From patchwork Tue Feb 12 22:20:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ethan Everett X-Patchwork-Id: 1040884 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=meraki.net Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="RnSNAl0Q"; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=meraki.net header.i=@meraki.net header.b="XZc8n2z2"; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amazonses.com header.i=@amazonses.com header.b="E+U4TkZ2"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43zcY46J1pz9s4Z for ; Wed, 13 Feb 2019 09:20:24 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Subject:To:From :Date:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=N9hiDMboRqposaONloXkJwjv6n0NHrDxrutd6Mzot5I=; b=RnSNAl0QAUClDK SVYZ2ETdOVu7Ubv3deB45lxRCFmchZy26I8Rg99/ATS9utHwm5Etqr2ic/taEQ7oXbLMmGlYThK6G ftjlk3IyUftdAfVec2m6dcwqkPeuoP3SesjDbvy/RYPhBQjE3zGcsr7NCORJJz+gDbG9rGGnvPg3H unw6kH1q5dP7QkqWdG1Zz+HpQaQaqmJpm2dEthrwsp8r5Id8tgOUgUZZuYEensuNxpH9sSySzMt/1 8loWYSqE+xeihChoJF2fjK8ExBfr2x9nSEPZ9R84wKrAxU5V78TozraZyl6Bd2AHtHPbznctJXKgp QvCf4NhvPgr4Fr/cKhQA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gtgPT-0005rJ-Ag; Tue, 12 Feb 2019 22:20:11 +0000 Received: from a27-249.smtp-out.us-west-2.amazonses.com ([54.240.27.249]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gtgPP-000531-A6 for hostap@lists.infradead.org; Tue, 12 Feb 2019 22:20:09 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=sscako3usroq5l7uti3cewdqipcu56rj; d=meraki.net; t=1550010004; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type; bh=peEK66Qf2ZvaQMU7UyFq6MdwEBKR3ILHPSfEHjnBgAY=; b=XZc8n2z29+irTOv3xLq6fDUmRighPiUCbGZX5pAqKkrnmBQY2xSVX6jUFU/0FZda DtKa3YzXTmWiLzzwP2kfj9MqFbOUNBwVwKVLKR+VOE13Fckp+gWTf5eM3Fr/fGsMFCA 8IUkcp2RsWjWwbUnKcexSIMAwTXyopyP2FHK2Um8= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=7v7vs6w47njt4pimodk5mmttbegzsi6n; d=amazonses.com; t=1550010004; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type:Feedback-ID; bh=peEK66Qf2ZvaQMU7UyFq6MdwEBKR3ILHPSfEHjnBgAY=; b=E+U4TkZ2u9AWVNVuAxzIe4xX8x9ME1BZpuEwcrizKN4bc8MiiSM7ufWIYO3AafrL o7uVpZGkVf1GqT6utc4UG6s0eNi6H9o7MeazgIxmnKVc0hfckun+GLZEXdDJT+oMwT7 boo93LFQ4dwOGdxclud3Vc+h3d+TkKvffav94bHc= Date: Tue, 12 Feb 2019 22:20:04 +0000 From: Ethan Everett To: hostap@lists.infradead.org Subject: [PATCH] RADIUS client: fix extra retry before failover Message-ID: <01010168e3cbb385-c12f4f57-5c28-43bf-8fb1-5f963de2789a-000000@us-west-2.amazonses.com> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) X-SES-Outgoing: 2019.02.12-54.240.27.249 Feedback-ID: 1.us-west-2.DxRZOCs9DiH8lxfPkAlniueNDmTBJB7vVnRhSIlFZi0=:AmazonSES X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190212_142007_445948_D7D2B43B X-CRM114-Status: GOOD ( 11.84 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [54.240.27.249 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org This commit changes the failover behavior of RADIUS client. Commit 27ebadccfb2 ("RADIUS client: Cease endless retry for message for multiple servers") changed the retry logic, causing RADIUS client to wait RADIUS_CLIENT_NUM_FAILOVER + 1 timeouts before failing over the first time. Prior to that commit, RADIUS client would wait RADIUS_CLIENT_NUM_FAILOVER timeouts before each failover. This was caused by moving the entry->attempts > RADIUS_CLIENT_NUM_FAILOVER comparison to before the retry attempt, where entry->attempts is incremented. The commit in question set entry->attempts in radius_change_server to 1 instead of 0, so RADIUS client would still only wait RADIUS_CLIENT_NUM_FAILOVER timeouts for subsequent failovers, the same as the original behavior. This commit changes the comparison so the initial failover now happens after waiting RADIUS_CLIENT_NUM_FAILOVER timeouts, as it did originally. It also changes the RADIUS_CLIENT_MAX_FAILOVER comparison to prevent an additional attempt to the primary server after the final failover. Signed-off-by: Ethan Everett --- src/radius/radius_client.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c index a3db4048c..2b7a604ed 100644 --- a/src/radius/radius_client.c +++ b/src/radius/radius_client.c @@ -457,7 +457,7 @@ static int radius_client_retransmit(struct radius_client_data *radius, } /* retransmit; remove entry if too many attempts */ - if (entry->accu_attempts > RADIUS_CLIENT_MAX_FAILOVER * + if (entry->accu_attempts >= RADIUS_CLIENT_MAX_FAILOVER * RADIUS_CLIENT_NUM_FAILOVER * num_servers) { wpa_printf(MSG_INFO, "RADIUS: Removing un-ACKed message due to too many failed retransmit attempts"); @@ -507,7 +507,7 @@ static void radius_client_timer(void *eloop_ctx, void *timeout_ctx) if (now.sec >= entry->next_try) { s = entry->msg_type == RADIUS_AUTH ? radius->auth_sock : radius->acct_sock; - if (entry->attempts > RADIUS_CLIENT_NUM_FAILOVER || + if (entry->attempts >= RADIUS_CLIENT_NUM_FAILOVER || (s < 0 && entry->attempts > 0)) { if (entry->msg_type == RADIUS_ACCT || entry->msg_type == RADIUS_ACCT_INTERIM) @@ -1116,7 +1116,7 @@ radius_change_server(struct radius_client_data *radius, (!auth && entry->msg_type != RADIUS_ACCT)) continue; entry->next_try = entry->first_try + RADIUS_CLIENT_FIRST_WAIT; - entry->attempts = 1; + entry->attempts = 0; entry->next_wait = RADIUS_CLIENT_FIRST_WAIT * 2; }