Hi Heikki, Thank you for this! I'll have a look and implement something, and then let you know if it works 😊
With kind regards Stefan Paetow Federated Roaming Technical Specialist eduroam(UK), Jisc email/teams: [email protected] gpg: 0x3FCE5142 For eduroam support, please contact the eduroam team via [email protected] and mark it for eduroam’s attention. On Wednesdays and Fridays, I am not available between 12:00 and 15:00 London time (UTC in winter, UTC+0100 in summer). jisc.ac.uk Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, BS1 6NB Tel: 020 3697 5800. From: radiator <[email protected]> on behalf of Heikki Vatiainen via radiator <[email protected]> Reply to: Heikki Vatiainen <[email protected]> Date: Friday 28 June 2024 at 09:33 To: "[email protected]" <[email protected]> Subject: Re: [RADIATOR] Which hook and how to get destination host On 26.6.2024 14.09, Stefan Paetow via radiator wrote: I am trying to fix a looping problem between two hosts that does not rely on attributes being added to packets. I know I can retrieve the client address from the request as Radius::Util::inet_ntop($request->{RecvFromAddress}), but I'd like to do the same for the destination host that's been selected to proxy the request to. Which handler/hook would be the best to do this in? PreHandlerHook in the destination AuthBy? And… how do I get the IP address of the destination host (or the selected host if there are multiple)? That's an interesting question. Many of the hooks run well before the next hop details (IP + port) are resolved, but I think I found a solution. Or is this not possible? It's possible. There's one hook that runs just before the request is forwarded. I came up with the following idea. Note that you'd need to have a <Host ...> clause because that's where the hook goes into. It should also work with the other proxy AuthBys, such as AuthBy HASHBALANCE. Here's a config snippet and the hook: <AuthBy RADIUS> VsaVendor Generic VsaTranslateOut AuthPort 1812 AcctPort 1813 <Host 127.0.0.1> Secret mysecret # Other host specific parameters # $p is the request, $is_out is set for outgoing messages # $fp is the request that's about to be forwarded VsaTranslationHook sub { my ($p, $is_out, $fp) = @_; \ my $host = $fp->{ThisHost}; \ my $addr = @{$host->{Address}}[$host->{roundRobinCounter} % @{$host->{Address}}]; \ my $port = $fp->code eq 'Accounting-Request' \ ? $host->{AcctPort} : $host->{AuthPort}; \ my $ip = Radius::Util::inet_ntop($addr); \ main::log($main::LOG_INFO, "Forwarding to IP $ip port $port\n"); } </Host> </AuthBy> The Vendor Specific Attribute (VSA) translation parameters are documented here, except of the hook that needs to be documented: https://files.radiatorsoftware.com/radiator/ref/Clientxxxxxx.html#VsaTranslateIn_Client The round robin counter is explained below. Briefly, it's for the cases where Host is defined with a name that resolves to multiple IP addresses: https://files.radiatorsoftware.com/radiator/ref/AuthByRADIUS.html#Host Thanks, Heikki -- Heikki Vatiainen OSC, makers of Radiator Visit radiatorsoftware.com for Radiator AAA server software
_______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
