[isf-wifidog] possible http_callback_auth bug, and pinginterval addition

Scott Tully scott.tully at gmail.com
Mar 18 Oct 09:00:25 EDT 2005 

I have noticed something odd when a gateway is a long distance from
the authserver. It seems that the gateway initiates a second
authentication request before the first is completely finished. This
behaviour does not create an error but it does result in multiple
iptable rules for the same client.

I found this in http_callback_auth:

/* We have their MAC address */

LOCK_CLIENT_LIST();

if ((client = client_list_find(r->clientAddr, mac)) == NULL) {
debug(LOG_DEBUG, "New client for %s", r->clientAddr);
client_list_append(r->clientAddr, mac, token->value);
} else {
debug(LOG_DEBUG, "Node for %s already exists", client->ip);
}

UNLOCK_CLIENT_LIST();

authenticate_client(r);
free(mac);

==============================

The authenticate_client function is called whether the client is
already in the client list or not. This results in fw_allow being
called a second time and duplicate firewall rules being added to the
gateway. This results in a set of rules not being deleted when the
client logs out.

I changed it to:

/* We have their MAC address */
if ((client = client_list_find(r->clientAddr, mac)) == NULL)
{
  debug(LOG_DEBUG, "New client for %s", r->clientAddr);

  LOCK_CLIENT_LIST();
  client_list_append(r->clientAddr, mac, token->value);
  UNLOCK_CLIENT_LIST();

  authenticate_client(r);
}
else
{
  debug(LOG_NOTICE, "Node for %s already exists", client->ip);
}
free(mac);

==========================

now all is well.  My gateway in Denmark is working properly now.  Any
insight as to why would be appreciated. Is this a bug, or is there a
reason the code was written this way?  Seems to only be an issue when
latency is an issue. i have not noticed any ill behavior since the
change.


On another note -  I also made another hack to my fork of wifidog for
a new config option called pinginterval.  I wasn't happy when i
changed my clientinterval to 150 seconds and noticed that the server
"ping - pong" also slowed to the same interval. This way i can keep
the server ping at 60 seconds and have the clients at 150. I would
offer a patch, but there are too many other differences. Just thought
i would suggest...


Regards,
Scott

More information about the WiFiDog mailing list