corrupt UDP packets sent to proxy
Taylor, Graham
GrahamTaylor at michaelpage.com
Fri Jun 17 12:38:40 CEST 2005
Hi People, I hope you can shed some light on a problem I am having with
freeradius acting as a proxy. As you can see the packet below has a
corrupt UDP header ( Checksum: 0x5b10 (incorrect, should be 0x9f2d)
). If I use radtest then the packet is fine and I get authenticated, the
problem only occurs when the request is proxied out, all of the packets
forwarded to the secondary radius server have the UDP checksum error, I
have tried the latest version of freeradius with exactly the same
results, so I have gone back to the version supplied with RedHat, on a
fresh build.
Versions are as follows:
radiusd: FreeRADIUS Version 1.0.1, for host , built on Nov 26 2004 at
10:48:39
OpenSSL 0.9.7g 11 Apr 2005
Linux <MY HOST NAME> 2.6.9-5.ELsmp #1 SMP Wed Jan 5 19:30:39 EST 2005
i686 i686 i386 GNU/Linux
This is RedHat ES version 4
Please let me know if you need any further information
Regards Graham
Frame 12 (197 bytes on wire, 197 bytes captured)
Arrival Time: Jun 17, 2005 11:19:35.560228000
Time delta from previous packet: 4.660183000 seconds
Time since reference or first frame: 111.704161000 seconds
Frame Number: 12
Packet Length: 197 bytes
Capture Length: 197 bytes
Protocols in frame: eth:ip:udp:radius:eap
Ethernet II, Src: 00:12:79:3c:9c:61, Dst: 00:00:0c:07:ac:14
Destination: 00:00:0c:07:ac:14 (All-HSRP-routers_14)
Source: 00:12:79:3c:9c:61 (HewlettP_3c:9c:61)
Type: IP (0x0800)
Internet Protocol, Src Addr: XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX), Dst
Addr: XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 183
Identification: 0x0005 (5)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xdfd5 (correct)
Source: XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX)
Destination: XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX)
User Datagram Protocol, Src Port: 1814 (1814), Dst Port: radius (1812)
Source port: 1814 (1814)
Destination port: radius (1812)
Length: 163
Checksum: 0x5b10 (incorrect, should be 0x9f2d)
Radius Protocol
Code: Access Request (1)
Packet identifier: 0x1 (1)
Length: 155
Authenticator: 0x22840C6BAE7ECB8E4FE8A8A3773B1A08
Attribute value pairs
t:User Name(1) l:8, Value:"graham"
User-Name: graham
t:Framed MTU(12) l:6, Value:1400
t:Called Station Id(30) l:16, Value:"000e.842e.8230"
Called-Station-Id: 000e.842e.8230
t:Calling Station Id(31) l:16, Value:"0040.96a7.f8d2"
Calling-Station-Id: 0040.96a7.f8d2
t:Service Type(6) l:6, Value:Login(1)
Service-Type: Login (1)
t:Message Authenticator(80) l:18,
Value:C77E1EE1C2A7E98B00E464AB0DB0DE48
t:EAP Message(79) l:34
Extensible Authentication Protocol
Code: Response (2)
Id: 2
Length: 32
Type: Identity [RFC3748] (1)
Identity (27 bytes): graham at test.com
t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11(19)
t:NAS Port(5) l:6, Value:1646
t:NAS IP Address(4) l:6, Value:172.23.1.201
Nas IP Address: 172.23.1.201 (172.23.1.201)
t:NAS identifier(32) l:8, Value:"ap1200"
t:Proxy State(33) l:5, Value:323533
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050617/1d9fb517/attachment.html>
More information about the Freeradius-Users
mailing list