From: Nick Porter Date: Mon, 30 Jun 2025 12:55:45 +0000 (+0100) Subject: Add dynamic_timeout X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e4487f598b827d6494009e4377d6144fccfaf2cb;p=thirdparty%2Ffreeradius-server.git Add dynamic_timeout To separate timeout of connected clients from dynamic clients. Dynamic client definitions often want long(ish) lifetimes to avoid repeated verifications of the same client. --- diff --git a/raddb/sites-available/default b/raddb/sites-available/default index 7b2b4103a31..c892deec072 100644 --- a/raddb/sites-available/default +++ b/raddb/sites-available/default @@ -358,12 +358,18 @@ server default { # # idle_timeout:: Time after which idle - # connections or dynamic clients are deleted. + # connections are deleted. # # Useful range of values: 5 to 600 # idle_timeout = 60.0 + # + # dynamic_timeout:: Time after which idle + # dynamic clients are deleted. + # + dynamic_timeout = 600.0 + # # nak_lifetime:: Time for which blocked # clients are placed into a NAK cache. diff --git a/raddb/sites-available/dynamic-clients b/raddb/sites-available/dynamic-clients index fae45ba9ad2..bf769978893 100644 --- a/raddb/sites-available/dynamic-clients +++ b/raddb/sites-available/dynamic-clients @@ -90,14 +90,18 @@ server dynamic_clients { max_connections = 256 # - # Free a dynamic client, or close a - # connection if it does not receive + # Close a connection if it does not receive # a packet within this time. # # Useful range of values: 5 to 600 # idle_timeout = 60.0 + # + # Time after which idle dynamic clients are deleted. + # + dynamic_timeout = 600.0 + # # nak_lifetime:: Time for which blocked # clients are placed into a NAK cache. diff --git a/raddb/sites-available/tacacs b/raddb/sites-available/tacacs index aee48fd7b81..6e98f98dae9 100644 --- a/raddb/sites-available/tacacs +++ b/raddb/sites-available/tacacs @@ -187,6 +187,12 @@ server tacacs { # Useful range of values: 5 to 600 # idle_timeout = 60.0 + + # + # dynamic_timeout:: Time after which idle + # dynamic clients are deleted. + # + dynamic_timeout = 600.0 } } diff --git a/src/lib/io/master.c b/src/lib/io/master.c index 167849437b8..509aadb801f 100644 --- a/src/lib/io/master.c +++ b/src/lib/io/master.c @@ -2076,9 +2076,6 @@ static void client_expiry_timer(fr_timer_list_t *tl, fr_time_t now, void *uctx) switch (client->state) { case PR_CLIENT_CONNECTED: fr_assert(connection != NULL); - FALL_THROUGH; - - case PR_CLIENT_DYNAMIC: delay = inst->idle_timeout; if (fr_time_delta_ispos(client->radclient->limit.idle_timeout) && (fr_time_delta_lt(client->radclient->limit.idle_timeout, inst->idle_timeout))) { @@ -2086,6 +2083,10 @@ static void client_expiry_timer(fr_timer_list_t *tl, fr_time_t now, void *uctx) } break; + case PR_CLIENT_DYNAMIC: + delay = inst->dynamic_timeout; + break; + case PR_CLIENT_NAK: delay = inst->nak_lifetime; break; @@ -2226,7 +2227,7 @@ idle_timeout: * idle timeut. */ client->ready_to_delete = true; - delay = inst->idle_timeout; + delay = client->state == PR_CLIENT_DYNAMIC ? inst->dynamic_timeout : inst->idle_timeout; goto reset_timer; } diff --git a/src/lib/io/master.h b/src/lib/io/master.h index 56e8783f936..4057e7e86fd 100644 --- a/src/lib/io/master.h +++ b/src/lib/io/master.h @@ -80,7 +80,8 @@ typedef struct { uint32_t max_pending_packets; //!< maximum number of pending packets fr_time_delta_t cleanup_delay; //!< for Access-Request packets - fr_time_delta_t idle_timeout; //!< for dynamic clients + fr_time_delta_t idle_timeout; //!< for connected clients + fr_time_delta_t dynamic_timeout; //!< for dynamic clients fr_time_delta_t nak_lifetime; //!< lifetime of NAKed clients fr_time_delta_t check_interval; //!< polling for closed sockets diff --git a/src/listen/dhcpv4/proto_dhcpv4.c b/src/listen/dhcpv4/proto_dhcpv4.c index fe0aef2ba3c..2cd741e68c4 100644 --- a/src/listen/dhcpv4/proto_dhcpv4.c +++ b/src/listen/dhcpv4/proto_dhcpv4.c @@ -54,6 +54,7 @@ static const conf_parser_t priority_config[] = { static conf_parser_t const limit_config[] = { { FR_CONF_OFFSET("cleanup_delay", proto_dhcpv4_t, io.cleanup_delay), .dflt = "5.0" } , { FR_CONF_OFFSET("idle_timeout", proto_dhcpv4_t, io.idle_timeout), .dflt = "30.0" } , + { FR_CONF_OFFSET("dynamic_timeout", proto_dhcpv4_t, io.dynamic_timeout), .dflt = "600.0" } , { FR_CONF_OFFSET("nak_lifetime", proto_dhcpv4_t, io.nak_lifetime), .dflt = "30.0" } , { FR_CONF_OFFSET("max_connections", proto_dhcpv4_t, io.max_connections), .dflt = "1024" } , diff --git a/src/listen/dhcpv6/proto_dhcpv6.c b/src/listen/dhcpv6/proto_dhcpv6.c index 31386109e91..b536b24e09b 100644 --- a/src/listen/dhcpv6/proto_dhcpv6.c +++ b/src/listen/dhcpv6/proto_dhcpv6.c @@ -55,6 +55,7 @@ static const conf_parser_t priority_config[] = { static conf_parser_t const limit_config[] = { { FR_CONF_OFFSET("cleanup_delay", proto_dhcpv6_t, io.cleanup_delay), .dflt = "5.0" } , { FR_CONF_OFFSET("idle_timeout", proto_dhcpv6_t, io.idle_timeout), .dflt = "30.0" } , + { FR_CONF_OFFSET("dynamic_timeout", proto_dhcpv6_t, io.dynamic_timeout), .dflt = "600.0" } , { FR_CONF_OFFSET("nak_lifetime", proto_dhcpv6_t, io.nak_lifetime), .dflt = "30.0" } , { FR_CONF_OFFSET("max_connections", proto_dhcpv6_t, io.max_connections), .dflt = "1024" } , diff --git a/src/listen/radius/proto_radius.c b/src/listen/radius/proto_radius.c index 84000736d2f..46aa9ada19e 100644 --- a/src/listen/radius/proto_radius.c +++ b/src/listen/radius/proto_radius.c @@ -37,6 +37,7 @@ static int transport_parse(TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM * static conf_parser_t const limit_config[] = { { FR_CONF_OFFSET("cleanup_delay", proto_radius_t, io.cleanup_delay), .dflt = "5.0" } , { FR_CONF_OFFSET("idle_timeout", proto_radius_t, io.idle_timeout), .dflt = "30.0" } , + { FR_CONF_OFFSET("dynamic_timeout", proto_radius_t, io.dynamic_timeout), .dflt = "600.0" } , { FR_CONF_OFFSET("nak_lifetime", proto_radius_t, io.nak_lifetime), .dflt = "30.0" } , { FR_CONF_OFFSET("max_connections", proto_radius_t, io.max_connections), .dflt = "1024" } , diff --git a/src/listen/tacacs/proto_tacacs.c b/src/listen/tacacs/proto_tacacs.c index bc6b43d7afd..a9a1e73c9a1 100644 --- a/src/listen/tacacs/proto_tacacs.c +++ b/src/listen/tacacs/proto_tacacs.c @@ -38,6 +38,7 @@ static int type_parse(TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM *ci, U static conf_parser_t const limit_config[] = { { FR_CONF_OFFSET("idle_timeout", proto_tacacs_t, io.idle_timeout), .dflt = "30.0" } , + { FR_CONF_OFFSET("dynamic_timeout", proto_tacacs_t, io.dynamic_timeout), .dflt = "600.0" } , { FR_CONF_OFFSET("max_connections", proto_tacacs_t, io.max_connections), .dflt = "1024" } , diff --git a/src/listen/vmps/proto_vmps.c b/src/listen/vmps/proto_vmps.c index f0be9c0232c..5c5d2b02f17 100644 --- a/src/listen/vmps/proto_vmps.c +++ b/src/listen/vmps/proto_vmps.c @@ -44,6 +44,7 @@ static const conf_parser_t priority_config[] = { static conf_parser_t const limit_config[] = { { FR_CONF_OFFSET("idle_timeout", proto_vmps_t, io.idle_timeout), .dflt = "30.0" } , + { FR_CONF_OFFSET("dynamic_timeout", proto_vmps_t, io.dynamic_timeout), .dflt = "600.0" } , { FR_CONF_OFFSET("nak_lifetime", proto_vmps_t, io.nak_lifetime), .dflt = "30.0" } , { FR_CONF_OFFSET("max_connections", proto_vmps_t, io.max_connections), .dflt = "1024" } ,