[ previous ] [ next ] [ threads ]
 
 From:  "Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
 To:  <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  Bug in captive portal rulenumber wrapping
 Date:  Thu, 9 Mar 2006 22:40:54 +0100
There's a potential bug when doing a wrap in this way.

When you use CP "Allowed IP Addresses" every rule adds to the overall
ruleno.

So when you for example have 3 allowed ip addresses rules your ruleno
will start from 10003 instead of 10000. When a wrap happens, it will
start again from 10000 which is incorrect because it should be 10003.

I know, 9899 different logins is a lot but people could still reach this
limit when they got a lot of people login in and out on one day. On
4days running I already had 72 sessions (18 sessions/day) but I think
there are people with much more sessions a day. I could be paranoid on
this but I think we need another method.

Idea's are welcome (I was thinking about resetting when nobody is logged
in but this could become a problem when you have a pretty busy hotspot
and there's always somebody logged-in ;) )

 /* write next rule number */
    $fd = @fopen("{$g['vardb_path']}/captiveportal.nextrule", "w");
    if ($fd) {
        $ruleno++;
        if ($ruleno > 19899)
            $ruleno = 10000;    /* wrap around */
        fwrite($fd, $ruleno);
        fclose($fd);
    }



--
Jonathan De Graeve
Network/System Administrator
Imelda vzw
Informatica Dienst
015/50.52.98
Jonathan dot de dot graeve at imelda dot be