So does the detail reader read the packet, find that its invalid and then retry the same packet?
-Arran On Mar 6, 2011, at 2:37 PM, Alexander Clouter wrote: > Hi, > > For those out there using decoupled accounting, especially in an > 'eduroam' environment, might find the following helpful. > > I receive a lot of random rubbish from the various NAS's deployed > internationally send to my FreeRADIUS installation. Such moments of fun > are accounting stop packets with a zero session length > (CISCO_ACCOUNTING_HACK) resulting in a DoS when received in the > decoupled accounting case...plus the other usual hings that trigger > corner cases my custom (bad?) SQL statements do not catch when logging > this information to our database. > > The unfortunate outcome means after a bad accounting packet, the > mountpoint I use for recording my journal fills up until FreeRADIUS > hangs with no warning (meanwhile FreeRADIUS works fine so it is not > something trivially monitored by NAGIOS or such). > > The solution I slapped together is a quick minutely run script by cron > that notifies me by email when a problem occurs. > > My preference is to place my detail journal files on a separate tmpfs > mountpoint (as I use low powered ARM boxes, OpenRD's if you are curious, > that only have a NAND): > ---- > tmpfs /var/log/freeradius/radacct/journal tmpfs > nosuid,nodev,noexec,size=32M,mode=700,uid=freerad,gid=freerad 0 0 > ---- > > Then the following script is used. > ---- > #!/bin/sh > > MOUNT=/var/log/freeradius/radacct/journal > TRIGGER=1024 > RCPT="[email protected] [email protected]" > MESSAGE="FreeRADIUS is on the road to implosion...yer might want to look into > it. > > Cheers" > > SELF=$(basename $0) > > if [ -e "/var/lock/$SELF" ]; then > if [ $(df "$MOUNT" | tail -n1 | awk '{ print $3 }') -lt $(($TRIGGER/2)) > ]; then > rm "/var/lock/$SELF" > else > exit 1 > fi > fi > > [ $(df "$MOUNT" | tail -n1 | awk '{ print $3 }') -lt $TRIGGER ] && exit 0 > > DATE=$(date -R) > TO=$(echo $RCPT | sed 's/ /, /g') > > cat <<EOF | /usr/sbin/sendmail -i $RCPT > To: $TO > Date: $DATE > Subject: $MOUNT exceeds ${TRIGGER}kB > > $MESSAGE > EOF > > [ $? -eq 0 ] && touch "/var/lock/$SELF" > > exit 1 > ---- > > That's it. The above script will email you only a single time when more > that 1024kB of journal is sitting around waiting to be processed and > will re-enable notifications once it drops to half the trigger mark > (512kB). > > Cheers > > -- > Alexander Clouter > .sigmonster says: T-shirt: > Life is *not* a Cabaret, and stop calling me chum! > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
