[RADIATOR] ReplyHook Setting code of reply packet

Tim Jones tim.jones at fon.com
Mon Apr 8 10:33:17 CDT 2013 

Hi all,

I have a Radiator instance acting as a proxy, receiving Access-Request and
converting it to a Change-Filter-Request before sending it on again. When
it receives the response, it should reply to the originator with
Access-Accept or Access-Reject, rather than the Change-Filter-ACKed or
Change-Filter-NAKed it receives.

In the ReplyHook, I have a very simple if statement checking the code, and
changing it in the response. The response is then sent back to the NAS, but
without the code I specify.

Best regards,

Config & trace logs

---- radius.cfg ----

<Handler Request-Type=Access-Request, Client-Identifier=proxy_client>
    Identifier access-request_proxy_handler
    PreAuthHook file:"%{GlobalVar:config_dir}/hooks/preauthhook.pl"
    <AuthBy RADIUS>
        # Partner-router
        Host x.x.x.x
        AuthPort 1812
        Secret partner-secret
        AllowInRequest User-Name, NAS-IP-Address, Alc-Subsc-ID-Str, Class,
Session-Timeout, Idle-Timeout
        ReplyHook file:"%{GlobalVar:config_dir}/hooks/replyhook.pl"
    </AuthBy>
</Handler>

---- preauthhook.pl ----

sub
{
    use strict;

    &main::log($main::LOG_DEBUG, 'IN PREAUTHHOOK');

    my $p = ${$_[0]};
    $p->set_code('Change-Filter-Request');
}

---- replyhook.pl ----

sub
{
    use strict;

    &main::log($main::LOG_DEBUG, 'IN REPLYHOOK');

    my $p = ${$_[0]};   # proxy reply packet
    my $rp = ${$_[1]};  # reply packet to NAS
    my $op = ${$_[2]};  # original request packet
    my $sp = ${$_[3]};  # packet sent to proxy

    if ($p->code eq 'Change-Filter-Request-ACKed')
    {
        &main::log($main::LOG_DEBUG, 'CoA Acknowledged');
        $rp->set_code('Access-Accept');
        $op->{RadiusResult}=$main::ACCEPT;
    }
    else
    {
        &main::log($main::LOG_DEBUG, 'CoA Rejected');
        $rp->set_code('Access-Reject');
        #$op->{RadiusResult}=$main::REJECT;
    }
}

---- log ----


Mon Apr  8 15:30:33 2013: DEBUG: Packet dump:
*** Received from x.x.x.x port 57791 ....
Code:       Access-Request
Identifier: 1
Authentic:
<206><173><20><176><255><230><129><180>W<149><208><130>1<152><10>I
Attributes:
    User-Name = "test"
    NAS-IP-Address = n.n.n.n
    NAS-Identifier = "n.n.n.n"
    Called-Station-Id = "123456789"
    Calling-Station-Id = "987654321"
    NAS-IP-Address = i.i.i.i
    Calling-Station-Id = "11:11:11:11:11:11"
    Class = "PartnerClassAttribute"
    Session-Timeout = 600
    User-Password = <129><235><165><144>d<216><152>DPx<168>+<226><221>&<

Mon Apr  8 15:30:33 2013: DEBUG: Handling request with Handler
'Request-Type=Access-Request, Client-Identifier=proxy_client', Identifier
'access-request_proxy_handler'
Mon Apr  8 15:30:33 2013: DEBUG:  Deleting session for test, n.n.n.n,
Mon Apr  8 15:30:33 2013: DEBUG: IN PREAUTHHOOK
Mon Apr  8 15:30:33 2013: DEBUG: Handling with Radius::AuthRADIUS
Mon Apr  8 15:30:33 2013: DEBUG: AuthBy RADIUS creates new local socket
'x.x.x.x:0' for sending requests
Mon Apr  8 15:30:33 2013: DEBUG: Packet dump:
*** Sending to x.x.x.x port 1812 ....
Code:       Change-Filter-Request
Identifier: 1
Authentic:  <238>]<170>x<219>8,<139>q<144>2|<182><192>n3
Attributes:
    User-Name = "test"
    NAS-IP-Address = n.n.n.n
    NAS-IP-Address = i.i.i.i
    Class = "PartnerClassAttribute"
    Session-Timeout = 600
    User-Password =
<223><179><13><26><150><161><7>!<140>0M<190><130><135>7<8>

Mon Apr  8 15:30:33 2013: DEBUG: AuthBy RADIUS result: IGNORE,
Mon Apr  8 15:30:33 2013: DEBUG: Received reply in AuthRADIUS for req 1
from x.x.x.x:1812
Mon Apr  8 15:30:33 2013: DEBUG: Packet dump:
*** Received from x.x.x.x port 1812 ....
Code:       Change-Filter-Request-ACKed
Identifier: 1
Authentic:  +<216><141>C<27><229>&6O<15><206><160>&<245>P^
Attributes:

Mon Apr  8 15:30:33 2013: DEBUG: IN REPLYHOOK
Mon Apr  8 15:30:33 2013: DEBUG: CoA Acknowledged
Mon Apr  8 15:30:33 2013: DEBUG: Change-Filter-Request accepted
Mon Apr  8 15:30:33 2013: DEBUG: Packet dump:
*** Sending to x.x.x.x port 57791 ....
Code:       Change-Filter-Request-ACKed
Identifier: 1
Authentic:  <174>~b<229><234><6>Y<10>3<30><230>VD<28><215>C
Attributes:

Tim Jones
*Technology & Quality
*
**
**
tim.jones at fon.com
Skype: Tim.Jones.Fon

C/ Quintanavides 15. Edificio 2, Planta 1ª
Parque Empresarial Vía Norte, de Metrovacesa
28050 Las Tablas. Madrid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20130408/02f37346/attachment.html

More information about the radiator mailing list