attr_filter and accounting packets
Stefan Winter
stefan.winter at restena.lu
Wed Jul 23 14:01:58 CEST 2008
Hello,
apparently, the behaviour of rlm_attr_filter changed from 1.1.7 to
2.0.5. In 1.1.7, the pre_proxy function of attr_filter only filtered
authentication requests, the relevant lines in rlm_attr_filter.c being
if (request->packet->code != PW_AUTHENTICATION_REQUEST) {
return (RLM_MODULE_NOOP);
}
That way, it could safely be used in the pre-proxy section to white-list
attributes in authentication requests, but give away the accounting info
unconditionally to a home server.
In 2.0.5, the preproxy function only executes the "common" filtering
functions:
static int attr_filter_preproxy(void *instance, REQUEST *request)
{
return attr_filter_common(instance, request, &request->proxy->vps);
}
which in turn works on auth and acct packets.
Was this intentional? Then the default attrs.pre-proxy should contain at
least the basic accounting-specific attribute like Acct-Status-Type -
otherwise, the module will by default cripple every accounting request
to uselessness. But actually, my preferred way of resolving this would
be to let accounting packets untouched...
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
More information about the Freeradius-Devel
mailing list