2 * request_list.c Hide the handling of the REQUEST list from
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 * Copyright 2003-2004 The FreeRADIUS server project
23 static const char rcsid[] = "$Id$";
26 #include "libradius.h"
32 #include "rad_assert.h"
33 #include "request_list.h"
34 #include "radius_snmp.h"
38 * We keep the incoming requests in an array, indexed by ID.
40 * Each array element contains a linked list of containers of
41 * active requests, a count of the number of requests, and a time
42 * at which the first request in the list must be serviced.
44 * Note that we ALSO keep a tree view of the same data, below.
45 * Both views are needed for the server to work optimally.
47 typedef struct REQNODE {
48 struct REQNODE *prev, *next;
52 typedef struct REQUESTINFO {
53 REQNODE *first_request;
54 REQNODE *last_request;
56 time_t last_cleaned_list;
59 static REQUESTINFO request_list[256];
62 * Remember the next request at which we start walking
65 static REQUEST *last_request = NULL;
68 * It MAY make more sense here to key off of the packet ID, just
69 * like the request_list. Then again, saving another 8 lookups
70 * (on average) isn't much of a problem.
72 * The "request_cmp" function keys off of the packet ID first,
73 * so the first 8 layers of the tree will be the fanned-out
74 * tree for packet ID's.
76 static rbtree_t *request_tree;
79 static pthread_mutex_t proxy_mutex;
82 * This is easier than ifdef's throughout the code.
84 #define pthread_mutex_lock(_x)
85 #define pthread_mutex_unlock(_x)
89 * We keep track of packets we're proxying, keyed by
90 * source socket, and destination ip/port, and Id.
92 static rbtree_t *proxy_tree;
95 * We keep track of free/used Id's, by destination ip/port.
97 * We need a different tree than above, because this one is NOT
98 * keyed by Id. Instead, we use this one to allocate Id's.
100 static rbtree_t *proxy_id_tree;
103 * We keep the proxy FD's here. The RADIUS Id's are marked
104 * "allocated" per Id, via a bit per proxy FD.
106 static int proxy_fds[32];
108 static uint32_t proxy_ipaddr;
111 * We can use 256 RADIUS Id's per dst ipaddr/port, per server
112 * socket. So, to allocate them, we key off of dst ipaddr/port,
113 * and then search the RADIUS Id's, looking for an unused socket.
115 * We do NOT key off of socket fd's, here, either. Instead,
116 * we look for a free Id from a sockfd, any sockfd.
118 typedef struct proxy_id_t {
123 * FIXME: Allocate more proxy sockets when this gets full.
126 uint32_t mask; /* of FD's we know about. */
127 uint32_t id[1]; /* really id[256] */
132 * Find a matching entry in the proxy ID tree.
134 static int proxy_id_cmp(const void *one, const void *two)
136 const proxy_id_t *a = one;
137 const proxy_id_t *b = two;
140 * The following comparisons look weird, but it's
141 * the only way to make the comparisons work.
143 if (a->dst_ipaddr < b->dst_ipaddr) return -1;
144 if (a->dst_ipaddr > b->dst_ipaddr) return +1;
146 if (a->dst_port < b->dst_port) return -1;
147 if (a->dst_port > b->dst_port) return +1;
150 * Everything's equal. Say so.
157 * Compare two REQUEST data structures, based on a number
160 static int request_cmp(const void *one, const void *two)
162 const REQUEST *a = one;
163 const REQUEST *b = two;
166 * The following comparisons look weird, but it's
167 * the only way to make the comparisons work.
171 * If the packets didn't arrive on the same socket,
172 * they're not identical, no matter what their src/dst
175 if (a->packet->sockfd < b->packet->sockfd) return -1;
176 if (a->packet->sockfd > b->packet->sockfd) return +1;
178 if (a->packet->id < b->packet->id) return -1;
179 if (a->packet->id > b->packet->id) return +1;
181 if (a->packet->code < b->packet->code) return -1;
182 if (a->packet->code > b->packet->code) return +1;
184 if (a->packet->src_ipaddr < b->packet->src_ipaddr) return -1;
185 if (a->packet->src_ipaddr > b->packet->src_ipaddr) return +1;
187 if (a->packet->src_port < b->packet->src_port) return -1;
188 if (a->packet->src_port > b->packet->src_port) return +1;
191 * Hmm... we may be listening on IPADDR_ANY, in which case
192 * the destination IP is important, too.
194 if (a->packet->dst_ipaddr < b->packet->dst_ipaddr) return -1;
195 if (a->packet->dst_ipaddr > b->packet->dst_ipaddr) return +1;
197 if (a->packet->dst_port < b->packet->dst_port) return -1;
198 if (a->packet->dst_port > b->packet->dst_port) return +1;
201 * Everything's equal. Say so.
207 * Compare two REQUEST data structures, based on a number
208 * of criteria, for proxied packets.
210 static int proxy_cmp(const void *one, const void *two)
212 const REQUEST *a = one;
213 const REQUEST *b = two;
215 rad_assert(a->magic == REQUEST_MAGIC);
216 rad_assert(b->magic == REQUEST_MAGIC);
218 rad_assert(a->proxy != NULL);
219 rad_assert(b->proxy != NULL);
222 * The following code looks unreasonable, but it's
223 * the only way to make the comparisons work.
225 if (a->proxy->sockfd < b->proxy->sockfd) return -1;
226 if (a->proxy->sockfd > b->proxy->sockfd) return +1;
228 if (a->proxy->id < b->proxy->id) return -1;
229 if (a->proxy->id > b->proxy->id) return +1;
232 * We've got to check packet codes, too. But
233 * this should be done later, by someone else...
236 if (a->proxy->dst_ipaddr < b->proxy->dst_ipaddr) return -1;
237 if (a->proxy->dst_ipaddr > b->proxy->dst_ipaddr) return +1;
239 if (a->proxy->dst_port < b->proxy->dst_port) return -1;
240 if (a->proxy->dst_port > b->proxy->dst_port) return +1;
243 * FIXME: Check the Proxy-State attribute, too.
244 * This will help cut down on duplicates.
248 * Everything's equal. Say so.
255 * Initialize the request list.
260 * Initialize the request_list[] array.
262 memset(request_list, 0, sizeof(request_list));
264 request_tree = rbtree_create(request_cmp, NULL, 0);
266 rad_assert("FAIL" == NULL);
270 * Create the tree for managing proxied requests and
273 proxy_tree = rbtree_create(proxy_cmp, NULL, 1);
275 rad_assert("FAIL" == NULL);
279 * Create the tree for allocating proxy ID's.
281 proxy_id_tree = rbtree_create(proxy_id_cmp, NULL, 0);
282 if (!proxy_id_tree) {
283 rad_assert("FAIL" == NULL);
286 #ifdef HAVE_PTHREAD_H
288 * For now, always create the mutex.
290 * Later, we can only create it if there are multiple threads.
292 if (pthread_mutex_init(&proxy_mutex, NULL) != 0) {
293 radlog(L_ERR, "FATAL: Failed to initialize proxy mutex: %s",
300 * The Id allocation table is done by bits, so we have
301 * 32 bits per Id. These bits indicate which entry
302 * in the proxy_fds array is used for that Id.
304 * This design allows 256*32 = 8k requests to be
305 * outstanding to a home server, before something goes
310 rad_listen_t *listener;
313 * Mark the Fd's as unused.
315 for (i = 0; i < 32; i++) proxy_fds[i] = -1;
317 for (listener = mainconfig.listen;
319 listener = listener->next) {
320 if (listener->type == RAD_LISTEN_PROXY) {
321 proxy_ipaddr = listener->ipaddr;
322 proxy_fds[listener->fd & 0x1f] = listener->fd;
333 * Delete a request from the proxy trees.
335 static void rl_delete_proxy(REQUEST *request, rbnode_t *node)
337 proxy_id_t myid, *entry;
339 rad_assert(node != NULL);
341 rbtree_delete(proxy_tree, node);
343 myid.dst_ipaddr = request->proxy->dst_ipaddr;
344 myid.dst_port = request->proxy->dst_port;
347 * Find the Id in the array of allocated Id's,
350 entry = rbtree_finddata(proxy_id_tree, &myid);
354 DEBUG3(" proxy: de-allocating %08x:%d %d",
360 * Find the proxy socket associated with this
361 * Id. We loop over all 32 proxy fd's, but we
362 * partially index by proxy fd's, which means
363 * that we almost always break out of the loop
366 for (i = 0; i < 32; i++) {
369 offset = (request->proxy->sockfd + i) & 0x1f;
371 if (proxy_fds[offset] == request->proxy->sockfd) {
373 entry->id[request->proxy->id] &= ~(1 << offset);
376 } /* else die horribly? */
379 * Hmm... not sure what to do here.
381 DEBUG3(" proxy: FAILED TO FIND %08x:%d %d",
390 * Delete a particular request.
392 void rl_delete(REQUEST *request)
395 REQNODE *prev, *next;
397 prev = ((REQNODE *) request->container)->prev;
398 next = ((REQNODE *) request->container)->next;
400 id = request->packet->id;
403 * Update the last request we touched.
405 * This is so the periodic "walk & clean list"
406 * function, below, doesn't walk over all requests
407 * all of the time. Rather, it tries to amortize
410 if (last_request == request) {
411 last_request = rl_next(last_request);
416 request_list[id].first_request = next;
422 request_list[id].last_request = prev;
427 free(request->container);
431 * Update the SNMP statistics.
433 * Note that we do NOT do this in rad_respond(),
434 * as that function is called from child threads.
435 * Instead, we update the stats when a request is
436 * deleted, because only the main server thread calls
439 if (mainconfig.do_snmp) {
440 switch (request->reply->code) {
441 case PW_AUTHENTICATION_ACK:
442 rad_snmp.auth.total_responses++;
443 rad_snmp.auth.total_access_accepts++;
446 case PW_AUTHENTICATION_REJECT:
447 rad_snmp.auth.total_responses++;
448 rad_snmp.auth.total_access_rejects++;
451 case PW_ACCESS_CHALLENGE:
452 rad_snmp.auth.total_responses++;
453 rad_snmp.auth.total_access_challenges++;
456 case PW_ACCOUNTING_RESPONSE:
457 rad_snmp.acct.total_responses++;
467 * Delete the request from the tree.
472 node = rbtree_find(request_tree, request);
473 rad_assert(node != NULL);
474 rbtree_delete(request_tree, node);
478 * If there's a proxied packet, and we're still
479 * waiting for a reply, then delete the packet
480 * from the list of outstanding proxied requests.
482 if (request->proxy &&
483 (request->proxy_outstanding > 0)) {
484 pthread_mutex_lock(&proxy_mutex);
485 node = rbtree_find(proxy_tree, request);
486 rl_delete_proxy(request, node);
487 pthread_mutex_unlock(&proxy_mutex);
491 request_free(&request);
492 request_list[id].request_count--;
497 * Add a request to the request list.
499 void rl_add(REQUEST *request)
501 int id = request->packet->id;
504 rad_assert(request->container == NULL);
506 request->container = rad_malloc(sizeof(REQNODE));
507 node = (REQNODE *) request->container;
513 if (!request_list[id].first_request) {
514 rad_assert(request_list[id].request_count == 0);
516 request_list[id].first_request = node;
517 request_list[id].last_request = node;
519 rad_assert(request_list[id].request_count != 0);
521 node->prev = request_list[id].last_request;
522 request_list[id].last_request->next = node;
523 request_list[id].last_request = node;
527 * Insert the request into the tree.
529 if (rbtree_insert(request_tree, request) == 0) {
530 rad_assert("FAIL" == NULL);
533 request_list[id].request_count++;
537 * Look up a particular request, using:
539 * Request ID, request code, source IP, source port,
541 * Note that we do NOT use the request vector to look up requests.
543 * We MUST NOT have two requests with identical (id/code/IP/port), and
544 * different vectors. This is a serious error!
546 REQUEST *rl_find(RADIUS_PACKET *packet)
550 myrequest.packet = packet;
552 return rbtree_finddata(request_tree, &myrequest);
558 extern int proxy_new_listener(void);
561 * Add an entry to the proxy tree.
563 * This is the ONLY function in this source file which may be called
564 * from a child thread. It therefore needs mutexes...
566 int rl_add_proxy(REQUEST *request)
570 proxy_id_t myid, *entry;
572 myid.dst_ipaddr = request->proxy->dst_ipaddr;
573 myid.dst_port = request->proxy->dst_port;
576 * Proxied requests get sent out the proxy FD ONLY.
578 * FIXME: Once we allocate multiple proxy FD's, move this
579 * code to below, so we can have more than 256 requests
582 request->proxy_outstanding = 1;
584 pthread_mutex_lock(&proxy_mutex);
589 entry = rbtree_finddata(proxy_id_tree, &myid);
590 if (!entry) { /* allocate it */
591 entry = rad_malloc(sizeof(*entry) + sizeof(entry->id) * 255);
593 entry->dst_ipaddr = request->proxy->dst_ipaddr;
594 entry->dst_port = request->proxy->dst_port;
597 DEBUG3(" proxy: creating %08x:%d",
602 * Insert the new home server entry into
605 * FIXME: We don't (currently) delete the
606 * entries, so this is technically a
609 if (rbtree_insert(proxy_id_tree, entry) == 0) {
610 DEBUG2("ERROR: Failed to insert entry into proxy Id tree");
616 * Clear out bits in the array which DO have
617 * proxy Fd's associated with them. We do this
618 * by getting the mask of bits which have proxy
621 for (i = 0; i < 32; i++) {
622 if (proxy_fds[i] != -1) {
626 rad_assert(mask != 0);
629 * Set bits here indicate that the Fd is in use.
636 * Set the bits which are unused (and therefore
637 * allocated). The clear bits indicate that the Id
638 * for that FD is unused.
640 for (i = 0; i < 256; i++) {
643 } /* else the entry already existed in the proxy Id tree */
647 * Try to find a free Id.
650 for (i = 0; i < 256; i++) {
652 * Some bits are still zero..
654 if (entry->id[(i + entry->index) & 0xff] != (uint32_t) ~0) {
655 found = (i + entry->index) & 0xff;
660 * Hmm... do we want to re-use Id's, when we
661 * haven't seen all of the responses?
666 * No free Id, try to get a new FD.
670 * First, see if there were FD's recently allocated,
671 * which we don't know about.
674 for (i = 0; i < 32; i++) {
675 if (proxy_fds[i] < 0) continue;
681 * There ARE more FD's than we know about.
682 * Update the masks for Id's, and re-try.
684 if (entry->mask != mask) {
686 * New mask always has more bits than
687 * the old one, but never fewer bits.
689 rad_assert((entry->mask & mask) == entry->mask);
692 * Clear the bits we already know about,
693 * and then or in those bits into the
701 * Clear the bits in the Id's for the new
704 for (i = 0; i < 256; i++) {
705 entry->id[i] &= mask;
709 * And try again to allocate an Id.
712 } /* else no new Fd's were allocated. */
715 * If all Fd's are allocated, die.
718 radlog(L_ERR|L_CONS, "ERROR: More than 8000 proxied requests outstanding for home server %08x:%d",
719 ntohs(entry->dst_ipaddr), entry->dst_port);
724 * Allocate a new proxy Fd. This function adds it
725 * into the list of listeners.
727 proxy = proxy_new_listener();
729 DEBUG2("ERROR: Failed to create a new socket for proxying requests.");
737 for (i = 0; i < 32; i++) {
739 * Found a free entry. Save the socket,
740 * and remember where we saved it.
742 if (proxy_fds[(proxy + i) & 0x1f] == -1) {
743 proxy_fds[(proxy + i) & 0x1f] = proxy;
744 found = (proxy + i) & 0x1f;
748 rad_assert(found >= 0); /* i.e. the mask had free bits. */
755 * Clear the relevant bits in the mask.
757 for (i = 0; i < 256; i++) {
758 entry->id[i] &= mask;
762 * Pick a random Id to start from, as we've
763 * just guaranteed that it's free.
765 found = lrad_rand() & 0xff;
769 * Mark next (hopefully unused) entry.
771 entry->index = (found + 1) & 0xff;
774 * We now have to find WHICH proxy fd to use.
777 for (i = 0; i < 32; i++) {
779 * FIXME: pick a random socket to use?
781 if ((entry->id[found] & (1 << i)) == 0) {
788 * There was no bit clear, which we had just checked above...
790 rad_assert(proxy != -1);
793 * Mark the Id as allocated, for thei Fd.
795 entry->id[found] |= (1 << proxy);
796 request->proxy->id = found;
797 request->proxy->src_ipaddr = proxy_ipaddr;
799 rad_assert(proxy_fds[proxy] != -1);
800 request->proxy->sockfd = proxy_fds[proxy];
802 DEBUG3(" proxy: allocating %08x:%d %d",
807 if (!rbtree_insert(proxy_tree, request)) {
808 DEBUG2("ERROR: Failed to insert entry into proxy tree");
812 pthread_mutex_unlock(&proxy_mutex);
819 * Look up a particular request, using:
821 * Request Id, request code, source IP, source port,
823 * Note that we do NOT use the request vector to look up requests.
825 * We MUST NOT have two requests with identical (id/code/IP/port), and
826 * different vectors. This is a serious error!
828 REQUEST *rl_find_proxy(RADIUS_PACKET *packet)
831 REQUEST myrequest, *maybe = NULL;
832 RADIUS_PACKET myproxy;
835 * If we use the socket FD as an indicator,
836 * then that implicitely contains information
837 * as to our src ipaddr/port, so we don't need
838 * to use that in the comparisons.
840 myproxy.sockfd = packet->sockfd;
841 myproxy.id = packet->id;
842 myproxy.dst_ipaddr = packet->src_ipaddr;
843 myproxy.dst_port = packet->src_port;
846 myrequest.magic = REQUEST_MAGIC;
848 myrequest.proxy = &myproxy;
850 pthread_mutex_lock(&proxy_mutex);
851 node = rbtree_find(proxy_tree, &myrequest);
854 maybe = rbtree_node2data(proxy_tree, node);
855 rad_assert(maybe->proxy_outstanding > 0);
856 maybe->proxy_outstanding--;
859 * Received all of the replies we expect.
860 * delete it from both trees.
862 if (maybe->proxy_outstanding == 0) {
863 rl_delete_proxy(&myrequest, node);
866 pthread_mutex_unlock(&proxy_mutex);
873 * Walk over all requests, performing a callback for each request.
875 int rl_walk(RL_WALK_FUNC walker, void *data)
878 REQNODE *curreq, *next;
881 * Walk over all 256 ID's.
883 for (id = 0; id < 256; id++) {
886 * Walk over the request list for each ID.
888 for (curreq = request_list[id].first_request;
892 * The callback MIGHT delete the current
893 * request, so we CANNOT depend on curreq->next
894 * to be there, when going to the next element
899 rcode = walker(curreq->req, data);
900 if (rcode != RL_WALK_CONTINUE) {
911 * Walk from one request to the next.
913 REQUEST *rl_next(REQUEST *request)
919 * If we were passed a request, then go to the "next" one.
921 if (request != NULL) {
922 rad_assert(request->magic == REQUEST_MAGIC);
925 * It has a "next", return it.
927 if (((REQNODE *)request->container)->next != NULL) {
928 return ((REQNODE *)request->container)->next->req;
931 * No "next", increment the ID, and look
934 start_id = request->packet->id + 1;
940 * No input request, start looking at ID 0.
947 * Check all ID's, wrapping around at 255.
949 for (id = start_id; id < (start_id + count); id++) {
952 * This ID has a request, return it.
954 if (request_list[id & 0xff].first_request != NULL) {
955 rad_assert(request_list[id&0xff].first_request->req != request);
957 return request_list[id & 0xff].first_request->req;
962 * No requests at all in the list. Nothing to do.
964 DEBUG3("rl_next: returning NULL");
970 * Return the number of requests in the request list.
972 int rl_num_requests(void)
975 int request_count = 0;
977 for (id = 0; id < 256; id++) {
978 request_count += request_list[id].request_count;
981 return request_count;
985 typedef struct rl_walk_t {
992 * Refresh a request, by using proxy_retry_delay, cleanup_delay,
993 * max_request_time, etc.
995 * When walking over the request list, all of the per-request
996 * magic is done here.
998 static int refresh_request(REQUEST *request, void *data)
1000 rl_walk_t *info = (rl_walk_t *) data;
1002 child_pid_t child_pid;
1004 rad_assert(request->magic == REQUEST_MAGIC);
1007 * If the request is marked as a delayed reject, AND it's
1008 * time to send the reject, then do so now.
1010 if (request->finished &&
1011 ((request->options & RAD_REQUEST_OPTION_DELAYED_REJECT) != 0)) {
1012 rad_assert(request->child_pid == NO_SUCH_CHILD_PID);
1014 difference = info->now - request->timestamp;
1015 if (difference >= (time_t) mainconfig.reject_delay) {
1018 * Clear the 'delayed reject' bit, so that we
1019 * don't do this again.
1021 request->options &= ~RAD_REQUEST_OPTION_DELAYED_REJECT;
1022 rad_send(request->reply, request->packet,
1028 * If the request has finished processing, AND it's child has
1029 * been cleaned up, AND it's time to clean up the request,
1030 * OR, it's an accounting request. THEN, go delete it.
1032 * If this is a request which had the "don't cache" option
1033 * set, then delete it immediately, as it CANNOT have a
1036 if (request->finished &&
1037 ((request->timestamp + mainconfig.cleanup_delay <= info->now) ||
1038 ((request->options & RAD_REQUEST_OPTION_DONT_CACHE) != 0))) {
1039 rad_assert(request->child_pid == NO_SUCH_CHILD_PID);
1042 * Request completed, delete it, and unlink it
1043 * from the currently 'alive' list of requests.
1045 DEBUG2("Cleaning up request %d ID %d with timestamp %08lx",
1046 request->number, request->packet->id,
1047 (unsigned long) request->timestamp);
1050 * Delete the request.
1053 return RL_WALK_CONTINUE;
1057 * Maybe the child process handling the request has hung:
1058 * kill it, and continue.
1060 if ((request->timestamp + mainconfig.max_request_time) <= info->now) {
1063 child_pid = request->child_pid;
1064 number = request->number;
1067 * There MUST be a RAD_PACKET reply.
1069 rad_assert(request->reply != NULL);
1072 * If we've tried to proxy the request, and
1073 * the proxy server hasn't responded, then
1074 * we send a REJECT back to the caller.
1076 * For safety, we assert that there is no child
1077 * handling the request. If the assertion fails,
1078 * it means that we've sent a proxied request to
1079 * the home server, and the child thread is still
1080 * sitting on the request!
1082 if (request->proxy && !request->proxy_reply) {
1083 rad_assert(request->child_pid == NO_SUCH_CHILD_PID);
1085 radlog(L_ERR, "Rejecting request %d due to lack of any response from home server %s:%d",
1087 client_name(request->packet->src_ipaddr),
1088 request->packet->src_port);
1089 request_reject(request);
1090 request->finished = TRUE;
1091 return RL_WALK_CONTINUE;
1094 if (mainconfig.kill_unresponsive_children) {
1095 if (child_pid != NO_SUCH_CHILD_PID) {
1097 * This request seems to have hung
1100 #ifdef HAVE_PTHREAD_H
1101 radlog(L_ERR, "Killing unresponsive thread for request %d",
1103 pthread_cancel(child_pid);
1105 } /* else no proxy reply, quietly fail */
1108 * Maybe we haven't killed it. In that
1109 * case, print a warning.
1111 } else if ((child_pid != NO_SUCH_CHILD_PID) &&
1112 ((request->options & RAD_REQUEST_OPTION_LOGGED_CHILD) == 0)) {
1113 radlog(L_ERR, "WARNING: Unresponsive child (id %lu) for request %d",
1114 (unsigned long)child_pid, number);
1117 * Set the option that we've sent a log message,
1118 * so that we don't send more than one message
1121 request->options |= RAD_REQUEST_OPTION_LOGGED_CHILD;
1125 * Send a reject message for the request, mark it
1126 * finished, and forget about the child.
1128 request_reject(request);
1129 request->child_pid = NO_SUCH_CHILD_PID;
1130 if (mainconfig.kill_unresponsive_children)
1131 request->finished = TRUE;
1132 return RL_WALK_CONTINUE;
1133 } /* the request has been in the queue for too long */
1136 * If the request is still being processed, then due to the
1137 * above check, it's still within it's time limit. In that
1138 * case, don't do anything.
1140 if (request->child_pid != NO_SUCH_CHILD_PID) {
1141 return RL_WALK_CONTINUE;
1145 * The request is finished.
1147 if (request->finished) goto setup_timeout;
1150 * We're not proxying requests at all.
1152 if (!mainconfig.proxy_requests) goto setup_timeout;
1155 * We're proxying synchronously, so we don't retry it here.
1156 * Some other code takes care of retrying the proxy requests.
1158 if (mainconfig.proxy_synchronous) goto setup_timeout;
1161 * The proxy retry delay is zero, meaning don't retry.
1163 if (mainconfig.proxy_retry_delay == 0) goto setup_timeout;
1166 * There is no proxied request for this packet, so there's
1169 if (!request->proxy) goto setup_timeout;
1172 * We've already seen the proxy reply, so we don't need
1173 * to send another proxy request.
1175 if (request->proxy_reply) goto setup_timeout;
1178 * It's not yet time to re-send this proxied request.
1180 if (request->proxy_next_try > info->now) goto setup_timeout;
1183 * If the proxy retry count is zero, then
1184 * we've sent the last try, and have NOT received
1185 * a reply from the end server. In that case,
1186 * we don't bother trying again, but just mark
1187 * the request as finished, and go to the next one.
1189 if (request->proxy_try_count == 0) {
1190 rad_assert(request->child_pid == NO_SUCH_CHILD_PID);
1191 request_reject(request);
1192 realm_disable(request->proxy->dst_ipaddr,request->proxy->dst_port);
1193 request->finished = TRUE;
1198 * We're trying one more time, so count down
1199 * the tries, and set the next try time.
1201 request->proxy_try_count--;
1202 request->proxy_next_try = info->now + mainconfig.proxy_retry_delay;
1204 /* Fix up Acct-Delay-Time */
1205 if (request->proxy->code == PW_ACCOUNTING_REQUEST) {
1206 VALUE_PAIR *delaypair;
1207 delaypair = pairfind(request->proxy->vps, PW_ACCT_DELAY_TIME);
1210 delaypair = paircreate(PW_ACCT_DELAY_TIME, PW_TYPE_INTEGER);
1212 radlog(L_ERR|L_CONS, "no memory");
1215 pairadd(&request->proxy->vps, delaypair);
1217 delaypair->lvalue = info->now - request->proxy->timestamp;
1219 /* Must recompile the valuepairs to wire format */
1220 free(request->proxy->data);
1221 request->proxy->data = NULL;
1222 } /* proxy accounting request */
1225 * Assert that we have NOT seen the proxy reply yet.
1227 * If we HAVE seen it, then we SHOULD NOT be bugging the
1230 rad_assert(request->proxy_reply == NULL);
1233 * Send the proxy packet.
1235 request->proxy_outstanding++;
1236 rad_send(request->proxy, NULL, request->proxysecret);
1240 * Don't do more long-term checks, if we've got to wake
1243 if (info->smallest == 0) {
1244 return RL_WALK_CONTINUE;
1248 * The request is finished. Wake up when it's time to
1251 if (request->finished) {
1252 difference = (request->timestamp + mainconfig.cleanup_delay) - info->now;
1255 * If the request is marked up to be rejected later,
1256 * then wake up later.
1258 if ((request->options & RAD_REQUEST_OPTION_DELAYED_REJECT) != 0) {
1259 if (difference >= (time_t) mainconfig.reject_delay) {
1260 difference = (time_t) mainconfig.reject_delay;
1264 } else if (request->proxy && !request->proxy_reply) {
1266 * The request is NOT finished, but there is an
1267 * outstanding proxy request, with no matching
1270 * Wake up when it's time to re-send
1271 * the proxy request.
1273 * But in synchronous proxy, we don't retry but we update
1274 * the next retry time as NAS has not resent the request
1275 * in the given retry window.
1277 if (mainconfig.proxy_synchronous) {
1279 * If the retry_delay * count has passed,
1280 * then mark the realm dead.
1282 if (info->now > (request->timestamp + (mainconfig.proxy_retry_delay * mainconfig.proxy_retry_count))) {
1283 rad_assert(request->child_pid == NO_SUCH_CHILD_PID);
1284 request_reject(request);
1286 realm_disable(request->proxy->dst_ipaddr,
1287 request->proxy->dst_port);
1288 request->finished = TRUE;
1291 request->proxy_next_try = info->now + mainconfig.proxy_retry_delay;
1293 difference = request->proxy_next_try - info->now;
1296 * The request is NOT finished.
1298 * Wake up when it's time to kill the errant
1301 difference = (request->timestamp + mainconfig.max_request_time) - info->now;
1305 * If the server is CPU starved, then we CAN miss a time
1306 * for servicing requests. In which case the 'difference'
1307 * value will be negative. select() doesn't like that,
1310 if (difference < 0) {
1315 * Update the 'smallest' time.
1317 if ((info->smallest < 0) ||
1318 (difference < info->smallest)) {
1319 info->smallest = difference;
1322 return RL_WALK_CONTINUE;
1327 * Clean up the request list, every so often.
1329 * This is done by walking through ALL of the list, and
1330 * - marking any requests which are finished, and expired
1331 * - killing any processes which are NOT finished after a delay
1332 * - deleting any marked requests.
1334 struct timeval *rl_clean_list(time_t now)
1337 * Static variables, so that we don't do all of this work
1338 * more than once per second.
1340 * Note that we have 'tv' and 'last_tv'. 'last_tv' is
1341 * pointed to by 'last_tv_ptr', and depending on the
1342 * system implementation of select(), it MAY be modified.
1344 * In that was, we want to use the ORIGINAL value, from
1345 * 'tv', and wipe out the (possibly modified) last_tv.
1347 static time_t last_cleaned_list = 0;
1348 static struct timeval tv, *last_tv_ptr = NULL;
1349 static struct timeval last_tv;
1357 * If we've already set up the timeout or cleaned the
1358 * request list this second, then don't do it again. We
1359 * simply return the sleep delay from last time.
1361 * Note that if we returned NULL last time, there was nothing
1362 * to do. BUT we've been woken up since then, which can only
1363 * happen if we received a packet. And if we've received a
1364 * packet, then there's some work to do in the future.
1366 * FIXME: We can probably use gettimeofday() for finer clock
1367 * resolution, as the current method will cause it to sleep
1370 if ((last_tv_ptr != NULL) &&
1371 (last_cleaned_list == now) &&
1376 * If we're NOT walking the entire request list,
1377 * then we want to iteratively check the request
1380 * If there is NO previous request, go look for one.
1383 last_request = rl_next(last_request);
1386 * On average, there will be one request per
1387 * 'cleanup_delay' requests, which needs to be
1390 * And only do this servicing, if we have a request
1394 for (i = 0; i < mainconfig.cleanup_delay; i++) {
1398 * This function call MAY delete the
1399 * request pointed to by 'last_request'.
1401 next = rl_next(last_request);
1402 refresh_request(last_request, &info);
1403 last_request = next;
1406 * Nothing to do any more, exit.
1413 DEBUG2("Waking up in %d seconds...",
1414 (int) last_tv_ptr->tv_sec);
1417 last_cleaned_list = now;
1418 last_request = NULL;
1419 DEBUG2("--- Walking the entire request list ---");
1422 * Hmmm... this is Big Magic. We make it seem like
1423 * there's an additional second to wait, for a whole
1424 * host of reasons which I can't explain adequately,
1425 * but which cause the code to Just Work Right.
1429 rl_walk(refresh_request, &info);
1432 * We haven't found a time at which we need to wake up.
1433 * Return NULL, so that the select() call will sleep forever.
1435 if (info.smallest < 0) {
1437 * If we're not proxying, then there really isn't anything
1440 * If we ARE proxying, then we can safely sleep
1441 * forever if we're told to NEVER send proxy retries
1442 * ourselves, until the NAS kicks us again.
1444 * Otherwise, there are no outstanding requests, then
1445 * we can sleep forever. This happens when we get
1446 * woken up with a bad packet. It's discarded, so if
1447 * there are no live requests, we can safely sleep
1450 if ((!mainconfig.proxy_requests) ||
1451 mainconfig.proxy_synchronous ||
1452 (rl_num_requests() == 0)) {
1453 DEBUG2("Nothing to do. Sleeping until we see a request.");
1459 * We ARE proxying. In that case, we avoid a race condition
1460 * where a child thread handling a request proxies the
1461 * packet, and sets the retry delay. In that case, we're
1462 * supposed to wake up in N seconds, but we can't, as
1463 * we're sleeping forever.
1465 * Instead, we prevent the problem by waking up anyhow
1466 * at the 'proxy_retry_delay' time, even if there's
1467 * nothing to do. In the worst case, this will cause
1468 * the server to wake up every N seconds, to do a small
1469 * amount of unnecessary work.
1471 info.smallest = mainconfig.proxy_retry_delay;
1474 * Set the time (in seconds) for how long we're
1475 * supposed to sleep.
1477 tv.tv_sec = info.smallest;
1479 DEBUG2("Waking up in %d seconds...", (int) info.smallest);
1482 * Remember how long we should sleep for.
1485 last_tv_ptr = &last_tv;