LDAP timeouts during failure conditions

Alan DeKok aland at deployingradius.com
Sat Jul 2 09:51:36 CEST 2011

Phil Mayers wrote:
> TBH I don't think it matters that much to anyone except the developers
> what the underlying processing model is - users interact with the module
> processing, string-expansion and unlang features, not the select() loop.

  Pretty much, yes.

> On that latter topic: I do wonder if we might start running into
> problems with fd_set size limitations now that "master" supports TCP
> sockets. Eduroam sites (e.g. us) using radius-over-TLS and DNS-based
> autodiscovery could, conceivably, have many tens of TCP connections open
> at any given time.

  Yes.  Other things in the server will likely need attention, too.
e.g. reading from RadSec sockets may take a lot of time, so putting that
code into a child thread would be useful.  The new RADIUS state machine
in 3.0 makes this easier, too.

> But an epoll event core is probably pretty trivial,
> given that Alan has factored the existing loop cleanly.


  Alan DeKok.

More information about the Freeradius-Devel mailing list