Why would I say that? Think logically. I have compiled the FreeRadius on two different machines with 100% diffrent hardware: - The first one was an Intel 1.8G with 512MB PC2100 DDR, 60 GB HDD. - The other one was an AMD Athlon XP 1400 with 256MB DDR, 40 GB HDD.
The only thing that was the same was the IP address. Both machines were tested with RedHat 7.3 nad also Redhat 8.0. Both were compiled with default settings, just the prefix was changed and the --enable-developer option was enabled. The source codes were not modified at all. Even when no clients were configured on the Radius server, the server exited with the "Segmentation Fault" error after about 20 seconds. Both servers were tested with the Memtest86 v3 bootable CDROM and passed all the tests. All the other parts passed the tests. So there was no hardware failure. By removing the access-lists , the Radius core dumps. Setting the ACLs again, evverything will be OK. My conclusion, malformed packets might be the source. I have dumped the packets as you will see bellow.(The IP addresses have been replaced by A.B.C.D AND X.Y.Z.T, the IP addresses of the 2 Radius servers) Any comments? Hamid *********************************************************************** *********************************************************************** 11:55:17.985515 202.144.109.225.1812 > X.Y.Z.T.1812: udp 41 (DF) (ttl 45, id 0)0x0000 4500 0045 0000 4000 2d11 6be4 ca90 6de1 [email protected]. 0x0010 d942 d00f 0714 0714 0031 c4ca 0000 0000 .B.......1...... 0x0020 3f5d 0000 9e5e ac76 2600 0000 d6c2 1a7e ?]...^.v&......~ 0x0030 1d00 0000 8a4e .....N 11:55:21.735519 202.180.12.246.2002 > A.B.C.D.2002: udp 41 (DF) (ttl 43, id 0)0x0000 4500 0045 0000 4000 2b11 ceaa cab4 0cf6 E..E..@.+....... 0x0010 d942 d010 07d2 07d2 0031 4dcd 0000 0000 .B.......1M..... 0x0020 197a 0000 4288 de94 2600 0000 525d 1c60 .z..B...&...R].` 0x0030 1d00 0000 1d3a .....: 11:55:34.034135 64.81.158.116.2002 > A.B.C.D.2002: udp 60 (DF) (ttl 48, id 0)0x0000 4500 0058 0000 4000 3011 c27c 4051 9e74 [email protected]..|@Q.t 0x0010 d942 d010 07d2 07d2 0044 ed31 0000 0000 .B.......D.1.... 0x0020 f63f 0000 7726 0351 2600 0000 6570 b416 .?..w&.Q&...ep.. 0x0030 3000 0000 a672 0....r 11:55:52.796245 64.79.89.214.1812 > A.B.C.D.1812: udp 41 (DF) (ttl 43, id 0) 0x0000 4500 0045 0000 4000 2b11 0c30 404f 59d6 E..E..@.+..0@OY. 0x0010 d942 d010 0714 0714 0031 b630 0000 0000 .B.......1.0.... 0x0020 9fad 0000 4dc3 a9f7 2600 0000 c04c 4758 ....M...&....LGX 0x0030 1d00 0000 83e0 ...... 11:56:03.966289 193.253.204.138.2002 > X.Y.Z.T.2002: udp 41 (DF) (ttl 54, id 0)0x0000 4500 0045 0000 4000 3611 0cce c1fd cc8a [email protected]....... 0x0010 d942 d00f 07d2 07d2 0031 eef8 0000 0000 .B.......1...... 0x0020 8b85 0000 5cbe 6c56 2600 0000 cb4b 3436 ....\.lV&....K46 0x0030 1d00 0000 9e3d .....= 11:56:27.945682 211.105.9.79.2002 > A.B.C.D.2002: udp 41 (DF) (ttl 43, id 0) 0x0000 4500 0045 0000 4000 2b11 c99c d369 094f E..E..@.+....i.O 0x0010 d942 d010 07d2 07d2 0031 9499 0000 0000 .B.......1...... 0x0020 21a9 0000 dd68 f7d9 2600 0000 e155 9374 !....h..&....U.t 0x0030 1d00 0000 bc30 .....0 11:56:29.271963 64.56.111.122.2002 > A.B.C.D.2002: udp 41 (DF) (ttl 48, id 0)0x0000 4500 0045 0000 4000 3011 f1a2 4038 6f7a [email protected]...@8oz 0x0010 d942 d010 07d2 07d2 0031 ee57 0000 0000 .B.......1.W.... 0x0020 8c56 0000 f216 b673 2600 0000 a0a7 9a25 .V.....s&......% 0x0030 1d00 0000 5833 ....X3 11:56:48.384312 194.228.223.250.1812 > X.Y.Z.T.1812: udp 60 (DF) (ttl 52, id 0)0x0000 4500 0058 0000 4000 3411 fa63 c2e4 dffa [email protected].... 0x0010 d942 d00f 0714 0714 0044 433c 0000 0000 .B.......DC<.... 0x0020 14a3 0000 5a15 07bb 2600 0000 8ed8 b221 ....Z...&......! 0x0030 3000 0000 d1c9 0..... 11:57:04.046624 66.160.120.244.80 > A.B.C.D.46837: . 33044:33044(0) ack 1345362432 win 0 urg 1 (ttl 16, id 29597)0x0000 4500 0028 739d 0000 1006 d24b 42a0 78f4 E..(s......KB.x. 0x0010 d942 d010 0050 b6f5 0000 8114 5030 9a00 .B...P......P0.. 0x0020 5030 0000 2841 0001 14ca 01e7 b8ea P0..(A........ 11:57:29.563410 202.81.254.98.2002 > X.Y.Z.T.2002: udp 41 (DF) (ttl 53, id 0)0x0000 4500 0045 0000 4000 3511 d3a1 ca51 fe62 [email protected] 0x0010 d942 d00f 07d2 07d2 0031 e7d0 0000 0000 .B.......1...... 0x0020 6fbe 0000 9a5d fbb2 2600 0000 09b5 d757 o....]..&......W 0x0030 1d00 0000 fdaf ...... 11:57:31.321740 211.156.230.1.1812 > X.Y.Z.T.1812: udp 41 (DF) (ttl 41, id 0)0x0000 4500 0045 0000 4000 2911 eeb7 d39c e601 E..E..@.)....... 0x0010 d942 d00f 0714 0714 0031 3b37 0000 0000 .B.......1;7.... 0x0020 86eb 0000 80d1 d26a 2600 0000 28f7 3333 .......j&...(.33 0x0030 1d00 0000 5ffe ...._. 11:57:54.144106 211.205.183.60.2002 > A.B.C.D.2002: udp 41 (DF) (ttl 44, id 0)0x0000 4500 0045 0000 4000 2c11 1a4b d3cd b73c E..E..@.,..K...< 0x0010 d942 d010 07d2 07d2 0031 fc8b 0000 0000 .B.......1...... 0x0020 4c59 0000 f6a9 c854 2600 0000 e52a bf4f LY.....T&....*.O 0x0030 1d00 0000 6017 ....`. 11:58:09.067805 211.184.245.100.1812 > A.B.C.D.1812: udp 60 (DF) (ttl 41, id 0)0x0000 4500 0058 0000 4000 2911 df24 d3b8 f564 E..X..@.)..$...d 0x0010 d942 d010 0714 0714 0044 5ab3 0000 0000 .B.......DZ..... 0x0020 7f81 0000 1dda 0640 2600 0000 e70b 7733 .......@&.....w3 0x0030 3000 0000 51ec 0...Q. 11:58:12.504223 211.101.155.140.1812 > A.B.C.D.1812: udp 41 (DF) (ttl 41, id 0)0x0000 4500 0045 0000 4000 2911 3963 d365 9b8c E..E..@.).9c.e.. 0x0010 d942 d010 0714 0714 0031 72ce 0000 0000 .B.......1r..... 0x0020 d04e 0000 1849 4e07 2600 0000 9314 f418 .N...IN.&....... 0x0030 1d00 0000 4f27 ....O' 11:58:19.971329 218.1.216.160.1812 > A.B.C.D.1812: udp 60 (DF) (ttl 45, id 0)0x0000 4500 0058 0000 4000 2d11 f19f da01 d8a0 [email protected]....... 0x0010 d942 d010 0714 0714 0044 ee4a 0000 0000 .B.......D.J.... 0x0020 c047 0000 a78d ff6f 2600 0000 bd22 b53c .G.....o&....".< 0x0030 3000 0000 d05d 0....] 11:58:21.400649 218.1.216.160.1812 > A.B.C.D.1812: udp 60 (DF) (ttl 45, id 0)0x0000 4500 0058 0000 4000 2d11 f19f da01 d8a0 [email protected]....... 0x0010 d942 d010 0714 0714 0044 657b 0000 0000 .B.......De{.... 0x0020 4370 0000 08ca 2703 2600 0000 ab47 7600 Cp....'.&....Gv. 0x0030 3000 0000 1f87 0..... 11:58:27.939253 210.121.144.51.2002 > X.Y.Z.T.2002: udp 41 (DF) (ttl 44, id 0)0x0000 4500 0045 0000 4000 2c11 42a9 d279 9033 E..E..@.,.B..y.3 0x0010 d942 d00f 07d2 07d2 0031 2143 0000 0000 .B.......1!C.... 0x0020 0e2b 0000 fe5a c44a 2600 0000 1f90 cf27 .+...Z.J&......' 0x0030 1d00 0000 c799 ...... 11:58:39.740137 80.105.188.233.1812 > X.Y.Z.T.1812: udp 41 (DF) (ttl 39, id 0)0x0000 4500 0045 0000 4000 2711 9d03 5069 bce9 E..E..@.'...Pi.. 0x0010 d942 d00f 0714 0714 0031 5533 0000 0000 .B.......1U3.... 0x0020 d0dd 0000 aaf8 3a93 2600 0000 60ba 257a ......:.&...`.%z 0x0030 1d00 0000 d4eb ...... 11:59:04.361383 200.36.139.199.1812 > A.B.C.D.1812: udp 41 (DF) (ttl 40, id 0)0x0000 4500 0045 0000 4000 2811 5569 c824 8bc7 E..E..@.(.Ui.$.. 0x0010 d942 d010 0714 0714 0031 85b2 0000 0000 .B.......1...... 0x0020 11b6 0000 a7d5 c69c 2600 0000 c396 d958 ........&......X 0x0030 1d00 0000 0b69 .....i 11:59:15.738560 61.220.200.201.2002 > X.Y.Z.T.2002: udp 41 (DF) (ttl 44, id 0)0x0000 4500 0045 0000 4000 2c11 9eb0 3ddc c8c9 E..E..@.,...=... 0x0010 d942 d00f 07d2 07d2 0031 19aa 0000 0000 .B.......1...... 0x0020 b292 0000 cf0f 5736 2600 0000 b53b f650 ......W6&....;.P 0x0030 1d00 0000 bfbe ...... 11:59:21.669046 210.95.121.60.2002 > A.B.C.D.2002: udp 41 (DF) (ttl 41, id 0)0x0000 4500 0045 0000 4000 2911 5cb9 d25f 793c E..E..@.).\.._y< 0x0010 d942 d010 07d2 07d2 0031 5e43 0000 0000 .B.......1^C.... 0x0020 96e0 0000 1720 8595 2600 0000 107a 821a ........&....z.. 0x0030 1d00 0000 a0d8 ...... 11:59:49.474072 61.151.251.231.2002 > X.Y.Z.T.2002: udp 60 (DF) (ttl 45, id 0)0x0000 4500 0058 0000 4000 2d11 6ac4 3d97 fbe7 [email protected].=... 0x0010 d942 d00f 07d2 07d2 0044 2193 0000 0000 .B.......D!..... 0x0020 c8c4 0000 f7e5 f377 2600 0000 df69 8c1a .......w&....i.. 0x0030 3000 0000 0485 0..... 11:59:53.504185 217.206.204.121.4156 > X.Y.Z.T.4156: udp 41 (DF) (ttl 48, id 0)0x0000 4500 0045 0000 4000 3011 fb0d d9ce cc79 [email protected] 0x0010 d942 d00f 103c 103c 0031 fd73 0000 0000 .B...<.<.1.s.... 0x0020 d030 0000 a783 ea81 2600 0000 4eaf 910d .0......&...N... 0x0030 1d00 0000 4ddc ....M. 11:59:54.143429 217.98.189.152.1812 > A.B.C.D.1812: udp 41 (DF) (ttl 43, id 0)0x0000 4500 0045 0000 4000 2b11 0f5a d962 bd98 E..E..@.+..Z.b.. 0x0010 d942 d010 0714 0714 0031 81b2 0000 0000 .B.......1...... 0x0020 8a23 0000 9df0 9172 2600 0000 2f8e ed57 .#.....r&.../..W 0x0030 1d00 0000 6666 ....ff 12:01:03.883530 66.160.120.244.80 > A.B.C.D.46837: . 0:0(0) ack 1 win 0 urg 1 (ttl 16, id 29598)0x0000 4500 0028 739e 0000 1006 d24a 42a0 78f4 E..(s......JB.x. 0x0010 d942 d010 0050 b6f5 0000 8114 5030 9a00 .B...P......P0.. 0x0020 5030 0000 2841 0001 1590 dd26 9841 P0..(A.....&.A 12:01:06.811290 211.144.1.232.2002 > A.B.C.D.2002: udp 41 (DF) (ttl 45, id 0)0x0000 4500 0045 0000 4000 2d11 cedc d390 01e8 [email protected]....... 0x0010 d942 d010 07d2 07d2 0031 689f 0000 0000 .B.......1h..... 0x0020 0585 0000 16a9 f1d3 2600 0000 d083 143a ........&......: 0x0030 1d00 0000 e36f .....o 12:01:11.497898 217.40.23.49.2002 > X.Y.Z.T.2002: udp 41 (DF) (ttl 44, id 0) 0x0000 4500 0045 0000 4000 2c11 b4fc d928 1731 E..E..@.,....(.1 0x0010 d942 d00f 07d2 07d2 0031 0f1e 0000 0000 .B.......1...... 0x0020 2ab0 0000 a456 a2c7 2600 0000 7d30 384e *....V..&...}08N 0x0030 1d00 0000 bd9d ...... 12:01:46.752630 210.82.66.57.2002 > A.B.C.D.2002: udp 41 (DF) (ttl 43, id 0) 0x0000 4500 0045 0000 4000 2b11 91c9 d252 4239 E..E..@.+....RB9 0x0010 d942 d010 07d2 07d2 0031 f211 0000 0000 .B.......1...... 0x0020 e9a6 0000 373e 08b9 2600 0000 fe2b 496e ....7>..&....+In 0x0030 1d00 0000 2589 ....%. 12:02:04.268232 209.133.187.3.2002 > X.Y.Z.T.2002: udp 41 (DF) (ttl 45, id 0)0x0000 4500 0045 0000 4000 2d11 17cd d185 bb03 [email protected]....... 0x0010 d942 d00f 07d2 07d2 0031 c224 0000 0000 .B.......1.$.... 0x0020 79e7 0000 b92a 3ebd 2600 0000 e785 1b5c y....*>.&......\ 0x0030 1d00 0000 d826 .....& 12:02:05.456049 80.105.188.233.1812 > X.Y.Z.T.1812: udp 41 (DF) (ttl 39, id 0)0x0000 4500 0045 0000 4000 2711 9d03 5069 bce9 E..E..@.'...Pi.. 0x0010 d942 d00f 0714 0714 0031 2b75 0000 0000 .B.......1+u.... 0x0020 6aab 0000 4a72 c4d7 2600 0000 c234 664c j...Jr..&....4fL 0x0030 1d00 0000 aaa1 ...... 12:02:15.937699 65.42.213.236.2002 > A.B.C.D.2002: udp 41 (DF) (ttl 53, id 0)0x0000 4500 0045 0000 4000 3511 853e 412a d5ec [email protected]..>A*.. 0x0010 d942 d010 07d2 07d2 0031 5f22 0000 0000 .B.......1_".... 0x0020 5bef 0000 2198 aec3 2600 0000 6e15 9024 [...!...&...n..$ 0x0030 1d00 0000 b663 .....c 12:02:20.563290 61.11.73.194.1812 > A.B.C.D.1812: udp 41 (DF) (ttl 46, id 0) 0x0000 4500 0045 0000 4000 2e11 1c88 3d0b 49c2 E..E..@.....=.I. 0x0010 d942 d010 0714 0714 0031 84eb 0000 0000 .B.......1...... 0x0020 ce97 0000 1b3d 211b 2600 0000 5d1f d351 .....=!.&...]..Q 0x0030 1d00 0000 6afb ....j. 12:02:35.587501 66.156.111.239.2002 > A.B.C.D.2002: udp 41 (DF) (ttl 44, id 0)0x0000 4500 0045 0000 4000 2c11 f2c9 429c 6fef E..E..@.,...B.o. 0x0010 d942 d010 07d2 07d2 0031 6e98 0000 0000 .B.......1n..... 0x0020 a1df 0000 d348 5228 2600 0000 94ef b51e .....HR(&....... 0x0030 1d00 0000 3c25 ....<% 12:02:36.860199 210.51.192.58.1812 > A.B.C.D.1812: udp 41 (DF) (ttl 44, id 0)0x0000 4500 0045 0000 4000 2c11 12e7 d233 c03a E..E..@.,....3.: 0x0010 d942 d010 0714 0714 0031 da67 0000 0000 .B.......1.g.... 0x0020 0c1d 0000 15c4 c576 2600 0000 2fe8 dd59 .......v&.../..Y 0x0030 1d00 0000 5ea5 ....^. 12:02:45.215162 133.65.148.77.2002 > A.B.C.D.2002: udp 41 (DF) (ttl 41, id 0)0x0000 4500 0045 0000 4000 2911 8ec6 8541 944d E..E..@.)....A.M 0x0010 d942 d010 07d2 07d2 0031 9857 0000 0000 .B.......1.W.... 0x0020 c9d3 0000 843e 1070 2600 0000 9227 5505 .....>.p&....'U. 0x0030 1d00 0000 9fb6 ...... 12:03:14.362282 61.129.81.4.1812 > A.B.C.D.1812: udp 41 (DF) (ttl 49, id 0) 0x0000 4500 0045 0000 4000 3111 11d0 3d81 5104 [email protected]...=.Q. 0x0010 d942 d010 0714 0714 0031 d51f 0000 0000 .B.......1...... 0x0020 5caf 0000 b4a1 2fca 2600 0000 5526 2c50 \...../.&...U&,P 0x0030 1d00 0000 df97 ...... 12:03:21.926880 24.214.208.195.2002 > X.Y.Z.T.2002: udp 41 (DF) (ttl 48, id 0)0x0000 4500 0045 0000 4000 3011 b7bc 18d6 d0c3 [email protected]....... 0x0010 d942 d00f 07d2 07d2 0031 e156 0000 0000 .B.......1.V.... 0x0020 f150 0000 cd57 ae4d 2600 0000 2291 fe06 .P...W.M&..."... 0x0030 1d00 0000 55eb ....U. 12:03:59.343356 203.82.66.83.2002 > A.B.C.D.2002: udp 41 (DF) (ttl 46, id 0) 0x0000 4500 0045 0000 4000 2e11 95af cb52 4253 [email protected] 0x0010 d942 d010 07d2 07d2 0031 9645 0000 0000 .B.......1.E.... 0x0020 fe54 0000 073d 9b6c 2600 0000 155e 904c .T...=.l&....^.L 0x0030 1d00 0000 0d6f .....o 12:04:04.988665 63.101.131.26.2002 > A.B.C.D.2002: udp 41 (DF) (ttl 51, id 0)0x0000 4500 0045 0000 4000 3311 dbd5 3f65 831a [email protected]...?e.. 0x0010 d942 d010 07d2 07d2 0031 b40d 0000 0000 .B.......1...... 0x0020 6b0c 0000 d44c fbba 2600 0000 1921 7d09 k....L..&....!}. 0x0030 1d00 0000 7b3c ....{< 12:04:10.236056 211.202.12.221.2002 > A.B.C.D.2002: udp 41 (DF) (ttl 46, id 0)0x0000 4500 0045 0000 4000 2e11 c2ad d3ca 0cdd E..E..@......... 0x0010 d942 d010 07d2 07d2 0031 41ea 0000 0000 .B.......1A..... 0x0020 a0e1 0000 7187 b27b 2600 0000 8e7c d644 ....q..{&....|.D 0x0030 1d00 0000 77ec ....w. 12:04:14.086416 200.30.105.124.1812 > A.B.C.D.1812: udp 41 (DF) (ttl 42, id 0)0x0000 4500 0045 0000 4000 2a11 75ba c81e 697c E..E..@.*.u...i| 0x0010 d942 d010 0714 0714 0031 0015 0000 0000 .B.......1...... 0x0020 375f 0000 9750 7f10 2600 0000 25f8 a449 7_...P..&...%..I 0x0030 1d00 0000 bac7 ...... 898533 packets received by filter 0 packets dropped by kernel > "Hamid Ali Asgari" <[EMAIL PROTECTED]> wrote: >> This seems to be a security hole. > > Why would you say that? > >> I have changed the IP address of the radius server, and the problemn >> got resolved, both machines which ere having problems are now >> working fine!!! > > So, do you have sample packets which cause the server to crash? > >> I have applied access-list and denied any IP traffic other than my >> radius clients > > Which is always a good idea, by the way. > >> and now its working fine. It dowsn't have to do anything with RAM >> !!! The developers should take a look at this. > > At what? You've reported a problem, but we have no way of verifying > the problem is what you claim. We have no way of reproducing the > problem. > > So there's little to nothing that we can do to fix it. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
