Captive Portal - Clients not timing out

stompro

Hello,

I'm playing around with the captive portal on version 2.0-ALPHA-ALPHA built on Sat Aug 22 01:39:53 UTC 2009 FreeBSD 7.2-RELEASE-p3 nanobsd.

The setup for the captive portal works fine, the splash page comes up, and access is granted.  The problem is that even though the client meets the requirements for an idle timeout, and the entry gets purged from /var/db/captiveportal.db, the client can still make outgoing connections.

The client's ip address is still listed in ipfw table 3 (ipfw table 3 list).

I'm wondering if there is a bug in the function function captiveportal_disconnect, in file etc/inc/captiveportal.inc.

It contains the following, which deletes the clients ip from table 4 twice.

        mwexec("/sbin/ipfw table 4 delete {$dbent[2]}");
        mwexec("/sbin/ipfw table 4 delete {$dbent[2]}");
        mwexec("/sbin/ipfw delete {$dbent[1]}");

Should one of those be table 3 delete?  It seems like if it really required a double delete, someone would have added a comment because that does look odd and a comment would prevent malcontents like me from posting to the list.

AFAICT this hasn't been fixed yet according to rcs.pfsense.org, if it is indeed a bug.

Thanks
Josh

stompro

When I change one of those lines to delete table 3, everything seems to work now.

When I remove an entry from the captive portal status page, it fully removes the client and the client loses access like it should.

If I wait for the soft/idle timeout time to pass, the client is fully removed and loses access.

I will submit a patch for this change and a few spelling mistakes in the captive portal include file.
Josh

rojocesar

hi stompro you can tell me when i can download from snapshot without problem of idle time out..
thanks

stompro

Here is a patch that makes this change, and fixes a couple other typos I noticed.

I'm not at all familiar with git so I haven't tried setting up a gitorious account and doing merge requests.  I'll try to get there eventually.

Patch is attached.

Developer's Certificate of Origin

Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate open source
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same open source license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or

© The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the open source license(s) involved.

Signed-off-by:Josh Stompro pfsense@stompro.org

0003patch.txt

eri--

I updated the typo and not the commnets.

rojocesar

i will prove the last snapshot pfsense .. i hope that limiter and captivel portal is fixed too… thanks ermal

stompro

Was there something wrong with the comment fixes?
Josh

@ermal:

I updated the typo and not the commnets.

eri--

No, just i am not the person(english one) to review them.
Send them to coreteam@

stompro

Thanks, I will do that.
Josh

rojocesar

and what's happend with limiter and captive portal problems??? is it fixed???  :'(