Hi,
I have a small patch for the proxy code, in particular for listen.c in CVS HEAD.
When the proxy reply comes back, only the cl->ipaddr is checked against the reply
source address, however it is possible to configure cl->acct_ipaddr differently to
cl->ipaddr (ie different auth and acct home servers for a single realm entry), and
thus the active status and last reply time may never be updated for an accounting home
server.
I'm not sure what functional detriment the current behaviour might have, as I
only stumbled across this while trying a small modification to proxy.c so that
it would choose one of the home servers, even if they are all marked dead.
Unfortunately I can't get CVS HEAD to compile under Solaris 10 x86 using gcc,
so I have to admit I haven't compiled this code yet, but I have test the
equivalent for 1.0.1 at work today. Sorry.
Actually, this brings up another point that just crossed my mind, should
cl->last_reply be split between authentication and accounting? Probably not a
big deal, but I think it could result in for example the home auth server not
being marked dead for the realm if a reply had been received from the home
accounting server? (files.c around line 500)
regards,
Mike
-bash-3.00$ diff -u listen.c.orig listen.c
--- listen.c.orig Thu Sep 1 23:28:11 2005
+++ listen.c Fri Sep 2 00:00:48 2005
@@ -916,17 +916,24 @@
* as garbage.
*/
for (cl = mainconfig.realms; cl != NULL; cl = cl->next) {
- if (oldreq->proxy_reply->src_ipaddr.af != cl->ipaddr.af)
continue;
+ if ((oldreq->proxy_reply->src_ipaddr.af != cl->ipaddr.af) &&
+ (oldreq->proxy_reply->src_ipaddr.af != cl->acct_ipaddr.af))
+ continue;
+
if (cl->ipaddr.af != AF_INET) continue; /* FIXME */
- if (oldreq->proxy_reply->src_ipaddr.ipaddr.ip4addr.s_addr ==
cl->ipaddr.ipaddr.ip4addr.s_addr) {
- if (oldreq->proxy_reply->src_port == cl->auth_port) {
- cl->active = TRUE;
- cl->last_reply = oldreq->timestamp;
- } else if (oldreq->proxy_reply->src_port ==
cl->acct_port) {
- cl->acct_active = TRUE;
- cl->last_reply = oldreq->timestamp;
- }
+ if ((oldreq->proxy_reply->src_ipaddr.ipaddr.ip4addr.s_addr ==
cl->ipaddr.ipaddr.ip4addr.s_addr) &&
+ (oldreq->proxy_reply->src_port == cl->auth_port)) {
+
+ cl->active = TRUE;
+ cl->last_reply = oldreq->timestamp;
+
+ } else if ((oldreq->proxy_reply->src_ipaddr.ipaddr.ip4addr.s_addr ==
cl->acct_ipaddr.ipaddr.ip4addr.s_addr) &&
+ (oldreq->proxy_reply->src_port == cl->acct_port)) {
+
+ cl->acct_active = TRUE;
+ cl->last_reply = oldreq->timestamp;
+
}
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html