topic/vladg/radius is ready to be merged. It's been running at CMU for a few months with no issues.
Do you have a test trace?
Two questions for scripts/base/protocols/radius/main.bro:
I'm not sure I understand the expiration logic: is the assumption that even after expire() has expired an entry, there'll be a further message coming in for that ID and then it will be logged? In other words, I would have expected expire() to log the entry itself.
the attribute list is a vector but no other elements than the first are used?
Vlad, any trace?
What about the two questions above?
Found my trace. I need to sanitize it and will create a test for it.
For the expiration logic - you're right, expire should log the entry. I'll try to get that a test for that as well.
For the attribute list - it's a vector because technically you could have multiple entries of the same attribute type. The only place this seems to happen in the real world is for the vendor-specific type. I have some code that would deal with those types, but it requires some further work (and that won't be a base script). I'm not sure what to do in the case that other attribute types (e.g. username, calling station id, etc.) are present multiple times. It's not a violation of the RFC, so perhaps just a weird?
Sorry for the delay...
expiration logic fixed
functional and memleak btests added
It's good to go.