[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

PPP Radius plugin binding address

Hi,

My problem with the radius.so plugin is that the binding IP address is not used at all, even in the radiusclient-ng has this parameter: bindaddr.

I've created a small patch for radius plugin which enables this function to set a fixed IP for each radius packet is send to the radius server.
In my case I got multiple up-links for redundancy and the radius plugin sends the packet with the IP from interface IP.

For example if I have eth0 with 172.16.0.1/24 and eth1 with 172.20.1.2/24 if something happen with the link on eth0 the OSPF moves the routes to the eth1. So the plugin will send all the packets with IP 172.20.1.2/24 and if you forget to add in the Radius Server all packets will be rejected.

So if you have an IP on loopback for example 10.10.20.1/32 with this patch you can specify bindaddr 10.10.20.1 and all packets will be send with this IP and in the Radius Server you must set only the IP 10.10.20.1 and not the 172.16.0.1 and 172.20.1.2.

Here is the link on my webserver http://linux.mantech.ro/ppp-patch/ppp-2.4.5-radius-bindaddress.diff and also I've attached the patch to email

Best regards,
Adrian

--
Adrian Ban
IP/MPLS Engineer
----------------------------------------
mobil: +40788388190
web: www.abtelecom.ro
This patch fix 2 problems with radius.so:
1. bindaddr from /etc/radiusclient/radiusclient.conf is read and the radius.so doesn't exit with error
2. bindaddr is used to send the radius packet to the server using a specific IP address in system

This is very common for setups that the router has multiple interfaces for upstreams and you don't know
which connection is active. In this case sometimes packet uses the IP of interface 1 and sometimes uses
the IP of interface 2.
With this patch (adapted form radiusclient-ng) you can specify the IP of loopback address and the plugin
will bind to that IP and send the packet with a fix IP everytime.

Author: Adrian Ban (adrian.ban@mantech.ro)

diff -Naur ppp-2.4.5/pppd/plugins/radius/ip_util.c ppp-2.4.5-bindaddress/pppd/plugins/radius/ip_util.c
--- ppp-2.4.5/pppd/plugins/radius/ip_util.c	2009-11-17 00:26:07.000000000 +0200
+++ ppp-2.4.5-bindaddress/pppd/plugins/radius/ip_util.c	2013-04-03 20:35:29.711878448 +0300
@@ -122,6 +122,7 @@
  *
  */
 
+
 UINT4 rc_own_ipaddress(void)
 {
 	static UINT4 this_host_ipaddr = 0;
@@ -135,3 +136,35 @@
 
 	return this_host_ipaddr;
 }
+
+
+/*
+ * Function: rc_own_bind_ipaddress
+ *
+ * Purpose: get the IP address to be used as a source address
+ *          for sending requests in host order
+ *
+ * Returns: IP address
+ *
+ */
+
+UINT4 rc_own_bind_ipaddress(void)
+{
+        char hostname[256];
+        UINT4 rval;
+
+        if (rc_conf_str("bindaddr") == NULL ||
+            strcmp(rc_conf_str("bindaddr"), "*") == 0) {
+                rval = INADDR_ANY;
+        } else {
+                strncpy(hostname, rc_conf_str("bindaddr"), sizeof(hostname));
+                hostname[sizeof(hostname) - 1] = '\0';
+                if ((rval = rc_get_ipaddr (hostname)) == 0) {
+			error("rc_own_bind_ipaddress: couldn't get IP address from bindaddr");
+                        rval = INADDR_ANY;
+                }
+        }
+
+        return rval;
+}
+
diff -Naur ppp-2.4.5/pppd/plugins/radius/options.h ppp-2.4.5-bindaddress/pppd/plugins/radius/options.h
--- ppp-2.4.5/pppd/plugins/radius/options.h	2009-11-17 00:26:07.000000000 +0200
+++ ppp-2.4.5-bindaddress/pppd/plugins/radius/options.h	2013-04-02 16:18:30.551339169 +0300
@@ -55,6 +55,7 @@
 {"radius_timeout",	OT_INT, ST_UNDEF, NULL},
 {"radius_retries",	OT_INT,	ST_UNDEF, NULL},
 {"nas_identifier",      OT_STR, ST_UNDEF, ""},
+{"bindaddr",            OT_STR, ST_UNDEF, NULL},
 /* local options */
 {"login_local",		OT_STR, ST_UNDEF, NULL},
 };
diff -Naur ppp-2.4.5/pppd/plugins/radius/sendserver.c ppp-2.4.5-bindaddress/pppd/plugins/radius/sendserver.c
--- ppp-2.4.5/pppd/plugins/radius/sendserver.c	2009-11-17 00:26:07.000000000 +0200
+++ ppp-2.4.5-bindaddress/pppd/plugins/radius/sendserver.c	2013-04-03 20:20:01.411359661 +0300
@@ -244,7 +244,7 @@
 	sin = (struct sockaddr_in *) & salocal;
 	memset ((char *) sin, '\0', (size_t) length);
 	sin->sin_family = AF_INET;
-	sin->sin_addr.s_addr = htonl(INADDR_ANY);
+	sin->sin_addr.s_addr = htonl(rc_own_bind_ipaddress());
 	sin->sin_port = htons ((unsigned short) 0);
 	if (bind (sockfd, (struct sockaddr *) sin, length) < 0 ||
 		   getsockname (sockfd, (struct sockaddr *) sin, &length) < 0)
Reply to: