Accounting-Request packets

Mark Dennehy mark.dennehy at gmail.com
Thu Jan 22 18:00:07 CET 2009 

On Thu, Jan 22, 2009 at 4:47 PM, Alan DeKok <aland at deployingradius.com>wrote:

> Mark Dennehy wrote:
> > 1) Can a radius accounting session get the Start message from one host
> > and the Stop message from another?
>
>   It's not forbidden (surprisingly enough).  But it's certainly
> unexpected, and happens very rarely (i.e. never) in real systems.


So long as it's not forbidden by the RFC or freeradius, I don't mind being
thought of as not a "real" system! :)


> > 2) I've got wireshark showing incoming radius messages on a box here;
> > but freeradius -X isn't showing them being spotted;
>
>  Then they're not showing up on the socket freeradius is using.
> There's likely a firewall in the way, or SELinux.


SELinux isn't present, and wireshark is actually running on the box in
question, so they're past the firewall at this stage. What I'm seeing from
wireshark is:

Frame 15 (144 bytes on wire, 144 bytes captured)
Linux cooked capture
Internet Protocol, Src: 134.226.36.52 (134.226.36.52), Dst: 134.226.52.44
(134.226.52.44)
User Datagram Protocol, Src Port: 36592 (36592), Dst Port: radius-acct
(1813)
    Source port: 36592 (36592)
    Destination port: radius-acct (1813)
    Length: 108
    Checksum: 0xbb58 [correct]
Radius Protocol
    Code: Accounting-Request (4)
    Packet identifier: 0xe7 (231)
    Length: 100
    Authenticator: 64CD64DA5BA51A7DBD010E28BFEC55F5
    Attribute Value Pairs
        AVP: l=6  t=Acct-Status-Type(40): Stop(2)
        AVP: l=12  t=NAS-Identifier(32): metachilli
        AVP: l=6  t=NAS-IP-Address(4): 127.0.0.1
        AVP: l=14  t=User-Name(1): qw2 at metakall
        AVP: l=18  t=Acct-Session-Id(44): 4978936900000000
        AVP: l=6  t=Acct-Terminate-Cause(49): Lost-Carrier(2)
        AVP: l=6  t=NAS-Port(5): 1813
        AVP: l=6  t=Acct-Delay-Time(41): 0
        AVP: l=6  t=NAS-IP-Address(4): 134.226.36.52


But freeradius -X doesn't even hiccup. There's no acknowlegement from it at
all that this arrived.



>   It logs nearly everything in debugging mode, including all packets
> it's discarding.


*Nearly* everything?
(Because I know what my luck is like :D )



-- 
Mark Dennehy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20090122/b96f5bdb/attachment.html>

More information about the Freeradius-Devel mailing list