More notes on v4
Alan DeKok
aland at deployingradius.com
Fri Oct 21 20:01:13 CEST 2016
If people are interested in super technical details of v4, some more notes are now online at:
http://wiki.freeradius.org/version4/
The v4 design allows us to have zero-copy packets from the network through to the worker thread which processes the packets. And zero-copy packets back from that to the network. The packet memory is also handled in local ring buffers, which means minimal memory allocation and freeing.
The v4 design should also allow us to have dynamic clients behind a NAT. Where each client behind the NAT has it's own shared secret, e.g. based on a Called-Station-Id. This kind of client is impossible in the v3 architecture, though people have repeatedly asked for it.
See: http://wiki.freeradius.org/version4/notes
We will also likely be able to track ongoing EAP sessions which are proxied. And skip most of the processing rules for all packets after the first one. i.e. once we determine that a session gets proxied, all packets for that session get proxied. We no longer need to examine each packet in isolation.
We should also have similar tracking for ongoing EAP sessions which are handled by the server itself. The tracking allows all packets for an EAP session to be sent to one worker thread. Which means that the OpenSSL data structures don't need mutexes, and a LOT of contention just goes away.
I've started implementing parts of the design. The "radius access-request" process logic is already in the v4.0.x branch. I've started working on the message passing code. The next step is tests for the message passing code, followed by some re-write of the network / IO layer.
When I have that working for UDP, I'm going to rip out almost all of the existing networking / processing code. Which removes a lot of functionality in the short term, but allows me to do the cleanups without worrying about integrating with existing code.
Alan DeKok.
More information about the Freeradius-Devel
mailing list