freeradius and dhcp relaying
Alan DeKok
aland at deployingradius.com
Thu Jan 13 12:03:21 CET 2011
Seppo Sandberg wrote:
> If I was inclined to create such a patch how would we begin to tackle the issue? I guess you would tell me how you would like to have it implemented?
See src/main/dhcpd.c
Look for "relay". Add a cache (hash table or rbtree) for XID, and
maybe (XID,MAC). Add entries to the cache on forward, remove entries on
reply.
As a second step, tie the entries to the REQUEST structure, so that
they get deleted when the REQUEST times out. That way you don't need to
do timeouts in the relay code, and the server isn't subject to a DoS attack.
Alan DeKok.
More information about the Freeradius-Users
mailing list