summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--etc/inc/captiveportal.inc81
-rwxr-xr-xusr/local/captiveportal/index.php49
-rwxr-xr-xusr/local/www/services_captiveportal_ip_edit.php16
-rwxr-xr-xusr/local/www/services_captiveportal_mac.php6
-rwxr-xr-xusr/local/www/services_captiveportal_mac_edit.php2
5 files changed, 55 insertions, 99 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc
index c7095d6..b5bc8ac 100644
--- a/etc/inc/captiveportal.inc
+++ b/etc/inc/captiveportal.inc
@@ -126,8 +126,7 @@ function captiveportal_configure() {
$cprules = captiveportal_rules_generate($cpinterface, $cpips);
$cprules .= "\n";
/* generate passthru mac database */
- $cprules .= captiveportal_passthrumac_configure(true);
- $cprules .= "\n";
+ captiveportal_passthrumac_configure(true);
/* allowed ipfw rules to make allowed ip work */
$cprules .= captiveportal_allowedip_configure();
@@ -485,10 +484,6 @@ function captiveportal_prune_old() {
$timedout = false;
$term_cause = 1;
- /* no pruning for fixed mac address entry */
- if (portal_mac_fixed($cpdb[$i][3])) {
- continue; // check next value
- }
/* hard timeout? */
if ($timeout) {
if ((time() - $cpdb[$i][0]) >= $timeout) {
@@ -627,6 +622,7 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t
/* Delete client's ip entry from tables 3 and 4. */
mwexec("/sbin/ipfw table 1 delete {$dbent[2]}");
mwexec("/sbin/ipfw table 2 delete {$dbent[2]}");
+
/* Release the ruleno so it can be reallocated to new clients. */
captiveportal_free_ipfw_ruleno($dbent[1]);
@@ -712,64 +708,22 @@ function captiveportal_passthrumac_configure($lock = false) {
/* clear out passthru macs, if necessary */
unlink_if_exists("{$g['vardb_path']}/captiveportal_mac.db");
- $rules = "";
if (is_array($config['captiveportal']['passthrumac'])) {
-
- $fd = @fopen("{$g['vardb_path']}/captiveportal_mac.db", "w");
- if (!$fd) {
- printf("Error: cannot open passthru mac DB file in captiveportal_passthrumac_configure().\n");
- unlock($captiveportallck);
- return 1;
- }
-
- $peruserbw = isset($config['captiveportal']['peruserbw']);
- $macdb = "";
+ $macdb = array();
foreach ($config['captiveportal']['passthrumac'] as $macent) {
- $ruleno = captiveportal_get_next_ipfw_ruleno();
-
- $macdb .= $macent['mac'] . "\n";
-
- /* pfSense:
- * pass through mac entries should always exist. the reason
- * for this is because we do not have native mac address filtering
- * mechanisms. this allows us to filter by mac address easily
- * and get around this limitation. I consider this a bug in
- * m0n0wall and pfSense as m0n0wall does not have native mac
- * filtering mechanisms as well. -Scott Ullrich
- *
- * Add rules for traffic shaping.
- * This assumes that net.inet.ip.fw.one_pass: 1 is set.
- */
-
- $actionup = "allow";
- $actiondown = "allow";
- if ($peruserbw) {
- $bw_up = isset($macent['bw_up']) ? trim($macent['bw_up']) : $config['captiveportal']['bwdefaultup'];
- $bw_down = isset($macent['bw_down']) ? trim($macent['bw_down']) : $config['captiveportal']['bwdefaultdn'];
- if (!empty($bw_up) && is_numeric($bw_up)) {
- $bw_up_pipeno = $ruleno + 20000;
- $rules .= "pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100\n";
- $actionup = "pipe {$bw_up_pipeno}";
- }
- if (!empty($bw_down) && is_numeric($bw_down)) {
- $bw_down_pipeno = $ruleno + 20001;
- $rules .= "pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100\n";
- $actiondown = "pipe {$bw_down_pipeno}";
- }
- }
- $rules .= "add {$ruleno} {$actionup} ip from any to any MAC {$macent['mac']} any\n";
- $ruleno++;
- $rules .= "add {$ruleno} {$actiondown} ip from any to any MAC any {$macent['mac']}\n";
+ $macdb[$macent['mac']]['active'] = true;
+ if (isset($macent['bw_up']))
+ $macdb[$macent['mac']]['bw_up'] = $macent['bw_up'];
+ if (isset($macent['bw_down']))
+ $macdb[$macent['mac']]['bw_down'] = $macent['bw_down'];
+
}
/* record passthru MACs so can be recognized and let thru */
- fwrite($fd, $macdb);
- fclose($fd);
+ file_put_contents("{$g['vardb_path']}/captiveportal_mac.db", serialize($macdb));
}
if (!$lock)
unlock($captiveportallck);
-
- return $rules;
}
function captiveportal_allowedip_configure() {
@@ -1139,18 +1093,9 @@ function portal_mac_fixed($clientmac) {
/* open captive portal mac db */
if (file_exists("{$g['vardb_path']}/captiveportal_mac.db")) {
- $fd = @fopen("{$g['vardb_path']}/captiveportal_mac.db","r") ;
- if (!$fd) {
- return FALSE;
- }
- while (!feof($fd)) {
- $mac = trim(fgets($fd)) ;
- if(strcasecmp($clientmac, $mac) == 0) {
- fclose($fd) ;
- return TRUE ;
- }
- }
- fclose($fd) ;
+ $macdb = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal_mac.db"));
+ if (isset($macdb[$clientmac]))
+ return $macdb[$clientmac];
}
return FALSE ;
}
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php
index c2f886c..17e3c2f 100755
--- a/usr/local/captiveportal/index.php
+++ b/usr/local/captiveportal/index.php
@@ -117,13 +117,11 @@ setTimeout('window.close();',5000) ;
</HTML>
EOD;
-/* NOTE: This is not needed now that CP works only at layer2.
- * The $macfilter can be removed safely since we first check if the $clientmac is present, if not we fail
+/* The $macfilter can be removed safely since we first check if the $clientmac is present, if not we fail */
} else if ($clientmac && portal_mac_fixed($clientmac)) {
- // punch hole in ipfw for pass thru mac addresses
+ /* punch hole in ipfw for pass thru mac addresses */
portal_allow($clientip, $clientmac, "unauthenticated");
exit;
-*/
} else if ($clientmac && $radmac_enable && portal_mac_radius($clientmac,$clientip)) {
/* radius functions handle everything so we exit here since we're done */
@@ -322,13 +320,22 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
*/
$peruserbw = isset($config['captiveportal']['peruserbw']);
$passthrumacadd = isset($config['captiveportal']['passthrumacadd']);
-
- $bw_up = isset($attributes['bw_up']) ? trim($attributes['bw_up']) : $config['captiveportal']['bwdefaultup'];
- $bw_down = isset($attributes['bw_down']) ? trim($attributes['bw_down']) : $config['captiveportal']['bwdefaultdn'];
+ $portalmac = NULL;
+ if (!empty($clientmac)) {
+ $portalmac = portal_mac_fixed($clientmac);
+ if ($portalmac) {
+ $attributes['bw_up'] = $portalmac['bw_up'];
+ $attributes['bw_down'] = $portalmac['bw_down'];
+ }
+ }
- if ($passthrumacadd) {
+ $bw_up = isset($attributes['bw_up']) ? trim($attributes['bw_up']) : $config['captiveportal']['bwdefaultup'];
+ $bw_down = isset($attributes['bw_down']) ? trim($attributes['bw_down']) : $config['captiveportal']['bwdefaultdn'];
+
+ if ($passthrumacadd && $portalmac == NULL) {
$mac = array();
$mac['mac'] = $clientmac;
+ $mac['descr'] = "Auto added mac passthrough with user {$username}";
if (!empty($bw_up))
$mac['bw_up'] = $bw_up;
if (!empty($bw_down))
@@ -343,18 +350,13 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
$bw_up_pipeno = $ruleno + 20000;
//$bw_up /= 1000; // Scale to Kbit/s
mwexec("/sbin/ipfw pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100");
- mwexec("echo 'pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100' > /tmp/testing");
- if ($passthrumacadd) {
- mwexec("/sbin/ipfw add {$ruleno} pipe {$bw_up_pipeno} ip from any to any MAC {$clientmac} any");
- } else if (!isset($config['captiveportal']['nomacfilter']))
+ if (!isset($config['captiveportal']['nomacfilter']) || $passthrumacadd)
mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac} {$bw_up_pipeno}");
else
mwexec("/sbin/ipfw table 1 add {$clientip} {$bw_up_pipeno}");
} else {
- if ($passthrumacadd) {
- mwexec("/sbin/ipfw add {$ruleno} allow ip from any to any MAC {$clientmac} any");
- } else if (!isset($config['captiveportal']['nomacfilter']))
+ if (!isset($config['captiveportal']['nomacfilter']) || $passthrumacadd)
mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac}");
else
mwexec("/sbin/ipfw table 1 add {$clientip}");
@@ -362,21 +364,14 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) {
$bw_down_pipeno = $ruleno + 20001;
//$bw_down /= 1000; // Scale to Kbit/s
- mwexec("/sbin/ipfw pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100");
- mwexec("echo 'pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100' > /tmp/testing");
+ mwexec("/sbin/ipfw pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100");
- if ($passthrumacadd) {
- $ruledown = $ruleno + 1;
- mwexec("/sbin/ipfw add {$ruledown} pipe {$bw_down_pipeno} ip from any to any MAC any {$clientmac}");
- } else if (!isset($config['captiveportal']['nomacfilter']))
+ if (!isset($config['captiveportal']['nomacfilter']) || $passthrumacadd)
mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac} {$bw_down_pipeno}");
else
mwexec("/sbin/ipfw table 2 add {$clientip} {$bw_down_pipeno}");
} else {
- if ($passthrumacadd) {
- $ruledown = $ruleno + 1;
- mwexec("/sbin/ipfw add {$ruleno} allow ip from any to any MAC {$clientmac} any");
- } else if (!isset($config['captiveportal']['nomacfilter']))
+ if (!isset($config['captiveportal']['nomacfilter']) || $passthrumacadd)
mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac}");
else
mwexec("/sbin/ipfw table 2 add {$clientip}");
@@ -411,8 +406,10 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
if ($captiveshouldunlock == true)
unlock($cplock);
- if ($writecfg == true)
+ if ($writecfg == true) {
write_config();
+ captiveportal_passthrumac_configure(true);
+ }
/* redirect user to desired destination */
if ($url_redirection)
diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php
index 4e1b661..977ba9f 100755
--- a/usr/local/www/services_captiveportal_ip_edit.php
+++ b/usr/local/www/services_captiveportal_ip_edit.php
@@ -118,7 +118,21 @@ if ($_POST) {
write_config();
if (isset($config['captiveportal']['enable'])) {
- mwexec("/sbin/ipfw table 1 add " . $ip['ip']);
+ $bwup = "";
+ $bwdown = "";
+ $ruleno = captiveportal_get_next_ipfw_ruleno();
+ if (!empty($ip['bw_up'])) {
+ $pipeno = $ruleno + 20000;
+ mwexec("/sbin/ipfw pipe {$pipeno} config bw {$ip['bw_up']}Kbit/s queue 100")
+ $bwup = "pipe {$pipeno}";
+ }
+ if (!empty($ip['bw_down'])) {
+ $pipeno = $ruleno + 20001;
+ mwexec("/sbin/ipfw pipe {$pipeno} config bw {$ip['bw_down']}Kbit/s queue 100")
+ $bwdown = "pipe {$pipeno}";
+ }
+ mwexec("/sbin/ipfw table 1 add {$ip['ip']} {$bwup}");
+ mwexec("/sbin/ipfw table 2 add {$ip['ip']} {$bwdown}");
}
header("Location: services_captiveportal_ip.php");
diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php
index ca900bf..b689a81 100755
--- a/usr/local/www/services_captiveportal_mac.php
+++ b/usr/local/www/services_captiveportal_mac.php
@@ -59,8 +59,8 @@ if ($_POST) {
$retval = 0;
$rules = captiveportal_passthrumac_configure();
- file_put_contents("{$g['tmp_path']}/passthru.mac", $rules);
- mwexec("/sbin/ipfw {$g['tmp_path']}/passthru.mac");
+ //file_put_contents("{$g['tmp_path']}/passthru.mac", $rules);
+ //mwexec("/sbin/ipfw {$g['tmp_path']}/passthru.mac");
$savemsg = get_std_save_message($retval);
if ($retval == 0)
@@ -80,7 +80,7 @@ if ($_GET['act'] == "del") {
unset($a_passthrumacs[$_GET['id']]);
write_config();
header("Location: services_captiveportal_mac.php");
- //mark_subsystem_dirty('passthrumac');
+ mark_subsystem_dirty('passthrumac');
exit;
}
}
diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php
index f618d47..70049cd 100755
--- a/usr/local/www/services_captiveportal_mac_edit.php
+++ b/usr/local/www/services_captiveportal_mac_edit.php
@@ -120,7 +120,7 @@ if ($_POST) {
write_config();
- //mark_subsystem_dirty('passthrumac');
+ mark_subsystem_dirty('passthrumac');
header("Location: services_captiveportal_mac.php");
exit;
OpenPOWER on IntegriCloud