Cannot control attribute ordering via "rlm_perl"

Claude Brown Claude.Brown at
Thu Oct 6 07:56:48 CEST 2011


First, the version I'm using:

# freeradius -v
freeradius: FreeRADIUS Version 2.1.8, for host x86_64-pc-linux-gnu, [...]

I'm trying to control the attribute-ordering when using "rlm_perl". Thus far my experience is that this is not possible. My theory is that this is due to the hash-tables used as the interface between the C and Perl worlds.

Here is a small example that demonstrates the problem. I've turned on the "users" and "perl" modules in the authorize section (in that order). These are the important bits from the "users" file and the "" file.

(from the "users" file) 
steve   Cleartext-Password := "testing"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address =,
        Framed-IP-Netmask =,
        Framed-Routing = Broadcast-Listen,
        Framed-Filter-Id = "std.ppp",
        Framed-MTU = 1500,
        Framed-Compression = Van-Jacobsen-TCP-IP,
        WiMAX-Packet-Data-Flow-Id = 1,
        WiMAX-Service-Data-Flow-Id = 1,
        WiMAX-Service-Profile-Id = 2

(from the "")
sub authorize
   return RLM_MODULE_NOOP;

The debug log of the server is below. The interesting bits are (a) the "rlm_perl: Added pair" and (b) the attribute-order in the packet that the server sends in reply - the order is changed.

The ordering is important to for me as I want those three WiMAX attributes packed inside a parent attribute "WiMAX-Packet-Flow-Descriptor". If I turn off the "perl" module (or place it before the "files" module) the packing works as expected.

I put all this down to the attribute-list being rebuilt (by rlm_perl) from the %RAD_REPLY table. The hash-table has no concept of ordering, so it ends up randomised.

The above is a contrived example - what I really want to do is add those three WiMAX attributes in my perl script.  But due to the ordering problems I think I am wasting my time and need to come up with another solution.

Can anyone see how I can control the ordering of attributes coming out of the perl script?


Claude Brown.

rad_recv: Access-Request packet from host port 50265, id=2, length=63
        User-Name = "steve"
        User-Password = "testing"
        Message-Authenticator = 0xc8b10e777a7ea53a261c855029fd0b58
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "steve", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry steve at line 76
++[files] returns ok
GOT CLONE -1588651264 0x1a0e160
rlm_perl: Added pair User-Name = steve
rlm_perl: Added pair User-Password = testing
rlm_perl: Added pair NAS-IP-Address =
rlm_perl: Added pair Message-Authenticator = 0xc8b10e777a7ea53a261c855029fd0b58
rlm_perl: Added pair WiMAX-Service-Data-Flow-Id = 1
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Framed-Routing = Broadcast-Listen
rlm_perl: Added pair WiMAX-Packet-Data-Flow-Id = 1
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Framed-Filter-Id = std.ppp
rlm_perl: Added pair Framed-IP-Address =
rlm_perl: Added pair Framed-IP-Netmask =
rlm_perl: Added pair Framed-Compression = Van-Jacobson-TCP-IP
rlm_perl: Added pair WiMAX-Service-Profile-Id = 2
rlm_perl: Added pair Framed-MTU = 1500
rlm_perl: Added pair Cleartext-Password = testing
++[perl] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "testing"
[pap] Using clear text password "testing"
[pap] User authenticated successfully
++[pap] returns ok
Login OK: [steve] (from client localhost port 0)
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 2 to port 50265
        WiMAX-Service-Data-Flow-Id = 1
        Service-Type = Framed-User
        Framed-Routing = Broadcast-Listen
        WiMAX-Packet-Data-Flow-Id = 1
        Framed-Protocol = PPP
        Framed-Filter-Id = "std.ppp"
        Framed-IP-Address =
        Framed-IP-Netmask =
        Framed-Compression = Van-Jacobson-TCP-IP
        WiMAX-Service-Profile-Id = 2
        Framed-MTU = 1500
Finished request 0.

More information about the Freeradius-Users mailing list