access to proxy packet "radius id" in case of unresponsive proxy ?
Hello, For logging purposes, I'm trying to get the proxy packet "radius id". In post proxy, the proxy packet id is not available anymore (it has been reset to -1 by fr_packet_list_id_free when removed from proxy hash). When we have a response from the proxy server, we still can know this id (because it's the same as the proxy reply packet id, which is available). But in case of unresponsive proxy, it seems there's no way to do so. (except by changing FreeRADIUS code). Do you confirm this is not currently doable ? And if so, would it be possible to do something about this ? :) Regards, Nicolas. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
On Dec 1, 2015, at 11:48 AM, Chaigneau, Nicolas <nicolas.chaigneau@capgemini.com> wrote:
For logging purposes, I'm trying to get the proxy packet "radius id".
Why? It shouldn't be relevant for anything.
In post proxy, the proxy packet id is not available anymore (it has been reset to -1 by fr_packet_list_id_free when removed from proxy hash).
I guess that can be changed. It's not necessary.
When we have a response from the proxy server, we still can know this id (because it's the same as the proxy reply packet id, which is available).
But in case of unresponsive proxy, it seems there's no way to do so. (except by changing FreeRADIUS code).
We can change the code. But I'd like to know why this is relevant. Alan DeKok.
On 01/12/15 16:53, Alan DeKok wrote:
On Dec 1, 2015, at 11:48 AM, Chaigneau, Nicolas <nicolas.chaigneau@capgemini.com> wrote:
For logging purposes, I'm trying to get the proxy packet "radius id".
Why? It shouldn't be relevant for anything.
It can be handy to correlate external debugging e.g. a packet capture. I've wanted it before, and ended up doing a workaround.
On 01/12/15 16:53, Alan DeKok wrote:
On Dec 1, 2015, at 11:48 AM, Chaigneau, Nicolas <nicolas.chaigneau@capgemini.com> wrote:
For logging purposes, I'm trying to get the proxy packet "radius id".
Why? It shouldn't be relevant for anything.
It can be handy to correlate external debugging e.g. a packet capture.
Exactly :) Also, I'm thinking it could also be useful not to clear the source port, in case we use more than one. I'm not sure it would not break things though.
I've wanted it before, and ended up doing a workaround.
This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
It is intended only for the person to >whom it is addressed.
Am I the intended person?
If you are not the intended recipient, >you are not authorized to read, print, >retain, copy, disseminate, distribute, or >use this message or any part thereof.
Will, tell your legal people that its too late . I've read it because this message is at the bottom of the email...and like any sane person I read emails from the top. Oh and by quoting this to point out the issue i have used a part of the message
If you receive this message in error, >please notify the sender immediately >and delete all copies of this message.
Done (by replying). Oh. And being a public mailing list this email is recorded and stored in several archive systems where it is retained and disseminated and copied. ... these legal signatures should not be applied to mailing lists :/ alan
It is intended only for the person to >whom it is addressed.
Am I the intended person?
If you are not the intended recipient, >you are not authorized to read, print, >retain, copy, disseminate, distribute, or >use this message or any part thereof.
Will, tell your legal people that its too late . I've read it because this message is at the bottom of the email...and like any sane person I read emails from the top. Oh and by quoting this to point out the issue i have used a part of the message
Oh, that's evil ! But I forgive you. I don't talk to the legal people, they're way too scary. Actually, since I've never met them, I'm not even sure they do exist. Maybe these lines automatically appear, summoned from some unholy dimension where sanity is a foreign concept, and which only the dead and the moonstruck can glimpse.
If you receive this message in error, >please notify the sender immediately >and delete all copies of this message.
Done (by replying). Oh. And being a public mailing list this email is recorded and stored in several archive systems where it is retained and disseminated and copied. ... these legal signatures should not be applied to mailing lists :/
They should not exist at all. But I have no choice in the matter :'(
participants (4)
-
Alan Buxey -
Alan DeKok -
Chaigneau, Nicolas -
Phil Mayers