[wd-isf] update & networking code re-factorization

Wed Feb 9 01:04:33 EST 2005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Some updates in CVS

Since the captive DNS and the online/offline detection go hand in hand,
all my commits are in the "CaptiveDNS" branch until it's stable.

~From the changelog of the last commit:

~ ======
* Consolidated much of the networking calls to the auth servers into a
magical function called connect_auth_server() that's responsible for dns
lookup, connecting, marking servers bad, marking
online/auth/online/offline, and refreshing the firewall rules.

* Added new functions mark_auth_online(), mark_auth_offline() and
is_auth_online() - similar in nature to is_online() etc. except tailored
to decide on auth servers status - currently being called by
connect_auth_server()

* Different apology in 404 handler depending on whether internet is down
or just auth server is down

* wdctl status now shows status of is_online and is_auth_online
~ ======

I believe that the re-factorization of the code into the new opaque
connect_auth_server() function will fix the problem of the effect of the
auth server's IP changing once and for all.

Some new functions of interest:

is_online() - returns true when the router is online, false when it's not
is_auth_online() - returns true when an auth server is online, false if not

These 2 functions are not realtime.  They rely on hints given by
previous calls to mark_online(), mark_offline(), mark_auth_online() and
mark_auth_offline() - these 4 functions are already called appropriately
from wd_gethostbyname() and the new connect_auth_server() above, so
there's no need to worry about them.

Two things left for this branch to be considered stable IMO:

1. Set up a config section to specify pass-through hostnames that the
fake DNS server will reply with the real IP for.  There's no need to
specify the hostnames of the auth servers there since those are already
considered.

2. Bugfix: When client deals with fake DNS, iptables' conntrack
remembers that connection so even after successful authentication it
keeps sending them to it (see /proc/net/ip_conntrack for details) - need
to find a way to kill that conntrack entry as part of the firewall allow
for the IP address upon authentication

Otherwise, it works. It apologizes to the user if the internet is down.
It apologizes (different apology) if the net is up but the auth server
is down.  If we ever decide that in the second scenario we want to let
the user browse for example, it would be trivial to implement with this
framework.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCCafxeS99pGMif6wRAt/gAKCb/hkyqPEXg2yR+Qsfsy3O7fO9KQCfWba+
S+4EdNwWaah/ouWeVOYmTUo=
=bkm9
-----END PGP SIGNATURE-----
_______________________________________________
wifidog mailing list
wifidog at listes.ilesansfil.org
http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog-listes.ilesansfil.org