(RADIATOR) Testing Radius traffic

Claudio Lapidus c_lapidus at hotmail.com
Sun Sep 28 21:45:14 CDT 2003 

Hello Hugh

For the first case, I finally decided to flag the packet with a special
value (Tiemstamp=0) and trap it in a dedicated handler, it works a charm,
but the replies...

> For the second case, yes you can use a PostAuthHook and alter the reply
> to IGNORE.

Hmm, I must be missing something, I modified your example to work with
accounting requests, but it should have worked the same, IMHO:

$ cat discard_response.pl
sub
{
     use constant THRESHOLD => 0.3;

     my $p = ${$_[0]};   # original request packet
     my $rp = ${$_[1]};  # reply packet to NAS
     my $handled = $_[2]; # flag to indicate ACCEPT, REJECT or IGNORE

     # Only deal with accounting requests
     my $code = $p->code();
     return unless $code eq 'Accounting-Request';

     my $r = rand;
     if ($r < THRESHOLD) {
         $handled = $main::IGNORE;
         &main::log($main::LOG_DEBUG, "Response IGNORED");
     }
     return;
}

and the config is

Foreground
LogStdout
Trace           4

# this one works OK
PreClientHook   file:"/export/home/radiator/discard_request.pl"

<Client 127.0.0.1>
        Secret          secret
        NasType         Cisco
        PreHandlerHook  file:"/export/home/radiator/ciscoavpair.pl"
</Client>

<AuthBy INTERNAL>
        Identifier      TheDropper
        DefaultResult   IGNORE
</AuthBy>

<AuthBy SQL>
        Identifier      Acct-Handler
        DBSource        dbi:Pg:dbname=xxxxx
        DBUsername      yyyyy
        DBAuth          zzzzz
        FailureBackoffTime      30

        AccountingTable ACCOUNTING_CISCO
        AcctColumnDef NAS_IP_Address,NAS-IP-Address
        AcctColumnDef Cisco_NAS_Port,Cisco-NAS-Port
        # lots of column defs here...

        AcctFailedLogFileName   /var/log/radiator_%d-%m-%Y_failed.log
</AuthBy SQL>


# Temp handler for traffic test
<Handler Timestamp=0>
        AuthBy  TheDropper
</Handler>


# Main handler
<Handler Request-Type=Accounting-Request>

        # this is the one giving trouble...
        PostAuthHook
file:"/export/home/radiator/discard_response.pl"
        AuthBy                  Acct-Handler
</Handler>


To test, I use

$ radpwtst -iterations 1 -s 127.0.0.1 -secret secret -noauth
Timestamp=1234567890
sending Accounting-Request Start...
OK
sending Accounting-Request Stop...
OK

But the trace shows
...
Sun Sep 28 23:34:03 2003: DEBUG: Handling request with Handler
'Request-Type=Accounting-Request'
Sun Sep 28 23:34:03 2003: DEBUG:  Adding session for mikem, 203.63.154.1,
1234
Sun Sep 28 23:34:03 2003: DEBUG: Handling with Radius::AuthSQL
Sun Sep 28 23:34:03 2003: DEBUG: Handling accounting with Radius::AuthSQL
Sun Sep 28 23:34:03 2003: DEBUG: do query is: 'insert into ACCOUNTING_CISCO
(time_stamp,NAS_Port_Type,NAS_IP_Address,Calling_Station_Id,Acct_Status_Type
,User_Name,Acct_Session_Id,Called_Station_Id,Service_Type,Acct_Delay_Time)
values
('1234567890','Async','203.63.154.1','987654321','Start','mikem','00001234',
'123456789','Framed-User','0')':

Sun Sep 28 23:34:04 2003: DEBUG: Response IGNORED
Sun Sep 28 23:34:04 2003: DEBUG: Accounting accepted
Sun Sep 28 23:34:04 2003: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 33804 ....
Code:       Accounting-Response
Identifier: 108
Authentic:  <5>P<154><218><183><181><135><28>/.<140><142>77<251><250>
Attributes:

So the hook says it set the reply to IGNORE, but then the handler is
accepting it anyway?
cl.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list