I don't know about all your questions, but, during my testing I found that if I start "radiusd -X > somefile.log" and then run it in the background, I can grep/tail somefile.log for stuff I need. Perhaps you could do something similar to get the results of your query? I'm sure you could find some sort of record delimiters to grab only the results of your query and not all the others. There's probably many ways to do this, including tweaking the source.
Is this for some sort of testing? What problem are you trying to solve? ----- Original Message ----- From: Brian Candler [mailto:b.cand...@pobox.com] Sent: Saturday, March 12, 2011 07:02 AM To: freeradius-users@lists.freeradius.org <freeradius-users@lists.freeradius.org> Subject: Packet tracing web interface I'd like to build a "packet tracer" web interface for freeradius: that is, somewhere where you can paste in a set of AV pairs (perhaps caught from radsniff), and you get back the AV responses plus all the decision-making logic that took place. Basically what freeradius -X shows. Has anyone done this before? I have a few considerations. (1) If I had a single persistent freeradius daemon running, and multiple users were submitting requests to this web interface, I'd need to separate out the debug data for each of the requests. I guess I could have a locking system so that only one person could be using it at once. (Alternatively I'd have to fire off a new foreground radiusd for each request as it came in, and kill it afterwards) (2) What's the best way to submit the request so that it looks like it's coming from a particular IP address? The "Client-IP-Address" attribute is internal only, not on-the-wire. At the moment the best I've been able to do is to create loopback interfaces on my box with examples of the source IPs I'm interested in, then use radclient to send the packet with a Packet-Src-IP-Address of one of those loopbacks. Is there a better way I've overlooked? (Before you say it, I know a well-behaved radius server should be looking at NAS-IP-Address not Client-IP-Address. Unfortunately there are some cases where we have to make logic decisions based on the Client-IP-Address) Thanks, Brian. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html