[Wifidog] [Fwd: Re: connection problem]
Mina Naguib
webmaster at topfx.com
Sun Jan 30 23:01:57 EST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Another $0.02: If the ICMP thing doesn't fly, we could go a level lower
by using an ARP ping (who-has 1.2.3.4 ? tell 1.1.1.1). Dug Song's
`dsniff` package has a binary called `arping` that does just that - I've
also seen a similar binary included in the core components of some
distros (for example net-misc/iputils in gentoo has it)
I don't think any client can refuse to reply to ARP pings, otherwise
they wouldn't be online in the first place. Also I don't know of any
personal windows firewalls that can block those (I believe up to windows
XP SP2, normal programs did not have access to raw sockets)
Depending on what you find with your testing, I could go through
arping's code to see how simple it is. The solution may be as simple as
having a wifidog thread looping over all connected IPs every X (where X
is less than the timeout) and arp-pinging them.
Now that I think about it, I don't know if ARP packets would count
against iptables counters or not, making this entire point moot.
hmmm... will test my theories.
Philippe April wrote:
| Okay I implemented a new rule that catches traffic coming from the
| clients to the gateway, however there does not seem to be much going on
| since my laptop still times out if it's not doing anything... It's not
| in CVS.
|
| We could "trigger" traffic, by icmp pinging clients (laptops)... If they
| respond, we get traffic in the client-go-gateway rule.
|
| However, I'm not sure if this will work, maybe some crazy laptops will
| have a firewall that blocks ICMP echo requests. Anyway we could always
| say "you need to respond to icmp requests otherwise you'll time-out.
|
| dnsmasq implements some code to icmp-ping an address before allocating
| it, we could use that.
|
| And btw, at the moment, Supreme is down (seems to be the pppoe
| connection, because I can not log in via the openvpn tunnel).
|
| Hopefully it'll come back up by itself.
|
| On 30-Jan-05, at 6:49 PM, Daniel Drouet wrote:
|
|> If it is indeed the disconnection on inactivity thing, we need to find
|> a fix quickly before ISF's hotspots gain a rep as being unstable or
|> flaky. How much work is involved in going the short lease + counting
|> client to router traffic route?
|>
|> _______________________________________________
|> Wifidog mailing list
|> Wifidog at isf.waglo.com
|> http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com
|>
|>
| Philippe April
|
|
|
| ------------------------------------------------------------------------
|
| _______________________________________________
| Wifidog mailing list
| Wifidog at isf.waglo.com
| http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB/a21eS99pGMif6wRAv2zAJ44y80aH0Eq0pEWMxP3+t+rE9jewACeIV4g
E2BkUMfzj8XIo4XeIGC92iQ=
=sQg3
-----END PGP SIGNATURE-----
_______________________________________________
Wifidog mailing list
Wifidog at isf.waglo.com
http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com
More information about the Wifidog
mailing list