Suggestion for error message verbosity improvement

[Stefan Winter]

Hello,


Regarding this message in radius.log:

Info: Dropping packet without response because of error: Received packet 
from A.B.C.D with invalid Message-Authenticator!  (Shared secret is 
incorrect.)


I would like to suggest to include the name of the client stanza that 
received the packet. This makes it easier to identify the source in some 
scenarios. In my case, on a server that has many virtual servers, each 
listening on individual ports, with overlapping client subnet 
definitions (i.e. the server's port number that was contacted is 
important to identify the listen config; something which the client name 
would give away).


Alternatively, adding just the port number that the packet was received 
on would also be sufficient. I suggest the client name by preference 
because that makes the reporting in line with other errors (e.g. "Login 
incorrect (Home Server failed to respond): [abc] (from client 
CLIENTS_61783_5-20..."


IOW, it would be nice if the error message above could read

Info: Dropping packet without response because of error: Received packet 
from A.B.C.D with invalid Message-Authenticator! *(from client 
CLIENTS_61783_5-20)* (Shared secret is incorrect.)

or


Info: Dropping packet without response because of error: Received packet 
from A.B.C.D *on port 61783* with invalid Message-Authenticator!  
(Shared secret is incorrect.)


Greetings,


Stefan Winter


-- 
This email may contain information for limited distribution only, please treat accordingly.

Fondation Restena, Stefan WINTER
Chief Technology Officer
2, avenue de l'Université
L-4365 Esch-sur-Alzette

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20220316/0496799d/attachment.sig>