[isf-wifidog] throtting
Ian White
ian.white at datamile-computers.com
Jeu 6 Oct 01:43:11 EDT 2005
Is throtting and user class on the list of changes. Public have already
changed their wifidog to support this.
>From what I've seen they changed,
auth.h
/** @brief
* This structure contains all the information returned by the authentication
server
*/
typedef struct _t_authresponse {
t_authcode authcode; /**< @brief Authentication code returned by the server
*/
t_fw_marks classcode; /**< @brief Class code returned by the server for
dynamic fw mark */
} t_authresponse;
auth.c
case AUTH_ALLOWED:
client->fw_connection_state = auth_response.classcode;
fw_allow(client->ip, client->mac, auth_response.classcode);
_http_redirect(r->clientSock, "http://%s:%d%sportal/?gw_id=%s",
config_get_config()->auth_servers->authserv_hostname,
config_get_config()->auth_servers->authserv_http_port,
config_get_config()->auth_servers->authserv_path,
config_get_config()->gw_id);
break;
i.e. the class of the user comes back as a second item to the auth request.
They have different rulesets in fw_iptables
iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m
mark --mark 0x%u -j " TABLE_WIFIDOG_SUPER, FW_MARK_SUPER);
iptables_load_ruleset("super-users", TABLE_WIFIDOG_SUPER);
iptables_do_command("-t filter -A "
TABLE_WIFIDOG_WIFI_TO_INTERNET " -m mark --mark 0x%u -j "
TABLE_WIFIDOG_TRUSTED, FW_MARK_TRUSTED);
iptables_load_ruleset("trusted-users",
TABLE_WIFIDOG_TRUSTED);
iptables_do_command("-t filter -A "
TABLE_WIFIDOG_WIFI_TO_INTERNET " -m mark --mark 0x%u -j "
TABLE_WIFIDOG_LIBERATED, FW_MARK_LIBERATED);
iptables_load_ruleset("liberated-users",
TABLE_WIFIDOG_LIBERATED);
iptables_do_command("-t filter -A "
TABLE_WIFIDOG_WIFI_TO_INTERNET " -m mark --mark 0x%u -j "
TABLE_WIFIDOG_PROTECTED, FW_MARK_PROTECTED);
iptables_load_ruleset("protected-users",
TABLE_WIFIDOG_PROTECTED);
and marks set in
iptables_fw_access(fw_access_t type, char *ip, char *mac, int tag)
{
int rc;
fw_quiet = 0;
switch(type) {
case FW_ACCESS_ALLOW:
iptables_do_command("-t mangle -A " TABLE_WIFIDOG_OUTGOING " -s
%s -m mac --mac-source %s -j MARK --set-mark %d", ip, mac, tag);
iptables_do_command("-t mangle -A "TABLE_WIFIDOG_THROTTLE" -d %s -j
MARK --set-mark %d",ip,tag);
rc = iptables_do_command("-t mangle -A " TABLE_WIFIDOG_INCOMING
" -d %s -j ACCEPT", ip);
break;
case FW_ACCESS_DENY:
iptables_do_command("-t mangle -D " TABLE_WIFIDOG_OUTGOING " -s
%s -m mac --mac-source %s -j MARK --set-mark %d", ip, mac, tag);
iptables_do_command("-t mangle -D "TABLE_WIFIDOG_THROTTLE" -d %s -j
MARK --set-mark %d",ip,tag);
rc = iptables_do_command("-t mangle -D " TABLE_WIFIDOG_INCOMING
" -d %s -j ACCEPT", ip);
break;
default:
rc = -1;
break;
}
return rc;
}
Look a fairly good solution to me.
More information about the WiFiDog
mailing list