Re: FR2 - proxying inner tunnel

Dmitry Sergienko <trooper+freeradius+users@email.dp.ua> · Mon, 18 Feb 2008 18:08:51 +0200

Hi!

Alan DeKok wrote:

Dmitry Sergienko wrote:

Please give me some tips how/where to fix this issue. I'm somewhat lost
while debugging this EAP stuff with tunnelling and proxying ;)

  It's rather complicated after a while.  I'm not sure how it can be
easily debugged...

Added some functions to make debugging easier and found out the following:
There is a call of eaplist_add() in eap_post_proxy():

541                     if ((handler->eap_ds->request->code == PW_EAP_REQUEST) &&
542                         (handler->eap_ds->request->type.type >= PW_EAP_MD5)) {
543                             eaplist_add(inst, handler);

and in eaplist_add():

271             handler->src_ipaddr = handler->request->packet->src_ipaddr;

But during proxying handler->request->packet->src_ipaddr.ipaddr.ip4addr is zero:

(gdb) p handler->request->packet->src_ipaddr

$7 = {af = 2, ipaddr = {ip4addr = {s_addr = 0}, ip6addr = {in6_u = {u6_addr8 = 

"\000\000\000\000\220\006\030\b\215\b\b\000\000\000",

        u6_addr16 = {0, 0, 1680, 2072, 36260, 2056, 0, 0}, u6_addr32 = {0, 135792272, 134778276, 0}}}}}

Then we're trying to find a session with correct ip address of NAS, i.e. 192.168.2.3 and eaplist_find() fails because it 

contains session with zero ipaddr.

I'll try to debug deeper and figure out how to fix this correctly (and not to break anything else ;)

--
Best wishes,
Dmitry Sergienko (SDA104-RIPE)
Trifle Co., Ltd.