OPNsense Forum

Archive => 16.1 Legacy Series => Topic started by: brobinsonus on July 07, 2016, 06:17:23 pm

Title: [SOLVED] captive portal reports mac address change for sessions
Post by: brobinsonus on July 07, 2016, 06:17:23 pm

We have random ending of captive portal sessions, mostly from Android devices.  The captive portal log shows a message of "captiveportal: mac address changed fro session [session ID]".  No further information is provided and we cannot determine what is causing the captive portal to report the mac address has changed as it certainly has not.

It is not a critical issue, but certainly annoying to those that have it happen.  Any help would be appreciated.

Title: Re: captive portal reports mac address change for sessions
Post by: martain-vf on July 13, 2016, 05:43:58 pm

I experience the same behavior, but it's hard to reproduce  :-\

i have patched the cp-background-process.py file to get some more logging on what goes wrong

Title: Re: captive portal reports mac address change for sessions
Post by: martain-vf on July 14, 2016, 01:34:03 pm

in cp-background-process.py (https://github.com/opnsense/core/blob/master/src/opnsense/scripts/OPNsense/CaptivePortal/cp-background-process.py) i replaced line 147 with:

Code: [Select]

syslog.syslog(syslog.LOG_NOTICE, "mac address (current:%s db:%s) changed for session %s" % (current_arp['mac'], db_client['macAddress'], db_client['sessionId'))

i now get log entries like:

Code: [Select]

OPNsense captiveportal: mac address (current:(incomplete) db:40:74:3a:24:da:9e) changed for session neHPP8N/vyZWxb9d2XgI0w==

looks like something is wrong with the value in current_arp['mac'] as the value is "incomplete"

I have not searched yet where it's should be set...

note: since i replaced line 147 the users aren't complaining anymore  ::)

Title: Re: captive portal reports mac address change for sessions
Post by: martain-vf on July 14, 2016, 03:44:27 pm

The (incomplete) seems to come from the output of arp -an that sometimes occurs?
in the interfaces/list_arp.py (https://github.com/opnsense/core/blob/73f353c9c27e68de57c82593ce633bc3461e39bc/src/opnsense/scripts/interfaces/list_arp.py) file line 60 it's removed from the output which is used to display the arp table under interface diagnostics...

this is not the case in the CaptivePortal/lib/arp.py (https://github.com/opnsense/core/blob/73f353c9c27e68de57c82593ce633bc3461e39bc/src/opnsense/scripts/OPNsense/CaptivePortal/lib/arp.py) which is used in the captive portal

Title: Re: captive portal reports mac address change for sessions
Post by: AdSchellevis on July 15, 2016, 10:17:26 am

The arp entries probably got expired after some time of inactivity and then are requested again, but not known yet.... hence the (incomplete).
Captive portal should ignore those entries, we should only invalidate the session if another host is using the same mac address.

This fix should solve it:

Code: [Select]

https://github.com/opnsense/core/commit/0227b1231bc42574fa130749a72189fc62853d5e

In case you like to try, use opnsense-patch:

Code: [Select]

opnsense-patch 0227b1231


Title: Re: captive portal reports mac address change for sessions
Post by: martain-vf on July 15, 2016, 12:11:38 pm

was thinking the same this morning underway to work, that it probably was the arp cache that cleans out the entries (after 20 min validated and not in use, as described in the arp man page (https://www.freebsd.org/cgi/man.cgi?query=arp&sektion=4&apropos=0&manpath=FreeBSD+10.3-RELEASE))

you could also use the dhcp lease file to check the arp mappings, but then again the captive portal does not necessarily run the dhcp server...

I've successfully applied the patch and will let you know if things go awry

Tnx for the quick fix  ;)