<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;
panose-1:2 11 0 4 2 2 2 2 2 4;}
@font-face
{font-family:"Times New Roman \(Body CS\)";
panose-1:2 11 6 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-GB" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">Hi Heikki,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">Thank you for this! I'll have a look and implement something, and then let you know if it works
</span><span style="font-family:"Apple Color Emoji"">😊</span><span style="font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">With kind regards<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<div>
<div>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB">Stefan Paetow</span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB">Federated Roaming Technical Specialist</span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB">eduroam(UK), Jisc</span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"> </span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB">email/teams: stefan.paetow@jisc.ac.uk</span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB">gpg: 0x3FCE5142</span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"> </span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB">For eduroam support, please contact the eduroam team via help@jisc.ac.uk and mark it for eduroam’s attention.</span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB">On Wednesdays and Fridays, I am not available between 12:00 and 15:00 London time (UTC in winter, UTC+0100 in summer).
</span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"> </span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB">jisc.ac.uk</span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"> </span><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB">Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339,
VAT No. GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, BS1 6NB Tel: 020 3697 5800.<o:p></o:p></span></p>
</div>
</div>
</div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif;color:black">From:
</span></b><span style="font-family:"Calibri",sans-serif;color:black">radiator <radiator-bounces@lists.open.com.au> on behalf of Heikki Vatiainen via radiator <radiator@lists.open.com.au><br>
<b>Reply to: </b>Heikki Vatiainen <hvn@open.com.au><br>
<b>Date: </b>Friday 28 June 2024 at 09:33<br>
<b>To: </b>"radiator@lists.open.com.au" <radiator@lists.open.com.au><br>
<b>Subject: </b>Re: [RADIATOR] Which hook and how to get destination host</span><span style="font-size:12.0pt;font-family:"Calibri",sans-serif;color:black;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p>On 26.6.2024 14.09, Stefan Paetow via radiator wrote:<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">I am trying to fix a looping problem between two hosts that does not rely on attributes being added to packets.
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">I know I can retrieve the client address from the request as Radius::Util::inet_ntop($request->{RecvFromAddress}), but I'd like to do the same for the destination host that's been selected
to proxy the request to. Which handler/hook would be the best to do this in? PreHandlerHook in the destination AuthBy? And… how do I get the IP address of the destination host (or the selected host if there are multiple)?</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p> </o:p></span></p>
<p>That's an interesting question. Many of the hooks run well before the next hop details (IP + port) are resolved, but I think I found a solution.<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;mso-ligatures:none;mso-fareast-language:EN-GB"><br>
<br>
<o:p></o:p></span></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif">Or is this not possible?</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;mso-ligatures:none;mso-fareast-language:EN-GB"><o:p> </o:p></span></p>
<p>It's possible. There's one hook that runs just before the request is forwarded. I came up with the following idea. Note that you'd need to have a <Host ...> clause because that's where the hook goes into. It should also work with the other proxy AuthBys,
such as AuthBy HASHBALANCE.<o:p></o:p></p>
<p>Here's a config snippet and the hook:<o:p></o:p></p>
<p><span style="font-family:"Courier New""><AuthBy RADIUS><br>
VsaVendor Generic<br>
VsaTranslateOut<br>
AuthPort 1812<br>
AcctPort 1813</span><o:p></o:p></p>
<p><span style="font-family:"Courier New""> <Host 127.0.0.1><br>
Secret mysecret<br>
# Other host specific parameters</span><o:p></o:p></p>
<p><span style="font-family:"Courier New""> # $p is the request, $is_out is set for outgoing messages<br>
# $fp is the request that's about to be forwarded<br>
VsaTranslationHook sub { my ($p, $is_out, $fp) = @_; \<br>
my $host = $fp->{ThisHost}; \<br>
my $addr = @{$host->{Address}}[$host->{roundRobinCounter} % @{$host->{Address}}]; \<br>
<br>
my $port = $fp->code eq 'Accounting-Request' \<br>
? $host->{AcctPort} : $host->{AuthPort}; \<br>
my $ip = Radius::Util::inet_ntop($addr); \<br>
main::log($main::LOG_INFO, "Forwarding to IP $ip port $port\n"); }<br>
</Host><br>
</AuthBy></span><o:p></o:p></p>
<p>The Vendor Specific Attribute (VSA) translation parameters are documented here, except of the hook that needs to be documented:<br>
<a href="https://files.radiatorsoftware.com/radiator/ref/Clientxxxxxx.html#VsaTranslateIn_Client">https://files.radiatorsoftware.com/radiator/ref/Clientxxxxxx.html#VsaTranslateIn_Client</a><o:p></o:p></p>
<p>The round robin counter is explained below. Briefly, it's for the cases where Host is defined with a name that resolves to multiple IP addresses:<o:p></o:p></p>
<p><a href="https://files.radiatorsoftware.com/radiator/ref/AuthByRADIUS.html#Host">https://files.radiatorsoftware.com/radiator/ref/AuthByRADIUS.html#Host</a><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;mso-ligatures:none;mso-fareast-language:EN-GB"><br>
<br>
Thanks,<br>
Heikki <o:p></o:p></span></p>
<p>-- <br>
Heikki Vatiainen<br>
OSC, makers of Radiator<br>
Visit radiatorsoftware.com for Radiator AAA server software<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;mso-ligatures:none;mso-fareast-language:EN-GB"><br>
<br>
<o:p></o:p></span></p>
</div>
</body>
</html>