From f9f71ad37706cbe37ebc8af34aa55c029369c075 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ermal=20Lu=E7i?= Date: Fri, 14 Aug 2009 17:13:38 +0000 Subject: * Convert captive portal rules to use tables. This reduces the number of rules ALOT. * Make the peruserbw setting use tables also by taking advantage of the tablearg option. * Convert statistics to use the new improvements of ipfw tables merged previously. * Make the limit of users allowed around 25000 instead of 9999 of before. NOTE: The only thing remaining for full optimization on ipfw(4) side is converting passthrumac and layer2 secure rules to tables aswell. --- usr/local/captiveportal/index.php | 21 ++++++++++----------- usr/local/captiveportal/radius_accounting.inc | 4 ++-- 2 files changed, 12 insertions(+), 13 deletions(-) (limited to 'usr/local/captiveportal') diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 408e7f5..a1b2771 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -317,25 +317,24 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut $bw_down = isset($attributes['bw_down']) ? trim($attributes['bw_down']) : $config['captiveportal']['bwdefaultdn']; if ($peruserbw && !empty($bw_up) && is_numeric($bw_up)) { - $bw_up_pipeno = $ruleno + 40500; - exec("/sbin/ipfw add $ruleno set 2 pipe $bw_up_pipeno ip from $clientip to any in"); - exec("/sbin/ipfw pipe $bw_up_pipeno config bw {$bw_up}Kbit/s queue 100"); + $bw_up_pipeno = $ruleno + 20000; + mwexec("/sbin/ipfw pipe $bw_up_pipeno config bw {$bw_up}Kbit/s queue 100"); + mwexec("/sbin/ipfw table 3 add {$clientip} {$bw_up_pipeno}"); } else { - exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from $clientip to any in"); + mwexec("/sbin/ipfw table 3 add {$clientip}"); } if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) { - $bw_down_pipeno = $ruleno + 45500; - exec("/sbin/ipfw add $ruleno set 2 pipe $bw_down_pipeno ip from any to $clientip out"); - exec("/sbin/ipfw pipe $bw_down_pipeno config bw {$bw_down}Kbit/s queue 100"); + $bw_down_pipeno = $ruleno + 20001; + mwexec("/sbin/ipfw pipe $bw_down_pipeno config bw {$bw_down}Kbit/s queue 100"); + mwexec("/sbin/ipfw table 4 add {$clientip} {$bw_down_pipeno}"); } else { - exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out"); + mwexec("/sbin/ipfw table 4 add {$clientip}"); } /* add ipfw rules for layer 2 */ if (!isset($config['captiveportal']['nomacfilter'])) { - $l2ruleno = $ruleno + 10000; - exec("/sbin/ipfw add $l2ruleno set 3 deny all from $clientip to any not MAC any $clientmac layer2 in"); - exec("/sbin/ipfw add $l2ruleno set 3 deny all from any to $clientip not MAC $clientmac any layer2 out"); + exec("/sbin/ipfw add $ruleno set 3 deny all from $clientip to any not MAC any $clientmac layer2 in"); + exec("/sbin/ipfw add $ruleno set 3 deny all from any to $clientip not MAC $clientmac any layer2 out"); } if ($attributes['voucher']) diff --git a/usr/local/captiveportal/radius_accounting.inc b/usr/local/captiveportal/radius_accounting.inc index fb8ece3..bfd0247 100644 --- a/usr/local/captiveportal/radius_accounting.inc +++ b/usr/local/captiveportal/radius_accounting.inc @@ -157,7 +157,7 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null; $stop_time = (empty($stop_time)) ? time() : $stop_time; $session_time = $stop_time - $start_time; - $volume = getVolume($ruleno); + $volume = getVolume($clientip); $volume['input_bytes_radius'] = remainder($volume['input_bytes']); $volume['input_gigawords'] = gigawords($volume['input_bytes']); $volume['output_bytes_radius'] = remainder($volume['output_bytes']); @@ -306,4 +306,4 @@ function remainder($bytes) { } -?> \ No newline at end of file +?> -- cgit v1.1