[isf-wifidog] Wifidog rewrite and protocol v2

Philippe April isf_lists at philippeapril.com
Jeu 27 Mar 16:23:11 EDT 2008


>
> - support for multiple gateway interfaces. I intend to implement  
> that for
>  the current codebase since I will need that soonish (I was expecting
>  to need that this week already but plans changed a bit).

We'll definitely keep that in mind.

> - the gateway should dump status to disk regularly and read that in on
>  startup. Currently if you restart wifidog all your active session are
>  gone. For me that is bad for two reasons: it is a bad user  
> experiences
>  for users who suddenly need to login again, and it means the auth
>  server never gets told about those sessions being ended, which means
>  my account data becomes incomplete/invalid.

I'd like the new version to download the current state (which the auth  
server should know) from the auth server, and reinsert the rules in.  
If for some reason the auth server is down, there should be a default  
policy (that feature has been asked quite a few times) that will say  
either "allow everybody since we can't auth them", or "deny, and tell  
them why" (using a local html page!)

>
> - a hook for the auth server (or IDS or something else) to tell the
>  gateway to immediately close an open session. This is needed to
>  shutdown people who are caught spamming, spreading viruses or doing
>  other bad things (which unfortunately happens all too often).

Again, I'd like v2 of the gateway and protocol to be able to receive  
"commands" from the auth server. Commands could be:
- throttle down this user (QoS)
- block access to that particular host
- deny access completely
- trust this mac address

etc.

On a startup, the protocol could dictate all the rules again... Trust  
these mac addresses.. allow this user (because I know he was already  
logged in not long ago), etc.


Plus d'informations sur la liste de diffusion WiFiDog