[RADIATOR] RADIUS limit on accounting data

Hugh Irvine hugh at open.com.au
Fri Jan 9 16:24:51 CST 2009 

Hello Michael -

You can just put the PreClientHook in your configuraiton file, and  
have the code bail if the request is not an accounting request.

See the examples in "goodies/hooks.txt".

regards

Hugh


On 10 Jan 2009, at 02:42, Michael Harlow wrote:

> Hi Joe (and Martin), thanks for the pointer to the gigawords stuff.  
> That goodies directory is a treasure trove if you know where to look.
>
> I've got a couple of issues still, and I'm also now unable to test  
> this until Monday.
>
> Do you need to turn it on on Cisco switches and routers? Or is it  
> default these days?
>
> I use ClientListSQL and I cannot put a PreClientHook in there, but I  
> think this was changed a couple of days ago, so I'll get the latest  
> patch set applied again.
>
> However using a PreClientHook means that every packet goes thru this  
> hook, including Auth packets. I'd rather put it in the Handler that  
> does just the accounting, as a PreProcessingHook, but I already have  
> one (eap-anon-hook thingy). Is there a way to have two hooks in a  
> Handler, or do I need to create a perl file, with both functions  
> wrapped into a single perl subroutine?
>
>> From reading some RFCs I can see that the gigawords stuff has an  
>> attribute value of 52 and 53 (34 and 35 hex?)
>
> I did not see these gigwords in the debug for an "Alive" packet from  
> earlier today, but I don't have a debug of a stop packet to see if  
> it is in that packet until I get back to work.
>
> The RFC says "This attribute indicates how many times the Acct- 
> Output-Octets
>      counter has wrapped around 2^32 in the course of delivering this
>      service, and can only be present in Accounting-Request records
>      where the Acct-Status-Type is set to Stop or Interim-Update.
>
> Cisco claim the Wism complies with this RFC 2869
>
> Is not an "Alive" the same as an Interim-Update? Below is the alive  
> that has wrapped past 4G.
>
> #######################
> Output octets should be about 4.8Gb in this debug
> Viz
> Packet length = 200
> 04 2e 00 c8 46 c5 a2 94 66 7e a9 b3 7c cf 63 e8
> 4a 4c 03 76 01 06 6d 69 6b 65 05 06 00 00 00 1d
> 04 06 ac 1f 03 02 08 06 0a c8 05 eb 20 08 57 69
> 73 6d 42 31 1a 0c 00 00 37 63 01 06 00 00 00 02
> 2c 20 34 39 36 36 39 31 62 39 2f 30 30 3a 31 62
> 3a 37 37 3a 39 33 3a 34 37 3a 39 38 2f 34 30 35
> 2d 06 00 00 00 01 40 06 00 00 00 0d 41 06 00 00
> 00 06 51 06 32 30 30 35 28 06 00 00 00 03 2a 06
> 07 d7 3c 7f 2b 06 03 9a b0 94 2f 06 00 19 1d 07
> 30 06 00 32 1a ec 2e 06 00 00 0d 67 29 06 00 00
> 00 00 1f 13 30 30 2d 31 62 2d 37 37 2d 39 33 2d
> 34 37 2d 39 38 1e 13 30 30 2d 31 37 2d 65 30 2d
> 30 63 2d 36 31 2d 36 30
> Code:       Accounting-Request
> Identifier: 46
> Authentic:  F<197><162><148>f~<169><179>|<207>c<232>JL<3>v
> Attributes:
> 	User-Name = "mike"
> 	NAS-Port = 29
> 	NAS-IP-Address = 172.31.3.2
> 	Framed-IP-Address = 10.200.5.235
> 	NAS-Identifier = "WismB1"
> 	Airespace-WLAN-Id = 2
> 	Acct-Session-Id = "496691b9/00:1b:77:93:47:98/405"
> 	Acct-Authentic = RADIUS
> 	Tunnel-Type = 0:VLAN
> 	Tunnel-Medium-Type = 0:802
> 	Tunnel-Private-Group-ID = 2005
> 	Acct-Status-Type = Alive
> 	Acct-Input-Octets = 131546239
> 	Acct-Output-Octets = 60469396
> 	Acct-Input-Packets = 1645831
> 	Acct-Output-Packets = 3283692
> 	Acct-Session-Time = 3431
> 	Acct-Delay-Time = 0
> 	Calling-Station-Id = "00-1b-77-93-47-98"
> 	Called-Station-Id = "00-17-e0-0c-61-60"
>
> ########################
>
> Cheers, Michael
>
>
>
>
>
> -----Original Message-----
> From: Joe Hughes [mailto:joeyconcrete at gmail.com]
> Sent: Friday, 9 January 2009 8:45 PM
> To: Michael Harlow
> Cc: radiator at open.com.au
> Subject: Re: [RADIATOR] RADIUS limit on accounting data
>
> We use Cisco kit and, like you, I discovered the same issue early on!
> I use 'gigawords-hook.pl' which sorts it out for you.
>
> PreClientHook file:"%D/gigawords-hook.pl"
>
>
>
> 2009/1/9 Michael Harlow <Michael.Harlow at utas.edu.au>:
>> Hi,
>>
>> I've struck an issue with my accounting data, where it wraps.  
>> Initially the database refused the INSERT  once it exceeded a  
>> signed 4-byte integer (2Gb). I changed the database to bigint, and  
>> so it can now handle 8-byte integers. Now however it wraps at  
>> unsigned 4-byte integer (4G). I've traced it down to the value in  
>> the RADIUS packet coming into Radiator. My NAS is doing the wrap.
>>
>> Before I hassle the vendor (Cisco WiSM), does the RADIUS protocol  
>> allow for a larger accounting attribute, or does all NAS have this  
>> 4G limit?
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list