diff options
Diffstat (limited to 'src/etc/inc/captiveportal.inc')
-rw-r--r-- | src/etc/inc/captiveportal.inc | 87 |
1 files changed, 50 insertions, 37 deletions
diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc index 22138fe..1f232d7 100644 --- a/src/etc/inc/captiveportal.inc +++ b/src/etc/inc/captiveportal.inc @@ -630,9 +630,9 @@ function captiveportal_init_rules($reinit = false) { $cprules .= "table {$cpzone}_auth_up create type addr valtype pipe\n"; $cprules .= "table {$cpzone}_auth_down create type addr valtype pipe\n"; $cprules .= captiveportal_create_ipfw_rule("add", $rulenum, - "pipe tablearg ip from table({$cpzone}_auth_up) to any in"); + "pipe tablearg ip from table({$cpzone}_auth_up) to any layer2 in"); $cprules .= captiveportal_create_ipfw_rule("add", $rulenum, - "pipe tablearg ip from any to table({$cpzone}_auth_down) out"); + "pipe tablearg ip from any to table({$cpzone}_auth_down) layer2 out"); if (!empty($config['captiveportal'][$cpzone]['listenporthttp'])) { $listenporthttp = $config['captiveportal'][$cpzone]['listenporthttp']; @@ -663,7 +663,6 @@ function captiveportal_init_rules($reinit = false) { "skipto 65534 all from any to any"); /* generate passthru mac database */ - file_put_contents("/tmp/debug_antes", $cprules); $cprules .= captiveportal_passthrumac_configure(true); $cprules .= "\n"; @@ -801,7 +800,7 @@ function captiveportal_prune_old() { $uidletimeout = (is_numeric($cpentry[8])) ? $cpentry[8] : $idletimeout; /* if an idle timeout is specified, get last activity timestamp from ipfw */ if (!$timedout && $uidletimeout > 0) { - $lastact = captiveportal_get_last_activity($cpentry[2], $cpentry[3]); + $lastact = captiveportal_get_last_activity($cpentry[2]); /* If the user has logged on but not sent any traffic they will never be logged out. * We "fix" this by setting lastact to the login timestamp. */ @@ -861,10 +860,8 @@ function captiveportal_prune_old() { false, // Not an interim request $rastop_time); // Stop Time $clientsn = (is_ipaddrv6($cpentry[2])) ? 128 : 32; - /* XXX: Fix - $_gb = @pfSense_ipfw_table($cpzoneid, IP_FW_TABLE_XZEROENTRY, {$cpzone}_auth_up, $cpentry[2], $clientsn, $cpentry[3]); - $_gb = @pfSense_ipfw_table($cpzoneid, IP_FW_TABLE_XZEROENTRY, {$cpzone}_auth_down, $cpentry[2], $clientsn, $cpentry[3]); - */ + pfSense_ipfw_table_zerocnt("{$cpzone}_auth_up", "{$cpentry[2]}/{$clientsn}"); + pfSense_ipfw_table_zerocnt("{$cpzone}_auth_down", "{$cpentry[2]}/{$clientsn}"); if ($cpcfg['reauthenticateacct'] == "stopstartfreeradius") { /* Need to pause here or the FreeRADIUS server gets confused about packet ordering. */ sleep(1); @@ -1020,7 +1017,11 @@ function captiveportal_disconnect($dbent, $radiusservers, $term_cause = 1, $stop } if (is_ipaddr($dbent[2])) { - /* Delete client's ip entry from tables auth_up and auth_down. */ + /* + * Delete client's ip entry from tables auth_up and auth_down. + * + * It's not necessary to explicit specify mac address here + */ $clientsn = (is_ipaddrv6($dbent[2])) ? 128 : 32; pfSense_ipfw_table("{$cpzone}_auth_up", IP_FW_TABLE_XDEL, "{$dbent[2]}/{$clientsn}"); pfSense_ipfw_table("{$cpzone}_auth_down", IP_FW_TABLE_XDEL, "{$dbent[2]}/{$clientsn}"); @@ -1382,19 +1383,21 @@ function captiveportal_allowedip_configure() { } /* get last activity timestamp given client IP address */ -function captiveportal_get_last_activity($ip, $mac = NULL, $table = 1) { - global $cpzoneid; +function captiveportal_get_last_activity($ip) { + global $cpzone; - /* XXX Fix */ - return 0; - $ipfwoutput = pfSense_ipfw_getTablestats($cpzoneid, IP_FW_TABLE_XLISTENTRY, $table, $ip, $mac); /* Reading only from one of the tables is enough of approximation. */ - if (is_array($ipfwoutput)) { - /* Workaround for #46652 */ - if ($ipfwoutput['packets'] > 0) { - return $ipfwoutput['timestamp']; - } else { - return 0; + $tables = array("{$cpzone}_allowed_up", "{$cpzone}_auth_up"); + + foreach ($tables as $table) { + $ipfw = pfSense_ipfw_table_lookup($table, $ip); + if (is_array($ipfw)) { + /* Workaround for #46652 */ + if ($ipfw['packets'] > 0) { + return $ipfw['timestamp']; + } else { + return 0; + } } } @@ -1871,35 +1874,42 @@ function captiveportal_get_dn_passthru_ruleno($value) { * */ -function getVolume($ip, $mac = NULL) { - global $config, $cpzone, $cpzoneid; +function getVolume($ip) { + global $config, $cpzone; - $reverse = isset($config['captiveportal'][$cpzone]['reverseacct']) ? true : false; + $reverse = isset($config['captiveportal'][$cpzone]['reverseacct']) + ? true : false; $volume = array(); // Initialize vars properly, since we don't want NULL vars - $volume['input_pkts'] = $volume['input_bytes'] = $volume['output_pkts'] = $volume['output_bytes'] = 0 ; + $volume['input_pkts'] = $volume['input_bytes'] = 0; + $volume['output_pkts'] = $volume['output_bytes'] = 0; - /* XXX Fix */ - return $volume; - $ipfw = pfSense_ipfw_getTablestats($cpzoneid, IP_FW_TABLE_XLISTENTRY, 1, $ip, $mac); - if (is_array($ipfw)) { + $tables = array("allowed", "auth"); + + foreach($tables as $table) { + $ipfw = pfSense_ipfw_table_lookup("{$cpzone}_{$table}_up", $ip); + if (!is_array($ipfw)) { + continue; + } if ($reverse) { $volume['output_pkts'] = $ipfw['packets']; $volume['output_bytes'] = $ipfw['bytes']; - } - else { + } else { $volume['input_pkts'] = $ipfw['packets']; $volume['input_bytes'] = $ipfw['bytes']; } } - $ipfw = pfSense_ipfw_getTablestats($cpzoneid, IP_FW_TABLE_XLISTENTRY, 2, $ip, $mac); - if (is_array($ipfw)) { + foreach($tables as $table) { + $ipfw = pfSense_ipfw_table_lookup("{$cpzone}_{$table}_down", + $ip); + if (!is_array($ipfw)) { + continue; + } if ($reverse) { $volume['input_pkts'] = $ipfw['packets']; $volume['input_bytes'] = $ipfw['bytes']; - } - else { + } else { $volume['output_pkts'] = $ipfw['packets']; $volume['output_bytes'] = $ipfw['bytes']; } @@ -2283,9 +2293,12 @@ function portal_allow($clientip, $clientmac, $username, $password = null, $attri $_gb = @pfSense_ipfw_pipe("pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100 buckets 16"); $_gb = @pfSense_ipfw_pipe("pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100 buckets 16"); - $clientsn = (is_ipaddrv6($clientip)) ? 128 : 32; - $_gb = @pfSense_ipfw_table("{$cpzone}_auth_up", IP_FW_TABLE_XADD, "{$clientip}/{$clientsn}", $bw_up_pipeno); - $_gb = @pfSense_ipfw_table("{$cpzone}_auth_down", IP_FW_TABLE_XADD, "{$clientip}/{$clientsn}", $bw_down_pipeno); + $rule_entry = "{$clientip}/" . (is_ipaddrv6($clientip) ? "128" : "32"); + if (!isset($config['captiveportal'][$cpzone]['nomacfilter'])) { + $rule_entry .= ",{$clientmac}"; + } + $_gb = @pfSense_ipfw_table("{$cpzone}_auth_up", IP_FW_TABLE_XADD, "{$rule_entry}", $bw_up_pipeno); + $_gb = @pfSense_ipfw_table("{$cpzone}_auth_down", IP_FW_TABLE_XADD, "{$rule_entry}", $bw_down_pipeno); if ($attributes['voucher']) { $attributes['session_timeout'] = $remaining_time; |