Possible FreeBSD Jail problem, or other bug in/with FreeRADIUS 2.0.0-pre2

Thu Sep 13 07:37:14 CEST 2007

Scott Lambert wrote:
> I've been instrumenting the heck out of anything I thought might be
> useful.  My coding skills are very rusty, but here's what I've come up
> with.  
> 
> src/lib/packet.c:lrad_packet_cmp() likes the response packet.  
> src/lib/packet.c:lrad_packet_find_by_reply() seems to be failing.

  OK..

> radclient appears to be using 0.0.0.0 as the source IP address.  
> lrad_packet_cmp appears to be seeing the source IP address as 69.153.112.27.  

  That's pretty much what I expected.  radclient doesn't know the IP
address, so it sends it from 0.0.0.0.  However, the *receiving* code
knows the IP, so it gets set.

> I haven't figured out how to instrument lrad_hash_table_finddata and the
> stuff chained from there in a meaningful way.  I'm getting lost in the
> execution path.

  Don't worry about that.  The code in lrad_packet_find_byreply() SHOULD
take care of noticing that the socket was bound to 0.0.0.0, and use that
as the source IP address.  If it isn't working, it's a bug.

> Based on the above, I changed the listen stanza in radius.conf 
> -       ipaddr = *
> +       ipaddr = 69.153.112.27
> 
> This permits the server to succesfully proxy requests to other servers.

  Yes, that will work.

> I don't see a way to get radclient to use a specific source IP address.

  In CVS head, put "Packet-Src-IP-Address = ..." into the list of
attributes to send, along with User-Name.  radclient will figure it out.

...
> lrad_packet_list_find_byreply: lrad_socket_find returned 134591488
> lrad_packet_list_find_byreply: ps->inaddr_any false, reply->dst_ipaddr.ipaddr.ip4addr = 0 

  That's the problem.  The ps->inaddr_any field should be TRUE.
...
> Outside the jail on the same hardware/freeradius binaries, this is what
> the radclient output looks like:
...
> lrad_packet_list_find_byreply: ps->inaddr_any true, ps->ipaddr = 2

  Yup.  I'd love to know why that's happening.

> Do I need to take this to the FreeBSD folks, or is this fixable in
> FreeRADIUS?

  It MAY be fixable in FreeRADIUS, but I don't have access to a FreeBSD
box to test it...

  I *think* there might be a work-around.  Go to
lrad_packet_list_socket_add(), and update the following code:

  if (*((uint32_t *) &ps->ipaddr.ipaddr.ip4addr.s_addr) ==INADDR_ANY) {
     ps->inaddr_any = 1;
  }

  i.e. add the cast to uint32_t *...

  Alan DeKok.