[isf-wifidog] Wifidog rewrite and protocol v2

Philippe April isf_lists at philippeapril.com
Mar 25 Mar 11:20:21 EDT 2008 

Hi,

Big email, watchout.

This weekend, I spent quite a few hours working on a rewrite of  
wifidog gateway.

My personal goal for this is to make the gateway even more generic and  
dumb than it was, and implement new ideas and concepts, including the  
v2 protocol.

Here's what I've done so far, I started from scratch and kept and  
changed only the code I wanted:

1. Removed a lot of the configuration variables. Right now, there's no  
more configuration file, everything is passed on the command line. If  
there's a need, we can go back to a configuration file easily.

The thinking behind this is: wifidog needs an auth server, so it could  
get all its config from the auth server, on initialisation. So right  
now, on startup, I connect to the auth server and ask for the  
configuration (which could include firewall rules, global QoS  
settings, etc.). Once the configuration has been gotten, I startup. If  
the auth server doesn't give the config, it probably won't  
authenticate anyway. That part is well implemented and works so far.  
If we feel the need, we can go back to a complex configuration file,  
but I'd rather start small and clean.

People who want to use wifidog without an authentication? We'll see if  
we really want this, and if we do, maybe add code to support that as a  
plugin.

The variables needed for startup:
	--auth <authserver_hostname>
	--lan <lan interface>

If we can keep it this short, it'll be neat. There's a lot we need to  
look at regarding the paths for wifidog to work, if we go RESTful or  
not, etc. and make sure it's not all hardcoded (unless the naming is  
so great we never feel the need to change it). Again, to keep the code  
base clean and short, I'll start with this.

2. Once we got the configuration from the auth server, startup is  
initiated... Firewall rules, etc.

3. The "ping thread" which was sending status information is renamed  
to a "status thread". The status thread will also send all statistics,  
etc, so only one big/bigger packet instead of Y connections for Y  
clients connected.

The status thread will communicate statistics, connected clients,  
uptime, etc. Thoughts: the auth server could reply with configuration  
changes, deny clients, change QoS rules for a particular person, etc.  
Basically, flexibility.

This "send status" call is the connection that's initiated on startup  
(reusing code).

I'm thinking of doing basically a DIFF of what's pushed from the auth  
server with what we have local. That way, on startup we can resume  
where we were, since the auth server KNOWS who should be connected.  
That removes all the code that was there for support "wdctl restart",  
which was quite a huge hack.

This part is almost finished.

4. I redid the way we block/allow traffic in iptables so it can be  
made "per client" (not with "MARK" anymore)

5. There's basic QoS support. The auth server can push limits (max  
incoming kbps, max outgoing kbps) and limit clients too, but I lack  
experience with QoS support so I'll need to research. If anybody can  
help, it'd be great.

6. There's no more linked list in memory that keeps who's connected,  
it's redundant information, as we can find everything from the auth  
server, or from the local firewall rules.

7. For the protocol v2, I made my code clean enough so when the  
protocol v2 is defined and "final" we can put it in easily. I know  
that for now we had talking about XML, or YAML, but I tried to find  
parsers (light ones), but nothing worked easily. I went for JSON,  
there's an easy parser and generator which is light, and works just  
like DOM pretty much, I would recommend using that.

8. I made json-c included in the project and linked statically because  
it's light and it'll be easier to deploy on WRT54G's, there will just  
be a static wifidog library. I linked libhttpd statically too.

I think that's all I've done so far.

If you're wondering, I'm not working on it all alone. I've talked to  
people already regarding the basic philosophy of the gateway to make  
sure I wasn't just thinking alone and coding scrap, but I'd really  
like to keep the gateway super clean, and as small as possible, and  
make it easy to customize if people have specific needs without  
necessarily "activating" the code... maybe plugins configured by ./ 
configure switches...

If anybody has requests/ideas/comments, QoS experience, etc. Please  
speak up!

Philippe April

Plus d'informations sur la liste de diffusion WiFiDog