Log the reason *WHY* we're rejecting malformed packets, instead of doing it silently

author Arran Cudbard-Bell <a.cudbardb@freeradius.org>

Thu, 4 Jun 2015 01:28:30 +0000 (19:28 -0600)

committer Arran Cudbard-Bell <a.cudbardb@freeradius.org>

Thu, 4 Jun 2015 01:30:47 +0000 (19:30 -0600)
author Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Thu, 4 Jun 2015 01:28:30 +0000 (19:28 -0600)
committer Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Thu, 4 Jun 2015 01:30:47 +0000 (19:30 -0600)
diff --git a/src/lib/radius.c b/src/lib/radius.c

index 2abd7689e4a3ef945f84a78e781b39aa95d8a83b..4160da76500f5ba6a340324eceebeecf25ead4e8 100644 (file)
--- a/src/lib/radius.c
+++ b/src/lib/radius.c
@@ -332,6 +332,7 @@ ssize_t rad_recv_header(int sockfd, fr_ipaddr_t *src_ipaddr, uint16_t *src_port,
          *      Too little data is available, discard the packet.
          */
         if (data_len < 4) {
+               fr_strerror_printf("Expected at least 4 bytes of header data, got %zu bytes", data_len);
                 rad_recv_discard(sockfd);
  
                 return 1;
@@ -347,6 +348,8 @@ ssize_t rad_recv_header(int sockfd, fr_ipaddr_t *src_ipaddr, uint16_t *src_port,
                  *      a RADIUS header length: discard it.
                  */
                 if (packet_len < RADIUS_HDR_LEN) {
+                       fr_strerror_printf("Expected at least " STRINGIFY(RADIUS_HDR_LEN)  " bytes of packet "
+                                          "data, got %zu bytes", packet_len);
                         rad_recv_discard(sockfd);
  
                         return 1;
@@ -356,6 +359,8 @@ ssize_t rad_recv_header(int sockfd, fr_ipaddr_t *src_ipaddr, uint16_t *src_port,
                          *      Anything after 4k will be discarded.
                          */
                 } else if (packet_len > MAX_PACKET_LEN) {
+                       fr_strerror_printf("Length field value too large, expected maximum of "
+                                          STRINGIFY(MAX_PACKET_LEN) " bytes, got %zu bytes", packet_len);
                         rad_recv_discard(sockfd);
  
                         return 1;
@@ -366,6 +371,7 @@ ssize_t rad_recv_header(int sockfd, fr_ipaddr_t *src_ipaddr, uint16_t *src_port,
          *      Convert AF.  If unknown, discard packet.
          */
         if (!fr_sockaddr2ipaddr(&src, sizeof_src, src_ipaddr, src_port)) {
+               fr_strerror_printf("Unkown address family");
                 rad_recv_discard(sockfd);
  
                 return 1;
diff --git a/src/main/listen.c b/src/main/listen.c

index 31afbe7ab78b79bfe0e4101c50308894545e7269..c12bde28f4d6360a604f39af46741462b14cbcfc 100644 (file)
--- a/src/main/listen.c
+++ b/src/main/listen.c
@@ -1510,6 +1510,7 @@ static int auth_socket_recv(rad_listen_t *listener)
         FR_STATS_INC(auth, total_requests);
  
         if (rcode < 20) {       /* RADIUS_HDR_LEN */
+               RATE_LIMIT(ERROR("Received malformed packet: %s", fr_strerror()));
                 FR_STATS_INC(auth, total_malformed_requests);
                 return 0;
         }
author	Arran Cudbard-Bell <a.cudbardb@freeradius.org>
	Thu, 4 Jun 2015 01:28:30 +0000 (19:28 -0600)
committer	Arran Cudbard-Bell <a.cudbardb@freeradius.org>
	Thu, 4 Jun 2015 01:30:47 +0000 (19:30 -0600)
src/lib/radius.c		patch \| blob \| blame \| history
src/main/listen.c		patch \| blob \| blame \| history