src_ipaddr with proxies

Alexander Clouter alex at digriz.org.uk
Fri Sep 10 16:36:52 CEST 2010 

Alan DeKok <aland at deployingradius.com> wrote:
> 
> Alexander Clouter wrote:
>
>> Found a bug in 2.1.9 (is is the Debian squeeze release), probably due to 
>> my mis-use of src_ipaddr in the home_server stanza.
>
Occurs in the v2.1.x branch too, last commit 
8fadcb9d1d7fa8c5b92cc0e5a21a5bbd3673de72, but I guess you already 
guessed this as there have been no recently tweaks to those relevant 
functions.

>> My proxy definition looks like:
> 
> Do you have *more* of a configuration? 
>
Well yes, I do thank you very much. </don't-you-talk-to-me-like-that>

Guess it was my fault not posting the entire tarball of /etc/freeradius 
here blatted onto the mailing list...sorry.

> That one doesn't work as-is, and if I replace ${local...} with a real 
> IP, the server starts up fine.
> 
Well I included what I thought was enough to replicate the issue and get 
over what I was doing and how (I thought I had it pinned down to 
'src_ipaddr' being the culprit).  Obviously not as changing to hardcoded 
values at my end has no effect and I still get the spinning issue.

Doing a dumb straight replacement of '${local.MY.addr.eduroam.v4}' to 
'212.219.238.5' and '${local.MY.addr.eduroam.v6}' to 
'2001:630:1b:6003:372d:f782:e3d9:ae6' in my template changes nothing.

Doing a just as dumb removing the cascading templating and moving 
'src_ipaddr = ...' directly into the home_server stanza also changes 
nothing.

Doing an equally as dumb forgetting templating and duplicating 
everything needed into home_server also...<drum roll> changes nothing.

http://stuff.digriz.org.uk/freeradius-hang.tar.bz2

>> If I move the 'src_ipaddr' entry explicitly into my 'home_server' 
>> stanza, then I get an assert():
> 
>  That can be fixed.  See the attached patch (event.c).  If it works, it
> should go into 2.1.10.
>
Well the assert() issue is no more, so now we are just down to the 
spinning when you have more than one src_ipaddr...

>> Further investigation shows that if I have more than one 'src_ipaddr' 
>> entry present, I get no assert() and things spin again.
> 
>  More that one src_ipaddr... where?  At all?  Or more than one in the
> same home_server section?
>
'At all', as yeah of cause multiple 'src_ipaddr' makes perfect sense 
within the same home_server stanza... *sigh* Thanks for your vote of 
confidence, if you had spent a minute looking at my original email you 
would have seen when you unroll the templating you get a *single* 
src_ipaddr key/value pair in each home_server.

The spinning occurs when you have more than one src_ipaddr present 
across all your home_server definitions, regardless if they are for 
different address families.  So even if for the first home_server you 
have v6 and the second home_server you have v4 src_ipaddr...it spins.  
Same happens for v6-v6 and v4-v4 combinations, and of course v6-v6-v4, 
v4-v4-v6, etc etc ad nausem.

You'll see the 'unrolling' I have done in the 'LOCAL/proxy.conf' file of 
the linked to tarball above.
 
>  See also the realms.c patch.  That may address the spinning issue.
> 
Where's that patch?  I cannot see anything in the git log for any branch 
so I'm guessing it's elsewhere (missing attachment?).

Cheers

-- 
Alexander Clouter
.sigmonster says: Adults die young.

More information about the Freeradius-Devel mailing list