Inner tunnel external proxy fails under stress due to zero vectors
Alan DeKok
aland at deployingradius.com
Tue Dec 20 15:39:08 CET 2011
Brian Julin wrote:
> After a long dig through the debugs, finally I noticed from
> a packet dump that packets with 0x00 vectors were hitting
> the wire, and when IDs were recycled that of course results
> in false "duplicates" (as well as the other crypto-related
> issues with that.)
Oops.
> ...however this seems to be just what is happening. In fact, if
> above that I change:
...
> ...then the setup passes stress testing just fine.
>
> Trouble is I'm not sure if there are ramifications to doing that...
Pretty much nothing. The only code which uses the vector is the code
which sends/receives packets.
I'll commit a fix.
Alan DeKok.
More information about the Freeradius-Users
mailing list