radsniff bug in 2.0.0-pre2?

Geoffroy Arnoud garnoud at yahoo.co.uk
Fri Sep 14 08:37:25 CEST 2007 

Hi all,

I am testing radsniff, and I have the following
behaviour:

When launching radsniff with the following input, the
program crashes (FreeRADIUS v2.0.0-pre2)

[root at host bin]# ./radsniff -f udp
Device: [eth0]
PCAP filter: [udp]
RADIUS secret: [testing123]

*** glibc detected *** free(): invalid pointer:
0x08120dbc ***
Aborted


It seems that radsniff crashes when it tries to decode
packets that are not RADIUS ones (dns requests for
example).

If the filter is very restrictive and matches only
used RADIUS ports, it works fine.
I just have a problem with a RADIUS request used by my
RADIUS load balancer to test my servers status (server
version 1.1.3).
The request used is a Status-Server request. The
content of the request is the following :

[root at rafale ~]# tcpdump -X udp and host 10.67.106.3
tcpdump: verbose output suppressed, use -v or -vv for
full protocol decode
listening on eth0, link-type EN10MB (Ethernet),
capture size 96 bytes



06:36:26.078778 IP 10.67.106.3.57084 > rafale.50812:
UDP, length 26
        0x0000:  4500 0036 0000 0000 ff11 d32b 0a43
6a03  E..6.......+.Cj.
        0x0010:  0a43 6a02 defc c67c 0022 7932 0c01
001a  .Cj....|."y2....
        0x0020:  0fc2 4720 8f36 9096 d8b9 f507 de5d
811d  ..G..6.......]..
        0x0030:  0406 0aa2 39c3                       
   ....9.
06:36:26.079186 IP rafale.50812 > 10.67.106.3.57084:
UDP, length 49
        0x0000:  4500 004d 0000 4000 4011 5215 0a43
6a02  E..M.. at .@.R..Cj.
        0x0010:  0a43 6a03 c67c defc 0039 e8d5 0201
0031  .Cj..|...9.....1
        0x0020:  8605 feab 8157 42de 0bad 532a c113
9148  .....WB...S*...H
        0x0030:  121d 4672 6565 5241 4449 5553 2075
7020  ..FreeRADIUS.up.
        0x0040:  3020 6461 7973 2c20 3232 3a34 34     
   0.days,.22:44

With this issue, to make radsniff work, I have to
exclude my load-balancer source IP address from the
CAP filter :
"udp port 1812 or 1813 or 1814 and host not IP_SRC_LB"
(my load-balancer performs NAT of the server, so I
still see the packets from my clients)

Furthermore, would the community be interested in
having the date of the packet (in the same format as
in radius.log) and the packet id?
I think the patch is not much to do.



      _____________________________________________________________________________ 
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail

More information about the Freeradius-Users mailing list