Re : radsniff bug in 2.0.0-pre2?

[Geoffroy Arnoud]

Hello

I have 2 more problems (not necessarily bugs) with radsniff.

1- I can't enter a RADIUS attribute filter. I can't gifgure out what's the 
syntax. I tried stuff like -r User-Name = toto and other types of operators, 
but I still have the message 
radsniff: Invalid RADIUS filter 

2- I can't redirect the output to a file. I tried , , 2, 1, 21 , tee, 
but at each attempt, my log file is empty. Any hint?

Thank you in advance for your answers

Geoff.



  
_ 
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re : Re : radsniff bug in 2.0.0-pre2?

[Geoffroy Arnoud]

Ok, the first problem comes that there is no call to fflush.

The patch is:

210a211,213
   /* BEGIN_GAO */
   fflush(stdout);
   /* END_GAO */
336a340,342
   /* BEGIN_GAO */
   fflush(stdout);
   /* END_GAO */

Geoff.



  
_ 
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Re : Re : radsniff bug in 2.0.0-pre2?

[Alan DeKok]

Geoffroy Arnoud wrote:
 Ok, the first problem comes that there is no call to fflush.

  Fixed, thanks.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radsniff bug in 2.0.0-pre2?

[Geoffroy Arnoud]

Hi all,

I am testing radsniff, and I have the following
behaviour:

When launching radsniff with the following input, the
program crashes (FreeRADIUS v2.0.0-pre2)

[EMAIL PROTECTED] bin]# ./radsniff -f udp
Device: [eth0]
PCAP filter: [udp]
RADIUS secret: [testing123]

*** glibc detected *** free(): invalid pointer:
0x08120dbc ***
Aborted


It seems that radsniff crashes when it tries to decode
packets that are not RADIUS ones (dns requests for
example).

If the filter is very restrictive and matches only
used RADIUS ports, it works fine.
I just have a problem with a RADIUS request used by my
RADIUS load balancer to test my servers status (server
version 1.1.3).
The request used is a Status-Server request. The
content of the request is the following :

[EMAIL PROTECTED] ~]# tcpdump -X udp and host 10.67.106.3
tcpdump: verbose output suppressed, use -v or -vv for
full protocol decode
listening on eth0, link-type EN10MB (Ethernet),
capture size 96 bytes



06:36:26.078778 IP 10.67.106.3.57084  rafale.50812:
UDP, length 26
0x:  4500 0036   ff11 d32b 0a43
6a03  E..6...+.Cj.
0x0010:  0a43 6a02 defc c67c 0022 7932 0c01
001a  .Cj|.y2
0x0020:  0fc2 4720 8f36 9096 d8b9 f507 de5d
811d  ..G..6...]..
0x0030:  0406 0aa2 39c3   
   9.
06:36:26.079186 IP rafale.50812  10.67.106.3.57084:
UDP, length 49
0x:  4500 004d  4000 4011 5215 0a43
6a02  [EMAIL PROTECTED]@.R..Cj.
0x0010:  0a43 6a03 c67c defc 0039 e8d5 0201
0031  .Cj..|...9.1
0x0020:  8605 feab 8157 42de 0bad 532a c113
9148  .WB...S*...H
0x0030:  121d 4672 6565 5241 4449 5553 2075
7020  ..FreeRADIUS.up.
0x0040:  3020 6461 7973 2c20 3232 3a34 34 
   0.days,.22:44

With this issue, to make radsniff work, I have to
exclude my load-balancer source IP address from the
CAP filter :
udp port 1812 or 1813 or 1814 and host not IP_SRC_LB
(my load-balancer performs NAT of the server, so I
still see the packets from my clients)

Furthermore, would the community be interested in
having the date of the packet (in the same format as
in radius.log) and the packet id?
I think the patch is not much to do.



  
_ 
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail 
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE : radsniff bug in 2.0.0-pre2?

[Geoffroy Arnoud]

 The request used is a Status-Server request. The
 content of the request is the following :
 
 I have just tested sniffing a Status-Request
generated by radclient (v2.0.0-pre2), and radsniff
crashes the same way.

Regards,
Geoffroy


  
_ 
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail 
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html