chewie.chewie module

Entry point for 802.1X speaker.

class chewie.chewie.Chewie(interface_name, logger=None, auth_handler=None, failure_handler=None, logoff_handler=None, radius_server_ip=None, radius_server_port=None, radius_server_secret=None, chewie_id=None)

Bases: object

Facilitates EAP supplicant and RADIUS server communication

DEFAULT_PORT_UP_IDENTITY_REQUEST_WAIT_PERIOD = 20

DEFAULT_PREEMPTIVE_IDENTITY_REQUEST_INTERVAL = 60

PAE_GROUP_ADDRESS = MacAddress.from_string("01:80:c2:00:00:03")

RADIUS_UDP_PORT = 1812

auth_failure(src_mac, port_id): failure shim between faucet and chewie Args:

src_mac (MacAddress): the mac of the failed supplicant port_id (MacAddress): the ‘mac’ identifier of what switch port

the failure is on

auth_logoff(src_mac, port_id): logoff shim between faucet and chewie Args:

src_mac (MacAddress): the mac of the logoff supplicant port_id (MacAddress): the ‘mac’ identifier of what switch port

the logoff is on

auth_success(src_mac, port_id, period, *args, **kwargs): authentication shim between faucet and chewie Args:

src_mac (MacAddress): the mac of the successful supplicant port_id (MacAddress): the ‘mac’ identifier of what switch port the success is on period (int): time (seconds) until the session times out.

get_state_machine(src_mac, port_id, message_id=-1)

Gets or creates if it does not already exist an FullEAPStateMachine for the src_mac. Args:

message_id (int): eap message id, -1 means none found. src_mac (MacAddress): who’s to get. port_id (MacAddress): ID of the port where the src_mac is.

Returns:: FullEAPStateMachine

get_state_machine_from_radius_packet_id(packet_id)

Gets a FullEAPStateMachine from the RADIUS message packet_id Args:

packet_id (int): id of the received RADIUS message

Returns:: FullEAPStateMachine

port_down(port_id): should be called by faucet when port has gone down. Args:

port_id (str): id of port.

port_up(port_id): should be called by faucet when port has come up Args:

port_id (str): id of port.

reauth_port(src_mac, port_id): Send an Identity Request to src_mac, on port_id. prompting the supplicant to re authenticate. Args:

src_mac (MacAddress): port_id (str):

receive_eap_messages(): receive eap messages from supplicant forever.

receive_mab_messages(): Receive DHCP request for MAB.

receive_radius_messages(): receive RADIUS messages from RADIUS server forever.

run(): setup chewie and start socket eventlet threads

running(): Used to nicely exit the event loops

send_eap_messages(): Send EAP messages to Supplicant forever.

send_eap_to_state_machine(eap, dst_mac): sends an eap message to the state machine

send_eth_to_state_machine(packed_message): Send an ethernet frame to MAB State Machine

send_preemptive_identity_request(port_id, state_machine=None): Message (EAP Identity Request) that notifies supplicant that port is using 802.1X Args:

port_id (str):

send_preemptive_identity_request_if_no_active_on_port(port_id): If there is no active (in progress, or in state success(2)) supplicant send out the preemptive identity request message. Args:

port_id (str):

send_radius_messages(): send RADIUS messages to RADIUS Server forever.

send_radius_to_state_machine(radius): sends a radius message to the state machine

set_port_status(port_id, status): Send status of a port at port_id Args:

port_id (): status ():

setup_eap_socket(): Setup EAP socket

setup_mab_socket(): Setup Mab socket

setup_radius_socket(): Setup Radius socket

shutdown(): kill eventlets and quit

start_threads_and_wait(): Start the thread and wait until they complete (hopefully never)

chewie.chewie.get_random_id()

chewie.chewie.unpack_byte_string(byte_string): unpacks a byte string