LDAP timeouts during failure conditions
aland at deployingradius.com
Sat Jul 2 09:51:36 CEST 2011
Phil Mayers wrote:
> TBH I don't think it matters that much to anyone except the developers
> what the underlying processing model is - users interact with the module
> processing, string-expansion and unlang features, not the select() loop.
Pretty much, yes.
> On that latter topic: I do wonder if we might start running into
> problems with fd_set size limitations now that "master" supports TCP
> sockets. Eduroam sites (e.g. us) using radius-over-TLS and DNS-based
> autodiscovery could, conceivably, have many tens of TCP connections open
> at any given time.
Yes. Other things in the server will likely need attention, too.
e.g. reading from RadSec sockets may take a lot of time, so putting that
code into a child thread would be useful. The new RADIUS state machine
in 3.0 makes this easier, too.
> But an epoll event core is probably pretty trivial,
> given that Alan has factored the existing loop cleanly.
More information about the Freeradius-Devel