don't add Proxy-State to "ping" packets

diff --git a/src/modules/rlm_radius/rlm_radius_udp.c b/src/modules/rlm_radius/rlm_radius_udp.c
index 77e1029fb345392bcef6e69f6b41864e68d288f9..7ad8b6edf5c19377882134344010ee25ad5a9181 100644 (file)
--- a/src/modules/rlm_radius/rlm_radius_udp.c
+++ b/src/modules/rlm_radius/rlm_radius_udp.c
@@ -1225,20 +1225,6 @@ static int encode(rlm_radius_udp_t const *inst, request_t *request, udp_request_
        u->packet_len = inst->max_packet_size;
        MEM(u->packet = talloc_array(u, uint8_t, u->packet_len));
 
-       /*
-        *      If we're sending a status check packet, update any
-        *      necessary timestamps.  Also, don't add Proxy-State, as
-        *      we're originating the packet.
-        */
-       if (u->status_check) {
-               fr_pair_t *vp;
-
-               vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_event_timestamp);
-               if (vp) vp->vp_date = fr_time_to_unix_time(u->retry.updated);
-
-               if (u->code == FR_RADIUS_CODE_STATUS_SERVER) u->can_retransmit = false;
-       }
-
        /*
         *      We should have at minimum 64-byte packets, so don't
         *      bother doing run-time checks here.
@@ -1253,8 +1239,24 @@ static int encode(rlm_radius_udp_t const *inst, request_t *request, udp_request_
                },
                .code = u->code,
                .id = id,
+               .add_proxy_state = !inst->parent->originate,
        };
 
+       /*
+        *      If we're sending a status check packet, update any
+        *      necessary timestamps.  Also, don't add Proxy-State, as
+        *      we're originating the packet.
+        */
+       if (u->status_check) {
+               fr_pair_t *vp;
+
+               vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_event_timestamp);
+               if (vp) vp->vp_date = fr_time_to_unix_time(u->retry.updated);
+
+               u->can_retransmit = false;
+               encode_ctx.add_proxy_state = false;
+       }
+
        /*
         *      Encode it, leaving room for Proxy-State if necessary.
         */
@@ -1297,7 +1299,7 @@ static int encode(rlm_radius_udp_t const *inst, request_t *request, udp_request_
         *      request->request_pairs, because multiple modules
         *      may be sending the packets at the same time.
         */
-       if (inst->common_ctx.add_proxy_state) {
+       if (encode_ctx.add_proxy_state) {
                fr_pair_t       *vp;
 
                MEM(vp = fr_pair_afrom_da(u->packet, attr_proxy_state));
@@ -2683,7 +2685,6 @@ static int mod_instantiate(module_inst_ctx_t const *mctx)
        inst->common_ctx = (fr_radius_ctx_t) {
                .secret = inst->secret,
                .secret_length = talloc_array_length(inst->secret) - 1,
-               .add_proxy_state = !inst->parent->originate,
                .proxy_state = inst->parent->proxy_state,
        };
 

diff --git a/src/protocols/radius/base.c b/src/protocols/radius/base.c
index 027987f746e6052a9804dd649a5ff451b1428eab..737d18e31498f043fd4f834b577cb10f5a0bba1f 100644 (file)
--- a/src/protocols/radius/base.c
+++ b/src/protocols/radius/base.c
@@ -1028,7 +1028,7 @@ ssize_t fr_radius_encode(fr_dbuff_t *dbuff, fr_pair_list_t *vps, fr_radius_encod
        /*
         *      Add Proxy-State to the end of the packet if the caller requested it.
         */
-       if (packet_ctx->common->add_proxy_state) {
+       if (packet_ctx->add_proxy_state) {
                FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, FR_PROXY_STATE, 6);
                FR_DBUFF_IN_RETURN(&work_dbuff, packet_ctx->common->proxy_state);
        }

diff --git a/src/protocols/radius/radius.h b/src/protocols/radius/radius.h
index b82cf31dd0016d8f8afcd885e808006ee65bca86..74ba690ce636715e5b7829f6ba5bce8e62040e57 100644 (file)
--- a/src/protocols/radius/radius.h
+++ b/src/protocols/radius/radius.h
@@ -142,7 +142,6 @@ typedef struct {
 
        bool                    secure_transport;       //!< for TLS
 
-       bool                    add_proxy_state;        //!< do we add a Proxy-State?
        uint32_t                proxy_state;            //!< if so, this is its value
 } fr_radius_ctx_t;
 
@@ -162,6 +161,7 @@ typedef struct {
        uint8_t                 code;
        uint8_t                 id;
 
+       bool                    add_proxy_state;        //!< do we add a Proxy-State?
        bool                    disallow_tunnel_passwords; //!< not all packets can have tunnel passwords
        bool                    seen_message_authenticator;
 } fr_radius_encode_ctx_t;