Hi Rainer, As stated in the changelog for 3.6, Radiator no longer indexes on UDP port. This is illustrated by the following code from Client.pm :
# its not a dup, save the id for later dup checking $self->{RecentIdentifiers}->{$p->{RecvFromAddress}}->{$code . $p->identifier} = $p->{RecvTime}; Seems like the comment block was not changed to reflect this new, not RFC compliant, duplicate checking. wkr Arjan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugh Irvine Sent: Tuesday, September 30, 2003 12:36 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) radiators duplicate detection (ClientIP+Identifier+?SourcePort?) Hello Rainer - Here is the comment block from "Radius/Client.pm": # In order to detect duplicate arrivals, we keep an array # of arrivals ($self->{RecentIdentifiers})indexed by # the IP address of the host that sent the request, # the UDP port number (some hosts like Lucent TNT have multiple ID space # on different port numbers), the Radius packet identifier (8 bits), # concatenated with the packet type code. # (The packet code is used because some NASs use different packet # sequences for different request types) # The value stored in each element of the array is the time # we last received a packet with that identifier from this client. # If the time interval is less than DupInterval, the packet is assumed to be # duplicate, and is ignored Does this answer your question? regards Hugh On Tuesday, Sep 30, 2003, at 07:16 Australia/Melbourne, Rainer Huber wrote: > Hi! > > I've seen that radiator detects duplicate records depending only on > the identifier and the client IP: > > "If more than 1 Radius request from this Client with the same Radius > Identifier are received within DupInterval seconds, the 2nd and > subsequent are ignored." > > Shouldn't be the Identifier, the ClientIP and the SourcePort the keys > for > duplicates? > > The RFC 2865 says: > > "Identifier: The Identifier field is one octet, and aids in matching > requests and replies. The RADIUS server can detect a duplicate request > if it has the same client source IP address and source UDP port and > Identifier > within a short span of time." > > > Is it a mistake in the refmanual? > > Regards, > Rainer > > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > > NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. ________________________________________________________________________ ______________ This inbound message to KPN has been checked for all known viruses by KPN MailScan (IV-Scan), powered by MessageLabs. For further information visit: http://www.veiliginternet.nl ________________________________________________________________________ ______________ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.