Packet tracing web interface

Brian Candler B.Candler at
Mon Mar 14 14:37:42 CET 2011

On Mon, Mar 14, 2011 at 12:47:36PM +0000, Phil Mayers wrote:
> Ok, correct usage is:
> radmin
> > inject to (auth|acct) dstip dstport

Aha. The 'help' message is decidedly unhelpful there (so is the error
"Unknown socket type").  It works when I add 'auth', thank you.

> > inject from srcip
> > inject file input output

And it turns out radiusd forces a prepend onto the output path, but not the
input path:

++[exec] returns noop
Failed to send injected file to /v/build/fr/var/log/radius//home/brian/test.out: No such file or directory

It would be nice to allow '-' for input and output, so you didn't have to
mess with temporary files, but that would involve sending the request and
response across the socket.

I'll probably stick to radclient + loopbacks for now, although the ability
to set an arbitrary source IP using radmin inject is nice.

Simple GUI app attached. It's quite neat what you can do in 70 lines of ruby



require 'rubygems'
require 'sinatra'
require 'haml'

RADCLIENT = "/usr/bin/radclient"
RADIUSD = "/usr/sbin/freeradius"

# List available loopback interfaces [Label, IP address, secret]
  ['Default', '', 'testing123'],
  ['Test LAC', '', 'anothersecret'],

$radiusd = IO.popen("#{RADIUSD} -X -i -p 18123","w+")
  exit unless (line = $radiusd.gets)
  print line
end until line =~ /Ready to process requests/

set :lock, true   # prevent concurrent requests

get '/' do
  haml :root

post '/' do
  # Flush any remaining debug info
  $radiusd.gets while select([$radiusd], nil, nil, 0)
  @radclient = ""
  @radiusd = ""
  source = SOURCES.find { |src| src[1] == params[:source] } || SOURCES.first
  IO.popen("#{RADCLIENT} -x auth '#{source[2]}' 2>&1","w+") do |io|
    io.puts "Packet-Src-IP-Address = #{source[1]}"
    io.puts params[:avp]
    loop do
      ready, _ = select([io, $radiusd], nil, nil, 10)
      unless ready
        @radiusd << "** TIMEOUT **"
      if ready.include?(io)
        break unless (line = io.gets)
        @radclient << line
      if ready.include?($radiusd)
        exit unless (line = $radiusd.gets)
        @radiusd << line
  haml :root


@@ root
    %title radtest GUI
        - SOURCES.each do |label, ip, secret|
            %input{:type=>'radio',:name=>'source',:value=>ip,:checked=>params[:source]==ip}&= label
      %textarea{:name=>'avp',:rows=>12, :cols=>60}&= params[:avp]
    - if @radclient
      %h1 radclient response
      %pre&= @radclient
    - if @radiusd
      %h1 radiusd debug output
      %pre&= @radiusd

More information about the Freeradius-Users mailing list