From: Alan T. DeKok Date: Sat, 19 Apr 2025 13:43:32 +0000 (-0400) Subject: add headings for accountng, and add docs for timeout section X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=28bb1d0a1dabecbacef018e83fee34c920e0e7c4;p=thirdparty%2Ffreeradius-server.git add headings for accountng, and add docs for timeout section --- diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/default.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/default.adoc index d0d1c83720a..13e60b6950c 100644 --- a/doc/antora/modules/reference/pages/raddb/sites-available/default.adoc +++ b/doc/antora/modules/reference/pages/raddb/sites-available/default.adoc @@ -1139,7 +1139,7 @@ authenticate digest { ``` -## PAM (Pluggable Authentication Modules) Authentication +### PAM (Pluggable Authentication Modules) Authentication Authenticate with PAM (Pluggable Authentication Modules). @@ -1177,7 +1177,7 @@ authenticate ldap { ``` -EAP Authentication +### EAP Authentication For EAP-MD5, EAP-MSCHAP, EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-PWD, etc. @@ -1516,7 +1516,7 @@ longer automatic as it was in version 3. ``` -Accounting +## Accounting This section deals with receiving Accounting requests and @@ -1524,6 +1524,8 @@ sending Accounting responses. +### Receive Accounting-Request packets + An Accounting-Request packet has been received. Decide which accounting type to use. @@ -1567,7 +1569,9 @@ then process the `send Accounting-Response` section -Session start +## Sections for Acct-Status-Type + +### Session start ``` accounting Start { @@ -1594,7 +1598,7 @@ it is available for all the accounting sections. ``` -Session stop +### Session stop ``` accounting Stop { @@ -1632,7 +1636,7 @@ Return an address to the IP Pool when we see a stop record. ``` -Session is still alive +### Session is still alive ``` accounting Interim-Update { @@ -1653,7 +1657,7 @@ Refresh leases when we see an alive. ``` -The NAS has just booted up. +### The NAS has just booted up. ``` accounting Accounting-On { @@ -1674,7 +1678,7 @@ Return all addresses related to this NAS to the IP Pool ``` -The NAS is about to go down +### The NAS is about to shut down ``` accounting Accounting-Off { @@ -1695,7 +1699,7 @@ Return all addresses related to this NAS to the IP Pool ``` -Session failed to do something +### The user session failed in some way ``` accounting Failed { @@ -1717,7 +1721,7 @@ Some vendors also define their own values, which is a very bad idea. -Send Accounting-Response. +### Send Accounting-Response. Log the accounting data before replying. If logging fails then the reply will not be sent, which means the NAS will send the @@ -1766,6 +1770,44 @@ Filter attributes from the accounting response. ``` attr_filter.accounting_response } + +``` + +## Timeouts + +A virtual server can have a `timeout` section. The format and +contents are the same as the `timeout` keyword. + +This section limits the total processing time for a request. The +values given here should be less than `max_request_time`. + +When a request reaches `max_request_time`, it is forcibly stopped. +No further processing takes place. + +When a request reaches the time specified in this `timeout` section, +all normal processing is stopped. The `timeout` section is then run. + +This configuration allows the server to take action when a request +is taking too long. For example, it could write a failure message +to a log file. + +The `timeout` section can contain any `unlang` keyword, including +`call`, and other `timeout` sections. If you need to have a +"timeout for the timeout", then just add anoither `timeout` section +inside of this one. + +Note that `max_request_time` still applies. So the timeout value +given here should be less than the value given by +`max_request_time`. + + + +``` +# timeout 10s { +# do_logging_here +# ... +# } + } ``` diff --git a/raddb/sites-available/default b/raddb/sites-available/default index 4724ed92140..77f7fb7a879 100644 --- a/raddb/sites-available/default +++ b/raddb/sites-available/default @@ -1009,7 +1009,7 @@ authenticate digest { } # -# ## PAM (Pluggable Authentication Modules) Authentication +# ### PAM (Pluggable Authentication Modules) Authentication # # Authenticate with PAM (Pluggable Authentication Modules). # @@ -1043,7 +1043,7 @@ authenticate ldap { } # -# EAP Authentication +# ### EAP Authentication # # For EAP-MD5, EAP-MSCHAP, EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-PWD, etc. # @@ -1331,7 +1331,7 @@ send Access-Reject { ###################################################################### # -# Accounting +# ## Accounting # # # This section deals with receiving Accounting requests and @@ -1339,6 +1339,8 @@ send Access-Reject { # ###################################################################### +# +# ### Receive Accounting-Request packets # # An Accounting-Request packet has been received. Decide which # accounting type to use. @@ -1375,7 +1377,9 @@ recv Accounting-Request { # # -# Session start +# ## Sections for Acct-Status-Type +# +# ### Session start # accounting Start { # @@ -1396,7 +1400,7 @@ accounting Start { } # -# Session stop +# ### Session stop # accounting Stop { # @@ -1426,7 +1430,7 @@ accounting Stop { } # -# Session is still alive +# ### Session is still alive # accounting Interim-Update { # @@ -1441,7 +1445,7 @@ accounting Interim-Update { } # -# The NAS has just booted up. +# ### The NAS has just booted up. # accounting Accounting-On { # @@ -1456,7 +1460,7 @@ accounting Accounting-On { } # -# The NAS is about to go down +# ### The NAS is about to shut down # accounting Accounting-Off { # @@ -1471,7 +1475,7 @@ accounting Accounting-Off { } # -# Session failed to do something +# ### The user session failed in some way # accounting Failed { @@ -1491,7 +1495,7 @@ accounting Failed { # # -# Send Accounting-Response. +# ### Send Accounting-Response. # # Log the accounting data before replying. If logging fails then # the reply will not be sent, which means the NAS will send the @@ -1529,4 +1533,40 @@ send Accounting-Response { # attr_filter.accounting_response } + +# +# ## Timeouts +# +# A virtual server can have a `timeout` section. The format and +# contents are the same as the `timeout` keyword. +# +# This section limits the total processing time for a request. The +# values given here should be less than `max_request_time`. +# +# When a request reaches `max_request_time`, it is forcibly stopped. +# No further processing takes place. +# +# When a request reaches the time specified in this `timeout` section, +# all normal processing is stopped. The `timeout` section is then run. +# +# This configuration allows the server to take action when a request +# is taking too long. For example, it could write a failure message +# to a log file. +# +# The `timeout` section can contain any `unlang` keyword, including +# `call`, and other `timeout` sections. If you need to have a +# "timeout for the timeout", then just add anoither `timeout` section +# inside of this one. +# +# Note that `max_request_time` still applies. So the timeout value +# given here should be less than the value given by +# `max_request_time`. +# +# + +# timeout 10s { +# do_logging_here +# ... +# } + }