Use the Acct-Delay-Time RADIUS Attribute when Accounting

  • 4
  • Idea
  • Updated 3 years ago
  • Under Consideration
Where HiveOS is unable to send a RADIUS accounting record, it should include the Acct-Delay-Time attribute when retrying to indicate to the RADIUS server how long it has been attempting to send the record for. Presently, it does not do so.

The attribute is defined in RFC 2866. It would be great if consideration could be given to making HiveOS implement to the specification in this regard.

"5.2. Acct-Delay-Time

Description

This attribute indicates how many seconds the client has been
trying to send this record for, and can be subtracted from the
time of arrival on the server to find the approximate time of the
event generating this Accounting-Request. (Network transit time
is ignored.)"

Cheers,

Nick
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes

Posted 5 years ago

  • 4
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Thanks for the suggestion, Nick! We'll take this into consideration for potential inclusion in a future release.

For my own education, am I correct in assuming this field is basically just a timestamp of when the accounting event occurred? That's the way I interpreted the description.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
It is like a timestamp but different in that it is the number of seconds that an Accounting-Request has been delayed for relative to it occurring. It is useful when retries are sent due to an Accounting-Response not being received and does not require NTP sync to have occurred.

(When no delay is present, the Acct-Delay-Time attribute should be included with a value of 0.)

The Event-Timestamp attribute also exists for timestamping and it also should be sent in all Accounting-Request packets.

"5.3. Event-Timestamp

Description

This attribute is included in an Accounting-Request packet to
record the time that this event occurred on the NAS, in seconds
since January 1, 1970 00:00 UTC."

There is another related behaviour in HiveOS:

The Event-Timestamp attribute is only sent by HiveOS on the Interim-Update and Stop types of Accounting-Request packets, but not the Start, Accounting-On and Accounting-Off types.

It would be great if including that on all forms of Accounting-Request packet could be considered too.

Thanks Mike! :)
(Edited)
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Just noticed that this is still marked as under consideration and I had not closed the loop on this.

Usage of the Acct-Delay-Time attribute was implemented in HiveOS 6.6r1. (This was not mentioned in the release notes so I thought that I would mention it here.)

Thanks all! :)

There is an edge case bug in the code where the value for this attribute is incorrectly calculated against the system clock rather than a monotonic timer so it is vulnerable to shifts. I am quite sure that this will get resolved in a future update.

Demonstrating this edge case... In the screenshots below from Wireshark, we can see a bogus Acct-Delay-Time value being accounted with when the retry occurs. NTP sync occurs between initial send and the retry but this capture does not show this.
(The retry also occurs prematurely, 'immediately' after NTP sync.)



(Edited)