RADIUS server using APM to authenticate users
Problem this snippet solves: this code convert APM policy to a RADIUS server.
Code description
When a Radius request is accepted by the VS:
the radius client IP address is checked against a...
Updated Jun 06, 2023
Version 2.0
Stanislas_Piro2
Cumulonimbus
Cumulonimbus
Stanislas_Piro2Cumulonimbus
Cumulonimbus@Kai : You're right again.
I was working on a simplification / security improvement.
-
check payload length according to RFC
if {[binary scan [UDP::payload] cH2Sa16 QCODE IDENTIFIER QLEN Q_AUTHENTICATOR] != 4 || $QLEN > [UDP::payload length] || $QLEN > 4096} { UDP::drop return } else { Store only PAYLOAD in variable if Length field is valid (less than 4096 and less than payload length). prevent variable allocation if payload not valid. Octets outside the range of the Length field MUST be treated as padding and ignored on reception. set PAYLOAD [UDP::payload $QLEN] } -
create a hash of payload to manage "Duplicate Detection"
I was thinking to store payload md5 hash as session variable key (one subtable per IP address) with response payload in value and with 30s timeout.