| 741 |
741 |
$cpentry[3], // clientmac
|
| 742 |
742 |
10); // NAS Request
|
| 743 |
743 |
captiveportal_ipfw_set_context($cpzone);
|
| 744 |
|
exec("/sbin/ipfw table 1 entryzerostats {$cpentry[2]}");
|
| 745 |
|
exec("/sbin/ipfw table 2 entryzerostats {$cpentry[2]}");
|
|
744 |
pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ZERO_ENTRY_STATS, 1, $cpentry[2]);
|
|
745 |
pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ZERO_ENTRY_STATS, 2, $cpentry[2]);
|
| 746 |
746 |
RADIUS_ACCOUNTING_START($cpentry[1], // ruleno
|
| 747 |
747 |
$cpentry[4], // username
|
| 748 |
748 |
$cpentry[5], // sessionid
|
| ... | ... | |
| 861 |
861 |
if (is_ipaddr($dbent[2])) {
|
| 862 |
862 |
captiveportal_ipfw_set_context($cpzone);
|
| 863 |
863 |
/* Delete client's ip entry from tables 3 and 4. */
|
| 864 |
|
mwexec("/sbin/ipfw table 1 delete {$dbent[2]}");
|
| 865 |
|
mwexec("/sbin/ipfw table 2 delete {$dbent[2]}");
|
|
864 |
pfSense_ipfw_Tableaction($cpzone, 1, IP_FW_TABLE_DEL, $dbent[2]);
|
|
865 |
pfSense_ipfw_Tableaction($cpzone, 2, IP_FW_TABLE_DEL, $dbent[2]);
|
| 866 |
866 |
/* XXX: Redundant?! Ensure all pf(4) states are killed. */
|
| 867 |
|
mwexec("pfctl -k {$dbent[2]}");
|
| 868 |
|
mwexec("pfctl -K {$dbent[2]}");
|
|
867 |
pfSense_kill_states($dbent[2]);
|
|
868 |
pfSense_kill_srcstates($dbent[2]);
|
| 869 |
869 |
}
|
| 870 |
870 |
|
| 871 |
871 |
/*
|
| 872 |
872 |
* These are the pipe numbers we use to control traffic shaping for each logged in user via captive portal
|
| 873 |
873 |
* We could get an error if the pipe doesn't exist but everything should still be fine
|
| 874 |
874 |
*/
|
| 875 |
|
captiveportal_ipfw_set_context($cpzone);
|
| 876 |
|
mwexec("/sbin/ipfw pipe " . ($dbent[1]+20000) . " delete");
|
| 877 |
|
mwexec("/sbin/ipfw pipe " . ($dbent[1]+20001) . " delete");
|
|
875 |
if (!empty($dbent[1])) {
|
|
876 |
pfSense_pipe_action("pipe delete " . ($dbent[1]+20000));
|
|
877 |
pfSense_pipe_action("pipe delete " . ($dbent[1]+20001));
|
| 878 |
878 |
|
| 879 |
|
/* Release the ruleno so it can be reallocated to new clients. */
|
| 880 |
|
captiveportal_free_ipfw_ruleno($dbent[1]);
|
|
879 |
/* Release the ruleno so it can be reallocated to new clients. */
|
|
880 |
captiveportal_free_ipfw_ruleno($dbent[1]);
|
|
881 |
}
|
| 881 |
882 |
|
| 882 |
883 |
// XMLRPC Call over to the master Voucher node
|
| 883 |
884 |
if(!empty($config['voucher'][$cpzone]['vouchersyncdbip'])) {
|
| ... | ... | |
| 1678 |
1679 |
$bw_up_pipeno = $cpentry[1]+20000;
|
| 1679 |
1680 |
$bw_down_pipeno = $cpentry[1]+20001;
|
| 1680 |
1681 |
|
| 1681 |
|
$commands = "";
|
| 1682 |
|
$commands .= "pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100\n";
|
| 1683 |
|
$commands .= "pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100\n";
|
| 1684 |
|
@file_put_contents("{$g['tmp_path']}/reattribute{$cpzone}.rule.tmp", $commands);
|
| 1685 |
|
captiveportal_ipfw_set_context($cpzone);
|
| 1686 |
|
mwexec("/sbin/ipfw -q {$g['tmp_path']}/reattribute{$cpzone}.rule.tmp");
|
|
1682 |
pfSense_pipe_action("pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100");
|
|
1683 |
pfSense_pipe_action("pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100");
|
| 1687 |
1684 |
//captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "RADIUS_BANDWIDTH_REAPPLY", "{$bw_up}/{$bw_down}");
|
| 1688 |
1685 |
|
| 1689 |
1686 |
unset($bw_up_pipeno, $bw_Down_pipeno, $bw_up, $bw_down);
|
| ... | ... | |
| 1838 |
1835 |
mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry_{$cpzone}.rules.tmp");
|
| 1839 |
1836 |
$writecfg = true;
|
| 1840 |
1837 |
} else {
|
| 1841 |
|
captiveportal_ipfw_set_context($cpzone);
|
| 1842 |
|
|
| 1843 |
1838 |
$bw_up_pipeno = $ruleno + 20000;
|
|
1839 |
$bw_down_pipeno = $ruleno + 20001;
|
| 1844 |
1840 |
//$bw_up /= 1000; // Scale to Kbit/s
|
| 1845 |
|
mwexec("/sbin/ipfw pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100");
|
|
1841 |
pfSense_pipe_action("pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100");
|
|
1842 |
pfSense_pipe_action("pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100");
|
| 1846 |
1843 |
|
|
1844 |
captiveportal_ipfw_set_context($cpzone);
|
| 1847 |
1845 |
if (!isset($config['captiveportal'][$cpzone]['nomacfilter']))
|
| 1848 |
|
mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac} {$bw_up_pipeno}");
|
|
1846 |
pfSense_ipfw_Tableaction($cpzone, 1, IP_FW_TABLE_ADD, $clientip, 32, $clientmac, $bw_up_pipeno);
|
| 1849 |
1847 |
else
|
| 1850 |
|
mwexec("/sbin/ipfw table 1 add {$clientip} {$bw_up_pipeno}");
|
| 1851 |
|
|
| 1852 |
|
$bw_down_pipeno = $ruleno + 20001;
|
| 1853 |
|
//$bw_down /= 1000; // Scale to Kbit/s
|
| 1854 |
|
mwexec("/sbin/ipfw pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100");
|
|
1848 |
pfSense_ipfw_Tableaction($cpzone, 1, IP_FW_TABLE_ADD, $clientip, 32, NULL, $bw_up_pipeno);
|
| 1855 |
1849 |
|
| 1856 |
1850 |
if (!isset($config['captiveportal'][$cpzone]['nomacfilter']))
|
| 1857 |
|
mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac} {$bw_down_pipeno}");
|
|
1851 |
pfSense_ipfw_Tableaction("", 2, IP_FW_TABLE_ADD, $clientip, 32, $clientmac, $bw_down_pipeno);
|
| 1858 |
1852 |
else
|
| 1859 |
|
mwexec("/sbin/ipfw table 2 add {$clientip} {$bw_down_pipeno}");
|
|
1853 |
pfSense_ipfw_Tableaction("", 2, IP_FW_TABLE_ADD, $clientip, 32, NULL, $bw_down_pipeno);
|
| 1860 |
1854 |
|
| 1861 |
1855 |
if ($attributes['voucher'])
|
| 1862 |
1856 |
$attributes['session_timeout'] = $remaining_time;
|
Added by Ermal LUÇI over 12 years ago
Switch all the actions(pipe create/table modify/get mac address) during fast path of CP to pfSense modules ones.