[PATCH] Added configurable timeout to rlm_exec.
Philipp Hug
philipp at hug.cx
Mon Sep 24 11:32:57 CEST 2012
Hi Alan,
1) you seem to be adding this exec patch to other places where external
> execution of code takes place - eg verification of the EAP cert - was that
> intentional?
>
> Yes, this is intended. I had to change radius_exec_program function which
is used in various places.
The verification of the EAP cert is executed with the default timeout (10s)
which is exactly the same behavior as before.
- (radius_exec_program(conf->make_cert_command, NULL, 1,
+ (radius_exec_program(conf->make_cert_command, NULL, 1,
RADIUS_EXEC_DEFAULT_TIMEOUT,
> 2) it appears that you are choosing to set the value to '0' when running
> some commands in debug mode - surely not the intention (or my misreading
> of those few lines)....
>
The timeout value is ignored if exec_wait is set to zero.
>
> I agree that the timeout should be configurable.... perhaps, in an ideal
> world
> you could have a minimum and maximum. server starts with minimum value...if
> the reply doesnt happen quick enough and theres a failure, it could log
> the error
> and then incremement the value by one second...up until it reaches the
> ceiling value.
> errors messages would then alert admin to the issue and hopefully external
> systems
> fixed before the 'hard' error boundary reached (which is all we have right
> now..a hard
> boundary)
>
> I think it would be easier to have a timeout_warn and timeout_hard value
instead of dynamically changing it.
But for now, I'd prefer to just have one timeout value.
Philipp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20120924/6567527c/attachment.html>
More information about the Freeradius-Devel
mailing list