[RADIATOR] Which hook and how to get destination host

Fri Jun 28 08:33:04 UTC 2024

On 26.6.2024 14.09, Stefan Paetow via radiator wrote:

> I am trying to fix a looping problem between two hosts that does not 
> rely on attributes being added to packets.
>
> I know I can retrieve the client address from the request as 
> Radius::Util::inet_ntop($request->{RecvFromAddress}), but I'd like to 
> do the same for the destination host that's been selected to proxy the 
> request to. Which handler/hook would be the best to do this in? 
> PreHandlerHook in the destination AuthBy? And… how do I get the IP 
> address of the destination host (or the selected host if there are 
> multiple)?
>

That's an interesting question. Many of the hooks run well before the 
next hop details (IP + port) are resolved, but I think I found a solution.

> Or is this not possible?
>

It's possible. There's one hook that runs just before the request is 
forwarded. I came up with the following idea. Note that you'd need to 
have a <Host ...> clause because that's where the hook goes into. It 
should also work with the other proxy AuthBys, such as AuthBy HASHBALANCE.

Here's a config snippet and the hook:

<AuthBy RADIUS>
     VsaVendor Generic
     VsaTranslateOut
     AuthPort 1812
     AcctPort 1813

     <Host 127.0.0.1>
         Secret mysecret
         # Other host specific parameters

         # $p is the request, $is_out is set for outgoing messages
         # $fp is the request that's about to be forwarded
         VsaTranslationHook sub { my ($p, $is_out, $fp) = @_; \
           my $host = $fp->{ThisHost}; \
           my $addr = @{$host->{Address}}[$host->{roundRobinCounter} % 
@{$host->{Address}}]; \

           my $port = $fp->code eq 'Accounting-Request' \
               ? $host->{AcctPort} : $host->{AuthPort}; \
           my $ip = Radius::Util::inet_ntop($addr); \
           main::log($main::LOG_INFO, "Forwarding to IP $ip port 
$port\n"); }
     </Host>
</AuthBy>

The Vendor Specific Attribute (VSA) translation parameters are 
documented here, except of the hook that needs to be documented:
https://files.radiatorsoftware.com/radiator/ref/Clientxxxxxx.html#VsaTranslateIn_Client

The round robin counter is explained below. Briefly, it's for the cases 
where Host is defined with a name that resolves to multiple IP addresses:

https://files.radiatorsoftware.com/radiator/ref/AuthByRADIUS.html#Host

Thanks,
Heikki

-- 
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20240628/2f1734d0/attachment.html>