diff options
| author | Ermal <eri@pfsense.org> | 2012-05-22 20:59:40 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2012-05-22 20:59:40 +0000 |
| commit | aec0f2fd54bcd617ad469db67fe34937f339936e (patch) | |
| tree | 63fc74ace2dc5b23f232f0d7d9d1b4c58aa954ed /etc/inc | |
| parent | 5c0b5f64f2f940e2e9fdea1b251c1fbd8a0cdf0c (diff) | |
| download | pfsense-aec0f2fd54bcd617ad469db67fe34937f339936e.zip pfsense-aec0f2fd54bcd617ad469db67fe34937f339936e.tar.gz | |
If extra bw attributes are supplied during reauthentication apply and log them
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/captiveportal.inc | 51 |
1 files changed, 50 insertions, 1 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 453a7be..25aa84f 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -822,7 +822,8 @@ function captiveportal_prune_old() { captiveportal_disconnect($cpentry, $radiusservers, 17); captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "RADIUS_DISCONNECT", $auth_list['reply_message']); $unsetindexes[] = $cpentry[5]; - } + } else if ($auth_list['auth_val'] == 2) + captiveportal_reapply_attributes($cpentry, $auth_list); } } } @@ -1674,6 +1675,54 @@ function portal_mac_radius($clientmac,$clientip) { return FALSE; } +function captiveportal_reapply_attributes($cpentry, $attributes) { + global $config, $cpzone; + + /* Add rules for traffic shaping + * We don't need to add extra rules since traffic will pass due to the following kernel option + * net.inet.ip.fw.one_pass: 1 + */ + $peruserbw = isset($config['captiveportal']['peruserbw']); + + $bw_up = isset($attributes['bw_up']) ? round(intval($attributes['bw_up'])/1000, 2) : 0; + $bw_down = isset($attributes['bw_down']) ? round(intval($attributes['bw_down'])/1000, 2) : 0; + $bw_up_pipeno = $cpentry[1]+20000; + $bw_down_pipeno = $cpentry[1]+20001; + $commands = ""; + + if ($peruserbw && !empty($bw_up) && is_numeric($bw_up)) { + $commands .= "pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100\n"; + + if (!isset($config['captiveportal']['nomacfilter'])) { + $commands .= "table 1 del {$cpentry[2]} mac {$cpentry[3]}\n"; + $commands .= "table 1 add {$cpentry[2]} mac {$cpentry[3]} {$bw_up_pipeno}\n"; + } else { + $commands .= "table 1 del {$cpentry[2]}\n"; + $commands .= "table 1 add {$cpentry[2]} {$bw_up_pipeno}\n"; + } + } + if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) { + $commands .= "pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100\n"; + + if (!isset($config['captiveportal']['nomacfilter'])) { + $commands .= "table 2 del {$cpentry[2]} mac {$cpentry[3]}\n"; + $commands .= "table 2 add {$cpentry[2]} mac {$cpentry[3]} {$bw_down_pipeno}\n"; + } else { + $commands .= "table 2 del {$cpentry[2]}\n"; + $commands .= "table 2 add {$cpentry[2]} {$bw_down_pipeno}\n"; + } + } + + if (!empty($commands)) { + @file_put_contents("{$g['tmp_path']}/reattribute.rule.tmp", $commands); + captiveportal_ipfw_set_context($cpzone); + mwexec("/sbin/ipfw -q {$g['tmp_path']}/tmprules.rules"); + captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "RADIUS_BANDWIDTH_REAPPLY", "{$bw_up}/{$bw_down}"); + } + + unset($bw_up_pipeno, $bw_Down_pipeno, $bw_up, $bw_down); +} + function portal_allow($clientip,$clientmac,$username,$password = null, $attributes = null, $ruleno = null, $radiusctx = null) { global $redirurl, $g, $config, $type, $passthrumac, $_POST, $cpzone; |
