proxy.conf src_ipaddr ignored

Edgar Fuß ef at math.uni-bonn.de
Thu Nov 4 22:24:07 CET 2010


> Your configuration must be doing something odd.
Yes. As specifying multiple identical src_ipaddr values for several home servers resulted in 2.1.7 not to start up properly, I (mis)understood the comment

 #  The rest of the configuration items listed here are optional,
 #  and do not have to appear in every home server definition.

as if you could specify the values in the "localhost" home_server definition and then every other home_server section would pick up them as default.
No, that's not what the wording suggests, but apperantly, it's how 2.1.7 worked -- at least in case of src_ipaddr and -X.

I thought I had tried moving the src_ipaddr definitions to the individual home server sections earlier the day after I upgraded to 2.1.10, but I must have made some mistake I cannot reproduce.

As you already pointed out further up in this thread, I like to debug things myself. So at least, there is a patch attached adding more debug output to proxy listener allocation and home server selection so the day I wasted on the subject may serve somebody else.
-------------- next part --------------
--- src/main/event.c.orig	2010-09-28 13:03:56.000000000 +0200
+++ src/main/event.c	2010-11-04 17:37:19.000000000 +0100
@@ -1867,7 +1867,7 @@
 static int proxy_request(REQUEST *request)
 {
 	struct timeval when;
-	char buffer[128];
+	char buffer[128], buffer2[128];
 
 #ifdef WITH_COA
 	if (request->coa) {
@@ -1903,12 +1903,15 @@
 	}
 	request->next_callback = no_response_to_proxied_request;
 
-	RDEBUG2("Proxying request %u to home server %s port %d",
+	RDEBUG2("Proxying request %u to home server %s port %d using source addr %s",
 	       request->number,
 	       inet_ntop(request->proxy->dst_ipaddr.af,
 			 &request->proxy->dst_ipaddr.ipaddr,
 			 buffer, sizeof(buffer)),
-	       request->proxy->dst_port);
+	       request->proxy->dst_port,
+	       inet_ntop(request->proxy->src_ipaddr.af,
+			 &request->proxy->src_ipaddr.ipaddr,
+			 buffer2, sizeof(buffer2)));
 
 	/*
 	 *	Note that we set proxied BEFORE sending the packet.
--- src/main/listen.c.orig	2010-09-28 13:03:56.000000000 +0200
+++ src/main/listen.c	2010-11-04 18:34:41.000000000 +0100
@@ -1718,6 +1718,7 @@
 {
 	rad_listen_t *this, *tmp, **last;
 	listen_socket_t *sock, *old;
+	char buffer[128];
 
 	/*
 	 *	Find an existing proxy socket to copy.
@@ -1778,6 +1779,11 @@
 	sock->port = 0;
 
 	if (listen_bind(this) >= 0) {
+		DEBUG("Adding listener on address %s, port %u",
+		      inet_ntop(sock->ipaddr.af,
+		                &sock->ipaddr.ipaddr,
+		                buffer, sizeof(buffer)),
+		      sock->port);
 		/*
 		 *	Add the new listener to the list of
 		 *	listeners.
--- src/main/realms.c.orig	2010-09-28 13:03:56.000000000 +0200
+++ src/main/realms.c	2010-11-04 21:34:44.000000000 +0100
@@ -1872,6 +1872,7 @@
 	home_server	*found = NULL;
 	home_server	*zombie = NULL;
 	VALUE_PAIR	*vp;
+	char		buffer1[128], buffer2[128];
 
 	/*
 	 *	Determine how to pick choose the home server.
@@ -2098,6 +2099,15 @@
 			request->proxy->vps =  paircopy(request->packet->vps);
 		}
 
+		DEBUG("Found home server %s, address %s, port %u, source address %s",
+		      found->name,
+		      inet_ntop(found->ipaddr.af,
+		                &found->ipaddr.ipaddr,
+		                buffer1, sizeof(buffer1)),
+		      found->port,
+		      inet_ntop(found->src_ipaddr.af,
+		                &found->src_ipaddr.ipaddr,
+		                buffer2, sizeof(buffer2)));
 		/*
 		 *	Update the various fields as appropriate.
 		 */
@@ -2232,12 +2242,19 @@
 {
 	home_server *home = data;
 	rad_listen_t *this;
+	char buffer[128];
 
 	/*
 	 *	If there WAS a src address defined, ensure that a
 	 *	proxy listener has been defined.
 	 */
 	if (home->src_ipaddr.af != AF_UNSPEC) {
+		DEBUG("Allocating proxy listener for %s using source address %s",
+		      home->name,
+		      inet_ntop(home->src_ipaddr.af,
+		                &home->src_ipaddr.ipaddr,
+		                buffer, sizeof(buffer)));
+
 		this = proxy_new_listener(&home->src_ipaddr, TRUE);
 
 		/*


More information about the Freeradius-Users mailing list