This commit changes the failover behavior of RADIUS client. Commit 27ebadccfb2 ("RADIUS client: Cease endless retry for message for multiple servers") changed the retry logic, causing RADIUS client to wait RADIUS_CLIENT_NUM_FAILOVER + 1 timeouts before failing over the first time. Prior to that commit, RADIUS client would wait RADIUS_CLIENT_NUM_FAILOVER timeouts before each failover. This was caused by moving the entry->attempts > RADIUS_CLIENT_NUM_FAILOVER comparison to before the retry attempt, where entry->attempts is incremented. The commit in question set entry->attempts in radius_change_server to 1 instead of 0, so RADIUS client would still only wait RADIUS_CLIENT_NUM_FAILOVER timeouts for subsequent failovers, the same as the original behavior. This commit changes the comparison so the initial failover now happens after waiting RADIUS_CLIENT_NUM_FAILOVER timeouts, as it did originally. It also changes the RADIUS_CLIENT_MAX_FAILOVER comparison to prevent an additional attempt to the primary server after the final failover. Signed-off-by: Ethan Everett <ethan.everett@xxxxxxxxxx> --- src/radius/radius_client.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c index a3db4048c..2b7a604ed 100644 --- a/src/radius/radius_client.c +++ b/src/radius/radius_client.c @@ -457,7 +457,7 @@ static int radius_client_retransmit(struct radius_client_data *radius, } /* retransmit; remove entry if too many attempts */ - if (entry->accu_attempts > RADIUS_CLIENT_MAX_FAILOVER * + if (entry->accu_attempts >= RADIUS_CLIENT_MAX_FAILOVER * RADIUS_CLIENT_NUM_FAILOVER * num_servers) { wpa_printf(MSG_INFO, "RADIUS: Removing un-ACKed message due to too many failed retransmit attempts"); @@ -507,7 +507,7 @@ static void radius_client_timer(void *eloop_ctx, void *timeout_ctx) if (now.sec >= entry->next_try) { s = entry->msg_type == RADIUS_AUTH ? radius->auth_sock : radius->acct_sock; - if (entry->attempts > RADIUS_CLIENT_NUM_FAILOVER || + if (entry->attempts >= RADIUS_CLIENT_NUM_FAILOVER || (s < 0 && entry->attempts > 0)) { if (entry->msg_type == RADIUS_ACCT || entry->msg_type == RADIUS_ACCT_INTERIM) @@ -1116,7 +1116,7 @@ radius_change_server(struct radius_client_data *radius, (!auth && entry->msg_type != RADIUS_ACCT)) continue; entry->next_try = entry->first_try + RADIUS_CLIENT_FIRST_WAIT; - entry->attempts = 1; + entry->attempts = 0; entry->next_wait = RADIUS_CLIENT_FIRST_WAIT * 2; } -- 2.20.1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap