hey,
We've just hit a strange issue and wondering if we are to blame or is
unpackRadiusAttrs in Radius.pm really eating useful data in vendor-specific
VSAs. We are sending Cisco DHCP circuit ID in ADSL-Agent-Circuit-Id (3561.1,
described in dictionary as string). This is unpacked in preauth hook like this:
unpack("CCCCCC", $cid) and then used in SQL queries and there doesn't seem to
be any problems with this. Until today :)
Specific example:
Sending 000405DC010A in CID works but sending 000405DC000A is turned into
000405DC0A (5th octet 00 missing). Unfortunately last 2 octets contain the most
useful data, 00 being the card number and 0a the port.
I added some debugging into Radius.pm method unpackRadiusAttrs into the "else {
# Other vendor-specific" part around "$value =~ s/\0+$//" like this:
&main::log($main::LOG_WARNING, "pre strip: " . join(' ', map {sprintf "%02x",
$_} unpack('C16', $value)), $self);
$value =~ s/\0+$// if $atype eq 'string';
&main::log($main::LOG_WARNING, "post strip: " . join(' ', map {sprintf "%02x",
$_} unpack('C16', $value)), $self);
and when sending request, following is logged:
Mon Aug 16 16:09:46 2010: WARNING: pre strip: 00 04 05 dc 00 0a
Mon Aug 16 16:09:46 2010: WARNING: post strip: 00 04 05 dc 0a
This doesn't look something that should be happening, I've also verified the
"fix" by uncommenting the line and everything magically works. Anyone has idea
or explanation why is this happening?
Radiator version is 4.7 (this happened with old versions aswell and there
hasn't been any code change regarding this). I've also attached a radiator
tracelevel 5 packet dump and wireshark radius package dump. Just to make sure,
this part of the code is ran before any user hooks so I don't think we have a
way to screw things up ourselves (later we actually do rewrite the attributes
into more useful format and throw away the trash).
--
tarko
----
radiator debug:
----
Packet length = 109
01 b8 00 6d e0 ea fc 07 bd df 8f 7a c8 36 ef a2
ae 67 95 ce 20 0b 74 61 72 6b 6f 74 65 73 74 01
13 31 31 3a 32 32 3a 33 33 3a 34 34 3a 35 35 3a
36 36 02 08 72 61 64 69 75 73 04 06 c2 7e 73 23
1a 0e 00 00 0d e9 01 08 00 04 05 dc 00 0a 1a 10
00 00 0d e9 02 0a 00 06 00 0e 83 41 c9 c0 57 09
31 2f 31 2f 31 3a 31 3d 06 00 00 00 0f
----
wireshark:
----
Radius Protocol
Code: Access-Request (1)
Packet identifier: 0x31 (49)
Length: 109
Authenticator: CB1E4DDC4286668CD2773682A6D96293
[The response to this request is in frame 2]
Attribute Value Pairs
AVP: l=11 t=NAS-Identifier(32): tarkotest
NAS-Identifier: tarkotest
AVP: l=19 t=User-Name(1): 11:22:33:44:55:66
User-Name: 11:22:33:44:55:66
AVP: l=8 t=User-Password(2): Encrypted
User-Password: radius
AVP: l=6 t=NAS-IP-Address(4): 194.126.115.35
NAS-IP-Address: 194.126.115.35 (194.126.115.35)
AVP: l=14 t=Vendor-Specific(26) v=ADSL Forum(3561)
VSA: l=8 t=Unknown-Attribute(1): 000405DC000A
Unknown-Attribute: 000405DC000A
AVP: l=16 t=Vendor-Specific(26) v=ADSL Forum(3561)
VSA: l=10 t=Unknown-Attribute(2): 0006000E8341C9C0
Unknown-Attribute: 0006000E8341C9C0
AVP: l=9 t=NAS-Port-Id(87): 1/1/1:1
NAS-Port-Id: 1/1/1:1
AVP: l=6 t=NAS-Port-Type(61): Ethernet(15)
NAS-Port-Type: Ethernet (15)
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
