Revision 10b9dfcf
Added by Ermal LUÇI almost 13 years ago
| etc/inc/captiveportal.inc | ||
|---|---|---|
| 593 | 593 |
$rulenum++; |
| 594 | 594 |
|
| 595 | 595 |
/* Authenticated users rules. */ |
| 596 |
if (isset($config['captiveportal'][$cpzone]['peruserbw'])) {
|
|
| 597 |
$cprules .= "add {$rulenum} set 1 pipe tablearg ip from table(1) to any in\n";
|
|
| 598 |
$rulenum++; |
|
| 599 |
$cprules .= "add {$rulenum} set 1 pipe tablearg ip from any to table(2) out\n";
|
|
| 600 |
$rulenum++; |
|
| 601 |
} else {
|
|
| 602 |
$cprules .= "add {$rulenum} set 1 allow ip from table(1) to any in\n";
|
|
| 603 |
$rulenum++; |
|
| 604 |
$cprules .= "add {$rulenum} set 1 allow ip from any to table(2) out\n";
|
|
| 605 |
$rulenum++; |
|
| 606 |
} |
|
| 607 |
|
|
| 596 |
$cprules .= "add {$rulenum} set 1 pipe tablearg ip from table(1) to any in\n";
|
|
| 597 |
$rulenum++; |
|
| 598 |
$cprules .= "add {$rulenum} set 1 pipe tablearg ip from any to table(2) out\n";
|
|
| 599 |
$rulenum++; |
|
| 608 | 600 |
|
| 609 | 601 |
$listenporthttp = |
| 610 | 602 |
$config['captiveportal'][$cpzone]['listenporthttp'] ? |
| ... | ... | |
| 871 | 863 |
* These are the pipe numbers we use to control traffic shaping for each logged in user via captive portal |
| 872 | 864 |
* We could get an error if the pipe doesn't exist but everything should still be fine |
| 873 | 865 |
*/ |
| 874 |
if (isset($config['captiveportal'][$cpzone]['peruserbw'])) {
|
|
| 875 |
captiveportal_ipfw_set_context($cpzone); |
|
| 876 |
mwexec("/sbin/ipfw pipe " . ($dbent[1]+20000) . " delete");
|
|
| 877 |
mwexec("/sbin/ipfw pipe " . ($dbent[1]+20001) . " delete");
|
|
| 878 |
} |
|
| 866 |
captiveportal_ipfw_set_context($cpzone); |
|
| 867 |
mwexec("/sbin/ipfw pipe " . ($dbent[1]+20000) . " delete");
|
|
| 868 |
mwexec("/sbin/ipfw pipe " . ($dbent[1]+20001) . " delete");
|
|
| 879 | 869 |
|
| 880 | 870 |
/* Release the ruleno so it can be reallocated to new clients. */ |
| 881 | 871 |
captiveportal_free_ipfw_ruleno($dbent[1]); |
| ... | ... | |
| 948 | 938 |
$actionup = "allow"; |
| 949 | 939 |
$actiondown = "allow"; |
| 950 | 940 |
|
| 951 |
$ruleno = captiveportal_get_next_ipfw_ruleno(2000, 49899, true);
|
|
| 941 |
$ruleno = captiveportal_get_next_ipfw_ruleno(); |
|
| 952 | 942 |
|
| 953 | 943 |
if ($enBwup) {
|
| 954 | 944 |
$bw_up = $ruleno + 20000; |
| ... | ... | |
| 1023 | 1013 |
$tablein = array(); |
| 1024 | 1014 |
$tableout = array(); |
| 1025 | 1015 |
|
| 1026 |
if (intval($enBwup) > 0 or intval($enBwdown) > 0) |
|
| 1027 |
$ruleno = captiveportal_get_next_ipfw_ruleno(2000, 49899, true); |
|
| 1028 |
else |
|
| 1029 |
$ruleno = captiveportal_get_next_ipfw_ruleno(2000, 49899, false); |
|
| 1016 |
$ruleno = captiveportal_get_next_ipfw_ruleno(); |
|
| 1030 | 1017 |
|
| 1031 | 1018 |
if ($ipent['dir'] == "from") {
|
| 1032 | 1019 |
if ($enBwup) |
| ... | ... | |
| 1409 | 1396 |
* within the range specified based on the actual logged on users |
| 1410 | 1397 |
* |
| 1411 | 1398 |
*/ |
| 1412 |
function captiveportal_get_next_ipfw_ruleno($rulenos_start = 2000, $rulenos_range_max = 49899, $usebw = false) {
|
|
| 1399 |
function captiveportal_get_next_ipfw_ruleno($rulenos_start = 2000, $rulenos_range_max = 49899) {
|
|
| 1413 | 1400 |
global $config, $g, $cpzone; |
| 1414 | 1401 |
|
| 1415 | 1402 |
$cpcfg = $config['captiveportal'][$cpzone]; |
| ... | ... | |
| 1424 | 1411 |
if ($rules[$ridx]) {
|
| 1425 | 1412 |
/* |
| 1426 | 1413 |
* This allows our traffic shaping pipes to be the in pipe the same as ruleno |
| 1427 |
* and the out pipe ruleno + 1. This removes limitation that where present in |
|
| 1428 |
* previous version of the peruserbw. |
|
| 1414 |
* and the out pipe ruleno + 1. |
|
| 1429 | 1415 |
*/ |
| 1430 |
if (isset($cpcfg['peruserbw']) || $usebw == true) |
|
| 1431 |
$ridx++; |
|
| 1416 |
$ridx++; |
|
| 1432 | 1417 |
continue; |
| 1433 | 1418 |
} |
| 1434 | 1419 |
$ruleno = $ridx; |
| 1435 | 1420 |
$rules[$ridx] = "used"; |
| 1436 |
if (isset($cpcfg['peruserbw']) || $usebw == true) |
|
| 1437 |
$rules[++$ridx] = "used"; |
|
| 1421 |
$rules[++$ridx] = "used"; |
|
| 1438 | 1422 |
break; |
| 1439 | 1423 |
} |
| 1440 | 1424 |
} else {
|
| ... | ... | |
| 1458 | 1442 |
if (file_exists("{$g['vardb_path']}/captiveportal_{$cpzone}.rules")) {
|
| 1459 | 1443 |
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal_{$cpzone}.rules"));
|
| 1460 | 1444 |
$rules[$ruleno] = false; |
| 1461 |
if (isset($cpcfg['peruserbw']) || $usedbw == true) |
|
| 1462 |
$rules[++$ruleno] = false; |
|
| 1445 |
$rules[++$ruleno] = false; |
|
| 1463 | 1446 |
file_put_contents("{$g['vardb_path']}/captiveportal_{$cpzone}.rules", serialize($rules));
|
| 1464 | 1447 |
} |
| 1465 | 1448 |
unlock($cpruleslck); |
| ... | ... | |
| 1678 | 1661 |
function captiveportal_reapply_attributes($cpentry, $attributes) {
|
| 1679 | 1662 |
global $config, $cpzone, $g; |
| 1680 | 1663 |
|
| 1681 |
/* Add rules for traffic shaping |
|
| 1682 |
* We don't need to add extra rules since traffic will pass due to the following kernel option |
|
| 1683 |
* net.inet.ip.fw.one_pass: 1 |
|
| 1684 |
*/ |
|
| 1685 |
$peruserbw = isset($config['captiveportal'][$cpzone]['peruserbw']); |
|
| 1686 |
|
|
| 1687 |
$bw_up = isset($attributes['bw_up']) ? round(intval($attributes['bw_up'])/1000, 2) : $config['captiveportal'][$cpzone]['bwdefaultup']; |
|
| 1688 |
$bw_down = isset($attributes['bw_down']) ? round(intval($attributes['bw_down'])/1000, 2) : $config['captiveportal'][$cpzone]['bwdefaultdn']; |
|
| 1664 |
$dwfaultbw_up = isset($config['captiveportal'][$cpzone]['bwdefaultup']) ? $config['captiveportal'][$cpzone]['bwdefaultup'] : 0; |
|
| 1665 |
$dwfaultbw_down = isset($config['captiveportal'][$cpzone]['bwdefaultdn']) ? $config['captiveportal'][$cpzone]['bwdefaultdn'] : 0; |
|
| 1666 |
$bw_up = isset($attributes['bw_up']) ? round(intval($attributes['bw_up'])/1000, 2) : $dwfaultbw_up; |
|
| 1667 |
$bw_down = isset($attributes['bw_down']) ? round(intval($attributes['bw_down'])/1000, 2) : $dwfaultbw_down; |
|
| 1689 | 1668 |
$bw_up_pipeno = $cpentry[1]+20000; |
| 1690 | 1669 |
$bw_down_pipeno = $cpentry[1]+20001; |
| 1691 |
$commands = ""; |
|
| 1692 | 1670 |
|
| 1693 |
if ($peruserbw && !empty($bw_up) && is_numeric($bw_up)) {
|
|
| 1694 |
$commands .= "pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100\n";
|
|
| 1695 |
|
|
| 1696 |
if (!isset($config['captiveportal'][$cpzone]['nomacfilter'])) {
|
|
| 1697 |
$commands .= "table 1 del {$cpentry[2]} mac {$cpentry[3]}\n";
|
|
| 1698 |
$commands .= "table 1 add {$cpentry[2]} mac {$cpentry[3]} {$bw_up_pipeno}\n";
|
|
| 1699 |
} else {
|
|
| 1700 |
$commands .= "table 1 del {$cpentry[2]}\n";
|
|
| 1701 |
$commands .= "table 1 add {$cpentry[2]} {$bw_up_pipeno}\n";
|
|
| 1702 |
} |
|
| 1703 |
} |
|
| 1704 |
if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) {
|
|
| 1705 |
$commands .= "pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100\n";
|
|
| 1706 |
|
|
| 1707 |
if (!isset($config['captiveportal'][$cpzone]['nomacfilter'])) {
|
|
| 1708 |
$commands .= "table 2 del {$cpentry[2]} mac {$cpentry[3]}\n";
|
|
| 1709 |
$commands .= "table 2 add {$cpentry[2]} mac {$cpentry[3]} {$bw_down_pipeno}\n";
|
|
| 1710 |
} else {
|
|
| 1711 |
$commands .= "table 2 del {$cpentry[2]}\n";
|
|
| 1712 |
$commands .= "table 2 add {$cpentry[2]} {$bw_down_pipeno}\n";
|
|
| 1713 |
} |
|
| 1714 |
} |
|
| 1715 |
|
|
| 1716 |
if (!empty($commands)) {
|
|
| 1717 |
@file_put_contents("{$g['tmp_path']}/reattribute{$cpzone}.rule.tmp", $commands);
|
|
| 1718 |
captiveportal_ipfw_set_context($cpzone); |
|
| 1719 |
mwexec("/sbin/ipfw -q {$g['tmp_path']}/reattribute{$cpzone}.rule.tmp");
|
|
| 1720 |
//captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "RADIUS_BANDWIDTH_REAPPLY", "{$bw_up}/{$bw_down}");
|
|
| 1721 |
} |
|
| 1671 |
$commands = ""; |
|
| 1672 |
$commands .= "pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100\n";
|
|
| 1673 |
$commands .= "pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100\n";
|
|
| 1674 |
@file_put_contents("{$g['tmp_path']}/reattribute{$cpzone}.rule.tmp", $commands);
|
|
| 1675 |
captiveportal_ipfw_set_context($cpzone); |
|
| 1676 |
mwexec("/sbin/ipfw -q {$g['tmp_path']}/reattribute{$cpzone}.rule.tmp");
|
|
| 1677 |
//captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "RADIUS_BANDWIDTH_REAPPLY", "{$bw_up}/{$bw_down}");
|
|
| 1722 | 1678 |
|
| 1723 | 1679 |
unset($bw_up_pipeno, $bw_Down_pipeno, $bw_up, $bw_down); |
| 1724 | 1680 |
} |
| ... | ... | |
| 1842 | 1798 |
$tod = gettimeofday(); |
| 1843 | 1799 |
$sessionid = substr(md5(mt_rand() . $tod['sec'] . $tod['usec'] . $clientip . $clientmac), 0, 16); |
| 1844 | 1800 |
|
| 1845 |
/* Add rules for traffic shaping |
|
| 1846 |
* We don't need to add extra rules since traffic will pass due to the following kernel option |
|
| 1847 |
* net.inet.ip.fw.one_pass: 1 |
|
| 1848 |
*/ |
|
| 1849 |
$peruserbw = isset($config['captiveportal'][$cpzone]['peruserbw']); |
|
| 1850 |
|
|
| 1851 |
$bw_up = isset($attributes['bw_up']) ? round(intval($attributes['bw_up'])/1000, 2) : $config['captiveportal'][$cpzone]['bwdefaultup']; |
|
| 1852 |
$bw_down = isset($attributes['bw_down']) ? round(intval($attributes['bw_down'])/1000, 2) : $config['captiveportal'][$cpzone]['bwdefaultdn']; |
|
| 1801 |
$dwfaultbw_up = isset($config['captiveportal'][$cpzone]['bwdefaultup']) ? $config['captiveportal'][$cpzone]['bwdefaultup'] : 0; |
|
| 1802 |
$dwfaultbw_down = isset($config['captiveportal'][$cpzone]['bwdefaultdn']) ? $config['captiveportal'][$cpzone]['bwdefaultdn'] : 0; |
|
| 1803 |
$bw_up = isset($attributes['bw_up']) ? round(intval($attributes['bw_up'])/1000, 2) : $dwfaultbw_up; |
|
| 1804 |
$bw_down = isset($attributes['bw_down']) ? round(intval($attributes['bw_down'])/1000, 2) : $dwfaultbw_down; |
|
| 1853 | 1805 |
|
| 1854 | 1806 |
if ($passthrumac) {
|
| 1855 | 1807 |
$mac = array(); |
| ... | ... | |
| 1873 | 1825 |
} else {
|
| 1874 | 1826 |
captiveportal_ipfw_set_context($cpzone); |
| 1875 | 1827 |
|
| 1876 |
if ($peruserbw && !empty($bw_up) && is_numeric($bw_up)) {
|
|
| 1877 |
$bw_up_pipeno = $ruleno + 20000; |
|
| 1878 |
//$bw_up /= 1000; // Scale to Kbit/s |
|
| 1879 |
mwexec("/sbin/ipfw pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100");
|
|
| 1828 |
$bw_up_pipeno = $ruleno + 20000; |
|
| 1829 |
//$bw_up /= 1000; // Scale to Kbit/s |
|
| 1830 |
mwexec("/sbin/ipfw pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100");
|
|
| 1880 | 1831 |
|
| 1881 |
if (!isset($config['captiveportal'][$cpzone]['nomacfilter'])) |
|
| 1882 |
mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac} {$bw_up_pipeno}");
|
|
| 1883 |
else |
|
| 1884 |
mwexec("/sbin/ipfw table 1 add {$clientip} {$bw_up_pipeno}");
|
|
| 1885 |
} else {
|
|
| 1886 |
if (!isset($config['captiveportal'][$cpzone]['nomacfilter'])) |
|
| 1887 |
mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac}");
|
|
| 1888 |
else |
|
| 1889 |
mwexec("/sbin/ipfw table 1 add {$clientip}");
|
|
| 1890 |
} |
|
| 1891 |
if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) {
|
|
| 1892 |
$bw_down_pipeno = $ruleno + 20001; |
|
| 1893 |
//$bw_down /= 1000; // Scale to Kbit/s |
|
| 1894 |
mwexec("/sbin/ipfw pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100");
|
|
| 1832 |
if (!isset($config['captiveportal'][$cpzone]['nomacfilter'])) |
|
| 1833 |
mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac} {$bw_up_pipeno}");
|
|
| 1834 |
else |
|
| 1835 |
mwexec("/sbin/ipfw table 1 add {$clientip} {$bw_up_pipeno}");
|
|
| 1895 | 1836 |
|
| 1896 |
if (!isset($config['captiveportal'][$cpzone]['nomacfilter'])) |
|
| 1897 |
mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac} {$bw_down_pipeno}");
|
|
| 1898 |
else |
|
| 1899 |
mwexec("/sbin/ipfw table 2 add {$clientip} {$bw_down_pipeno}");
|
|
| 1900 |
} else {
|
|
| 1901 |
if (!isset($config['captiveportal'][$cpzone]['nomacfilter'])) |
|
| 1902 |
mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac}");
|
|
| 1903 |
else |
|
| 1904 |
mwexec("/sbin/ipfw table 2 add {$clientip}");
|
|
| 1905 |
} |
|
| 1837 |
$bw_down_pipeno = $ruleno + 20001; |
|
| 1838 |
//$bw_down /= 1000; // Scale to Kbit/s |
|
| 1839 |
mwexec("/sbin/ipfw pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100");
|
|
| 1840 |
|
|
| 1841 |
if (!isset($config['captiveportal'][$cpzone]['nomacfilter'])) |
|
| 1842 |
mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac} {$bw_down_pipeno}");
|
|
| 1843 |
else |
|
| 1844 |
mwexec("/sbin/ipfw table 2 add {$clientip} {$bw_down_pipeno}");
|
|
| 1906 | 1845 |
|
| 1907 | 1846 |
if ($attributes['voucher']) |
| 1908 | 1847 |
$attributes['session_timeout'] = $remaining_time; |
Also available in: Unified diff
Always create a pipe for any user on CP and if no limit present set it to 0(unlimited). If any limit comes from the sources of reauthentication this limit will be applied without any other consequences