Thank you for your reply. Alan DeKok <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote: > > but it look like that: > > When radiusd received EAP-Identify request, > > eaplist_add(inst, handler) called in eap_authenticate() > > in rlm_eap.c, > > and the handler is allocated by eap_handler_alloc() > > in eap_handler() in eap.c. > > Hmm... OK. So long as one non-identity packet comes through, this > shouldn't be a problem. Yes, It is the problem that received malicious "EAP Identity DoS attack". > But OK, I'll look into fixing that in the next release. if possible, we want to fix that in FR 1.1.7. Which way better do you think ? - in eaplist_add(), expire the eap_handler same as eaplist_find(). or.. - if it continue to receive EAP Identity over limit number, no more add to list and ignore. (if it receive non-identity packet, reset counter). or other way ... -------------------------------------- GANBARE! NIPPON! Chance to win 50,000 Yahoo! Points! http://pr.mail.yahoo.co.jp/ganbare-nippon/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
