[RADIATOR] [patch] AuthRADIUS "no working host to forward to" "rate-limiting"
Bjoern A. Zeeb
bz-lists at cksoft.de
Wed Jun 2 04:25:29 CDT 2010
On Mon, 3 May 2010, Bjoern A. Zeeb wrote:
Hi Mike,
any comments on that?
> Hi Mike, all,
>
> I had initially done this patch in a hurry for a pre 4.6 Radiator and
> just found looking at the latest version, that the logging has changed.
>
> To be honest I am not sure if it's a good idea to actually log
> OriginalUserName and the to be forwarded request identifier if there
> is no host to forward to. While on a server with only low load it's
> probably nice to have, on a heavily loaded server, you get the line
> hundreds of times a second and you don't really care about the
> user at all. The best you want to know is the section ("which of the
> hosts are unavail").
>
> So what I had done was to only print it once for each AuthBy RADIUS
> or subclases instance while there is no host avail to not DoS the
> logfiles. I left the CachePasswords case un-"rate limited" though.
>
> Both cases will print the Identifier, if non configured the name (RADIUS,
> ROUNDROBIN, ...) to at least have some clue or "n/a" in case we cannot
> figure it out at all (which should never happen).
>
> So thinking in terms of 4.6 and OriginalUserName logging you may want
> to put this under a config option maybe so it can be enabled for those
> who need it only.
>
> Regards,
> /bz
>
> --- Radiator-4.6.orig/Radius/AuthRADIUS.pm 2010-04-11 06:27:04.000000000 +0000
> +++ Radiator-4.6/Radius/AuthRADIUS.pm 2010-05-03 13:55:00.000000000 +0000
> @@ -150,6 +150,7 @@ sub initialize
> $self->{CacheOnNoReply} = 1; # Historical reasons
> $self->{MaxFailedRequests} = 1;
> $self->{MaxFailedGraceTime} = 0;
> + $self->{NoHostToForwardTo} = 0;
> }
>
> #####################################################################
> @@ -803,12 +804,23 @@ sub forward
> {
> my ($self, $fp, $p) = @_;
>
> + my $name = $self->{Identifier};
> + # This is not particularly useful but better than nothing:
> + $name = $self->{Name} unless defined $name;
> + $name = "(n/a)" unless defined $name;
> +
> my $host = $self->chooseHost($fp, $p);
> +
> if ($host)
> {
> # Make sure the host is updated with stats
> push(@{$p->{StatsTrail}}, \%{$host->{Statistics}});
>
> + $self->log($main::LOG_INFO,
> + "AuthRADIUS $name: trying to forward to $host->{Name} again.", $p)
> + if $self->{NoHostToForwardTo};
> + $self->{NoHostToForwardTo} = 0;
> +
> $self->sendHost($host, $fp, $p);
> return 1;
> }
> @@ -820,13 +832,15 @@ sub forward
> if ($self->{CachePasswords})
> {
> $self->log($main::LOG_INFO,
> - 'AuthRADIUS: No response for $p->{OriginalUserName} ($fp->{Identifier}) from any RADIUS hosts, and no cached password available. Ignoring', $p)
> + "AuthRADIUS $name: No response for $p->{OriginalUserName} ($fp->{Identifier}) from any RADIUS hosts, and no cached password available. Ignoring", $p)
> unless $self->sendCachedReply($p);
> }
> else
> {
> $self->log($main::LOG_INFO,
> - "AuthRADIUS could not find a working host to forward $p->{OriginalUserName} ($fp->{Identifier}). Ignoring", $p);
> + "AuthRADIUS $name: could not find a working host to forward $p->{OriginalUserName} ($fp->{Identifier}). Ignoring", $p);
> + unless $self->{NoHostToForwardTo};
> + $self->{NoHostToForwardTo} = 1;
> }
>
> # RadiusResult tells Synchronous mode that we have
>
>
>
--
Dipl. Ing. (BA) Bjoern A. Zeeb Research & Development
CK Software GmbH http://www.cksoft.de/
Schwarzwaldstr. 31 Phone: +49 7452 889 135
D-71131 Jettingen Fax: +49 7452 889 136
HRB245288, Amtsgericht Stuttgart Geschaeftsfuehrer: Christian Kratzer
More information about the radiator
mailing list