Hi RADIATOR Team,
I would like to dump the packet attributes within ServerRADSEC or
AuthRADSEC but without overwhelming packet hexdumps.
Therefore I can't/won't use PacketTrace in the clauses.
I configured a clause specific Logger with 'Trace 4' but the 'sub
main::willLog' doesn't honor the settings in the clause loggers, instead
it checks just the global logger(s) und shortcuts the calls to
recv_debug_dump in the Modules:
> Radius/AuthRADIUS.pm: $p->recv_debug_dump($self) if
> (main::willLog($main::LOG_DEBUG, $p));
> Radius/AuthRADSEC.pm: $p->recv_debug_dump($self) if
> (main::willLog($main::LOG_DEBUG, $p));
> Radius/Client.pm: $p->recv_debug_dump($self) if
> (main::willLog($main::LOG_DEBUG, $p));
> Radius/ServerRADSEC.pm: $tp->recv_debug_dump($self) if
> (main::willLog($main::LOG_DEBUG, $tp));
>
> #####################################################################
> # Return true if at least one logger is required to log
> # Can be a shortcut to prevent length logging calculations
> sub main::willLog
> {
> my ($priority, $p) = @_;
> return 1
> if ($main::config->{LogStdout}&& ($priority <= $main::config->{Trace}
> || ($p && $p->{PacketTrace})))
> || grep $_->willLog($priority, $p), @{$main::config->{Log}};
> }
################################################################################
Please see my stripped down test setting:
################################################################################
> BindAddress 127.0.0.1
> AuthPort 1812
> AcctPort 1813
>
> LogDir /tmp/radiator/log
> DbDir /tmp/radiator/etc
>
>
> # disable global logfile for tests, in production I use a global file logger
> and syslog logger with Trace 2
> LogFile
> # I'll just see warnings and errors in the global log or during this tests on
> stdout
> Trace 2
> Foreground
> LogStdout
>
> PidFile %D/radiusd.pid
> DictionaryFile %D/my-very-short-dict-for-running-under-perl-debugger
>
> # AuthBy gimmick to define referable, non global loggers, thanks Hugh!
> <AuthBy GROUP>
> <Log FILE>
> Identifier DEBUG-LOGGER
> Trace 4
> Filename %L/debug-logger
> </Log>
> </AuthBy>
>
> <AuthBy TEST>
> Identifier AUTHBY_TEST
> </AuthBy>
>
> <AuthBy RADSEC>
> # I'm interested in the radius code and attributes, not in SSL hexdumps
> Log DEBUG-LOGGER
> Secret radsec
> Identifier AUTHBY_RADSEC
>
> UseStatusServerForFailureDetect
> KeepaliveTimeout 10
> FailureBackoffTime 10
> NoreplyTimeout 10
>
> LocalAddress 127.0.0.1
> Host 127.0.0.1
>
> # test settings, in production use valid certs and CN checks!!!
> UseTLS
> TLS_CAFile %D/certificates/demoCA/cacert.pem
> TLS_ExpectedPeerName .*
>
> TLS_CertificateFile %D/certificates/cert-clt.pem
> TLS_CertificateType PEM
> TLS_PrivateKeyFile %D/certificates/cert-clt.pem
> TLS_PrivateKeyPassword whatever
> </AuthBy>
>
> #################################################################################
>
> <Handler Connect-Info=RADSEC>
> Identifier HANDLER_FROM_RADSEC
> AuthBy AUTHBY_TEST
> </Handler>
>
> <Handler Realm=radsec>
> Identifier HANDLER_TO_RADSEC
> AuthBy AUTHBY_RADSEC
> </Handler>
>
> <Handler>
> Identifier HANDLER_DEFAULT
> AuthBy AUTHBY_TEST
> </Handler>
>
> #################################################################################
>
> <Client DEFAULT>
> Identifier DEFAULT
> Secret mysecret
> Log DEBUG-LOGGER
> </Client>
>
> <ServerRADSEC>
> # I'm interested in the radius code and attributes, not in SSL hexdumps
> Log DEBUG-LOGGER
>
> Identifier RADSEC_SERVER
> BindAddress 127.0.0.1
> Port 2083
> Secret radsec
>
> AddToRequest Connect-Info=RADSEC
> AddToReply Connect-Info=RADSEC
>
> UseTLS
> TLS_CAFile %D/certificates/demoCA/cacert.pem
> TLS_CertificateFile %D/certificates/cert-srv.pem
> TLS_CertificateType PEM
> TLS_PrivateKeyFile %D/certificates/cert-srv.pem
> TLS_PrivateKeyPassword whatever
> TLS_RequireClientCert
> TLS_ExpectedPeerName .*
> </ServerRADSEC>
> ####################################################################
and then test it with radpwtst
> $ radpwtst -bind_address 127.0.0.1 -s 127.0.0.1 -noacct -auth_port 1812 -user
> foo@radsec
Any hint how to solve this problem?
Please rethink your &main::willLog(...) and btw, in my opinion, the
whole logging deserves refactoring ;-(
Maybe, supporting module specific $self->willLog would be proper a path
to go.
Best Regards
Charly Gaissmaier
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
