[RADIATOR] [patch] AuthRADIUS "no working host to forward to" "rate-limiting"

Bjoern A. Zeeb bz-lists at cksoft.de
Mon May 3 09:22:21 CDT 2010


Hi Mike, all,

I had initially done this patch in a hurry for a pre 4.6 Radiator and
just found looking at the latest version, that the logging has changed.

To be honest I am not sure if it's a good idea to actually log
OriginalUserName and the to be forwarded request identifier if there
is no host to forward to.  While on a server with only low load it's
probably nice to have, on a heavily loaded server, you get the line
hundreds of times a second and you don't really care about the
user at all.  The best you want to know is the section ("which of the
hosts are unavail").

So what I had done was to only print it once for each AuthBy RADIUS
or subclases instance while there is no host avail to not DoS the
logfiles. I left the CachePasswords case un-"rate limited" though.

Both cases will print the Identifier, if non configured the name (RADIUS,
ROUNDROBIN, ...) to at least have some clue or "n/a" in case we cannot
figure it out at all (which should never happen).

So thinking in terms of 4.6 and OriginalUserName logging you may want
to put this under a config option maybe so it can be enabled for those
who need it only.

Regards,
/bz

--- Radiator-4.6.orig/Radius/AuthRADIUS.pm	2010-04-11 06:27:04.000000000 +0000
+++ Radiator-4.6/Radius/AuthRADIUS.pm	2010-05-03 13:55:00.000000000 +0000
@@ -150,6 +150,7 @@ sub initialize
      $self->{CacheOnNoReply} = 1; # Historical reasons
      $self->{MaxFailedRequests} = 1;
      $self->{MaxFailedGraceTime} = 0;
+    $self->{NoHostToForwardTo} = 0;
  }

  #####################################################################
@@ -803,12 +804,23 @@ sub forward
  {
      my ($self, $fp, $p) = @_;

+    my $name = $self->{Identifier};
+    # This is not particularly useful but better than nothing:
+    $name = $self->{Name} unless defined $name;
+    $name = "(n/a)" unless defined $name;
+
      my $host = $self->chooseHost($fp, $p);
+
      if ($host)
      {
  	# Make sure the host is updated with stats
  	push(@{$p->{StatsTrail}}, \%{$host->{Statistics}});

+	$self->log($main::LOG_INFO, 
+	   "AuthRADIUS $name: trying to forward to $host->{Name} again.", $p)
+	      if $self->{NoHostToForwardTo};
+	$self->{NoHostToForwardTo} = 0;
+
  	$self->sendHost($host, $fp, $p);
  	return 1;
      }
@@ -820,13 +832,15 @@ sub forward
  	if ($self->{CachePasswords})
  	{
  	    $self->log($main::LOG_INFO, 
-		       'AuthRADIUS: No response for $p->{OriginalUserName} ($fp->{Identifier}) from any RADIUS hosts, and no cached password available. Ignoring', $p)
+		       "AuthRADIUS $name: No response for $p->{OriginalUserName} ($fp->{Identifier}) from any RADIUS hosts, and no cached password available. Ignoring", $p)
  		unless $self->sendCachedReply($p);
  	}
  	else
  	{
  	    $self->log($main::LOG_INFO, 
-	       "AuthRADIUS could not find a working host to forward $p->{OriginalUserName} ($fp->{Identifier}). Ignoring", $p);
+	       "AuthRADIUS $name: could not find a working host to forward $p->{OriginalUserName} ($fp->{Identifier}). Ignoring", $p);
+	        unless $self->{NoHostToForwardTo};
+	    $self->{NoHostToForwardTo} = 1;
  	}

  	# RadiusResult tells Synchronous mode that we have


-- 
Dipl. Ing. (BA) Bjoern A. Zeeb          Research & Development
CK Software GmbH                        http://www.cksoft.de/
Schwarzwaldstr. 31                      Phone: +49 7452 889 135
D-71131 Jettingen                       Fax: +49 7452 889 136
HRB245288, Amtsgericht Stuttgart        Geschaeftsfuehrer: Christian Kratzer


More information about the radiator mailing list