AW: (RADIATOR) radiators duplicate detection (ClientIP+Identifier+?SourcePort?)

Rainer Huber rainer.huber at gmx.at
Thu Oct 2 12:45:39 CDT 2003


Hi Arjan,

you are right - I've read over it...


cu
Rainer

-----Ursprungliche Nachricht-----
Von: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]Im
Auftrag von Arjan Waardenburg
Gesendet: Donnerstag, 02. Oktober 2003 17:07
An: rainer.huber at gmx.at
Cc: radiator at open.com.au; 'Hugh Irvine'
Betreff: RE: (RADIATOR) radiators duplicate detection
(ClientIP+Identifier+?SourcePort?)


Hi Rainer,

As stated in the changelog for 3.6, Radiator no longer indexes on UDP
port. This is illustrated by the following code from Client.pm :

# its not a dup, save the id for later dup checking
$self->{RecentIdentifiers}->{$p->{RecvFromAddress}}->{$code .
$p->identifier} = $p->{RecvTime};

Seems like the comment block was not changed to reflect this new, not
RFC compliant, duplicate checking.

wkr
Arjan

-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Hugh Irvine
Sent: Tuesday, September 30, 2003 12:36 AM
To: rainer.huber at gmx.at
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) radiators duplicate detection
(ClientIP+Identifier+?SourcePort?)



Hello Rainer -

Here is the comment block from "Radius/Client.pm":

# In order to detect duplicate arrivals, we keep an array
# of arrivals ($self->{RecentIdentifiers})indexed by
# the IP address of the host that sent the request,
# the UDP port number (some hosts like Lucent TNT have multiple ID space
# on different port numbers), the Radius packet identifier (8 bits), #
concatenated with the packet type code. # (The packet code is used
because some NASs use different packet # sequences for different request
types) # The value stored in each element of the array is the time # we
last received a packet with that identifier from this client. # If the
time interval is less than DupInterval, the packet is assumed 
to be
# duplicate, and is ignored


Does this answer your question?

regards

Hugh


On Tuesday, Sep 30, 2003, at 07:16 Australia/Melbourne, Rainer Huber 
wrote:

> Hi!
>
> I've seen that radiator detects duplicate records depending only on 
> the identifier and the client IP:
>
> "If more than 1 Radius request from this Client with the same Radius 
> Identifier are received within DupInterval seconds, the 2nd and 
> subsequent are ignored."
>
> Shouldn't be the Identifier, the ClientIP and the SourcePort the keys
> for
> duplicates?
>
> The RFC 2865 says:
>
> "Identifier: The Identifier field is one octet, and aids in matching 
> requests and replies. The RADIUS server can detect a duplicate request

> if it has the same client source IP address and source UDP port and
> Identifier
> within a short span of time."
>
>
> Is it a mistake in the refmanual?
>
> Regards,
> Rainer
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

________________________________________________________________________
______________
This inbound message to KPN has been checked for all known viruses by
KPN MailScan
(IV-Scan), powered by MessageLabs.
For further information visit: http://www.veiliginternet.nl
________________________________________________________________________
______________

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list