Based on his other post where he's able to crash the radius
listener, I would bet the Radius
Listener has issues...
Having a quick read through his post, I'm also going to take a gamble and say that MT has not implemented the RFC properly, or completely. Will be easy to verify however. Will see about playing with this over the course of the weekend, and perhaps send off a nice detailed bug report to MT for them to fix for the next release. Considering that the Radius
Listener crashes on invalid requests, I am immediately seeing buffer overflow alarms coming up already.
It would seem to me, that there are mainly three issues involved here:
1 - MT accepts invalid requests. According to the RFC, a error code, 404 must be returned for invalid requests. MT, the RFC has a whole bunch of error return codes, I don't know what's going on in the code, but look at it please
2 - I'm going to say I'm almost certain, that when a DM is received, and not executed propperly, it's due to two issues:
2.1 - A invalid DM is sent to MT (for example, a DM packet not containing all the required information), or
2.2 - MT does not handle the disconnections / terminations of the Interface properly (my money is on both currently).
You have to remember, the MT needs to find the interface to disconnect
, based on the information you give it! If you give it incorrect information, it's not going to disconnect
the correct interface (if any). If you don't give it enough information, it's not going to find the interface to disconnect
, or worse, disconnect
the wrong interface. How more info you give it, the better chances that MT will find the interface and disconnect
Now, I'm not attacking MT here at the very least (I trust they won't see it as this), but provided that can be done, fixed, and deemed stable (which I don't see it as currently), it is going to be a brilliant feature. At this time however, I'm extremely reluctant to use it, due to problems like this.
The RFC is brief at best, the 'feature' is relatively new (Dated July, 2003), and there's not allot of support, nor information about it available because it is so new... Over time, I'm sure it will come right however.
If anyone is running this, and want to give it a try... See my post above, and try a DM using a properly formated request, giving as much information as possible. I'd say try and include all the attributes in the session-identification that MT supports.