Brian Candler wrote: > The reason: vendors have bugs in their accounting implementations, and we > want to be able to show them the original raw packets to prove it's not our > accounting collectors which are mis-interpreting the data.
My $0.02 is that you should name && shame the vendors. This has worked well in the past. > The problem with tcpdump is being able to find quickly the packets of > interest (e.g. given a username, or given a FreeRadius > Acct-Unique-Session-Id which is an MD5 across multiple attributes). So I > want to extract the attributes of interest and index them alongside the raw > data, or offsets into the raw data. You can log the packet src/dst ip/port, and the timestamp. That should be good enough to quickly find it in a PCAP file. The problem with dumping raw packets is that you can't. You'll have to convert them to hex, which doubles the size. It's possible, and probably only ~200 lines of code. But I don't really see much benefit for the wider audience. I'd suggest writing a module which does nothing more than register a "paw_packet" xlat callback. That way it will be easy to integrate into any new release of the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
