Hi Heikki, On 2016-06-29 12:41, Heikki Vatiainen wrote: > On 28.6.2016 11.24, Hartmaier Alexander wrote: > >> Tue Jun 28 08:18:50 2016: DEBUG: ServerTACACSPLUS: New connection from >> 1.2.3.4:11422 >> Tue Jun 28 08:18:50 2016: ERR: Could not get peer name on >> TacacsplusConnection socket: Transport endpoint is not connected >> Tue Jun 28 08:18:50 2016: DEBUG: TacacsplusConnection disconnected from : >> >> As you can see is the last message lacking the source infos although >> I've applied the latest patchset. >> Any idea why? > The 'Could not get peer name' log message was not changed at those > patches yet. What was changed was the addition of the 'New connection' > message. > > To get rid of need for Trace 4, the current patches now include slightly > changed connection handling and updated logging. The peer IP and port > are now saved from accept() and while getpeername() is still called, its > function is only to check for connections that got immediately closed > after they were opened. > > This check is depends on the timing, but it should catch those > disconnects that were causing the 'Could not get peer name' log message. > Otherwise the connections get closed by the normal processing. > > Or in brief: the log message is now more informative but the processing > is otherwise the same. Great, thanks! > > Note: the peer name log message is now logged as a WARNING instead of ERR. I'd say that's a more appropriate log level, thanks! > >> But the 'New connection' message should be enough to find the bad boys >> which seem to be two Cisco IOS routers. > Hmm, that's interesting. Any reason why they do this? With the 'New connection' message I was able to find the two IOS routers causing the message. They weren't under our control (any more) but still tried to establish TACACS+ sessions, possibly not using the correct key with lead to those messages. The admin of them deconfigured our Radiator servers and so the messages are gone.
> > Thanks, > Heikki > Best regards, Alex *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien Handelsgericht Wien, FN 79340b *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* Notice: This e-mail contains information that is confidential and may be privileged. If you are not the intended recipient, please notify the sender and then delete this e-mail immediately. *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
