diff options
| -rw-r--r-- | radsecproxy.c | 21 | ||||
| -rw-r--r-- | radsecproxy.h | 6 |
2 files changed, 23 insertions, 4 deletions
diff --git a/radsecproxy.c b/radsecproxy.c index 44a37f6..3eb601e 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -2238,7 +2238,7 @@ void *clientwr(void *arg) { } if (rq->tries == (*rq->buf == RAD_Status_Server || server->conf->type == 'T' - ? 1 : REQUEST_RETRIES)) { + ? 1 : server->conf->retrycount + 1)) { debug(DBG_DBG, "clientwr: removing expired packet from queue"); debug(DBG_WARN, "clientwr: no server response, %s dead?", server->conf->host); if (server->lostrqs < 255) @@ -2253,7 +2253,7 @@ void *clientwr(void *arg) { rq->expiry.tv_sec = now.tv_sec + (*rq->buf == RAD_Status_Server || server->conf->type == 'T' - ? REQUEST_EXPIRY : REQUEST_EXPIRY / REQUEST_RETRIES); + ? server->conf->retrydelay * (server->conf->retrycount + 1) : server->conf->retrydelay); if (!timeout.tv_sec || rq->expiry.tv_sec < timeout.tv_sec) timeout.tv_sec = rq->expiry.tv_sec; rq->tries++; @@ -2977,6 +2977,7 @@ void confclient_cb(struct gconffile **cf, char *block, char *opt, char *val) { void confserver_cb(struct gconffile **cf, char *block, char *opt, char *val) { char *type = NULL, *tls = NULL, *matchcertattr = NULL, *rewrite = NULL; + long int retrydelay = LONG_MIN, retrycount = LONG_MIN; struct clsrvconf *conf; debug(DBG_DBG, "confserver_cb called for %s", block); @@ -2996,6 +2997,8 @@ void confserver_cb(struct gconffile **cf, char *block, char *opt, char *val) { "MatchCertificateAttribute", CONF_STR, &matchcertattr, "rewrite", CONF_STR, &rewrite, "StatusServer", CONF_BLN, &conf->statusserver, + "RetryDelay", CONF_LINT, &retrydelay, + "RetryCount", CONF_LINT, &retrycount, "CertificateNameCheck", CONF_BLN, &conf->certnamecheck, NULL ); @@ -3026,6 +3029,20 @@ void confserver_cb(struct gconffile **cf, char *block, char *opt, char *val) { free(tls); if (matchcertattr) free(matchcertattr); + + if (retrydelay != LONG_MIN) { + if (retrydelay < 1 || retrydelay > 60) + debugx(1, DBG_ERR, "error in block %s, value of option RetryDelay is %d, must be 1-60", block, retrydelay); + conf->retrydelay = (uint8_t)retrydelay; + } else + conf->retrydelay = REQUEST_RETRY_DELAY; + + if (retrycount != LONG_MIN) { + if (retrycount < 0 || retrycount > 10) + debugx(1, DBG_ERR, "error in block %s, value of option RetryCount is %d, must be 0-10", block, retrycount); + conf->retrycount = (uint8_t)retrycount; + } else + conf->retrycount = REQUEST_RETRY_COUNT; conf->rewrite = rewrite ? getrewrite(rewrite, NULL) : getrewrite("defaultserver", "default"); diff --git a/radsecproxy.h b/radsecproxy.h index a8326cb..4bbbead 100644 --- a/radsecproxy.h +++ b/radsecproxy.h @@ -15,8 +15,8 @@ #define DEFAULT_TLS_SECRET "mysecret" #define DEFAULT_UDP_PORT "1812" #define DEFAULT_TLS_PORT "2083" -#define REQUEST_EXPIRY 20 -#define REQUEST_RETRIES 3 +#define REQUEST_RETRY_DELAY 5 +#define REQUEST_RETRY_COUNT 2 #define MAX_CERT_DEPTH 5 #define STATUS_SERVER_PERIOD 25 #define RAD_Access_Request 1 @@ -86,6 +86,8 @@ struct clsrvconf { regex_t *rewriteattrregex; char *rewriteattrreplacement; uint8_t statusserver; + uint8_t retrydelay; + uint8_t retrycount; uint8_t certnamecheck; SSL_CTX *ssl_ctx; struct rewrite *rewrite; |