Patch for rlm_attr_filters

Nikolay P. Romanyuk mag at vtelecom.ru
Tue Nov 1 05:53:14 CET 2005


Hello All,

My VPN3005 NASes are sending several accounting attributes
(Tunnel-Client-Endpoint with Client-IP-Address) causing problems
for RADIUS-based billing software I'm using.
This patch is created to allow rlm_filter to remove a specific
list of attributes from accounting packets. Of course one can
specify all the attributes required in usual way, but that's
too unconvenient since there are too many of them in the
accounting phase. :) Tested with FreeRADIUS-1.0.5

Example:
In module section: (radius.conf)
...
        attr_filter acct {
                attrsfile = ${confdir}/acct
                passother = yes
        }
...

${confdir}/acct
DEFAULT
        Tunnel-Client-Endpoint !* ANY

-- cut here --
--- rlm_attr_filter.c.orig      Tue Nov  1 13:44:07 2005
+++ rlm_attr_filter.c   Tue Nov  1 13:56:40 2005
@@ -46,6 +46,7 @@
 struct attr_filter_instance {
         /* autz */
         char *attrsfile;
+       int passother;
         PAIR_LIST *attrs;
 };

@@ -177,6 +178,8 @@
 static CONF_PARSER module_config[] = {
        { "attrsfile",     PW_TYPE_STRING_PTR,
          offsetof(struct attr_filter_instance,attrsfile), NULL, "${raddbdir}/at
trs" },
+       { "passother",     PW_TYPE_BOOLEAN,
+         offsetof(struct attr_filter_instance,passother), NULL, "no" },
        { NULL, -1, 0, NULL, NULL }
 };

@@ -380,6 +383,13 @@
                        }
                    }

+                   /* only if not found and passother is true */
+                   if ( fail == 0 && pass == 0 && inst->passother ) {
+                       if ( mypairappend(reply_item, &reply_tmp) < 0 ) {
+                               return RLM_MODULE_FAIL;
+                       }
+                   }
+
                }

                /* If we shouldn't fall through, break */
@@ -510,6 +520,12 @@
                                return RLM_MODULE_FAIL;
                        }
                    }
+                   /* only if not found and passother is true */
+                   if ( fail == 0 && pass == 0 && inst->passother ) {
+                       if ( mypairappend(send_item, &send_tmp) < 0 ) {
+                               return RLM_MODULE_FAIL;
+                       }
+                   }
                }
                if (!fallthrough(pl->check))
                    break;
@@ -629,6 +645,12 @@
                                return RLM_MODULE_FAIL;
                        }
                    }
+                   /* only if not found and passother is true */
+                   if ( fail == 0 && pass == 0 && inst->passother ) {
+                       if ( mypairappend(send_item, &send_tmp) < 0 ) {
+                               return RLM_MODULE_FAIL;
+                       }
+                   }
                }
                if (!fallthrough(pl->check))
                    break;
@@ -761,7 +783,12 @@
                                return RLM_MODULE_FAIL;
                        }
                    }
-
+                   /* only if not found and passother is true */
+                   if ( fail == 0 && pass == 0 && inst->passother ) {
+                       if ( mypairappend( reply_item, &reply_tmp) < 0 ) {
+                               return RLM_MODULE_FAIL;
+                       }
+                   }
                }

                /* If we shouldn't fall through, break */

  

-- 
Best regards,
 Nikolay P. Romanyuk, NR42-RIPE        mailto:mag at vtelecom.ru




More information about the Freeradius-Devel mailing list