src_ipaddr with proxies

Alexander Clouter alex at digriz.org.uk
Fri Sep 10 10:41:13 CEST 2010 

Hi,

Found a bug in 2.1.9 (is is the Debian squeeze release), probably due to 
my mis-use of src_ipaddr in the home_server stanza.

My proxy definition looks like:
----
templates {
        eduroam-proxy {
                type                            = auth+acct
                port                            = 1812
                require_message_authenticator   = yes
                status_check                    = status-server
        }

        eduroam-proxy6 {
                src_ipaddr                      = ${local.MY.addr.eduroam.v6}

                $template eduroam-proxy
        }
        eduroam-proxy4 {
                src_ipaddr                      = ${local.MY.addr.eduroam.v4}

                $template eduroam-proxy
        }
}   

home_server jrs.0.v6 {
        ipv6addr        = ${local.jrs.0.addr.v6}
        secret          = ${local.jrs.0.secret}

        $template eduroam-proxy6
}
home_server jrs.0.v4 {
        ipaddr          = ${local.jrs.0.addr.v4}
        secret          = ${local.jrs.0.secret}

        $template eduroam-proxy4
}

[snipped]
----

This seems to cause FreeRADIUS to spin when opening the proxy sockets, 
the output
----
root at chlorine:/etc/freeradius# gdb /usr/sbin/freeradius 
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-linux-gnueabi".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/sbin/freeradius...Reading symbols from /usr/lib/debug/usr/sbin/freeradius...done.
(no debugging symbols found)...done.
(gdb) run -X
Starting program: /usr/sbin/freeradius -X

[snipped]

listen {
        type = "acct"
        ipaddr = 212.219.238.5
        port = 0
        clients = "eduroam"
}
^C <--- hangs
Program received signal SIGINT, Interrupt.
0x0000e614 in fr_ipaddr_cmp () at misc.c:543
543     misc.c: No such file or directory.
        in misc.c
(gdb) where
#0  0x0000e614 in fr_ipaddr_cmp () at misc.c:543
#1  0x00019f44 in proxy_new_listener (ipaddr=0x137430, exists=1) at listen.c:1726
#2  0x0002eb90 in home_server_create_callback (ctx=0x140a98, data=<value optimized out>) at realms.c:2214
#3  0x40035930 in WalkNodeInOrder (X=0x137228, callback=0x2eb6c <home_server_create_callback>, context=0x140a98) at rbtree.c:544
#4  0x40035918 in WalkNodeInOrder (X=0x5c838, callback=0x2eb6c <home_server_create_callback>, context=0x140a98) at rbtree.c:540
#5  0x40035918 in WalkNodeInOrder (X=0x5ca08, callback=0x2eb6c <home_server_create_callback>, context=0x140a98) at rbtree.c:540
#6  0x0002eb24 in home_server_create_listeners (ctx=<value optimized out>) at realms.c:2244
#7  0x0001a6ac in listen_init (config=0x4c020, head=0xbee39b2c) at listen.c:2194
#8  0x0002ab40 in radius_event_init (cs=0x4c020, spawn_flag=0) at event.c:3599
#9  0x000223fc in main (argc=2, argv=<value optimized out>) at radiusd.c:328
(gdb)
----

If I remove the 'src_ipaddr' entries from my templates then things run 
as normal; however as my RADIUS server has ten IP addresses, without 
this it is completely un-usabled.

If I move the 'src_ipaddr' entry explicitly into my 'home_server' 
stanza, then I get an assert():
----
[snipped]

listen {
        type = "acct"
        ipaddr = 212.219.238.5
        port = 0
        clients = "eduroam"
}
Listening on authentication address ::1 port 1812 as server eduroam
Listening on authentication address 2001:630:1b:6003:372d:f782:e3d9:ae6 port 1812 as server eduroam
Listening on authentication address 212.219.238.5 port 1812 as server eduroam
Listening on accounting address 2001:630:1b:6003:372d:f782:e3d9:ae6 port 1813 as server eduroam
Listening on accounting address 212.219.238.5 port 1813 as server eduroam
Listening on proxy address ::1 port 1814
Listening on proxy address 2001:630:1b:6003:372d:f782:e3d9:ae6 port 55212
Listening on proxy address 2001:630:1b:6003:372d:f782:e3d9:ae6 port 39406
ASSERT FAILED event.c[3639]: proxy_fds[this->fd & 0x1f] == -1
Aborted
----

Further investigation shows that if I have more than one 'src_ipaddr' 
entry present, I get no assert() and things spin again.

So the spin bug seems unrelated to my templating, but is triggered as 
the template creates multiple src_ipaddr's, whilst I cannot use a 
single src_ipaddr as I end up with an assert().

Cheers

-- 
Alexander Clouter
.sigmonster says: Optimization hinders evolution.

More information about the Freeradius-Devel mailing list