From: Alan T. DeKok Date: Fri, 25 Aug 2023 14:51:09 +0000 (-0400) Subject: remove Client-IP-Address, and replace with Packet-Src-IP-Address X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f1aa7cde19a7dfaa3f07f0ad5090e1279fc68fd2;p=thirdparty%2Ffreeradius-server.git remove Client-IP-Address, and replace with Packet-Src-IP-Address this is made more problematic by the fact that DHCPv4 defines its own Client-IP-Address, which is something different. And there are also FreeRADIUS-Client-IP-Address for dynamic clients, and FreeRADIUS-Stats-Client-IP-Address for statistics. Both of those should be replaced with better names, and nested TLVs --- diff --git a/doc/antora/modules/raddb/pages/mods-available/redis_ippool.adoc b/doc/antora/modules/raddb/pages/mods-available/redis_ippool.adoc index 2f3237d3e32..888c3b26242 100644 --- a/doc/antora/modules/raddb/pages/mods-available/redis_ippool.adoc +++ b/doc/antora/modules/raddb/pages/mods-available/redis_ippool.adoc @@ -147,7 +147,7 @@ redis_ippool { owner = &Client-Hardware-Address # owner = "%{%{Client-Identifier}:-%{Client-Hardware-Address}}" # owner = "%{Vendor-Specific.ADSL-Forum.Agent-Circuit-ID} %{Calling-Station-Id}" - requested_address = "%{%{Requested-IP-Address}:-%{Client-IP-Address}}" + requested_address = "%{%{Requested-IP-Address}:-%{Packet-Src-IP-Address}}" # ipv4_integer = yes allocated_address_attr = &reply.Your-IP-Address range_attr = &reply.IP-Pool.Range @@ -158,7 +158,7 @@ redis_ippool { pool { start = 0 min = 0 -# max = +# max = 1 spare = 1 uses = 0 lifetime = 0 diff --git a/doc/antora/modules/tutorials/pages/variables.adoc b/doc/antora/modules/tutorials/pages/variables.adoc index fe2f64daa49..25e97bd7e98 100644 --- a/doc/antora/modules/tutorials/pages/variables.adoc +++ b/doc/antora/modules/tutorials/pages/variables.adoc @@ -39,7 +39,7 @@ has a configuration entry named "filename", which by default has the following value: ---------------------------------------------------------------- -filename = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d +filename = ${radacctdir}/%{Packet-Src-IP-Address}/detail-%Y%m%d ---------------------------------------------------------------- The configuration entry is composed of two kinds of variable expansion. diff --git a/raddb/mods-available/redis_ippool b/raddb/mods-available/redis_ippool index 5f55236e75b..c69ba8b9016 100644 --- a/raddb/mods-available/redis_ippool +++ b/raddb/mods-available/redis_ippool @@ -102,7 +102,7 @@ redis_ippool { # # requested_address:: The IP address being renewed or released. # - requested_address = "%{%{Requested-IP-Address}:-%{Client-IP-Address}}" + requested_address = "%{%{Requested-IP-Address}:-%{Packet-Src-IP-Address}}" # # ipv4_integer:: Whether IPv4 addresses should be cast to integers, for renew operations. diff --git a/share/dictionary/freeradius/dictionary.freeradius.internal b/share/dictionary/freeradius/dictionary.freeradius.internal index 038d079a3fe..e7997b33594 100644 --- a/share/dictionary/freeradius/dictionary.freeradius.internal +++ b/share/dictionary/freeradius/dictionary.freeradius.internal @@ -155,7 +155,7 @@ ATTRIBUTE Realm 1017 string ATTRIBUTE Acct-Session-Start-Time 1019 date ATTRIBUTE Acct-Unique-Session-Id 1020 string -ATTRIBUTE Client-IP-Address 1021 ipaddr virtual +# 1021 was Client-IP-Address. Just use Packet-Src-IP-Address ATTRIBUTE LDAP-UserDN 1022 string ATTRIBUTE SQL-User-Name 1023 string diff --git a/src/lib/server/paircmp.c b/src/lib/server/paircmp.c index 15818870fe3..74c90496e3d 100644 --- a/src/lib/server/paircmp.c +++ b/src/lib/server/paircmp.c @@ -61,7 +61,6 @@ fr_dict_autoload_t paircmp_dict[] = { }; static fr_dict_attr_t const *attr_auth_type; -static fr_dict_attr_t const *attr_client_ip_address; static fr_dict_attr_t const *attr_crypt_password; static fr_dict_attr_t const *attr_packet_dst_ip_address; static fr_dict_attr_t const *attr_packet_dst_ipv6_address; @@ -79,7 +78,6 @@ static fr_dict_attr_t const *attr_virtual_server; extern fr_dict_attr_autoload_t paircmp_dict_attr[]; fr_dict_attr_autoload_t paircmp_dict_attr[] = { - { .out = &attr_client_ip_address, .name = "Client-IP-Address", .type = FR_TYPE_IPV4_ADDR, .dict = &dict_freeradius }, { .out = &attr_crypt_password, .name = "Password.Crypt", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, { .out = &attr_packet_dst_ip_address, .name = "Packet-Dst-IP-Address", .type = FR_TYPE_IPV4_ADDR, .dict = &dict_freeradius }, { .out = &attr_packet_dst_ipv6_address, .name = "Packet-Dst-IPv6-Address", .type = FR_TYPE_IPV6_ADDR, .dict = &dict_freeradius }, @@ -815,7 +813,6 @@ int paircmp_init(void) paircmp_register(attr_packet_type, NULL, true, packet_cmp, NULL); - paircmp_register(attr_client_ip_address, NULL, true, generic_cmp, NULL); paircmp_register(attr_packet_src_ip_address, NULL, true, generic_cmp, NULL); paircmp_register(attr_packet_dst_ip_address, NULL, true, generic_cmp, NULL); paircmp_register(attr_packet_src_port, NULL, true, generic_cmp, NULL); @@ -832,7 +829,6 @@ void paircmp_free(void) { paircmp_unregister(attr_packet_type, packet_cmp); - paircmp_unregister(attr_client_ip_address, generic_cmp); paircmp_unregister(attr_packet_src_ip_address, generic_cmp); paircmp_unregister(attr_packet_dst_ip_address, generic_cmp); paircmp_unregister(attr_packet_src_port, generic_cmp); diff --git a/src/lib/server/tmpl_eval.c b/src/lib/server/tmpl_eval.c index 59e0c4c794d..6aa6044093f 100644 --- a/src/lib/server/tmpl_eval.c +++ b/src/lib/server/tmpl_eval.c @@ -51,7 +51,6 @@ fr_dict_autoload_t tmpl_dict[] = { { NULL } }; -static fr_dict_attr_t const *attr_client_ip_address; static fr_dict_attr_t const *attr_client_shortname; static fr_dict_attr_t const *attr_packet_dst_ip_address; static fr_dict_attr_t const *attr_packet_dst_ipv6_address; @@ -71,7 +70,6 @@ extern fr_dict_attr_t const *tmpl_attr_unspec; fr_dict_attr_t const *tmpl_attr_unspec; static fr_dict_attr_autoload_t tmpl_dict_attr[] = { - { .out = &attr_client_ip_address, .name = "Client-IP-Address", .type = FR_TYPE_IPV4_ADDR, .dict = &dict_freeradius }, { .out = &attr_client_shortname, .name = "Client-Shortname", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, { .out = &attr_module_return_code, .name = "Module-Return-Code", .type = FR_TYPE_UINT32, .dict = &dict_freeradius }, { .out = &attr_packet_dst_ip_address, .name = "Packet-Dst-IP-Address", .type = FR_TYPE_IPV4_ADDR, .dict = &dict_freeradius }, @@ -1167,17 +1165,7 @@ static int tmpl_eval_pair_virtual(TALLOC_CTX *ctx, fr_value_box_list_t *out, MEM(value = fr_value_box_alloc_null(ctx)); fr_value_box_memdup(ctx, value, tmpl_attr_tail_da(vpt), packet->vector, sizeof(packet->vector), true); - } else if (tmpl_attr_tail_da(vpt) == attr_client_ip_address) { - fr_client_t *client = client_from_request(request); - if (client) { - MEM(value = fr_value_box_alloc_null(ctx)); - fr_value_box_ipaddr(value, NULL, &client->ipaddr, false); /* Enum might not match type */ - goto done; - } - goto src_ip_address; - } else if (tmpl_attr_tail_da(vpt) == attr_packet_src_ip_address) { - src_ip_address: if (!fr_socket_is_inet(packet->socket.proto) || (packet->socket.inet.src_ipaddr.af != AF_INET)) return 0; diff --git a/src/modules/rlm_redis_ippool/rlm_redis_ippool.c b/src/modules/rlm_redis_ippool/rlm_redis_ippool.c index 69772a37df8..c54875d4f97 100644 --- a/src/modules/rlm_redis_ippool/rlm_redis_ippool.c +++ b/src/modules/rlm_redis_ippool/rlm_redis_ippool.c @@ -191,7 +191,7 @@ static const call_env_t redis_ippool_alloc_call_env[] = { { FR_CALL_ENV_OFFSET("lease_time", FR_TYPE_UINT32, redis_ippool_alloc_call_env_t, lease_time, NULL, T_INVALID, true, false, false) }, { FR_CALL_ENV_OFFSET("requested_address", FR_TYPE_STRING, redis_ippool_alloc_call_env_t, requested_address, - "%{%{Requested-IP-Address}:-%{Client-IP-Address}}", T_DOUBLE_QUOTED_STRING, + "%{%{Requested-IP-Address}:-%{Packet-Src-IP-Address}}", T_DOUBLE_QUOTED_STRING, true, true, false) }, { FR_CALL_ENV_TMPL_ONLY_OFFSET("allocated_address_attr", FR_TYPE_ATTRIBUTE, redis_ippool_alloc_call_env_t, allocated_address_attr, NULL, T_INVALID, true ) }, @@ -212,7 +212,7 @@ static const call_env_t redis_ippool_update_call_env[] = { { FR_CALL_ENV_OFFSET("lease_time", FR_TYPE_UINT32, redis_ippool_update_call_env_t, lease_time, NULL, T_INVALID, true, false, false) }, { FR_CALL_ENV_OFFSET("requested_address", FR_TYPE_STRING, redis_ippool_update_call_env_t, requested_address, - "%{%{Requested-IP-Address}:-%{Client-IP-Address}}", T_DOUBLE_QUOTED_STRING, + "%{%{Requested-IP-Address}:-%{Packet-Src-IP-Address}}", T_DOUBLE_QUOTED_STRING, true, true, false) }, { FR_CALL_ENV_TMPL_ONLY_OFFSET("allocated_address_attr", FR_TYPE_ATTRIBUTE, redis_ippool_update_call_env_t, allocated_address_attr, NULL, T_INVALID, true ) }, @@ -231,7 +231,7 @@ static const call_env_t redis_ippool_release_call_env[] = { { FR_CALL_ENV_OFFSET("gateway", FR_TYPE_STRING, redis_ippool_release_call_env_t, gateway_id, "", T_SINGLE_QUOTED_STRING, false, true, true ) }, { FR_CALL_ENV_OFFSET("requested_address", FR_TYPE_STRING, redis_ippool_release_call_env_t, requested_address, - "%{%{Requested-IP-Address}:-%{Client-IP-Address}}", T_DOUBLE_QUOTED_STRING, + "%{%{Requested-IP-Address}:-%{Packet-Src-IP-Address}}", T_DOUBLE_QUOTED_STRING, true, true, false) }, CALL_ENV_TERMINATOR }; diff --git a/src/tests/keywords/xlat-virtual-attr b/src/tests/keywords/xlat-virtual-attr index f75693c700a..71837142d6e 100644 --- a/src/tests/keywords/xlat-virtual-attr +++ b/src/tests/keywords/xlat-virtual-attr @@ -26,10 +26,6 @@ if (!("%{Packet-Authentication-Vector}" == 0x00000000000000000000000000000000)) test_fail } -if (!("%{Client-IP-Address}" == 127.0.0.1)) { - test_fail -} - if (!("%{Packet-Src-IP-Address}" == 127.0.0.1)) { test_fail } diff --git a/src/tests/unit/xlat/base.txt b/src/tests/unit/xlat/base.txt index 0a4c100c485..7dabd4d7cac 100644 --- a/src/tests/unit/xlat/base.txt +++ b/src/tests/unit/xlat/base.txt @@ -145,8 +145,8 @@ xlat \"%t\tfoo\" match \"%t\tfoo\" allow-unresolved yes -xlat \"%t\t%{Client-IP-Address}\" -match \"%t\t%{Client-IP-Address}\" +xlat \"%t\t%{Packet-Src-IP-Address}\" +match \"%t\t%{Packet-Src-IP-Address}\" allow-unresolved no xlat \"foo %{test:foo}\"