Handing out duplicate IP addresses

Alan DeKok aland at deployingradius.com
Mon Jan 19 14:54:01 CET 2009

tnt at kalik.net wrote:
> When multiple threads ask for an IP at the same time it is possible for
> same IP to be issued to different users. That's because allocate-find
> works 10 or more times faster than allocate-update. There is a chance
> that several allocate-finds will complete before first allocate-update
> makes the IP unavailable.

  But the whole thing *should* be wrapped in a transactional block.  See
the source code to rlm_sqlippool.

  If mysql doesn't respect transactional boundaries, that's another issue.

> I think that best thing to do is to prevent subsequent updates by
> altering the allocate-update (adding "AND expiry_time IS NULL" at the
> end should do it). That way only first one will update the row while
> others will fail (update 0 rows). It should be possible for logic to
> detect that no rows were updated and fail the module.

  OK.  I've added that to the default MySQL query.

  I'd like to know if this is a problem for Postgresql, too.

  Alan DeKok.

More information about the Freeradius-Users mailing list