PPP Radius plugin binding address
Hi,
My problem with the radius.so plugin is that the binding IP address is
not used at all, even in the radiusclient-ng has this parameter: bindaddr.
I've created a small patch for radius plugin which enables this function
to set a fixed IP for each radius packet is send to the radius server.
In my case I got multiple up-links for redundancy and the radius plugin
sends the packet with the IP from interface IP.
For example if I have eth0 with 172.16.0.1/24 and eth1 with
172.20.1.2/24 if something happen with the link on eth0 the OSPF moves
the routes to the eth1. So the plugin will send all the packets with IP
172.20.1.2/24 and if you forget to add in the Radius Server all packets
will be rejected.
So if you have an IP on loopback for example 10.10.20.1/32 with this
patch you can specify bindaddr 10.10.20.1 and all packets will be send
with this IP and in the Radius Server you must set only the IP
10.10.20.1 and not the 172.16.0.1 and 172.20.1.2.
Here is the link on my webserver
http://linux.mantech.ro/ppp-patch/ppp-2.4.5-radius-bindaddress.diff and
also I've attached the patch to email
Best regards,
Adrian
--
Adrian Ban
IP/MPLS Engineer
mobil: +40788388190
web: www.abtelecom.ro http://www.abtelecom.ro/
This patch fix 2 problems with radius.so:
1. bindaddr from /etc/radiusclient/radiusclient.conf is read and the radius.so
doesn't exit with error
2. bindaddr is used to send the radius packet to the server using a specific IP
address in system
This is very common for setups that the router has multiple interfaces for
upstreams and you don't know
which connection is active. In this case sometimes packet uses the IP of
interface 1 and sometimes uses
the IP of interface 2.
With this patch (adapted form radiusclient-ng) you can specify the IP of
loopback address and the plugin
will bind to that IP and send the packet with a fix IP everytime.
Author: Adrian Ban (adrian@mantech.ro)
diff -Naur ppp-2.4.5/pppd/plugins/radius/ip_util.c
ppp-2.4.5-bindaddress/pppd/plugins/radius/ip_util.c
--- ppp-2.4.5/pppd/plugins/radius/ip_util.c 2009-11-17 00:26:07.0
+0200
+++ ppp-2.4.5-bindaddress/pppd/plugins/radius/ip_util.c 2013-04-03
20:35:29.711878448 +0300
@@ -122,6 +122,7 @@
*
*/
+
UINT4 rc_own_ipaddress(void)
{
static UINT4 this_host_ipaddr = 0;
@@ -135,3 +136,35 @@
return this_host_ipaddr;
}
+
+
+/*
+ * Function: rc_own_bind_ipaddress
+ *
+ * Purpose: get the IP address to be used as a source address
+ * for sending requests in host order
+ *
+ * Returns: IP address
+ *
+ */
+
+UINT4 rc_own_bind_ipaddress(void)
+{
+char hostname[256];
+UINT4 rval;
+
+if (rc_conf_str(bindaddr) == NULL ||
+strcmp(rc_conf_str(bindaddr), *) == 0) {
+rval = INADDR_ANY;
+} else {
+strncpy(hostname, rc_conf_str(bindaddr), sizeof(hostname));
+hostname[sizeof(hostname) - 1] = '\0';
+if ((rval = rc_get_ipaddr (hostname)) == 0) {
+ error(rc_own_bind_ipaddress: couldn't get IP address
from bindaddr);
+rval = INADDR_ANY;
+}
+}
+
+return rval;
+}
+
diff -Naur ppp-2.4.5/pppd/plugins/radius/options.h
ppp-2.4.5-bindaddress/pppd/plugins/radius/options.h
--- ppp-2.4.5/pppd/plugins/radius/options.h 2009-11-17 00:26:07.0
+0200
+++ ppp-2.4.5-bindaddress/pppd/plugins/radius/options.h 2013-04-02
16:18:30.551339169 +0300
@@ -55,6 +55,7 @@
{radius_timeout, OT_INT, ST_UNDEF, NULL},
{radius_retries, OT_INT, ST_UNDEF, NULL},
{nas_identifier, OT_STR, ST_UNDEF, },
+{bindaddr,OT_STR, ST_UNDEF, NULL},
/* local options */
{login_local,OT_STR, ST_UNDEF, NULL},
};
diff -Naur ppp-2.4.5/pppd/plugins/radius/sendserver.c
ppp-2.4.5-bindaddress/pppd/plugins/radius/sendserver.c
--- ppp-2.4.5/pppd/plugins/radius/sendserver.c 2009-11-17 00:26:07.0
+0200
+++ ppp-2.4.5-bindaddress/pppd/plugins/radius/sendserver.c 2013-04-03
20:20:01.411359661 +0300
@@ -244,7 +244,7 @@
sin = (struct sockaddr_in *) salocal;
memset ((char *) sin, '\0', (size_t) length);
sin-sin_family = AF_INET;
- sin-sin_addr.s_addr = htonl(INADDR_ANY);
+ sin-sin_addr.s_addr = htonl(rc_own_bind_ipaddress());
sin-sin_port = htons ((unsigned short) 0);
if (bind (sockfd, (struct sockaddr *) sin, length) 0 ||
getsockname (sockfd, (struct sockaddr *) sin, length) 0)
Re: PPP Radius plugin binding address
Hi Adrian,
debian-devel is about developping Debian as a whole, it's not the best adequate
list for reporting bugs regarding a specific package in Debian.
Please report a bug with tag 'patch' against package ppp, following guide at
http://www.debian.org/Bugs/Reporting
Thanks in advance !
On Wed, Apr 03, 2013 at 10:01:06PM +0300, Adrian Ban wrote:
My problem with the radius.so plugin is that the binding IP address
is not used at all, even in the radiusclient-ng has this parameter:
bindaddr.
I've created a small patch for radius plugin which enables this
function to set a fixed IP for each radius packet is send to the
radius server.
In my case I got multiple up-links for redundancy and the radius
plugin sends the packet with the IP from interface IP.
For example if I have eth0 with 172.16.0.1/24 and eth1 with
172.20.1.2/24 if something happen with the link on eth0 the OSPF
moves the routes to the eth1. So the plugin will send all the
packets with IP 172.20.1.2/24 and if you forget to add in the Radius
Server all packets will be rejected.
So if you have an IP on loopback for example 10.10.20.1/32 with this
patch you can specify bindaddr 10.10.20.1 and all packets will be
send with this IP and in the Radius Server you must set only the IP
10.10.20.1 and not the 172.16.0.1 and 172.20.1.2.
Here is the link on my webserver
http://linux.mantech.ro/ppp-patch/ppp-2.4.5-radius-bindaddress.diff
and also I've attached the patch to email
Best regards,
Adrian
--
Adrian Ban
IP/MPLS Engineer
mobil: +40788388190
web: www.abtelecom.ro http://www.abtelecom.ro/
This patch fix 2 problems with radius.so:
1. bindaddr from /etc/radiusclient/radiusclient.conf is read and the
radius.so doesn't exit with error
2. bindaddr is used to send the radius packet to the server using a specific
IP address in system
This is very common for setups that the router has multiple interfaces for
upstreams and you don't know
which connection is active. In this case sometimes packet uses the IP of
interface 1 and sometimes uses
the IP of interface 2.
With this patch (adapted form radiusclient-ng) you can specify the IP of
loopback address and the plugin
will bind to that IP and send the packet with a fix IP everytime.
Author: Adrian Ban (adrian@mantech.ro)
diff -Naur ppp-2.4.5/pppd/plugins/radius/ip_util.c
ppp-2.4.5-bindaddress/pppd/plugins/radius/ip_util.c
--- ppp-2.4.5/pppd/plugins/radius/ip_util.c 2009-11-17 00:26:07.0
+0200
+++ ppp-2.4.5-bindaddress/pppd/plugins/radius/ip_util.c 2013-04-03
20:35:29.711878448 +0300
@@ -122,6 +122,7 @@
*
*/
+
UINT4 rc_own_ipaddress(void)
{
static UINT4 this_host_ipaddr = 0;
@@ -135,3 +136,35 @@
return this_host_ipaddr;
}
+
+
+/*
+ * Function: rc_own_bind_ipaddress
+ *
+ * Purpose: get the IP address to be used as a source address
+ * for sending requests in host order
+ *
+ * Returns: IP address
+ *
+ */
+
+UINT4 rc_own_bind_ipaddress(void)
+{
+char hostname[256];
+UINT4 rval;
+
+if (rc_conf_str(bindaddr) == NULL ||
+strcmp(rc_conf_str(bindaddr), *) == 0) {
+rval = INADDR_ANY;
+} else {
+strncpy(hostname, rc_conf_str(bindaddr), sizeof(hostname));
+hostname[sizeof(hostname) - 1] = '\0';
+if ((rval = rc_get_ipaddr (hostname)) == 0) {
+ error(rc_own_bind_ipaddress: couldn't get IP address
from bindaddr);
+rval = INADDR_ANY;
+}
+}
+
+return rval;
+}
+
diff -Naur ppp-2.4.5/pppd/plugins/radius/options.h
ppp-2.4.5-bindaddress/pppd/plugins/radius/options.h
--- ppp-2.4.5/pppd/plugins/radius/options.h 2009-11-17 00:26:07.0
+0200
+++ ppp-2.4.5-bindaddress/pppd/plugins/radius/options.h 2013-04-02
16:18:30.551339169 +0300
@@ -55,6 +55,7 @@
{radius_timeout, OT_INT, ST_UNDEF, NULL},
{radius_retries, OT_INT, ST_UNDEF, NULL},
{nas_identifier, OT_STR, ST_UNDEF, },
+{bindaddr,OT_STR, ST_UNDEF, NULL},
/* local options */
{login_local, OT_STR, ST_UNDEF, NULL},
};
diff -Naur ppp-2.4.5/pppd/plugins/radius/sendserver.c
ppp-2.4.5-bindaddress/pppd/plugins/radius/sendserver.c
--- ppp-2.4.5/pppd/plugins/radius/sendserver.c2009-11-17
00:26:07.0 +0200
+++ ppp-2.4.5-bindaddress/pppd/plugins/radius/sendserver.c2013-04-03
20:20:01.411359661 +0300
@@ -244,7 +244,7 @@
sin = (struct sockaddr_in *) salocal;
memset ((char *) sin, '\0', (size_t) length);
sin-sin_family = AF_INET;
- sin-sin_addr.s_addr = htonl(INADDR_ANY);
+ sin-sin_addr.s_addr = htonl(rc_own_bind_ipaddress());
sin-sin_port = htons ((unsigned short) 0);
if (bind (sockfd, (struct sockaddr *) sin, length) 0 ||
getsockname
