pfSense » pfSense Packages

As an observation, you can avoid the overflow consequences of premature logout due to the 32 bit unsigned integer overflow while you fix the pfSense-Max-Total-Octets to accurately determine the $utrafficquota by simply changing $timedout = true; below to $timedout = false; This will result in only freeRadius invoking a logout until you have fixed the problem. You can still send the warning but users will be able to continue to use freeRadius as before, even if pfSense-Max-Total-Octets overflows. There will still be an issue with the (by design) interim accounting setting not summing used-octets-user-uniqueID into used-octets-user but there are simple fixes for that using cron. I can supply the code I use if you wish. I have been testing this for the last 40 hrs on the current 23.01 RC dev release, it works perfectly, logouts are normal again. Stop/Start simply doesn't scale well enough for us to live with it unless we can change the per minute to more like per accounting period, i.e. around 600 seconds.

Approx line 669 in captiveportal.inc

if (!$timedout && $utrafficquota > 0) {
            $volume = getVolume($cpentry[2]);
            if (($volume['input_bytes'] + $volume['output_bytes']) > $utrafficquota) {

$timedout = true;  // change to $timedout = false; until the 32bit unsigned overflow is corrected

$term_cause = 10; // NAS-Request
                $logout_cause = 'QUOTA EXCEEDED';
            }
        }