"Alan DeKok" <aland@nitros9.org> wrote:
I'm using freeradius 1.1.1 and trying to performance test it using as client the 'radclient' utility program. I have been experiencing some problems when load testing it since freeradius was responding in some cases responding to the client with old (already sent) responses when in fact the request was different (Attribute-wise at least).
The server shouldn't do that. The request authenticators are different, so the requests should be treated as different.
I have traced (ethereal) the requests I'm sending and only 256 are actually unique. Thereafter they are repeated over and over throughout the requests provided in the input file. It seems like the IDs are being reused.
I might be mistaken but one odd thing is that I see a comment in the code saying that if a request has already been used then it needs to make sure that the Authenticator value is unique. However I don't see that happening in the code actually ('radclient.c', function 'request_free'):
Look at the rest of the code. See send_one_packet(), which creates a unique vector.
I agree there it's were the "vector" is set (by invoking the MD5 library) however, I don't see where that "vector" is made random for every request. Again I might be mistaken but the end result is what I described above, that the same request ID gets the exact same Authenticator value. The reasons why in many instances I don't get a "Re-send" of an old reply is simply because it might no longer be stored in the cache hence a brand new one generated. The latter behavior is dependent on the number of messages allowed in the cache and the time before they stale. I had this time set to 5 seconds and given the performance of a litle over 50 req/sec it was causing it to be right in the limit: (256req / 50req/sec ~= 5 sec). Thanks for the help. Regards, Alex.