Correlating Access-Requests and Replys
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Apr 21 19:11:42 CEST 2016
> On Apr 21, 2016, at 12:16 PM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>
> On 21/04/16 16:39, Arran Cudbard-Bell wrote:
>
>> I'll add something that behaves like that.
>
> It would be super-useful if the thing you add is present before "authorize" is called; State only appears after eap.authenticate, which can be too late for some kinds of logging.
Yeah, the state I was referring to wasn't the state attribute, it was the a fr_state_entry_t. But the ID of that struct mutates every round too, because a new instance of that struct is allocated each time.
We can change fr_state_to_request to populate a field in the REQUEST * with a session number if it fails to find a matching state entry or state attribute.
If it does fine a state entry, we copy over the session number from that state entry.
fr_state_to_request runs before authorize, so that'd meet your requirement :)
> I never understood why State mutates on each roundtrip ;o)
Hmm, I think the idea might have been to add support for diverse proxy paths eventually, in which case you can't rely on just the request ID.
-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160421/29799372/attachment.sig>
More information about the Freeradius-Users
mailing list