- 论坛徽章:
- 0
|
freenibs 一些说明, 关于安装正在查看
The possibility to send Accounting-Update packets to the RADIUS not only
on time basis but also depending upon the volume of the received or
transferred traffic (or both).
Both "update-limit-in" and "update-limit-out" parameters defaults to 0.
To set non-zero values one must do it in mpd.conf:
set radius update-limit-in X
set radius update-limit-out Y
(where X, Y - are the traffic in bytes)
Then, when the moment for the next-in-turn acct-update time comes, it is
checked whether the limits are exceedeed. If they are not exceeded,
update is not made (i.e. acct-update packets are not sent to RADIUS).
The idea of it: not to overload the RADIUS and its logs.
3) Give ppp netgraph node name like "mpd-<name>" instead of "mpd<pid>-<name>".
As the name length of netgraph node is restricted by 15 symbols, and the
standard designation ppp node consists of "mpdNNNNN-pptpXX", more than 99
nodes can not be made. Patch makes it possible to solve this problem.
4) Dropping the connection, if the RADIUS has sent vendor-specific attribute 154.
When the attribute is 0 it means the continuation of the connection, when it
is set to 1 -- the connection should be dropped. The following lines should
be added to the dictionary.mpd (VENDOR mpd 12341):
-----
ATTRIBUTEDrop-User154integermpd
VALUEDrop-UserNo0
VALUEDrop-UserYes1
-----
5) New function RadiusGetCurrentParams().
In the patch this function gets the Accounting-Response from the RADIUS
and marks the moment when connection should be dropped ("Drop-User = Yes"
attribute arrival).
Hence, any developer may write additional code to this function to catch
the reception of attributes she is interested with.
The function RadiusGetParams() from the original mpd is used during
the (re-)initialization phase only.
3. Mini - How-To
1) Update limits
This option may be interesting for those who use the tarification of the traffic.
When update limits are non-zero a comparatively little time interval
for acct-update can be configured and the required "update-limit-[in]|[out]"
established. Internal statistics in mpd works once a minute in any case.
That's why, if the line
set radius acct-update 60
is added to mdp.conf, mpd gets practically no additional work.
The concrete limit values are certainly different for eveyone. But the
initial values from 100000 to 1000000 seem quite reasonable to me.
After that analyse the results and change the values. Up to individual limits
per link.
Hint: update limits work only when acct-update is switched on!
2) Drop-user
This option may be useful for those, who:
- limit clients' traffic, and NAS does not support attribute Session-Octets-Limit;
- use dynamic restrictions (formed, for example, by billing system):
one login for several simultaneous sessions with the limitation by
the time or/and by the traffic; in other cases when it is impossible
to determine the restrictions at the beginning of the session.
For mpd to drop the link, RADIUS must send this mere attribute with
the value "Yes". But, possibly, not the RADIUS itself, but the billing
system is responsible for the construction of such packet.
That system processes accounting packets of the three types: Start, Stop,
Update. "Stop" is of no interest in this context. "Start" employs other
determination methods to see if mpd may start the session. It is
reasonable to consider only "Update"-packets.
When the limits are reached it is quite enough to add to the packet,
meant to send the response to the RADIUS, the neccessary pair with the
operator "=". Something like:
New_Pair = Pair_Create("Drop-User", "Yes", T_OP_EQ);
Pair_Add(Pairs_To_Reply, New_Pair);
This technology was tested with freeradius-0.9.3, freenibs-0.0.3-bf3.
The latter (open-source billing system) can be found at:
http://nibs.net.ua, http://sourceforge.net/projects/nibs
The patch, allowing to form the neccessary response to the RADIUS
for the subsequent transmission to mpd daemon. And as the result to
drop the connection:
--------
--- rlm_nibs.c.origMon Apr 12 22:27:58 2004
+++ rlm_nibs.cTue Apr 13 01:01:41 2004
@@ -1139,6 +1139,8 @@
radlog(L_INFO, querystr);
if (nibs_error != NULL) free(nibs_error);
nibs_user_kill(inst, request);
+ pair = pairmake("Drop-User", "Yes", T_OP_EQ);
+ pairadd(&request->reply->vps, pair);
}
}
http://www.opennet.ru/base/net/mpd_freerdius_nibs.txt.html |
|