(RADIATOR) insert errors

Mike McCauley mikem at open.com.au
Sun Oct 21 19:23:24 CDT 2001


Hello Jerome,

Thanks for the patch. I think you are right: it is more correct to match on 
the real IP address of the originator, rather than what is claimed in 
NAS-IP-Address.

We have rolled in your patch for the next release.

Thanks!

On Fri, 19 Oct 2001 10:15, Hugh Irvine wrote:
> Salut Jerome -
>
> Merci pour ca!
>
> I have copied Mike on this mail and he will consider the patch for
> inclusion in the next release.
>
> A+
>
> Hugues
>
> On Thursday 18 October 2001 20:00, Jerome Fleury wrote:
> > --On Tuesday, October 16, 2001 09:57:17 AM +0200 Jesús M Díaz
> >
> > <jesus.diaz at telia-iberia.com> wrote:
> > > Hello,
> > >
> > > i had the same problem too, but whit the pair
> > > 'nas-identifier/nas-port'. i could solve it changing the AddQuery
> > > sentence at 'session sql' clause from 'insert into ...' to 'replace
> > > into ...'.
> > >
> > > the problem, as i could see, is when due an error or any other reason,
> > > Radiator keeps a session entry but that sessions is not real yet.
> > >
> > > regards
> >
> > I don't really know if your problem is related to mine, but in our
> > configuration (big ISP, about 80 requests/s) we had a lot of duplicates.
> > To avoid this we patched Radiator to handle "real" duplicates.
> >
> > For that, we match packets not only on packet ID, but on NAS IP and UDP
> > port Number (because some hosts like Lucent TNT have multiple ID space on
> > different port numbers). The patch is working perfectly.
> > Maybe this patch could be integrated into official release ?
> >
> > Here it is for Radiator 2.18.4:
> >
> > ----------------------8X cut here 8X--------------------------
> > *** Radius/Client.pm.old	Wed Oct  3 15:28:46 2001
> > --- Radius/Client.pm	Wed Oct  3 15:27:55 2001
> > ***************
> > *** 6,21 ****
> >   # Name    the host name the Client was created with
> >   # Host    Packed host address of the client
> >   #
> >   # In order to detect duplicate arrivals, we keep an array
> > ! # of arrivals ($self->{RecentIdentifiers})indexed by the Radius packet
> > ! # identifier (8 bits), concatenated with the packet type code.
> >   # (The packet code is used because some NASs use different packet
> >   # sequences for different request types)
> >   # The value stored in each element of the array is the time
> > ! # we last received
> > ! # a packet with that identifier from this client.
> > ! # If the time interval is
> > ! # less than DupInterval, the packet is assumed to be
> >   # duplicate, and is ignored
> >   #
> >   # Author: Mike McCauley (mikem at open.com.au)
> > --- 6,23 ----
> >   # Name    the host name the Client was created with
> >   # Host    Packed host address of the client
> >   #
> > + # Patch by b.grange at libertysurf.fr (the old code did not use the IP
> > address):
> >   # In order to detect duplicate arrivals, we keep an array
> > ! # of arrivals ($self->{RecentIdentifiers})indexed by
> > ! # the IP address of the host that sent the request,
> > ! # the UDP port number (some hosts like Lucent TNT have multiple ID
> > space ! # on different port numbers), the Radius packet identifier (8
> > bits), ! # concatenated with the packet type code.
> >   # (The packet code is used because some NASs use different packet
> >   # sequences for different request types)
> >   # The value stored in each element of the array is the time
> > ! # we last received a packet with that identifier from this client.
> > ! # If the time interval is less than DupInterval, the packet is assumed
> > to be
> >   # duplicate, and is ignored
> >   #
> >   # Author: Mike McCauley (mikem at open.com.au)
> > ***************
> > *** 307,313 ****
> >   	    # accounting where the Acct-Delay-Time has changed, because
> >   	    # the identifier will also have changed. Gag.
> >   	    if (!$self->{NoIgnoreDuplicates}{$code}
> > ! 		&& $self->{RecentIdentifiers}->{$nas_id . $code}[$p->identifier]
> >
> >   		> ($p->{RecvTime} - $self->{DupInterval}))
> >
> >   	    {
> >   		if (!$is_reboot)
> > --- 309,315 ----
> >   	    # accounting where the Acct-Delay-Time has changed, because
> >   	    # the identifier will also have changed. Gag.
> >   	    if (!$self->{NoIgnoreDuplicates}{$code}
> > ! 		&& $self->{RecentIdentifiers}->{$p->{RecvFrom} .
> > $code}[$p->identifier]
> >
> >   		> ($p->{RecvTime} - $self->{DupInterval}))
> >
> >   	    {
> >   		if (!$is_reboot)
> > ***************
> > *** 314,320 ****
> >   		{
> >   		    # Its a duplicate, log it and ignore it
> >   		    my $id = $p->identifier;
> > ! 		    &main::log($main::LOG_INFO, "Duplicate request id $id received
> > from $nas_id: ignored");
> >   		    $self->{Statistics}{radiusServDupAccessRequests}++,
> >   		    $main::statistics{radiusAuthServTotalDupAccessRequests}++
> >   			if $code eq 'Access-Request';
> > --- 316,326 ----
> >   		{
> >   		    # Its a duplicate, log it and ignore it
> >   		    my $id = $p->identifier;
> > ! 		    my ($udpPort, $udpAddr) =
> > Socket::unpack_sockaddr_in($p->{RecvFrom} ! );
> > ! 		    my ($udpAddrPrint) = Socket::inet_ntoa($udpAddr);
> > !
> > ! 		    &main::log($main::LOG_INFO, "Duplicate request id $id received
> > from $udpAddrPrint($udpPort): ignored");
> >   		    $self->{Statistics}{radiusServDupAccessRequests}++,
> >   		    $main::statistics{radiusAuthServTotalDupAccessRequests}++
> >   			if $code eq 'Access-Request';
> > ***************
> > *** 327,333 ****
> >   	    else
> >   	    {
> >   		# its not a dup, save the id for later dup checking
> > ! 		$self->{RecentIdentifiers}->{$nas_id . $code}[$p->identifier]
> >   		    = $p->{RecvTime};
> >
> >   		# Call the PreHandlerHook, if there is one
> > --- 333,339 ----
> >   	    else
> >   	    {
> >   		# its not a dup, save the id for later dup checking
> > ! 		$self->{RecentIdentifiers}->{$p->{RecvFrom} . $code}[$p->identifier]
> >   		    = $p->{RecvTime};
> >
> >   		# Call the PreHandlerHook, if there is one
> > ----------------------8X cut here 8X--------------------------
> > --
> > Jerome Fleury	Freesbee/LibertySurf/WC
> > Network Team	Tel/Fax: +33 1 45082314
>
> ----------------------------------------
> Content-Type: application/pgp-signature; charset="iso-8859-1";
> name="Attachment: 1"
> Content-Transfer-Encoding: 7bit
> Content-Description:
> ----------------------------------------
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list