The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
proto_radius_udp.c
Go to the documentation of this file.
1 /*
2  * This program is free software; you can redistribute it and/or modify
3  * it under the terms of the GNU General Public License as published by
4  * the Free Software Foundation; either version 2 of the License, or
5  * (at your option) any later version.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15  */
16 
17 /**
18  * $Id: dcf14e76f4e6792f2fc9118fb7124438f861e143 $
19  * @file proto_radius_udp.c
20  * @brief RADIUS handler for UDP.
21  *
22  * @copyright 2016 The FreeRADIUS server project.
23  * @copyright 2016 Alan DeKok (aland@deployingradius.com)
24  */
25 #include <netdb.h>
26 #include <freeradius-devel/server/protocol.h>
27 #include <freeradius-devel/util/udp.h>
28 #include <freeradius-devel/util/trie.h>
29 #include <freeradius-devel/radius/radius.h>
30 #include <freeradius-devel/io/application.h>
31 #include <freeradius-devel/io/listen.h>
32 #include <freeradius-devel/io/schedule.h>
33 
34 #include "proto_radius.h"
35 
37 
38 typedef struct {
39  char const *name; //!< socket name
40  int sockfd;
41 
42  fr_io_address_t *connection; //!< for connected sockets.
43 
44  fr_stats_t stats; //!< statistics for this socket
45 
47 
48 typedef struct {
49  CONF_SECTION *cs; //!< our configuration
50 
51  fr_ipaddr_t ipaddr; //!< IP address to listen on.
52  fr_ipaddr_t src_ipaddr; //!< IP to use for responses, which may be
53  ///< different from the ipaddr we're listening on
54  ///< with L3 load balancing setups.
55  bool src_ipaddr_is_set; //!< Use specified a source ip address.
56 
57  char const *interface; //!< Interface to bind to.
58  char const *port_name; //!< Name of the port for getservent().
59 
60  uint32_t recv_buff; //!< How big the kernel's receive buffer should be.
61  uint32_t send_buff; //!< How big the kernel's send buffer should be.
62 
63  uint32_t max_packet_size; //!< for message ring buffer.
64  uint32_t max_attributes; //!< Limit maximum decodable attributes.
65 
66  uint16_t port; //!< Port to listen on.
67 
68  bool recv_buff_is_set; //!< Whether we were provided with a recv_buff
69  bool send_buff_is_set; //!< Whether we were provided with a send_buff
70  bool dynamic_clients; //!< whether we have dynamic clients
71  bool dedup_authenticator; //!< dedup using the request authenticator
72 
73  fr_client_list_t *clients; //!< local clients
74 
75  fr_trie_t *trie; //!< for parsed networks
76  fr_ipaddr_t *allow; //!< allowed networks for dynamic clients
77  fr_ipaddr_t *deny; //!< denied networks for dynamic clients
79 
80 
81 static const conf_parser_t networks_config[] = {
84 
86 };
87 
88 
89 static const conf_parser_t udp_listen_config[] = {
93 
94  { FR_CONF_OFFSET_IS_SET("src_ipaddr", FR_TYPE_COMBO_IP_ADDR, 0, proto_radius_udp_t, src_ipaddr) },
95 
96  { FR_CONF_OFFSET("interface", proto_radius_udp_t, interface) },
97  { FR_CONF_OFFSET("port_name", proto_radius_udp_t, port_name) },
98 
99  { FR_CONF_OFFSET("port", proto_radius_udp_t, port) },
100 
101  { FR_CONF_OFFSET_IS_SET("recv_buff", FR_TYPE_UINT32, 0, proto_radius_udp_t, recv_buff) },
102  { FR_CONF_OFFSET_IS_SET("send_buff", FR_TYPE_UINT32, 0, proto_radius_udp_t, send_buff) },
103 
104  { FR_CONF_OFFSET("accept_conflicting_packets", proto_radius_udp_t, dedup_authenticator) } ,
105  { FR_CONF_OFFSET("dynamic_clients", proto_radius_udp_t, dynamic_clients) } ,
106  { FR_CONF_POINTER("networks", 0, CONF_FLAG_SUBSECTION, NULL), .subcs = (void const *) networks_config },
107 
108  { FR_CONF_OFFSET("max_packet_size", proto_radius_udp_t, max_packet_size), .dflt = "4096" } ,
109  { FR_CONF_OFFSET("max_attributes", proto_radius_udp_t, max_attributes), .dflt = STRINGIFY(RADIUS_MAX_ATTRIBUTES) } ,
110 
112 };
113 
114 
115 static ssize_t mod_read(fr_listen_t *li, void **packet_ctx, fr_time_t *recv_time_p, uint8_t *buffer, size_t buffer_len,
116  size_t *leftover)
117 {
119  proto_radius_udp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_radius_udp_thread_t);
120  fr_io_address_t *address, **address_p;
121 
122  int flags;
123  ssize_t data_size;
124  size_t packet_len;
125  decode_fail_t reason;
126 
127  *leftover = 0; /* always for UDP */
128 
129  /*
130  * Where the addresses should go. This is a special case
131  * for proto_radius.
132  */
133  address_p = (fr_io_address_t **)packet_ctx;
134  address = *address_p;
135 
136  /*
137  * Tell udp_recv if we're connected or not.
138  */
139  flags = UDP_FLAGS_CONNECTED * (thread->connection != NULL);
140 
141  data_size = udp_recv(thread->sockfd, flags, &address->socket, buffer, buffer_len, recv_time_p);
142  if (data_size < 0) {
143  PDEBUG2("proto_radius_udp got read error");
144  return data_size;
145  }
146 
147  if (!data_size) {
148  DEBUG2("proto_radius_udp got no data: ignoring");
149  return 0;
150  }
151 
152  packet_len = data_size;
153 
154  if (data_size < 20) {
155  DEBUG2("proto_radius_udp got 'too short' packet size %zd", data_size);
157  return 0;
158  }
159 
160  if (packet_len > inst->max_packet_size) {
161  DEBUG2("proto_radius_udp got 'too long' packet size %zd > %u", data_size, inst->max_packet_size);
163  return 0;
164  }
165 
166  if ((buffer[0] == 0) || (buffer[0] > FR_RADIUS_CODE_MAX)) {
167  DEBUG("proto_radius_udp got invalid packet code %d", buffer[0]);
168  thread->stats.total_unknown_types++;
169  return 0;
170  }
171 
172  /*
173  * If it's not a RADIUS packet, ignore it.
174  */
175  if (!fr_radius_ok(buffer, &packet_len, inst->max_attributes, false, &reason)) {
176  /*
177  * @todo - check for F5 load balancer packets. <sigh>
178  */
179  DEBUG2("proto_radius_udp got a packet which isn't RADIUS: %s", fr_strerror());
181  return 0;
182  }
183 
184  /*
185  * proto_radius sets the priority
186  */
187  thread->stats.total_requests++;
188 
189  /*
190  * Print out what we received.
191  */
192  DEBUG2("proto_radius_udp - Received %s ID %d length %d %s",
194  (int) packet_len, thread->name);
195 
196  return packet_len;
197 }
198 
199 static ssize_t mod_write(fr_listen_t *li, void *packet_ctx, UNUSED fr_time_t request_time,
200  uint8_t *buffer, size_t buffer_len, UNUSED size_t written)
201 {
203  proto_radius_udp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_radius_udp_thread_t);
204 
205  fr_io_track_t *track = talloc_get_type_abort(packet_ctx, fr_io_track_t);
206  fr_socket_t socket;
207 
208  int flags;
209  ssize_t data_size;
210 
211  /*
212  * @todo - share a stats interface with the parent? or
213  * put the stats in the listener, so that proto_radius
214  * can update them, too.. <sigh>
215  */
216  thread->stats.total_responses++;
217 
218  flags = UDP_FLAGS_CONNECTED * (thread->connection != NULL);
219 
220  /*
221  * Swap src/dst address so we send the response to
222  * the client, not ourselves.
223  */
224  fr_socket_addr_swap(&socket, &track->address->socket);
225 
226  /*
227  * Override the source ip address in the outbound
228  * packet.
229  */
230  if (inst->src_ipaddr_is_set) socket.inet.src_ipaddr = inst->src_ipaddr;
231 
232  /*
233  * This handles the race condition where we get a DUP,
234  * but the original packet replies before we're run.
235  * i.e. this packet isn't marked DUP, so we have to
236  * discover it's a dup later...
237  *
238  * As such, if there's already a reply, then we ignore
239  * the encoded reply (which is probably going to be a
240  * NAK), and instead reply with the cached reply.
241  */
242  if (track->reply_len) {
243  if (track->reply_len >= 20) {
244  char *packet;
245 
246  memcpy(&packet, &track->reply, sizeof(packet)); /* const issues */
247 
248  return udp_send(&socket, flags, packet, track->reply_len);
249  }
250 
251  return buffer_len;
252  }
253 
254  /*
255  * We only write RADIUS packets.
256  */
257  fr_assert(buffer_len >= 20);
258 
259  /*
260  * Only write replies if they're RADIUS packets.
261  * sometimes we want to NOT send a reply...
262  */
263  data_size = udp_send(&socket, flags, buffer, buffer_len);
264 
265  /*
266  * This socket is dead. That's an error...
267  */
268  if (data_size <= 0) return data_size;
269 
270  /*
271  * Root through the reply to determine any
272  * connection-level negotiation data.
273  */
274  if (track->packet[0] == FR_RADIUS_CODE_STATUS_SERVER) {
275 // status_check_reply(inst, buffer, buffer_len);
276  }
277 
278  return data_size;
279 }
280 
281 
282 static int mod_connection_set(fr_listen_t *li, fr_io_address_t *connection)
283 {
284  proto_radius_udp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_radius_udp_thread_t);
285 
286  thread->connection = connection;
287  return 0;
288 }
289 
290 
291 static void mod_network_get(int *ipproto, bool *dynamic_clients, fr_trie_t const **trie, void *instance)
292 {
293  proto_radius_udp_t *inst = talloc_get_type_abort(instance, proto_radius_udp_t);
294 
295  *ipproto = IPPROTO_UDP;
296  *dynamic_clients = inst->dynamic_clients;
297  *trie = inst->trie;
298 }
299 
300 /** Open a UDP listener for RADIUS
301  *
302  */
303 static int mod_open(fr_listen_t *li)
304 {
306  proto_radius_udp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_radius_udp_thread_t);
307 
308  int sockfd;
309  fr_ipaddr_t ipaddr = inst->ipaddr;
310  uint16_t port = inst->port;
311 
312  li->fd = sockfd = fr_socket_server_udp(&inst->ipaddr, &port, inst->port_name, true);
313  if (sockfd < 0) {
314  PERROR("Failed opening UDP socket");
315  error:
316  return -1;
317  }
318 
319  li->app_io_addr = fr_socket_addr_alloc_inet_src(li, IPPROTO_UDP, 0, &inst->ipaddr, port);
320 
321  /*
322  * Set SO_REUSEPORT before bind, so that all packets can
323  * listen on the same destination IP address.
324  */
325  if (1) {
326  int on = 1;
327 
328  if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEPORT, &on, sizeof(on)) < 0) {
329  ERROR("Failed to set socket 'reuseport': %s", fr_syserror(errno));
330  return -1;
331  }
332  }
333 
334 #ifdef SO_RCVBUF
335  if (inst->recv_buff_is_set) {
336  int opt;
337 
338  opt = inst->recv_buff;
339  if (setsockopt(sockfd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(int)) < 0) {
340  WARN("Failed setting 'recv_buf': %s", fr_syserror(errno));
341  }
342  }
343 #endif
344 
345 #ifdef SO_SNDBUF
346  if (inst->send_buff_is_set) {
347  int opt;
348 
349  opt = inst->send_buff;
350  if (setsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, &opt, sizeof(int)) < 0) {
351  WARN("Failed setting 'send_buf': %s", fr_syserror(errno));
352  }
353  }
354 #endif
355 
356  if (fr_socket_bind(sockfd, inst->interface, &ipaddr, &port) < 0) {
357  close(sockfd);
358  PERROR("Failed binding socket");
359  goto error;
360  }
361 
362  thread->sockfd = sockfd;
363 
364  fr_assert((cf_parent(inst->cs) != NULL) && (cf_parent(cf_parent(inst->cs)) != NULL)); /* listen { ... } */
365 
366  thread->name = fr_app_io_socket_name(thread, &proto_radius_udp,
367  NULL, 0,
368  &inst->ipaddr, inst->port,
369  inst->interface);
370 
371  return 0;
372 }
373 
374 /** Set the file descriptor for this socket.
375  *
376  */
377 static int mod_fd_set(fr_listen_t *li, int fd)
378 {
380  proto_radius_udp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_radius_udp_thread_t);
381 
382  thread->sockfd = fd;
383 
384  thread->name = fr_app_io_socket_name(thread, &proto_radius_udp,
385  &thread->connection->socket.inet.src_ipaddr, thread->connection->socket.inet.src_port,
386  &inst->ipaddr, inst->port,
387  inst->interface);
388 
389  return 0;
390 }
391 
392 static void *mod_track_create(UNUSED void const *instance, UNUSED void *thread_instance, UNUSED fr_client_t *client,
393  fr_io_track_t *track, uint8_t const *packet, UNUSED size_t packet_len)
394 {
395  return talloc_memdup(track, packet, RADIUS_HEADER_LENGTH);
396 }
397 
398 static int mod_track_compare(void const *instance, UNUSED void *thread_instance, fr_client_t *client,
399  void const *one, void const *two)
400 {
401  int ret;
403 
404  uint8_t const *a = one;
405  uint8_t const *b = two;
406 
407  /*
408  * Do a better job of deduping input packet.
409  */
410  if (inst->dedup_authenticator || client->dedup_authenticator) {
411  ret = memcmp(a + 4, b + 4, RADIUS_AUTH_VECTOR_LENGTH);
412  if (ret != 0) return ret;
413  }
414 
415  /*
416  * The tree is ordered by IDs, which are (hopefully)
417  * pseudo-randomly distributed.
418  */
419  ret = (a[1] < b[1]) - (a[1] > b[1]);
420  if (ret != 0) return ret;
421 
422  /*
423  * Then ordered by code, which is usually the same.
424  */
425  return (a[0] < b[0]) - (a[0] > b[0]);
426 }
427 
428 
429 static char const *mod_name(fr_listen_t *li)
430 {
431  proto_radius_udp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_radius_udp_thread_t);
432 
433  return thread->name;
434 }
435 
436 
437 static int mod_instantiate(module_inst_ctx_t const *mctx)
438 {
439  proto_radius_udp_t *inst = talloc_get_type_abort(mctx->mi->data, proto_radius_udp_t);
440  CONF_SECTION *conf = mctx->mi->conf;
441  size_t num;
442  CONF_ITEM *ci;
443  CONF_SECTION *server_cs;
444 
445  inst->cs = conf;
446 
447  /*
448  * Complain if no "ipaddr" is set.
449  */
450  if (inst->ipaddr.af == AF_UNSPEC) {
451  cf_log_err(conf, "No 'ipaddr' was specified in the 'udp' section");
452  return -1;
453  }
454 
455  if (inst->recv_buff_is_set) {
456  FR_INTEGER_BOUND_CHECK("recv_buff", inst->recv_buff, >=, 32);
457  FR_INTEGER_BOUND_CHECK("recv_buff", inst->recv_buff, <=, INT_MAX);
458  }
459 
460  if (inst->send_buff_is_set) {
461  FR_INTEGER_BOUND_CHECK("send_buff", inst->send_buff, >=, inst->max_packet_size);
462  FR_INTEGER_BOUND_CHECK("send_buff", inst->send_buff, <=, (1 << 30));
463  }
464 
465  FR_INTEGER_BOUND_CHECK("max_packet_size", inst->max_packet_size, >=, 20);
466  FR_INTEGER_BOUND_CHECK("max_packet_size", inst->max_packet_size, <=, 65536);
467 
468  if (!inst->port) {
469  struct servent *s;
470 
471  if (!inst->port_name) {
472  cf_log_err(conf, "No 'port' was specified in the 'udp' section");
473  return -1;
474  }
475 
476  s = getservbyname(inst->port_name, "udp");
477  if (!s) {
478  cf_log_err(conf, "Unknown value for 'port_name = %s", inst->port_name);
479  return -1;
480  }
481 
482  inst->port = ntohl(s->s_port);
483  }
484 
485  /*
486  * Parse and create the trie for dynamic clients, even if
487  * there's no dynamic clients.
488  */
489  num = talloc_array_length(inst->allow);
490  if (!num) {
491  if (inst->dynamic_clients) {
492  cf_log_err(conf, "The 'allow' subsection MUST contain at least one 'network' entry when 'dynamic_clients = true'.");
493  return -1;
494  }
495  } else {
496  inst->trie = fr_master_io_network(inst, inst->ipaddr.af, inst->allow, inst->deny);
497  if (!inst->trie) {
498  cf_log_perr(conf, "Failed creating list of networks");
499  return -1;
500  }
501  }
502 
503  ci = cf_section_to_item(mctx->mi->parent->conf); /* listen { ... } */
504  fr_assert(ci != NULL);
505  ci = cf_parent(ci);
506  fr_assert(ci != NULL);
507 
508  server_cs = cf_item_to_section(ci);
509 
510  /*
511  * Look up local clients, if they exist.
512  *
513  * @todo - ensure that we only parse clients which are
514  * for IPPROTO_UDP, and require a "secret".
515  */
516  if (cf_section_find_next(server_cs, NULL, "client", CF_IDENT_ANY)) {
517  inst->clients = client_list_parse_section(server_cs, IPPROTO_UDP, false);
518  if (!inst->clients) {
519  cf_log_err(conf, "Failed creating local clients");
520  return -1;
521  }
522  }
523 
524  return 0;
525 }
526 
528 {
530  fr_client_t *client;
531 
532  /*
533  * Prefer local clients.
534  */
535  if (inst->clients) {
536  client = client_find(inst->clients, ipaddr, ipproto);
537  if (client) return client;
538  }
539 
540  return client_find(NULL, ipaddr, ipproto);
541 }
542 
544  .common = {
545  .magic = MODULE_MAGIC_INIT,
546  .name = "radius_udp",
547  .config = udp_listen_config,
548  .inst_size = sizeof(proto_radius_udp_t),
549  .thread_inst_size = sizeof(proto_radius_udp_thread_t),
550  .instantiate = mod_instantiate
551  },
552  .default_message_size = 4096,
553  .track_duplicates = true,
554 
555  .open = mod_open,
556  .read = mod_read,
557  .write = mod_write,
558  .fd_set = mod_fd_set,
559  .track_create = mod_track_create,
560  .track_compare = mod_track_compare,
561  .connection_set = mod_connection_set,
562  .network_get = mod_network_get,
563  .client_find = mod_client_find,
564  .get_name = mod_name,
565 };
static int const char char buffer[256]
Definition: acutest.h:574
char const * fr_app_io_socket_name(TALLOC_CTX *ctx, fr_app_io_t const *app_io, fr_ipaddr_t const *src_ipaddr, int src_port, fr_ipaddr_t const *dst_ipaddr, int dst_port, char const *interface)
Definition: app_io.c:32
module_t common
Common fields to all loadable modules.
Definition: app_io.h:34
Public structure describing an I/O path for a protocol.
Definition: app_io.h:33
#define STRINGIFY(x)
Definition: build.h:195
#define UNUSED
Definition: build.h:313
#define CONF_PARSER_TERMINATOR
Definition: cf_parse.h:627
#define FR_INTEGER_BOUND_CHECK(_name, _var, _op, _bound)
Definition: cf_parse.h:487
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition: cf_parse.h:268
#define FR_CONF_POINTER(_name, _type, _flags, _res_p)
conf_parser_t which parses a single CONF_PAIR producing a single global result
Definition: cf_parse.h:310
#define FR_CONF_OFFSET_IS_SET(_name, _type, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct,...
Definition: cf_parse.h:282
@ CONF_FLAG_MULTI
CONF_PAIR can have multiple copies.
Definition: cf_parse.h:419
@ CONF_FLAG_SUBSECTION
Instead of putting the information into a configuration structure, the configuration file routines MA...
Definition: cf_parse.h:399
#define FR_CONF_OFFSET_TYPE_FLAGS(_name, _type, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition: cf_parse.h:241
Defines a CONF_PAIR to C data type mapping.
Definition: cf_parse.h:564
Common header for all CONF_* types.
Definition: cf_priv.h:49
A section grouping multiple CONF_PAIR.
Definition: cf_priv.h:101
CONF_ITEM * cf_section_to_item(CONF_SECTION const *cs)
Cast a CONF_SECTION to a CONF_ITEM.
Definition: cf_util.c:738
CONF_SECTION * cf_item_to_section(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_SECTION.
Definition: cf_util.c:684
CONF_SECTION * cf_section_find_next(CONF_SECTION const *cs, CONF_SECTION const *prev, char const *name1, char const *name2)
Return the next matching section.
Definition: cf_util.c:1049
#define cf_log_err(_cf, _fmt,...)
Definition: cf_util.h:289
#define cf_parent(_cf)
Definition: cf_util.h:101
#define cf_log_perr(_cf, _fmt,...)
Definition: cf_util.h:296
#define CF_IDENT_ANY
Definition: cf_util.h:78
@ FR_RADIUS_CODE_MAX
Maximum possible protocol code.
Definition: defs.h:53
@ FR_RADIUS_CODE_STATUS_SERVER
RFC2865/RFC5997 - Status Server (request)
Definition: defs.h:44
#define ERROR(fmt,...)
Definition: dhcpclient.c:41
static int sockfd
Definition: dhcpclient.c:56
#define DEBUG(fmt,...)
Definition: dhcpclient.c:39
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition: dl_module.h:63
IPv4/6 prefix.
Definition: merged_model.c:272
fr_socket_t socket
src/dst ip and port.
Definition: base.h:336
fr_socket_t * app_io_addr
for tracking duplicate sockets
Definition: listen.h:35
void const * app_io_instance
I/O path configuration context.
Definition: listen.h:32
void * thread_instance
thread / socket context
Definition: listen.h:33
int fd
file descriptor for this socket - set by open
Definition: listen.h:28
bool dedup_authenticator
more RADIUS stuff
Definition: client.h:121
Describes a host allowed to send packets to the server.
Definition: client.h:80
#define PERROR(_fmt,...)
Definition: log.h:228
#define PDEBUG2(_fmt,...)
Definition: log.h:272
ssize_t udp_recv(int sockfd, int flags, fr_socket_t *socket_out, void *data, size_t data_len, fr_time_t *when)
Read a UDP packet.
Definition: udp.c:145
int udp_send(fr_socket_t const *sock, int flags, void *data, size_t data_len)
Send a packet via a UDP socket.
Definition: udp.c:43
fr_trie_t * fr_master_io_network(TALLOC_CTX *ctx, int af, fr_ipaddr_t *allow, fr_ipaddr_t *deny)
Create a trie from arrays of allow / deny IP addresses.
Definition: master.c:2752
uint8_t * reply
reply packet (if any)
Definition: master.h:46
fr_io_address_t const * address
of this packet.. shared between multiple packets
Definition: master.h:54
uint8_t * packet
really a tracking structure, not a packet
Definition: master.h:56
size_t reply_len
length of reply, or 1 for "do not reply"
Definition: master.h:47
bool fr_radius_ok(uint8_t const *packet, size_t *packet_len_p, uint32_t max_attributes, bool require_message_authenticator, decode_fail_t *reason)
Definition: merged_model.c:259
unsigned short uint16_t
Definition: merged_model.c:31
@ FR_TYPE_IPV4_ADDR
32 Bit IPv4 Address.
Definition: merged_model.c:86
@ FR_TYPE_COMBO_IP_PREFIX
IPv4 or IPv6 address prefix depending on length.
Definition: merged_model.c:92
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition: merged_model.c:99
@ FR_TYPE_IPV6_ADDR
128 Bit IPv6 Address.
Definition: merged_model.c:88
@ FR_TYPE_COMBO_IP_ADDR
IPv4 or IPv6 address depending on length.
Definition: merged_model.c:91
unsigned int uint32_t
Definition: merged_model.c:33
long int ssize_t
Definition: merged_model.c:24
unsigned char uint8_t
Definition: merged_model.c:30
module_instance_t * mi
Instance of the module being instantiated.
Definition: module_ctx.h:51
Temporary structure to hold arguments for instantiation calls.
Definition: module_ctx.h:50
#define RADIUS_HEADER_LENGTH
Definition: net.h:80
#define RADIUS_AUTH_VECTOR_LENGTH
Definition: net.h:89
char const * name
socket name
fr_ipaddr_t * allow
allowed networks for dynamic clients
fr_ipaddr_t * deny
denied networks for dynamic clients
static ssize_t mod_read(fr_listen_t *li, void **packet_ctx, fr_time_t *recv_time_p, uint8_t *buffer, size_t buffer_len, size_t *leftover)
fr_io_address_t * connection
for connected sockets.
static fr_client_t * mod_client_find(fr_listen_t *li, fr_ipaddr_t const *ipaddr, int ipproto)
bool recv_buff_is_set
Whether we were provided with a recv_buff.
char const * port_name
Name of the port for getservent().
static int mod_track_compare(void const *instance, UNUSED void *thread_instance, fr_client_t *client, void const *one, void const *two)
fr_client_list_t * clients
local clients
bool src_ipaddr_is_set
Use specified a source ip address.
uint32_t send_buff
How big the kernel's send buffer should be.
fr_ipaddr_t ipaddr
IP address to listen on.
CONF_SECTION * cs
our configuration
bool send_buff_is_set
Whether we were provided with a send_buff.
bool dedup_authenticator
dedup using the request authenticator
static int mod_open(fr_listen_t *li)
Open a UDP listener for RADIUS.
static const conf_parser_t udp_listen_config[]
static void mod_network_get(int *ipproto, bool *dynamic_clients, fr_trie_t const **trie, void *instance)
static char const * mod_name(fr_listen_t *li)
static const conf_parser_t networks_config[]
bool dynamic_clients
whether we have dynamic clients
uint16_t port
Port to listen on.
uint32_t recv_buff
How big the kernel's receive buffer should be.
fr_app_io_t proto_radius_udp
uint32_t max_attributes
Limit maximum decodable attributes.
static int mod_connection_set(fr_listen_t *li, fr_io_address_t *connection)
uint32_t max_packet_size
for message ring buffer.
fr_trie_t * trie
for parsed networks
static int mod_fd_set(fr_listen_t *li, int fd)
Set the file descriptor for this socket.
static void * mod_track_create(UNUSED void const *instance, UNUSED void *thread_instance, UNUSED fr_client_t *client, fr_io_track_t *track, uint8_t const *packet, UNUSED size_t packet_len)
static ssize_t mod_write(fr_listen_t *li, void *packet_ctx, UNUSED fr_time_t request_time, uint8_t *buffer, size_t buffer_len, UNUSED size_t written)
static int mod_instantiate(module_inst_ctx_t const *mctx)
char const * interface
Interface to bind to.
fr_ipaddr_t src_ipaddr
IP to use for responses, which may be different from the ipaddr we're listening on with L3 load balan...
fr_stats_t stats
statistics for this socket
char const * fr_radius_packet_name[FR_RADIUS_CODE_MAX]
Definition: base.c:112
static int ipproto
Definition: radclient-ng.c:92
#define DEBUG2(fmt,...)
Definition: radclient.h:43
#define WARN(fmt,...)
Definition: radclient.h:47
#define RADIUS_MAX_ATTRIBUTES
Definition: radius.h:40
static rs_t * conf
Definition: radsniff.c:53
CONF_SECTION * conf
Module's instance configuration.
Definition: module.h:329
void * data
Module's instance data.
Definition: module.h:271
module_instance_t const * parent
Parent module's instance (if any).
Definition: module.h:337
fr_uint_t total_responses
Definition: stats.h:45
fr_uint_t total_unknown_types
Definition: stats.h:53
fr_uint_t total_malformed_requests
Definition: stats.h:49
fr_uint_t total_requests
Definition: stats.h:42
int fr_socket_server_udp(fr_ipaddr_t const *src_ipaddr, uint16_t *src_port, char const *port_name, bool async)
Open an IPv4/IPv6 unconnected UDP socket.
Definition: socket.c:867
int fr_socket_bind(int sockfd, char const *ifname, fr_ipaddr_t *src_ipaddr, uint16_t *src_port)
Bind a UDP/TCP v4/v6 socket to a given ipaddr src port, and interface.
Definition: socket.c:229
fr_client_t * client_find(fr_client_list_t const *clients, fr_ipaddr_t const *ipaddr, int proto)
Definition: client.c:378
fr_client_list_t * client_list_parse_section(CONF_SECTION *section, int proto, TLS_UNUSED bool tls_required)
Definition: client.c:478
Group of clients.
Definition: client.c:55
fr_assert(0)
eap_aka_sim_process_conf_t * inst
char const * fr_syserror(int num)
Guaranteed to be thread-safe version of strerror.
Definition: syserror.c:243
#define talloc_get_type_abort_const
Definition: talloc.h:282
"server local" time.
Definition: time.h:69
#define UDP_FLAGS_CONNECTED
Definition: udp.h:38
close(uq->fd)
static fr_socket_t * fr_socket_addr_alloc_inet_src(TALLOC_CTX *ctx, int proto, int ifindex, fr_ipaddr_t const *ipaddr, int port)
A variant of fr_socket_addr_init_inet_src will also allocates a fr_socket_t.
Definition: socket.h:244
static void fr_socket_addr_swap(fr_socket_t *dst, fr_socket_t const *src)
Swap src/dst information of a fr_socket_t.
Definition: socket.h:121
Holds information necessary for binding or connecting to a socket.
Definition: socket.h:63
char const * fr_strerror(void)
Get the last library error.
Definition: strerror.c:554