diff options
author | Ermal <eri@pfsense.org> | 2010-04-20 18:32:59 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2010-04-20 18:32:59 +0000 |
commit | 1dbe445acc2b74c4a610e397c0c15031d99666e5 (patch) | |
tree | dc3b2f6fd668a6180fb8a009c9200e92cf6423c2 /usr | |
parent | 0d388969180882e133f0ec062b8da7cb9d969896 (diff) | |
download | pfsense-1dbe445acc2b74c4a610e397c0c15031d99666e5.zip pfsense-1dbe445acc2b74c4a610e397c0c15031d99666e5.tar.gz |
Use tables of ipfw for passthrough mac entries. This makes it scale way better than previously. Fix multiple entries on adding mac through entries automatically after login for the same user. The changes allow even pass through mac to be controlled from the Status->Captiveportal. Use serialize/unserialize on some files that keep temporary information to speed up calculations. Really allow mac passthrough to follow radius rules or time out rules when present.
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/captiveportal/index.php | 49 | ||||
-rwxr-xr-x | usr/local/www/services_captiveportal_ip_edit.php | 16 | ||||
-rwxr-xr-x | usr/local/www/services_captiveportal_mac.php | 6 | ||||
-rwxr-xr-x | usr/local/www/services_captiveportal_mac_edit.php | 2 |
4 files changed, 42 insertions, 31 deletions
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index c2f886c..17e3c2f 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -117,13 +117,11 @@ setTimeout('window.close();',5000) ; </HTML> EOD; -/* NOTE: This is not needed now that CP works only at layer2. - * The $macfilter can be removed safely since we first check if the $clientmac is present, if not we fail +/* The $macfilter can be removed safely since we first check if the $clientmac is present, if not we fail */ } else if ($clientmac && portal_mac_fixed($clientmac)) { - // punch hole in ipfw for pass thru mac addresses + /* punch hole in ipfw for pass thru mac addresses */ portal_allow($clientip, $clientmac, "unauthenticated"); exit; -*/ } else if ($clientmac && $radmac_enable && portal_mac_radius($clientmac,$clientip)) { /* radius functions handle everything so we exit here since we're done */ @@ -322,13 +320,22 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut */ $peruserbw = isset($config['captiveportal']['peruserbw']); $passthrumacadd = isset($config['captiveportal']['passthrumacadd']); - - $bw_up = isset($attributes['bw_up']) ? trim($attributes['bw_up']) : $config['captiveportal']['bwdefaultup']; - $bw_down = isset($attributes['bw_down']) ? trim($attributes['bw_down']) : $config['captiveportal']['bwdefaultdn']; + $portalmac = NULL; + if (!empty($clientmac)) { + $portalmac = portal_mac_fixed($clientmac); + if ($portalmac) { + $attributes['bw_up'] = $portalmac['bw_up']; + $attributes['bw_down'] = $portalmac['bw_down']; + } + } - if ($passthrumacadd) { + $bw_up = isset($attributes['bw_up']) ? trim($attributes['bw_up']) : $config['captiveportal']['bwdefaultup']; + $bw_down = isset($attributes['bw_down']) ? trim($attributes['bw_down']) : $config['captiveportal']['bwdefaultdn']; + + if ($passthrumacadd && $portalmac == NULL) { $mac = array(); $mac['mac'] = $clientmac; + $mac['descr'] = "Auto added mac passthrough with user {$username}"; if (!empty($bw_up)) $mac['bw_up'] = $bw_up; if (!empty($bw_down)) @@ -343,18 +350,13 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut $bw_up_pipeno = $ruleno + 20000; //$bw_up /= 1000; // Scale to Kbit/s mwexec("/sbin/ipfw pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100"); - mwexec("echo 'pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100' > /tmp/testing"); - if ($passthrumacadd) { - mwexec("/sbin/ipfw add {$ruleno} pipe {$bw_up_pipeno} ip from any to any MAC {$clientmac} any"); - } else if (!isset($config['captiveportal']['nomacfilter'])) + if (!isset($config['captiveportal']['nomacfilter']) || $passthrumacadd) mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac} {$bw_up_pipeno}"); else mwexec("/sbin/ipfw table 1 add {$clientip} {$bw_up_pipeno}"); } else { - if ($passthrumacadd) { - mwexec("/sbin/ipfw add {$ruleno} allow ip from any to any MAC {$clientmac} any"); - } else if (!isset($config['captiveportal']['nomacfilter'])) + if (!isset($config['captiveportal']['nomacfilter']) || $passthrumacadd) mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac}"); else mwexec("/sbin/ipfw table 1 add {$clientip}"); @@ -362,21 +364,14 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) { $bw_down_pipeno = $ruleno + 20001; //$bw_down /= 1000; // Scale to Kbit/s - mwexec("/sbin/ipfw pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100"); - mwexec("echo 'pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100' > /tmp/testing"); + mwexec("/sbin/ipfw pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100"); - if ($passthrumacadd) { - $ruledown = $ruleno + 1; - mwexec("/sbin/ipfw add {$ruledown} pipe {$bw_down_pipeno} ip from any to any MAC any {$clientmac}"); - } else if (!isset($config['captiveportal']['nomacfilter'])) + if (!isset($config['captiveportal']['nomacfilter']) || $passthrumacadd) mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac} {$bw_down_pipeno}"); else mwexec("/sbin/ipfw table 2 add {$clientip} {$bw_down_pipeno}"); } else { - if ($passthrumacadd) { - $ruledown = $ruleno + 1; - mwexec("/sbin/ipfw add {$ruleno} allow ip from any to any MAC {$clientmac} any"); - } else if (!isset($config['captiveportal']['nomacfilter'])) + if (!isset($config['captiveportal']['nomacfilter']) || $passthrumacadd) mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac}"); else mwexec("/sbin/ipfw table 2 add {$clientip}"); @@ -411,8 +406,10 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut if ($captiveshouldunlock == true) unlock($cplock); - if ($writecfg == true) + if ($writecfg == true) { write_config(); + captiveportal_passthrumac_configure(true); + } /* redirect user to desired destination */ if ($url_redirection) diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php index 4e1b661..977ba9f 100755 --- a/usr/local/www/services_captiveportal_ip_edit.php +++ b/usr/local/www/services_captiveportal_ip_edit.php @@ -118,7 +118,21 @@ if ($_POST) { write_config(); if (isset($config['captiveportal']['enable'])) { - mwexec("/sbin/ipfw table 1 add " . $ip['ip']); + $bwup = ""; + $bwdown = ""; + $ruleno = captiveportal_get_next_ipfw_ruleno(); + if (!empty($ip['bw_up'])) { + $pipeno = $ruleno + 20000; + mwexec("/sbin/ipfw pipe {$pipeno} config bw {$ip['bw_up']}Kbit/s queue 100") + $bwup = "pipe {$pipeno}"; + } + if (!empty($ip['bw_down'])) { + $pipeno = $ruleno + 20001; + mwexec("/sbin/ipfw pipe {$pipeno} config bw {$ip['bw_down']}Kbit/s queue 100") + $bwdown = "pipe {$pipeno}"; + } + mwexec("/sbin/ipfw table 1 add {$ip['ip']} {$bwup}"); + mwexec("/sbin/ipfw table 2 add {$ip['ip']} {$bwdown}"); } header("Location: services_captiveportal_ip.php"); diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php index ca900bf..b689a81 100755 --- a/usr/local/www/services_captiveportal_mac.php +++ b/usr/local/www/services_captiveportal_mac.php @@ -59,8 +59,8 @@ if ($_POST) { $retval = 0; $rules = captiveportal_passthrumac_configure(); - file_put_contents("{$g['tmp_path']}/passthru.mac", $rules); - mwexec("/sbin/ipfw {$g['tmp_path']}/passthru.mac"); + //file_put_contents("{$g['tmp_path']}/passthru.mac", $rules); + //mwexec("/sbin/ipfw {$g['tmp_path']}/passthru.mac"); $savemsg = get_std_save_message($retval); if ($retval == 0) @@ -80,7 +80,7 @@ if ($_GET['act'] == "del") { unset($a_passthrumacs[$_GET['id']]); write_config(); header("Location: services_captiveportal_mac.php"); - //mark_subsystem_dirty('passthrumac'); + mark_subsystem_dirty('passthrumac'); exit; } } diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php index f618d47..70049cd 100755 --- a/usr/local/www/services_captiveportal_mac_edit.php +++ b/usr/local/www/services_captiveportal_mac_edit.php @@ -120,7 +120,7 @@ if ($_POST) { write_config(); - //mark_subsystem_dirty('passthrumac'); + mark_subsystem_dirty('passthrumac'); header("Location: services_captiveportal_mac.php"); exit; |