freeradius and dhcp relaying

Alan DeKok aland at deployingradius.com
Thu Jan 13 12:36:41 CET 2011


Phil Mayers wrote:
> What's the rationale for keeping state?

  Some security, IIRC.

> I was under the impression that
> DHCP relays could be stateless. Since you can chain relays, but replies
> go straight back to the first one (via the giaddr field)

  Yes.  The ISC DHCP relay code doesn't store any state.  But there *is*
logic to add/delete relay options, and to check the giaddr field...

  That would need to be added, at least.

  For our purposes, storing state would allow us to know where to send
the reply.  The ISC server walks through it's list of interfaces for
every reply.  This is simple, but it would be safer to maintain state.

  Alan DeKok.



More information about the Freeradius-Users mailing list