From: Alan T. DeKok Date: Wed, 12 Feb 2025 13:02:10 +0000 (-0500) Subject: only the replication modes allow for a single source socket X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6dca3db3d18c9e324c8a59987183c51dcde4606a;p=thirdparty%2Ffreeradius-server.git only the replication modes allow for a single source socket so XLAT_PROXY uses the normal code path --- diff --git a/src/modules/rlm_radius/bio.c b/src/modules/rlm_radius/bio.c index 90c69a5c505..caece1c5bdc 100644 --- a/src/modules/rlm_radius/bio.c +++ b/src/modules/rlm_radius/bio.c @@ -2437,12 +2437,24 @@ static int mod_thread_instantiate(module_thread_inst_ctx_t const *mctx) thread->ctx.fd_config = inst->fd_config; thread->ctx.radius_ctx = inst->common_ctx; - if ((inst->mode != RLM_RADIUS_MODE_UNCONNECTED_REPLICATE) && - (inst->mode != RLM_RADIUS_MODE_XLAT_PROXY)) { + switch (inst->mode) { + case RLM_RADIUS_MODE_XLAT_PROXY: + /* + * @todo - make lifetime configurable? + */ + fr_rb_expire_inline_talloc_init(&thread->bio.expires, home_server_t, expire, home_server_cmp, home_server_free, + fr_time_delta_from_sec(60)); + FALL_THROUGH; + + default: thread->ctx.trunk = trunk_alloc(thread, mctx->el, &io_funcs, &inst->trunk_conf, inst->name, thread, false); if (!thread->ctx.trunk) return -1; return 0; + + case RLM_RADIUS_MODE_REPLICATE: + case RLM_RADIUS_MODE_UNCONNECTED_REPLICATE: + break; } /* @@ -2466,25 +2478,11 @@ static int mod_thread_instantiate(module_thread_inst_ctx_t const *mctx) thread->bio.fd->uctx = thread; thread->ctx.fd_info = fr_bio_fd_info(thread->bio.fd); + fr_assert(thread->ctx.fd_info != NULL); - /* - * We don't care about replies. - */ - if (inst->mode == RLM_RADIUS_MODE_UNCONNECTED_REPLICATE) { - (void) fr_bio_fd_write_only(thread->bio.fd); - - DEBUG("%s - Opened unconnected replication socket %s", inst->name, thread->ctx.fd_info->name); - return 0; - } - - DEBUG("%s - Opened unconnected proxy socket %s", inst->name, thread->ctx.fd_info->name); - - /* - * @todo - make lifetime configurable? - */ - fr_rb_expire_inline_talloc_init(&thread->bio.expires, home_server_t, expire, home_server_cmp, home_server_free, - fr_time_delta_from_sec(60)); + (void) fr_bio_fd_write_only(thread->bio.fd); + DEBUG("%s - Opened unconnected replication socket %s", inst->name, thread->ctx.fd_info->name); return 0; } @@ -2665,7 +2663,7 @@ static xlat_action_t xlat_radius_client(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcurso /* * Can't change IP address families. */ - if (ipaddr->vb_ip.af != thread->ctx.fd_info->socket.af) { + if (ipaddr->vb_ip.af != thread->ctx.fd_config.src_ipaddr.af) { RDEBUG("Invalid destination IP address family in %pV", ipaddr); return XLAT_ACTION_DONE; } diff --git a/src/modules/rlm_radius/rlm_radius.c b/src/modules/rlm_radius/rlm_radius.c index 3adc958e457..48e081d32c4 100644 --- a/src/modules/rlm_radius/rlm_radius.c +++ b/src/modules/rlm_radius/rlm_radius.c @@ -665,16 +665,16 @@ check_others: * Filenames are write-only, and cannot get response packets. */ if (inst->fd_config.filename) { - cf_log_err(conf, "Cannot set 'filename' here - it is only supported for 'mode=replicate'."); + cf_log_err(conf, "Cannot set 'filename' here - it is only supported for 'mode=replicate'"); return -1; } /* - * For normal proxying or originating client packets, we need to be able to open multiple - * source ports. So the admin can't force a particular source port. + * When we expect replies, we need to be able to open multiple source ports. So the + * admin can't force a particular source port. */ - if (inst->fd_config.src_port && (inst->mode != RLM_RADIUS_MODE_XLAT_PROXY)) { - cf_log_err(conf, "Cannot set 'src_port' when sending packets to a static destination"); + if (inst->fd_config.src_port) { + cf_log_err(conf, "Cannot 'src_port' here - it can only be set for replicating packets"); return -1; }