<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Aptos;

        panose-1:2 11 0 4 2 2 2 2 2 4;}

@font-face

        {font-family:"Times New Roman \(Body CS\)";

        panose-1:2 11 6 4 2 2 2 2 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0cm;

        font-size:11.0pt;

        font-family:"Aptos",sans-serif;

        mso-ligatures:standardcontextual;

        mso-fareast-language:EN-US;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

span.EmailStyle20

        {mso-style-type:personal-reply;

        font-family:"Calibri",sans-serif;

        color:windowtext;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;

        mso-ligatures:none;}

@page WordSection1

        {size:612.0pt 792.0pt;

        margin:72.0pt 72.0pt 72.0pt 72.0pt;}

div.WordSection1

        {page:WordSection1;}

--></style>

</head>

<body lang="EN-GB" link="blue" vlink="purple" style="word-wrap:break-word">

<div class="WordSection1">

<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">Hi Heikki,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">Thank you for this! I'll have a look and implement something, and then let you know if it works

</span><span style="font-family:"Apple Color Emoji"">😊</span><span style="font-family:"Calibri",sans-serif"><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">With kind regards<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>

<div>

<div>

<div>

<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB">Stefan Paetow</span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB">Federated Roaming Technical Specialist</span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB">eduroam(UK), Jisc</span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"> </span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB">email/teams: stefan.paetow@jisc.ac.uk</span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB">gpg: 0x3FCE5142</span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"> </span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB">For eduroam support, please contact the eduroam team via help@jisc.ac.uk and mark it for eduroam’s attention.</span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB">On Wednesdays and Fridays, I am not available between 12:00 and 15:00 London time (UTC in winter, UTC+0100 in summer).

</span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"> </span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB">jisc.ac.uk</span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"> </span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB">Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339,

 VAT No. GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, BS1 6NB Tel: 020 3697 5800.<o:p></o:p></span></p>

</div>

</div>

</div>

<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>

<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">

<p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif;color:black">From:

</span></b><span style="font-family:"Calibri",sans-serif;color:black">radiator <radiator-bounces@lists.open.com.au> on behalf of Heikki Vatiainen via radiator <radiator@lists.open.com.au><br>

<b>Reply to: </b>Heikki Vatiainen <hvn@open.com.au><br>

<b>Date: </b>Friday 28 June 2024 at 09:33<br>

<b>To: </b>"radiator@lists.open.com.au" <radiator@lists.open.com.au><br>

<b>Subject: </b>Re: [RADIATOR] Which hook and how to get destination host</span><span style="font-size:12.0pt;font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><o:p> </o:p></p>

</div>

<p>On 26.6.2024 14.09, Stefan Paetow via radiator wrote:<o:p></o:p></p>

<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">

<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">I am trying to fix a looping problem between two hosts that does not rely on attributes being added to packets.

</span><o:p></o:p></p>

<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif"> </span><o:p></o:p></p>

<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">I know I can retrieve the client address from the request as Radius::Util::inet_ntop($request->{RecvFromAddress}), but I'd like to do the same for the destination host that's been selected

 to proxy the request to. Which handler/hook would be the best to do this in? PreHandlerHook in the destination AuthBy? And… how do I get the IP address of the destination host (or the selected host if there are multiple)?</span><o:p></o:p></p>

</blockquote>

<p class="MsoNormal"><span style="font-size:12.0pt;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p> </o:p></span></p>

<p>That's an interesting question. Many of the hooks run well before the next hop details (IP + port) are resolved, but I think I found a solution.<o:p></o:p></p>

<p class="MsoNormal"><span style="font-size:12.0pt;mso-ligatures:none;mso-fareast-language:EN-GB"><br>

<br>

<o:p></o:p></span></p>

<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">

<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">Or is this not possible?</span><o:p></o:p></p>

</blockquote>

<p class="MsoNormal"><span style="font-size:12.0pt;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p> </o:p></span></p>

<p>It's possible. There's one hook that runs just before the request is forwarded. I came up with the following idea. Note that you'd need to have a <Host ...> clause because that's where the hook goes into. It should also work with the other proxy AuthBys,

 such as AuthBy HASHBALANCE.<o:p></o:p></p>

<p>Here's a config snippet and the hook:<o:p></o:p></p>

<p><span style="font-family:"Courier New""><AuthBy RADIUS><br>

    VsaVendor Generic<br>

    VsaTranslateOut<br>

    AuthPort 1812<br>

    AcctPort 1813</span><o:p></o:p></p>

<p><span style="font-family:"Courier New"">    <Host 127.0.0.1><br>

        Secret mysecret<br>

        # Other host specific parameters</span><o:p></o:p></p>

<p><span style="font-family:"Courier New"">        # $p is the request, $is_out is set for outgoing messages<br>

        # $fp is the request that's about to be forwarded<br>

        VsaTranslationHook sub { my ($p, $is_out, $fp) = @_; \<br>

          my $host = $fp->{ThisHost}; \<br>

          my $addr = @{$host->{Address}}[$host->{roundRobinCounter} % @{$host->{Address}}]; \<br>

<br>

          my $port = $fp->code eq 'Accounting-Request' \<br>

              ? $host->{AcctPort} : $host->{AuthPort}; \<br>

          my $ip = Radius::Util::inet_ntop($addr); \<br>

          main::log($main::LOG_INFO, "Forwarding to IP $ip port $port\n"); }<br>

    </Host><br>

</AuthBy></span><o:p></o:p></p>

<p>The Vendor Specific Attribute (VSA) translation parameters are documented here, except of the hook that needs to be documented:<br>

<a href="https://files.radiatorsoftware.com/radiator/ref/Clientxxxxxx.html#VsaTranslateIn_Client">https://files.radiatorsoftware.com/radiator/ref/Clientxxxxxx.html#VsaTranslateIn_Client</a><o:p></o:p></p>

<p>The round robin counter is explained below. Briefly, it's for the cases where Host is defined with a name that resolves to multiple IP addresses:<o:p></o:p></p>

<p><a href="https://files.radiatorsoftware.com/radiator/ref/AuthByRADIUS.html#Host">https://files.radiatorsoftware.com/radiator/ref/AuthByRADIUS.html#Host</a><o:p></o:p></p>

<p class="MsoNormal"><span style="font-size:12.0pt;mso-ligatures:none;mso-fareast-language:EN-GB"><br>

<br>

Thanks,<br>

Heikki <o:p></o:p></span></p>

<p>-- <br>

Heikki Vatiainen<br>

OSC, makers of Radiator<br>

Visit radiatorsoftware.com for Radiator AAA server software<o:p></o:p></p>

<p class="MsoNormal"><span style="font-size:12.0pt;mso-ligatures:none;mso-fareast-language:EN-GB"><br>

<br>

<o:p></o:p></span></p>

</div>

</body>

</html>