Error: Received conflicting packet

rihad rihad at mail.ru
Sun Oct 11 12:44:33 CEST 2009


Hi, all,

Sometimes when there are too many requests from a NAS, like right after
rebooting it and thus breaking current sessions, etc., freeradius 2.1.3
under FreeBSD begins loggin many many lines like this after the NAS
re-sends unanswered packets:

Error: Received conflicting packet from client 10.10.70.94 port 1646 -
ID: 220 due to unfinished request 511166.  Giving up on old request.

I looked in src/main/event.c and found this code:

                 default:
                         gettimeofday(&when, NULL);
                         when.tv_sec -= 1;

                         /*
                          *      If the cached request was received
                          *      within the last second, then we
                          *      discard the NEW request instead of the
                          *      old one.  This will happen ONLY when
                          *      the client is severely broken, and is
                          *      sending conflicting packets very
                          *      quickly.
                          */
                         if (timercmp(&when, &request->received, <)) {
                                 radlog(L_ERR, "Discarding conflicting
packet from "
                                        "client %s port %d - ID: %d due
to recent request %d.",
                                        client->shortname,
                                        packet->src_port, packet->id,
                                        request->number);
                                 return 0;
                         }

                         received_conflicting_request(request, client);
                         ^^^
                         request = NULL;
                         break;


Our authorization/accounting happens through rlm_perl and is written in
Perl. Perhaps it's not fast enough to process many many requests in
under 1 second (when.tv_sec), but aborting the current packet instead of
the new duplicate one can hardly be justified.

Please look at the line marked with ^^^ - it's where the error is logged
and the current request is aborted, unless it was caught earlier by
"Discarding conflicting packet", in which case the _new_ duplicate
request is aborted, which is more correct.

I propose that when.tv_sec be configurable in radiusd.conf, and not
hardcoded like that.




More information about the Freeradius-Users mailing list