nodogsplash分析

最新推荐文章于 2024-04-12 09:35:37 发布
最新推荐文章于 2024-04-12 09:35:37 发布
阅读量2k 收藏
点赞数
分类专栏: 网络编程 Linux C 路由器 文章标签: nodogsplas 源码
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/viewsky11/article/details/53107478
版权

git出nodog的源码:
https://github.com/nodogsplash/nodogsplash
查看nodog的wiki

Nodogsplash offers a simple way to provide restricted access to an internet connection. It is derived from the codebase of the Wifi Guard Dog project. Nodogsplash is released under the GNU General Public License.

nodogsplash提供了一个简单的本地化的portal网络连接,项目源自于wifidog,可以说是wifidog代码的功能简化版。

wiki中有用的信息还有:
When the splash page is served, the following variables in the page are replaced by their values:

$gatewayname The value of GatewayName as set in nodogsplash.conf.
$authtarget A URL which encodes a unique token and the URL of the user's original web request. If nodogsplash receives a request at this URL, it completes the authentication process for the client and replies to the request with a "302 Found" to the encoded originally requested URL. (Alternatively, you can use a GET-method HTML form to send this information to the nodogsplash server; see below.) As a simple example:

<a href="$authtarget">Enter</a>

$imagesdir The directory in nodogsplash's web hierarchy where images to be displayed in the splash page must be located.

$tok,$redir,$authaction, and $denyaction are also available and can be useful if you want to write the splash page to use a GET-method HTML form instead of using $authtarget as the value of an href attribute to communicate with the nodogsplash server. As a simple example:
<form method='GET' action='$authaction'>
  <input type='hidden' name='tok' value='$tok'>
  <input type='hidden' name='redir' value='$redir'>
  <input type='submit' value='Click Here to Enter'>
</form>
$clientip, $clientmac and $gatewaymac The respective addresses of the client or gateway. This might be usefull in cases where the data needs to be forwarded to some other place by the plash page itself.

$nclients and $maxclients User stats. Usefull when you need to display something like "n of m users online" on the splash site.

$uptime The time Nodogsplash is running.

To change the appearance of informational and error pages which may occasionally be served by nodogsplash, edit the infoskel file:

/etc/nodogsplash/htdocs/infoskel.html

In this file, variables $gatewayname, $version, $title, and $content will be replaced by their values. $title is a summary of the information or kind of error; $content is the content of the information or error message.

nodogsplash中可以在splash.html中加入动态变量,以$为标志的变量,可以实现callback。
另外还以增加用户名和密码的登录认证,可以在html页面加入

 <form method='GET' action='$authaction'>
  <input type='hidden' name='tok' value='$tok'>
  <input type='hidden' name='redir' value='$redir'>
  username: <input type='text' name='nodoguser' value='' size='12' maxlength='12'>
  <br>
  password: <input type='password' name='nodogpass' value='' size='12' maxlength='10'>
  <br>
  <input type='submit' value='Enter'>
  </form>

加入了 tok redir,nodoguser,nodogpass变量。

下面分析nodog源码,找到main函数,/src/gateway.c中:


#include <stdio.h>
#include <stdlib.h>
#include <syslog.h>
#include <pthread.h>
#include <signal.h>
#include <errno.h>
#include <time.h>

/* for strerror() */
#include <string.h>

/* for wait() */
#include <sys/wait.h>

/* for unix socket communication*/
#include <sys/socket.h>
#include <sys/un.h>

#include "common.h"
#include "httpd.h"
#include "safe.h"
#include "debug.h"
#include "conf.h"
#include "gateway.h"
#include "firewall.h"
#include "commandline.h"
#include "auth.h"
#include "http.h"
#include "client_list.h"
#include "ndsctl_thread.h"
#include "httpd_thread.h"
#include "util.h"


/** XXX Ugly hack
 * We need to remember the thread IDs of threads that simulate wait with pthread_cond_timedwait
 * so we can explicitly kill them in the termination handler
 */
static pthread_t tid_client_check = 0;

/* The internal web server */
httpd * webserver = NULL;

/* Time when nodogsplash started  */
time_t started_time = 0;


/* Avoid race condition of folloing variables */
pthread_mutex_t httpd_mutex = PTHREAD_MUTEX_INITIALIZER;
/* Total number of httpd request handling threads started */
int created_httpd_threads;
/* Number of current httpd request handling threads */
int current_httpd_threads;


/**@internal
 * @brief Handles SIGCHLD signals to avoid zombie processes
 *
 * When a child process exits, it causes a SIGCHLD to be sent to the
 * parent process. This handler catches it and reaps the child process so it
 * can exit. Otherwise we'd get zombie processes.
 */     //以上英文解释已经很详细了,sigchld_handler在子进程结束时通识父进程回收,避免僵尸进程
void
sigchld_handler(int s)
{
    int status;
    pid_t rc;

    debug(LOG_DEBUG, "SIGCHLD handler: Trying to reap a child");

    rc = waitpid(-1, &status, WNOHANG | WUNTRACED);

    if(rc == -1) {
        if(errno == ECHILD) {
            debug(LOG_DEBUG, "SIGCHLD handler: waitpid(): No child exists now.");
        } else {
            debug(LOG_ERR, "SIGCHLD handler: Error reaping child (waitpid() returned -1): %s", strerror(errno));
        }
        return;
    }

    if(WIFEXITED(status)) {
        debug(LOG_DEBUG, "SIGCHLD handler: Process PID %d exited normally, status %d", (int)rc, WEXITSTATUS(status));
        return;
    }

    if(WIFSIGNALED(status)) {
        debug(LOG_DEBUG, "SIGCHLD handler: Process PID %d exited due to signal %d", (int)rc, WTERMSIG(status));
        return;
    }

    debug(LOG_DEBUG, "SIGCHLD handler: Process PID %d changed state, status %d not exited, ignoring", (int)rc, status);
    return;
}

/** Exits cleanly after cleaning up the firewall.
 *  Use this function anytime you need to exit after firewall initialization */
void     //该函数在调用到时,则结束整个进程,关闭软件
termination_handler(int s)
{
    static  pthread_mutex_t sigterm_mutex = PTHREAD_MUTEX_INITIALIZER;

    debug(LOG_NOTICE, "Handler for termination caught signal %d", s);

    /* Makes sure we only call fw_destroy() once. */
    if (pthread_mutex_trylock(&sigterm_mutex)) {
        debug(LOG_INFO, "Another thread already began global termination handler. I'm exiting");
        pthread_exit(NULL);
    } else {
        debug(LOG_INFO, "Cleaning up and exiting");
    }

    debug(LOG_INFO, "Flushing firewall rules...");
    fw_destroy();

    /* XXX Hack
     * Aparently pthread_cond_timedwait under openwrt prevents signals (and therefore
     * termination handler) from happening so we need to explicitly kill the threads
     * that use that
     */
    if (tid_client_check) {
        debug(LOG_INFO, "Explicitly killing the fw_counter thread");
        pthread_kill(tid_client_check, SIGKILL);
    }

    debug(LOG_NOTICE, "Exiting...");
    exit(s == 0 ? 1 : 0);
}


/** @internal
 * Registers all the signal handlers
 */
static void   //信号初始化函数,为进程提供信号处理
init_signals(void)
{
    struct sigaction sa;

    debug(LOG_DEBUG, "Setting SIGCHLD handler to sigchld_handler()");
    sa.sa_handler = sigchld_handler;
    sigemptyset(&sa.sa_mask);
    sa.sa_flags = SA_RESTART;
    if (sigaction(SIGCHLD, &sa, NULL) == -1) {
        debug(LOG_ERR, "sigaction(): %s", strerror(errno));
        exit(1);
    }

    /* Trap SIGPIPE */
    /* This is done so that when libhttpd does a socket operation on
     * a disconnected socket (i.e.: Broken Pipes) we catch the signal
     * and do nothing. The alternative is to exit. SIGPIPE are harmless
     * if not desirable.
     */
    debug(LOG_DEBUG, "Setting SIGPIPE  handler to SIG_IGN");
    sa.sa_handler = SIG_IGN;
    if (sigaction(SIGPIPE, &sa, NULL) == -1) {
        debug(LOG_ERR, "sigaction(): %s", strerror(errno));
        exit(1);
    }

    debug(LOG_DEBUG, "Setting SIGTERM,SIGQUIT,SIGINT  handlers to termination_handler()");
    sa.sa_handler = termination_handler;
    sigemptyset(&sa.sa_mask);
    sa.sa_flags = SA_RESTART;

    /* Trap SIGTERM */
    if (sigaction(SIGTERM, &sa, NULL) == -1) {
        debug(LOG_ERR, "sigaction(): %s", strerror(errno));
        exit(1);
    }

    /* Trap SIGQUIT */
    if (sigaction(SIGQUIT, &sa, NULL) == -1) {
        debug(LOG_ERR, "sigaction(): %s", strerror(errno));
        exit(1);
    }

    /* Trap SIGINT */
    if (sigaction(SIGINT, &sa, NULL) == -1) {
        debug(LOG_ERR, "sigaction(): %s", strerror(errno));
        exit(1);
    }
}

/**@internal
 * Main execution loop
 */      //main_loop为nodog的执行循环,是进程的核心
static void
main_loop(void)
{
    int result;
    pthread_t   tid;
    struct timespec wait_time;
    int msec;
    s_config *config;
    request *r;
    void **params;
    int* thread_serial_num_p;

    config = config_get_config();     //读取配置文件中的配置,填充到config结构中

    /* Set the time when nodogsplash started */    //设置时间
    if (!started_time) { 
        debug(LOG_INFO, "Setting started_time");
        started_time = time(NULL);
    } else if (started_time < MINIMUM_STARTED_TIME) {
        debug(LOG_WARNING, "Detected possible clock skew - re-setting started_time");
        started_time = time(NULL);
    }
             //获取网管IP和mac,如果没有检测到则结束
    /* If we don't have the Gateway IP address, get it. Exit on failure. */
    if (!config->gw_address) {
        debug(LOG_DEBUG, "Finding IP address of %s", config->gw_interface);
        if ((config->gw_address = get_iface_ip(config->gw_interface)) == NULL) {
            debug(LOG_ERR, "Could not get IP address information of %s, exiting...", config->gw_interface);
            exit(1);
        }
    }
    if ((config->gw_mac = get_iface_mac(config->gw_interface)) == NULL) {
        debug(LOG_ERR, "Could not get MAC address information of %s, exiting...", config->gw_interface);
        exit(1);
    }
    debug(LOG_NOTICE, "Detected gateway %s at %s (%s)", config->gw_interface, config->gw_address, config->gw_mac);

    /* Initializes the web server */   //在网关IP上建立web server进程,
    if ((webserver = httpdCreate(config->gw_address, config->gw_port, config->ip6)) == NULL) {
        debug(LOG_ERR, "Could not create web server: %s", strerror(errno));
        exit(1);
    }
    debug(LOG_NOTICE, "Created web server on %s:%d", config->gw_address, config->gw_port);

    /* Set web root for server */    //设置web server的根目录
    debug(LOG_DEBUG, "Setting web root: %s",config->webroot);
    httpdSetFileBase(webserver,config->webroot);
   //在web server加入imagesdir目录,
    /* Add images files to server: any file in config->imagesdir can be served */
    debug(LOG_DEBUG, "Setting images subdir: %s",config->imagesdir);
    httpdAddWildcardContent(webserver,config->imagesdir,NULL,config->imagesdir);
    //在web server加入pagesdir目录
    /* Add pages files to server: any file in config->pagesdir can be served */
    debug(LOG_DEBUG, "Setting pages subdir: %s",config->pagesdir);
    httpdAddWildcardContent(webserver,config->pagesdir,NULL,config->pagesdir);


    debug(LOG_DEBUG, "Registering callbacks to web server");
       //增加web server输入的网页内容
    httpdAddCContent(webserver, "/", "", 0, NULL, http_nodogsplash_callback_index);
    httpdAddCWildcardContent(webserver, config->authdir, NULL, http_nodogsplash_callback_auth);       //增加web server的授权功能
    httpdAddCWildcardContent(webserver, config->denydir, NULL, http_nodogsplash_callback_deny);       //增加web server的deny
    httpdAddC404Content(webserver, http_nodogsplash_callback_404);
                                    //增加404页面
    /* Reset the firewall (cleans it, in case we are restarting after nodogsplash crash) */

    fw_destroy();          //清空所有的iptables防火墙配置
    /* Then initialize it */
    debug(LOG_NOTICE, "Initializing firewall rules");
    if( fw_init() != 0 ) {       //初始化iptables的防火墙设置
        debug(LOG_ERR, "Error initializing firewall rules! Cleaning up");
        fw_destroy();           //初始化失败则清空
        debug(LOG_ERR, "Exiting because of error initializing firewall rules");
        exit(1);
    }

    /* Start client statistics and timeout clean-up thread */
    //启动客户服务统计和时间轮询的线程
    result = pthread_create(&tid_client_check, NULL, thread_client_timeout_check, NULL);
    if (result != 0) {
        debug(LOG_ERR, "FATAL: Failed to create thread_client_timeout_check - exiting");
        termination_handler(0);
    }
    pthread_detach(tid_client_check);

    /* Start control thread */
    //启用ndsctl的控制进程
    result = pthread_create(&tid, NULL, thread_ndsctl, (void *)safe_strdup(config->ndsctl_sock));
    if (result != 0) {
        debug(LOG_ERR, "FATAL: Failed to create thread_ndsctl - exiting");
        termination_handler(0);
    }
    pthread_detach(tid);

    /*
     * Enter the httpd request handling loop
     */
    debug(LOG_NOTICE, "Waiting for connections");
    created_httpd_threads = 0;
    current_httpd_threads = 0;
    while(1) {           //进入nodog的主循环
        r = httpdGetConnection(webserver, NULL);   //连接到web server,并返回request结构体

        /* We can't convert this to a switch because there might be
         * values that are not -1, 0 or 1. */
        if (webserver->lastError == -1) {
            /* Interrupted system call */
            continue; /* continue loop from the top */
        } else if (webserver->lastError < -1) {
            /*
             * FIXME
             * An error occurred - should we abort?
             * reboot the device ?
             */
            debug(LOG_ERR, "FATAL: httpdGetConnection returned unexpected value %d, exiting.", webserver->lastError);
            termination_handler(0);
        } else if (r != NULL) {     //如果连接web server获取的request不为空,则进入网络服务线程中
            /*
             * We got a connection
             *
             * We create another thread to handle the request,
             * possibly sleeping first if there are too many already
             */
            debug(LOG_DEBUG,"%d current httpd threads.", current_httpd_threads);
            if(config->decongest_httpd_threads && current_httpd_threads >= config->httpd_thread_threshold) {
                msec = current_httpd_threads * config->httpd_thread_delay_ms;
                wait_time.tv_sec = msec / 1000;
                wait_time.tv_nsec = (msec % 1000) * 1000000;
                debug(LOG_INFO, "Httpd thread creation delayed %ld sec %ld nanosec for congestion.",
                      wait_time.tv_sec, wait_time.tv_nsec);
                nanosleep(&wait_time,NULL);
            }
            thread_serial_num_p = (int*) malloc(sizeof(int)); /* thread_httpd() must free */
            pthread_mutex_lock(&httpd_mutex);
            *thread_serial_num_p = created_httpd_threads;
            created_httpd_threads++;
            pthread_mutex_unlock(&httpd_mutex);
            debug(LOG_INFO, "Creating httpd request thread %d for %s", *thread_serial_num_p, r->clientAddr);
            /* The void**'s are a simulation of the normal C
             * function calling sequence. */
            params = safe_malloc(3 * sizeof(void *)); /* thread_httpd() must free */
            *params = webserver;
            *(params + 1) = r;
            *(params + 2) = thread_serial_num_p;   
           //创建web server的服务线程
            result = pthread_create(&tid, NULL, (void *)thread_httpd, (void *)params);
            if (result != 0) {
                debug(LOG_ERR, "FATAL: pthread_create failed to create httpd request thread - exiting...");
                termination_handler(0);
            }
            pthread_detach(tid);
        } else {
            /* webserver->lastError should be 2 */
            /* XXX We failed an ACL.... No handling because
             * we don't set any... */
        }
    }

    /* never reached */
}

/** Main entry point for nodogsplash.
 * Reads the configuration file and then starts the main loop.
 */   //nodog的主函数,读取配置文件,各项初始化,然后进入main_loop中
int main(int argc, char **argv)
{
    s_config *config = config_get_config();
    config_init();

    parse_commandline(argc, argv);

    /* Initialize the config */
    debug(LOG_NOTICE,"Reading and validating configuration file %s", config->configfile);
    config_read(config->configfile);
    config_validate();

    /* Initializes the linked list of connected clients */
    client_list_init();

    /* Init the signals to catch chld/quit/etc */
    debug(LOG_NOTICE,"Initializing signal handlers");
    init_signals();

    if (config->daemon) {

        debug(LOG_NOTICE, "Starting as daemon, forking to background");

        switch(safe_fork()) {
        case 0: /* child */   //创建进程,父进程退出,子进程成为孤儿进程,被init进程收养,进入main_loop循环
            setsid();
            main_loop();
            break;

        default: /* parent */
            exit(0);
            break;
        }
    } else {
        main_loop();
    }

    return(0); /* never reached */
}
viewsky11
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
nodogsplash
03-22
Nodogsplash项目 Nodogsplash是一个强制门户,通过在授予Internet访问权限之前向用户显示初始页面,提供了一种简单的方法来提供对Internet的受限访问。 它最初源自Wifi Guard Dog项目的代码库。 Nodogsplash是根据GNU通用公共许可证发行的。 邮件列表: : 原始首页(不再可用): : Wifidog: ://dev.wifidog.org/ GNU GPL: : 以下内容描述了Nodogsplash的功能,如何获取和运行它以及如何为您的应用程序自定义其行为。 概述 Nodogsplash (NDS)是一种高性能,占用空间小的Captive Portal,可提供受限制的简单启动页面Internet连接。 NoDogSplash针对资源有限的目标设备进行了优化。 如果要使用提供动态Web界面的更复杂的身份验证系统,则需要而不是
nodogsplash的内部机制分析
学一点IOT
11-01 937
目前的广告路由器,或多或少都跟wifidog相关,而nodogsplash就是与wifidog一样功能,除了没有远程服务器认证之外。 对于其内部分析,以nodogsplash开始较为方便。 其本质为:标记包,然后针对标记的包做防火墙规则更新。 主要用到iptables几个方面:MARK,NAT 和 MANGLE 首先我们看看iptables的包处理流向: 想要在连接的客户端访
openwrt nodogsplash.conf文件
Gino的专栏
08-04 1952
# # Nodogsplash Configuration File # # 说明:#所在行不执行。(启用该参数需要删除执行参数前的#及空格) # 文件格式为:参数|建议值|参数说明|执行参数 。 # 不同参数之间空一行,同一参数中间可使用带#的空行。 # 为保证规则正确运行,需要用"/etc/init.d/nodogsplash start"启动# Parameter: GatewayInterf
nodogsplash 调试工具 ndsctl
连志安
07-09 1674
ndsctl是通过unix socket与nodogsplash之间通过socket来实现进程之间的通信。ndsctl的主要作用如下:root@DayDream:/# ndsctl Usage: ndsctl [options] command [arguments]options: -s <path> Path to the socket -h
portal 第三方工具:nodogsplash 使用分析
热门推荐
OpenWrt/WLAN/驱动/Android/嵌入式开发总结
11-23 1万+
1:nodogsplash运行 在运行nodogsplash之后,系统会创建一下四个线程: Gateway.c (z:\wlan\portal\nodogsplash-0.9_beta9.9\src):      result = pthread_create(&tid_fw_counter, NULL, (void *)thread_client_timeout_check, NULL);
nodogsplash-开源
05-03
Nodogsplash提供了一种简单的方法来提供对Internet连接的受限访问。 它旨在用于运行OpenWRT的无线访问点(但也可以在其他基于Linux的设备上工作)。
nodogsplash_0.9_beta_ar71xx.ipk
11-17
nodogsplash for ar71xx安装包,beta版
OTPspot:带有 OTP 强制门户的无线热点-开源
06-28
在您的 raspberry(或任何 linux 机器)上运行一个强制门户... OTPspot(从 2.0 版开始)与 nodogsplash 完全兼容,可以作为 FAS 服务运行。 在此配置中,nodogsplash 将负责网络,而 OTPspot 将仅对用户进行身份验证。
网络路由器:ITP论文
02-19
网络个性关于网络个性探讨了路由器如何建立本地社区(LAN)并提供对更大互联网(WAN)的访问。...栏目使用的软件hostapd-创建访问点dnsmasq-提供dns解析/ ip地址分配iptables-转发流量nodogsplash-创建俘虏门户
探索Nodogsplash:智能网络访问管理的开源利器
最新发布
gitblog_00026的博客
04-12 352
探索Nodogsplash:智能网络访问管理的开源利器 nodogsplashNodogsplash offers a simple way to provide restricted access to an Internet connection using a captive portal. Pull requests are welcome!项目地址:https://gitcode.co...
openwrt 利用 nodogsplash 打造广告路由器
连志安
07-09 3218
1.编译时,选上 nodogsplash 软件包Symbol: PACKAGE_nodogsplash [=y] Type : tristate Prompt: nodogsplash........................... Open public network gateway daemon x Location: -
nodogsplash安装笔记
weixin_30731305的博客
09-24 460
nodogsplash安装笔记 安装可以参考 https://wiki.openwrt.org/doc/howto/wireless.hotspot.nodogsplash 安装注意事项: 0. Free wifi 路由器wan口连接到内网,分开两个网段连接 1. 如果使用Chaos 15.05系统时,最好能安装nodogsplash0...
nodogsplash.conf文件使用说明(续…
caoshunxin01的专栏
02-23 409
# This should be autodetected on an OpenWRT system, but if not: # Set GatewayAddress to the IP address of the router on # the GatewayInterface.  This is the address that the Nodogsplash # server
nodogsplash.conf文件使用说明
caoshunxin01的专栏
02-23 472
转载自:http://www.right.com.cn/forum/thread-148481-1-1.html 小白参考,老鸟不喷,欢迎纠正。 我加不上附件。直接放窗口上吧,复制后贴记事本里,另存成nodogsplash.conf就成了。 线中间是代码。(请管理员帮忙改成附件最好) ————————————————————————————————————————————————
Nodogsplash 访客认证
weixin_34362875的博客
10-09 439
Nodogsplash offers a simple way to provide restricted access to an internet connection. It is derived from the codebase of the Wifi Guard Dog project. Nodogsplash is rele...
Nodogsplash访客认证
suyc
07-05 598
1.增加lan接口,比如lan1mynetwork="lan1" myip="XXX.XXX.XXX.XXX" mynetmask="255.255.255.0" uci set network.${mynetwork}=interface uci set network.${mynetwork}.proto=static uci set network.${mynetwork}.ipaddr=$m
树莓派3+openwrt+nodogsplash实现portal认证
Alex的专栏
09-07 3324
1. 更新opkg软件源        树莓派3代B型,openwrt系统安装见http://blog.csdn.net/u012327058/article/details/77856112。opkg软件源定义在/etc/opkg/distfeeds.conf(/etc/opkg.conf好像不起作用),或者在luci web界面System->software下修改软件源配置。一定要保证
nodogsplash在指定网络下工作
weixin_34390105的博客
05-12 172
2019独角兽企业重金招聘Python工程师标准>>> ...
OpenWrt 广告植入原型搭建
技术无止境
08-14 1963
第一步:准备固件 编译OpenWrt固件-选择Privoxy 第二步:修改配置文件 配置user.filter, user.action, config文件。 config文件中需要指定监听都地址与端口号 [cpp] view plain copy root@YSWiFi:/etc/privoxy# cat
nodog安装配置
caoshunxin01的专栏
02-23 858
安装 opkg update opkg install nodogsplash 配置 1.打开/etc/config/wireless文件,加入 config wifi-iface option device radio0 #如果是USB外置网卡改为radio1 option network lan1 option ifname ath1 option mod
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值