Re: Post-proxy Perl script availability
Ok, here it goes. The Perl script and SQL schema are in attachment.
Best regards,
Julien Leloup
Alan DeKok a écrit :
Julien Leloup wrote:
My question is, do I have to make this script (and SQL schema I suppose)
available in the FreeRadius CVS ? I'm not sure it's the kind of script
usefull for a large panel of FreeRadius users, but if I have to make it
available (maybe to respect GPLv2 or if someone is interested by this
script) it's not a problem.
Post it to the list. Or if it's large, as a new feature request to
bugs.freeradius.org.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
#!/usr/bin/perl
use strict;
use DBI;
# This is very important ! Without this script will not get the filled hashesh
from main.
use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK %RAD_REQUEST_PROXY
%RAD_REQUEST_PROXY_REPLY);
use Data::Dumper;
# Types de retour possibles (code standard FreeRadius)
use constantRLM_MODULE_REJECT=>0;# /* immediately reject the request */
use constantRLM_MODULE_FAIL=> 1;# /* module failed, don't reply */
use constantRLM_MODULE_OK=>2;# /* the module is OK, continue */
use constantRLM_MODULE_HANDLED=> 3;# /* the module handled the request,
so stop. */
use constantRLM_MODULE_INVALID=> 4;# /* the module considers the request
invalid. */
use constantRLM_MODULE_USERLOCK=> 5;# /* reject the request (user is
locked out) */
use constantRLM_MODULE_NOTFOUND=> 6;# /* user not found */
use constantRLM_MODULE_NOOP=> 7;# /* module succeeded without doing
anything */
use constantRLM_MODULE_UPDATED=> 8;# /* OK (pairs modified) */
use constantRLM_MODULE_NUMCODES=> 9;# /* How many return codes there are
*/
# Fonction appellee en phase post-proxy
sub post_proxy {
# Liste des attributs presents en phase Post-Proxy : debug uniquement
# &log_attributes;
# Recuperation des attributs de QoS Redback, provenant du serveur
Radius distant
my $class = $RAD_REQUEST_PROXY_REPLY{'Class'};
if( !$class ) {
&radiusd::radlog(4, "Attribut Class absent : utilisation du
profil de QoS par défaut");
# La valeur de l'attribut Class n'a pas ete trouvee dans la
reponse du Radius distant.
# On passe sur un profil de QoS par défaut
$class = "default_class";
# return RLM_MODULE_REJECT;
}
# Recuperation du Circuit-Id
my $circuit = $RAD_REQUEST{'ADSL-Agent-Circuit-Id'};
if( !$circuit ) {
&radiusd::radlog(4, "Attribut Circuit Id absent");
# La valeur de l'attribut Circuit Id n'a pas ete trouvée dans
la requete d'origine.
return RLM_MODULE_REJECT;
}
my $dbp =
DBI->connect("dbi:mysql:database=radius;host=127.0.0.1","radius","radius") or
die "Connection au serveur MySQL impossible!";
# Requête SQL de matching des attributs de QoS Alcatel-Lucent et Redback
# Les signes '?' seront remplacés à l'exécution par de vraies valeurs
(protection contre les injections SQL)
my $requete=" SELECT SLA_Profile, Sub_Profile, COUNT(*)
FROMqos
WHERE class=?
GROUP BYSLA_Profile, Sub_Profile;";
# Préparation de la requête SQL
my $result = $dbp->prepare($requete);
#exécution de la requête sql
$result-> execute($class) || die "Probleme de mapping QoS :
$DBI::errstr";
# Récupération des résultats de la requête
# Attention : la requête peut retourner plus d'une ligne
my ($sla, $sub, $count) = $result->fetchrow_array;
if(!defined($count)) {
&radiusd::radlog(4, "Erreur lors du mapping attributs de QoS :
aucune correspondance, utilisation d'un profil par défaut");
# La requête n'a pas retournée de ligne : on utilise un profil
de QoS par défaut
$sla = "9c_3P_sla";
$sub = "9c_3P_sub";
# return RLM_MODULE_REJECT;
}
elsif($count > 1) {
&radiusd::radlog(4, "Plusieurs profils QoS trouvés : $count
profils pour la classe $class. Utilisation du profil par défaut.");
# La requête a retournée plus d'une ligne : on passe sur le
profil par défaut
$sla = "9c_3P_sla";
$sub = "9c_3P_sub";
# return RLM_MODULE_REJECT;
}
elsif( $sub eq '' ) {
Post-proxy Perl script availability
Hello, I developped a little script in Perl working with FreeRadius v2.x, called in post-proxy section to implement QoS Radius attributes translation from "Class" attribute to Alcatel-Lucent QoS attribute "SLA Profile" and "SUB Profile". It's using a database to get a mapping between this attributes and replace them before sending the response to the client. My question is, do I have to make this script (and SQL schema I suppose) available in the FreeRadius CVS ? I'm not sure it's the kind of script usefull for a large panel of FreeRadius users, but if I have to make it available (maybe to respect GPLv2 or if someone is interested by this script) it's not a problem. Best regards, Julien Leloup Axione 132, boulevard Camélinat 92240 Malakoff, France - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: assert failed event.c and perl performance
Hi, I have re-tested it with the lastes CVS, it's working fine. Thanks for your work on FreeRadius :) Regards, Julien Leloup Axione 130/132 Boulevard Camélinat 92240 MALAKOFF FRANCE Alan DeKok a écrit : Julien Leloup wrote: The same configuration, in FreeRadius 2.0.1 worked fine, but when I recompiled Perl 5.8.8 with IThreads support, I also upgraded FreeRadius in 2.0.3 and now I'm going through an error, only when the home server is not alive, or not responding : Grab the latest CVS. It has a fix. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
assert failed event.c and perl performance
Hi,
I'm running FreeRadius 2.0.3 under FreeBSD 6.3, in a proxy
configuration. This server is using rlm_perl in a post-proxy phase to
realize some operations on Access-Accept attributes, with the use of a
MySQL database.
The same configuration, in FreeRadius 2.0.1 worked fine, but when I
recompiled Perl 5.8.8 with IThreads support, I also upgraded FreeRadius
in 2.0.3 and now I'm going through an error, only when the home server
is not alive, or not responding :
Rejecting request 0 due to lack of any response from home server x.x.x.x
port 1645
There was no response configured: rejecting request 0
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> x
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 215 to x.x.x.x port 49727
Finished request 0.
ASSERT FAILED event.c[956]: request->next_callback != NULL
Abort
This error is happening even if I use a non-IThread Perl, or if I remove
the use of rlm_perl in post-proxy, so I'm pretty sure it's not related
to the use of the thread configuration of Perl.
Does anyone having the same problem ? I haven't found a trace of this
kind of bug between 2.0.1 and 2.0.3 versions of FreeRadius, only a
discussion on this mailing list from september 2007.
Subsidiary question : I'm not a perl, or freeradius performance expert,
so I'm not sure if it's necessary to use a thread configuration of Perl
to handle something like 40.000 proxied requests (in a "Armageddon"
scenario), with a decent server. What do you think about it ?
Best regards,
Julien Leloup
Axione
130/132 Boulevard Camélinat
92240 MALAKOFF
FRANCE
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Post-proxy and rlm_perl
Thanks for spending time on my problem, it works fine. Best regards, Julien Leloup Axione 130/132 Boulevard Camélinat 92240 MALAKOFF FRANCE Boian Jordanov a écrit : %RAD_REQUEST_PROXY and %RAD_REQUEST_PROXY_REPLY should do the job. Best Regards, Boian Jordanov SNE Orbitel - Next Generation Telecom tel. +359 2 4004 723 tel. +359 2 4004 002 On Mar 20, 2008, at 11:27 AM, Julien Leloup wrote: Hi, I have to use FreeRadius v2.0.1 in a proxy configuration for translating attributes between two vendor specific equipements (Alcatel-Lucent and Redback). In a first phase (pre-proxy so), I use the preproxy_user file to add attributes to the proxied requests and attr_filter to block others. In a second phase (post-proxy phase I assume), when the reply comes from the home FreeRadius, I have to go through the same kind of process (add attributes which values are taken from a database), but I can't find a equivalent of preproxy_user file to the post-proxy phase. I think that using a perl script with rlm_perl will do this work in the post-proxy function, but when I try to manipulate attributes from the home server response, I can't find them in the %RAD_REQUEST, %RAD_REPLY hashes, and I can see this kind of logs : rlm_perl: Added pair Attribute1 = Value1 ... with the attributes I need from the home server, but after the execution of my code in post-proxy function. I found in the wiki that %RAD_PROXY or %RAD_PROXY_REPLY could be my solution, but when I'm trying to use them, I got an error during the launching of radiusd. Does anyone know how I can get the attributes coming in the Access-Accept from my server, and put new attributes in the Access-Accept send to the original client ? Find a way to make this in rlm_perl could be a solution but if there is an other solution, directly in a FreRadius mechanism I missed during my research, I will use it instead :) Regards, Julien Leloup Axione 130/132 Boulevard Camélinat 92240 MALAKOFF FRANCE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Post-proxy and rlm_perl
Hi, I have to use FreeRadius v2.0.1 in a proxy configuration for translating attributes between two vendor specific equipements (Alcatel-Lucent and Redback). In a first phase (pre-proxy so), I use the preproxy_user file to add attributes to the proxied requests and attr_filter to block others. In a second phase (post-proxy phase I assume), when the reply comes from the home FreeRadius, I have to go through the same kind of process (add attributes which values are taken from a database), but I can't find a equivalent of preproxy_user file to the post-proxy phase. I think that using a perl script with rlm_perl will do this work in the post-proxy function, but when I try to manipulate attributes from the home server response, I can't find them in the %RAD_REQUEST, %RAD_REPLY hashes, and I can see this kind of logs : rlm_perl: Added pair Attribute1 = Value1 ... with the attributes I need from the home server, but after the execution of my code in post-proxy function. I found in the wiki that %RAD_PROXY or %RAD_PROXY_REPLY could be my solution, but when I'm trying to use them, I got an error during the launching of radiusd. Does anyone know how I can get the attributes coming in the Access-Accept from my server, and put new attributes in the Access-Accept send to the original client ? Find a way to make this in rlm_perl could be a solution but if there is an other solution, directly in a FreRadius mechanism I missed during my research, I will use it instead :) Regards, Julien Leloup Axione 130/132 Boulevard Camélinat 92240 MALAKOFF FRANCE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
