From: Alan T. DeKok <aland@freeradius.org>
Date: Fri, 16 Feb 2024 13:33:54 +0000 (-0500)
Subject: add tls flag to packets
X-Git-Tag: release_3_0_27~19
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bc4f0a7d9666fa7f834de7a031814f8b24542891;p=thirdparty%2Ffreeradius-server.git

add tls flag to packets

and set it for TLS transport send / receive.  This lets the
packet encoder and verification routines behave differently for
TLS and non-TLS transport
---

diff --git a/src/include/libradius.h b/src/include/libradius.h
index 757828f070..c2e8969f3c 100644
--- a/src/include/libradius.h
+++ b/src/include/libradius.h
@@ -407,6 +407,7 @@ typedef struct radius_packet {
 	size_t			partial;
 	int			proto;
 #endif
+	bool			tls;		//!< uses secure transport
 } RADIUS_PACKET;
 
 typedef enum {
diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c
index 563a887d24..6d954d269f 100644
--- a/src/main/tls_listen.c
+++ b/src/main/tls_listen.c
@@ -439,6 +439,8 @@ read_application_data:
 	packet->vps = NULL;
 	PTHREAD_MUTEX_UNLOCK(&sock->mutex);
 
+	packet->tls = true;
+
 	if (!rad_packet_ok(packet, 0, NULL)) {
 		if (DEBUG_ENABLED) ERROR("Receive - %s", fr_strerror());
 		DEBUG("(TLS) Closing TLS socket from client");
@@ -935,6 +937,8 @@ int proxy_tls_recv(rad_listen_t *listener)
 	memcpy(packet->data, data, packet->data_len);
 	memcpy(packet->vector, packet->data + 4, 16);
 
+	packet->tls = true;
+
 	/*
 	 *	FIXME: Client MIB updates?
 	 */
@@ -995,6 +999,7 @@ int proxy_tls_send(rad_listen_t *listener, REQUEST *request)
 	 *	if there's no packet, encode it here.
 	 */
 	if (!request->proxy->data) {
+		request->reply->tls = true;
 		request->proxy_listener->proxy_encode(request->proxy_listener,
 						      request);
 	}