Re: [PATCH] Use a random initial value for next_radius_identifier so that the identifier is less likely to be reused when multiple hostapd instances are running that will appear to a RADIUS server as being from the same NAS.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jul 27, 2016 at 01:36:31PM +0100, Nick Lowe wrote:
> Note: This is a largely cosmetic change as the UDP port will differ
> and the Linux kernel will, these days, randomise the UDP port.
> 
> It potentially avoids a conceptual race in older versions of the Linux
> kernel that are still in use:
> 
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=32c1da70810017a98aa6c431a5494a302b6b9a30

I'm not sure I really understand the point of this change.. What is the
case where this could help in making it less likely for RADIUS messages
to look as if being from the same NAS? If there are multiple hostapd
instances running, wouldn't each get their own UDP source port? The
RADIUS identifier is of importance when there are multiple parallel
requests from the same IP address and UDP port, but that shouldn't
really be the case for the multiple instances case mentioned in the
commit message. This is regardless of whether the kernel selects a
random source port for the UDP socket.

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux