From 465632d489f298d3b73ba25919279f95b1cf6dc8 Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Thu, 29 May 2014 11:17:21 -0400
Subject: [PATCH] Added per-client response_window.  Closes #645

---
 raddb/clients.conf    | 12 ++++++++++++
 src/include/radiusd.h |  2 ++
 src/main/process.c    | 33 +++++++++++++++++++++++++++------
 3 files changed, 41 insertions(+), 6 deletions(-)

diff --git a/raddb/clients.conf b/raddb/clients.conf
index 81f4501..feea220 100644
--- a/raddb/clients.conf
+++ b/raddb/clients.conf
@@ -180,6 +180,18 @@ client localhost {
 	#  see raddb/sites-available/originate-coa
 #	coa_server = coa
 
+
+	#
+	#  Response window for proxied packets.  If non-zero,
+	#  then the lower of (home, client) response_window
+	#  will be used.
+	#
+	#  i.e. it can be used to lower the response_window
+	#  packets from one client to a home server.  It cannot
+	#  be used to raise the response_window.
+	#
+#	response_window = 10.0
+
 	#
 	#  Connection limiting for clients using "proto = tcp".
 	#
diff --git a/src/include/radiusd.h b/src/include/radiusd.h
index d35b08f..398dd28 100644
--- a/src/include/radiusd.h
+++ b/src/include/radiusd.h
@@ -96,6 +96,8 @@ typedef struct radclient {
 #endif
 #endif
 
+	struct timeval		response_window;
+
 	int			proto;
 #ifdef WITH_TCP
 	fr_socket_limit_t	limit;
diff --git a/src/main/process.c b/src/main/process.c
index a8fd78c..c871ae3 100644
--- a/src/main/process.c
+++ b/src/main/process.c
@@ -405,6 +405,24 @@ static void debug_packet(REQUEST *request, RADIUS_PACKET *packet, int direction)
  *
  ***********************************************************************/
 
+static struct timeval *request_response_window(REQUEST *request)
+{
+	/*
+	 *	The client hasn't set the response window.  Return
+	 *	either the home server one, if set, or the global one.
+	 */
+	if (!timerisset(&request->client->response_window)) {
+		return &request->home_server->response_window;
+	}
+
+	if (timercmp(&request->client->response_window,
+		     &request->home_server->response_window, <)) {
+		return &request->client->response_window;
+	}
+
+	return &request->home_server->response_window;
+}
+
 /*
  *	Callback for ALL timer events related to the request.
  */
@@ -593,7 +611,7 @@ STATE_MACHINE_DECL(request_done)
 			when.tv_sec += request->home_server->coa_mrd;
 		} else
 #endif
-			timeradd(&when, &request->home_server->response_window, &when);
+			timeradd(&when, request_response_window(request), &when);
 
 		/*
 		 *	We haven't received all responses, AND there's still
@@ -3069,7 +3087,7 @@ static void home_trigger(home_server_t *home, char const *trigger)
 	exec_trigger(&my_request, home->cs, trigger, false);
 }
 
-static void mark_home_server_zombie(home_server_t *home, struct timeval *now)
+static void mark_home_server_zombie(home_server_t *home, struct timeval *now, struct timeval *response_window)
 {
 	time_t start;
 	char buffer[128];
@@ -3119,7 +3137,7 @@ static void mark_home_server_zombie(home_server_t *home, struct timeval *now)
 	PROXY( "Marking home server %s port %d as zombie (it has not responded in %d.%06d seconds).",
 	       inet_ntop(home->ipaddr.af, &home->ipaddr.ipaddr,
 			 buffer, sizeof(buffer)),
-	       home->port, (int) home->response_window.tv_sec, (int) home->response_window.tv_usec);
+	       home->port, (int) response_window->tv_sec, (int) response_window->tv_usec);
 
 	ping_home_server(home);
 }
@@ -3200,6 +3218,7 @@ void mark_home_server_dead(home_server_t *home, struct timeval *when)
 STATE_MACHINE_DECL(proxy_wait_for_reply)
 {
 	struct timeval now, when;
+	struct timeval *response_window = NULL;
 	home_server_t *home = request->home_server;
 	char buffer[128];
 
@@ -3294,6 +3313,8 @@ STATE_MACHINE_DECL(proxy_wait_for_reply)
 		break;
 
 	case FR_ACTION_TIMER:
+		response_window = request_response_window(request);
+
 #ifdef WITH_TCP
 		if (!request->proxy_listener ||
 		    (request->proxy_listener->status != RAD_LISTEN_STATUS_KNOWN)) {
@@ -3319,7 +3340,7 @@ STATE_MACHINE_DECL(proxy_wait_for_reply)
 			 *	responding to other (better looking) packets.
 			 */
 			when = request->proxy->timestamp;
-			timeradd(&when, &home->response_window, &when);
+			timeradd(&when, response_window, &when);
 
 			/*
 			 *	Not at the response window.  Set the timer for
@@ -3327,7 +3348,7 @@ STATE_MACHINE_DECL(proxy_wait_for_reply)
 			 */
 			if (timercmp(&when, &now, >)) {
 				RDEBUG("Expecting proxy response no later than %d.%06d seconds from now",
-				       (int) home->response_window.tv_sec, (int) home->response_window.tv_usec);
+				       (int) response_window->tv_sec, (int) response_window->tv_usec);
 				STATE_MACHINE_TIMER(FR_ACTION_TIMER);
 				return;
 			}
@@ -3353,7 +3374,7 @@ STATE_MACHINE_DECL(proxy_wait_for_reply)
 		    && (home->proto != IPPROTO_TCP)
 #endif
 			) {
-			mark_home_server_zombie(home, &now);
+			mark_home_server_zombie(home, &now, response_window);
 		}
 
 		FR_STATS_TYPE_INC(home->stats.total_timeouts);
-- 
2.1.4