[isf-wifidog] Supporting opening the firewall if the auth servers
are all unreachable.
Rob Janes
janes.rob at gmail.com
Dim 19 Fév 13:10:23 EST 2006
We got working on it, and there were some problems. Anybody have some
advice?
Me, Terrence and a mystery woman got together at the linuxcaffe under
the watchful eyes of the Dungeon master, David. I don't know the woman's
name, and wouldn't you know it, she did all the work. We identified all
the pieces that need to be changed (util.c, pingxxx.c, fw_iptables.c),
and how to go about it. The woman used her mac laptop to login to the
server in the dungeon downstairs and setup the open wart toolchain. She
had problems with the install instructions. She was able to build the
executables wifidog and wdctl, but could not build the package.
>wget http://downloads.openwrt.org/whiterussian/newest/OpenWrt-SDK-Linux-i686-1.tar.bz2
>
bunzip2 and tar x, and we have our build root.
> ./ipkg/rules BUILDROOT=˜/OpenWrt-SDK-Linux-i686-1
1. This does not work. The bare bones toolchain does not have iptables
in it. It would be nice if we didn't have to set aside 2 gig and 2 days
to build up a full toolchain.
2. neither make clean nor make distclean removes the build-wifidog-stamp
file. Oops, that's cause there's no iptables in the build root. The rm's
aren't done cause that step errors out and the makefile bails.
> ./ipkg/rules BUILDROOT=˜/OpenWrt-SDK-Linux-i686-1 build-wifidog
this starts building wifidog. Oops, it can't find the mipsel cross c
compiler. hmmm
> ./ipkg/rules BUILDROOT=˜/OpenWrt-SDK-Linux-i686-1
> STAGING_DIR=˜/OpenWrt-SDK-Linux-i686-1/staging_dir_mipsel build-wifidog
This builds wifidog. Now, how to get the package. From looking at the
makefile, I can see that "binary" is the target to use, but it's going
to try to build iptables, pthread and ipkg-utils.
> ./ipkg/rules BUILDROOT=˜/OpenWrt-SDK-Linux-i686-1
> STAGING_DIR=˜/OpenWrt-SDK-Linux-i686-1/staging_dir_mipsel install-wifidog
This stages the binaries in the package buildin' directory.
But, I don't see any way to unbundle the package stuff under binary. If
I use the binary target it will try to install iptables, pthread and
ipkg-utils and die.
ipkg-build is not in build_mipsel/staging_dir as required by the
makefile, it's in staging_dir_mipsel/usr/bin.
I'm going to hack the makefile until it works, but it looks like it will
be substantially different. moreover, i can't verify backwards
compatibility cause openwrt rc4 is different. this makefile will not
work with RC4. I have the full 2gig build on my hard drive too.
I'm not sure what to do with this tho. It's clearly incompatible with
what's in there now, but what's in there now does not work with the
latest openwrt.
Any advice? Or, what am I doing wrong?
-rob
Benoit Grégoire wrote:
>On February 8, 2006 03:49 pm, Gabe Sawhney wrote:
>
>
>>The failover => )open( thing is high on my priority list... it might
>>be the project I'd like to work on at a router geeknight...
>>
>>David: I suspect that there's not much programming required -- I think
>>it's just a matter of hacking the iptables rulesets that wifidog
>>manipulates on the router.
>>
>>
>
>Indeed, this should be a pretty easy project. The client already maintains a
>flag to tell if all the auth servers are down. It should only be a matter of
>hooking in the auth server status code, adding a short circuit firewall rule
>somewhere in the tables, and clearing it once an auth server becomes
>available again.
>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>WiFiDog mailing list
>WiFiDog at listes.ilesansfil.org
>http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
More information about the WiFiDog
mailing list