Document TCP options for clients and home servers.

Signed-off-by: Alan T. DeKok <aland@freeradius.org>

diff --git a/raddb/clients.conf b/raddb/clients.conf
index cee6100cc5fc09e158c00ef5c166cefc970b2458..aa2c6fbe87540917365a1e1b90d5f598559dc011 100644 (file)
--- a/raddb/clients.conf
+++ b/raddb/clients.conf
@@ -37,6 +37,15 @@ client localhost {
        #  at the same time.
 #      ipv6addr = ::   # any.  ::1 == localhost
 
+       #
+       #  The transport protocol.
+       #
+       #  If unspecified, defaults to "udp", which is the traditional
+       #  RADIUS transport.  It may also be "tcp", in which case the
+       #  server will accept connections from this client ONLY over TCP.
+       #
+#      proto = udp
+
        #
        #  A note on DNS:  We STRONGLY recommend using IP addresses
        #  rather than host names.  Using host names means that the
@@ -111,6 +120,15 @@ client localhost {
        #  allowed values: yes, no
        require_message_authenticator = no
 
+       #
+       #  Limit the number of TCP connections that this client is
+       #  allowed to have open to us.  This configuration entry
+       #  is ignored for UDP sockets.
+       #
+       #  This entry is the mirror of the "max_connections" entry
+       #  in the home server configuration.
+       max_connections = 16
+
        #
        #  The short name is used as an alias for the fully qualified
        #  domain name, or the IP address.

diff --git a/raddb/proxy.conf b/raddb/proxy.conf
index 5655dbb6abd92123ec410fc597673052fbf86464..26ade44f5f740480c37e38498fdecd5652062713 100644 (file)
--- a/raddb/proxy.conf
+++ b/raddb/proxy.conf
@@ -168,6 +168,18 @@ home_server localhost {
        #
        port = 1812
 
+       #
+       #  The transport protocol.
+       #
+       #  If unspecified, defaults to "udp", which is the traditional
+       #  RADIUS transport.  It may also be "tcp", in which case TCP
+       #  will be used to talk to this home server.
+       #
+       #  When home servers are put into pools, the pool can contain
+       #  home servers with both UDP and TCP transports.
+       #
+       #proto = udp
+
        #
        #  The shared secret use to "encrypt" and "sign" packets between
        #  FreeRADIUS and the home server.
@@ -417,6 +429,46 @@ home_server localhost {
                # Maximum Retransmit Duration: 5..60
                mrd = 30
        }
+
+       #
+       #  Connection limiting for home servers with "proto = tcp".
+       #
+       #  This section is ignored for other home servers.
+       #
+       limit {
+             #
+             #  Limit the number of TCP connections to the home server.
+             #
+             #  The default is 16.
+             #  Setting this to 0 means "no limit"
+             max_connections = 16
+
+             #
+             #  Limit the total number of requests sent over one
+             #  TCP connection.  After this number of requests, the
+             #  connection will be closed.  Any new packets that are
+             #  proxied to the home server will result in a new TCP
+             #  connection being made.
+             #
+             #  Setting this to 0 means "no limit"
+             max_requests = 0
+
+             #
+             #  The lifetime, in seconds, of a TCP connection.  After
+             #  this lifetime, the connection will be closed.
+             #
+             #  Setting this to 0 means "forever".
+             lifetime = 0
+
+             #
+             #  The idle timeout, in seconds, of a TCP connection.
+             #  If no packets have been sent over the connection for
+             #  this time, the connection will be closed.
+             #
+             #  Setting this to 0 means "no timeout".
+             idle_timeout = 0
+       }
+
 }
 
 # Sample virtual home server.