FR3 Debugging Switches
Phil Mayers
p.mayers at imperial.ac.uk
Wed Oct 9 19:54:43 CEST 2013
On 09/10/13 16:36, Arran Cudbard-Bell wrote:
>
> On 9 Oct 2013, at 15:47, Alan DeKok <aland at deployingradius.com> wrote:
>
>> Adam Bishop wrote:
>>> It appears the debugging switches don't work quite as I'd expect in FreeRADIUS 3 when RadSec is configured.
>>
>> Yes. Because of OpenSSL limitations, the server MUST have multiple
>> threads when using radsec.
>
> Isn't it required for doing any RADIUS over TCP?
Perhaps architecturally, but not inherently; you could, at least in theory:
1. Receive 4-byte length
2. Sanity-check the length
3. Allocate buffer
4. Read on TCP socket non-blocking in normal select loop until you've
filled the buffer
5. Parse packet from buffer, dispatch packet
SSL presents the slight (ahem) complication of having to route the
read/write via a memory BIO and check for the "want read" / "want write"
state (same way EAP does).
So... it's almost certainly *easier* and more sanity-preserving from a
development PoV to use threads ;o)
More information about the Freeradius-Users
mailing list