[PATCH] Use a random initial value for next_radius_identifier so that the identifier is less likely to be reused when multiple hostapd instances are running that will appear to a RADIUS server as being from the same NAS.
Jouni Malinen
j at w1.fi
Sun Sep 18 11:29:15 PDT 2016
On Wed, Jul 27, 2016 at 01:36:31PM +0100, Nick Lowe wrote:
> Note: This is a largely cosmetic change as the UDP port will differ
> and the Linux kernel will, these days, randomise the UDP port.
>
> It potentially avoids a conceptual race in older versions of the Linux
> kernel that are still in use:
>
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=32c1da70810017a98aa6c431a5494a302b6b9a30
I'm not sure I really understand the point of this change.. What is the
case where this could help in making it less likely for RADIUS messages
to look as if being from the same NAS? If there are multiple hostapd
instances running, wouldn't each get their own UDP source port? The
RADIUS identifier is of importance when there are multiple parallel
requests from the same IP address and UDP port, but that shouldn't
really be the case for the multiple instances case mentioned in the
commit message. This is regardless of whether the kernel selects a
random source port for the UDP socket.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list