add headings for accountng, and add docs for timeout section

diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/default.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/default.adoc
index d0d1c83720ab997b7412094d809869d421625f95..13e60b6950c21a91ac546fdf083202a2e79cd228 100644 (file)
--- a/doc/antora/modules/reference/pages/raddb/sites-available/default.adoc
+++ b/doc/antora/modules/reference/pages/raddb/sites-available/default.adoc
@@ -1139,7 +1139,7 @@ authenticate digest {
 
 ```
 
-## PAM (Pluggable Authentication Modules) Authentication
+### PAM (Pluggable Authentication Modules) Authentication
 
 Authenticate with PAM (Pluggable Authentication Modules).
 
@@ -1177,7 +1177,7 @@ authenticate ldap {
 
 ```
 
-EAP Authentication
+### EAP Authentication
 
 For EAP-MD5, EAP-MSCHAP, EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-PWD, etc.
 
@@ -1516,7 +1516,7 @@ longer automatic as it was in version 3.
 
 ```
 
-Accounting
+## Accounting
 
 
 This section deals with receiving Accounting requests and
@@ -1524,6 +1524,8 @@ sending Accounting responses.
 
 
 
+### Receive Accounting-Request packets
+
 An Accounting-Request packet has been received. Decide which
 accounting type to use.
 
@@ -1567,7 +1569,9 @@ then process the `send Accounting-Response` section
 
 
 
-Session start
+## Sections for Acct-Status-Type
+
+### Session start
 
 ```
 accounting Start {
@@ -1594,7 +1598,7 @@ it is available for all the accounting sections.
 
 ```
 
-Session stop
+### Session stop
 
 ```
 accounting Stop {
@@ -1632,7 +1636,7 @@ Return an address to the IP Pool when we see a stop record.
 
 ```
 
-Session is still alive
+### Session is still alive
 
 ```
 accounting Interim-Update {
@@ -1653,7 +1657,7 @@ Refresh leases when we see an alive.
 
 ```
 
-The NAS has just booted up.
+### The NAS has just booted up.
 
 ```
 accounting Accounting-On {
@@ -1674,7 +1678,7 @@ Return all addresses related to this NAS to the IP Pool
 
 ```
 
-The NAS is about to go down
+### The NAS is about to shut down
 
 ```
 accounting Accounting-Off {
@@ -1695,7 +1699,7 @@ Return all addresses related to this NAS to the IP Pool
 
 ```
 
-Session failed to do something
+### The user session failed in some way
 
 ```
 accounting Failed {
@@ -1717,7 +1721,7 @@ Some vendors also define their own values, which is a very bad idea.
 
 
 
-Send Accounting-Response.
+### Send Accounting-Response.
 
 Log the accounting data before replying. If logging fails then
 the reply will not be sent, which means the NAS will send the
@@ -1766,6 +1770,44 @@ Filter attributes from the accounting response.
 ```
        attr_filter.accounting_response
 }
+
+```
+
+## Timeouts
+
+A virtual server can have a `timeout` section.  The format and
+contents are the same as the `timeout` keyword.
+
+This section limits the total processing time for a request.  The
+values given here should be less than `max_request_time`.
+
+When a request reaches `max_request_time`, it is forcibly stopped.
+No further processing takes place.
+
+When a request reaches the time specified in this `timeout` section,
+all normal processing is stopped.  The `timeout` section is then run.
+
+This configuration allows the server to take action when a request
+is taking too long.  For example, it could write a failure message
+to a log file.
+
+The `timeout` section can contain any `unlang` keyword, including
+`call`, and other `timeout` sections.  If you need to have a
+"timeout for the timeout", then just add anoither `timeout` section
+inside of this one.
+
+Note that `max_request_time` still applies.  So the timeout value
+given here should be less than the value given by
+`max_request_time`.
+
+
+
+```
+#      timeout 10s {
+#              do_logging_here
+#              ...
+#      }
+
 }
 ```
 

diff --git a/raddb/sites-available/default b/raddb/sites-available/default
index 4724ed92140ffcf5cc07b7c0ad7309502a472561..77f7fb7a87915bd7a52bc9772245486157fc0176 100644 (file)
--- a/raddb/sites-available/default
+++ b/raddb/sites-available/default
@@ -1009,7 +1009,7 @@ authenticate digest {
 }
 
 #
-#  ## PAM (Pluggable Authentication Modules) Authentication
+#  ### PAM (Pluggable Authentication Modules) Authentication
 #
 #  Authenticate with PAM (Pluggable Authentication Modules).
 #
@@ -1043,7 +1043,7 @@ authenticate ldap {
 }
 
 #
-#  EAP Authentication
+#  ### EAP Authentication
 #
 #  For EAP-MD5, EAP-MSCHAP, EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-PWD, etc.
 #
@@ -1331,7 +1331,7 @@ send Access-Reject {
 
 ######################################################################
 #
-#  Accounting
+#  ## Accounting
 #
 #
 #  This section deals with receiving Accounting requests and
@@ -1339,6 +1339,8 @@ send Access-Reject {
 #
 ######################################################################
 
+#
+#  ### Receive Accounting-Request packets
 #
 #  An Accounting-Request packet has been received. Decide which
 #  accounting type to use.
@@ -1375,7 +1377,9 @@ recv Accounting-Request {
 #
 
 #
-#  Session start
+#  ## Sections for Acct-Status-Type
+#
+#  ### Session start
 #
 accounting Start {
        #
@@ -1396,7 +1400,7 @@ accounting Start {
 }
 
 #
-#  Session stop
+#  ### Session stop
 #
 accounting Stop {
        #
@@ -1426,7 +1430,7 @@ accounting Stop {
 }
 
 #
-#  Session is still alive
+#  ### Session is still alive
 #
 accounting Interim-Update {
        #
@@ -1441,7 +1445,7 @@ accounting Interim-Update {
 }
 
 #
-#  The NAS has just booted up.
+#  ### The NAS has just booted up.
 #
 accounting Accounting-On {
        #
@@ -1456,7 +1460,7 @@ accounting Accounting-On {
 }
 
 #
-#  The NAS is about to go down
+#  ### The NAS is about to shut down
 #
 accounting Accounting-Off {
        #
@@ -1471,7 +1475,7 @@ accounting Accounting-Off {
 }
 
 #
-#  Session failed to do something
+#  ### The user session failed in some way
 #
 accounting Failed {
 
@@ -1491,7 +1495,7 @@ accounting Failed {
 #
 
 #
-#  Send Accounting-Response.
+#  ### Send Accounting-Response.
 #
 #  Log the accounting data before replying. If logging fails then
 #  the reply will not be sent, which means the NAS will send the
@@ -1529,4 +1533,40 @@ send Accounting-Response {
        #
        attr_filter.accounting_response
 }
+
+#
+#  ## Timeouts
+#
+#  A virtual server can have a `timeout` section.  The format and
+#  contents are the same as the `timeout` keyword.
+#
+#  This section limits the total processing time for a request.  The
+#  values given here should be less than `max_request_time`.
+#
+#  When a request reaches `max_request_time`, it is forcibly stopped.
+#  No further processing takes place.
+#
+#  When a request reaches the time specified in this `timeout` section,
+#  all normal processing is stopped.  The `timeout` section is then run.
+#
+#  This configuration allows the server to take action when a request
+#  is taking too long.  For example, it could write a failure message
+#  to a log file.
+#
+#  The `timeout` section can contain any `unlang` keyword, including
+#  `call`, and other `timeout` sections.  If you need to have a
+#  "timeout for the timeout", then just add anoither `timeout` section
+#  inside of this one.
+#
+#  Note that `max_request_time` still applies.  So the timeout value
+#  given here should be less than the value given by
+#  `max_request_time`.
+#
+#
+
+#      timeout 10s {
+#              do_logging_here
+#              ...
+#      }
+
 }