diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-05-28 22:06:54 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-05-28 22:06:54 +0000 |
commit | 09086136c9e26b0c97edbac7d0b78624a29e381a (patch) | |
tree | d281bfcad7a6f2d7b92e25ccf0809d85048ece02 /usr/local/captiveportal | |
parent | 5e4a316d9eafa5df369621fac39c5ece992e930d (diff) | |
download | pfsense-09086136c9e26b0c97edbac7d0b78624a29e381a.zip pfsense-09086136c9e26b0c97edbac7d0b78624a29e381a.tar.gz |
Swap images
Diffstat (limited to 'usr/local/captiveportal')
-rwxr-xr-x | usr/local/captiveportal/index.php | 65 |
1 files changed, 9 insertions, 56 deletions
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index c51c073..cd37ff5 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -62,7 +62,7 @@ if (!$clientmac && !isset($config['captiveportal']['nomacfilter'])) { } if ($clientmac && portal_mac_fixed($clientmac)) { - /* punch hole in ipfw for pass thru mac addresses */ + /* punch hole in pf table and allow thru ip for the mac addresses */ // KEYCOM: passthru mac bandwidth control] if (isset($config['captiveportal']['peruserbw'])) { portal_allow($clientip, $clientmac, "unauthenticated",$config['captiveportal']['bwauthmacup'],$config['captiveportal']['bwauthmacdn']); @@ -203,50 +203,13 @@ function portal_allow($clientip,$clientmac,$clientuser,$bw_up,$bw_down) { /* user has accepted AUP - let him in */ portal_lock(); - - /* get next ipfw rule number */ - if (file_exists("{$g['vardb_path']}/captiveportal.nextrule")) - $ruleno = trim(file_get_contents("{$g['vardb_path']}/captiveportal.nextrule")); - if (!$ruleno) - $ruleno = 10000; /* first rule number */ - $saved_ruleno = $ruleno; + $saved_ruleno = $clientip; /* generate unique session ID */ $tod = gettimeofday(); $sessionid = substr(md5(mt_rand() . $tod['sec'] . $tod['usec'] . $clientip . $clientmac), 0, 16); - - /* add ipfw rules for layer 3 */ - exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from $clientip to any in"); - exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out"); - - /* KEYCOM: add ipfw rules for dummynet based on bw_up and bw_down */ - //we're just copying them by adding on some and hoping no collision will occur - //2000 users would be expecting a bit much from a WAP ;) - - //we're using fixed rule numbers which are 'a step above' the m0n0 ones - //this makes sure we always know where our rules are, and taht they are deleted when m0n0's are - //they're set so they shouldn't hit anything important, and also so they are in roughly the right position in the fw. - - //of course, we only need to do this if it's enabled in the config - if (isset($config['captiveportal']['peruserbw'])) { - $up_rule_number = $ruleno + 40500; - $down_rule_number = $ruleno + 45500; - $lanif = $config['interfaces']['lan']['if']; - exec("/sbin/ipfw add $up_rule_number set 4 pipe $up_rule_number ip from $clientip to any via $lanif"); - exec("/sbin/ipfw add $down_rule_number set 4 pipe $down_rule_number ip from any to $clientip via $lanif"); - exec("/sbin/ipfw pipe $up_rule_number config bw " . trim($bw_up) . "Kbit/s queue 10"); - exec("/sbin/ipfw pipe $down_rule_number config bw " . trim($bw_down) . "Kbit/s queue 10"); - } - /* done */ - - /* add ipfw rules for layer 2 */ - if (!isset($config['captiveportal']['nomacfilter'])) { - $l2ruleno = $ruleno + 10000; - exec("/sbin/ipfw add $l2ruleno set 3 deny all from $clientip to any not MAC any $clientmac layer2 in"); - exec("/sbin/ipfw add $l2ruleno set 3 deny all from any to $clientip not MAC $clientmac any layer2 out"); - } - + /* read in client database */ $cpdb = array(); @@ -276,14 +239,7 @@ function portal_allow($clientip,$clientmac,$clientuser,$bw_up,$bw_down) { $radiusservers[0]['key'], $clientip); } - //KEYCOM: we need to delete +40500 and +45500 as well... - //these are the rule numbers we use to control traffic shaping for each logged in user via captive portal - mwexec("/sbin/ipfw delete " . $cpdb[$i][1]); - //we only need to remove our rules if peruserbw is turned on. - if(isset($config['captiveportal']['peruserbw'])) { - mwexec("/sbin/ipfw delete " . ($cpdb[$i][1]+40500)); - mwexec("/sbin/ipfw delete " . ($cpdb[$i][1]+45500)); - } + mwexec("/sbin/pfctl -t captiveportal -T delete {$clientip}"); unset($cpdb[$i]); break; } @@ -312,6 +268,8 @@ function portal_allow($clientip,$clientmac,$clientuser,$bw_up,$bw_down) { portal_unlock(); + mwexec("/sbin/pfctl -t captiveportal -T add {$_ENV['REMOTE_ADDR']}"); + /* redirect user to desired destination */ if ($config['captiveportal']['redirurl']) $redirurl = $config['captiveportal']['redirurl']; @@ -449,7 +407,7 @@ function disconnect_client($sessionid) { /* find entry */ for ($i = 0; $i < count($cpdb); $i++) { if ($cpdb[$i][5] == $sessionid) { - /* this client needs to be deleted - remove ipfw rules */ + /* this client needs to be deleted - remove pf table item */ if(isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) { RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno $cpdb[$i][4], // username @@ -460,12 +418,7 @@ function disconnect_client($sessionid) { $radiusservers[0]['key'], $clientip); } - //again we need to remve +40500 and +45500 as well, if they exist - mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000)); - if(isset($config['captiveportal']['peruserbw'])) { - mwexec("/sbin/ipfw delete " . ($cpdb[$i][1]+40500)); - mwexec("/sbin/ipfw delete " . ($cpdb[$i][1]+45500)); - } + mwexec("/sbin/pfctl -t captiveportal -T delete {$clientip}"); unset($cpdb[$i]); break; } @@ -482,4 +435,4 @@ function disconnect_client($sessionid) { portal_unlock(); } -?> +?>
\ No newline at end of file |