attr_filter and accounting packets

Stefan Winter stefan.winter at
Wed Jul 23 14:01:58 CEST 2008


apparently, the behaviour of rlm_attr_filter changed from 1.1.7 to 
2.0.5.  In 1.1.7, the pre_proxy function of attr_filter only filtered 
authentication requests, the relevant lines in rlm_attr_filter.c being

        if (request->packet->code != PW_AUTHENTICATION_REQUEST) {
                return (RLM_MODULE_NOOP);

That way, it could safely be used in the pre-proxy section to white-list 
attributes in authentication requests, but give away the accounting info 
unconditionally to a home server.

In 2.0.5, the preproxy function only executes the "common" filtering 

static int attr_filter_preproxy(void *instance, REQUEST *request)
        return attr_filter_common(instance, request, &request->proxy->vps);

which in turn works on auth and acct packets.

Was this intentional? Then the default attrs.pre-proxy should contain at 
least the basic accounting-specific attribute like Acct-Status-Type - 
otherwise, the module will by default cripple every accounting request 
to uselessness. But actually, my preferred way of resolving this would 
be to let accounting packets untouched...


Stefan Winter

Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

More information about the Freeradius-Devel mailing list