Small patch for proxy code - listen.c

[Michael Mitchell]

Hi,

I have a small patch for the proxy code, in particular for listen.c in CVS HEAD. 

When the proxy reply comes back, only the cl->ipaddr is checked against the reply 
source address, however it is possible to configure cl->acct_ipaddr differently to 
cl->ipaddr (ie different auth and acct home servers for a single realm entry), and 
thus the active status and last reply time may never be updated for an accounting home 
server.
I'm not sure what functional detriment the current behaviour might have, as I 
only stumbled across this while trying a small modification to proxy.c so that 
it would choose one of the home servers, even if they are all marked dead.

Unfortunately I can't get CVS HEAD to compile under Solaris 10 x86 using gcc, 
so I have to admit I haven't compiled this code yet, but I have test the 
equivalent for 1.0.1 at work today. Sorry.

Actually, this brings up another point that just crossed my mind, should 
cl->last_reply be split between authentication and accounting? Probably not a 
big deal, but I think it could result in for example the home auth server not 
being marked dead for the realm if a reply had been received from the home 
accounting server? (files.c around line 500)

regards,
Mike


-bash-3.00$ diff -u listen.c.orig listen.c
--- listen.c.orig       Thu Sep  1 23:28:11 2005
+++ listen.c    Fri Sep  2 00:00:48 2005
@@ -916,17 +916,24 @@
        *      as garbage.
        */
       for (cl = mainconfig.realms; cl != NULL; cl = cl->next) {
-               if (oldreq->proxy_reply->src_ipaddr.af != cl->ipaddr.af) 
continue;
+               if ((oldreq->proxy_reply->src_ipaddr.af != cl->ipaddr.af) &&
+                   (oldreq->proxy_reply->src_ipaddr.af != cl->acct_ipaddr.af))
+                       continue;
+
               if (cl->ipaddr.af != AF_INET) continue; /* FIXME */

-               if (oldreq->proxy_reply->src_ipaddr.ipaddr.ip4addr.s_addr == 
cl->ipaddr.ipaddr.ip4addr.s_addr) {
-                       if (oldreq->proxy_reply->src_port == cl->auth_port) {
-                               cl->active = TRUE;
-                               cl->last_reply = oldreq->timestamp;
-                       } else if (oldreq->proxy_reply->src_port == 
cl->acct_port) {
-                               cl->acct_active = TRUE;
-                               cl->last_reply = oldreq->timestamp;
-                       }
+               if ((oldreq->proxy_reply->src_ipaddr.ipaddr.ip4addr.s_addr == 
cl->ipaddr.ipaddr.ip4addr.s_addr) &&
+                   (oldreq->proxy_reply->src_port == cl->auth_port)) {
+
+                       cl->active = TRUE;
+                       cl->last_reply = oldreq->timestamp;
+
+               } else if ((oldreq->proxy_reply->src_ipaddr.ipaddr.ip4addr.s_addr == 
cl->acct_ipaddr.ipaddr.ip4addr.s_addr) &&
+                          (oldreq->proxy_reply->src_port == cl->acct_port)) {
+
+                       cl->acct_active = TRUE;
+                       cl->last_reply = oldreq->timestamp;
+
               }
       }



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html