rlm_perl bug while adding VSA?

magmike at mail.ru magmike at mail.ru
Thu Jan 16 18:17:31 CET 2014


Thank you for reply Alan

unfortunately, did not help

debug output

...
Thu Jan 16 22:07:51 2014 : Debug:   preprocess {
Thu Jan 16 22:07:51 2014 : Debug:       huntgroups = "/etc/freeradius/huntgroups"
Thu Jan 16 22:07:51 2014 : Debug:       hints = "/etc/freeradius/hints"
Thu Jan 16 22:07:51 2014 : Debug:       with_ascend_hack = no
Thu Jan 16 22:07:51 2014 : Debug:       ascend_channels_per_line = 23
Thu Jan 16 22:07:51 2014 : Debug:       with_ntdomain_hack = no
Thu Jan 16 22:07:51 2014 : Debug:       with_specialix_jetstream_hack = no
Thu Jan 16 22:07:51 2014 : Debug:       with_cisco_vsa_hack = no
Thu Jan 16 22:07:51 2014 : Debug:       with_alvarion_vsa_hack = no
Thu Jan 16 22:07:51 2014 : Debug:   }
...

>> rlm_perl add incorrect AVP while receiving acct-packet with VSA.

>   OK...

>> in debug i see good packet received by radius:
>> rad_recv: Accounting-Request packet from host 192.168.243.243 port 44825, id=109, length=997
> ...
>>         Cisco-AVPair = "h323-incoming-conf-id=1100037f 52d7b893 6f9a90c4 240760f0"

>   Which comes up later:

>> Thu Jan 16 17:41:05 2014 : Debug: rlm_perl: ERROR: Failed to create pair Incoming-RTP-remote-address = 1100037f 52d7b893 6f9a90c4 240760f0

>   Somehow the Cisco attributes are getting confused with the Eltex ones.

Cisco attributes is not cause. also there is few attibutes with value contain "1100037f 52d7b893 6f9a90c4 240760f0"
this is normal:
Acct-Session-Id = "1100037f 52d7b893 6f9a90c4 240760f0"
Cisco-AVPair = "h323-call-id=1100037f 52d7b893 6f9a90c4 240760f0"
Cisco-AVPair = "h323-incoming-conf-id=1100037f 52d7b893 6f9a90c4 240760f0"
h323-conf-id = "1100037f 52d7b893 6f9a90c4 240760f0"


There is the only AVP Incoming-RTP-remote-address in packet before rlm_perl:

Incoming-RTP-remote-address = 192.168.243.86

But rlm_perl try to add other values.

Thu Jan 16 22:07:53 2014 : Debug: rlm_perl: Added pair Incoming-RTP-remote-address = 192.168.243.86
Thu Jan 16 22:07:53 2014 : Debug: rlm_perl: ERROR: Failed to create pair Incoming-RTP-remote-address = 1389-869203-968339
Thu Jan 16 22:07:53 2014 : Debug: rlm_perl: Added pair Incoming-RTP-remote-address = 172.16.0.227
Thu Jan 16 22:07:53 2014 : Debug: rlm_perl: Added pair Incoming-RTP-remote-address = 10.75.130.154
Thu Jan 16 22:07:53 2014 : Debug: rlm_perl: Added pair Incoming-RTP-remote-address = 192.168.243.243
Thu Jan 16 22:07:53 2014 : Debug: rlm_perl: Added pair Incoming-RTP-remote-address = 192.168.243.243
Thu Jan 16 22:07:53 2014 : Debug: rlm_perl: ERROR: Failed to create pair Incoming-RTP-remote-address = 68185495bd67a53b

Errors arise because Incoming-RTP-remote-address described as ipaddr in dictionary

Please pay attention all works fine when i use VENDOR id less or equal 32767 (0x7fff)
Error occured with VENDOR ID greater of 32767

There are the only vendor id greater then 32767 in freeradius dictionaries:

$ grep "^VENDOR" /usr/share/freeradius/dictionary.* | awk '($3>32767){print}'
/usr/share/freeradius/dictionary.eltex:VENDOR           Eltex                           35265


RFC 2865  says:
Vendor-Id
      The high-order octet is 0 and the low-order 3 octets are the SMI
      Network Management Private Enterprise Code of the Vendor in
      network byte order, as defined in the "Assigned Numbers" RFC [6].

so 35265 is less then 0xffffff. i think something wrong in rlm_perl.


>   Go to raddb/modules/preprocess, and set:

>         with_cisco_vsa_hack = no

>   That should fix it.




More information about the Freeradius-Users mailing list