Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Initial Commit of FreeTheNet Fork

  • Loading branch information...
commit bb2ccdd2d8d0573c7b81add752698c101c81fd6f 0 parents
Joe Bowser authored
Showing with 13,504 additions and 0 deletions.
  1. +6 −0 AUTHORS
  2. +280 −0 COPYING
  3. +823 −0 ChangeLog
  4. +488 −0 FAQ
  5. +44 −0 Makefile.am
  6. +113 −0 NEWS
  7. +16 −0 README
  8. +51 −0 README.openwrt
  9. +65 −0 autogen.sh
  10. +105 −0 configure.in
  11. +14 −0 contrib/build-deb/changelog
  12. +15 −0 contrib/build-deb/control
  13. +74 −0 contrib/build-deb/rules
  14. +16 −0 contrib/build-openwrt-ipk/wifidog/Config.in
  15. +63 −0 contrib/build-openwrt-ipk/wifidog/Makefile
  16. +185 −0 contrib/build-openwrt-ipk/wifidog/files/wifidog.conf
  17. +3 −0  contrib/build-openwrt-ipk/wifidog/files/wifidog.init
  18. +1 −0  contrib/build-openwrt-ipk/wifidog/ipkg/wifidog.conffiles
  19. +8 −0 contrib/build-openwrt-ipk/wifidog/ipkg/wifidog.control
  20. +5 −0 contrib/dump_fw.sh
  21. +52 −0 doc/Makefile.am
  22. +37 −0 doc/README.developers.txt
  23. +1,294 −0 doc/doxygen.cfg.in
  24. BIN  doc/wifidog_firewall_diagram.dia
  25. +19 −0 libhttpd/Makefile.am
  26. +23 −0 libhttpd/README
  27. +1,046 −0 libhttpd/api.c
  28. +244 −0 libhttpd/httpd.h
  29. +83 −0 libhttpd/httpd_priv.h
  30. +224 −0 libhttpd/ip_acl.c
  31. +789 −0 libhttpd/protocol.c
  32. +23 −0 libhttpd/version.c
  33. +239 −0 scripts/init.d/wifidog
  34. +49 −0 src/Makefile.am
  35. +222 −0 src/auth.c
  36. +61 −0 src/auth.h
  37. +357 −0 src/centralserver.c
  38. +57 −0 src/centralserver.h
  39. +250 −0 src/client_list.c
  40. +94 −0 src/client_list.h
  41. +180 −0 src/commandline.c
  42. +33 −0 src/commandline.h
  43. +33 −0 src/common.h
  44. +944 −0 src/conf.c
  45. +201 −0 src/conf.h
  46. +71 −0 src/debug.c
  47. +38 −0 src/debug.h
  48. +421 −0 src/firewall.c
  49. +70 −0 src/firewall.h
  50. +644 −0 src/fw_iptables.c
  51. +74 −0 src/fw_iptables.h
  52. +555 −0 src/gateway.c
  53. +33 −0 src/gateway.h
  54. +394 −0 src/http.c
  55. +52 −0 src/http.h
  56. +75 −0 src/httpd_thread.c
  57. +33 −0 src/httpd_thread.h
  58. +232 −0 src/ping_thread.c
  59. +35 −0 src/ping_thread.h
  60. +110 −0 src/safe.c
  61. +56 −0 src/safe.h
  62. +540 −0 src/util.c
  63. +78 −0 src/util.h
  64. +327 −0 src/wdctl.c
  65. +43 −0 src/wdctl.h
  66. +394 −0 src/wdctl_thread.c
  67. +37 −0 src/wdctl_thread.h
  68. +194 −0 wifidog.conf
  69. +69 −0 wifidog.spec.in
6 AUTHORS
@@ -0,0 +1,6 @@
+$Id: AUTHORS 1103 2006-10-09 00:13:02Z acv $
+
+Philippe April <papril777@yahoo.com>
+Mina Naguib <webmaster@topfx.com>
+Benoit Gr�goire <bock@step.polymtl.ca>
+Alexandre Carmel-Veilleux <acv@miniguru.ca>
280 COPYING
@@ -0,0 +1,280 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 675 Mass Ave, Cambridge, MA 02139, USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
823 ChangeLog
@@ -0,0 +1,823 @@
+# $Id: ChangeLog 1305 2007-11-01 20:04:20Z benoitg $
+2007-11-01 Benoit Gr�goire <bock@step.polymtl.ca>
+ * Apply portability patches by David Young <dyoung@pobox.com>. These have been reviewed, but not tested.
+
+2007-10-18 Benoit Gr�goire <bock@step.polymtl.ca>
+ * fw_iptables.c: From Philippe April: reverted change made in 1241 so we properly remove the entry from mangle.WiFiDog_Incoming when kicking out users, it was affecting statistics
+ * Update doxygen.cfg.in for latest version and to fix path ambiguity during make dist.
+ * Release 1.1.4
+
+2007-07-06 Benoit Gr�goire <bock@step.polymtl.ca>
+ * Makefile.am: Slight change in make ipk tagrget. It seems that sometimes builddir isn't defined. srcdir works just as well in this case.
+
+2007-06-27 Benoit Gr�goire <bock@step.polymtl.ca>
+ * util.c: Fix while loop initialisation bug
+ * conf.h: Forgot to change the value of NUM_EXT_INTERFACE_DETECT_RETRY to actually make it wait forever.
+ * Remove hardcoded authserver paths. Can now be defined in the config file (auth server section).
+ * Centralise browser redirect code to simplify code
+ * Add manual logout URL, based in part on work by David Bird
+ * Release 1.1.3 final
+
+2007-06-24 Benoit Gr�goire <bock@step.polymtl.ca>
+ * Close #321: Make the Gateway retry forever if it cannot find it's interface. You never know when someone may finally replug the network cable or something...
+ * Close #332: Apply patch from Laurent Marchal. biguphpc<AT>gmail<DOT>com
+ * fw_iptables.c: Fix error in iptables_fw_access(). Rules were created as ACCEPT instead of DROP
+ * firewall.c: Fix bug in fw_sync_with_authserver(). The traffic for the validation period of a user who validated his account while connected wouldn't get counted.
+ * doc/wifidog_firewall_map.dia: At long last, full documentation of the firewall. We would have avoided a lot of stupid mistakes if we produced that sooner.
+ * Release 1.1.3_rc1
+
+2007-05-24 Benoit Gr�goire <bock@step.polymtl.ca>
+ * wdctl_thread.c: Fix #324, again. Credit goes to Medea, I misunderstood his instructons.
+ * From David Bird <david@coova.com> libhttpd/: Fix #266 - don't process query string parameters and keep them in that request.path.
+
+2007-05-18 Benoit Gr�goire <bock@step.polymtl.ca>
+ * wdctl_thread.c: Fix #324
+
+2007-04-26 Benoit Gr�goire <bock@step.polymtl.ca>
+ * wifidog.conf: Improve comments and add examples of blocking access to the upstream LAN.
+
+2007-04-26 Benoit Gr�goire <bock@step.polymtl.ca>
+ * conf.h: The DEFAULT_CHECKINTERVAL was 5 instead of 60 (as stated in the config file) which caused huge needless load on the auth servers, and needless ping traffic towards the clients if it wasn't manually set.
+
+2007-04-09 Benoit Gr�goire <bock@step.polymtl.ca>
+ * Makefile.am: Slight path fix when using building make ipk. Tell me if you have trouble with this
+
+2007-01-06 Benoit Gr�goire <bock@step.polymtl.ca>
+ * contrib/ Add contrib dir to collect the scripts and other code distributed with, but not really part of wifidog.
+ * Include the scripts used to build a ipkg on Openwrt RC6 and 0.9
+ * Modify the build system to finally be able to build wifidog directly from the wifidog directory using the same files
+ used to make the official .ipk, without having to copy ANYTHNG to the openwrt SDK.
+ At last, there is now a new target: make ipk make ipk OPENWRTSDK=path_to_openwrt_sdk
+ * ipk/ Removed the obsolete OpenWRT RC4 scripts
+ * README.openwrt: Update
+ * scripts/openwrt/ remove obsolete dir.
+ * contrib/dump_fw.sh: Convenience script for firewall debugging.
+
+2007-01-06 Benoit Gr�goire <bock@step.polymtl.ca>
+ * Documentation update in the code
+ * Released 1.1.3_beta6
+
+2006-10-26 Benoit Gr�goire <bock@step.polymtl.ca>
+ * src/conf.h: Fix #238 by using $sysconfdir to compute the default config-file location.
+
+2006-10-08 Alexandre Carmel-Veilleux <acv@miniguru.ca>
+ * Changed my email in a few files.
+ * Broken down some printf's on multiple lines.
+ * Added comments.
+
+2006-09-14 Benoit Gr�goire <bock@step.polymtl.ca>
+ * src/util.c, src/conf.h: Fix autodectection of the External interface if not specified in the config file. If the interface (typically pppoe) wasn't yet fully up when wifidog starts, wifidog would stop every connection from going trough. It will now retry every second for up to two minutes, and then exit with a fatal error if it can't successfully detect it.
+
+2006-02-23 Philippe April <philippe@ilesansfil.org>
+ * src/fw_iptables.c:
+ * Changed order in the filter.FORWARD chain
+ * Added TCPMSS rule
+ * Fixed deleting the rules on shutdown
+ * Fixed wdctl reset problem
+ * Released 1.1.3_beta4
+
+2006-02-06 Benoit Gr�goire <bock@step.polymtl.ca>
+ * src/fw_iptables.c: Fix deleting the rules on shutdown.
+
+2006-01-31 Benoit Gr�goire <bock@step.polymtl.ca>
+ * Release 1.1.3_beta2
+
+2006-01-31 Benoit Gr�goire <bock@step.polymtl.ca>
+ * src/fw_iptables.c: Add the global ruleset to the nat table to fix #65.
+ Add the table parameter to iptables_load_ruleset() and iptables_compile
+ * libhttpd/protocol.c: Fix pointer type mismatch
+ * src/conf.c,h: Remove deprecated option AuthServMaxTries (which was already ignored anyway.
+
+2006-01-23 Benoit Gr�goire <bock@step.polymtl.ca>
+ * src/conf.h: Fix the value of DEFAULT_AUTHSERVPATH and completely wrong code comment. Not the default indicated in the config file and the define are in sync.
+
+2006-01-17 Mina Naguib <mina@ilesansfil.org>
+ * Ingisgnificant cleanup of CVS artifacts after svn migration
+
+2005-11-24 Philippe April <philippe@ilesansfil.org>
+ * Bad idea
+
+2005-11-01 Max Horvath <max.horvath@maxspot.de>
+ * Added .project to .cvsignore
+
+2005-11-01 Philippe April <philippe@ilesansfil.org>
+ * Added OPTIONS section in wifidog-init (example: enable syslog)
+
+2005-10-09 Philippe April <philippe@ilesansfil.org>
+ * Changed html pages, added info to wdctl status
+
+2005-10-07 Philippe April <philippe@ilesansfil.org>
+ * Released 1.1.3_beta1
+
+2005-10-03 Philippe April <philippe@ilesansfil.org>
+ * libhttpd: Fixed two bugs parsing the GET query string making wifidog segfault
+
+2005-09-24 Mina Naguib <mina@ilesansfil.org>
+ * New wdctl command "restart" which will get wifidog to restart itself
+ while preserving the existing clientlist. Perfect for 0-downtime
+ upgrading!
+ * safe.c: New safe_fork that croaks if the fork fails, also takes care of
+ closing some global file descriptors for the child
+ * debug.c: Now also logs the PID as part of every entry
+ * gateway.c: Handler for SIGCHLD now waitpid()s with WNOHANG flag to prevent deadlock
+ when the handler is called and another wait() or waitpid() is used
+ * util.c: execute() now uses waitpid() instead of wait() to reap only the child
+ it fork/executed
+ * Extra debugging entries throughout code
+
+2005-09-24 Mina Naguib <mina@ilesansfil.org>
+ * conf.c: Pre-emptive bugfix - harsh lockdown of parsing trusted MAC
+ addresses from config file
+
+2005-09-24 Philippe April <philippe@ilesansfil.org>
+ * (finally) Added {Saul Albert,Jo Walsh,Schuyler}'s patch (thank you!) to send
+ the GW interface's mac address as the node_id if no node_id is specified. It allows
+ the use of generic configuration files without the need to hardcode the
+ node_id in.
+ * Added TrustedMACList configuration variable which allows specifying
+ MAC addresses which are allowed to go through without authentication.
+ * Updated OpenWrt instructions.
+
+2005-09-08 Philippe April <philippe@ilesansfil.org>
+ * Added compile instructions and installation for OpenWrt Whiterussian-rc2
+ * Released 1.1.2
+
+2005-05-30 Mina Naguib <mina@ilesansfil.org>
+ * New wdctl command "restart" which will get wifidog to restart itself while preserving the existing clientlist. Perfect for 0-downtime upgrading!
+ * safe.c: New safe_fork that croaks if the fork fails, also takes care of closing some global file descriptors for the child
+ * debug.c: Now also logs the PID as part of every entry
+ * gateway.c: Handler for SIGCHLD now waitpid()s with WNOHANG flag to prevent deadlock when the handler is called and another wait() or waitpid() is used
+ * util.c: execute() now uses waitpid() instead of wait() to reap only the child it fork/executed
+ * Extra debugging entries throughout code
+
+2005-05-24 Mina Naguib <mina@ilesansfil.org>
+ * wdctl.c: Minor bugfix pointed out by David Vincelli: When an invalid
+ command is given to wdctl, the error message showed "Invalid command:
+ wdctl" instead of the actual command supplied
+
+2005-05-23 Philippe April <philippe@ilesansfil.org>
+ * Released 1.1.2_pre1
+
+2005-05-23 Mina Naguib <mina@ilesansfil.org>
+ * fw_uptables.c: When appending call to chain WiFiDog_Outgoing from
+ nat.prerouting, add it via -A (at end) instead of -I 1 (at beginning) to
+ allow for existing nat forwarding.
+
+2005-05-16 Mina Naguib <mina@ilesansfil.org>
+ * centralserver.c: read()s from central server in auth_server_request() are
+ now timed-out (via select). This is hopefully a bugfix to the
+ thread-freezing problem.
+
+2005-05-06 Mina Naguib <mina@ilesansfil.org>
+ * Bugfix non-RFC compliant HTTP requests using \n instead of \r\n as line
+ terminations as per email from ludocornut@users.sourceforge.net
+
+2005-04-28 Philippe April <philippe@ilesansfil.org>
+ * Released 1.1.2_beta2
+
+2005-04-28 Mina Naguib <mina@ilesansfil.org>
+ * wifidog.conf: Make the default ruleset for validating users = allow all
+ (except sending SMTP)
+
+2005-04-20 Philippe April <philippe@ilesansfil.org>
+ * fw_iptables.c: Insert ourselves at the end of filter.FORWARD instead of
+ at the beginning since important FW instructions are located there on the
+ WRT54Gs when used with some DSL providers and we never execute them
+ otherwise.
+ * Released 1.1.2_beta1
+
+2005-04-03 Philippe April <philippe@ilesansfil.org>
+ * Fixed issue with FAQ
+ * ipkg/rules: If autogen.sh doesn't exist, it's ok. 'configure' will.
+
+2005-04-01 Philippe April <philippe@ilesansfil.org>
+ * Duplicated auth server list in NAT table to fix the issue
+ of using an auth server on port 80, since port 80 was being systematically
+ redirected to 2060 otherwise.
+ * Released 1.1.1
+
+2005-03-29 Mina Naguib <mina@ilesansfil.org>
+ * Added FAQ document copied from wiki
+
+2005-03-22 Philippe April <philippe@ilesansfil.org>
+ * Released 1.1.0
+
+2005-03-20 Mina Naguib <mina@ilesansfil.org>
+ * More verbose debugging output
+
+2005-03-12 Mina Naguib <mina@ilesansfil.org>
+ * More debugging output
+ * Document ugly hack involving tid_fw_thread
+ * SIGPIPE now ignored (as it's comment said) instead of being sent to the
+ handler for SIGCHLD
+ * Bugfix firewall destruction not happening from termination handler - had
+ to move explicit thread kills after, not before, firewall destruction
+
+2005-03-11 Mina Naguib <mina@ilesansfil.org>
+ * If external interface was unspecified in the conf file, try to determine
+ it from the default route
+ * If external interface is known, specify it in the trigger rule in
+ nat.PREROUTING to prevent the rule from matching traffic inbound to the
+ router itself. This should fix the issue raised by Philippe and Pascal on
+ the mailing list
+ * Bugfix: UNDO ABOVE 2 ITEMS. Aparently you cannot use the "-o" iptables
+ option in nat.PREROUTING which makes knowing external_interface useless
+ * Added new chain in nat.PREROUTING that explicitly allows all traffic to
+ the router's internal IP from the internal interface, effectively
+ addressing the same above problem
+
+2005-03-07 Mina Naguib <mina@ilesansfil.org>
+ * auth.c: Got rid of legacy _http_output and _http_redirect - replaced them
+ with libhttpd functions and http_wifidog_header/http_wifidog_footer
+ * auth.c: When re-directing to auth server now respects SSL setting instead
+ of always http+port 80
+ * auth.c: Better debugging output of what it's doing when it acts on auth
+ server response
+ * A little bit more care with buffers and their sizes
+ * Minor whitespace tweaking and a couple of internal doc typo fixes
+
+2005-03-06 Mina Naguib <mina@ilesansfil.org>
+ * Check return values of pthread_create
+ * Internal documentation touch-ups
+ * auth.c: Bugfix invalid http header sent by _http_output
+ * Bugfix traffic counter read from iptables as long int instead of long
+ long int
+ * Minor insignificant code touch-ups:
+ * Replace pthread_mutex_lock/unlock calls with appropriate
+ LOCK_FOO/UNLOCK_FOO macros for consistency
+ * Lock first before using some variables, not after
+ * Indentation adjustments
+
+2005-03-04 Mina Naguib <mina@ilesansfil.org>
+ * Bugfix huge uptime pointed out to be by Philippe - was caused when the
+ date is set (with ntpclient for example) after wifidog starts
+ * Beautified "Uh oh!" apology screens and redirection screen
+
+2005-03-02 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Ifdef'd out the bits that are Linux specific if __linux__ is not
+ defined.
+
+2005-03-01 Mina Naguib <mina@ilesansfil.org>
+ * Minor visual tweaks to the web interface
+
+2005-03-01 Philippe April <philippe@ilesansfil.org>
+ * Tagged v1_1_0_beta3
+
+2005-02-28 Mina Naguib <mina@ilesansfil.org>
+ * Do not update the last_updated field on incoming traffic - update it on
+ outgoing traffic only. This should be a much more reliable indication of
+ client no longer being there
+ * WifiDog status is now viewable with a web browser at
+ http://ip:port/wifidog/status
+ * Added new web hook for http://ip:port/wifidog
+ * Beautified web interface at http://ip:port/wifidog/*
+
+2005-02-24 Mina Naguib <mina@ilesansfil.org>
+ * auth_server_request now returns AUTH_ERROR on error instead of AUTH_VALIDATION_FAILED
+ * centralserver.c: Fix typo (was =+, made it +=) that made the response
+ from the auth server corrupted in memory if the entire response would not
+ fit in 1 packet and retrieved with 1 read() call
+ * Better logging of details and calling of mark_* (auth+online/offline)
+
+2005-02-22 Philippe April <philippe@ilesansfil.org>
+ * Tagged v1_1_0_beta2
+
+2005-02-20 Mina Naguib <mina@ilesansfil.org>
+ * New safe.c with safe_malloc, safe_strdup, safe_asprintf and
+ safe_vasprintf with propper logging and exit when error. Replaced all
+ instances of original with safe versions in all files
+ * Fix memory leak in iptables_fw_counters_update
+ * Partial merge from CaptiveDNS branch: Consolidated much of the networking
+ calls to the auth servers into a magical function called connect_auth_server()
+ that's responsible for dns lookup, connecting, marking servers bad, marking
+ online/auth_online, and refreshing the firewall rules.
+ * Partial merge from CaptiveDNS branch: Added new functions mark_auth_online(),
+ mark_auth_offline() and is_auth_online() - similar in nature to is_online()
+ etc. except tailored to decide on auth servers status - currently being called by
+ connect_auth_server()
+ * Partial merge from CaptiveDNS branch: Different apology in 404 handler
+ depending on whether internet is down or just auth server is down
+ * Partial merge from CaptiveDNS branch: wdctl status now shows status of
+ is_online and is_auth_online
+ * Fixed several inconsistencies regarding the parity and size of
+ incoming/outgoing counters. Standardized on "unsigned long long int" in
+ declarations and *printf/*scanf formats
+
+2005-02-16 Philippe April <philippe@ilesansfil.org>
+ * ipkg/rules - When we clean, forgot to delete ipkg-build-stamp
+
+2005-02-15 Mina Naguib <mina@ilesansfil.org>
+ * Now also reports wifidog_uptime when it pings the server, as well as
+ shows it in wdctl status
+
+2005-02-13 Mina Naguib <mina@ilesansfil.org>
+ * Completely re-did the iptables rules. Most of the rules are now in the
+ filter table instead of the nat table. Also DROPs are now replaced with
+ REJECTs to help tell the user connection refused instead of endless pauses
+ * Bugfix: Traffic from client to router was counted twice in the "outgoing"
+ bytecount since it increased both counters in mangle.* and filter.* - Got
+ rid of TABLE_WIFIDOG_WIFI_TO_GW completely since it's unneeded
+
+2005-02-12 Mina Naguib <mina@ilesansfil.org>
+ * Stricter format rules for all *scan* functions hunting for IPs and MAC addresses
+ * fw_iptables.c: Make sure scanned IP address is a valid IP address
+ * firewall.c: Fix memory leak in arp_get
+ * libhttpd/protocol.c: Abort connection if read non-ascii from client. This
+ is often a telltale sign of a program such as skype using port 80 for
+ non-http requests - this therefore ends the thread as early as possible
+ instead of having it lay around for a while trying to get a valid http
+ request and taking up resources
+ * ping_thread.c: When pinging auth server now also sends sys_uptime, sys_memfree
+ and sys_load
+ * -v commandline option now shows wifidog version
+
+2005-02-11 Philippe April <philippe@ilesansfil.org>
+ * Tagged v1_1_0_beta1
+
+2005-02-11 Philippe April <philippe@ilesansfil.org>
+ * Fixed a bug in counting the traffic between client and gateway
+ * Alpha8
+
+2005-02-04 Mina Naguib <mina@ilesansfil.org>
+ * Partially bugfix apology when offline
+ * ipkg/rules: More tweaking to make it build nicely with recent openwrt
+ buildroots
+
+2005-02-03 Mina Naguib <mina@ilesansfil.org>
+ * Keep track of last times we successfully & unsuccessfully spoke to the
+ auth server/used DNS. Then, if we know we're not online, show a little
+ apology to the user instead of re-directing them to the auth server.
+ * ipkg/rules: Added some extra version detection to auto-detect versions
+ of kernel, iptables and ipkg-utils instead of having them hardcoded. This
+ makes creating ipkg's work with different OpenWRT releases
+ * fw_iptables.c: Fixed memory leak caused by not freeing return from
+ iptables_compile in iptables_load_ruleset
+ * http.c: Deleted unused call to client_list_find
+ * http.c: /about URL now shows wifidog version
+ * Cosmetic typo fixes
+
+2005-02-03 Philippe April <isf_lists@philippeapril.com>
+ * Ping the users everytime we check their counters, that way we keep them
+ alive
+ * Optional ExternalInterface
+ * Optional GatewayAddress (we discover it. finally.)
+ * We check for the traffic from the clients to the firewall, to catch the
+ traffic the icmp ping is generating
+ * Fixed bug where we were doing the opposite of what desired when checking if authentication server was alive
+ * Bumped to alpha7
+
+2005-01-23 Philippe April <isf_lists@philippeapril.com>
+ * wdctl status will return the auth servers in the linked list
+ * We'll now forward to the auth server to display the used-to-be-ugly
+ messages like "go ahead and validate your account you have 15 minutes"
+ * Bumped to alpha6
+
+2005-01-06 Philippe April <philippe@philippeapril.com>
+ * fw_iptables.c: Changed REJECT to DROP for the end of the table Unknown,
+ REJECT doesn't seem to be available in the NAT table.
+ * fw_iptables.c: Indented things
+ * fw_iptables.c Fix: Created the authservers table at the beginning and destroy
+ at exit time only to avoid recreating it everytime
+ * Bumped to alpha5
+
+2005-01-05 Philippe April <philippe@philippeapril.com>
+ * Typo, fixed some spaces (mostly esthetic)
+ * Bumped to alpha4
+
+2004-12-19 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * src/fw_iptables.c: Tweak of auth_server firewall rule setting
+ code. (and promptly undone, fixing the cause is better then
+ fixing the symptom)
+ * src/conf.c: NULL-fill auth_server struct so that
+ auth_server->last_ip always equals NULL when first filled.
+
+2004-12-16 Benoit Gr�goire <bock@step.polymtl.ca>
+ * src/fw_iptables.c: Display iptables command that is run in debug mode.
+
+2004-12-07 Benoit Gr�goire <bock@step.polymtl.ca>
+ * src/firewall.c: Fix reversed incoming and outgoing connections in statistics code
+ * bump version to alpha3
+
+2004-11-29 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * wifidog.conf: Fixed firewall rule bug.
+ * src/fw_iptables.c: Unknown user default block rule not "REJECT"
+ instead of "DROP"
+
+2004-11-23 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * src/conf.c: Fixed a NULL pointer dereference in get_ruleset().
+
+2004-11-22 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * libhttpd/api.c: Fix leak in HttpdEndRequest().
+ * src/ping_thread.c: Fix auth_server IP change code with latest
+ from previous branch.
+ * src/conf.h: Same as above.
+ * src/fw_iptables.c: Same as above.
+ * src/conf.[ch]: Firewall rule set parsing code.
+ * wifidog.conf: Default firewall rule set defined.
+ * src/fw_iptables.[ch]: Firewall rule set enacting code.
+ * configure.in: bumped version to 1.1.0-alpha2
+
+2004-11-18 Benoit Gr�goire <bock@step.polymtl.ca>
+ * src/ping_thread.c: Merge phil's bug fixes from stable branch
+ * ipkg/rules: Merge phil's bug fixes from stable branch
+ * configure.in: Set version to 1.1.0alpha
+
+2004-11-18 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * src/fw_iptables.[ch]: Merged in Phil's patch.
+ * src/*: Added ping_thread hooks to reset authserver table in the
+ firewall if it notices the auth_servers changing IPs.
+
+2004-11-17 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * libhttpd/*: libhttpd has been taken behind the shed and shot in
+ the back of the head. The replacement separates the request struct
+ from the server struct. It's thread safe if none of OUR threads
+ write to server.
+ * src/*: All the changes to handle the new libhttpd and also to
+ move over to a worker thread system. http_callback_auth() no
+ longer spawns a thread either.
+ * *: this update preceded by a cvs tag PRE_NEW_LIBHTTPD.
+ * *: You want to check the mailing list archive also.
+
+2004-11-10 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * libhttpd/protocol.c: select() based timeout.
+
+2004-10-31 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * configure.in: bumped version number to "1.0.2-pre1" since we
+ already have ile sans fil hot spots advertising "1.0.1".
+
+2004-10-30 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * src/ping_thread.c: asynch read(). fixed bug in byte counting.
+
+2004-10-29 Philippe April <philippe@philippeapril.com>
+ * ipkg/rules: added conffiles so it does not overwrite config files
+
+2004-10-29 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * src/ping_thread.c: Much new debugging information
+ * multiple files: Logging for all mutexes
+
+2004-10-28 Philippe April <philippe@philippeapril.com>
+ * ipkg/rules: building ipkg-tools before packaging
+
+2004-10-28 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * multiple files: Implemented a FirewallRule config command, it
+ doesn't actually do anything yet.
+ * libhttpd: #if 0'd out lots of request parsing code.
+ * libhttpd: changed URL parsing.
+
+2004-10-27 Philippe April <philippe@philippeapril.com>
+ * ipkg/rules: removed --build=mipsel from ./configure
+
+2004-10-26 Philippe April <philippe@philippeapril.com>
+ * ipkg/rules: sed -i is not standard, did a workaround.
+ * ipkg/rules: openwrt's buildroot has changed, modified ipkg
+ accordingly, please read README.openwrt
+
+2004-10-22 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * src/various: Added wd_gethostbyname, a thread-safe (serialized)
+ version of gethostbyname.
+
+2004-10-15 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * src/auth.c: Fixed hard coded port.
+
+2004-10-09 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * src/gateway.c: More logging on termination_handler.
+
+2004-10-08 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * src/wdctl_thread.c: Fix wdctl_status to return all connected
+ users.
+
+2004-10-07 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * src/conf.c: Fixed mark_auth_server_bad() for the case where there
+ is only one auth server.
+ * src/ping_thread.c: Added extra debugging.
+ * src/ping_thread.c: Fixed file descriptor leak.
+ * src/centralserver.c: Fixed many file descriptor leaks.
+ * src/centralserver.c: Failure of read() no longer fatal.
+ * src/centralserver.c: In case of failure, return from
+ auth_server_request() is no longer an undefined authresponse.
+ * src/util.c: Fixed typo in logging.
+ * src/wdctl_thread.c: Added logging when socket path is too long.
+ * src/debug.c: Debug now logs the time of an event.
+
+2004-08-30 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * wifidog.conf: Corrected an example
+ * README.openwrt: Typo fixed, editorial changes
+ * ChangeLog: Benoit's last update entry was set in the future ;-).
+ * All over src/: Compiled with -Wall and fixed all nagging.
+
+2004-08-30 Benoit Gr�goire <bock@step.polymtl.ca>
+ * Makefile.am: Add rpm target
+ * wifidog.spec.in: Rework spec file. Now works and include the init script
+ * ipkg/rules: Deal with the incomplete init.d system of the OpenWrt. Install scripts/init.d/wifidog as /usr/bin/wifidog-init, and call wifidog-init start from S65wifidog.
+ * scripts/openwrt/S65wifidog: Add file
+ * scripts/init.d/wifidog: Fix performance and protability problem. Make it chkconfig compliant. Test that chkconfig --add wifidog works (at least on mandrake)
+ * src/wdctl.c: Change some message, make sure wdctl return 0 unless there is an error.
+
+2004-08-30 Benoit Gr�goire <bock@step.polymtl.ca>
+ * README.openwrt: Documentation update
+ * Makefile.am: Make a ipkg target to ease WRT54G installation
+ * ipkg/rules: Add wdctl and the init.d script.
+ * Add BUILDROOT variable to the build system so we can use it when needed
+ * src/ping_thread.c: Have the server ping immediately on boot. Note that this will only help if the second server responds. The logic of the ping itself should be changed so it iterates in the list until it finds one that responds or exausts the list
+ * wifidog.conf: Add more doc, and (most) of ISF's default config in comments.
+ * Bump version in anticipation for release
+
+2004-08-29 Guillaume Beaudoin <isf@soli.ca>
+ * wifidog.spec.in: Changed prefix to match scripts/init.d/wifidog.
+ * debian/rules: Configuration and init.d file added.
+ * debian/control: Description and Depends field changed.
+ * Makefile.am: Added scripts directory and ipkg/rules file.
+
+2004-08-29 Pascal Leclerc <pascal@plec.ca>
+ * scripts/init.d/wifidog: Startup/shutdown script for Wifidog deamon
+
+2004-08-29 Guillaume Beaudoin <isf@soli.ca>
+ * wifidog.spec.in: Must be in decending chronological order.
+
+2004-08-29 Guillaume Beaudoin <isf@soli.ca>
+ * wifidog.spec.in: Remove some leftover from libOFX.
+ * Makefile.am: Include debian/* files.
+ * We should now be able to package .deb and .rpm from dist.
+
+2004-08-27 Benoit Gr�goire <bock@step.polymtl.ca>
+ * README.openwrt,src/conf.c,h: Documentation update
+ * src/gateway.c, src/ping_thread.c, src/wdctl.c, src/wdctl_thread.c: Fix linking problems related to errno.h and extern int errno
+
+2004-08-26 Pascal Leclerc <pascal@plec.ca>
+ * Makefile.am: Remove phpauth from EXTRA_DIST
+
+2004-08-25 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * src/auth.c: Path as changed in 1.26 was preceded by a /, the path already contains a / so it would yield http://host//path/
+
+2004-08-25 Benoit Gr�goire <bock@step.polymtl.ca>
+ * src/auth.c: Remove hardcoded path.
+
+2004-08-23 Benoit Gr�goire <bock@step.polymtl.ca>
+ * src/ping_thread.c: Send the gateway id to the central server during ping, so the server know which gateway checked in, and then knows for sure that it is up (well, once the server implements it...).
+
+2004-08-23 Benoit Gr�goire <bock@step.polymtl.ca>
+ * src/centralserver.c: Fix path for auth by appending /auth/ to auth_server->authserv_path. Wifidog works again.
+
+2004-08-20 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Debug output of all HTTP transactions and their responses.
+ * Changed ipkg to use wifidog.conf from the base tree
+ * Send url to central server for link back out
+
+2004-08-19 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Sort of fixed the hanging thread (with an explicit thread kill)
+ * Fixed ping code
+
+2004-08-13 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * All Auth Server configuration now handled by the "AuthServer"
+ directive.
+ * The "AuthServer" directive is now multi line.
+
+2004-08-11 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Added code to do heartbeat.
+ * Changed AuthServer yet again.
+
+2004-08-09 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * WiFiDog now can read multiple auth servers in its config file.
+ * Added functions to handle the auth servers list.
+ * WiFiDog can failover between servers for its internal requests.
+ * Firewall sets rules for all auth servers.
+
+2004-08-06 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * AuthservPath no longer mandatory in config file.
+
+2004-08-04 Philippe April <wifidog@philippeapril.com>
+ * Renamed iptables.[ch] to fw_iptables.[ch]
+
+2004-08-03 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Fixed broken sockaddr_un usage in wdctl.c and wdctl_thread.c
+
+2004-08-01 Benoit Gr�goire <bock@step.polymtl.ca>
+ * Delete everything in phpauth, it will now live in it's own module (wifidog-auth)
+
+2004-08-01 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Added wdctl facility
+
+2004-07-21 Philippe April <wifidog@philippeapril.com>
+ * Cleaned up the ipkg makefile
+ * Added makefile to build on Debian
+
+2004-07-19 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Build script for OpenWRT ipkg
+
+2004-07-06 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Added cache control to default error message returned.
+
+2004-07-05 Philippe April <papril777@yahoo.com>
+ * Fixed an endless loop in client_list_delete
+
+2004-06-10 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Added debugging to libhttpd so that httpdGetConnection() traces
+ its execution into ./httpdGetConnection.log. This should be removed
+ once it's no longer needed or put within #ifdef DEBUG's.
+
+2004-06-01 Philippe April <papril777@yahoo.com>
+ * Sending User-Agent header to central server
+
+2004-05-28 Philippe April <papril777@yahoo.com>
+ * Fixed bugs implemented after major changes
+
+2004-05-27 Benoit Gr�goire <bock@step.polymtl.ca>
+ * Massive Doxygen update in all files. IMPORTANT: The new convention is: @brief in the .h, long description and parameters in the .c
+ * Cleaned up some more issues in my notes taken at the formal review
+ * client_list.c,h: Make client_list_free_node() private, define and document client_list_mutex here
+ * config.c: Start the hunt for evil globals: Get rid of the config global
+ * doc/doxygen.cfg.in: Enable generation of internal doc, a few other tweaks
+ * Documentation now generates a TODO list and DEPRECATED list, please look at them
+
+2004-05-27 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Cleaned up all the issues brought forward in the code review
+ on 2004-05-26 at Benoit's. There are to many changes to list
+ individually.
+
+2004-05-15 Philippe April <papril777@yahoo.com>
+ * Commented out cookie handling in libhttpd because it segfaults if
+ you pass a particular formatting/buggy one
+
+2004-05-14 Philippe April <papril777@yahoo.com>
+ * Fixed crash when receiving SIGPIPE signal with write() would fail
+
+2004-05-13 Philippe April <papril777@yahoo.com>
+ * Advertise to the central server when we logged out a user
+
+2004-05-12 Philippe April <papril777@yahoo.com>
+ * Sending a "stage" when doing authentication for the server
+ to be able to know if it's a login, or just a counters update.
+
+2004-05-11 Philippe April <papril777@yahoo.com>
+ * Now tracking the hotspot id and ip in database
+
+2004-05-07 Philippe April <wifidog@philippeapril.com>
+ * Now we store both incoming and outgoing counters on server
+ and expire if no activity at all on both
+ * Changed the structure of nodes a little
+
+2004-05-07 Philippe April <wifidog@philippeapril.com>
+ * New parameter ExternalInterface
+ * Made possible to count inbound traffic by inserting new rules
+
+2004-05-07 Philippe April <wifidog@philippeapril.com>
+ * Cleaned up common.h from files
+
+2004-05-07 Philippe April <wifidog@philippeapril.com>
+ * Made iptables' tables DEFINEs instead of being hardcoded
+
+2004-05-07 Philippe April <wifidog@philippeapril.com>
+ * Fixed typo
+
+2004-05-06 Philippe April <papril777@yahoo.com>
+ * Cleanups and standardized things
+
+2004-05-06 Philippe April <papril777@yahoo.com>
+ * Cleanups in fw_counter function
+
+2004-05-05 Philippe April <papril777@yahoo.com>
+ * Calling iptables directly instead of using shell scripts
+ for fw_init, fw_destroy and fw_allow/fw_deny
+ * Removed shell script for fw.counters
+ * Fixed memory leaks
+ * Moved most of the iptables-specific (all but the counters)
+ to iptables.c to modularize a bit more
+ * Hack to allow deciding if we want FW calls' messages quiet or not
+
+2004-04-23 Philippe April <papril777@yahoo.com>
+ * Fixed a debug line
+
+2004-04-22 Philippe April <papril777@yahoo.com>
+ * Major changes, cleaned up code
+ * Changed the way firewall tags traffic
+
+2004-04-21 Philippe April <papril777@yahoo.com>
+ * Changed fw.destroy so it cleans up more in a while loop
+
+2004-04-20 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * fixed expiration time
+
+2004-04-20 Philippe April <papril777@yahoo.com>
+ * A lot of changes regarding debugging facilities and added logging
+ to syslog
+ * Removed possibility to specify port on command line
+
+2004-04-19 Philippe April <papril777@yahoo.com>
+ * Changed some debugging severity
+
+2004-04-19 Benoit Gr�goire <bock@step.polymtl.ca>
+ * Properly integrate libhttpd into the source tree ;) Note that this will create a proper system wide shared library for libghttpd. Still to be done: 1- Store Mina's patch somewhere, in case we want to upgrade libhttpd. 2-Add configure option not to build httpd, and use an already installed one.
+
+2004-04-18 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Fixed pthread_cond_timedwait. The mutex needed to be locked as
+ per the POSIX spec, yet Linux or Mac OS X don't care...
+ * Fixed the double SIGTERM handler on Linux...
+
+2004-04-17 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Added work around for uClibc bug in auth.c
+
+2004-04-17 Philippe April <papril777@yahoo.com>
+ * Fixed firewall scripts to make them standard and some firewall functions
+
+2004-04-17 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Updated documentation in firewall.c
+
+2004-04-17 Philippe April <papril777@yahoo.com>
+ * Fixed path returning to gateway in phpauth/login/index.php
+
+2004-04-16 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Merged in libhttpd into the source tree
+
+2004-04-16 Philippe April <papril777@yahoo.com>
+ * Fixed CRLF/formatting in phpauth/login/index.php
+ * Added some documentation for firewall.c, commandline.c
+ * Removed an unnecessary line dist_sysconf_DATA from Makefile.am
+
+2004-04-15 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Changed the locking mechanism, now all access to t_node * structs
+ are properly protected.
+
+2004-04-15 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Connection now closed if counter hasn't change for one full
+ period.
+
+2004-04-14 Philippe April <papril777@yahoo.com>
+ * Fixed shell script hardcoded interface
+
+2004-04-14 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Existing IPs are logged off when they're authenticated again.
+
+2004-04-14 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Fixed clean up so it happens at the right time.
+
+2004-04-14 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Major retooling of insert_userclass(), fixed seg fault.
+ * The program now works as advertised.
+
+2004-04-14 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Switched to threads. Alpha quality build, at best
+
+2004-04-12 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Changed child return value handling, again. Now it's actually
+ using the real value instead of the flag.
+ * The http.c authentication code now closes the http connection
+ from the user.
+
+2004-04-11 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Added extra debugging information.
+ * Fixed return value handling in debugging calls.
+
+2004-04-11 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Removed duplicates signal handling hooks
+ * Additional comments in SIGCHLD handler
+
+2004-04-11 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Node find if's expressions changed
+
+2004-04-11 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * SIGCHLD Handler initializaed outside of deamon mode now.
+
+2004-04-11 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Very large modification. The entire architecture has been reworked
+ so that authentications to the central server are performed in a
+ fork()'d child process and the exit code from that child is then
+ used to set the User Class of the connection.
+ * The UserClasses (global definitions) and Rights (per connection)
+ have been integrated.
+
+2004-03-16 Mina Naguib <minaguib@users.sourceforge.net>
+ * Changed HTTP server tasks to be handled by libhttpd - merged
+ incorporate_libhttpd branch
+
+2004-03-13 Philippe April <papril777@yahoo.com>
+ * Modified the way firewall scripts are called so we can configure
+ them in the config file (a bit more modular than it was)
+ * Added simple linked list to keep track of clients and to
+ keep a counter of the utilization and send it to the auth server
+ * Fixed CRLF/formatting in phpauth/auth/index.php
+ * Hacked phpauth/auth/index.php to handle very basic utilization tracking
+
+2004-03-12 Philippe April <papril777@yahoo.com>
+ * Changed all perror()s into debug()s and added errno.h to common.h
+
+2004-03-10 Philippe April <papril777@yahoo.com>
+ * Small fix to firewall.c so we don't define variables after
+ the function has started (so it builds on gcc-2.95)
+
+2004-03-09 Philippe April <papril777@yahoo.com>
+ * Major changes, not forking anymore for new connections, now using
+ select() instead. It will allow us to efficiently use a linked list to track
+ users and other things. It introduces some bugs and design issues but will
+ be better in the end.
+
+2004-03-09 Philippe April <papril777@yahoo.com>
+ * Small fix in the default.php login page
+ * exit() where the program was supposed to exit but wasn't when the
+ firewall could not be setup
+
+2004-03-09 Alexandre Carmel-Veilleux <acv@acv.ca>
+ * Tiny change to increase cross-platform compatibility. It can now build on OS X and it comes close to building on my old BSD box.
+
+2004-03-08 Benoit Gr�goire <bock@step.polymtl.ca>
+ * Initial CVS import. Integrate a standrad GNU build system and Doxygen to the build process. Add Doxygen and CVS headers, .cvsignores, etc. Note that the imported code is Philippe April (papril777 at yahoo.com)'s work. Tell me if I forgot anything. Please note that the paths in the src/fw* scripts are still hardcoded. Don't forget to update the ChangeLog file every commit and add doxygen comments to your code. Happy hacking.
+
488 FAQ
@@ -0,0 +1,488 @@
+#
+# $Id: FAQ 901 2006-01-17 18:58:13Z mina $
+#
+# The latest version of this document lives at:
+# http://www.ilesansfil.org/wiki/WiFiDog/FAQ
+#
+# Please check the above URL if you have a FAQ that does not appear here.
+#
+
+WiFiDog/FAQ
+
+The WiFi Dog Captive Portal Frequently Asked Questions
+
+ To alleviate the repetition on the [9][WWW] WiFiDog mailing list, and
+ to help people get started quickly, here are the FAQs:
+ 1. [10]The WiFi Dog Captive Portal Frequently Asked Questions
+ 1. [11]General questions
+ 1. [12]What is WiFiDog ?
+ 2. [13]Who makes WiFiDog ?
+ 3. [14]Who can use WiFiDog ?
+ 4. [15]Who currently uses WiFiDog ?
+ 5. [16]What can it do ?
+ 6. [17]What is it composed of ?
+ 7. [18]What are the main differences between it and NoCat ?
+ 8. [19]How does it work ?
+ 9. [20]What does it run on ?
+ 10. [21]Can I write my own client ?
+ 11. [22]Can I write my own auth server ?
+ 12. [23]What does it look like ?
+ 2. [24]The WiFiDog Client
+ 1. [25]What do I need ?
+ 2. [26]Pre-installation
+ 3. [27]Installation
+ 4. [28]Configuration
+ 5. [29]Running
+ 6. [30]Testing
+ 3. [31]The WiFiDog client on a linksys WRT54G
+ 1. [32]What do I need ?
+ 2. [33]Pre-installation
+ 3. [34]Installation
+ 1. [35]Introduction
+ 2. [36]Compiling a MIPS-friendly WiFiDog
+ 3. [37]Getting the new MIPS-friendly WiFiDog onto the
+ router
+ 4. [38]Actual installation
+ 4. [39]Configuration, Running and Testing
+ 5. [40]The intricate link between WiFiDog and OpenWRT
+ 6. [41]I am not comfortable with linux and don't know how
+ to do all this compiling stuff. Is there an easier way
+ for me to get the WiFiDog client running on a Linksys
+ WRT54G ?
+ 4. [42]The WiFiDog auth server
+ 1. [43]What do I need ?
+ 2. [44]Installation
+ 3. [45]Configuration
+ 4. [46]Testing
+
+General questions
+
+What is WiFiDog ?
+
+ [47]WiFiDog is software used to create wireless hotspots. It is a
+ next-generation alternative to [48][WWW] NoCat.
+
+Who makes WiFiDog ?
+
+ The technical team of [49]IleSansFil created and maintains
+ [50]WiFiDog.
+
+Who can use WiFiDog ?
+
+ On the legal/licensing front, anyone can use [51]WiFiDog. It is free
+ software released under the GPL license.
+
+ On the practical front, we would like the answer to also be
+ "everyone", however this would not be the truth. The main target user
+ base of [52]WiFiDog is network administrators, hotspot administrators
+ and hackers who "know what they're doing". Odds are that an average
+ windows user would not benefit from, or be able to correctly setup and
+ continually administer a [53]WiFiDog installation.
+
+ If the software ever reaches a point of complete point-and-click ease
+ that we feel average users can safely administer, we will update this
+ document.
+
+Who currently uses WiFiDog ?
+
+ The following companies, organizations, groups or persons are known to
+ use [54]WiFiDog on their hotspots:
+ * [55]IleSansFil
+ * [56][WWW] BC Wireless
+
+What can it do ?
+
+ See the [57]WiFiDog/FeatureList page for the feature list.
+
+What is it composed of ?
+
+ It is composed of 2 components:
+ 1. The client is a daemon process - this gets installed on every
+ wireless router
+ 2. The auth server is a web application - this gets installed in a
+ central location
+
+What are the main differences between it and NoCat ?
+
+ On the client side, it's smaller, has far fewer dependencies, and runs
+ well on embedded devices.
+
+ On the auth server side, it's more customizable, and is geared towards
+ capitalizing the infrastructure for the purposes of building portals
+ and communities.
+
+How does it work ?
+
+ The client daemon uses firewall rules to control traffic going through
+ the router. When a new user tries to access a web site, the client
+ will transparently re-direct them to the auth server where they can
+ either log-in or sign-up. The client and the auth server then
+ negotiate what to do with the client and either allow or deny them
+ certain network access.
+
+ The client also talks to the auth server every X minutes to update it
+ on vital statistics including uptime, load, traffic count per client,
+ and to let it know it's still there.
+
+ Refer to the [58]WiFiDog/FlowDiagram document for some more details.
+
+What does it run on ?
+
+ The client runs on any linux machine that has a working
+ netfilter+iptables installation.
+
+ The auth server runs on any PHP-enabled web server.
+
+Can I write my own client ?
+
+ Sure, but why ? We've done all the work. The client is written in C
+ and is extremely lightweight so that it runs comfortably in embedded
+ environments such as the [59][WWW] Linksys WRT54G router.
+
+ The client is time-tested and is fairly stable. It is used extensively
+ in [60][WWW] IleSansFil's deployed hotspots.
+
+Can I write my own auth server ?
+
+ Again, we've done all the work. However our auth server at the time of
+ this writing is not as polished as the client. Feel free to make it
+ better or write your own from scratch. If you go with the later option
+ you'll have to respect the same protocol the client uses for the whole
+ system to work correctly.
+
+What does it look like ?
+
+ The client is a daemon process that runs in the background. It looks
+ like zen, chi, the ether, zilch. It has no user interface.
+
+ The auth server is a web application that can be customized via
+ templates to look however you want it to look. To check out
+ [61]IleSansFil's auth server installation see [62][WWW]
+ https://auth.ilesansfil.org
+
+The WiFiDog Client
+
+What do I need ?
+
+ 1. Basic proficiency in a linux environment
+ 2. A linux OS with netfilter compiled into the kernel
+ 3. The iptables package
+ 4. The GNU C compiler (gcc). Other compilers may work, but we have
+ not tested and will not support them.
+ 5. The latest [63]WiFiDog tarball which can be obtained from
+ [64][WWW] SourceForge
+
+Pre-installation
+
+ This is where a lot of people run into problems, so let's state this
+ in bold:
+
+ MAKE SURE EVERYTHING WORKS FIRST BEFORE INTRODUCING [65]WiFiDog INTO
+ THE ENVIRONMENT
+
+ That especially means:
+ * The router must boot properly
+ * The router must bring up the interfaces properly
+ * The router must set up the routes properly
+ * The router must connect to the internet properly
+ * DNS settings must be set or obtained properly. DNS must work.
+ * DHCP settings (client, server or both) must be set or obtained
+ properly.
+ * If using NAT, the router must setup NAT/masquerading rules with
+ iptables properly
+ * Clients on the desired ([66]WiFi) network must be able to bind,
+ associate, lease and connect the internet properly
+ * All the above must happen automatically when the router starts or
+ gets rebooted
+
+ Do NOT proceed with installing [67]WiFiDog until you've satisfied the
+ above. It will not work otherwise and you will waste lots of time.
+
+Installation
+
+ [68]WiFiDog, like many open source projects, is distributed with
+ standard autotools utilities to make installation easy. Unpack the
+ tarball, then follow the standard:
+./configure
+make
+make install
+
+Configuration
+
+ Edit /etc/wifidog.conf and follow the instructions in the file. Things
+ should be self-explanatory.
+
+Running
+
+ For the first time, run [69]WiFiDog with the following switches:
+wifidog -f -d 7
+
+ -f means to run in foreground (do not become a background daemon)
+
+ -d 7 increases debug output level to the maximum
+
+Testing
+
+ As a client on the [70]WiFi network (or whatever interface is
+ configured as the LAN interface in /etc/wifidog.conf), open a web
+ browser and try to browse to your favourite web site.
+
+ Monitor the output of the running [71]WiFiDog to see what it's doing.
+
+The WiFiDog client on a linksys WRT54G
+
+ Due to the lightness of the [72]WiFiDog client it is often installed
+ inside the linksys WRT54G. There are some profound issues that arise
+ with this setup that it warrants its own section in this FAQ:
+
+What do I need ?
+
+ You will need to have basic/full proficiency in a linux environment
+
+ You need to re-flash your router with a hacker-friendly firmware
+ called [73][WWW] OpenWRT. [74][WWW] Follow the user guide on the
+ OpenWRT site to get this part done.
+
+ Do not proceed until you've completed the above. We also recommend you
+ spend some time familiarizing yourself with your new router's OS
+ before introducing [75]WiFiDog into that environment. This especially
+ includes the nvram settings, network interfaces and existing interface
+ bridges.
+
+Pre-installation
+
+ The same rules apply as the pre-installation in a non-WRT54G
+ environment above. Do not proceed until you've satisfied them. In
+ summary: Make sure EVERYTHING works first.
+
+Installation
+
+Introduction
+
+ Installation of the client on the WRT54G is a bit tricky. The space
+ limitations on the device mean there is no compiler in the OpenWRT
+ operating system. That means that you must compile the client on an
+ external machine then transfer the compiled form onto the router.
+
+ To complicate things more, if you compile your client regularly on a
+ standard x86 desktop the produced binary will not run on the router
+ due to the different type of processor (MIPS) on that router.
+
+ What is needed is called cross-compilation, In that scenario you use
+ an architecture (such as your x86 desktop) to produce binaries
+ explicitly designed to run on a different architecture (your MIPS
+ router).
+
+ The above was the bad news since it makes things sound complicated.
+ The good news is that it's not too complicated and we've built scripts
+ to make this a snap for you. As a matter of fact, you've already done
+ this before!
+
+ Remember when you followed the OpenWRT building instructions ? Without
+ knowing it, you already cross-compiled stuff! You used your desktop to
+ cross-compile an entire operating system for the MIPS architecture
+ which resulted in one compressed firmware image you installed on your
+ router.
+
+Compiling a MIPS-friendly WiFiDog
+
+ 1. Download the latest [76][WWW] WiFiDog tarball from sourceforge.
+ 2. Uncompress the tarball, enter the directory
+ 3. Run the following, replacing /usr/local/openwrt/ with wherever you
+ unpacked the OpenWRT tarball earlier:
+
+ipkg/rules BUILDROOT=/usr/local/openwrt/
+
+ You're done. If all is well you should now have a new file named
+ wifidog_1.1.0_mipsel.ipk (version number may be different depending on
+ the tarball you downloaded).
+
+Getting the new MIPS-friendly WiFiDog onto the router
+
+ The .ipk is a data file for the simple "ipkg/i-Package" package
+ manager already on your router. All that's needed now is to copy that
+ file onto your router. If you have installed the dropbear SSH daemon
+ package on your router you can use scp on your desktop to copy the
+ .ipk file to the router. Otherwise copy that file to any web server
+ you have access to, then use wget on the router to download the file
+ from the web server.
+
+ Either way, place the file in the /tmp/ directory on the router.
+
+Actual installation
+
+ Once you have the .ipk file on the router, use this command to install
+ it:
+ipkg install /tmp/wifidog_1.1.0_mipsel.ipk
+
+ Once that is successful delete the .ipk file from /tmp/ to free the
+ occupied memory.
+
+Configuration, Running and Testing
+
+ Same as the earlier section in a non-WRT54G environment
+
+The intricate link between WiFiDog and OpenWRT
+
+ Repeat after me:
+
+ A [77]WiFiDog RUNNING ON AN OpenWRT INSTALLATION MUST HAVE BEEN
+ COMPILED AGAINST THE SAME OpenWRT BUILDROOT USED TO CREATE THAT
+ INSTALLATION
+
+ What does that mean ?
+ 1. If you downloaded and compiled OpenWRT yourself, download and
+ compile [78]WiFiDog yourself against the same buildroot - Do not
+ use someone else's pre-compiled [79]WiFiDog
+ 2. If you downloaded a pre-compiled OpenWRT firmware image:
+ 1. Ask the person who built it to compile [80]WiFiDog for you
+ against the same buildroot
+ 2. Or ask them for a copy of their OpenWRT buildroot so you may
+ compile [81]WiFiDog against it
+
+I am not comfortable with linux and don't know how to do all this compiling
+stuff. Is there an easier way for me to get the WiFiDog client running on a
+Linksys WRT54G ?
+
+ You can use an OpenWRT and [82]WiFiDog compiled by someone else. They
+ must be compiled by the same person against the same OpenWRT
+ buildroot.
+
+ [83]IleSansFil makes it's own pair of OpenWRT images and [84]WiFiDog
+ .ipk compiled files available to the public:
+ * You can download a pre-compiled OpenWRT firmware image [85][WWW]
+ here
+ * And you can download a compatible [86]WiFiDog .ipk file [87][WWW]
+ here
+
+ Look in the [88][WWW] OpenWRT site for instructions on how to re-flash
+ your router with the firmware image (skip any download/building
+ instructions).
+
+ Then follow the above installation instructions for installing the
+ [89]WiFiDog .ipk file into the OpenWRT-flashed router.
+
+ Please note that the above saves you from the knowledge and time
+ needed to compile and produced these binary files. It is however no
+ magical cure for linux illiteracy. You need to be proficient enough in
+ a unix environment to be able to telnet/ssh into the router and
+ perform the outlined installation and configuration tasks. If you do
+ not feel comfortable doing this we advise you consult with someone who
+ is proficient in linux and networking.
+
+The WiFiDog auth server
+
+What do I need ?
+
+ Refer to [90]WiFiDog/AuthServerDoc
+
+Installation
+
+ Refer to [91]WiFiDog/AuthServerDoc
+
+Configuration
+
+ Refer to [92]WiFiDog/AuthServerDoc
+
+Testing
+
+ Refer to [93]WiFiDog/AuthServerDoc
+
+ last edited 2005-03-27 13:11:15 by [94]MinaNaguib
+
+References
+
+ 1. http://www.ilesansfil.org/wiki/FrontPage
+ 2. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=raw
+ 3. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print
+ 4. http://www.ilesansfil.org/wiki/WiFiDog
+ 5. http://www.ilesansfil.org/wiki/FindPage
+ 6. http://www.ilesansfil.org/wiki/TitleIndex
+ 7. http://www.ilesansfil.org/wiki/WordIndex
+ 8. http://www.ilesansfil.org/wiki/HelpOnFormatting
+ 9. http://listes.ilesansfil.org/
+ 10. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-b9d27a8844e66371abfbb27bf54669896d8bf4fa
+ 11. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-eb7dd5c81583187efb2d29ebc9ab2b6457417b13
+ 12. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-e05420efb19364f3fa0844223f1bcfc71be7db00
+ 13. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-80293173c84355ebeff2ecbfabaa32edb3c3ae75
+ 14. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-2aa554753e8b93818ba5ef190e67e401421931b9
+ 15. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-975f3574aa59265dd2b0c45ae96e90c98c8bc7d5
+ 16. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-dccf73ff2dcc305d6334dfd0ed90d1c4221b8a12
+ 17. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-ebd81c14ab1b66d6aada9fc399597b644e120036
+ 18. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-9b4c49acb692c6ba8bc2c0e43a991c5fc7b80220
+ 19. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-5aa44a01d2ff78d1e2b5240e0a6c75910d584a0e
+ 20. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-738ab14de6f62065ca3daf9dd3341bfcabc06223
+ 21. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-6059fbd6c262224baf06331fbe83f319ffe730fa
+ 22. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-e8131f271e42589291d507afd89d0c5d24f02ad1
+ 23. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-6a764a3be722e0ff8d1446586643ea57d70cd489
+ 24. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-a650736551182819fd6f742597362be729d9b70d
+ 25. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-57aaa0d1e21d38a7f5bedea65950c36b422cbbb6
+ 26. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-2b75ffe2445295c9982d0873d48e11d5cd89816e
+ 27. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-930f69b528374c4c55fc91b52e030deef8a93648
+ 28. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-4b221edbf4c2383afab601694f2db039700c21cc
+ 29. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-9fcf91fbcf4712b6de6d5b70e703192dd882afa8
+ 30. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-18cc26d84a97b42f3bc06af0203038062a8efb06
+ 31. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-8ba37f479842312562f131032bb11e4fb68942aa
+ 32. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-57aaa0d1e21d38a7f5bedea65950c36b422cbbb6-2
+ 33. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-2b75ffe2445295c9982d0873d48e11d5cd89816e-2
+ 34. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-930f69b528374c4c55fc91b52e030deef8a93648-2
+ 35. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-b6830b2e74230b45153f4fa98ee189d5748ec9f0
+ 36. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-78504516e51f8fc43cc111b9a8a41a85cb652fff
+ 37. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-92221794cfda95baa91352d087656f27754027d2
+ 38. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-2474f5bb689b7b06fc3334eb8e29a26ed60c4280
+ 39. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-37c9cfe0aa830fa8ef3e6f617bd3c741cca6947c
+ 40. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-1dee9a0f840701e6518a0763c48aef734d1996f8
+ 41. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-158e6f354a348c9374107d0a66a7f4c84603ba8a
+ 42. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-30106563831cfdb0840b05fa48e9194d7876f12e
+ 43. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-57aaa0d1e21d38a7f5bedea65950c36b422cbbb6-3
+ 44. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-930f69b528374c4c55fc91b52e030deef8a93648-3
+ 45. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-4b221edbf4c2383afab601694f2db039700c21cc-2
+ 46. http://www.ilesansfil.org/wiki/WiFiDog/FAQ?action=print#head-18cc26d84a97b42f3bc06af0203038062a8efb06-2
+ 47. http://www.ilesansfil.org/wiki/WiFiDog
+ 48. http://nocat.net/
+ 49. http://www.ilesansfil.org/wiki/IleSansFil
+ 50. http://www.ilesansfil.org/wiki/WiFiDog
+ 51. http://www.ilesansfil.org/wiki/WiFiDog
+ 52. http://www.ilesansfil.org/wiki/WiFiDog
+ 53. http://www.ilesansfil.org/wiki/WiFiDog
+ 54. http://www.ilesansfil.org/wiki/WiFiDog
+ 55. http://www.ilesansfil.org/wiki/IleSansFil
+ 56. http://www.bcwireless.net/
+ 57. http://www.ilesansfil.org/wiki/WiFiDog/FeatureList
+ 58. http://www.ilesansfil.org/wiki/WiFiDog/FlowDiagram
+ 59. http://www.linksys.com/products/product.asp?prid=508&scid=35
+ 60. http://auth.ilesansfil.org/hotspot_status.php
+ 61. http://www.ilesansfil.org/wiki/IleSansFil
+ 62. https://auth.ilesansfil.org/
+ 63. http://www.ilesansfil.org/wiki/WiFiDog
+ 64. http://sourceforge.net/projects/wifidog
+ 65. http://www.ilesansfil.org/wiki/WiFiDog
+ 66. http://www.ilesansfil.org/wiki/WiFi
+ 67. http://www.ilesansfil.org/wiki/WiFiDog
+ 68. http://www.ilesansfil.org/wiki/WiFiDog
+ 69. http://www.ilesansfil.org/wiki/WiFiDog
+ 70. http://www.ilesansfil.org/wiki/WiFi
+ 71. http://www.ilesansfil.org/wiki/WiFiDog
+ 72. http://www.ilesansfil.org/wiki/WiFiDog
+ 73. http://openwrt.org/
+ 74. http://openwrt.org/OpenWrtDocs
+ 75. http://www.ilesansfil.org/wiki/WiFiDog
+ 76. http://sourceforge.net/projects/wifidog
+ 77. http://www.ilesansfil.org/wiki/WiFiDog
+ 78. http://www.ilesansfil.org/wiki/WiFiDog
+ 79. http://www.ilesansfil.org/wiki/WiFiDog
+ 80. http://www.ilesansfil.org/wiki/WiFiDog
+ 81. http://www.ilesansfil.org/wiki/WiFiDog
+ 82. http://www.ilesansfil.org/wiki/WiFiDog
+ 83. http://www.ilesansfil.org/wiki/IleSansFil
+ 84. http://www.ilesansfil.org/wiki/WiFiDog
+ 85. http://www.ilesansfil.org/dist/openwrt/
+ 86. http://www.ilesansfil.org/wiki/WiFiDog
+ 87. http://www.ilesansfil.org/dist/wifidog/
+ 88. http://www.openwrt.org/
+ 89. http://www.ilesansfil.org/wiki/WiFiDog
+ 90. http://www.ilesansfil.org/wiki/WiFiDog/AuthServerDoc
+ 91. http://www.ilesansfil.org/wiki/WiFiDog/AuthServerDoc
+ 92. http://www.ilesansfil.org/wiki/WiFiDog/AuthServerDoc
+ 93. http://www.ilesansfil.org/wiki/WiFiDog/AuthServerDoc
+ 94. http://www.ilesansfil.org/wiki/MinaNaguib
44 Makefile.am
@@ -0,0 +1,44 @@
+# $Id: Makefile.am 1247 2007-07-06 13:31:58Z benoitg $
+
+SUBDIRS = libhttpd src . doc
+
+docdir = ${prefix}/share/doc/wifidog-@VERSION@
+
+doc_DATA = \
+ AUTHORS \
+ COPYING \
+ INSTALL \
+ NEWS \
+ README \
+ ChangeLog
+
+EXTRA_DIST = \
+ FAQ \
+ wifidog.spec.in \
+ wifidog.spec \
+ config \
+ scripts \
+ contrib \
+ wifidog.conf
+
+.PHONY: doc
+doc:
+ $(MAKE) -C doc doc
+
+.PHONY: ipk
+ipk: dist
+ make -C $(OPENWRTSDK) distclean
+ mkdir -p $(OPENWRTSDK)/dl
+ cp -f ${srcdir}/wifidog-@VERSION@.tar.gz $(OPENWRTSDK)/dl/
+ make -C ${srcdir}/contrib/build-openwrt-ipk/wifidog TOPDIR=$(OPENWRTSDK) PKG_MD5SUM= V=99
+ @echo DONE. If there were no errors, your package should be in: $(OPENWRTSDK)/bin/packages/
+.PHONY: rpm
+rpm: dist
+ cp ${builddir}wifidog.spec /usr/src/RPM/SPECS
+ cp ${builddir}wifidog-@VERSION@.tar.gz /usr/src/RPM/SOURCES
+ rpmbuild -ta ${builddir}wifidog-@VERSION@.tar.gz
+
+#clean-local:
+# echo "clean-local: " && pwd
+# rm -f /usr/src/RPM/SPECS/wifidog.spec
+# rm -f /usr/src/RPM/SOURCES/wifidog-@VERSION@.tar.gz
113 NEWS
@@ -0,0 +1,113 @@
+# $Id: NEWS 1303 2007-10-18 21:13:28Z benoitg $
+WiFiDog 1.1.4:
+ * Fix incorrect firewal rule deletion introduced in 1.1.3rc1. Caused the incoming byte count reported to be incorrect for users that logged in a second time on a gateway that wasn't restarted in between.
+
+WiFiDog 1.1.3:
+ * Fix incomplete change to make te gateway retry external interface forever.
+ * Remove hardcoded authserver paths. Can now be defined in the config file (auth server section).
+ * Add manual logout URL, based in part on work by David Bird
+
+WiFiDog 1.1.3rc1:
+ * Close #321: Make the Gateway retry forever if it cannot find it's interface. You never know when someone may finally replug the network cable or something...
+ * Close #332: Apply patch from Laurent Marchal. biguphpc<AT>gmail<DOT>com
+ * fw_iptables.c: Fix error in iptables_fw_access(). Rules were created as ACCEPT instead of DROP
+ * firewall.c: Fix bug in fw_sync_with_authserver(). The traffic for the validation period of a user who validated his account while connected wouldn't get counted.
+ * doc/wifidog_firewall_map.dia: At long last, full documentation of the firewall. We would have avoided a lot of stupid mistakes if we produced that sooner.
+ * Release 1.1.3_rc1
+ * Fix #324
+ * wifidog.conf: Improve comments and add examples of blocking access to the upstream LAN.
+ * conf.h: The DEFAULT_CHECKINTERVAL was 5 instead of 60 (as stated in the config file) which caused huge needless load on the auth servers, and needless ping traffic towards the clients if it wasn't manually set.
+ * contrib/ Add contrib dir to collect the scripts and other code distributed with, but not really part of wifidog.
+ * Modify the build system to finally be able to build wifidog directly from the wifidog directory using the same files
+ used to make the official .ipk, without having to copy ANYTHNG to the openwrt SDK.
+ There is now a new target: make ipk make ipk OPENWRTSDK=path_to_openwrt_sdk
+
+WiFiDog 1.1.3beta6:
+ -Fix bug #238 (config file location was hardcoded)
+ -Fix problem with autodectection of the External interface if the interface isn't fully up yet. wifidog wil now retry for up to two minutes.
+
+WiFiDog 1.1.3beta4:
+ -Changed ordering in the filter.FORWARD chain
+ -Added TCPMSS rule
+ -Fixed rules bieng left over on shutdown
+ -Fixed wdctl reset problem
+
+WiFiDog 1.1.3beta2:
+ -Fix bug #65 (Whitelisted servers would still splash on port 80
+ -Fix incorrect default value for Path in the AuthServer configuration
+ -Add more info to wdctl status
+
+WiFiDog 1.1.3beta1:
+ -Added patch by wireless London to use the GW interface's mac address as the node_id
+ if no node_id is specified. It allows the use of generic configuration files without
+ the need to hardcoding the node_id in.
+ -Added TrustedMACList configuration variable which allows specifying
+ MAC addresses which are allowed to go through without authentication.
+ -New wdctl command "restart" which will get wifidog to restart itself
+ while preserving the existing clientlist. Perfect for 0-downtime
+ upgrading!
+ -libhttpd: Fixed two bugs parsing the GET query string making wifidog segfault
+
+
+WiFiDog 1.1.2:
+ - Added some informations so it compiles on newer OpenWRT's (whiterussian-rc2)
+ - Fixed minor issue with wdctl
+ - Changed the iptables rules priority to allow existing NAT rules to work
+ - read()s from central server in auth_server_request() are
+ now timed-out (via select). This is hopefully a bugfix to the
+ thread-freezing problem.
+ - Bugfix non-RFC compliant HTTP requests using \n instead of \r\n as line
+ terminations as per email from ludocornut@users.sourceforge.net
+ - Firewall: make the default ruleset for validating users = allow all
+ (except sending SMTP)
+
+Fixed issue with FAQ
+
+WiFiDog 1.1.1:
+ - An auth server on port 80 will now work
+ - Added an FAQ
+
+WiFiDog 1.1.0:
+ - Changes:
+ - Visual tweaks in the web interface
+ - Internal code & documentation touch-ups
+ - More debugging output
+ - Bugfixes:
+ - Wrong reported uptime
+ - Invalid http header sent during redirection
+ - Mixed long/long long type for counter
+ - Respect SSL setting in auth server definition
+ - Explicitly allow traffic coming into the router
+ - SIGPIPE handling
+ - Firewall destruction not occuring on wifidog termination
+
+WiFiDog 1.1.0_beta3:
+ - Completely re-did the iptables rules. Most of the rules are now in the filter table instead of the nat table. Also DROPs are now replaced with REJECTs to help tell the user connection refused instead of endless pauses
+ - wdctl status will return more informations
+ - Some error messages are now displayed by the auth server (used to be done in a non-pretty way by wifidog)
+ - We now 'ping' authserver and detect when authservers are changing IPs
+ - Fixed memory leaks
+ - Incoming and outgoing counters were reversed
+ - More verbose debugging
+ - ICMP Ping the users everytime we check their counters to keep them alive
+ - Optional ExternalInterface
+ - Optional GatewayAddress
+ - /about URL now shows wifidog version
+ - Keep track of last times we successfully & unsuccessfully spoke to the auth server/used DNS. Then, if we know we're not online, show a little apology to the user instead of re-directing them to the auth server.
+ - When pinging auth server now also sends sys_uptime, sys_memfree and sys_load
+ - Bugfix: Traffic from client to router was counted twice in the "outgoing" bytecount since it increased both counters in mangle.* and filter.* - Got rid of TABLE_WIFIDOG_WIFI_TO_GW completely since it's unneeded
+ - Do not update the last_updated field on incoming traffic - update it on outgoing traffic only. This should be a much more reliable indication of client no longer being there
+ - WiFiDog status is now viewable with a web browser at http://ip:port/wifidog/status
+
+WiFiDog 1.0.2:
+ - Fix reversed incoming and outgoing connections in statistics reported to the auth server
+ - Will now gracefully handle auth servers changing IP adress.
+ - Fixes two bugs in byte counting. (Possible missed data, and incoming and outgoing were reversed.
+ - Fixed file descriptor leaks
+ - wdctl_status now returns all connected users.
+ - worked around sed -i not being available on all platform
+ - ipkg no longuer overwrites config file
+ - Several code changes in thread handling and libhttpd to fix occasional hangs.
+
+WiFiDog 1.0.0:
+ - Initial release
16 README
@@ -0,0 +1,16 @@
+#
+# $Id: README 935 2006-02-01 03:22:04Z benoitg $
+#
+
+The WiFi Guard Dog project is a complete and embeddable captive portal
+solution for wireless community groups or individuals who wish to open a
+free HotSpot while still preventing abuse of their Internet connection.
+
+The project's homepage is:
+ http://dev.wifidog.org/
+
+Mailing list interface:
+ http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
+
+The project's software is released under the GPL license and is copyright it's respective owners.
+
51 README.openwrt
@@ -0,0 +1,51 @@
+$Id: README.openwrt 1189 2007-03-12 20:44:11Z benoitg $
+
+OpenWRT specific README
+=======================
+
+So, you want to run wifidog on one of linksys' WRT wireless routers!
+
+OpenWRT is the embedded linux-gnu bundle that runs on the linksys wrt
+series routers.
+
+OpenWRT's home page is http://www.openwrt.org
+
+To build wifidog so that it may be run on the linksys wrt routers you
+must first obtain the OpenWRT toolchain. This toolchain is a set of
+compilers and other software development tools that will allow you,
+running on your intel/pentium/mac computer to compile and develop software
+that is to run on the mips based linksys wrt series routers, which is
+based on another computer cpu chip entirely.
+
+You have four options for building wifidog using the OpenWRT toolchain.
+
+1. get the prebuilt, minimal OpenWRT toolchain, and give the makefile it's path:
+ cd ~
+ wget http://downloads.openwrt.org/whiterussian/newest/OpenWrt-SDK-Linux-i686-1.tar.bz2
+ tar -jxvf OpenWrt-SDK-Linux-i686-1.tar.bz2
+ make ipk OPENWRTSDK=~/OpenWrt-SDK-Linux-i686-1/
+
+ If it works (!) you will have an ipkg file in $(OPENWRTSDK)/bin/packages/bin/packages/
+ You can then boot up your OpenWrt
+ router, copy the .ipk to it, and install it using the ipkg commands.
+
+ You should also make sure that the wifidog prereqs are already
+ installed on the router before you go to run wifidog. Note that the
+ package will check this for you.
+
+ The prereqs are:
+ * iptables command and modules mac, mark and MARK
+ * iptables kernel module mac
+ * libpthread
+
+ These are all packages you can install on your running OpenWrt router
+ using the ipkg commands. If the router is on the net, the ipkg
+ commands can download the packages from www.openwrt.org, just like
+ debian apt-get or fedora yum or up2date.
+
+---- How to integrate wifidog with the OpenWRT flash image build process ----
+
+Download the OpenWRT imagebuilder
+-Add the ipkg you built above in the /packages directory
+-Add the line "wifidog" in the various files in /lists
+
65 autogen.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+# Run this to generate all the initial makefiles, etc.
+#
+# $Id: autogen.sh 901 2006-01-17 18:58:13Z mina $
+
+if [ -r Makefile ]
+then
+ echo "Doing distclean"
+ make distclean
+fi
+
+if [ "X$1" != "X" ]
+then
+ BUILDROOT=`echo "$1" | sed 's/^[^=]*[=]//'`
+
+ OLDCC=${CC}
+ OLDRANLIB=${RANLIB}
+ OLDAR=${AR}
+
+ CC=${BUILDROOT}/build_mipsel/staging_dir/bin/mipsel-linux-uclibc-gcc
+ RANLIB=${BUILDROOT}/build_mipsel/staging_dir/bin/mipsel-linux-uclibc-ranlib
+ AR=${BUILDROOT}/build_mipsel/staging_dir/bin/mipsel-linux-uclibc-ar
+
+ POSTCONF=--host=mipsel
+
+ export CC
+ export RANLIB
+ export AR
+else
+ OLDCC=${CC}
+ OLDRANLIB=${RANLIB}
+ OLDAR=${AR}
+ POSTCONF=
+fi
+
+echo "Running mkdir -p config"
+mkdir -p config
+
+if [ "X"`uname` = "XDarwin" ]
+then
+ echo "Running glibtoolize --force"
+ glibtoolize --force
+else
+ echo "Running libtoolize --force"
+ libtoolize --force
+fi
+
+echo "Running aclocal"
+aclocal
+echo "Running autoheader"
+autoheader
+echo "Running automake -a"
+automake -a
+echo "Running autoconf"
+autoconf
+echo "Running ./configure ${POSTCONF} --enable-maintainer-mode $conf_flags $@"
+./configure ${POSTCONF} --enable-maintainer-mode $conf_flags "$@"
+
+CC=${OLDCC}
+RANLIB=${OLDRANLIB}
+AR=${OLDAR}
+
+export CC
+export RANLIB
+export AR
105 configure.in
@@ -0,0 +1,105 @@
+## -*-m4-*-
+# $Id: configure.in 1303 2007-10-18 21:13:28Z benoitg $
+
+dnl Process this file with autoconf to produce a configure script.
+
+# FILE:
+# configure.in
+#
+# FUNCTION:
+# implements checks for a variety of system-specific functions
+
+AC_INIT(src/common.h)
+AM_CONFIG_HEADER(config.h)
+AC_CONFIG_AUX_DIR(config)
+AC_PROG_CC
+AC_PROG_CXX
+#AC_PROG_RANLIB
+
+AC_SUBST(BUILDROOT)
+
+WIFIDOG_MAJOR_VERSION=1
+WIFIDOG_MINOR_VERSION=1
+WIFIDOG_MICRO_VERSION=4
+WIFIDOG_VERSION=$WIFIDOG_MAJOR_VERSION.$WIFIDOG_MINOR_VERSION.$WIFIDOG_MICRO_VERSION
+
+AC_SUBST(WIFIDOG_MAJOR_VERSION)
+AC_SUBST(WIFIDOG_MINOR_VERSION)
+AC_SUBST(WIFIDOG_MICRO_VERSION)
+AC_SUBST(WIFIDOG_VERSION)
+AM_INIT_AUTOMAKE(wifidog,$WIFIDOG_VERSION)
+
+
+AM_MAINTAINER_MODE
+
+AC_PROG_INSTALL
+
+AC_LIBTOOL_DLOPEN
+AM_PROG_LIBTOOL
+
+AC_ISC_POSIX
+AC_C_BIGENDIAN
+AC_PROG_MAKE_SET
+AC_HEADER_STDC
+
+
+# check for doxygen, mostly stolen from http://log4cpp.sourceforge.net/
+# ----------------------------------------------------------------------------
+AC_DEFUN([BB_ENABLE_DOXYGEN],
+[
+AC_ARG_ENABLE(doxygen, [ --enable-doxygen enable documentation generation with doxygen (auto)])
+AC_ARG_ENABLE(dot, [ --enable-dot use 'dot' to generate graphs in doxygen (auto)])
+AC_ARG_ENABLE(html-docs, [ --enable-html-docs enable HTML generation with doxygen (yes)], [], [ enable_html_docs=yes])
+AC_ARG_ENABLE(latex-docs, [ --enable-latex-docs enable LaTeX documentation generation with doxygen (no)], [], [ enable_latex_docs=no])
+if test "x$enable_doxygen" = xno; then
+ enable_doc=no
+else
+ AC_PATH_PROG(DOXYGEN, doxygen, , $PATH)
+ if test x$DOXYGEN = x; then
+ if test "x$enable_doxygen" = xyes; then
+ AC_MSG_ERROR([could not find doxygen])
+ fi
+ enable_doc=no
+ else
+ enable_doc=yes
+ AC_PATH_PROG(DOT, dot, , $PATH)
+ fi
+fi
+AM_CONDITIONAL(DOC, test x$enable_doc = xyes)
+
+if test x$DOT = x; then
+ if test "x$enable_dot" = xyes; then
+ AC_MSG_ERROR([could not find dot])
+ fi
+ enable_dot=no
+else
+ enable_dot=yes
+fi
+AM_CONDITIONAL(ENABLE_DOXYGEN, test x$enable_doc = xtrue)
+AC_SUBST(enable_dot)
+AC_SUBST(enable_html_docs)
+AC_SUBST(enable_latex_docs)
+])
+
+# check for doxygen
+# ----------------------------------------------------------------------------
+BB_ENABLE_DOXYGEN
+
+# check for pthread
+AC_CHECK_HEADER(pthread.h, , AC_MSG_ERROR(You need the pthread headers) )
+AC_CHECK_LIB(pthread, pthread_create, , AC_MSG_ERROR(You need the pthread library) )
+
+# libhttpd dependencies
+echo "Begining libhttpd dependencies check"
+AC_CHECK_HEADERS(string.h strings.h stdarg.h unistd.h)
+AC_HAVE_LIBRARY(socket)
+AC_HAVE_LIBRARY(nsl)
+echo "libhttpd dependencies check complete"
+
+AC_OUTPUT( Makefile
+ wifidog.spec
+ src/Makefile
+ libhttpd/Makefile
+ doc/Makefile
+ )
+
14 contrib/build-deb/changelog
@@ -0,0 +1,14 @@
+wifidog (1.0.0-1) stable; urgency=low
+
+ * New init.d file.
+ * Inclu
+ * debian/rules: Configuration and init.d file added.
+ * Bump version in anticipation for release
+
+ -- Guillaume Beaudoin <isf@soli.ca> Sun, 29 Aug 2004 23:14:12 -0400
+
+wifidog (0.2.0-1) stable; urgency=low
+
+ * Initial Package
+
+ -- Philippe April <philippe@philippeapril.com> Wed, 21 Jul 2004 15:22:50 -0500
15 contrib/build-deb/control
@@ -0,0 +1,15 @@
+Source: wifidog
+Section: net
+Priority: optional
+Maintainer: Philippe April <philippe@ilesansfil.org>
+
+Package: wifidog
+Architecture: any
+Depends: iptables, modutils, grep, mawk | awk
+Provides: libhttpd
+Description: The WiFi Guard Dog client
+ The WiFi Gaurd Dog project is a complete and embeddable captive portal
+ solution for wireless community groups or individuals who wish to open
+ a free HotSpot while still preventing abuse of their Internet connection.
+ .
+ This package contains only the client part.
74 contrib/build-deb/rules
@@ -0,0 +1,74 @@
+#!/usr/bin/make -f
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+build: build-stamp
+build-stamp:
+ dh_testdir
+
+ ./configure --prefix=/usr
+ $(MAKE)
+
+ touch build-stamp
+
+clean:
+ dh_testdir
+ dh_testroot
+ rm -f build-stamp
+
+ -$(MAKE) clean
+ -$(MAKE) distclean
+
+ dh_clean
+
+install: build
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ dh_installdirs
+
+ $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install
+ mkdir -p $(CURDIR)/debian/tmp/etc
+ cp wifidog.conf $(CURDIR)/debian/tmp/etc
+ cp scripts/init.d/wifidog debian/wifidog.init
+
+# Build architecture-independent files here.
+binary-indep: build install
+# We have nothing to do by default.
+
+# Build architecture-dependent files here.
+binary-arch: build install
+ dh_testdir
+ dh_testroot
+ dh_installchangelogs
+ dh_installdocs
+# dh_installexamples
+# dh_install
+# dh_installmenu
+# dh_installdebconf
+# dh_installlogrotate
+# dh_installemacsen
+# dh_installcatalogs
+# dh_installpam
+# dh_installmime
+ dh_installinit
+# dh_installcron
+# dh_installinfo
+# dh_undocumented
+ dh_installman
+ dh_link
+ dh_strip
+ dh_compress
+ dh_fixperms
+# dh_perl
+# dh_python
+ dh_makeshlibs
+ dh_installdeb
+# dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install
16 contrib/build-openwrt-ipk/wifidog/Config.in
@@ -0,0 +1,16 @@
+config BR2_PACKAGE_WIFIDOG
+ prompt "wifidog........................... A wireless captive portal solution"
+ tristate
+ default m if CONFIG_DEVEL
+ select BR2_PACKAGE_LIBPTHREAD
+ select BR2_PACKAGE_IPTABLES
+ select BR2_PACKAGE_IPTABLES_MOD_NAT
+ select BR2_PACKAGE_IPTABLES-MOD_IPOPT
+ help
+ The Wifidog project is a complete and embeddable captive
+ portal solution for wireless community groups or individuals
+ who wish to open a free Hotspot while still preventing abuse
+ of their Internet connection.
+
+ http://dev.wifidog.org/
+
63 contrib/build-openwrt-ipk/wifidog/Makefile
@@ -0,0 +1,63 @@
+# $Id: $
+ifndef TOPDIR
+ ERR := $(Please set TOPDIR to OpenWRT SDK's buildroot)
+endif
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=wifidog
+PKG_VERSION:=1.1.4
+PKG_RELEASE:=1
+PKG_MD5SUM:=842b21e1b02d0a90677b289d794e0e21
+PKG_SOURCE_URL:= @SF/$(PKG_NAME)
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_CAT:=zcat
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
+include $(TOPDIR)/package/rules.mk
+$(eval $(call PKG_template,WIFIDOG,$(PKG_NAME),$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(PKG_BUILD_DIR)/.configured: $(PKG_BUILD_DIR)/.prepared
+ (cd $(PKG_BUILD_DIR); \
+ $(TARGET_CONFIGURE_OPTS) \
+ CFLAGS="$(TARGET_CFLAGS)" \
+ CPPFLAGS="-I$(STAGING_DIR)/usr/include -I$(STAGING_DIR)/include" \
+ LDFLAGS="-L$(STAGING_DIR)/usr/lib -L$(STAGING_DIR)/lib" \
+ ./configure \
+ --target=$(GNU_TARGET_NAME) \
+ --host=$(GNU_TARGET_NAME) \
+ --build=$(GNU_HOST_NAME) \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --without-libiconv-prefix \
+ --without-libintl-prefix \
+ --disable-nls \
+ );
+ ## Add software specific configurable options above
+ ## See : ./configure --help
+ touch $@
+
+$(PKG_BUILD_DIR)/.built:
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ $(TARGET_CONFIGURE_OPTS)
+ mkdir -p $(PKG_INSTALL_DIR)
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ DESTDIR="$(PKG_INSTALL_DIR)" \
+ all install
+ touch $@
+
+$(IPKG_WIFIDOG):
+ install -m0755 -d $(IDIR_WIFIDOG)/etc/init.d
+ install -m0755 ./files/$(PKG_NAME).init $(IDIR_WIFIDOG)/etc/init.d/S65wifidog
+ install -m0644 $(PKG_BUILD_DIR)/wifidog.conf $(IDIR_WIFIDOG)/etc/
+ install -m0755 -d $(IDIR_WIFIDOG)/usr/bin
+ install -m0755 -d $(IDIR_WIFIDOG)/usr/lib
+ install -m0755 $(PKG_BUILD_DIR)/scripts/init.d/wifidog $(IDIR_WIFIDOG)/usr/bin/wifidog-init
+ $(CP) $(PKG_INSTALL_DIR)/usr/bin/wifidog $(IDIR_WIFIDOG)/usr/bin/
+ $(CP) $(PKG_INSTALL_DIR)/usr/bin/wdctl $(IDIR_WIFIDOG)/usr/bin/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libhttpd.so* $(IDIR_WIFIDOG)/usr/lib/
+ $(RSTRIP) $(IDIR_WIFIDOG)
+ $(IPKG_BUILD) $(IDIR_WIFIDOG) $(PACKAGE_DIR)
+mostlyclean:
+ make -C $(PKG_BUILD_DIR) clean
+ rm $(PKG_BUILD_DIR)/.built
+all: $(IPKG_WIFIDOG)
185 contrib/build-openwrt-ipk/wifidog/files/wifidog.conf
@@ -0,0 +1,185 @@
+# $Id: wifidog.conf 1162 2007-01-06 23:51:02Z benoitg $
+# WiFiDog Configuration file
+
+# Parameter: GatewayID
+# Default: default
+# Optional
+#
+# Set this to the node ID on the auth server
+# this is used to give a customized login page to the clients and for
+# monitoring/statistics purpose
+# If none is supplied, the mac address of the GatewayInterface interface will be used,
+# without the : separators
+
+# GatewayID default
+
+# Parameter: ExternalInterface
+# Default: NONE
+# Optional
+#
+# Set this to the external interface. Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise,
+# Normally autodetected
+
+# ExternalInterface eth0
+
+# Parameter: GatewayInterface
+# Default: NONE
+# Mandatory
+#
+# Set this to the internal interface. Typically br0 for OpenWrt, and eth1 otherwise
+
+GatewayInterface br0
+
+# Parameter: GatewayAddress
+# Default: Find it from GatewayInterface
+# Optional
+#
+# Set this to the internal IP address of the gateway
+
+# GatewayAddress 192.168.1.1
+
+# Parameter: AuthServer
+# Default: NONE
+# Mandatory, repeatable
+#
+# This allows you to configure your auth server(s). Each one will be tried in order, untill one responds.
+# Set this to the hostname or IP of your auth server(s), the path where
+# WiFiDog-auth resides in and the port it listens on.
+#AuthServer {
+# Hostname (Mandatory; Default: NONE)
+# SSLAvailable (Optional; Default: no; Possible values: yes, no)
+# SSLPort 443 (Optional; Default: 443)
+# HTTPPort 80 (Optional; Default: 80)
+# Path wifidog/ (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.)
+#}
+
+#AuthServer {
+# Hostname auth.ilesansfil.org
+# SSLAvailable yes
+# Path /
+#}
+
+#AuthServer {
+# Hostname auth2.ilesansfil.org
+# SSLAvailable yes
+# Path /
+#}
+
+# Parameter: Portal
+# Default: none
+# Optional
+#
+# Set this to a URL for your portal, if you run without an auth server
+# Portal http://www.ilesansfil.org/
+
+# Parameter: Daemon
+# Default: 1
+# Optional
+#
+# Set this to true if you want to run as a daemon
+# Daemon 1
+
+# Parameter: GatewayPort
+# Default: 2060
+# Optional
+#
+# Listen on this port
+# GatewayPort 2060
+
+# Parameter: HTTPDName
+# Default: WiFiDog
+# Optional
+#
+# Define what name the HTTPD server will respond
+# HTTPDName WiFiDog
+
+# Parameter: HTTPDMaxConn
+# Default: 10
+# Optional
+#
+# How many sockets to listen to
+# HTTPDMaxConn 10
+
+# Parameter: CheckInterval
+# Default: 60
+# Optional
+#
+# How many seconds should we wait between timeout checks. This is also
+# how often the gateway will ping the auth server and how often it will
+# update the traffic counters on the auth server. Setting this too low
+# wastes bandwidth, setting this too high will cause the gateway to take
+# a long time to switch to it's backup auth server(s).
+
+# CheckInterval 60
+
+# Parameter: ClientTimeout
+# Default: 5
+# Optional
+#
+# Set this to the desired of number of CheckInterval of inactivity before a client is logged out
+# The timeout will be INTERVAL * TIMEOUT
+ClientTimeout 5
+
+# Parameter: TrustedMACList
+# Default: none
+# Optional
+#
+# Comma separated list of MAC addresses who are allowed to pass
+# through without authentication
+#TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D
+
+# Parameter: FirewallRuleSet
+# Default: none
+# Mandatory
+#
+# Groups a number of FirewallRule statements together.
+
+# Parameter: FirewallRule
+# Default: none
+#
+# Define one firewall rule in a rule set.
+
+# Rule Set: global
+#
+# Used for rules to be applied to all other rulesets except locked.
+FirewallRuleSet global {
+ # This is the default config for the Teliphone service.
+ #FirewallRule allow udp to 69.90.89.192/27
+ #FirewallRule allow udp to 69.90.85.0/27
+ #FirewallRule allow tcp port 80 to 69.90.89.205
+ # To block SMTP out, as it's a tech support nightmare, and a legal liability
+ #FirewallRule block tcp port 25
+}
+
+# Rule Set: validating-users
+#
+# Used for new users validating their account
+FirewallRuleSet validating-users {
+ FirewallRule allow to 0.0.0.0/0
+}
+
+# Rule Set: known-users
+#
+# Used for normal validated users.
+FirewallRuleSet known-users {
+ FirewallRule allow to 0.0.0.0/0
+}
+
+# Rule Set: unknown-users
+#
+# Used for unvalidated users, this is the ruleset that gets redirected.
+#
+# XXX The redirect code adds the Default DROP clause.
+FirewallRuleSet unknown-users {
+ FirewallRule allow udp port 53
+ FirewallRule allow tcp port 53
+ FirewallRule allow udp port 67
+ FirewallRule allow tcp port 67
+}
+
+# Rule Set: locked-users
+#
+# Used for users that have been locked out.
+FirewallRuleSet locked-users {
+ FirewallRule block to 0.0.0.0/0
+}
3  contrib/build-openwrt-ipk/wifidog/files/wifidog.init
@@ -0,0 +1,3 @@
+#!/bin/sh
+/usr/bin/wifidog-init start
+
1  contrib/build-openwrt-ipk/wifidog/ipkg/wifidog.conffiles
@@ -0,0 +1 @@
+/etc/wifidog.conf
8 contrib/build-openwrt-ipk/wifidog/ipkg/wifidog.control
@@ -0,0 +1,8 @@
+Package: wifidog
+Priority: optional
+Section: net
+Depends: libpthread, iptables, iptables-mod-nat, iptables-mod-ipopt
+Description: WiFiDog is a complete and embeddable captive portal
+ solution for wireless community groups or individuals who
+ wish to open a free Hotspot while still preventing abuse
+ of their Internet connection.
5 contrib/dump_fw.sh
@@ -0,0 +1,5 @@
+#!sh
+iptables --list --table filter
+iptables --list --table mangle
+iptables --list --table nat
+
52 doc/Makefile.am
@@ -0,0 +1,52 @@
+SUBDIRS =
+
+docdir = ${prefix}/share/doc/wifidog-@VERSION@
+
+EXTRA_DIST = \
+ doxygen.cfg \
+ doxygen.cfg.in \
+ README.developers.txt
+
+all:
+
+doc: doxygen.cfg
+ echo "doc: " && pwd && echo "distdir: " && echo $(distdir)
+ rm -rf html/ refman.pdf
+ $(DOXYGEN) doxygen.cfg
+# $(MAKE) -C latex/
+# mv latex/refman.pdf ./refman.pdf
+
+dist-hook: doxygen.cfg
+ echo "dist-hook: " && pwd
+ cd $(srcdir) && pwd && rm -rf html refman.pdf && $(DOXYGEN) doxygen.cfg
+ cp -rp html ${distdir}
+
+clean-local:
+ echo "clean-local: " && pwd
+ rm -rf latex/
+ rm -f *~
+ rm -f doxygen.log
+ rm -f doxygen.cfg
+
+maintainer-clean-local: clean-local
+ echo "maintainer-clean-local: " && pwd
+ rm -rf html refman.pdf
+
+install-data-hook:
+ $(mkinstalldirs) $(DESTDIR)$(docdir)
+ mkdir -p html #Workaround to allow libofx-cvs user to install without doc.
+ cp -rp html $(DESTDIR)$(docdir)
+
+uninstall-hook:
+ chmod +w -R $(DESTDIR)${docdir}/html #Why chmod is needed is a mystery
+ rm -rf $(DESTDIR)${docdir}/html
+
+## We borrow guile's convention and use @-...-@ as the substitution
+## brackets here, instead of the usual @...@. This prevents autoconf
+## from substituting the values directly into the left-hand sides of
+## the sed substitutions.
+doxygen.cfg: doxygen.cfg.in Makefile
+ rm -f $@.tmp
+ sed < $< > $@.tmp \
+ -e 's:@-top_srcdir-@:${top_srcdir}:g'
+ mv $@.tmp $@
37 doc/README.developers.txt
@@ -0,0 +1,37 @@
+
+$Id: README.developers.txt 901 2006-01-17 18:58:13Z mina $
+
+
+This file contains some small notes on developing the WiFiDog application.
+
+The application's home page is:
+ http://www.ilesansfil.org/wiki/WiFiDog
+
+The application's sourceforge page is:
+ http://sourceforge.net/projects/wifidog/
+
+As a developer, you must subscribe to sourceforge as a "developer" under WiFiDog, as well as subscribe to the WiFiDog mailing list located at:
+ http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
+
+
+SOURCE CODE:
+ - Please do not contribute unless you agree with the GPL license and are contributing your portion under that license. See the included LICENSE.txt
+ - Please respect the intellectual property of others. You are not allowed to taint WiFiDog by including source code from projects that do not allow so.
+ - Keep in mind that this application will run on extremely simple embedded devices. The binary size needs to be small, the dependencies absolutely minimal, and the memory footprint negligible.
+ - Always place the subversion "Id" macro at the top of every file
+ - Since this is a collaborative project, please aim for clearness instead of cleverness when faced with a choice.
+ - If you must use some cleverness, please add appropriate clear comments.
+ - Please re-indent your code before committing to subversion - see the "Formatting Your Source Code" section in the GNU Coding Standards at http://www.gnu.org/prep/standards_toc.html - the entire document makes a good reading if you haven't read it before. Also see the "indent" program.
+ - Before writing any brand-new large chunks of code, make sure it's logic has been discussed with the other team of developers or included in the design stage.
+
+
+MEMORY ALLOCATION IN SOURCE CODE:
+ - Safe versions of C functions that allocate memory (safe_malloc, safe_asprintf, etc..) have been created in safe.c . You must use them instead of the original functions.
+ - If you need to use a memory-allocating C function that does not have a safe version in safe.c, create the safe wrapper first (following the template of the others) and use that instead of calling the original.
+
+
+DOCUMENTATION:
+ - Please use DoxyGen-style comments (see http://www.doxygen.org/ for details) for source code documentation.
+ - Please use DocBook-SGML documentation for user documentation. This will make it easy to export documentation in multiple formats. Otherwise submit your documentation in plaintext format to someone who will change it to DocBook.
+ - Please thoroughly-comment non-clear sections in your code.
+
1,294 doc/doxygen.cfg.in
@@ -0,0 +1,1294 @@
+# Doxyfile 1.5.3
+
+# This file describes the settings to be used by the documentation system
+# doxygen (www.doxygen.org) for a project
+#
+# All text after a hash (#) is considered a comment and will be ignored
+# The format is:
+# TAG = value [value, ...]
+# For lists items can also be appended using:
+# TAG += value [value, ...]
+# Values that contain spaces should be placed between quotes (" ")
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+
+# This tag specifies the encoding used for all characters in the config file that
+# follow. The default is UTF-8 which is also the encoding used for all text before
+# the first occurrence of this tag. Doxygen uses libiconv (or the iconv built into
+# libc) for the transcoding. See http://www.gnu.org/software/libiconv for the list of
+# possible encodings.
+
+DOXYFILE_ENCODING = UTF-8
+
+# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
+# by quotes) that should identify the project.
+
+PROJECT_NAME = WifiDog
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number.
+# This could be handy for archiving the generated documentation or
+# if some version control system is used.
+
+PROJECT_NUMBER =
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
+# base path where the generated documentation will be put.
+# If a relative path is entered, it will be relative to the location
+# where doxygen was started. If left blank the current directory will be used.
+
+OUTPUT_DIRECTORY =
+
+# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create
+# 4096 sub-directories (in 2 levels) under the output directory of each output
+# format and will distribute the generated files over these directories.
+# Enabling this option can be useful when feeding doxygen a huge amount of
+# source files, where putting all generated files in the same directory would
+# otherwise cause performance problems for the file system.
+
+CREATE_SUBDIRS = NO
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all
+# documentation generated by doxyg