pfSense

Refactor ipfw loading.

• Rename get_current_wan_address to get_interface_ip
• Rename get_real_wan_interface to get_real_interface
• Simplify get_interface_ip by using find_interface_ip which should help in speed to since its using caching. Pointed by billm@
• Cleanup some code when passing or remove some unused one.

Remove duplicate function portal_mac_fixed()

Restore accidentaly deleted code.

Interface list improvements.

Actually make the ipfw hook first one.
In multi-WAN case it may not see the packet at all if it is as the last hook.

Kill the source node too after killing the states.
In multi-WAN case this may matter.

Leave ipfw hook active on outbound direction it may break accounting.
More through testing is needed fro this.

Make Captive Portal Multi-Wan safe/compatible.

Integrate patch sent to m0n0wall-dev by Peter Allgeyer:

we have configured the captive portal to authenticate users against a
Radius server with reauthentication every minute. When using the MAC
Pass-Through feature, we have problems reaching hosts on the WAN side on...

Ensure lock file is cleared after restart.

Noticed-by: mcrane via forum

Add product_copyright re-branding support
Add product_copyright_years re-branding support
Add product_website re-branding support
Add product_email re-branding support

Work sponsored-by: Centipede Networks

globals.inc is required so that we use the correct lock file!

Don't forget line breaks!

Correctly remove old clients correctly.

Submitted to m0n0wall list by R?nnblom Jan?ke /Teknous

Allow pfsync and carp traffic on captive portal.

Sometimes when the user enters the hostname of the HTTPs captive portal server it resolves the IP address to $LANIP. Allow access to $LANIP in addition to the $CPIP so that we can speedup captive portal by 10000* in these cases.

Unbreak captive portal images.

Teach the captive portal about time based rules so that it will not unload ipfw from underneath ourselves.

Silence eclipse warning and ensure we are using fast cgi on captive portal

wpa_supplicant needs to have access to sending and receiving layer 2 (link layer) packets with two Ethertypes: EAP-over-LAN (EAPOL) 0x888e and RSN pre-authentication 0x88c7. l2_packet.h defines the interfaces used for this in the core wpa_supplicant implementation.

Found from: http://209.85.165.104/search?q=cache:O5NrMslxwKAJ:w1.fi/wpa_supplicant/devel/porting.html+wpa2+0x888e&hl=en&ct=clnk&cd=2&gl=us&client=firefox-a

Restore PPPoE and WPA access through captive portal that was lost in last m0n0 sync.

Fix Fatal error: Cannot redeclare captiveportal_get_next_ipfw_ruleno() (previously declared in /etc/inc/captiveportal.inc:957) in /etc/inc/captiveportal.inc on line 985

Sync w/ m0n0wall

Sync w/ m0n0wall

Silence eclipse warnings

Remove pf states for client ip when disconnecting from captive portal.

Add missing getVolume() function

Unbreak radius auth

Duplicate function for compatibility.

Move helper function to correct area

Back out last commit

Carefully sync captive portal against m0n0wall 1.22

Add PPPoE types so that Captive Portal will function with PPPoE Server

ETHERTYPE_PPPOEDISC 0x8863 /* PPP Over Ethernet Discovery Stage /
ETHERTYPE_PPPOE 0x8864 / PPP Over Ethernet Session Stage */

Only allow mac-type 0x888e traffic for WPA. This is a lot better than allowing all layer2.

Thanks Andrew Thompson for the suggestion!

Allow WPA + Captive Portal to work. Amazing its taken this long to discover the problem.

Patch from Nick Buraglio

Is there any reason, other than maybe the ssl certificate error that it would cause, that https isn't redirected to the portal by default? I just noticed that this isn't default behavior. It's a feature that I thought would be somewhat handy and I think only would take a simple ipfw change.

Unlink old file when setting up elements

Honour $maxproc

Found-by: PHPEclipse

Fix HTTPS captive portal option

Ticket #732

Use port 8001 for HTTPS

Symlink captive portal elements over to /var/db/cpelements on bootup and creation/deletion

Remove trailing newline

• Eliminate dead code
• Fix warnings and errors found by eclipse

Use correct variable. Caught with eclipse.

Kill correct pid

Sync w/ m0n0wall 1.21

Setup captive portal for HTTPS when enabled.

Ticket #732

Fix captive portal redirects now that we are using LightHTTPD

Correctly detect captive portal on optional interfaces

Correct (cert key) order

Use Lighty. Hopefully it's here to stay, and mini_httpd is dead, jim.

• Center continue button
• <p> in between default text and login box

While here, cleanup default captive portal page quite a bit.

Compare upper case interface names

No need for 2 continue buttons. Zap the second.

remove allow

remove ipfw

Allow nat redirects to function

Ticket #651

Change to a pfsense page which includes a username and password

We need to keep-state on the allowed MAC address rules.

Allow src and dst mac's

Correctly add the mac pass through rule

Correctly add the mac pass through rule

Skip to rule 65535 since its the last allow all from any to any rule

pass through mac entries should always exist. the reason
for this is because we do not have native mac address filtering
mechanisms. this allows us to filter by mac address easily
and get around this limitation. I consider this a bug in
m0n0wall and pfSense as m0n0wall does not have native mac...

No fast-cgi.

Go back to mini_httpd but keep maximum processes

Full path to ipfw

Allow pfsync and carp traffic.

FAST_CGI is reporting false client ip's. Switch back to non-fastcgi.

Round memory sizes down. Make consistent.

Ticket #540

• same changes from [6378] to the changes adopted in [6297]
• cleanup comments

Ticket #540

Be more conservative on the number of fast-cgi processes

Be more conservative on the number of fast-cgi processes

Turn off fast cgi on memory strapped systems

Pass correct parms

• Introduce get_memory() which returns amount of memory in the machine
• Use memory to control how many processes will be running and waiting for captive portal authenticaion

Allow setting of max fast-php children

Minor nit-picks

• Additional tuning parms
• Support captive portal SSL

Convert captive portal over to Lighty.

Many benfits:

• No longer forking web server
• No longer a 16 user simultaneous login limit
• Fast PHP will make it fly!

Reset back to pfSense state

Sync with m0n0wall 1.2b9's captiveportal.

spello

Spello in comments

Fix a XXX

Add reverse captive portal feature.

• Remove debugging echo.
• ruleno should now be the ip.

Typo

Do not run expiretable if timeout == 0

Correctly output table contents

We're already calculating for *60

Correctly utilize expiretable

expiretable takes seonds as argument. Times the minute count * 60

Use the expiretable utility and pfctl to deterimine when a client has timed out

Various code cleanups and a few actual bugfixes courtesy of Zend

Correct usage of arp.

Actually disconnect a user correctly

Enforce hard timeouts