On Tue, Oct 5, 2010 at 19:11, Alan T DeKok <aland@freeradius.org> wrote:
> Magnus Hagander wrote:
>> Actually, nevermind that one. Here's a patch I worked up from your
>> description, and that turns out to be fairly similar to yours in what
>> it does I think - except I'm not rearranging the code into a separate
>> function. We already have a while-loop.
>
> =A0Thanks. =A0The only comment I have is that the hard-code 100000 could =
be
> USECS_PER_SEC.
That's hardcoded elsewhere in the backend though, and we've not used
USECS_PER_SEC anywhere else. So for consistency..
>> See attached context diff, and I've also included a diff without
>> whitespace changes since the majority of the diff is otherwise coming
>> from indenting the code one tab...
>>
>> (so far untested, I seem to have deleted my test-instance of the
>> radius server, but I figured I should post my attempt anyway)
>
> =A0I can set up a test server if you want.
Nah, I should get mine back up.
If you can test the complete patch in your environment (particularly
if you already have a "bad packet injector" that you know creates the
issue on 9.0), that would be great though.
>> Also, my patch does not change from log to warning - note that warning
>> is actually *below* log when it comes to the logfile (see
>> log_min_messages comments in postgresql.conf). I keep making that
>> mistake myself...
>
> =A0OK. =A0My only interest there was to ensure that a DoS attack wouldn't
> result in the log being flooded with "invalid packet" messages.
Uh, how exactly does your patch prevent that?
--=20
=A0Magnus Hagander
=A0Me: http://www.hagander.net/
=A0Work: http://www.redpill-linpro.com/