(RADIATOR) insert errors

Jerome Fleury jerome.fleury at freesbee.net
Thu Oct 18 05:00:06 CDT 2001


--On Tuesday, October 16, 2001 09:57:17 AM +0200 Jesús M Díaz 
<jesus.diaz at telia-iberia.com> wrote:

> Hello,
>
> i had the same problem too, but whit the pair 'nas-identifier/nas-port'.
> i could solve it changing the AddQuery sentence at 'session sql' clause
> from 'insert into ...' to 'replace into ...'.
>
> the problem, as i could see, is when due an error or any other reason,
> Radiator keeps a session entry but that sessions is not real yet.
>
> regards
>
>

I don't really know if your problem is related to mine, but in our 
configuration (big ISP, about 80 requests/s) we had a lot of duplicates. To 
avoid this we patched Radiator to handle "real" duplicates.

For that, we match packets not only on packet ID, but on NAS IP and UDP 
port Number (because some hosts like Lucent TNT have multiple ID space on 
different port numbers). The patch is working perfectly.
Maybe this patch could be integrated into official release ?

Here it is for Radiator 2.18.4:

----------------------8X cut here 8X--------------------------
*** Radius/Client.pm.old	Wed Oct  3 15:28:46 2001
--- Radius/Client.pm	Wed Oct  3 15:27:55 2001
***************
*** 6,21 ****
  # Name    the host name the Client was created with
  # Host    Packed host address of the client
  #
  # In order to detect duplicate arrivals, we keep an array
! # of arrivals ($self->{RecentIdentifiers})indexed by the Radius packet
! # identifier (8 bits), concatenated with the packet type code.
  # (The packet code is used because some NASs use different packet
  # sequences for different request types)
  # The value stored in each element of the array is the time
! # we last received
! # a packet with that identifier from this client.
! # If the time interval is
! # less than DupInterval, the packet is assumed to be
  # duplicate, and is ignored
  #
  # Author: Mike McCauley (mikem at open.com.au)
--- 6,23 ----
  # Name    the host name the Client was created with
  # Host    Packed host address of the client
  #
+ # Patch by b.grange at libertysurf.fr (the old code did not use the IP 
address):
  # In order to detect duplicate arrivals, we keep an array
! # of arrivals ($self->{RecentIdentifiers})indexed by
! # the IP address of the host that sent the request,
! # the UDP port number (some hosts like Lucent TNT have multiple ID space
! # on different port numbers), the Radius packet identifier (8 bits),
! # concatenated with the packet type code.
  # (The packet code is used because some NASs use different packet
  # sequences for different request types)
  # The value stored in each element of the array is the time
! # we last received a packet with that identifier from this client.
! # If the time interval is less than DupInterval, the packet is assumed to 
be
  # duplicate, and is ignored
  #
  # Author: Mike McCauley (mikem at open.com.au)
***************
*** 307,313 ****
  	    # accounting where the Acct-Delay-Time has changed, because
  	    # the identifier will also have changed. Gag.
  	    if (!$self->{NoIgnoreDuplicates}{$code}
! 		&& $self->{RecentIdentifiers}->{$nas_id . $code}[$p->identifier]
  		> ($p->{RecvTime} - $self->{DupInterval}))
  	    {
  		if (!$is_reboot)
--- 309,315 ----
  	    # accounting where the Acct-Delay-Time has changed, because
  	    # the identifier will also have changed. Gag.
  	    if (!$self->{NoIgnoreDuplicates}{$code}
! 		&& $self->{RecentIdentifiers}->{$p->{RecvFrom} . $code}[$p->identifier]
  		> ($p->{RecvTime} - $self->{DupInterval}))
  	    {
  		if (!$is_reboot)
***************
*** 314,320 ****
  		{
  		    # Its a duplicate, log it and ignore it
  		    my $id = $p->identifier;
! 		    &main::log($main::LOG_INFO, "Duplicate request id $id received from 
$nas_id: ignored");
  		    $self->{Statistics}{radiusServDupAccessRequests}++,
  		    $main::statistics{radiusAuthServTotalDupAccessRequests}++
  			if $code eq 'Access-Request';
--- 316,326 ----
  		{
  		    # Its a duplicate, log it and ignore it
  		    my $id = $p->identifier;
! 		    my ($udpPort, $udpAddr) = Socket::unpack_sockaddr_in($p->{RecvFrom}
! );	
! 		    my ($udpAddrPrint) = Socket::inet_ntoa($udpAddr);
!
! 		    &main::log($main::LOG_INFO, "Duplicate request id $id received from 
$udpAddrPrint($udpPort): ignored");
  		    $self->{Statistics}{radiusServDupAccessRequests}++,
  		    $main::statistics{radiusAuthServTotalDupAccessRequests}++
  			if $code eq 'Access-Request';
***************
*** 327,333 ****
  	    else
  	    {
  		# its not a dup, save the id for later dup checking
! 		$self->{RecentIdentifiers}->{$nas_id . $code}[$p->identifier]
  		    = $p->{RecvTime};

  		# Call the PreHandlerHook, if there is one
--- 333,339 ----
  	    else
  	    {
  		# its not a dup, save the id for later dup checking
! 		$self->{RecentIdentifiers}->{$p->{RecvFrom} . $code}[$p->identifier]
  		    = $p->{RecvTime};

  		# Call the PreHandlerHook, if there is one
----------------------8X cut here 8X--------------------------
--
Jerome Fleury	Freesbee/LibertySurf/WC
Network Team	Tel/Fax: +33 1 45082314
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20011018/2fbe1e17/attachment.bin>


More information about the radiator mailing list