RADIUS Accounting Packet Processing

This article gives an explanation of how ClearBox Server processes RADIUS accounting request packets. These packets have 'Accounting-Request' type and are received on RADIUS accounting UDP port (default value is 1813 until another is set in server configuration). Read more about accounting concepts.

First, server tries to make custom packet processing if IRADIUSProcessor interface is supported by server extension. If interface is not implemented, this step is skipped.

Not only accounting packet can be custom-processed when they are received on the RADIUS accounting port. It depends on result returned by IRADIUSProcessor::CanProcessPacket. If extension can process packet with the type specified in the packet, IRADIUSProcessor::ProcessPacket is called. If extension decides that packet processing is done, it may return response packet, which is sent back to client immediately. If no packet is returned, next step is performed. Response packet MUST be returned for packets with non-standard types (other than Access-Request and Accounting-Request).

Next, realm stripping is performed if IRADIUSRealmStripping interface is supported by server extension:

First IRADIUSRealmStripping::RADIUSRealmStrip is called.
- If it returns an error or nameOK parameter is set to VARIANT_FALSE, accounting processing terminates.
- If packet proxy-forwarding is disabled ("Enable RADIUS proxy" server configuration parameter is switched off) and forwardPacket was set to VARIANT_TRUE, it's forced to be VARIANT_FALSE.
- If user name is empty after realm stripping then accounting processing terminates.

If server extension instructs server to forward packet after call to IRADIUSRealmStripping::RADIUSRealmStrip (forwardPacket parameter was set to VARIANT_TRUE) , RADIUS proxy manager is started (it is server configuration parameter), "Enable RADIUS proxy" option is on and no loop is detected in chain of servers that has forwarded the packet, it is passed to RADIUS proxy manager, terminating accounting process. (See RADIUS Packet Forwarding.)

IRADIUSAccounting::ProcessAccounting is called then, passing to server extension all attributes found in the packet . If it returns A_DISCONNECT in response to this method call, server tries to invoke INASManagement::DisconnectUser on a synchronizer object associated with a NAS from which accounting packet is received (see Synchronization process article). Note, that A_DISCONNECT return value is valid only for packets with 'Acct-Status-Type' attribute having value equal to 'Interim-Update' (3).