Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-01-31 09:14:03 -05:00
Code Issues Projects Releases Wiki Activity

RADIUS client: fix extra retry before failover

Browse Source 
This commit changes the failover behavior of RADIUS client. Commit
27ebadccfb ("RADIUS client: Cease endless retry for message for
multiple servers") changed the retry logic, causing RADIUS client to
wait RADIUS_CLIENT_NUM_FAILOVER + 1 timeouts before failing over the
first time. Prior to that commit, RADIUS client would wait
RADIUS_CLIENT_NUM_FAILOVER timeouts before each failover. This was
caused by moving the entry->attempts > RADIUS_CLIENT_NUM_FAILOVER
comparison to before the retry attempt, where entry->attempts is
incremented.

The commit in question set entry->attempts in radius_change_server to 1
instead of 0, so RADIUS client would still only wait
RADIUS_CLIENT_NUM_FAILOVER timeouts for subsequent failovers, the same
as the original behavior.

This commit changes the comparison so the initial failover now happens
after waiting RADIUS_CLIENT_NUM_FAILOVER timeouts, as it did originally.
It also changes the RADIUS_CLIENT_MAX_FAILOVER comparison to prevent an
additional attempt to the primary server after the final failover.

Signed-off-by: Ethan Everett <ethan.everett@meraki.net>
This commit is contained in:
Ethan Everett 2019-02-12 22:20:04 +00:00 committed by Jouni Malinen
parent 54c154d2c9
commit 22319c7fed
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/radius/radius_client.c
View File

@ -457,7 +457,7 @@ static int radius_client_retransmit(struct radius_client_data *radius,
} }
/* retransmit; remove entry if too many attempts */ /* retransmit; remove entry if too many attempts */
if (entry->accu_attempts > RADIUS_CLIENT_MAX_FAILOVER * if (entry->accu_attempts >= RADIUS_CLIENT_MAX_FAILOVER *
RADIUS_CLIENT_NUM_FAILOVER * num_servers) { RADIUS_CLIENT_NUM_FAILOVER * num_servers) {
wpa_printf(MSG_INFO, wpa_printf(MSG_INFO,
"RADIUS: Removing un-ACKed message due to too many failed retransmit attempts"); "RADIUS: Removing un-ACKed message due to too many failed retransmit attempts");
@ -507,7 +507,7 @@ static void radius_client_timer(void *eloop_ctx, void *timeout_ctx)
if (now.sec >= entry->next_try) { if (now.sec >= entry->next_try) {
s = entry->msg_type == RADIUS_AUTH ? radius->auth_sock : s = entry->msg_type == RADIUS_AUTH ? radius->auth_sock :
radius->acct_sock; radius->acct_sock;
if (entry->attempts > RADIUS_CLIENT_NUM_FAILOVER || if (entry->attempts >= RADIUS_CLIENT_NUM_FAILOVER ||
(s < 0 && entry->attempts > 0)) { (s < 0 && entry->attempts > 0)) {
if (entry->msg_type == RADIUS_ACCT || if (entry->msg_type == RADIUS_ACCT ||
entry->msg_type == RADIUS_ACCT_INTERIM) entry->msg_type == RADIUS_ACCT_INTERIM)
@ -1116,7 +1116,7 @@ radius_change_server(struct radius_client_data *radius,
(!auth && entry->msg_type != RADIUS_ACCT)) (!auth && entry->msg_type != RADIUS_ACCT))
continue; continue;
entry->next_try = entry->first_try + RADIUS_CLIENT_FIRST_WAIT; entry->next_try = entry->first_try + RADIUS_CLIENT_FIRST_WAIT;
entry->attempts = 1; entry->attempts = 0;
entry->next_wait = RADIUS_CLIENT_FIRST_WAIT * 2; entry->next_wait = RADIUS_CLIENT_FIRST_WAIT * 2;
} }