At 10:19 AM 8/23/2001 -0700, you wrote:
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> >
> > Qinxue Chen <[EMAIL PROTECTED]> wrote:
> > > The problem seems to be that the new request has the same
> > request ID,
> > > request code, source IP, source port, but different vectors
> > (what's this?)
> >
> > It means that the request is a new one, and different from the first
> > on.
> >
> > The RFC's specifically allow for this.
> >
> > > as one of the old requests. From the problem I saw, it is
> > not caused by the
> > > NAS end. The freeradius didn't clear some old requests
> > properly in the
> > > buffer for whatever reasons. Some request IDs stayed for
> > about several
> > > hours. I am not quiet sure about the whole process in the
> > software. If Alan
> > > or Chris could explain a little bit, it will be greatly appreciated.
> >
> > There's not much to say. It looks like the server has a bug.
> >
>
>But in the software, the new requests are dropped. Yesterday I modified the
>code (radiusd.c) a little. The whole else block for the error part was got
>rid of. That means the new request would be added and processed. I run it
>the whole night without problems. I only worried about possible memory leak.
>I believed that some old requests were still in the request data. From my
>tests with the change, memory usage was fine on the box.
>
>The way to solve the problem cleanly is to identify two cases: 1) old
>requests stayed for a long time in the request data. 2) server is not fast
>enough to handle a request and a new request with the same id/code/ip/port
>comes in. Case 1) can be caused by whatever reasons like threads die. For
>case 1), a new request can replace the old one in the request data. For my
>tests, all problems fall in case 1). For case 2), the possible solutions: a.
>drop the new request b. use new request to replace the old request. From the
>performance view, there is no difference between the two solutions. Then
>for both case 1) and 2), we can do the same thing: replace the old request
>with the new one. What do you think?
No. Read the RFC. Understand how Authentication-Vector is used. Your
case1 is correct, your case2 is handled.
The reason there is a problem is old requests are for some reason not
being cleared. That's all there is, don't try and make it more complex,
it's a bug in the code, not a design flaw.
-Chris
--
\\\|||/// \ Chris Parker - Manager, Development Engineering
\ ~ ~ / \ WX *is* Wireless! \ [EMAIL PROTECTED]
| @ @ | \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\------------------------------------------------------
\ Without C we would have 'obol', 'basi', and 'pasal'
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
