Bug #889
[eap_radius] AcctSessionId string len too small.
Description
AcctSessionId only have 16 bytes,It will make my server problem when iks_sa_id > 10000.
I have some strange log in my server: {"Cat":"error","Time":"2015-03-12T20:12:30+08:00","Data":["[radius.Accounting Update] connId 1425699257-9714 username luxxx do not have any data transfer"]} {"Cat":"error","Time":"2015-03-12T20:51:16+08:00","Data":["[radius.Accounting Update] connId 1425699257-9827 username Jhxxx do not have any data transfer"]} {"Cat":"error","Time":"2015-03-12T21:12:44+08:00","Data":["[radius.Accounting Update] connId 1425699257-9794 toIncr less 0, in:1504801 out:1948369 last:4576575"]} {"Cat":"error","Time":"2015-03-12T22:13:30+08:00","Data":["[radius.AccountingRequest start] connId 1425699257-1000 exist"]} {"Cat":"error","Time":"2015-03-12T22:13:35+08:00","Data":["[radius.Accounting Update] connId 1425699257-1000 username not match get: 6ixxx save: Pfxxx"]} {"Cat":"error","Time":"2015-03-12T22:13:40+08:00","Data":["[radius.Accounting Update] connId 1425699257-1000 username not match get: 6ixxx save: Pfxxx"]} {"Cat":"error","Time":"2015-03-12T22:13:45+08:00","Data":["[radius.Accounting Update] connId 1425699257-1000 username not match get: 6ixxx save: Pfxxx"]}
please look at
https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/eap_radius/eap_radius_accounting.c#L102
https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/eap_radius/eap_radius_accounting.c#L297
https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/eap_radius/eap_radius_accounting.c#L488
Associated revisions
History
#1 Updated by bronze man over 5 years ago
{"Cat":"error","Time":"2015-03-12T20:12:30+08:00","Data":["[radius.Accounting Update] connId 1425699257-9714 username luxxx do not have any data transfer"]}
{"Cat":"error","Time":"2015-03-12T20:51:16+08:00","Data":["[radius.Accounting Update] connId 1425699257-9827 username Jhxxx do not have any data transfer"]}
{"Cat":"error","Time":"2015-03-12T21:12:44+08:00","Data":["[radius.Accounting Update] connId 1425699257-9794 toIncr less 0, in:1504801 out:1948369 last:4576575"]}
{"Cat":"error","Time":"2015-03-12T22:13:30+08:00","Data":["[radius.AccountingRequest start] connId 1425699257-1000 exist"]}
{"Cat":"error","Time":"2015-03-12T22:13:35+08:00","Data":["[radius.Accounting Update] connId 1425699257-1000 username not match get: 6ixxx save: Pfxxx"]}
{"Cat":"error","Time":"2015-03-12T22:13:40+08:00","Data":["[radius.Accounting Update] connId 1425699257-1000 username not match get: 6ixxx save: Pfxxx"]}
{"Cat":"error","Time":"2015-03-12T22:13:45+08:00","Data":["[radius.Accounting Update] connId 1425699257-1000 username not match get: 6ixxx save: Pfxxx"]}
#2 Updated by Martin Willi over 5 years ago
- Tracker changed from Issue to Bug
- Category set to libcharon
- Status changed from New to Closed
- Assignee set to Martin Willi
- Target version set to 5.3.0
- Resolution set to Fixed
I've increased the buffer size to 24 bytes with the referenced commit.
Regards
Martin
eap-radius: Increase Acct-Session-ID string buffer
As the startup timestamp needs 10 characters, we only have left 4 characters
for the IKE_SA unique identifier. This is insufficient when having 10000 IKE_SAs
or more established, resulting in non-unique session identifiers.
Fixes #889.