Hi,
It is an issue that has been discussed previously and FreeRADIUS is
unlikely to ever do an SQL SELECT of the nas table for every inbound
packet. What may be possible is to reload the nas list at certain intervals
(from cron is the easiest) but until/unless HUP handling is improved that
is problematic for deployments that need to keep session state (ie. EAP
users). If you dont use EAP, then there is no problem doing a full restart
on a regular basis..
regular checks still would be a waste of resources most of the time (how often
do you add a NAS?). How about:
- doing the SQL query when it encounters a request from a new, unknown IP
address,
- RATE-LIMITED to once per minute or so.
That would make re-reading event-driven, and not make the server be DoS'ed
when a wave of fake requests comes in.
Not sure how difficult to implement this though...