Document TCP options for clients and home servers.

Signed-off-by: Alan T. DeKok <aland@freeradius.org>

diff --git a/raddb/clients.conf b/raddb/clients.conf
index cee6100..aa2c6fb 100644 (file)
--- a/raddb/clients.conf
+++ b/raddb/clients.conf
@@ -38,6 +38,15 @@ client localhost {
 #      ipv6addr = ::   # any.  ::1 == localhost
 
        #
+       #  The transport protocol.
+       #
+       #  If unspecified, defaults to "udp", which is the traditional
+       #  RADIUS transport.  It may also be "tcp", in which case the
+       #  server will accept connections from this client ONLY over TCP.
+       #
+#      proto = udp
+
+       #
        #  A note on DNS:  We STRONGLY recommend using IP addresses
        #  rather than host names.  Using host names means that the
        #  server will do DNS lookups when it starts, making it
@@ -112,6 +121,15 @@ client localhost {
        require_message_authenticator = no
 
        #
+       #  Limit the number of TCP connections that this client is
+       #  allowed to have open to us.  This configuration entry
+       #  is ignored for UDP sockets.
+       #
+       #  This entry is the mirror of the "max_connections" entry
+       #  in the home server configuration.
+       max_connections = 16
+
+       #
        #  The short name is used as an alias for the fully qualified
        #  domain name, or the IP address.
        #

diff --git a/raddb/proxy.conf b/raddb/proxy.conf
index 5655dbb..26ade44 100644 (file)
--- a/raddb/proxy.conf
+++ b/raddb/proxy.conf
@@ -169,6 +169,18 @@ home_server localhost {
        port = 1812
 
        #
+       #  The transport protocol.
+       #
+       #  If unspecified, defaults to "udp", which is the traditional
+       #  RADIUS transport.  It may also be "tcp", in which case TCP
+       #  will be used to talk to this home server.
+       #
+       #  When home servers are put into pools, the pool can contain
+       #  home servers with both UDP and TCP transports.
+       #
+       #proto = udp
+
+       #
        #  The shared secret use to "encrypt" and "sign" packets between
        #  FreeRADIUS and the home server.
        #
@@ -417,6 +429,46 @@ home_server localhost {
                # Maximum Retransmit Duration: 5..60
                mrd = 30
        }
+
+       #
+       #  Connection limiting for home servers with "proto = tcp".
+       #
+       #  This section is ignored for other home servers.
+       #
+       limit {
+             #
+             #  Limit the number of TCP connections to the home server.
+             #
+             #  The default is 16.
+             #  Setting this to 0 means "no limit"
+             max_connections = 16
+
+             #
+             #  Limit the total number of requests sent over one
+             #  TCP connection.  After this number of requests, the
+             #  connection will be closed.  Any new packets that are
+             #  proxied to the home server will result in a new TCP
+             #  connection being made.
+             #
+             #  Setting this to 0 means "no limit"
+             max_requests = 0
+
+             #
+             #  The lifetime, in seconds, of a TCP connection.  After
+             #  this lifetime, the connection will be closed.
+             #
+             #  Setting this to 0 means "forever".
+             lifetime = 0
+
+             #
+             #  The idle timeout, in seconds, of a TCP connection.
+             #  If no packets have been sent over the connection for
+             #  this time, the connection will be closed.
+             #
+             #  Setting this to 0 means "no timeout".
+             idle_timeout = 0
+       }
+
 }
 
 # Sample virtual home server.