diff options
| author | Ethan Everett <ethan.everett@meraki.net> | 2019-02-12 22:20:04 (GMT) |
|---|---|---|
| committer | Jouni Malinen <j@w1.fi> | 2019-12-30 17:13:51 (GMT) |
| commit | 22319c7fed8f106be05f6a7712ef405700617be3 (patch) | |
| tree | 6ff2b882c035c1ca73f6a416f0680fa5a0af65e1 /src/radius | |
| parent | 54c154d2c908a484fbb53bbdead0b70683501805 (diff) | |
| download | hostap-22319c7fed8f106be05f6a7712ef405700617be3.zip hostap-22319c7fed8f106be05f6a7712ef405700617be3.tar.gz hostap-22319c7fed8f106be05f6a7712ef405700617be3.tar.bz2 | |
RADIUS client: fix extra retry before failover
This commit changes the failover behavior of RADIUS client. Commit
27ebadccfb2 ("RADIUS client: Cease endless retry for message for
multiple servers") changed the retry logic, causing RADIUS client to
wait RADIUS_CLIENT_NUM_FAILOVER + 1 timeouts before failing over the
first time. Prior to that commit, RADIUS client would wait
RADIUS_CLIENT_NUM_FAILOVER timeouts before each failover. This was
caused by moving the entry->attempts > RADIUS_CLIENT_NUM_FAILOVER
comparison to before the retry attempt, where entry->attempts is
incremented.
The commit in question set entry->attempts in radius_change_server to 1
instead of 0, so RADIUS client would still only wait
RADIUS_CLIENT_NUM_FAILOVER timeouts for subsequent failovers, the same
as the original behavior.
This commit changes the comparison so the initial failover now happens
after waiting RADIUS_CLIENT_NUM_FAILOVER timeouts, as it did originally.
It also changes the RADIUS_CLIENT_MAX_FAILOVER comparison to prevent an
additional attempt to the primary server after the final failover.
Signed-off-by: Ethan Everett <ethan.everett@meraki.net>
Diffstat (limited to 'src/radius')
| -rw-r--r-- | src/radius/radius_client.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c index a3db404..2b7a604 100644 --- a/src/radius/radius_client.c +++ b/src/radius/radius_client.c @@ -457,7 +457,7 @@ static int radius_client_retransmit(struct radius_client_data *radius, } /* retransmit; remove entry if too many attempts */ - if (entry->accu_attempts > RADIUS_CLIENT_MAX_FAILOVER * + if (entry->accu_attempts >= RADIUS_CLIENT_MAX_FAILOVER * RADIUS_CLIENT_NUM_FAILOVER * num_servers) { wpa_printf(MSG_INFO, "RADIUS: Removing un-ACKed message due to too many failed retransmit attempts"); @@ -507,7 +507,7 @@ static void radius_client_timer(void *eloop_ctx, void *timeout_ctx) if (now.sec >= entry->next_try) { s = entry->msg_type == RADIUS_AUTH ? radius->auth_sock : radius->acct_sock; - if (entry->attempts > RADIUS_CLIENT_NUM_FAILOVER || + if (entry->attempts >= RADIUS_CLIENT_NUM_FAILOVER || (s < 0 && entry->attempts > 0)) { if (entry->msg_type == RADIUS_ACCT || entry->msg_type == RADIUS_ACCT_INTERIM) @@ -1116,7 +1116,7 @@ radius_change_server(struct radius_client_data *radius, (!auth && entry->msg_type != RADIUS_ACCT)) continue; entry->next_try = entry->first_try + RADIUS_CLIENT_FIRST_WAIT; - entry->attempts = 1; + entry->attempts = 0; entry->next_wait = RADIUS_CLIENT_FIRST_WAIT * 2; } |