Logging raw accounting packets
Alan DeKok
aland at deployingradius.com
Sat Aug 18 18:58:52 CEST 2012
Brian Candler wrote:
> The reason: vendors have bugs in their accounting implementations, and we
> want to be able to show them the original raw packets to prove it's not our
> accounting collectors which are mis-interpreting the data.
My $0.02 is that you should name && shame the vendors. This has
worked well in the past.
> The problem with tcpdump is being able to find quickly the packets of
> interest (e.g. given a username, or given a FreeRadius
> Acct-Unique-Session-Id which is an MD5 across multiple attributes). So I
> want to extract the attributes of interest and index them alongside the raw
> data, or offsets into the raw data.
You can log the packet src/dst ip/port, and the timestamp. That
should be good enough to quickly find it in a PCAP file.
The problem with dumping raw packets is that you can't. You'll have
to convert them to hex, which doubles the size.
It's possible, and probably only ~200 lines of code. But I don't
really see much benefit for the wider audience.
I'd suggest writing a module which does nothing more than register a
"paw_packet" xlat callback. That way it will be easy to integrate into
any new release of the server.
Alan DeKok.
More information about the Freeradius-Users
mailing list