Possible FreeBSD Jail problem, or other bug in/with FreeRADIUS 2.0.0-pre2

Scott Lambert lambert at lambertfam.org
Sat Sep 22 23:35:40 CEST 2007 

On Sat, Sep 22, 2007 at 04:59:25AM +0200, Alan DeKok wrote:
> Scott Lambert wrote:
> > I've been expecting that there would be a similar chunk of code in the
> > server that I could go find if you thought I was on the right track.
> 
>   Unfortunately, there isn't.

Okay, I'm not going crazy then...
 
> > I've been using radclient to debug because you indicated that it
> > used the same library for matching up packets.  If the above is
> > legitimately the bug I was looking for, I'll have to solve the proxy
> > issue seperately, but with a better idea of what I am looking for.
> 
>   Or, simply tell the server to "listen" on the jail IP address.  That
> will solve the problem, without code changes.

Yeah, I'm running with that workaround.  I was just hoping I wouldn't
have to maintain config differences between the multiple server
instances.  But it's definitely acceptable.
 
>   One patch which *would* help is the ability to set the source IP
> address for proxying.  It's likely not difficult to do, but the code
> hasn't been written yet.

I'm speaking from ignorance here.

Could the server do the bind calls for the listen sockets and check
to see if the bound IP is the same as the one specified in the bind
call and if not, update the server to use the bound IP rather than the
configured IP at least in the case of listen { ipaddr = * }.

pseudo code:
server_addr = read_from_config_file;

bind (sockfd, {listensocketinfo} );
if ( server_addr == INADDR_ANY && sockfd->ipaddr != server_addr ) {
   server_addr = fd->ipaddr;
}

At that point, would the existing code work alright for this wierd and
"wonderful" jail environment without breaking other environments?

I suspect it might not be workable due to the udpfromto stuff.

I think this is the last message I will bother you with on this topic.
My problem is resolved by specifying the IP address in the config file
and doing anything more generic is probably beyond my skills at this
point.

Thank you for your time and patience.

-- 
Scott Lambert                    KC5MLE                       Unix SysAdmin
lambert at lambertfam.org

More information about the Freeradius-Users mailing list