Special Characters for special Attributes

Leander S. leander.schaefer at gmx.net
Sun Apr 6 17:17:08 CEST 2008 

Hi,

I use FreeBSD 7.0 and have mpd as PPPoE Server & FreeRADIUS & PGSQL 
succesfully running.

My goal now is it to shrink down the Bandwidth for each user with the 
help of IPFW and Dummynet which is supported by mpd and shouldn't be 
that big of a deal.


That's how my /usr/local/etc/raddb/users  looks like:


###############################################

test    User-Password == "testpasswd"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 1.2.3.4,
        Framed-IP-Netmask = 255.255.255.255,
        Framed-Routing = Broadcast-Listen,
        Framed-Filter-Id = "std.ppp",
        Framed-MTU = 1492,
        Framed-Compression = Van-Jacobsen-TCP-IP,
        mpd-table += "1=11.1.11.1",
        mpd-table += "1=1.2.3.4",
        mpd-pipe += "1=bw 20Kbyte/s",
        mpd-pipe += "5=bw 10Kbyte/s",
        mpd-rule += "1=pipe %p1 all from any to table\(%t1\) in",
        mpd-rule += "2=pipe %p5 all from table\(%t1\) to any out",
        mpd-rule += "100=allow all from any to any",
[...]

###############################################


The last few lines are responsible for limiting the bandwidth but those 
brackets causing trouble because FreeRADIUS doesn't send it like that to 
mpd5.

-----------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------
... somebody told me:

IPFW rules are operated using shell+ipfw execution. 
So you should add slashes before shell special chars, like "(" or ")": 
mpd-rule += "1=pipe %p1 all from any to table\(%t1\) in",  
mpd-rule += "2=pipe %p5 all from table\(%t1\) to any out",  
 
PS: you RADIUS configuration syntax may require additional slashing for 
that slashes. :)

[...]

Enable 'log +radius2' in mpd and make sure that rules coming to mpd with 
that slashes added. 
If there will be no slashes, then you RADIUS config strips them and you 
should add slashes for slashes.
-----------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------

here is a part of mpd5's log to have look how RADIUS sending those 
attributes to mpd5:

###############################################
[...]
[rl0-3] RADIUS: RadiusGetParams: RAD_MPD_RULE: 1=pipe %p1 all from any 
to table\(%t1) in 
[rl0-3] RADIUS: RadiusGetParams: RAD_MPD_RULE: 2=pipe %p5 all from 
table\(%t1) to any out 
[...]
###############################################

^^ ... so you see .. one of that slashes is missed ... BUT how do I get 
those two Lines:
[...]
[rl0-3] RADIUS: RadiusGetParams: RAD_MPD_RULE: 1=pipe %p1 all from any 
to table\(%t1) in 
[rl0-3] RADIUS: RadiusGetParams: RAD_MPD_RULE: 2=pipe %p5 all from 
table\(%t1) to any out 
[...]

looking like they do look in the /usr/local/etc/raddb/users ?

Thank you

Regards,

   Leander

More information about the Freeradius-Users mailing list