Re: PPP Radius plugin binding address
Hi Adrian,
debian-devel is about developping Debian as a whole, it's not the best adequate
list for reporting bugs regarding a specific package in Debian.
Please report a bug with tag 'patch' against package ppp, following guide at
http://www.debian.org/Bugs/Reporting
Thanks in advance !
On Wed, Apr 03, 2013 at 10:01:06PM +0300, Adrian Ban wrote:
> My problem with the radius.so plugin is that the binding IP address
> is not used at all, even in the radiusclient-ng has this parameter:
> bindaddr.
>
> I've created a small patch for radius plugin which enables this
> function to set a fixed IP for each radius packet is send to the
> radius server.
> In my case I got multiple up-links for redundancy and the radius
> plugin sends the packet with the IP from interface IP.
>
> For example if I have eth0 with 172.16.0.1/24 and eth1 with
> 172.20.1.2/24 if something happen with the link on eth0 the OSPF
> moves the routes to the eth1. So the plugin will send all the
> packets with IP 172.20.1.2/24 and if you forget to add in the Radius
> Server all packets will be rejected.
>
> So if you have an IP on loopback for example 10.10.20.1/32 with this
> patch you can specify bindaddr 10.10.20.1 and all packets will be
> send with this IP and in the Radius Server you must set only the IP
> 10.10.20.1 and not the 172.16.0.1 and 172.20.1.2.
>
> Here is the link on my webserver
> http://linux.mantech.ro/ppp-patch/ppp-2.4.5-radius-bindaddress.diff
> and also I've attached the patch to email
>
> Best regards,
> Adrian
>
> --
> Adrian Ban
> IP/MPLS Engineer
> ----------------------------------------
> mobil: +40788388190
> web: www.abtelecom.ro <http://www.abtelecom.ro/>
> This patch fix 2 problems with radius.so:
> 1. bindaddr from /etc/radiusclient/radiusclient.conf is read and the radius.so doesn't exit with error
> 2. bindaddr is used to send the radius packet to the server using a specific IP address in system
>
> This is very common for setups that the router has multiple interfaces for upstreams and you don't know
> which connection is active. In this case sometimes packet uses the IP of interface 1 and sometimes uses
> the IP of interface 2.
> With this patch (adapted form radiusclient-ng) you can specify the IP of loopback address and the plugin
> will bind to that IP and send the packet with a fix IP everytime.
>
> Author: Adrian Ban (adrian.ban@mantech.ro)
>
> diff -Naur ppp-2.4.5/pppd/plugins/radius/ip_util.c ppp-2.4.5-bindaddress/pppd/plugins/radius/ip_util.c
> --- ppp-2.4.5/pppd/plugins/radius/ip_util.c 2009-11-17 00:26:07.000000000 +0200
> +++ ppp-2.4.5-bindaddress/pppd/plugins/radius/ip_util.c 2013-04-03 20:35:29.711878448 +0300
> @@ -122,6 +122,7 @@
> *
> */
>
> +
> UINT4 rc_own_ipaddress(void)
> {
> static UINT4 this_host_ipaddr = 0;
> @@ -135,3 +136,35 @@
>
> return this_host_ipaddr;
> }
> +
> +
> +/*
> + * Function: rc_own_bind_ipaddress
> + *
> + * Purpose: get the IP address to be used as a source address
> + * for sending requests in host order
> + *
> + * Returns: IP address
> + *
> + */
> +
> +UINT4 rc_own_bind_ipaddress(void)
> +{
> + char hostname[256];
> + UINT4 rval;
> +
> + if (rc_conf_str("bindaddr") == NULL ||
> + strcmp(rc_conf_str("bindaddr"), "*") == 0) {
> + rval = INADDR_ANY;
> + } else {
> + strncpy(hostname, rc_conf_str("bindaddr"), sizeof(hostname));
> + hostname[sizeof(hostname) - 1] = '\0';
> + if ((rval = rc_get_ipaddr (hostname)) == 0) {
> + error("rc_own_bind_ipaddress: couldn't get IP address from bindaddr");
> + rval = INADDR_ANY;
> + }
> + }
> +
> + return rval;
> +}
> +
> diff -Naur ppp-2.4.5/pppd/plugins/radius/options.h ppp-2.4.5-bindaddress/pppd/plugins/radius/options.h
> --- ppp-2.4.5/pppd/plugins/radius/options.h 2009-11-17 00:26:07.000000000 +0200
> +++ ppp-2.4.5-bindaddress/pppd/plugins/radius/options.h 2013-04-02 16:18:30.551339169 +0300
> @@ -55,6 +55,7 @@
> {"radius_timeout", OT_INT, ST_UNDEF, NULL},
> {"radius_retries", OT_INT, ST_UNDEF, NULL},
> {"nas_identifier", OT_STR, ST_UNDEF, ""},
> +{"bindaddr", OT_STR, ST_UNDEF, NULL},
> /* local options */
> {"login_local", OT_STR, ST_UNDEF, NULL},
> };
> diff -Naur ppp-2.4.5/pppd/plugins/radius/sendserver.c ppp-2.4.5-bindaddress/pppd/plugins/radius/sendserver.c
> --- ppp-2.4.5/pppd/plugins/radius/sendserver.c 2009-11-17 00:26:07.000000000 +0200
> +++ ppp-2.4.5-bindaddress/pppd/plugins/radius/sendserver.c 2013-04-03 20:20:01.411359661 +0300
> @@ -244,7 +244,7 @@
> sin = (struct sockaddr_in *) & salocal;
> memset ((char *) sin, '\0', (size_t) length);
> sin->sin_family = AF_INET;
> - sin->sin_addr.s_addr = htonl(INADDR_ANY);
> + sin->sin_addr.s_addr = htonl(rc_own_bind_ipaddress());
> sin->sin_port = htons ((unsigned short) 0);
> if (bind (sockfd, (struct sockaddr *) sin, length) < 0 ||
> getsockname (sockfd, (struct sockaddr *) sin, &length) < 0)
--
Simon Paillard
Reply to: