On 15/01/15 14:48, Matt Zagrabelny wrote:
Why do you care if the realm doesn't respond?
Cleanliness, mainly. The outstanding response consumes a radius packet ID on the proxy socket, and on the receive auth socket. On a busy NAS, the latter is likely to get re-used while waiting, resulting in: Error: Received conflicting packet from client xxx port 32770 - ID: 182 due to unfinished request 51899386. Giving up on old request That is, the NAS sent a request, ID#182, which got proxied to a blackhole realm. 15 seconds later it re-used that packet ID for something else. I'd like to eliminate sources of this message which are not local problems; then if I see the message, I know I have to investigate it. "Real" cause of this message are something to worry about. In particular, on some current equipment (cough Cisco cough) those messages might indicate you're very close to the "offered load of doom" threshold where the NAS's single radius UDP socket has >255 legitimate packet IDs in-flight and your wireless network is about to explode. (Yes, Cisco should fix this) More generally - such a mechanism would be useful for blacklisting horribly mis-configured clients before even trying to proxy them, saving a round-trip and various lookup/logging load.