Both. I have committed a fix to CVS head that:
I tried to make a patch for FR-1.1.7 like that fix.
but, When it continue to receive EAP-Identity only(Dos Attack),
1) growing up memory usage of radiusd.
2) over max_sessions, growing up memory usage stopped.
it is ok.
3) but, starting
Thank you for your reply.
Alan DeKok [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
but it look like that:
When radiusd received EAP-Identify request,
eaplist_add(inst, handler) called in eap_authenticate()
in rlm_eap.c,
and the handler is allocated by eap_handler_alloc()
Alan DeKok [EMAIL PROTECTED] wrote:
Both. I have committed a fix to CVS head that:
- limits the number of sessions (2k is the default)
- expires sessions in eaplist_add()
thank you.
I will try to make a patch for FR-1.1.7.
--
GANBARE! NIPPON!
Hi,
I'm sorry that I am not good at English
because I'm Japanese...
I have a question about eap_handler.
I understand that...
if radiusd recieved EAP-Identify packet,
eap_handler is allocated and added to eaplist.
if radiusd will be not received
next EAP packet(except EAP-Identiry) forever,
Thank you for your reply.
if radiusd will be not received
next EAP packet(except EAP-Identiry) forever,
When is the eap_handler deleted from the eaplist and freed ?
See the source code. eaplist_find() will remove expired sessions
from
the list.
I found calling eaplist_find() in
If radiusd continue receiving EAP-Identiry packet only
(it is malicious attack, not many trying to login.),
is eaplist_find() called ?
No. But this doesn't matter, because EAP-Identity requests aren't
put
into the list.
Again, this is in the source code.
I'm sorry ...
but it
Hi,
I'm *sorry* that I am not good at English
because I'm Japanese.
I found memory leak(?) of 1 byte when PEAP authentication, by valgrind.
I tried fllowing patch for rlm_eap.
it look like work well.
is it corret way?
diff -urN
Hi,
I'm *sorry* that I am not good at English
because I'm Japanese
I think that it is need following patch for eaplist_find()
in rlm_eap/mem.c, FreeRADIUS 1.1.7.
if no patch, when session_head == NULL and session_tail != NULL,
add handler to TAIL in next eaplist_add().
How do you think
Thank you for your reply, Mr.DeKok.
Use 1.1.6. It has a NUMBER of bugs fixed over 1.1.0.
ok, I will consider it.
but 1.1.6 crash when it recieve SIGHUP ...
Hmmm...
I think that stopping responding in our site
is similar following reports.
2007-February/060174.html
Hi,
I'm *sorry* that I am not good at English
because I'm Japanese.
We using freeradius 1.1.0 for PEAP authentication,
and it is working well almost.
but sometime, radiusd stops responding.CPU usage is 100%.
(need to radiusd stop/start).
following is result of ps.
10 matches
Mail list logo
