Scott Lambert wrote:
lrad_packet_list_socket_add() is called with a pointer to the radius request packet list structure and the socket file descriptor of the socket which has been created with the call to socket() and bound to an IP and port by bind() during the prior call to lrad_socket(). Is that correct?
Yes. In the jail, it asks to bind to 0.0.0.0, but the socket *actually* binds to the jail IP. This is why the "inaddr_any" check doesn't match.
So, should we be looking for != in the above if() from lrad_packet_list_socket_add()?
... no. The issue is that when udpfromto is used, we have: a) socket binds to 0.0.0.0 (really, outside of the jail) b) the server doesn't know which IP is used to send a packet c) the server DOES know which IP the response is sent to Since the "received" IP doesn't match the "source" IP, there's a little bit of tweaking that has to be done to match the response to an outstanding request. That's what that check is for.
I flipped that to a != comparison and it seems to work inside or outside the jail with or without specifying the "Packet_Src-IP-Address".
I have no idea why that would work...
Problem solved? Or, is this going to break other things?
It should really break things...
=================================== jail with Packet-Src-IP-Address:
But that tells the server which IP to use for the source IP, so the whole "inaddr_any" checks don't apply. Alan DeKok.