[Chilli] Thoughts on making Chilli's DHCP network interface aware
IT-Systemmanagement Pieter Hollants
pieter at hollants.com
Sat May 22 20:27:26 UTC 2010
as you might have noticed I'm working for a customer on the
implementation of a "neat" seperation between the different access
methods provided by CoovaChili. The idea is to allow a user-induced
logout (via "logout" host or "http://x.y.z:3990/logout") only on the
WLAN protected via UAM, while the WLAN using WPA-EAP should not offer
such a possibility.
While I have such functionality readily implemented, the problem with
CoovaChilli's current connection handling is that it can not distinguish
clients based on the network interface they're using. This means that a
client who has authenticated to a WPA-EAP protected WLAN (we can
detected he's using WPA-EAP because we act as radius proxy) correctly
has a new "allow_logoff" flag set to 0. But when he switches to an
ordinary WPA-PSK protected WLAN with UAM in the background, there is no
way to detect this from within CoovaChilli: the client will obtain the
same IP address via DHCP that he had on the WPA-EAP WLAN.
I'm now thinking of extending the hashtable functions in dhcp.c to
include the network interface over which the request came in in the hash
calculation. This would mean that a user gets a new, seperate IP address
when he changes to the WPA-PSK/UAM WLAN, meaning I can set the new
"allow_logoff" flag properly.
Naturally, this does not solve the problem when dhcpif and proxylisten
use the same interface, but the way I see it such a setup would not make
any sense: a WPA-PSK/UAM WLAN would use a seperate VLAN than the WPA-EAP
protected WLAN, and as such a seperate local network interface.
But, before I dive into the code, any comments? Anything obvious I
oversaw why this can't work out anyway?
Dipl.-Wirtsch.-Inform. Pieter Hollants
IT-Systemmanagement Pieter Hollants Tel. : (+49) (0)6192-910717
Rossertstraße 80 Fax : (+49) (0)6192-910713
65830 Kriftel eMail: pieter at hollants.com
More information about the Chilli