#5612 closed enhancement (complete)

Copy Class RADIUS attribute from host cache to accounting requests

Reported by: fdupont Owned by: fdupont
Priority: medium Milestone: Kea1.4
Component: hook-radius Version: git
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: DHCP Feature Depending on Ticket:
Estimated Difficulty: 0 Add Hours to Ticket: 0
Total Hours: 0 Internal?: no

Description


Subtickets

Change History (8)

comment:1 Changed 19 months ago by tomek

  • Milestone changed from Kea-proposed to Kea1.4

This is a request of a customer, trying to squeeze it into 1.4.

comment:2 Changed 19 months ago by fdupont

  • Owner set to fdupont
  • Status changed from new to accepted

comment:3 Changed 19 months ago by fdupont

To be addressed after #5605 (depends on it) and #5617 (independent but with higher priority).

comment:4 Changed 19 months ago by fdupont

At it is the simplest and we got no answer yet about #5617 I began with this. The tentative code (v4 / server callouts) works well.
To test it the Class = "xxx" must be added to reply items using a , (comma) separator in definitions in users / authorize file.

comment:5 Changed 19 months ago by fdupont

  • Owner changed from fdupont to UnAssigned
  • Status changed from accepted to reviewing

Added unit tests. Ready for review...

comment:6 Changed 19 months ago by tomek

  • Owner changed from UnAssigned to tomek

comment:7 follow-up: Changed 18 months ago by tomek

  • Owner changed from tomek to fdupont

radius_accounting.cc
The new code that retrieves identifier (the one added to buildAcct, buildAcct4,
and buildAcct6) should be abstracted to separate method.

Given the time constraints, your approach is the optimal solution for now.
However, in some longer term, we probably should implement similar approach
we have for attributes being sent in Access-Request. But that's clearly out
of scope for beta and most likely also not for final.

This would also address another point - other users may complain that they
don't want the class attribute to be sent. Having a list of attributes configurable
is better than adding specific configuration knob just for this particular
attribute.

If you agree with this, please add a @todo in the code.

accounting_unittests.cc
Your tests are very thorough. Thanks for writing them.


This change requires a ChangeLog. If you don't have any better text, here is
my proposal:

49.	[func]		fdupont
	An ability to send client identifier (hardware address, DUID,
	client-id or flex-id) in Class attribute has been added.
	This mechanism is supported both IPv4 and IPv6.
	(Trac #5612, git tbd)

Code compiles and unit-tests pass on Mac OS.

comment:8 in reply to: ↑ 7 Changed 18 months ago by fdupont

  • Resolution set to complete
  • Status changed from reviewing to closed

Replying to tomek:

radius_accounting.cc
The new code that retrieves identifier (the one added to buildAcct, buildAcct4,
and buildAcct6) should be abstracted to separate method.

=> in fact it is the case for almost each part of these methods: bodies are
enough close and too long...

Given the time constraints, your approach is the optimal solution for now.
However, in some longer term, we probably should implement similar approach
we have for attributes being sent in Access-Request. But that's clearly out
of scope for beta and most likely also not for final.

This would also address another point - other users may complain that they
don't want the class attribute to be sent. Having a list of attributes configurable
is better than adding specific configuration knob just for this particular
attribute.

=> I believe you mean Access-Accept. I had the same idea (use a config list of
attributes to copy) but:

  • it did not fit with the time constraints (should use name or code, etc).
  • it is required by the standard (so the default would be to copy the Class attribute).

So I gave up.

If you agree with this, please add a @todo in the code.

=> OK for the @todo of course.

I am adding the comments and merging it (before #5617 because the customer
waits for this).

Changed the ChangeLog to a text explaining what the code does and a reference
to the standard (definition of the Class attribute).

Closing...

Note: See TracTickets for help on using tickets.