我正在使用REST模块来授权DHCP请求。 如果授权失败,我希望发送一个明确的DHCP NAK,但是如果出现故障,DHCP模块似乎立即返回,只是忽略DHCP请求而没有任何响应。
这里是我的DHCP模块configuration – 如果rest.authorize成功,if(ok)控制块被命中,但是如果rest.authorize失败,if(fail)将不会被命中。
dhcp DHCP-Discover { rest.authorize if (fail) { update reply { DHCP-Message-Type = DHCP-Nak } } if (ok) { update reply { DHCP-Message-Type = DHCP-Offer } update reply { DHCP-Domain-Name-Server = xxxx DHCP-Domain-Name-Server = xxxx DHCP-Subnet-Mask = 255.255.255.0 DHCP-Router-Address = xxxx DHCP-IP-Address-Lease-Time = 3600 DHCP-DHCP-Server-Identifier = xxxx } mac2ip } } 以下是收到401 Unauthorized之后的输出。 我想在一个特定的(小)时间段上实现DHCP的临时块。 然而,FreeRADIUS的行为是忽略对同一个DHCP事务的重复请求,这意味着客户端上的DHCP被阻塞,直到它开始一个新的事务。 如果DHCP NAK可以发送,DHCP客户端将在每个NAK(即DHCP Discover)之后发起一个新的事务,这意味着FreeRADIUS将处理来自客户端的每个DHCP Discover,并且该块将被移除更接近期望的块时间。
Tue Jun 3 03:00:57 2014 : Debug: (3) rest : Sending HTTP GET to "http://xxxxxx//api/v1/dhcp/80%3Aea%3A96%3A2a%3Ab6%3Aaa" Tue Jun 3 03:00:57 2014 : Debug: (3) rest : Processing response header Tue Jun 3 03:00:57 2014 : Debug: (3) rest : Status : 401 (Unauthorized) Tue Jun 3 03:00:57 2014 : Debug: (3) rest : Skipping attribute processing, no body data received Tue Jun 3 03:00:57 2014 : Debug: rlm_rest (rest): Released connection (4) Tue Jun 3 03:00:57 2014 : Debug: (3) modsingle[authorize]: returned from rest (rlm_rest) for request 3 Tue Jun 3 03:00:57 2014 : Debug: (3) [rest.authorize] = fail Tue Jun 3 03:00:57 2014 : Debug: (3) } # dhcp DHCP-Discover = fail Tue Jun 3 03:00:57 2014 : Debug: (3) Finished request 3. Tue Jun 3 03:00:57 2014 : Debug: Waking up in 0.2 seconds. Tue Jun 3 03:00:58 2014 : Debug: Waking up in 4.6 seconds. Received DHCP-Discover of id 7b0fb2de from 172.19.0.9:67 to 172.19.0.12:67 Tue Jun 3 03:00:59 2014 : Debug: (3) No reply. Ignoring retransmit. Tue Jun 3 03:00:59 2014 : Debug: Waking up in 2.9 seconds. Received DHCP-Discover of id 7b0fb2de from 172.19.0.9:67 to 172.19.0.12:67 Tue Jun 3 03:01:02 2014 : Debug: (3) No reply. Ignoring retransmit. Tue Jun 3 03:01:02 2014 : Debug: Waking up in 0.4 seconds. Tue Jun 3 03:01:02 2014 : Debug: (2) Cleaning up request packet ID 2064626397 with timestamp +56 Tue Jun 3 03:01:02 2014 : Debug: Waking up in 1999991.0 seconds. Received DHCP-Discover of id 7b0fb2de from 172.19.0.9:67 to 172.19.0.12:67 Tue Jun 3 03:01:06 2014 : Debug: (3) No reply. Ignoring retransmit. Tue Jun 3 03:01:06 2014 : Debug: Waking up in 3999983.1 seconds. Received DHCP-Discover of id 7b0fb2de from 172.19.0.9:67 to 172.19.0.12:67 Tue Jun 3 03:01:15 2014 : Debug: (3) No reply. Ignoring retransmit. Tue Jun 3 03:01:15 2014 : Debug: Waking up in 7999966.3 seconds. Received DHCP-Discover of id 7b0fb2de from 172.19.0.9:67 to 172.19.0.12:67 Tue Jun 3 03:01:23 2014 : Debug: (3) No reply. Ignoring retransmit. Tue Jun 3 03:01:23 2014 : Debug: Waking up in 15999942.1 seconds.
在下面的选项#4解决scheme中,尽pipe按照DHCP NAK的方式工作,DHCP模块“记住”DHCP事务的REST授权结果。 只有当设备尝试新的事务时,DHCP模块才会再次进行REST授权调用:
Received DHCP-Discover of id 7b0fb322 from 172.19.0.9:67 to 172.19.0.12:67 Sending DHCP-NAK of id 7b0fb322 from 172.19.0.12:67 to 172.19.0.9:67 Wed Jun 4 00:31:32 2014 : Debug: Waking up in 3.5 seconds. Received DHCP-Discover of id 7b0fb322 from 172.19.0.9:67 to 172.19.0.12:67 Sending DHCP-NAK of id 7b0fb322 from 172.19.0.12:67 to 172.19.0.9:67 Wed Jun 4 00:31:35 2014 : Debug: Waking up in 0.6 seconds. Wed Jun 4 00:31:36 2014 : Debug: (4) Cleaning up request packet ID 2064626465 with timestamp +138 Wed Jun 4 00:31:36 2014 : Debug: Waking up in 1999991.0 seconds. Received DHCP-Discover of id 7b0fb322 from 172.19.0.9:67 to 172.19.0.12:67 Sending DHCP-NAK of id 7b0fb322 from 172.19.0.12:67 to 172.19.0.9:67 Wed Jun 4 00:31:40 2014 : Debug: Waking up in 3999982.8 seconds.
rest.authorize { fail = 1 } if (reject || fail) { update reply { DHCP-Message-Type = DHCP-NAK } }
好。 所以你有四个select:
src/modules/rlm_rest/rest.c中RDEBUG2("Skipping....")下方的return语句return 0 。