Logging raw accounting packets

Alan DeKok aland at deployingradius.com
Sat Aug 18 18:58:52 CEST 2012

Brian Candler wrote:
> The reason: vendors have bugs in their accounting implementations, and we
> want to be able to show them the original raw packets to prove it's not our
> accounting collectors which are mis-interpreting the data.

  My $0.02 is that you should name && shame the vendors.  This has
worked well in the past.

> The problem with tcpdump is being able to find quickly the packets of
> interest (e.g.  given a username, or given a FreeRadius
> Acct-Unique-Session-Id which is an MD5 across multiple attributes). So I
> want to extract the attributes of interest and index them alongside the raw
> data, or offsets into the raw data.

  You can log the packet src/dst ip/port, and the timestamp.  That
should be good enough to quickly find it in a PCAP file.

  The problem with dumping raw packets is that you can't.  You'll have
to convert them to hex, which doubles the size.

  It's possible, and probably only ~200 lines of code.  But I don't
really see much benefit for the wider audience.

  I'd suggest writing a module which does nothing more than register a
"paw_packet" xlat callback.  That way it will be easy to integrate into
any new release of the server.

  Alan DeKok.

More information about the Freeradius-Users mailing list