About definition of conflicting condition

Yuka K kyuka8632 at gmail.com
Thu Apr 20 03:32:08 CEST 2017


Hello.
During fast-requesting tests on ver.3.0.13, I found the following
errors in the log.

Sun Apr 16 15:04:36 2017 : Error: Received conflicting packet from
client localhost port 30430 - ID: 0 due to unfinished request.
Giving up on old request.

All IDs were used and it returned to 0.
Both of the ID-0 packets were valid and had the same src/dst ip/port
and length, but the request authenticators and AVP(User-Name) were
different.
So, please let me ask two questions about it.

[Q1]
I thought Access-Accept was returned, but like this case, even if AVPs
are different and valid, the new one is regarded as a conflicting one.
Then, if the previous request's process is under QUEUED or RUNNING,
it's dropped.

I've read RFC 5080 about "duplicate", but I want to know the definition
of a "conflicting" packet based on RFCs, as the following is mentioned
in RFC 2865.

  3.1.  Packet Format
  The RADIUS server can detect a duplicate request if it has the same
  client source IP address and source UDP port and Identifier within
  a short span of time.

  4.1.  Access-Request
  Upon receipt of an Access-Request from a valid client, an appropriate
  reply MUST be transmitted.

I was wondering if checking AVPs at least User-Name might not be bad,
or should I think conflict is included in duplication?

[Q2]
If I try to skip the duplicate/conflict check, is it OK that setting
the member "nodup" of struct rad_listen to true?

I'd appreciate it.


More information about the Freeradius-Users mailing list