Project

General

Profile

« Previous | Next » 

Revision 22fe3bd7

Added by Marcos M over 1 year ago

Support blocking MAC addresses with a mask. Implement #15257

The Captive Portal allows for blocking specific MAC addresses without
using pf rules so a message can be displayed to the client. With this
change, masks can be used to block partial addresses.

View differences:

src/etc/inc/captiveportal.inc
2359 2359 
}
2360 2360 

  		




  2361
  2361
  
    
function captiveportal_blocked_mac($mac) {


  		




  2362
  
  
    
	global $config, $g, $cpzone;


  		




  
  2362
  
    
	global $cpzone;


  		




  2363
  2363
  
    

  		




  2364
  2364
  
    
	if (empty($mac) || !is_macaddr($mac)) {


  		




  2365
  2365
  
    
		return false;


  		




  2366
  2366
  
    
	}


  		




  2367
  2367
  
    

  		




  2368
  
  
    
	if (!is_array($config['captiveportal'][$cpzone]['passthrumac'])) {


  		




  2369
  
  
    
		return false;


  		




  2370
  
  
    
	}


  		




  
  2368
  
    
	$mac = strtolower($mac);


  		




  
  2369
  
    
	$action = '';


  		




  
  2370
  
    
	$matched = false;


  		




  
  2371
  
    
	foreach (config_get_path("captiveportal/{$cpzone}/passthrumac", []) as $passthrumac) {


  		




  
  2372
  
    
		// assume the config entry contains a valid lowercase MAC address


  		




  
  2373
  
    
		list($mac_entry, $mac_entry_mask) = explode('/', $passthrumac['mac']);


  		




  
  2374
  
    
		if ($mac_entry_mask === null) {


  		




  
  2375
  
    
			$mac_entry_mask = 48;


  		




  
  2376
  
    
		}


  		




  
  2377
  
    

  		




  
  2378
  
    
		// Pad config MAC parts with 0 if needed


  		




  
  2379
  
    
		$mac_parts = [];


  		




  
  2380
  
    
		foreach (explode(':', $mac_entry) as $macpart) {


  		




  
  2381
  
    
			$mac_parts[] = str_pad($macpart, 2, '0', STR_PAD_LEFT);


  		




  
  2382
  
    
		}


  		




  
  2383
  
    
		$mac_entry_long = hexdec(implode($mac_parts));


  		




  
  2384
  
    

  		




  
  2385
  
    
		// Pad client MAC parts with 0 if needed


  		




  
  2386
  
    
		$mac_parts = [];


  		




  
  2387
  
    
		foreach (explode(':', $mac) as $macpart) {


  		




  
  2388
  
    
			$mac_parts[] = str_pad($macpart, 2, '0', STR_PAD_LEFT);


  		




  
  2389
  
    
		}


  		




  
  2390
  
    
		$mac_long = hexdec(implode($mac_parts));


  		




  
  2391
  
    

  		




  
  2392
  
    
		// check against the masked MAC address


  		




  
  2393
  
    
		if (($mac_long & (-1 << (48 - $mac_entry_mask))) == ($mac_entry_long & (-1 << (48 - $mac_entry_mask)))) {


  		




  
  2394
  
    
			$action = $passthrumac['action'];


  		




  
  2395
  
    
			$matched = true;


  		




  
  2396
  
    
		}


  		




  2371
  2397
  
    

  		




  2372
  
  
    
	foreach ($config['captiveportal'][$cpzone]['passthrumac'] as $passthrumac) {


  		




  2373
  
  
    
		if (($passthrumac['action'] == 'block') &&


  		




  2374
  
  
    
		    ($passthrumac['mac'] == strtolower($mac))) {


  		




  2375
  
  
    
			return true;


  		




  
  2398
  
    
		// a specific match takes precedence over a partial match


  		




  
  2399
  
    
		if ($mac_entry_mask == 48) {


  		




  
  2400
  
    
			break;


  		




  2376
  2401
  
    
		}


  		




  2377
  2402
  
    
	}


  		




  2378
  2403
  
    

  		




  2379
  
  
    
	return false;


  		




  
  2404
  
    
	if ($matched && $action == 'block') {


  		




  
  2405
  
    
		return true;


  		




  
  2406
  
    
	}


  		




  2380
  2407
  
    

  		




  
  2408
  
    
	return false;


  		




  2381
  2409
  
    
}


  		




  2382
  2410
  
    

  		




  2383
  2411
  
    
/* Captiveportal Radius Accounting */


  		












Also available in:  Unified diff