Using libkqueue, how stable it is with freeradius 3.x?
Alan DeKok
aland at deployingradius.com
Thu Jun 15 12:58:14 UTC 2023
On Jun 15, 2023, at 8:53 AM, work vlpl <thework.vlpl at gmail.com> wrote:
> I have a situation when I need to use freeradius as a load balancer to look inside radius packets for attributes because balancing only by IP + port not helping since each new packet from some clients arrives from new source ports (can't fix clients).
>
> Select() has a limitation in 1024 fd and during the testing I hit such a limit.
If you're using UDP, then the client source port doesn't matter. FreeRADIUS doesn't open a new socket for every UDP packet.
If you're using TCP, then don't. It's insecure.
If you're using TLS, and the server only receives one packet per connection, then the client is broken. But you have the source code to FreeRADIUS. You can add some code to close the TLS socket after the reply packet is sent.
I really don't understand why it would need more than 1024 sockets. That just makes no sense.
>> If you want to use libkqueue on Linux with v3, then either don't (the recommended approach), or use the most recent code from the git repo. The released packages of libkqueue are very old.
>
> I am compiling freeradius with 2.6.1 libkqueue, is it ok or do I need to use HEAD for the master branch?
Did I say use the packaged release, or the most recent one version from git?
Alan DeKok.
More information about the Freeradius-Users
mailing list