Matthew Schumacher wrote: > Lewis Bergman wrote: > >>Matthew Schumacher wrote: >> >> >>>I'm getting accounting messages like these that seem to be coming from >>>the loopback interface, but `tcpdump -i lo` doesn't see them so they are >>>not coming from a local client. If they are not coming from a local >>>client then how can I figure out where they are coming from? >>> >>>Thu Jan 12 07:19:58 2006 >>> Acct-Status-Type = Stop >>> NAS-IP-Address = x.x.x.x (legit nas IP) >>> Acct-Delay-Time = 0 >>> User-Name = "user" >>> NAS-Port = 536936515 >>> Acct-Session-Id = "0A000067" >>> Service-Type = Framed-User >>> Framed-Protocol = PPP >>> Framed-IP-Address = x.x.x.x (legit Framed-IP-Address) >>> Acct-Session-Time = 0 >>> Acct-Input-Octets = 0 >>> Acct-Output-Octets = 0 >>> Acct-Input-Packets = 0 >>> Acct-Output-Packets = 0 >>> Client-IP-Address = 127.0.0.1 >>> Acct-Unique-Session-Id = "1cc41474b27ed376" >>> Timestamp = 1137082798 >> >>These appear to be from the loopback of the NAS, not the radius server. >> > > > Thanks for your reply, however it doesn't make sense to me. How can the > Client-IP-Address be 127.0.0.1 if the radius server records the source > address of the packet in the Client-IP-Address attribute? If the packet > came from the loopback of the nas then I would expect the NAS-IP-Address > to be 127.0.0.1 but the Client-IP-Address to be where the packet was > sourced from. > > schu
Okay, I'm looking at the rlm_preprocess.c code and see where the Client-IP-Address is set: /* * Add in a Client-IP-Address, to tell the user * the source IP of the request. That is, the client, * * Note that this MAY BE different from the NAS-IP-Address, * especially if the request is being proxied. * * Note also that this is a server configuration item, * and will NOT make it to any packets being sent from * the server. */ nas = paircreate(PW_CLIENT_IP_ADDRESS, PW_TYPE_IPADDR); if (!nas) { radlog(L_ERR, "No memory"); return -1; } nas->lvalue = request->packet->src_ipaddr; ip_hostname(nas->strvalue, sizeof(nas->strvalue), nas->lvalue); pairadd(&request->packet->vps, nas); return 0; But it looks like it always comes from request->packet->src_ipaddr which leads me to believe that I'm getting a packet sourced from 127.0.0.1 even though tcpdump doesn't see it. I also noticed that the udpfromto source could generate packets from 127.0.0.1 but it was not compiled in, and even if it was I should see it in tcpdump. Any thoughts on this? I need to get rid of these spurious accounting messages. Thanks, schu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html