Data-Filter BUG

Michael Chernyakhovsky Tue, 28 Aug 2001 03:03:33 -0700
Bug in Data-Filter found.

I have follow user in users file.

user1 Password=="test"
  Service-Type = Framed-User,
  Framed-IP-Netmask=255.255.255.255,
  Framed-MTU = 576,
  Framed-Protocol = PPP,
  Framed-Compression = Van-Jacobson-TCP-IP,
  Ascend-Data-Filter = "ip in forward dstip 1.2.3.4/32 tcp  dstport = 80",
  Ascend-Data-Filter = "ip in forward dstip 5.6.7.8/32 tcp  dstport = 80",
  Ascend-Data-Filter = "ip in forward dstip 9.10.11.12/32 tcp  dstport = 80",
  Ascend-Data-Filter = "ip in forward dstip 13.14.15.16/32 tcp dstport = 80",
  Ascend-Data-Filter = "ip in drop",
  Ascend-Data-Filter = "ip out forward"

When I try to authenticate this user via radclient

radclient  radserver auth testing123  < user1.authpak
Received response ID 236, code 2, length = 290
        Service-Type = Framed-User
        Framed-IP-Netmask = 255.255.255.255
        Framed-MTU = 576
        Framed-Protocol = PPP
        Framed-Compression = Van-Jacobson-TCP-IP
        Ascend-Data-Filter = "ip input forward tcp dstip 1.2.3.4/32 dstport = 80"
        Ascend-Data-Filter = "ip input forward tcp dstip 5.6.7.8/32 dstport = 80"
        Ascend-Data-Filter = "ip input forward tcp dstip 9.10.11.12/32 dstport = 80"
---->   Ascend-Data-Filter = "ip input forward tcp dstip 0.0.15.16/32 dstport = 80"
        Ascend-Data-Filter = "ip input drop 0"
        Ascend-Data-Filter = "ip output forward 0"

We got 0.0.15.16/32!!!
In time we have config with 13.14.15.16/32...

Well, let's try to move this line at top of filters lines.

  Ascend-Data-Filter = "ip in forward dstip 13.14.15.16/32 tcp dstport = 80",
  Ascend-Data-Filter = "ip in forward dstip 1.2.3.4/32 tcp  dstport = 80",
  Ascend-Data-Filter = "ip in forward dstip 5.6.7.8/32 tcp  dstport = 80",
  Ascend-Data-Filter = "ip in forward dstip 9.10.11.12/32 tcp  dstport = 80",
  Ascend-Data-Filter = "ip in drop",
  Ascend-Data-Filter = "ip out forward"

Now we got follow responce :
           Ascend-Data-Filter = "ip input forward tcp dstip 13.14.15.16/32 dstport = 
80"
           Ascend-Data-Filter = "ip input forward tcp dstip 1.2.3.4/32 dstport = 80"
           Ascend-Data-Filter = "ip input forward tcp dstip 5.6.7.8/32 dstport = 80"
           Ascend-Data-Filter = "ip input forward tcp dstip 0.0.11.12/32 dstport = 80"
           Ascend-Data-Filter = "ip input drop 0"
           Ascend-Data-Filter = "ip output forward 0"

Now we got 0.0.11.12/32 for last filter-line where ip specified.

Something wrong in radiusd/src/lib/filters.c ?

Mike



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Data-Filter BUG

Reply via email to
