND, None)
Marc Huber
Dec 23, 2024, 6:48:16 AM12/23/24
to event-driv...@googlegroups.com
Hi,
On 23.12.2024 10:02, Charles wrote:
> I used Python wrote the SQL backend for MAVIS external module. It is
> working when I just login to device every time. But after a few
> seconds, the authorization will fail.
your code doesn't handle authorization-only requests. Your SQL query
will only work for authentication (D.is_tacplus_authc= -- for
authorization (D.is_tacplus_authz) there's no password available, so
checking for the username is sufficient.
if D.is_tacplus_authc:
username=D.user,
)
Cheers,
Marc
> --
> You received this message because you are subscribed to the Google
> Groups "Event-Driven Servers" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to event-driven-ser...@googlegroups.com.
> To view this discussion visit
> https://groups.google.com/d/msgid/event-driven-servers/d763f65d-e979-4c08-bd2d-2957aa806f6en%40googlegroups.com
> <https://groups.google.com/d/msgid/event-driven-servers/d763f65d-e979-4c08-bd2d-2957aa806f6en%40googlegroups.com?utm_medium=email&utm_source=footer>.
On 23.12.2024 10:02, Charles wrote:
> I used Python wrote the SQL backend for MAVIS external module. It is
> working when I just login to device every time. But after a few
> seconds, the authorization will fail.
will only work for authentication (D.is_tacplus_authc= -- for
authorization (D.is_tacplus_authz) there's no password available, so
checking for the username is sufficient.
if D.is_tacplus_authc:
query = "SELECT * FROM taccheck WHERE username='{username}' AND
password='{password}';".format(
username=D.user,
password=D.password
)
else:
password='{password}';".format(
username=D.user,
password=D.password
)
query = "SELECT * FROM taccheck WHERE
username='{username}';".format(
username=D.user,
)
Cheers,
Marc
> You received this message because you are subscribed to the Google
> Groups "Event-Driven Servers" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to event-driven-ser...@googlegroups.com.
> To view this discussion visit
> https://groups.google.com/d/msgid/event-driven-servers/d763f65d-e979-4c08-bd2d-2957aa806f6en%40googlegroups.com
> <https://groups.google.com/d/msgid/event-driven-servers/d763f65d-e979-4c08-bd2d-2957aa806f6en%40googlegroups.com?utm_medium=email&utm_source=footer>.
Charles
Dec 24, 2024, 1:04:38 AM12/24/24
to Event-Driven Servers
Hi Marc,
Got it, Thanks for your reply.
By the way, I have encountered another problem. There is no accounting log file in /tmp, I only can find access.log and author.log. I tested the device with anther version tac_plus(yum --enablerepo=nux-misc install tac_plus), It can get the accounting log.
get message from output:
msg (len: 39): Illegal packet (version=0xc0 type=0x03)
66492: 12:38:45.709 1/89830044: 30.118.110.178 New session
66492: 12:38:45.709 1/89830044: 30.118.110.178 ---<start packet>---
66492: 12:38:45.709 1/89830044: 30.118.110.178 key used: demo
66492: 12:38:45.709 1/89830044: 30.118.110.178 version: 192, type: 2, seq no: 1, flags: unencrypted
66492: 12:38:45.709 1/89830044: 30.118.110.178 session id: 44008389, data length: 49
66492: 12:38:45.709 1/89830044: 30.118.110.178 AUTHOR, priv_lvl=15
66492: 12:38:45.709 1/89830044: 30.118.110.178 authen_type=ascii (1)
66492: 12:38:45.709 1/89830044: 30.118.110.178 authen_method=tacacs+ (6)
66492: 12:38:45.709 1/89830044: 30.118.110.178 service=login (1)
66492: 12:38:45.709 1/89830044: 30.118.110.178 user_len=6 port_len=4 rem_addr_len=12 arg_cnt=2
66492: 12:38:45.709 1/89830044: 30.118.110.178 user (len: 6): 283797
66492: 12:38:45.709 1/89830044: 30.118.110.178 port (len: 4): tty1
66492: 12:38:45.709 1/89830044: 30.118.110.178 rem_addr (len: 12): 10.11.225.69
66492: 12:38:45.709 1/89830044: 30.118.110.178 arg[0] (len: 13): service=shell
66492: 12:38:45.709 1/89830044: 30.118.110.178 arg[1] (len: 4): cmd*
66492: 12:38:45.709 1/89830044: 30.118.110.178 ---<end packet>---
66492: 12:38:45.709 1/89830044: 30.118.110.178 Start authorization request
66492: 12:38:45.709 1/89830044: 30.118.110.178 cfg_get: checking user/group 283797, tag (NULL)
66492: 12:38:45.709 1/89830044: 30.118.110.178 cfg_get: checking user/group admin, tag (NULL)
66492: 12:38:45.709 1/89830044: 30.118.110.178 cfg_get: checking user/group 283797, tag (NULL)
66492: 12:38:45.709 1/89830044: 30.118.110.178 cfg_get: checking user/group admin, tag (NULL)
66492: 12:38:45.709 1/89830044: 30.118.110.178 user '283797' found
66492: 12:38:45.709 1/89830044: 30.118.110.178 cfg_get: checking user/group 283797, tag (NULL)
66492: 12:38:45.709 1/89830044: 30.118.110.178 283...@30.118.110.178: not found: svcname=shell@world protocol=
66492: 12:38:45.709 1/89830044: 30.118.110.178 283...@30.118.110.178: not found: svcname=shell protocol=
66492: 12:38:45.709 1/89830044: 30.118.110.178 cfg_get: checking user/group admin, tag (NULL)
66492: 12:38:45.709 1/89830044: 30.118.110.178 283...@30.118.110.178: not found: svcname=shell@world protocol=
66492: 12:38:45.709 1/89830044: 30.118.110.178 283...@30.118.110.178: found: svcname=shell protocol=
66492: 12:38:45.709 1/89830044: 30.118.110.178 nas:service=shell (passed thru)
66492: 12:38:45.709 1/89830044: 30.118.110.178 nas:cmd* (passed thru)
66492: 12:38:45.709 1/89830044: 30.118.110.178 nas:absent srv:priv-lvl=15 -> add priv-lvl=15 (k)
66492: 12:38:45.709 1/89830044: 30.118.110.178 added 1 args
66492: 12:38:45.709 1/89830044: 30.118.110.178 Writing AUTHOR/PASS_ADD size=30
66492: 12:38:45.709 1/89830044: 30.118.110.178 ---<start packet>---
66492: 12:38:45.709 1/89830044: 30.118.110.178 key used: demo
66492: 12:38:45.709 1/89830044: 30.118.110.178 version: 192, type: 2, seq no: 2, flags: unencrypted
66492: 12:38:45.709 1/89830044: 30.118.110.178 session id: 44008389, data length: 18
66492: 12:38:45.709 1/89830044: 30.118.110.178 AUTHOR/REPLY, status=1 (AUTHOR/PASS_ADD)
66492: 12:38:45.709 1/89830044: 30.118.110.178 msg_len=0, data_len=0, arg_cnt=1
66492: 12:38:45.709 1/89830044: 30.118.110.178 msg (len: 0):
66492: 12:38:45.709 1/89830044: 30.118.110.178 data (len: 0):
66492: 12:38:45.709 1/89830044: 30.118.110.178 arg[0] (len: 11): priv-lvl=15
66492: 12:38:45.709 1/89830044: 30.118.110.178 ---<end packet>---
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 New session
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 ---<start packet>---
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 key used: demo
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 version: 192, type: 3, seq no: 1, flags: unencrypted
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 session id: 50228ebb, data length: 111
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 Packet malformed, skipping detailed dump.
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 ---<end packet>---
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 Writing ACCT size=56
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 ---<start packet>---
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 key used: demo
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 version: 192, type: 3, seq no: 2, flags: unencrypted
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 session id: 50228ebb, data length: 44
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 ACCT/REPLY, status=2, msg_len=39, data_len=0
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 msg (len: 39): Illegal packet (version=0xc0 type=0x03)
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 data (len: 0):
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 ---<end packet>---
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 New session
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 ---<start packet>---
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 key used: demo
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 version: 192, type: 3, seq no: 1, flags: unencrypted
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 session id: 5540ddf6, data length: 105
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 Packet malformed, skipping detailed dump.
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 ---<end packet>---
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 Writing ACCT size=56
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 ---<start packet>---
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 key used: demo
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 version: 192, type: 3, seq no: 2, flags: unencrypted
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 session id: 5540ddf6, data length: 44
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 ACCT/REPLY, status=2, msg_len=39, data_len=0
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 msg (len: 39): Illegal packet (version=0xc0 type=0x03)
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 data (len: 0):
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 ---<end packet>---
66492: 12:38:45.709 1/89830044: 30.118.110.178 ---<start packet>---
66492: 12:38:45.709 1/89830044: 30.118.110.178 key used: demo
66492: 12:38:45.709 1/89830044: 30.118.110.178 version: 192, type: 2, seq no: 1, flags: unencrypted
66492: 12:38:45.709 1/89830044: 30.118.110.178 session id: 44008389, data length: 49
66492: 12:38:45.709 1/89830044: 30.118.110.178 AUTHOR, priv_lvl=15
66492: 12:38:45.709 1/89830044: 30.118.110.178 authen_type=ascii (1)
66492: 12:38:45.709 1/89830044: 30.118.110.178 authen_method=tacacs+ (6)
66492: 12:38:45.709 1/89830044: 30.118.110.178 service=login (1)
66492: 12:38:45.709 1/89830044: 30.118.110.178 user_len=6 port_len=4 rem_addr_len=12 arg_cnt=2
66492: 12:38:45.709 1/89830044: 30.118.110.178 user (len: 6): 283797
66492: 12:38:45.709 1/89830044: 30.118.110.178 port (len: 4): tty1
66492: 12:38:45.709 1/89830044: 30.118.110.178 rem_addr (len: 12): 10.11.225.69
66492: 12:38:45.709 1/89830044: 30.118.110.178 arg[0] (len: 13): service=shell
66492: 12:38:45.709 1/89830044: 30.118.110.178 arg[1] (len: 4): cmd*
66492: 12:38:45.709 1/89830044: 30.118.110.178 ---<end packet>---
66492: 12:38:45.709 1/89830044: 30.118.110.178 Start authorization request
66492: 12:38:45.709 1/89830044: 30.118.110.178 cfg_get: checking user/group 283797, tag (NULL)
66492: 12:38:45.709 1/89830044: 30.118.110.178 cfg_get: checking user/group admin, tag (NULL)
66492: 12:38:45.709 1/89830044: 30.118.110.178 cfg_get: checking user/group 283797, tag (NULL)
66492: 12:38:45.709 1/89830044: 30.118.110.178 cfg_get: checking user/group admin, tag (NULL)
66492: 12:38:45.709 1/89830044: 30.118.110.178 user '283797' found
66492: 12:38:45.709 1/89830044: 30.118.110.178 cfg_get: checking user/group 283797, tag (NULL)
66492: 12:38:45.709 1/89830044: 30.118.110.178 283...@30.118.110.178: not found: svcname=shell@world protocol=
66492: 12:38:45.709 1/89830044: 30.118.110.178 283...@30.118.110.178: not found: svcname=shell protocol=
66492: 12:38:45.709 1/89830044: 30.118.110.178 cfg_get: checking user/group admin, tag (NULL)
66492: 12:38:45.709 1/89830044: 30.118.110.178 283...@30.118.110.178: not found: svcname=shell@world protocol=
66492: 12:38:45.709 1/89830044: 30.118.110.178 283...@30.118.110.178: found: svcname=shell protocol=
66492: 12:38:45.709 1/89830044: 30.118.110.178 nas:service=shell (passed thru)
66492: 12:38:45.709 1/89830044: 30.118.110.178 nas:cmd* (passed thru)
66492: 12:38:45.709 1/89830044: 30.118.110.178 nas:absent srv:priv-lvl=15 -> add priv-lvl=15 (k)
66492: 12:38:45.709 1/89830044: 30.118.110.178 added 1 args
66492: 12:38:45.709 1/89830044: 30.118.110.178 Writing AUTHOR/PASS_ADD size=30
66492: 12:38:45.709 1/89830044: 30.118.110.178 ---<start packet>---
66492: 12:38:45.709 1/89830044: 30.118.110.178 key used: demo
66492: 12:38:45.709 1/89830044: 30.118.110.178 version: 192, type: 2, seq no: 2, flags: unencrypted
66492: 12:38:45.709 1/89830044: 30.118.110.178 session id: 44008389, data length: 18
66492: 12:38:45.709 1/89830044: 30.118.110.178 AUTHOR/REPLY, status=1 (AUTHOR/PASS_ADD)
66492: 12:38:45.709 1/89830044: 30.118.110.178 msg_len=0, data_len=0, arg_cnt=1
66492: 12:38:45.709 1/89830044: 30.118.110.178 msg (len: 0):
66492: 12:38:45.709 1/89830044: 30.118.110.178 data (len: 0):
66492: 12:38:45.709 1/89830044: 30.118.110.178 arg[0] (len: 11): priv-lvl=15
66492: 12:38:45.709 1/89830044: 30.118.110.178 ---<end packet>---
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 New session
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 ---<start packet>---
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 key used: demo
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 version: 192, type: 3, seq no: 1, flags: unencrypted
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 session id: 50228ebb, data length: 111
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 Packet malformed, skipping detailed dump.
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 ---<end packet>---
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 Writing ACCT size=56
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 ---<start packet>---
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 key used: demo
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 version: 192, type: 3, seq no: 2, flags: unencrypted
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 session id: 50228ebb, data length: 44
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 ACCT/REPLY, status=2, msg_len=39, data_len=0
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 msg (len: 39): Illegal packet (version=0xc0 type=0x03)
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 data (len: 0):
66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 ---<end packet>---
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 New session
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 ---<start packet>---
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 key used: demo
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 version: 192, type: 3, seq no: 1, flags: unencrypted
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 session id: 5540ddf6, data length: 105
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 Packet malformed, skipping detailed dump.
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 ---<end packet>---
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 Writing ACCT size=56
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 ---<start packet>---
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 key used: demo
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 version: 192, type: 3, seq no: 2, flags: unencrypted
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 session id: 5540ddf6, data length: 44
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 ACCT/REPLY, status=2, msg_len=39, data_len=0
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 msg (len: 39): Illegal packet (version=0xc0 type=0x03)
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 data (len: 0):
66492: 12:39:37.886 3/f6dd4055: 30.118.110.178 ---<end packet>---
Marc Huber
Dec 24, 2024, 2:38:58 AM12/24/24
to event-driv...@googlegroups.com
Hi,
the accounting packet your network device sends looks malformed:
> 66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 ---<start packet>---
> 66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 key used: demo
> 66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 version: 192, type: 3,
> seq no: 1, flags: unencrypted
> 66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 session id: 50228ebb,
> data length: 111
> 66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 Packet malformed,
> skipping detailed dump.
> 66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 ---<end packet>---
The packet data length fields likely don't sum up precisely to the
packet header length field. Could you share a hex dump of the accounting
packet? "debug = PACKET HEX" should be sufficient for that.
In tac_plus-ng the length check can be relaxed using "bug compatbility =
8" in global or host mode.
Cheers,
Marc
the accounting packet your network device sends looks malformed:
> 66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 ---<start packet>---
> 66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 key used: demo
> 66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 version: 192, type: 3,
> seq no: 1, flags: unencrypted
> 66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 session id: 50228ebb,
> data length: 111
> 66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 Packet malformed,
> skipping detailed dump.
> 66492: 12:39:02.077 2/bb8e2250: 30.118.110.178 ---<end packet>---
packet header length field. Could you share a hex dump of the accounting
packet? "debug = PACKET HEX" should be sufficient for that.
In tac_plus-ng the length check can be relaxed using "bug compatbility =
8" in global or host mode.
Cheers,
Marc
Charles
Dec 24, 2024, 8:44:26 PM12/24/24
to Event-Driven Servers
Hi Marc,
Below is the hex dump of the accounting packet, please take a look.
root@iZ2ze0pk2f9ydcdsi4eswxZ:/usr/local/etc# /usr/local/sbin/tac_plus /usr/local/etc/tac_plus.cfg
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 New session
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 ---<start packet>---
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 key used: demo
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 version: 192, type: 1, seq no: 1, flags: unencrypted
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 session id: 71ab88fd, data length: 30
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 packet body (len: 30): \001\017\001\001\006\004\f\000283797tty110.11.225.69
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 0000 01 0f 01 01 06 04 0c 00 32 38 33 37 39 37 74 74 ........ 283797tt
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 0010 79 31 31 30 2e 31 31 2e 32 32 35 2e 36 39 y110.11. 225.69
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 AUTHEN/START, priv_lvl=15
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 action=login (1)
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 authen_type=ascii (1)
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 service=login (1)
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 user_len=6 port_len=4 rem_addr_len=12
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 data_len=0
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 user (len: 6): 283797
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 port (len: 4): tty1
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 rem_addr (len: 12): 10.11.225.69
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 ---<end packet>---
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 Writing AUTHEN/GETPASS size=37
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 ---<start packet>---
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 key used: demo
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 version: 192, type: 1, seq no: 2, flags: unencrypted
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 session id: 71ab88fd, data length: 25
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 packet body (len: 25): \005\001\000\023\000\000Welcome\n\nPassword:
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 0000 05 01 00 13 00 00 57 65 6c 63 6f 6d 65 0a 0a 50 ......We lcome..P
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 0010 61 73 73 77 6f 72 64 3a 20 assword:
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 AUTHEN, status=5 (AUTHEN/GETPASS) flags=0x1
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 msg_len=19, data_len=0
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 msg (len: 19): Welcome\n\nPassword:
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 data (len: 0):
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 ---<end packet>---
106136: 09:34:46.671 0/fd88ab71: 30.118.110.178 ---<start packet>---
106136: 09:34:46.671 0/fd88ab71: 30.118.110.178 key used: demo
106136: 09:34:46.671 0/fd88ab71: 30.118.110.178 version: 192, type: 1, seq no: 3, flags: unencrypted
106136: 09:34:46.671 0/fd88ab71: 30.118.110.178 session id: 71ab88fd, data length: 14
106136: 09:34:46.671 0/fd88ab71: 30.118.110.178 packet body [partially masked] (len: 14): \000\t\000\000\000*********
106136: 09:34:46.671 0/fd88ab71: 30.118.110.178 0000 00 09 00 00 00 2a 2a 2a 2a 2a 2a 2a 2a 2a .....*** ******
106136: 09:34:46.671 0/fd88ab71: 30.118.110.178 AUTHEN/CONT user_msg_len=9, user_data_len=0
106136: 09:34:46.671 0/fd88ab71: 30.118.110.178 ---<end packet>---
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 shell login for '283797' from 10.11.225.69 on tty1 succeeded
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 Writing AUTHEN/PASS size=18
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 ---<start packet>---
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 key used: demo
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 version: 192, type: 1, seq no: 4, flags: unencrypted
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 session id: 71ab88fd, data length: 6
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 packet body (len: 6): \001\000\000\000\000\000
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 0000 01 00 00 00 00 00 ......
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 AUTHEN, status=1 (AUTHEN/PASS) flags=0x0
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 msg_len=0, data_len=0
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 msg (len: 0):
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 data (len: 0):
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 ---<end packet>---
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 New session
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 ---<start packet>---
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 key used: demo
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 version: 192, type: 2, seq no: 1, flags: unencrypted
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 session id: 71ab88fd, data length: 49
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 packet body (len: 49): \006\017\001\001\006\004\f\002\r\004283797tty110.11.225.69service=shellcmd*
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 0000 06 0f 01 01 06 04 0c 02 0d 04 32 38 33 37 39 37 ........ ..283797
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 0010 74 74 79 31 31 30 2e 31 31 2e 32 32 35 2e 36 39 tty110.1 1.225.69
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 0020 73 65 72 76 69 63 65 3d 73 68 65 6c 6c 63 6d 64 service= shellcmd
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 0030 2a *
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 AUTHOR, priv_lvl=15
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 authen_type=ascii (1)
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 authen_method=tacacs+ (6)
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 service=login (1)
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 user_len=6 port_len=4 rem_addr_len=12 arg_cnt=2
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 user (len: 6): 283797
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 port (len: 4): tty1
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 rem_addr (len: 12): 10.11.225.69
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 arg[0] (len: 13): service=shell
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 arg[1] (len: 4): cmd*
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 ---<end packet>---
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 Writing AUTHOR/PASS_ADD size=30
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 ---<start packet>---
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 key used: demo
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 version: 192, type: 2, seq no: 2, flags: unencrypted
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 session id: 71ab88fd, data length: 18
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 packet body (len: 18): \001\001\000\000\000\000\vpriv-lvl=15
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 0000 01 01 00 00 00 00 0b 70 72 69 76 2d 6c 76 6c 3d .......p riv-lvl=
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 0010 31 35 15
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 AUTHOR/REPLY, status=1 (AUTHOR/PASS_ADD)
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 msg_len=0, data_len=0, arg_cnt=1
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 msg (len: 0):
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 data (len: 0):
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 arg[0] (len: 11): priv-lvl=15
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 ---<end packet>---
106136: 09:35:06.662 2/22167906: 30.118.110.178 New session
106136: 09:35:06.662 2/22167906: 30.118.110.178 ---<start packet>---
106136: 09:35:06.662 2/22167906: 30.118.110.178 key used: demo
106136: 09:35:06.662 2/22167906: 30.118.110.178 version: 192, type: 3, seq no: 1, flags: unencrypted
106136: 09:35:06.662 2/22167906: 30.118.110.178 session id: 06791622, data length: 111
106136: 09:35:06.662 2/22167906: 30.118.110.178 packet body (len: 111): \004\006\017\001\001\006\004\f\005\v\f\r\v\034283797tty110.11.225.69task_id=841timezone=UTCservice=shellpriv-lvl=14cmd=show running-config <cr>
106136: 09:35:06.662 2/22167906: 30.118.110.178 0000 04 06 0f 01 01 06 04 0c 05 0b 0c 0d 0b 1c 32 38 ........ ......28
106136: 09:35:06.662 2/22167906: 30.118.110.178 0010 33 37 39 37 74 74 79 31 31 30 2e 31 31 2e 32 32 3797tty1 10.11.22
106136: 09:35:06.662 2/22167906: 30.118.110.178 0020 35 2e 36 39 74 61 73 6b 5f 69 64 3d 38 34 31 74 5.69task _id=841t
106136: 09:35:06.662 2/22167906: 30.118.110.178 0030 69 6d 65 7a 6f 6e 65 3d 55 54 43 73 65 72 76 69 imezone= UTCservi
106136: 09:35:06.662 2/22167906: 30.118.110.178 0040 63 65 3d 73 68 65 6c 6c 70 72 69 76 2d 6c 76 6c ce=shell priv-lvl
106136: 09:35:06.662 2/22167906: 30.118.110.178 0050 3d 31 34 63 6d 64 3d 73 68 6f 77 20 72 75 6e 6e =14cmd=s how runn
106136: 09:35:06.662 2/22167906: 30.118.110.178 0060 69 6e 67 2d 63 6f 6e 66 69 67 20 3c 63 72 3e ing-conf ig <cr>
106136: 09:35:06.662 2/22167906: 30.118.110.178 Packet malformed, skipping detailed dump.
106136: 09:35:06.662 2/22167906: 30.118.110.178 ---<end packet>---
106136: 09:35:06.662 2/22167906: 30.118.110.178 Writing ACCT size=56
106136: 09:35:06.662 2/22167906: 30.118.110.178 ---<start packet>---
106136: 09:35:06.662 2/22167906: 30.118.110.178 key used: demo
106136: 09:35:06.662 2/22167906: 30.118.110.178 version: 192, type: 3, seq no: 2, flags: unencrypted
106136: 09:35:06.662 2/22167906: 30.118.110.178 session id: 06791622, data length: 44
106136: 09:35:06.662 2/22167906: 30.118.110.178 packet body (len: 44): \000'\000\000\002Illegal packet (version=0xc0 type=0x03)
106136: 09:35:06.662 2/22167906: 30.118.110.178 0000 00 27 00 00 02 49 6c 6c 65 67 61 6c 20 70 61 63 .'...Ill egal pac
106136: 09:35:06.662 2/22167906: 30.118.110.178 0010 6b 65 74 20 28 76 65 72 73 69 6f 6e 3d 30 78 63 ket (ver sion=0xc
106136: 09:35:06.662 2/22167906: 30.118.110.178 0020 30 20 74 79 70 65 3d 30 78 30 33 29 0 type=0 x03)
106136: 09:35:06.662 2/22167906: 30.118.110.178 ACCT/REPLY, status=2, msg_len=39, data_len=0
106136: 09:35:06.662 2/22167906: 30.118.110.178 msg (len: 39): Illegal packet (version=0xc0 type=0x03)
106136: 09:35:06.662 2/22167906: 30.118.110.178 data (len: 0):
106136: 09:35:06.662 2/22167906: 30.118.110.178 ---<end packet>---
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 New session
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 ---<start packet>---
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 key used: demo
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 version: 192, type: 1, seq no: 1, flags: unencrypted
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 session id: 71ab88fd, data length: 30
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 packet body (len: 30): \001\017\001\001\006\004\f\000283797tty110.11.225.69
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 0000 01 0f 01 01 06 04 0c 00 32 38 33 37 39 37 74 74 ........ 283797tt
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 0010 79 31 31 30 2e 31 31 2e 32 32 35 2e 36 39 y110.11. 225.69
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 AUTHEN/START, priv_lvl=15
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 action=login (1)
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 authen_type=ascii (1)
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 service=login (1)
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 user_len=6 port_len=4 rem_addr_len=12
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 data_len=0
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 user (len: 6): 283797
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 port (len: 4): tty1
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 rem_addr (len: 12): 10.11.225.69
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 ---<end packet>---
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 Writing AUTHEN/GETPASS size=37
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 ---<start packet>---
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 key used: demo
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 version: 192, type: 1, seq no: 2, flags: unencrypted
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 session id: 71ab88fd, data length: 25
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 packet body (len: 25): \005\001\000\023\000\000Welcome\n\nPassword:
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 0000 05 01 00 13 00 00 57 65 6c 63 6f 6d 65 0a 0a 50 ......We lcome..P
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 0010 61 73 73 77 6f 72 64 3a 20 assword:
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 AUTHEN, status=5 (AUTHEN/GETPASS) flags=0x1
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 msg_len=19, data_len=0
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 msg (len: 19): Welcome\n\nPassword:
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 data (len: 0):
106136: 09:34:46.631 0/fd88ab71: 30.118.110.178 ---<end packet>---
106136: 09:34:46.671 0/fd88ab71: 30.118.110.178 ---<start packet>---
106136: 09:34:46.671 0/fd88ab71: 30.118.110.178 key used: demo
106136: 09:34:46.671 0/fd88ab71: 30.118.110.178 version: 192, type: 1, seq no: 3, flags: unencrypted
106136: 09:34:46.671 0/fd88ab71: 30.118.110.178 session id: 71ab88fd, data length: 14
106136: 09:34:46.671 0/fd88ab71: 30.118.110.178 packet body [partially masked] (len: 14): \000\t\000\000\000*********
106136: 09:34:46.671 0/fd88ab71: 30.118.110.178 0000 00 09 00 00 00 2a 2a 2a 2a 2a 2a 2a 2a 2a .....*** ******
106136: 09:34:46.671 0/fd88ab71: 30.118.110.178 AUTHEN/CONT user_msg_len=9, user_data_len=0
106136: 09:34:46.671 0/fd88ab71: 30.118.110.178 ---<end packet>---
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 shell login for '283797' from 10.11.225.69 on tty1 succeeded
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 Writing AUTHEN/PASS size=18
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 ---<start packet>---
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 key used: demo
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 version: 192, type: 1, seq no: 4, flags: unencrypted
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 session id: 71ab88fd, data length: 6
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 packet body (len: 6): \001\000\000\000\000\000
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 0000 01 00 00 00 00 00 ......
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 AUTHEN, status=1 (AUTHEN/PASS) flags=0x0
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 msg_len=0, data_len=0
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 msg (len: 0):
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 data (len: 0):
106136: 09:34:46.679 0/fd88ab71: 30.118.110.178 ---<end packet>---
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 New session
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 ---<start packet>---
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 key used: demo
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 version: 192, type: 2, seq no: 1, flags: unencrypted
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 session id: 71ab88fd, data length: 49
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 packet body (len: 49): \006\017\001\001\006\004\f\002\r\004283797tty110.11.225.69service=shellcmd*
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 0000 06 0f 01 01 06 04 0c 02 0d 04 32 38 33 37 39 37 ........ ..283797
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 0010 74 74 79 31 31 30 2e 31 31 2e 32 32 35 2e 36 39 tty110.1 1.225.69
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 0020 73 65 72 76 69 63 65 3d 73 68 65 6c 6c 63 6d 64 service= shellcmd
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 0030 2a *
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 AUTHOR, priv_lvl=15
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 authen_type=ascii (1)
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 authen_method=tacacs+ (6)
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 service=login (1)
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 user_len=6 port_len=4 rem_addr_len=12 arg_cnt=2
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 user (len: 6): 283797
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 port (len: 4): tty1
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 rem_addr (len: 12): 10.11.225.69
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 arg[0] (len: 13): service=shell
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 arg[1] (len: 4): cmd*
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 ---<end packet>---
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 Writing AUTHOR/PASS_ADD size=30
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 ---<start packet>---
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 key used: demo
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 version: 192, type: 2, seq no: 2, flags: unencrypted
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 session id: 71ab88fd, data length: 18
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 packet body (len: 18): \001\001\000\000\000\000\vpriv-lvl=15
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 0000 01 01 00 00 00 00 0b 70 72 69 76 2d 6c 76 6c 3d .......p riv-lvl=
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 0010 31 35 15
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 AUTHOR/REPLY, status=1 (AUTHOR/PASS_ADD)
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 msg_len=0, data_len=0, arg_cnt=1
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 msg (len: 0):
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 data (len: 0):
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 arg[0] (len: 11): priv-lvl=15
106136: 09:34:46.755 1/fd88ab71: 30.118.110.178 ---<end packet>---
106136: 09:35:06.662 2/22167906: 30.118.110.178 New session
106136: 09:35:06.662 2/22167906: 30.118.110.178 ---<start packet>---
106136: 09:35:06.662 2/22167906: 30.118.110.178 key used: demo
106136: 09:35:06.662 2/22167906: 30.118.110.178 version: 192, type: 3, seq no: 1, flags: unencrypted
106136: 09:35:06.662 2/22167906: 30.118.110.178 session id: 06791622, data length: 111
106136: 09:35:06.662 2/22167906: 30.118.110.178 packet body (len: 111): \004\006\017\001\001\006\004\f\005\v\f\r\v\034283797tty110.11.225.69task_id=841timezone=UTCservice=shellpriv-lvl=14cmd=show running-config <cr>
106136: 09:35:06.662 2/22167906: 30.118.110.178 0000 04 06 0f 01 01 06 04 0c 05 0b 0c 0d 0b 1c 32 38 ........ ......28
106136: 09:35:06.662 2/22167906: 30.118.110.178 0010 33 37 39 37 74 74 79 31 31 30 2e 31 31 2e 32 32 3797tty1 10.11.22
106136: 09:35:06.662 2/22167906: 30.118.110.178 0020 35 2e 36 39 74 61 73 6b 5f 69 64 3d 38 34 31 74 5.69task _id=841t
106136: 09:35:06.662 2/22167906: 30.118.110.178 0030 69 6d 65 7a 6f 6e 65 3d 55 54 43 73 65 72 76 69 imezone= UTCservi
106136: 09:35:06.662 2/22167906: 30.118.110.178 0040 63 65 3d 73 68 65 6c 6c 70 72 69 76 2d 6c 76 6c ce=shell priv-lvl
106136: 09:35:06.662 2/22167906: 30.118.110.178 0050 3d 31 34 63 6d 64 3d 73 68 6f 77 20 72 75 6e 6e =14cmd=s how runn
106136: 09:35:06.662 2/22167906: 30.118.110.178 0060 69 6e 67 2d 63 6f 6e 66 69 67 20 3c 63 72 3e ing-conf ig <cr>
106136: 09:35:06.662 2/22167906: 30.118.110.178 Packet malformed, skipping detailed dump.
106136: 09:35:06.662 2/22167906: 30.118.110.178 ---<end packet>---
106136: 09:35:06.662 2/22167906: 30.118.110.178 Writing ACCT size=56
106136: 09:35:06.662 2/22167906: 30.118.110.178 ---<start packet>---
106136: 09:35:06.662 2/22167906: 30.118.110.178 key used: demo
106136: 09:35:06.662 2/22167906: 30.118.110.178 version: 192, type: 3, seq no: 2, flags: unencrypted
106136: 09:35:06.662 2/22167906: 30.118.110.178 session id: 06791622, data length: 44
106136: 09:35:06.662 2/22167906: 30.118.110.178 packet body (len: 44): \000'\000\000\002Illegal packet (version=0xc0 type=0x03)
106136: 09:35:06.662 2/22167906: 30.118.110.178 0000 00 27 00 00 02 49 6c 6c 65 67 61 6c 20 70 61 63 .'...Ill egal pac
106136: 09:35:06.662 2/22167906: 30.118.110.178 0010 6b 65 74 20 28 76 65 72 73 69 6f 6e 3d 30 78 63 ket (ver sion=0xc
106136: 09:35:06.662 2/22167906: 30.118.110.178 0020 30 20 74 79 70 65 3d 30 78 30 33 29 0 type=0 x03)
106136: 09:35:06.662 2/22167906: 30.118.110.178 ACCT/REPLY, status=2, msg_len=39, data_len=0
106136: 09:35:06.662 2/22167906: 30.118.110.178 msg (len: 39): Illegal packet (version=0xc0 type=0x03)
106136: 09:35:06.662 2/22167906: 30.118.110.178 data (len: 0):
106136: 09:35:06.662 2/22167906: 30.118.110.178 ---<end packet>---
Marc Huber
Dec 25, 2024, 3:16:03 AM12/25/24
to event-driv...@googlegroups.com
Hi Charles,
thanks, commit 803270c55d4d77872ccc10ad3e4a82bbcf0e4fd1 should fix this
issue, This regression was caused by an incomplete backport from
tac_plus-ng, sorry for that!
As a reminder: tac_plus is superseeded by tac_plus-ng and I strongly
recommend to use the latter for new installations.
Cheers,
Marc
On 25.12.2024 02:44, Charles wrote:
> Hi Marc,
>
> Below is the hex dump of the accounting packet, please take a look.
<snip>
thanks, commit 803270c55d4d77872ccc10ad3e4a82bbcf0e4fd1 should fix this
issue, This regression was caused by an incomplete backport from
tac_plus-ng, sorry for that!
As a reminder: tac_plus is superseeded by tac_plus-ng and I strongly
recommend to use the latter for new installations.
Cheers,
Marc
On 25.12.2024 02:44, Charles wrote:
> Hi Marc,
>
> Below is the hex dump of the accounting packet, please take a look.
Charles
Dec 25, 2024, 4:17:24 AM12/25/24
to Event-Driven Servers
Hi Marc,
Today I tried using tac_plus-ng and tested it with three different devices, everything is working perfectly. Thanks a lot.
Reply all
Reply to author
Forward
0 new messages