diff --git a/debian/freeradius.logrotate b/debian/freeradius.logrotate index 74830bd2a952..72d5d27138dd 100644 --- a/debian/freeradius.logrotate +++ b/debian/freeradius.logrotate @@ -31,7 +31,7 @@ # There are different detail-rotating strategies you can use. One is # to write to a single detail file per IP and use the rotate config # below. Another is to write to a daily detail file per IP with: -# detailfile = ${radacctdir}/%{Packet-Src-IP-Address}/%Y%m%d-detail +# detailfile = ${radacctdir}/%{Net.Src.IP}/%Y%m%d-detail # (or similar) in radiusd.conf, without rotation. If you go with the # second technique, you will need another cron job that removes old # detail files. You do not need to comment out the below for method #2. diff --git a/doc/antora/modules/howto/pages/modules/sqlippool/index.adoc b/doc/antora/modules/howto/pages/modules/sqlippool/index.adoc index d378eea28eb5..c40a965fb7da 100644 --- a/doc/antora/modules/howto/pages/modules/sqlippool/index.adoc +++ b/doc/antora/modules/howto/pages/modules/sqlippool/index.adoc @@ -671,7 +671,7 @@ where this information is given in the request. . The `NAS-IP-Address` has been provided. If not then you may need to reconfigure your NAS to provide this or instantiate this attribute from -`Packet-Src-IP-Address` using an unlang policy in FreeRADIUS. Otherwise when +`Net.Src.IP` using an unlang policy in FreeRADIUS. Otherwise when the NAS reboots you will not be able to match the affected IP addresses to the device. diff --git a/doc/antora/modules/installation/pages/upgrade.adoc b/doc/antora/modules/installation/pages/upgrade.adoc index 49cc2b648298..1a776aa0665b 100644 --- a/doc/antora/modules/installation/pages/upgrade.adoc +++ b/doc/antora/modules/installation/pages/upgrade.adoc @@ -427,7 +427,7 @@ load-balance { [source,unlang] ---- -load-balance "%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}" { +load-balance "%{Net.Src.IP}" { home_server_1 home_server_2 home_server_3 @@ -438,7 +438,7 @@ load-balance "%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}" { [source,unlang] ---- -load-balance "%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}-%{Packet-Src-Port}" { +load-balance "%%{Net.Src.IP}-%{Net.Src.Port}" { home_server_1 home_server_2 home_server_3 diff --git a/doc/antora/modules/raddb/pages/mods-available/detail.adoc b/doc/antora/modules/raddb/pages/mods-available/detail.adoc index b46ecbdaa137..1a1910304213 100644 --- a/doc/antora/modules/raddb/pages/mods-available/detail.adoc +++ b/doc/antora/modules/raddb/pages/mods-available/detail.adoc @@ -115,7 +115,7 @@ NOTE: The attributes should be listed one to a line. ``` detail { - filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y-%m-%d + filename = ${radacctdir}/%{Net.Src.IP}/detail-%Y-%m-%d # filename = ${radacctdir}/detail escape_filenames = no permissions = 0600 diff --git a/doc/antora/modules/raddb/pages/mods-available/detail.log.adoc b/doc/antora/modules/raddb/pages/mods-available/detail.log.adoc index 0518f7fc7b5f..756d04d30759 100644 --- a/doc/antora/modules/raddb/pages/mods-available/detail.log.adoc +++ b/doc/antora/modules/raddb/pages/mods-available/detail.log.adoc @@ -65,25 +65,25 @@ See the example in `raddb/sites-available/default`. ``` detail auth_log { - filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y-%m-%d + filename = ${radacctdir}/%{Net.Src.IP-Address}/auth-detail-%Y-%m-%d permissions = 0600 suppress { User-Password } } detail reply_log { - filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y-%m-%d + filename = ${radacctdir}/%{Net.Src.IP}/reply-detail-%Y-%m-%d permissions = 0600 } detail pre_proxy_log { - filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y-%m-%d + filename = ${radacctdir}/%{Net.Src.IP}/pre-proxy-detail-%Y-%m-%d permissions = 0600 # suppress { # User-Password # } } detail post_proxy_log { - filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y-%m-%d + filename = ${radacctdir}/%{Net.Src.IP}/post-proxy-detail-%Y-%m-%d permissions = 0600 } ``` diff --git a/doc/antora/modules/raddb/pages/mods-available/linelog.adoc b/doc/antora/modules/raddb/pages/mods-available/linelog.adoc index c9da801986e7..297eb5c7c2df 100644 --- a/doc/antora/modules/raddb/pages/mods-available/linelog.adoc +++ b/doc/antora/modules/raddb/pages/mods-available/linelog.adoc @@ -396,9 +396,9 @@ linelog log_accounting { Start = "Connect: [%{User-Name}] (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} ip %{Framed-IP-Address})" Stop = "Disconnect: [%{User-Name}] (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} ip %{Framed-IP-Address}) %{Acct-Session-Time} seconds" Interim-Update = "" - Accounting-On = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) just came online" - Accounting-Off = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) just went offline" - unknown = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) sent unknown Acct-Status-Type %{Acct-Status-Type}" + Accounting-On = "NAS %%{Net.Src.IP} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) just came online" + Accounting-Off = "NAS %{Net.Src.IP} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) just went offline" + unknown = "NAS %{Net.Src.IP} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) sent unknown Acct-Status-Type %{Acct-Status-Type}" } } ``` diff --git a/doc/antora/modules/raddb/pages/mods-available/redis_ippool.adoc b/doc/antora/modules/raddb/pages/mods-available/redis_ippool.adoc index 888c3b262428..2aaefaa7b8e2 100644 --- a/doc/antora/modules/raddb/pages/mods-available/redis_ippool.adoc +++ b/doc/antora/modules/raddb/pages/mods-available/redis_ippool.adoc @@ -147,7 +147,7 @@ redis_ippool { owner = &Client-Hardware-Address # owner = "%{%{Client-Identifier}:-%{Client-Hardware-Address}}" # owner = "%{Vendor-Specific.ADSL-Forum.Agent-Circuit-ID} %{Calling-Station-Id}" - requested_address = "%{%{Requested-IP-Address}:-%{Packet-Src-IP-Address}}" + requested_address = "%{%{Requested-IP-Address}:-%{Net.Src.IP}}" # ipv4_integer = yes allocated_address_attr = &reply.Your-IP-Address range_attr = &reply.IP-Pool.Range diff --git a/doc/antora/modules/raddb/pages/sites-available/dynamic-clients.adoc b/doc/antora/modules/raddb/pages/sites-available/dynamic-clients.adoc index 35d78a7fee4e..90a7107901e8 100644 --- a/doc/antora/modules/raddb/pages/sites-available/dynamic-clients.adoc +++ b/doc/antora/modules/raddb/pages/sites-available/dynamic-clients.adoc @@ -270,10 +270,10 @@ server dynamic_clients { } new client { &control += { - &FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}" + &FreeRADIUS-Client-IP-Address = "%{Net.Src.IP}" &FreeRADIUS-Client-Require-MA = no &FreeRADIUS-Client-Secret = "testing123" - &FreeRADIUS-Client-Shortname = "%{Packet-Src-IP-Address}" + &FreeRADIUS-Client-Shortname = "%{Net.Src.IP}" &FreeRADIUS-Client-NAS-Type = "other" } ok diff --git a/doc/antora/modules/reference/pages/man/radmin.adoc b/doc/antora/modules/reference/pages/man/radmin.adoc index e3d713b5a7f4..1ce54aa56c86 100644 --- a/doc/antora/modules/reference/pages/man/radmin.adoc +++ b/doc/antora/modules/reference/pages/man/radmin.adoc @@ -39,7 +39,7 @@ amount of control over the server. The following command-line options are accepted by the program. -*-d config_directory*:: +*-d config_directory*:: Defaults to _/etc/raddb_. *radmin* looks here for the server configuration files to find the "listen" section that defines the control socket filename. @@ -109,7 +109,7 @@ prompt for more information. + Only one debug condition can be active at a time. -*debug condition '((User-Name == ""bob"") || (Packet-Src-IP-Address == 192.0.2.22))'*:: +*debug condition '((User-Name == ""bob"") || (Net.Src.IP == 192.0.2.22))'*:: A more complex condition that enables debugging output for requests containing User-Name "bob", or requests that originate from source IP address 192.0.2.22. diff --git a/doc/antora/modules/tutorials/pages/variables.adoc b/doc/antora/modules/tutorials/pages/variables.adoc index 25e97bd7e981..3c9d003b40c3 100644 --- a/doc/antora/modules/tutorials/pages/variables.adoc +++ b/doc/antora/modules/tutorials/pages/variables.adoc @@ -39,7 +39,7 @@ has a configuration entry named "filename", which by default has the following value: ---------------------------------------------------------------- -filename = ${radacctdir}/%{Packet-Src-IP-Address}/detail-%Y%m%d +filename = ${radacctdir}/%{Net.Src.IP}/detail-%Y%m%d ---------------------------------------------------------------- The configuration entry is composed of two kinds of variable expansion. diff --git a/man/man8/raddebug.8 b/man/man8/raddebug.8 index bab7c90e710b..7da8588b7ba3 100644 --- a/man/man8/raddebug.8 +++ b/man/man8/raddebug.8 @@ -68,7 +68,7 @@ Show debug output for the client having the given IPv4 address. This option is equivalent to using: .br .in +0.3i --c '(Packet-Src-IP-Address == ipv4-address)' +-c '(Net.Src.IP == ipv4-address)' .in -0.3i .IP "\-d \fIconfig directory\fP" The radius configuration directory, usually /etc/raddb. See the @@ -80,7 +80,7 @@ Show debug output for the client having the given IPv6 address. This option is equivalent to using: .br .in +0.3i --c '(Packet-Src-IPv6-Address == ipv6-address)' +-c '(Net.Src.IPv6 == ipv6-address)' .in -0.3i .IP \-t\ \fItimeout\fP Stop printing debug output after "timeout" seconds. The default diff --git a/redhat/freeradius-logrotate b/redhat/freeradius-logrotate index 15f842479bdc..dba48935044a 100644 --- a/redhat/freeradius-logrotate +++ b/redhat/freeradius-logrotate @@ -29,7 +29,7 @@ # There are different detail-rotating strategies you can use. One is # to write to a single detail file per IP and use the rotate config # below. Another is to write to a daily detail file per IP with: -# detailfile = ${radacctdir}/%{Packet-Src-IP-Address}/%Y%m%d-detail +# detailfile = ${radacctdir}/%{Net.Src.IP}/%Y%m%d-detail # (or similar) in radiusd.conf, without rotation. If you go with the # second technique, you will need another cron job that removes old # detail files. You do not need to comment out the below for method #2. diff --git a/scripts/logrotate/freeradius b/scripts/logrotate/freeradius index ca3ca604e7be..8746a9381198 100644 --- a/scripts/logrotate/freeradius +++ b/scripts/logrotate/freeradius @@ -33,7 +33,7 @@ # There are different detail-rotating strategies you can use. One is # to write to a single detail file per IP and use the rotate config # below. Another is to write to a daily detail file per IP with: -# detailfile = ${radacctdir}/%{Packet-Src-IP-Address}/%Y%m%d-detail +# detailfile = ${radacctdir}/%{Net.Src.IP}/%Y%m%d-detail # (or similar) in radiusd.conf, without rotation. If you go with the # second technique, you will need another cron job that removes old # detail files. You do not need to comment out the below for method #2. diff --git a/scripts/util/raddebug b/scripts/util/raddebug index 9dedc32f7927..530d8945f50d 100755 --- a/scripts/util/raddebug +++ b/scripts/util/raddebug @@ -47,14 +47,14 @@ do ;; D) extra="$extra -D $OPTARG" ;; - i) x="(Packet-Src-IP-Address == $OPTARG)" + i) x="(Net.Src.IP == $OPTARG)" if [ "$condition" = "" ]; then condition="$x" else condition="$condition && $x" fi ;; - I) x="(Packet-Src-IPv6-Address == $OPTARG)" + I) x="(Net.Src.IP == $OPTARG)" if [ "$condition" = "" ]; then condition="$x" else diff --git a/share/dictionary/freeradius/dictionary.freeradius.internal b/share/dictionary/freeradius/dictionary.freeradius.internal index e89c6256779f..d322469ba8cd 100644 --- a/share/dictionary/freeradius/dictionary.freeradius.internal +++ b/share/dictionary/freeradius/dictionary.freeradius.internal @@ -116,7 +116,7 @@ ATTRIBUTE Realm 1017 string ATTRIBUTE Acct-Session-Start-Time 1019 date ATTRIBUTE Acct-Unique-Session-Id 1020 string -# 1021 was Client-IP-Address. Just use Packet-Src-IP-Address +# 1021 was Client-IP-Address. Just use Net.Src.IP ATTRIBUTE LDAP-UserDN 1022 string ATTRIBUTE SQL-User-Name 1023 string