diff options
author | jim-p <jimp@pfsense.org> | 2016-01-28 14:02:12 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2016-01-28 14:03:27 -0500 |
commit | ab225849ced6756452b0244abb9d42db4830b68f (patch) | |
tree | 4e5711163507f85a9ff8dce32bc011bd71127f7d | |
parent | c523175841ac6199bf7bf4b76151fc4518896cf4 (diff) | |
download | pfsense-ab225849ced6756452b0244abb9d42db4830b68f.zip pfsense-ab225849ced6756452b0244abb9d42db4830b68f.tar.gz |
Add option for FreeRADIUS-friendly stop/start RADIUS accounting updates.
It needs a sleep between the stop and start, and it needs slightly different figures for start/stop time in the request.
-rw-r--r-- | src/etc/inc/captiveportal.inc | 19 | ||||
-rw-r--r-- | src/usr/local/www/services_captiveportal.php | 14 |
2 files changed, 27 insertions, 6 deletions
diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc index 78f1eb1..1d173fe 100644 --- a/src/etc/inc/captiveportal.inc +++ b/src/etc/inc/captiveportal.inc @@ -742,19 +742,32 @@ function captiveportal_prune_old() { /* do periodic RADIUS reauthentication? */ if (!$timedout && !empty($radiusservers)) { if (isset($cpcfg['radacct_enable'])) { - if ($cpcfg['reauthenticateacct'] == "stopstart") { + if (substr($cpcfg['reauthenticateacct'], 0, 9) == "stopstart") { /* stop and restart accounting */ + if ($cpcfg['reauthenticateacct'] == "stopstartfreeradius") { + $rastart_time = 0; + $rastop_time = 60; + } else { + $rastart_time = $cpentry[0]; + $rastop_time = null; + } RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno $cpentry[4], // username $cpentry[5], // sessionid - $cpentry[0], // start time + $rastart_time, // start time $radiusservers, $cpentry[2], // clientip $cpentry[3], // clientmac - 10); // NAS Request + 10, // NAS Request + false, // Not an interim request + $rastop_time); // Stop Time $clientsn = (is_ipaddrv6($cpentry[2])) ? 128 : 32; $_gb = @pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XZEROENTRY, 1, $cpentry[2], $clientsn, $cpentry[3]); $_gb = @pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XZEROENTRY, 2, $cpentry[2], $clientsn, $cpentry[3]); + if ($cpcfg['reauthenticateacct'] == "stopstartfreeradius") { + /* Need to pause here or the FreeRADIUS server gets confused about packet ordering. */ + sleep(1); + } RADIUS_ACCOUNTING_START($cpentry[1], // ruleno $cpentry[4], // username $cpentry[5], // sessionid diff --git a/src/usr/local/www/services_captiveportal.php b/src/usr/local/www/services_captiveportal.php index c3076da..21eacd2 100644 --- a/src/usr/local/www/services_captiveportal.php +++ b/src/usr/local/www/services_captiveportal.php @@ -919,7 +919,7 @@ $group = new Form_Group('Accounting updates'); $group->add(new Form_Checkbox( 'reauthenticateacct', null, - 'No Accounting updates', + 'No updates', $pconfig['reauthenticateacct'] == "", "" ))->displayasRadio(); @@ -927,7 +927,7 @@ $group->add(new Form_Checkbox( $group->add(new Form_Checkbox( 'reauthenticateacct', null, - 'Stop/start Accounting', + 'Stop/Start', $pconfig['reauthenticateacct'] == 'stopstart', "stopstart" ))->displayasRadio(); @@ -935,7 +935,15 @@ $group->add(new Form_Checkbox( $group->add(new Form_Checkbox( 'reauthenticateacct', null, - 'Interim update', + 'Stop/Start (FreeRADIUS)', + $pconfig['reauthenticateacct'] == 'stopstartfreeradius', + "stopstartfreeradius" +))->displayasRadio(); + +$group->add(new Form_Checkbox( + 'reauthenticateacct', + null, + 'Interim', $pconfig['reauthenticateacct'] == 'interimupdate', "interimupdate" ))->displayasRadio(); |