[isf-wifidog] possible http_callback_auth bug,
and pinginterval addition
Scott Tully
scott.tully at gmail.com
Mar 18 Oct 09:00:25 EDT 2005
I have noticed something odd when a gateway is a long distance from
the authserver. It seems that the gateway initiates a second
authentication request before the first is completely finished. This
behaviour does not create an error but it does result in multiple
iptable rules for the same client.
I found this in http_callback_auth:
/* We have their MAC address */
LOCK_CLIENT_LIST();
if ((client = client_list_find(r->clientAddr, mac)) == NULL) {
debug(LOG_DEBUG, "New client for %s", r->clientAddr);
client_list_append(r->clientAddr, mac, token->value);
} else {
debug(LOG_DEBUG, "Node for %s already exists", client->ip);
}
UNLOCK_CLIENT_LIST();
authenticate_client(r);
free(mac);
==============================
The authenticate_client function is called whether the client is
already in the client list or not. This results in fw_allow being
called a second time and duplicate firewall rules being added to the
gateway. This results in a set of rules not being deleted when the
client logs out.
I changed it to:
/* We have their MAC address */
if ((client = client_list_find(r->clientAddr, mac)) == NULL)
{
debug(LOG_DEBUG, "New client for %s", r->clientAddr);
LOCK_CLIENT_LIST();
client_list_append(r->clientAddr, mac, token->value);
UNLOCK_CLIENT_LIST();
authenticate_client(r);
}
else
{
debug(LOG_NOTICE, "Node for %s already exists", client->ip);
}
free(mac);
==========================
now all is well. My gateway in Denmark is working properly now. Any
insight as to why would be appreciated. Is this a bug, or is there a
reason the code was written this way? Seems to only be an issue when
latency is an issue. i have not noticed any ill behavior since the
change.
On another note - I also made another hack to my fork of wifidog for
a new config option called pinginterval. I wasn't happy when i
changed my clientinterval to 150 seconds and noticed that the server
"ping - pong" also slowed to the same interval. This way i can keep
the server ping at 60 seconds and have the clients at 150. I would
offer a patch, but there are too many other differences. Just thought
i would suggest...
Regards,
Scott
More information about the WiFiDog
mailing list