RADIUS sniffer

[Nicolas Baradakis]

Alan DeKok wrote:

>   Comments:
>
>  - use #ifdef HAVE_FOO_H around the #includes, and wrap the whole
> radsniff.h in #ifdef HAVE_PCAP_H.  There's some crazy system out there
> with libpcap, but not pcap.h, and it's admin will complain to the list.

I've catched this case in a different manner, but it could be changed:
If the autoconf test for pcap.h fails, the content of PCAP_LIBS is
deleted, and radsniff.c isn't compiled at all.

>  - the code you're copying from lib/radius.c could be abstracted a bit
> better, so you don't have to copy it.  I've started down some of that
> path with the rad_encode, rad_sign, etc. functions.  We could do more.

You're right. I just copy/paste the code to get something that works
without modifing the files in src/lib, but indeed it can be improved.
For that purpose I've left the changed code in comments to point out
what is different.

>   Also, the Ethereal people have grabbed the FreeRADIUS dictionaries
> whole-sale.  So Ethereal can understand *most* of the attributes
> FreeRADIUS understands.  I've still got to send them a patch to handle
> USR, Lucent, and Starent VSA's.  But once that's done, they'll be as
> capable as FreeRADIUS.

That would be good. Ethereal displays a lot more information about
the packet than I do in "radsniff". But depending on the situation
it is also annoying to have 50+ lines of text for each packet when
running "tethereal -V". I like better something that looks like the
output of "radiusd -X". (and I like better writing a filter rule with
the "users" file syntax to match a RADIUS packet)

-- 
Nicolas Baradakis