Possible FreeBSD Jail problem, or other bug in/with FreeRADIUS 2.0.0-pre2

Scott Lambert lambert at lambertfam.org
Sat Sep 15 02:23:47 CEST 2007 

On Thu, Sep 13, 2007 at 07:37:14AM +0200, Alan DeKok wrote:
> Scott Lambert wrote:
> > I've been instrumenting the heck out of anything I thought might be
> > useful.  My coding skills are very rusty, but here's what I've come up
> > with.  
> > 
> > src/lib/packet.c:lrad_packet_cmp() likes the response packet.  
> > src/lib/packet.c:lrad_packet_find_by_reply() seems to be failing.
> 
>   OK..
> 
> > radclient appears to be using 0.0.0.0 as the source IP address.  
> > lrad_packet_cmp appears to be seeing the source IP address as 69.153.112.27.  
> 
>   That's pretty much what I expected.  radclient doesn't know the IP
> address, so it sends it from 0.0.0.0.  However, the *receiving* code
> knows the IP, so it gets set.
> 
>   The code in lrad_packet_find_byreply() SHOULD take care of noticing
> that the socket was bound to 0.0.0.0, and use that as the source IP
> address.  If it isn't working, it's a bug.

>   It MAY be fixable in FreeRADIUS, but I don't have access to a FreeBSD
> box to test it...

If you *want* access to a FreeBSD box, send me an ssh public key, you
can have access to this one until we work this out.  I could set you up
a jail to play with long term if that would be useful.
 
>   I *think* there might be a work-around.  Go to
> lrad_packet_list_socket_add(), and update the following code:
> 
>   if (*((uint32_t *) &ps->ipaddr.ipaddr.ip4addr.s_addr) ==INADDR_ANY) {
>      ps->inaddr_any = 1;
>   }

Unfortunately, that didn't change the behavior.

I've added some debug prints to lrad_packet_list_socket_add and changed
up the printfs in lrad_packet_list_find_byreply.  I don't know that they
will help.  But, just in case....

In jailed client:
radclient: main: radclient_head->request->src_ipaddr.af = 0
radclient: main: client_ipaddr.ipaddr.ip4addr = 0, client_port = 0
lrad_socket: sa->sin_addr = 0
lrad_packet_list_socket_add: src.ss_family == AF_INET
lrad_packet_list_socket_add: ps->port = 64551
lrad_packet_list_socket_add: ps->inaddr_any = 0
lrad_packet_list_socket_add: ps->ipaddr.af = 2
lrad_packet_list_socket_add: ps->ipaddr.ipaddr.ip4addr = 460364101
lrad_packet_list_socket_add: ps->ipaddr.ipaddr.ip4addr.s_addr = 460364101
lrad_packet_list_socket_add: *((uint32_t *) &ps->ipaddr.ipaddr.ip4addr.s_addr) != INADDR_ANY
Sending Access-Request of id 93 to 216.61.218.2 port 1645
        User-Name = "testuser1"
        User-Password = "testpass"
        NAS-IP-Address = 69.153.112.27
        NAS-Port = 1645
        Framed-Protocol = PPP
rad_recv: Access-Accept packet from host 216.61.218.2 port 1645, id=93, length=336
radclient: recv_one_packet: client_ipaddr.af = 2
radclient: recv_one_packet: client_ipaddr.ipaddr.ip4addr = 0
lrad_packet_list_find_byreply: lrad_socket_find returned 134833152
lrad_packet_list_find_byreply: ps->inaddr_any = 0
lrad_packet_list_find_byreply: ps->ipaddr.ipaddr.ip4addr = 0
lrad_packet_list_find_byreply: reply->dst_ipaddr.ipaddr.ip4addr = 0
lrad_packet_list_find_byreply: reply->src_port = 1645
lrad_packet_list_find_byreply: reply->src_ipaddr.af = 2
lrad_packet_list_find_byreply: reply->src_ipaddr.ipaddr.ip4addr = 47857112
lrad_packet_list_find_byreply: lrad_hash_table_finddata returned 0
radclient: received response to request we did not send. (id=93 socket 3)
lrad_packet_cmp: lrad_ipaddr_cmp = 0
lrad_packet_cmp: lrad_ipaddr_cmp = 0
radclient: no response from server for ID 93 socket 3

On jailed client with Packet-Src-IP-Address = jailed client's IP address.
radclient: main: radclient_head->request->src_ipaddr.af = 2
radclient: main: client_ipaddr.ipaddr.ip4addr = 460364101, client_port = 0
lrad_socket: sa->sin_addr = 460364101
lrad_packet_list_socket_add: src.ss_family == AF_INET
lrad_packet_list_socket_add: ps->port = 58105
lrad_packet_list_socket_add: ps->inaddr_any = 0
lrad_packet_list_socket_add: ps->ipaddr.af = 2
lrad_packet_list_socket_add: ps->ipaddr.ipaddr.ip4addr = 460364101
lrad_packet_list_socket_add: ps->ipaddr.ipaddr.ip4addr.s_addr = 460364101
lrad_packet_list_socket_add: *((uint32_t *) &ps->ipaddr.ipaddr.ip4addr.s_addr) != INADDR_ANY
Sending Access-Request of id 56 to 216.61.218.2 port 1645
        User-Name = "testuser1"
        User-Password = "testpass"
        NAS-IP-Address = 69.153.112.27
        NAS-Port = 1645
        Framed-Protocol = PPP
rad_recv: Access-Accept packet from host 216.61.218.2 port 1645, id=56, length=336
radclient: recv_one_packet: client_ipaddr.af = 2
radclient: recv_one_packet: client_ipaddr.ipaddr.ip4addr = 460364101
lrad_packet_list_find_byreply: lrad_socket_find returned 134833152
lrad_packet_list_find_byreply: ps->inaddr_any = 0
lrad_packet_list_find_byreply: ps->ipaddr.ipaddr.ip4addr = 0
lrad_packet_list_find_byreply: reply->dst_ipaddr.ipaddr.ip4addr = 460364101
lrad_packet_list_find_byreply: reply->src_port = 1645
lrad_packet_list_find_byreply: reply->src_ipaddr.af = 2
lrad_packet_list_find_byreply: reply->src_ipaddr.ipaddr.ip4addr = 47857112
lrad_packet_cmp: lrad_ipaddr_cmp = 0
lrad_packet_list_find_byreply: lrad_hash_table_finddata returned 134570772
lrad_packet_cmp: lrad_ipaddr_cmp = 0
lrad_packet_cmp: lrad_ipaddr_cmp = 0
        Service-Type = Framed-User
        Framed-Protocol = PPP
	...

On jail host:
radclient: main: radclient_head->request->src_ipaddr.af = 0
radclient: main: client_ipaddr.ipaddr.ip4addr = 0, client_port = 0
lrad_socket: sa->sin_addr = 0
lrad_packet_list_socket_add: src.ss_family == AF_INET
lrad_packet_list_socket_add: ps->port = 65386
lrad_packet_list_socket_add: ps->inaddr_any = 0
lrad_packet_list_socket_add: ps->ipaddr.af = 2
lrad_packet_list_socket_add: ps->ipaddr.ipaddr.ip4addr = 0
lrad_packet_list_socket_add: ps->ipaddr.ipaddr.ip4addr.s_addr = 0
lrad_packet_list_socket_add: *((uint32_t *) &ps->ipaddr.ipaddr.ip4addr.s_addr) == INADDR_ANY
Sending Access-Request of id 2 to 216.61.218.2 port 1645
        User-Name = "testuser1"
        User-Password = "testpass"
        NAS-IP-Address = 69.153.112.27
        NAS-Port = 1645
        Framed-Protocol = PPP
rad_recv: Access-Accept packet from host 216.61.218.2 port 1645, id=2, length=336
radclient: recv_one_packet: client_ipaddr.af = 2
radclient: recv_one_packet: client_ipaddr.ipaddr.ip4addr = 0
lrad_packet_list_find_byreply: lrad_socket_find returned 134593536
lrad_packet_list_find_byreply: ps->inaddr_any = 1
lrad_packet_list_find_byreply: ps->ipaddr.ipaddr.ip4addr = 1
lrad_packet_list_find_byreply: reply->dst_ipaddr.ipaddr.ip4addr = 0
lrad_packet_list_find_byreply: reply->src_port = 1645
lrad_packet_list_find_byreply: reply->src_ipaddr.af = 2
lrad_packet_list_find_byreply: reply->src_ipaddr.ipaddr.ip4addr = 47857112
lrad_packet_cmp: lrad_ipaddr_cmp = 0
lrad_packet_list_find_byreply: lrad_hash_table_finddata returned 134571284
lrad_packet_cmp: lrad_ipaddr_cmp = 0
lrad_packet_cmp: lrad_ipaddr_cmp = 0
        Service-Type = Framed-User
        Framed-Protocol = PPP
	...

On jail host with Packet-Src-IP-Address = jailed client's IP address.
radclient: main: radclient_head->request->src_ipaddr.af = 2
radclient: main: client_ipaddr.ipaddr.ip4addr = 460364101, client_port = 0
lrad_socket: sa->sin_addr = 460364101
lrad_packet_list_socket_add: src.ss_family == AF_INET
lrad_packet_list_socket_add: ps->port = 50019
lrad_packet_list_socket_add: ps->inaddr_any = 0
lrad_packet_list_socket_add: ps->ipaddr.af = 2
lrad_packet_list_socket_add: ps->ipaddr.ipaddr.ip4addr = 460364101
lrad_packet_list_socket_add: ps->ipaddr.ipaddr.ip4addr.s_addr = 460364101
lrad_packet_list_socket_add: *((uint32_t *) &ps->ipaddr.ipaddr.ip4addr.s_addr) != INADDR_ANY
Sending Access-Request of id 141 to 216.61.218.2 port 1645
        User-Name = "testuser1"
        User-Password = "testpass"
        NAS-IP-Address = 69.153.112.27
        NAS-Port = 1645
        Framed-Protocol = PPP
rad_recv: Access-Accept packet from host 216.61.218.2 port 1645, id=141, length=336
radclient: recv_one_packet: client_ipaddr.af = 2
radclient: recv_one_packet: client_ipaddr.ipaddr.ip4addr = 460364101
lrad_packet_list_find_byreply: lrad_socket_find returned 134593536
lrad_packet_list_find_byreply: ps->inaddr_any = 0
lrad_packet_list_find_byreply: ps->ipaddr.ipaddr.ip4addr = 0
lrad_packet_list_find_byreply: reply->dst_ipaddr.ipaddr.ip4addr = 460364101
lrad_packet_list_find_byreply: reply->src_port = 1645
lrad_packet_list_find_byreply: reply->src_ipaddr.af = 2
lrad_packet_list_find_byreply: reply->src_ipaddr.ipaddr.ip4addr = 47857112
lrad_packet_cmp: lrad_ipaddr_cmp = 0
lrad_packet_list_find_byreply: lrad_hash_table_finddata returned 134571284
lrad_packet_cmp: lrad_ipaddr_cmp = 0
lrad_packet_cmp: lrad_ipaddr_cmp = 0
        Service-Type = Framed-User
        Framed-Protocol = PPP
	...

-- 
Scott Lambert                    KC5MLE                       Unix SysAdmin
lambert at lambertfam.org

More information about the Freeradius-Users mailing list