pfSense

Try to prevent empty interfaces.

Rework includes/require. This saves about 4 megabytes.
Simplify get_memory(). Tested on mips/i386

Properly correct ipfw rule.

Revert "Correct ipfw rule."
Error of copy paste

This reverts commit 0f6fdf29a2f31bbf816eb3df33c3f1fc38c8b2a6.

Correct ipfw rule.

Not sure why this was changed like this. As is, you couldn't disconnect the first client. I don't see any reason to do it that way, and this is the way it's done in RELENG_1_2

always return the IP address hosting the page, rather than forcing to the hostname, requiring functional DNS name resolution which possibly doesn't exist. Restores 1.2.x behavior where client IP isn't in the same subnet as any CP-enabled interface.

actually allow DNS to forwarder. CP is still broken, but this is closer at least.

pointy-hat-to: eri

Allow udp only from/to our local dns server. If wanted pass through can be added.

- Should fix captive portal on carps Issue #116
- Should fix the captive portal not working reports and Issue #118
NOTE: Now Captive portal is open on dns so no more is needed to add dns servers to pass through ips.

Forward all udp request to port 53(DNS) to our local server. This allows people with other dns configured other than the one in pfSense to still be able to authenticate in the CP.

Only unload ipfw.ko if it is loaded. Doh

set 2/3 are no more used with ipfw.

Move the allowed ips to set 1 as well.

Forward everything to the CP portal page since some people might have proxies in between.

Remove the anti lockout rule on captive portal ruleset this opens a can of worms.

Teach captiveportal code to use the mac in tables functionality. Change the default ruleset to reflect this.

It seems upon captive portal startup the captiveportal.db file is not written out until the /etc/rc.prunecaptiveportal script is run. If the Operator decides to visit status -> captive portal right after enabling the service they will be greated with some nasty nasty errors. Silence this nonsense by creating a blank captiveportal.db file right after nuking it.

Return NULL when captive portal is not enabled

Do not process IPFW rules if captive portal is disabled.

Fix multiple radius server handling.

Flush all tables when restarting/saving a CP configuration.

Before configuring CP make sure that all interfaces are not set for filtering with ipfw. Otherwise some wrong misconfigurations might happen when changing the interface on an active CP config.

Add pfSense_BUILDER_BINARIES: and pfSense_MODULE: additions

Spelling and comment formatting changes, no code changes.

Correct typo. Reported-by: stompro(forums:http://forum.pfsense.org/index.php/topic,18841.0.html)

Merge branch 'master' of git://rcs.pfsense.org/pfsense/nigel-ca-chain into review/master

Conflicts:
etc/inc/certs.inc
etc/inc/upgrade_config.inc

Add my copyright.

Forgotten increase of the limit.

• Convert captive portal rules to use tables. This reduces the number of rules ALOT.
• Make the peruserbw setting use tables also by taking advantage of the tablearg option.
• Convert statistics to use the new improvements of ipfw tables merged previously....

Use ipfw tables for allowed ips. This reduces the number of rules needed for them and speedups things when this list is big. This simplifies even deleteing an allowed ip from services->captiveportal->allowedips since we just need to remove them from the table.

Fix some logic on enabling or disabling ipfw filtering on interfaces.

Readd rule since it makes the policy easier to read.

Reduce some unneeded overhead in CP generated ipfw rules.

Circumvent weirdness of php when unsetting an array members during a loop.

Add ';' which should make the error page link work again.

Fix a probably php undetermined behaviour of code in php.

• Garbage collect a variable used for lockfile in the CP before but is unuseful now.
• Rename the dirtyfile variable to voucher_dirtyfile to reduce namespace problems or clashes with other variables.

Fix various issues reported on http://forum.pfsense.org/index.php/topic,8672.0.html.

Port voucher login ability on CaptivePortal from M0n0Wall.

Various locking fixes are done with the import and this means that as of now pfSense has a better performin/behaving CP than m0n0wall.

Added a missing argument in the lighty configuration for captive portal.

Added support for certificate chains to manager so that lighty can deliver them via SSL.

Fix ipfw rule syntax.

Fix the rule to actually match on multiple interfaces.

Make the CP interface check code more buller proof.

Make CP multi-interface capable.

Use file() function which suits the need better.

• Use file_get_contents its better and process the contents of the file after reading the file.
• Release the lock before authenticating against radius to allow another request to come in.
  This allows more parallellism in the authentication and speedups the CP login page displaying.

Correct logic.

Reduce includes.

Convert CP to use the new lock/unlock functions.

Fix a lock leaking on CP.

Remove from filter load the captive portal module loading and move it to the captive portal functions where is its only place. Keep only the pass rule for the CP webserver will see later on if it can be removed at all.

Remove duplications.

Schedules are handled by pf(4) now.

• Hide interfaces internals to other code and use the propper interfaces.
  Basically use get_interface*() functions instead of accessing fields like 'ipaddr'/'descr' etc...
• Make get_interfaces_with_gateway less heavyweight by getting information from the configuration stored in config.xml...

Shaper has no more enable disable functionality.

Refactor ipfw loading.

• Rename get_current_wan_address to get_interface_ip
• Rename get_real_wan_interface to get_real_interface
• Simplify get_interface_ip by using find_interface_ip which should help in speed to since its using caching. Pointed by billm@
• Cleanup some code when passing or remove some unused one.

Remove duplicate function portal_mac_fixed()

Restore accidentaly deleted code.

Interface list improvements.

Actually make the ipfw hook first one.
In multi-WAN case it may not see the packet at all if it is as the last hook.

Kill the source node too after killing the states.
In multi-WAN case this may matter.

Leave ipfw hook active on outbound direction it may break accounting.
More through testing is needed fro this.

Make Captive Portal Multi-Wan safe/compatible.

Integrate patch sent to m0n0wall-dev by Peter Allgeyer:

we have configured the captive portal to authenticate users against a
Radius server with reauthentication every minute. When using the MAC
Pass-Through feature, we have problems reaching hosts on the WAN side on...

Ensure lock file is cleared after restart.

Noticed-by: mcrane via forum

Add product_copyright re-branding support
Add product_copyright_years re-branding support
Add product_website re-branding support
Add product_email re-branding support

Work sponsored-by: Centipede Networks

globals.inc is required so that we use the correct lock file!

Don't forget line breaks!

Correctly remove old clients correctly.

Submitted to m0n0wall list by R?nnblom Jan?ke /Teknous

Allow pfsync and carp traffic on captive portal.

Sometimes when the user enters the hostname of the HTTPs captive portal server it resolves the IP address to $LANIP. Allow access to $LANIP in addition to the $CPIP so that we can speedup captive portal by 10000* in these cases.

Unbreak captive portal images.

Teach the captive portal about time based rules so that it will not unload ipfw from underneath ourselves.

Silence eclipse warning and ensure we are using fast cgi on captive portal

wpa_supplicant needs to have access to sending and receiving layer 2 (link layer) packets with two Ethertypes: EAP-over-LAN (EAPOL) 0x888e and RSN pre-authentication 0x88c7. l2_packet.h defines the interfaces used for this in the core wpa_supplicant implementation.

Found from: http://209.85.165.104/search?q=cache:O5NrMslxwKAJ:w1.fi/wpa_supplicant/devel/porting.html+wpa2+0x888e&hl=en&ct=clnk&cd=2&gl=us&client=firefox-a

Restore PPPoE and WPA access through captive portal that was lost in last m0n0 sync.

Fix Fatal error: Cannot redeclare captiveportal_get_next_ipfw_ruleno() (previously declared in /etc/inc/captiveportal.inc:957) in /etc/inc/captiveportal.inc on line 985

Sync w/ m0n0wall

Sync w/ m0n0wall

Silence eclipse warnings

Remove pf states for client ip when disconnecting from captive portal.

Add missing getVolume() function

Unbreak radius auth

Duplicate function for compatibility.

Move helper function to correct area

Back out last commit

Carefully sync captive portal against m0n0wall 1.22

Add PPPoE types so that Captive Portal will function with PPPoE Server

ETHERTYPE_PPPOEDISC 0x8863 /* PPP Over Ethernet Discovery Stage /
ETHERTYPE_PPPOE 0x8864 / PPP Over Ethernet Session Stage */

Only allow mac-type 0x888e traffic for WPA. This is a lot better than allowing all layer2.

Thanks Andrew Thompson for the suggestion!

Allow WPA + Captive Portal to work. Amazing its taken this long to discover the problem.

Patch from Nick Buraglio

Is there any reason, other than maybe the ssl certificate error that it would cause, that https isn't redirected to the portal by default? I just noticed that this isn't default behavior. It's a feature that I thought would be somewhat handy and I think only would take a simple ipfw change.

Unlink old file when setting up elements

Honour $maxproc

Found-by: PHPEclipse

Fix HTTPS captive portal option

Ticket #732

Use port 8001 for HTTPS

Symlink captive portal elements over to /var/db/cpelements on bootup and creation/deletion

Remove trailing newline