macallowlocal with uamanyip doesn't work

Gunther Mayer gunther.mayer at googlemail.com
Sat May 3 19:05:58 UTC 2008


Hi,

Seeing that nobody replied to this one I started digging into the code 
myself and found that the required routes weren't set up at all for 
macallowlocal or even macauth cases for that matter. I whipped up a 
patch against 1.0.11 to address this and came up with a route_add/delete 
helper function that cb_dhcp_request (once before each return statement) 
and cb_dhcp_disconnect (where the route deletion code sits) call. If 
anybody is interested in that patch I'm happy to send them on.

I tried to port it to svn r167 but I realised that David has already 
done something very similar with the net_add_route/net_del_route macros. 
However, it still doesn't work as the current place where the route 
addition sits (dhcp_set_addrs) isn't called when macallow or macauth are 
active. I'm gonna code this up along the lines of my 1.0.11 patch and 
submit it if nobody objects to this.

By the way, what is the reason for the

#warning fix this
    /*XXX: todo! net_delete_route(&tuntap(tun)); */

in tun.c? If we correctly delete routes in cb_dhcp_disconnect I don't 
see a reason why the tun code also needs to do this - when we take down 
the interface all static routes will go with it.

Gunther

Gunther Mayer wrote:
> Hi again,
>
> I realised today that static ip (misconfigured) clients that are 
> supposed to be given access with uamanyip don't have ANY sort of 
> connection when they are additionally macallowed with the 
> macallowlocal option. I noticed this problem with both 1.0.11 and 
> latest svn and neither a debug nor a debugfacility 255 would give me 
> any clues to why this wouldn't work.
>
> To reproduce:
>
>    1. Pick a hotspot client, configure its static IP with totally
>       random ip settings (static ip, gateway within subnet and any
>       usable dns, preferably with uamanydns)
>    2. Turn on uamanyip on the chilli box with suitable statip subnet
>       and restart chilli
>    3. Back on the client you'll see that it'll get redirected to the
>       portal page as expected and can even ping, ssh or whatever the
>       chilli box when using its dhcplisten ip address
>    4. Now add "macallowed <client mac address>" together with the
>       "macallowlocal" option into chilli.conf and restart chilli
>    5. The client now has no access whatsoever, no Internet access,
>       cannot ping the chilli box, nothing. A tcpdump on the chilli box
>       shows the packets coming in from the client but no response ever
>       coming in
>
> While I'm pretty sure this time there aren't any dodgy firewall rules 
> messing up my setup I'd like somebody to confirm this problem and then 
> perhaps fix it?
>
> Gunther
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20080503/a33778ca/attachment.htm>


More information about the Chilli mailing list