Forum Discussion
John_Allen
Altostratus
AltostratusCreating a proper RADIUS Accounting-Response packet in iRules
Creating a proper RADIUS Accounting-Response packet in iRules
If you do a lot of work with RADIUS messages being sent to
your BIGIP so that you can get some information from another...
koenning_107182
Nimbostratus
Nimbostratusthis irule shows how to craft a rfc compliant Radius Accouting Accept message
upon an incoming Radius Accouting Request
christian@f5.com
when RULE_INIT {
set static::secret "mysecret"
binary scan $static::secret H* static::secrethex
}
when CLIENT_DATA {
getting base information, see also RFC 2865
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Authenticator |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attributes ...
+-+-+-+-+-+-+-+-+-+-+-+-+-
binary scan [UDP::payload] cH2SH32 code ident len auth
see also http://tmml.sourceforge.net/doc/tcl/binary.html
Checking if Radius Code is 4
4 Accounting-Request
if { $code == 4 } {
setting response code
5 Accounting-Response
set code 5
Accounting Response will be 20 bytes long
set len 20
creating ResponseAuth =
MD5(Code+ID+Length+RequestAuth+Attributes+Secret)
set md5me [binary format cH2SH32H8 $code $ident $len $auth $static::secrethex]
running the MD5
set ResponseAuthRaw [ md5 $md5me]
doing some string to binary conversion, i am sure i can avoid this, need to optimize it
binary scan $ResponseAuthRaw H* ResponseAuth
crafting the response packet
set packetdata [binary format cH2SH32 $code $ident $len $ResponseAuth]
UDP::drop
clientside { UDP::respond ${packetdata} }
}
else {
log local0. "Dropping Message"
UDP::drop
}
}