[RADIATOR] [patch] AuthRADIUS "no working host to forward to" "rate-limiting"
Bjoern A. Zeeb
bz-lists at cksoft.de
Mon May 3 09:22:21 CDT 2010
Hi Mike, all,
I had initially done this patch in a hurry for a pre 4.6 Radiator and
just found looking at the latest version, that the logging has changed.
To be honest I am not sure if it's a good idea to actually log
OriginalUserName and the to be forwarded request identifier if there
is no host to forward to. While on a server with only low load it's
probably nice to have, on a heavily loaded server, you get the line
hundreds of times a second and you don't really care about the
user at all. The best you want to know is the section ("which of the
hosts are unavail").
So what I had done was to only print it once for each AuthBy RADIUS
or subclases instance while there is no host avail to not DoS the
logfiles. I left the CachePasswords case un-"rate limited" though.
Both cases will print the Identifier, if non configured the name (RADIUS,
ROUNDROBIN, ...) to at least have some clue or "n/a" in case we cannot
figure it out at all (which should never happen).
So thinking in terms of 4.6 and OriginalUserName logging you may want
to put this under a config option maybe so it can be enabled for those
who need it only.
Regards,
/bz
--- Radiator-4.6.orig/Radius/AuthRADIUS.pm 2010-04-11 06:27:04.000000000 +0000
+++ Radiator-4.6/Radius/AuthRADIUS.pm 2010-05-03 13:55:00.000000000 +0000
@@ -150,6 +150,7 @@ sub initialize
$self->{CacheOnNoReply} = 1; # Historical reasons
$self->{MaxFailedRequests} = 1;
$self->{MaxFailedGraceTime} = 0;
+ $self->{NoHostToForwardTo} = 0;
}
#####################################################################
@@ -803,12 +804,23 @@ sub forward
{
my ($self, $fp, $p) = @_;
+ my $name = $self->{Identifier};
+ # This is not particularly useful but better than nothing:
+ $name = $self->{Name} unless defined $name;
+ $name = "(n/a)" unless defined $name;
+
my $host = $self->chooseHost($fp, $p);
+
if ($host)
{
# Make sure the host is updated with stats
push(@{$p->{StatsTrail}}, \%{$host->{Statistics}});
+ $self->log($main::LOG_INFO,
+ "AuthRADIUS $name: trying to forward to $host->{Name} again.", $p)
+ if $self->{NoHostToForwardTo};
+ $self->{NoHostToForwardTo} = 0;
+
$self->sendHost($host, $fp, $p);
return 1;
}
@@ -820,13 +832,15 @@ sub forward
if ($self->{CachePasswords})
{
$self->log($main::LOG_INFO,
- 'AuthRADIUS: No response for $p->{OriginalUserName} ($fp->{Identifier}) from any RADIUS hosts, and no cached password available. Ignoring', $p)
+ "AuthRADIUS $name: No response for $p->{OriginalUserName} ($fp->{Identifier}) from any RADIUS hosts, and no cached password available. Ignoring", $p)
unless $self->sendCachedReply($p);
}
else
{
$self->log($main::LOG_INFO,
- "AuthRADIUS could not find a working host to forward $p->{OriginalUserName} ($fp->{Identifier}). Ignoring", $p);
+ "AuthRADIUS $name: could not find a working host to forward $p->{OriginalUserName} ($fp->{Identifier}). Ignoring", $p);
+ unless $self->{NoHostToForwardTo};
+ $self->{NoHostToForwardTo} = 1;
}
# RadiusResult tells Synchronous mode that we have
--
Dipl. Ing. (BA) Bjoern A. Zeeb Research & Development
CK Software GmbH http://www.cksoft.de/
Schwarzwaldstr. 31 Phone: +49 7452 889 135
D-71131 Jettingen Fax: +49 7452 889 136
HRB245288, Amtsgericht Stuttgart Geschaeftsfuehrer: Christian Kratzer
More information about the radiator
mailing list