1 files changed, 50 insertions, 1 deletions

diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc
index 453a7be..25aa84f 100644
--- a/etc/inc/captiveportal.inc
+++ b/etc/inc/captiveportal.inc
@@ -822,7 +822,8 @@ function captiveportal_prune_old() {
 					captiveportal_disconnect($cpentry, $radiusservers, 17);
 					captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "RADIUS_DISCONNECT", $auth_list['reply_message']);
 					$unsetindexes[] = $cpentry[5];
-				}
+				} else if ($auth_list['auth_val'] == 2)
+					captiveportal_reapply_attributes($cpentry, $auth_list);
 			}
 		}
 	}
@@ -1674,6 +1675,54 @@ function portal_mac_radius($clientmac,$clientip) {
     return FALSE;
 }
 
+function captiveportal_reapply_attributes($cpentry, $attributes) {
+	global $config, $cpzone;
+                         
+        /* Add rules for traffic shaping
+         * We don't need to add extra rules since traffic will pass due to the following kernel option
+         * net.inet.ip.fw.one_pass: 1
+         */
+        $peruserbw = isset($config['captiveportal']['peruserbw']);
+                
+        $bw_up = isset($attributes['bw_up']) ? round(intval($attributes['bw_up'])/1000, 2) : 0;
+        $bw_down = isset($attributes['bw_down']) ? round(intval($attributes['bw_down'])/1000, 2) : 0;
+        $bw_up_pipeno = $cpentry[1]+20000;
+        $bw_down_pipeno = $cpentry[1]+20001;
+        $commands = "";
+
+        if ($peruserbw && !empty($bw_up) && is_numeric($bw_up)) {
+                $commands .= "pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100\n";
+        
+                if (!isset($config['captiveportal']['nomacfilter'])) {
+                        $commands .= "table 1 del {$cpentry[2]} mac {$cpentry[3]}\n";
+                        $commands .= "table 1 add {$cpentry[2]} mac {$cpentry[3]} {$bw_up_pipeno}\n";
+                } else {
+                        $commands .= "table 1 del {$cpentry[2]}\n";
+                        $commands .= "table 1 add {$cpentry[2]} {$bw_up_pipeno}\n";
+                }
+        }
+        if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) {
+                $commands .= "pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100\n";
+                        
+                if (!isset($config['captiveportal']['nomacfilter'])) {
+                        $commands .= "table 2 del {$cpentry[2]} mac {$cpentry[3]}\n";
+                        $commands .= "table 2 add {$cpentry[2]} mac {$cpentry[3]} {$bw_down_pipeno}\n";
+                } else {
+                        $commands .= "table 2 del {$cpentry[2]}\n";
+                        $commands .= "table 2 add {$cpentry[2]} {$bw_down_pipeno}\n";
+                }
+        }
+
+        if (!empty($commands)) {
+                @file_put_contents("{$g['tmp_path']}/reattribute.rule.tmp", $commands);
+		captiveportal_ipfw_set_context($cpzone);
+                mwexec("/sbin/ipfw -q {$g['tmp_path']}/tmprules.rules");
+                captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "RADIUS_BANDWIDTH_REAPPLY", "{$bw_up}/{$bw_down}");
+        }
+
+        unset($bw_up_pipeno, $bw_Down_pipeno, $bw_up, $bw_down);
+}
+
 function portal_allow($clientip,$clientmac,$username,$password = null, $attributes = null, $ruleno = null, $radiusctx = null)  {
 
 	global $redirurl, $g, $config, $type, $passthrumac, $_POST, $cpzone;