New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Radius Attribute 66 #209

Open
neu5ron opened this Issue Nov 12, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@neu5ron
Copy link

neu5ron commented Nov 12, 2018

Per RFC 2868 section 3.3 (https://tools.ietf.org/html/rfc2868#section-3.3) specifically the "String" section (https://tools.ietf.org/html/rfc2868#page-6)
says that the Radius attribute 66 can be an FQDN or an IP Address.

Also, you may note the Cisco doc on Attribute 66
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_radatt/configuration/xe-16/sec-usr-radatt-xe-16-book/sec-rad-att-66-tunnel.html#reference_BBF6BA0BA03045838A307FA0AE1AFD40

The current implementation for the Bro Radius protocol is an "addr". I would recommend changing it to a string.
https://github.com/bro/bro/blob/a33d2d13bfa2788593d1ba2fa2988b4496c17193/scripts/base/protocols/radius/main.bro#L88

@jsiwek

This comment has been minimized.

Copy link
Member

jsiwek commented Nov 12, 2018

Sounds right. In meantime, a workaround for users would be to add a custom Bro script that extends RADIUS::Info with a new new string field and populates it from a radius_message event handler in the same way as remote_ip, except omitting call to to_addr().

@jsiwek jsiwek added this to the 2.7 milestone Jan 11, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment