rlm_ippool and tcp TIME_WAIT state

Phil Mayers p.mayers at imperial.ac.uk
Wed Jul 19 17:21:25 CEST 2006


Sebastien Cantos wrote:
> Phil Mayers wrote:
> 
>> It would in theory be possible to save the key from the last walk, and 
>> next time we allocate an IP start from that key and wrap back around, 
>> which would allocate IPs in a more round-robin fashion.
> 
> Yes, that should be a solution. I was more thinking of adding a parameter to
> make sure an IP is kept used in the pool for a certain amount of time after
> a disconnection and before being available for allocation. 

Good idea.

> 
> I don't know what is more easy to hack. I'm going to try using my some
> little developer skills to look at rlm_ippool.c and see what I can do. 

Your idea would be much easier, since there's code in the module to deal 
with expiry already.

You'd need to change the code in rlm_ippool.c:ippool_accounting around 
line 392 (in the CVS) to be:

entry.active = 1;
entry.timestamp = request->timestamp;
entry.timeout = 240; /* or whatever TIME_WAIT time */

...and then remove the bit further below completely:

/* Decrease allocated count from the ip index */

Be aware that, rather obviously, this will greatly increase the 
contention for IPs from the pool. If you find that a problem, you might 
need to increase the pool size or change the code in postauth (around 
line 645) to either aggressively age inactive entries, or to pass 
through again if no entries are free and force inactive the oldest one.

Good luck!



More information about the Freeradius-Users mailing list