Authenticator - noxrepo/nox-classic GitHub Wiki
The authenticator application keeps an in-memory record of all authenticated hosts and users in the network, indexed on network location. A network location is defined by a 3-tuple consisting of
- a link layer address
- a network layer address, and
- an access point (datapath, port pair).
Other applications having a handle to the authenticator can ask for a host’s Connector record (defined in flow-in.hh) by calling get_con” and specifying a location. Hosts are indexed by network identifiers in the order dladdr->nwaddr->access point, and so partial lookup methods “get_dlconns” and “get_nwconns” requiring only the dladdr and dladdr+nwaddr, respectively, have also been exposed (useful for finding all network layer addresses on a link layer address etc).
On Packet_in events, the authenticator creates a Flow_in_event containing the source and destination access points, which the Routing application then listens for and uses to set up the flow’s route through the network. Lastly, the authenticator posts host join and leave events when a new network location becomes active or times out from inactivity, respectively. However, a join event is not posted when a new network address for an already active link layer address/access point pair is seen (as it is not a new host).
There are 3 types of Host_events (these are defined in src/nox/netapps/authenticator/host-event.hh):
Advertises a host as having joined or left the network. A host has 'joined' the network if when it authenticates for a new set of bindings, no active bindings for the host already exist. Thus join events are not posted for bindings the host authenticates with on top of its first set (See Host_bind_event for this information.).
A host 'leaves' the network when its last bindings are deauthenticated and it no longer has any active bindings.
All integer values are stored in host byte order, and should be passed in as such.
Host authentication/deauthentication event.
Triggers a host auth/deauth at a location for a set of addresses. On authentication, if nwaddr is not set to zero and the mac address is not that of a router, the host will automatically be authenticated for nwaddr == 0 at the location.
On deauthentication, fields can be wildcarded to deauthenticate a set of bindings. Bindings matching the non-wildcarded fields will be deauthenticated. These could be nwaddr bindings for a dladdr, an entire dladdr, or a location on a particular dladdr. These bindings can be described with their actual values, or by using hostname. If both nwaddr and location values are specified by the description (either directly as non-wildcarded, or indirecty through hostname), the location is removed if the nwaddr host owns the dladdr, allowing the nwaddr to remain authenticated for other locations on the dladdr, otherwise the nwaddr binding is removed, leaving the dladdr's host authenticated for the location.
All integer values are stored in host byte order, and should be passed in as such.
Host binding add/delete event.
Advertises a binding as having been added/removed from a host's active set of bindings. Posted for each mac address authenticated for a location, and each network address authenticated for a mac address. Includes the netid owning the binding. If both the location and nwaddr are set to zero, then signals a mac address binding.
All integer values are stored in host byte order, and should be passed in as such.