Query on UDP proxy socket using freeradius version 3.0.16

saurabha badhai saurabha.badhai at gmail.com
Fri Jun 16 13:08:52 UTC 2023 

I see freeradius bind to port 0, and then OS takes care of assigning right
port, but why freeradius doesn't close the same port programmatically after
finish the request?

Few more questions,
1. Disable proxy ? How to do that, want to close socket fd w/o restarting
freeradius ?
2. Observed sometimes freeradius running as a client, open 2 different
proxy ports simultaneously to the same AAA ? When is this possible ?

Thanks,
Saurabha

On Fri, Jun 16, 2023 at 6:15 PM Alan DeKok <aland at deployingradius.com>
wrote:

> On Jun 16, 2023, at 8:35 AM, saurabha badhai <saurabha.badhai at gmail.com>
> wrote:
> > I see UDP socket is bind to port 0 which means kernel will allocate the
> > ephemeral port based on the available list.
>
>   Yes.
>
> > I am observing that the port is still in open state even though
> > after request is served. It's listed in netstat -anp command after 2
> days.
> > There is no message served by that port for last 2 days.
> >
> > *netstat -anp* output
> > udp        0      0 0.0.0.0:*26307           *0.0.0.0:*
> >      19293/radiusd
>
>   That's weird.  This is an OS issue.
>
>   i.e. FreeRADIUS tells the OS "I'm giving you port 0, so that means
> _don't_ bind to port 0, but instead to some random high port".
>
>   The OS should bind the socket to a random high port, and definitely not
> to port 0.
>
> > Below is *ss -anp* output
> > udp    UNCONN     0      0         *:26307                 *:*
> >      users:(("radiusd",pid=19293,fd=26))
> >
> > Can anyone help to answer when this socket bind to port 26307 get closed
> or
> > always in open state ? Problem here if suppose want to connect to 100
> > different AAAs, then all socket will be in open state which may not
> correct.
>
>   That port is used for outbound proxying.  If you want to close the
> port... just stop FreeRADIUS, or disable proxying.
>
>  There is no problem here.  If you run multiple servers on the same
> machine, "bind to port 0" will work for all of them.  The OS will just pick
> different (and unused) ports for each one.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/devel.html
>

More information about the Freeradius-Devel mailing list