:tocdepth: 3

base/protocols/radius/main.bro
==============================
.. bro:namespace:: RADIUS

Implements base functionality for RADIUS analysis. Generates the radius.log file.

:Namespace: RADIUS
:Imports: :doc:`base/protocols/radius/consts.bro </scripts/base/protocols/radius/consts.bro>`, :doc:`base/utils/addrs.bro </scripts/base/utils/addrs.bro>`
:Source File: :download:`/scripts/base/protocols/radius/main.bro`

Summary
~~~~~~~
Options
#######
============================================================================== ================================================================
:bro:id:`RADIUS::expiration_interval`: :bro:type:`interval` :bro:attr:`&redef` The amount of time we wait for an authentication response before
                                                                               expiring it.
============================================================================== ================================================================

Types
#####
============================================ =
:bro:type:`RADIUS::Info`: :bro:type:`record` 
============================================ =

Redefinitions
#############
========================================== =
:bro:type:`Log::ID`: :bro:type:`enum`      
:bro:type:`connection`: :bro:type:`record` 
========================================== =

Events
######
=============================================== ======================================================================
:bro:id:`RADIUS::log_radius`: :bro:type:`event` Event that can be handled to access the RADIUS record as it is sent on
                                                to the loggin framework.
=============================================== ======================================================================

Functions
#########
============================================== ===================================================================
:bro:id:`RADIUS::expire`: :bro:type:`function` Logs an authentication attempt if we didn't see a response in time.
============================================== ===================================================================


Detailed Interface
~~~~~~~~~~~~~~~~~~
Options
#######
.. bro:id:: RADIUS::expiration_interval

   :Type: :bro:type:`interval`
   :Attributes: :bro:attr:`&redef`
   :Default: ``10.0 secs``

   The amount of time we wait for an authentication response before
   expiring it.

Types
#####
.. bro:type:: RADIUS::Info

   :Type: :bro:type:`record`

      ts: :bro:type:`time` :bro:attr:`&log`
         Timestamp for when the event happened.

      uid: :bro:type:`string` :bro:attr:`&log`
         Unique ID for the connection.

      id: :bro:type:`conn_id` :bro:attr:`&log`
         The connection's 4-tuple of endpoint addresses/ports.

      username: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
         The username, if present.

      mac: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
         MAC address, if present.

      remote_ip: :bro:type:`addr` :bro:attr:`&log` :bro:attr:`&optional`
         Remote IP address, if present.

      connect_info: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
         Connect info, if present.

      result: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
         Successful or failed authentication.

      logged: :bro:type:`bool` :bro:attr:`&optional`
         Whether this has already been logged and can be ignored.


Events
######
.. bro:id:: RADIUS::log_radius

   :Type: :bro:type:`event` (rec: :bro:type:`RADIUS::Info`)

   Event that can be handled to access the RADIUS record as it is sent on
   to the loggin framework.

Functions
#########
.. bro:id:: RADIUS::expire

   :Type: :bro:type:`function` (t: :bro:type:`table` [:bro:type:`count`] of :bro:type:`RADIUS::Info`, idx: :bro:type:`count`) : :bro:type:`interval`

   Logs an authentication attempt if we didn't see a response in time.
   

   :t: A table of Info records.
   

   :idx: The index of the connection$radius table corresponding to the
        radius authentication about to expire.
   

   :returns: 0secs, which when this function is used as an
            :bro:attr:`&expire_func`, indicates to remove the element at
            *idx* immediately.


