diff options
author | jim-p <jimp@pfsense.org> | 2016-01-28 14:02:12 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2016-01-28 14:03:27 -0500 |
commit | ab225849ced6756452b0244abb9d42db4830b68f (patch) | |
tree | 4e5711163507f85a9ff8dce32bc011bd71127f7d /src/etc | |
parent | c523175841ac6199bf7bf4b76151fc4518896cf4 (diff) | |
download | pfsense-ab225849ced6756452b0244abb9d42db4830b68f.zip pfsense-ab225849ced6756452b0244abb9d42db4830b68f.tar.gz |
Add option for FreeRADIUS-friendly stop/start RADIUS accounting updates.
It needs a sleep between the stop and start, and it needs slightly different figures for start/stop time in the request.
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/captiveportal.inc | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc index 78f1eb1..1d173fe 100644 --- a/src/etc/inc/captiveportal.inc +++ b/src/etc/inc/captiveportal.inc @@ -742,19 +742,32 @@ function captiveportal_prune_old() { /* do periodic RADIUS reauthentication? */ if (!$timedout && !empty($radiusservers)) { if (isset($cpcfg['radacct_enable'])) { - if ($cpcfg['reauthenticateacct'] == "stopstart") { + if (substr($cpcfg['reauthenticateacct'], 0, 9) == "stopstart") { /* stop and restart accounting */ + if ($cpcfg['reauthenticateacct'] == "stopstartfreeradius") { + $rastart_time = 0; + $rastop_time = 60; + } else { + $rastart_time = $cpentry[0]; + $rastop_time = null; + } RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno $cpentry[4], // username $cpentry[5], // sessionid - $cpentry[0], // start time + $rastart_time, // start time $radiusservers, $cpentry[2], // clientip $cpentry[3], // clientmac - 10); // NAS Request + 10, // NAS Request + false, // Not an interim request + $rastop_time); // Stop Time $clientsn = (is_ipaddrv6($cpentry[2])) ? 128 : 32; $_gb = @pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XZEROENTRY, 1, $cpentry[2], $clientsn, $cpentry[3]); $_gb = @pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XZEROENTRY, 2, $cpentry[2], $clientsn, $cpentry[3]); + if ($cpcfg['reauthenticateacct'] == "stopstartfreeradius") { + /* Need to pause here or the FreeRADIUS server gets confused about packet ordering. */ + sleep(1); + } RADIUS_ACCOUNTING_START($cpentry[1], // ruleno $cpentry[4], // username $cpentry[5], // sessionid |