* Find a per-socket client.
*/
RADCLIENT *client_listener_find(const rad_listen_t *listener,
- const fr_ipaddr_t *ipaddr)
+ const fr_ipaddr_t *ipaddr, int src_port)
{
#ifdef WITH_DYNAMIC_CLIENTS
int rcode;
- time_t now;
listen_socket_t *sock;
REQUEST *request;
- RADCLIENT *client, *created;
+ RADCLIENT *created;
#endif
+ time_t now;
+ RADCLIENT *client;
RADCLIENT_LIST *clients;
rad_assert(listener != NULL);
*/
rad_assert(clients != NULL);
-#ifdef WITH_DYNAMIC_CLIENTS
client = client_find(clients, ipaddr);
- if (!client) return NULL;
+ if (!client) {
+ static time_t last_printed = 0;
+ char name[256], buffer[128];
+
+#ifdef WITH_DYNAMIC_CLIENTS
+ unknown: /* used only for dynamic clients */
+#endif
+
+ /*
+ * DoS attack quenching, but only in debug mode.
+ * If they're running in debug mode, show them
+ * every packet.
+ */
+ if (debug_flag == 0) {
+ now = time(NULL);
+ if (last_printed == now) return NULL;
+
+ last_printed = now;
+ }
+
+ listener->print(listener, name, sizeof(name));
+
+ radlog(L_ERR, "Ignoring request to %s from unknown client %s port %d",
+ name, inet_ntop(ipaddr->af, &ipaddr->ipaddr,
+ buffer, sizeof(buffer)),
+ src_port);
+ return NULL;
+ }
+
+#ifndef WITH_DYNAMIC_CLIENTS
+ return client; /* return the found client. */
+#else
/*
* No server defined, and it's not dynamic. Return it.
/*
* WTF?
*/
- if (!client) return NULL;
- if (!client->client_server) return NULL;
+ if (!client) goto unknown;
+ if (!client->client_server) goto unknown;
/*
* At this point, 'client' is the enclosing
* allow one new client per second. Known
* clients aren't subject to this restriction.
*/
- if (now == client->last_new_client) return NULL;
+ if (now == client->last_new_client) goto unknown;
}
client->last_new_client = now;
request = request_alloc();
- if (!request) return NULL;
+ if (!request) goto unknown;
request->listener = listener;
request->client = client;
request->packet = rad_alloc(0);
if (!request->packet) {
request_free(&request);
- return NULL;
+ goto unknown;
}
request->reply = rad_alloc(0);
if (!request->reply) {
request_free(&request);
- return NULL;
+ goto unknown;
}
request->packet->timestamp = request->timestamp;
request->number = 0;
if (rcode != RLM_MODULE_OK) {
request_free(&request);
- return NULL;
+ goto unknown;
}
/*
/*
* This frees the client if it isn't valid.
*/
- if (!client_validate(clients, client, created)) {
- return NULL;
- }
+ if (!client_validate(clients, client, created)) goto unknown;
}
request_free(&request);
- return created; /* may be NULL */
-#else
- return client_find(clients, ipaddr);
+ if (!created) goto unknown;
+
+ return created;
#endif
}
ssize_t rcode;
int code, src_port;
RADIUS_PACKET *packet;
- char buffer[128];
RADCLIENT *client;
fr_ipaddr_t src_ipaddr;
}
if ((client = client_listener_find(listener,
- &src_ipaddr)) == NULL) {
+ &src_ipaddr, src_port)) == NULL) {
rad_recv_discard(listener->fd);
RAD_STATS_TYPE_INC(listener, total_invalid_requests);
-
- if (debug_flag > 0) {
- char name[1024];
-
- listener->print(listener, name, sizeof(name));
-
- /*
- * This is debugging rather than logging, so that
- * DoS attacks don't affect us.
- */
- DEBUG("Ignoring request to %s from unknown client %s port %d",
- name,
- inet_ntop(src_ipaddr.af, &src_ipaddr.ipaddr,
- buffer, sizeof(buffer)), src_port);
- }
-
return 0;
}
int code, src_port;
RADIUS_PACKET *packet;
RAD_REQUEST_FUNP fun = NULL;
- char buffer[128];
RADCLIENT *client;
fr_ipaddr_t src_ipaddr;
}
if ((client = client_listener_find(listener,
- &src_ipaddr)) == NULL) {
+ &src_ipaddr, src_port)) == NULL) {
rad_recv_discard(listener->fd);
RAD_STATS_TYPE_INC(listener, total_invalid_requests);
-
- if (debug_flag > 0) {
- char name[1024];
-
- listener->print(listener, name, sizeof(name));
-
- /*
- * This is debugging rather than logging, so that
- * DoS attacks don't affect us.
- */
- DEBUG("Ignoring request to %s from unknown client %s port %d",
- name,
- inet_ntop(src_ipaddr.af, &src_ipaddr.ipaddr,
- buffer, sizeof(buffer)), src_port);
- }
-
return 0;
}
int code, src_port;
RADIUS_PACKET *packet;
RAD_REQUEST_FUNP fun = NULL;
- char buffer[128];
RADCLIENT *client;
fr_ipaddr_t src_ipaddr;
}
if ((client = client_listener_find(listener,
- &src_ipaddr)) == NULL) {
+ &src_ipaddr, src_port)) == NULL) {
rad_recv_discard(listener->fd);
RAD_STATS_TYPE_INC(listener, total_invalid_requests);
-
- /*
- * This is debugging rather than logging, so that
- * DoS attacks don't affect us.
- */
- if (debug_flag > 0) {
- char name[1024];
-
- listener->print(listener, name, sizeof(name));
-
- DEBUG("Ignoring request to %s from unknown client %s port %d",
- name,
- inet_ntop(src_ipaddr.af, &src_ipaddr.ipaddr,
- buffer, sizeof(buffer)), src_port);
- }
-
return 0;
}