About definition of conflicting condition
Yuka K
kyuka8632 at gmail.com
Thu Apr 20 03:32:08 CEST 2017
Hello.
During fast-requesting tests on ver.3.0.13, I found the following
errors in the log.
Sun Apr 16 15:04:36 2017 : Error: Received conflicting packet from
client localhost port 30430 - ID: 0 due to unfinished request.
Giving up on old request.
All IDs were used and it returned to 0.
Both of the ID-0 packets were valid and had the same src/dst ip/port
and length, but the request authenticators and AVP(User-Name) were
different.
So, please let me ask two questions about it.
[Q1]
I thought Access-Accept was returned, but like this case, even if AVPs
are different and valid, the new one is regarded as a conflicting one.
Then, if the previous request's process is under QUEUED or RUNNING,
it's dropped.
I've read RFC 5080 about "duplicate", but I want to know the definition
of a "conflicting" packet based on RFCs, as the following is mentioned
in RFC 2865.
3.1. Packet Format
The RADIUS server can detect a duplicate request if it has the same
client source IP address and source UDP port and Identifier within
a short span of time.
4.1. Access-Request
Upon receipt of an Access-Request from a valid client, an appropriate
reply MUST be transmitted.
I was wondering if checking AVPs at least User-Name might not be bad,
or should I think conflict is included in duplication?
[Q2]
If I try to skip the duplicate/conflict check, is it OK that setting
the member "nodup" of struct rad_listen to true?
I'd appreciate it.
More information about the Freeradius-Users
mailing list