Re: corrupt UDP packets sent to proxy (Alan DeKok)

classic Classic list List threaded Threaded
2 messages Options
| Threaded
Open this post in threaded view
|

Re: corrupt UDP packets sent to proxy (Alan DeKok)

Taylor, Graham


Message: 2
Date: Fri, 17 Jun 2005 13:20:06 -0400
From: "Alan DeKok" <[hidden email]>
Subject: Re: corrupt UDP packets sent to proxy
To: FreeRadius users mailing list
        <[hidden email]>>
Message-ID: <[hidden email]>>

"Taylor, Graham" <[hidden email]>> wrote:
>> Hi People, I hope you can shed some light on a problem I am having
with
>> freeradius acting as a proxy. As you can see the packet below has a
>> corrupt UDP header

>  The kernel creates the UDP header, including checksum.  If it's
>wrong, there's little FreeRADIUS can do.


        Alan I agree that the kernel creates the UDP header normally, I
am concerned that FreeRADIUS is forwarding the packet to the proxy
without re-calculating the UDP header. This would explain why the
behaviour is different when proxying than when using radtest.





>> If I use radtest then the packet is fine and I get authenticated, the
>> problem only occurs when the request is proxied out, all of the
packets
>> forwarded to the secondary radius server have the UDP checksum error,

 > I've never seen that, and I'm not sure why it would happen.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: corrupt UDP packets sent to proxy (Alan DeKok)

Alan DeKok
"Taylor, Graham" <[hidden email]> wrote:
> Alan I agree that the kernel creates the UDP header normally, I
> am concerned that FreeRADIUS is forwarding the packet to the proxy
> without re-calculating the UDP header.

  Maybe you misunderstood.  There is NO CODE IN FREERADIUS to
calculate the UDP header.  None.  Zip.  Nada.  Zilch.

  It's ALWAYS handled by the kernel.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html