On 26.6.2024 14.09, Stefan Paetow via radiator wrote:
I am trying to fix a looping problem between two hosts that does not
rely on attributes being added to packets.
I know I can retrieve the client address from the request as
Radius::Util::inet_ntop($request->{RecvFromAddress}), but I'd like to
do the same for the destination host that's been selected to proxy the
request to. Which handler/hook would be the best to do this in?
PreHandlerHook in the destination AuthBy? And… how do I get the IP
address of the destination host (or the selected host if there are
multiple)?
That's an interesting question. Many of the hooks run well before the
next hop details (IP + port) are resolved, but I think I found a solution.
Or is this not possible?
It's possible. There's one hook that runs just before the request is
forwarded. I came up with the following idea. Note that you'd need to
have a <Host ...> clause because that's where the hook goes into. It
should also work with the other proxy AuthBys, such as AuthBy HASHBALANCE.
Here's a config snippet and the hook:
<AuthBy RADIUS>
VsaVendor Generic
VsaTranslateOut
AuthPort 1812
AcctPort 1813
<Host 127.0.0.1>
Secret mysecret
# Other host specific parameters
# $p is the request, $is_out is set for outgoing messages
# $fp is the request that's about to be forwarded
VsaTranslationHook sub { my ($p, $is_out, $fp) = @_; \
my $host = $fp->{ThisHost}; \
my $addr = @{$host->{Address}}[$host->{roundRobinCounter} %
@{$host->{Address}}]; \
my $port = $fp->code eq 'Accounting-Request' \
? $host->{AcctPort} : $host->{AuthPort}; \
my $ip = Radius::Util::inet_ntop($addr); \
main::log($main::LOG_INFO, "Forwarding to IP $ip port
$port\n"); }
</Host>
</AuthBy>
The Vendor Specific Attribute (VSA) translation parameters are
documented here, except of the hook that needs to be documented:
https://files.radiatorsoftware.com/radiator/ref/Clientxxxxxx.html#VsaTranslateIn_Client
The round robin counter is explained below. Briefly, it's for the cases
where Host is defined with a name that resolves to multiple IP addresses:
https://files.radiatorsoftware.com/radiator/ref/AuthByRADIUS.html#Host
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
