Captive Portal - Clients not timing out
-
Hello,
I'm playing around with the captive portal on version 2.0-ALPHA-ALPHA built on Sat Aug 22 01:39:53 UTC 2009 FreeBSD 7.2-RELEASE-p3 nanobsd.
The setup for the captive portal works fine, the splash page comes up, and access is granted. The problem is that even though the client meets the requirements for an idle timeout, and the entry gets purged from /var/db/captiveportal.db, the client can still make outgoing connections.
The client's ip address is still listed in ipfw table 3 (ipfw table 3 list).
I'm wondering if there is a bug in the function function captiveportal_disconnect, in file etc/inc/captiveportal.inc.
It contains the following, which deletes the clients ip from table 4 twice.
mwexec("/sbin/ipfw table 4 delete {$dbent[2]}"); mwexec("/sbin/ipfw table 4 delete {$dbent[2]}"); mwexec("/sbin/ipfw delete {$dbent[1]}");Should one of those be table 3 delete? It seems like if it really required a double delete, someone would have added a comment because that does look odd and a comment would prevent malcontents like me from posting to the list.
AFAICT this hasn't been fixed yet according to rcs.pfsense.org, if it is indeed a bug.
Thanks
Josh -
When I change one of those lines to delete table 3, everything seems to work now.
When I remove an entry from the captive portal status page, it fully removes the client and the client loses access like it should.
If I wait for the soft/idle timeout time to pass, the client is fully removed and loses access.
I will submit a patch for this change and a few spelling mistakes in the captive portal include file.
Josh -
hi stompro you can tell me when i can download from snapshot without problem of idle time out..
thanks -
Here is a patch that makes this change, and fixes a couple other typos I noticed.
I'm not at all familiar with git so I haven't tried setting up a gitorious account and doing merge requests. I'll try to get there eventually.
Patch is attached.
Developer's Certificate of Origin Developer's Certificate of Origin 1.1 By making a contribution to this project, I certify that: (a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or © The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved. Signed-off-by:Josh Stompro pfsense@stompro.org -
I updated the typo and not the commnets.
-
i will prove the last snapshot pfsense .. i hope that limiter and captivel portal is fixed too… thanks ermal
-
Was there something wrong with the comment fixes?
Josh@ermal:
I updated the typo and not the commnets.
-
No, just i am not the person(english one) to review them.
Send them to coreteam@ -
Thanks, I will do that.
Josh -
and what's happend with limiter and captive portal problems??? is it fixed??? :'(