9797d7e allow using a shared service->captive for multiple instances
ad7eb8e rename strict-isolation -> strict-forwarding
43c44c1 force spotfilter off prior to config apply
11fffcf captive: fix credentials configuration
Signed-off-by: John Crispin <john@phrozen.org>
This commit fixes a bug where the SSID value would be set to "unknown"
in spotfilter data when the hostapd call returned without SSID data; but
this value was not propagated internally, resulting in a null value
being used in other parts of the portal code. Furthermore, if the
hostapd call returned null data, the spotfilter assignment correctly
handled this case but not the subsequent internal assignment, resulting
in a potential null dereference and crash.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
This commit removes CONNMARK marking of all authenticated clients
packets. In client_kick() we now delete all conntrack entries for the
client.
This simplifies firewall.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Default firewall rules apply to unauthenticated clients, there is no
need to specifically fwmark their packets. This reduces the firewall
complexity and makes very clear what happens "by default".
Add a preliminary README with a sample firewall illustrating this setup.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
This file is run by /etc/init.d/uspot, uses /etc/config/uspot and
basically handles uspot state (beyond mere accounting).
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Avoid again having the init and exit stages of a specific subsystem
spread across multiple modules.
We no longer need to lowercase the MAC address and can use the
spotfilter native (uppercase) format for ratelimit calls.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
When a client is removed, call ratelimit client_delete to remove any
lingering related bandwidth limits.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Now that accounting is entirely handled in accounting.uc, the rest of
the system no longer needs to carry around that information.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
This commit introduces an "acct_start" ubus endpoint for accounting.uc
that is used to register a new client and start accounting.
This moves the entirety of accounting management under accounting.uc,
instead of having e.g. the RADIUS Start call separate in handler-uam.uc.
Furthermore, accounting.uc no longer needs to poll for new clients: they
are now registered from portal.allow_client().
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
RFC[1] says that Acct-Session-Id should be an UTF-8-encoded string.
Increase uniqueness by using hex values instead of decimal ones.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
The RFC[1] says about Acct-Status-Type:
It MAY be used by the client to mark the start of accounting (for
example, upon booting) by specifying Accounting-On and to mark the
end of accounting (for example, just before a scheduled reboot) by
specifying Accounting-Off.
The RFC errata[2] further specifies that Accounting-On and
Accounting-Off messages apply to the whole NAS.
The RFC also mandates that[3]:
Either NAS-IP-Address or NAS-Identifier MUST be present in a
RADIUS Accounting-Request. It SHOULD contain a NAS-Port or NAS-
Port-Type attribute or both unless the service does not involve a
port or the NAS does not distinguish among its ports.
And[4]:
An Accounting-Request packet MUST have an Acct-Session-Id.
The Acct-Session-Id SHOULD contain UTF-8 encoded 10646 characters.
Finally the freeRADIUS recommendations here[5] suggest that:
1. Acct-Status-Type = Accounting-On should not be used to indicate
sub-system reboot.
2. IANA should allocate two new values for Acct-Status-Type:
Subsystem-On, and Subsystem-Off. These values have meaning similar
to Accounting-On and Accounting-Off, except that they apply to a
subystem of the NAS.
3. NASes should use these new values to indicate subsystem on/off.
4. The Called-Station-Id attribute should contain values unique to each
subsystem.
5. The NAS should signal that the entire system has rebooted by using
the existing Accounting-On and Accounting-Off values, with a value
for Called-Station-Id that is global to the NAS, or to omit it
entirely.
In order to reconcile all this, this commit implements Accounting-On and
Accounting-Off requests as follows:
- When accounting.uc is started, it loops through each uspot interface
and keeps track of the acct_server seen for each interface. Then for
each interface that do not use a previously seen server, it generates
a unique session ID, and sends an Accounting-On request to the
RADIUS server, using this session ID and the configured NAS-ID.
- When accounting.uc stops, it sends an Accounting-Off request for each
uspot interface for which an Accounting-On message was previously sent,
using the same global session ID.
If/when the Subsystem-On/Subsystem-Off values are implemented, this
commit can be revisited to simply lift the restriction on unique servers
and change the acct_type value accordingly.
Finally, it appears that while NAS-ID is provided in the request thus
making NAS-IP unnecessary, libradcli still includes this field in the
request. Likewise, it also insists on sending a NAS-Port attribute.
[1]: https://datatracker.ietf.org/doc/html/rfc2866#section-5.1
[2]: https://www.rfc-editor.org/errata_search.php?rfc=2866
[3]: https://datatracker.ietf.org/doc/html/rfc2866#section-4.1
[4]: https://datatracker.ietf.org/doc/html/rfc2866#section-5.5
[5]: https://freeradius.org/rfc/acct_status_type_subsystem.html
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
In order to send RADIUS accounting requests at the NAS level (for e.g.
Accounting-On/Off), radius_init() and radius_call() are made to accept a
null mac argument.
For radius_call() we fall back to the acct_session value (which is
required to be present per RFC) to construct the temporary file name.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
NAS-ID is a mandatory setting in configuration. This will be useful to
support Accounting-Off frames.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Now that accounting.uc no longer needs the per-client radius server
information, there is no reason to publish these sensitive secrets in
cleartext in spotfiler data.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Address RADIUS accounting server from the global settings, and call
client_interim() only if accounting is globally enabled for that
interface.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Before this commit, interface-wide settings (mainly radius) were stored
per client, resulting in duplicate data.
This commit runs a first pass that renames the "clients" global variable
to "interfaces" which is expected to have the following content:
interfaces {
settings {},
clients {},
}
Thus the settings are stored per interface now, and the list of clients
belonging to that interface is stored within the object.
This change enables us to also remove direct calls to uci configuration
in the code and thus we no longer need to store it locally.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
If a client "disappears" from wireless, spotfilter eventually wipes
their state data before the accounting removal occurs. Thus in
radius_acct(), the ubus call returns empty and no RADIUS accounting Stop
frame is sent in this condition, leaving a dangling accounting for the
client.
This commit solves this issue by maintaining a local copy of the most
recent accounting data and sending that when the live data is no longer
available.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Instead of running one timer per client, handle interim reports in the
main loop through a simple comparison between current time and expected
time of next report.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
