hi paul i am realy interested in this area as well we made modification
to show logged in and logged via a more simplistic login logout script.
i personally feel that time would be better spent on queuing to assist
with sorting out dummynet and ipfilter queues as mpd already has
integration here.
and class based queues are great with this . personally a dont this altq
is up to the task of managing lots of queues for lots of cbq but is
great for service based queing.
look forward to some more feedback on this as well
On Fri, 2007-03-16 at 10:52 +0100, Paul wrote:
> I am including this patch here as it might be interesting for others and
> because I would like some comments on it: It's against RELENG_1 but can
> easily be adapted to HEAD.
>
> The patch enables an inetd process which will show the currently logged
> pppoe users. This can be easily hacked into freeradius so that double
> logins can be checked for.
>
> Modifications are for filter.inc (running the secondary inetd server,
> separated from the one for FTP running on localhost). I'm not sure if
> this is the best place, but since the other inetd server in started
> here... I placed in the same file.
>
> 3 scripts are included. One generic for login and logout users + 2
> adaptation for the mpd daemon. they should be set executable before they
> will be used by mpd.
>
> Everything runs nicely on my production/test system.
>
> If anybody is interested in the freeradius checkrad modification that is
> compatible with the following patch, please ask and I'll post it.
>
> The next step is to redirect each ng interface to a specific queue and
> set the speed on this queue according to the user (via radius issued
> filter-id). This requires a modified mpd (this is easy) but I would like
> some hints on how to modify the current queue discipline. It seems that
> any modification can easily break the magic shaper wizard stuff. Any
> help in this area will be greatly appreciated.
>
> Paul.
>
> Patch follows:
>
> ---- cut here ----
> diff -NrU 3 /usr/jails/pfsense/home/pfsense/pfSense/etc/inc/filter.inc
> pfSense/etc/inc/filter.inc
> --- /usr/jails/pfsense/home/pfsense/pfSense/etc/inc/filter.inc Fri
> Feb 23 21:38:59 2007
> +++ pfSense/etc/inc/filter.inc Sun Feb 25 20:24:45 2007
> @@ -799,6 +799,15 @@
> $natrules .= "rdr on \$wan proto ipv6 from any to any ->
> {$config['diag']['ipv6nat']['ipaddr']}\n";
> }
>
> + $inetd_fd = fopen("/var/etc/inetd-static.conf", "w" );
> + fwrite( $inetd_fd,
> "pppoedusers\tstream\ttcp\tnowait\tnobody\t/usr/local/bin/loguser.sh\tloguser.sh
>
> who\n" ) ;
> + fclose($inetd_fd);
> + $helpers = trim(exec("/bin/ps ax | /usr/bin/grep inetd |
> /usr/bin/grep -v grep | /usr/bin/grep inetd-static"));
> + if(!$helpers)
> + mwexec("/usr/sbin/inetd -wW -R 0 /var/etc/inetd-static.conf");
> + else
> + mwexec("/usr/bin/killall -HUP inetd");
> +
> if(file_exists("/var/etc/inetd.conf"))
> mwexec("rm /var/etc/inetd.conf");
> touch("/var/etc/inetd.conf");
> @@ -1100,7 +1109,6 @@
> mwexec("/usr/sbin/inetd -wW -R 0 -a 127.0.0.1
> /var/etc/inetd.conf");
> else
> mwexec("/usr/bin/killall -HUP inetd");
> -
> }
> }
>
> diff -NrU 3 /usr/jails/pfsense/home/pfsense/pfSense/etc/inc/vpn.inc
> pfSense/etc/inc/vpn.inc
> --- /usr/jails/pfsense/home/pfsense/pfSense/etc/inc/vpn.inc Thu Feb
> 8 23:03:23 2007
> +++ pfSense/etc/inc/vpn.inc Sun Feb 25 19:09:13 2007
> @@ -895,6 +895,8 @@
> new -i {$ngif} pppoe{$i} pppoe{$i}
> {$isssue_ip_type}
> load pppoe_standart
> + set iface up-script /usr/local/bin/loginuser.sh
> + set iface down-script /usr/local/bin/logoutuser.sh
>
> EOD;
> }
> @@ -1019,4 +1021,4 @@
> return 0;
> }
>
> -?>
> \ No newline at end of file
> +?>
> diff -NrU 3 /usr/jails/pfsense/home/pfsense/pfSense/etc/services
> pfSense/etc/services
> --- /usr/jails/pfsense/home/pfsense/pfSense/etc/services Sat Jan 28
> 01:20:26 2006
> +++ pfSense/etc/services Sun Feb 25 19:12:06 2007
> @@ -4107,3 +4107,4 @@
> wnn6_Tw 22321/tcp #Wnn6 (Taiwanse input)
> wnn6_Kr 22305/tcp #Wnn6 (Korean input)
> wnn6_DS 26208/tcp #Wnn6 (Dserver)
> +pppoedusers 9200/tcp # custom PG for logged in users
> diff -NrU 3
> /usr/jails/pfsense/home/pfsense/pfSense/usr/local/bin/loginuser.sh
> pfSense/usr/local/bin/loginuser.sh
> ---
> /usr/jails/pfsense/home/pfsense/pfSense/usr/local/bin/loginuser.sh
> Thu Jan 1 01:00:00 1970
> +++ pfSense/usr/local/bin/loginuser.sh Sun Feb 25 18:36:29 2007
> @@ -0,0 +1,17 @@
> +#!/bin/sh
> +# MPD adaptation script for loguser.sh
> +# will call loguser.sh with the proper parameters
> +
> +loguser="/usr/local/bin/loguser.sh"
> +
> +# grab parametres from commandline
> +user=$5
> +iface=$1
> +clientip=$4
> +
> +if [ -z "$user" ] ; then
> + echo "Usage: loginuser.sh <iface> <proto> <local-ip>
> <remote-ip> <auth-name>"
> + exit ;
> +fi
> +
> +$loguser login $user $iface $clientip
> diff -NrU 3
> /usr/jails/pfsense/home/pfsense/pfSense/usr/local/bin/logoutuser.sh
> pfSense/usr/local/bin/logoutuser.sh
> ---
> /usr/jails/pfsense/home/pfsense/pfSense/usr/local/bin/logoutuser.sh
> Thu Jan 1 01:00:00 1970
> +++ pfSense/usr/local/bin/logoutuser.sh Sun Feb 25 18:36:57 2007
> @@ -0,0 +1,17 @@
> +#!/bin/sh
> +# MPD adaptation script for loguser.sh
> +# will call loguser.sh with the proper parameters
> +
> +loguser="/usr/local/bin/loguser.sh"
> +
> +# grab parametres from commandline
> +user=$3
> +iface=$1
> +clientip=""
> +
> +if [ -z "$user" ] ; then
> + echo "Usage: logoutuser.sh <iface> <proto> <auth-name>"
> + exit ;
> +fi
> +
> +$loguser logout $user $iface $clientip
> diff -NrU 3
> /usr/jails/pfsense/home/pfsense/pfSense/usr/local/bin/loguser.sh
> pfSense/usr/local/bin/loguser.sh
> --- /usr/jails/pfsense/home/pfsense/pfSense/usr/local/bin/loguser.sh
> Thu Jan 1 01:00:00 1970
> +++ pfSense/usr/local/bin/loguser.sh Sun Feb 25 19:42:49 2007
> @@ -0,0 +1,57 @@
> +#!/bin/sh
> +# Log ppp user in $ptmp file (/var/run/ptmp)
> +#
> +# Constructs a "Who" like file
> +# root ttyp0 Oct 25 08:39 (81.174.61.46)
> +
> +
> +ptmp="/tmp/ptmp"
> +ptmp_lck="/tmp/ptmp.lock"
> +tmpfile="/tmp/loguser.$$"
> +
> +# grab parametres from commandline
> +action=$1 # login / logout
> +user=$2
> +iface=$3
> +clientip=$4
> +
> +case ${action} in
> + cleanall)
> + rm -f $ptmp
> + rm -f $ptmp_lck
> + exit
> + ;;
> + who)
> + echo "Wangate pppoe server. Currently logged users. ver
> 1.0"
> + if [ -e $ptmp ] ; then
> + cat $ptmp
> + fi
> + exit
> + ;;
> +esac
> +
> +# Make sure no other logins are occuring
> +while [ -e $ptmp_lck ] ; do
> + sleep 1 ;
> +done
> +
> +case ${action} in
> + login)
> + echo $$ > $ptmp_lck
> + echo "${user} ${iface} ${clientip}" >> $ptmp
> + ;;
> + logout)
> + grep -v "^${user} ${iface}" $ptmp > $tmpfile
> + mv -f $tmpfile $ptmp
> + rm -f $tmpfile
> + ;;
> + *)
> + echo "Usage: loguser.sh <login|logout|cleanall>
> <username> <interface> <ipaddress>"
> + echo " login: log the user"
> + echo " logout: remove the user"
> + echo " who: dump logged users"
> + echo " cleanall: remove all lock files and
> logged users"
> + ;;
> +esac
> +
> +rm -f $ptmp_lck
>
