PacketFence - BTS - PacketFence
View Issue Details
0001260PacketFencecaptive portalpublic2011-08-30 17:512011-09-21 22:16
obilodeau 
obilodeau 
normalmajorrandom
closedfixed 
 
3.0.0 
9bdb3559a2639121b7d4ff9b330bcc18b37befd9
0001260: redirect loop on the captive portal because VLAN [re-]assignment failed
SNMP uses UDP. Sometimes VLAN changes fails to reach the network devices, especially on busy periods. Especially on busy controllers when there are a lot of deauthentication to do.

When it happens, nodes are stuck on the registration VLAN and if they hit the captive portal they get into a redirect loop.

Instead of that redirect loop, we could try again to deauth / vlan change the user that we think shouldn't be here.
No tags attached.
patch vlan-assignment-retry-instead-of-redirect-loop-2.2.1.patch (1,198) 2011-08-30 18:12
https://www.packetfence.org/bugs/file_download.php?file_id=99&type=bug
patch vlan-assignment-retry-instead-of-redirect-loop-1.9.0.patch (1,147) 2011-08-30 19:14
https://www.packetfence.org/bugs/file_download.php?file_id=100&type=bug
Issue History
2011-08-30 17:51obilodeauNew Issue
2011-08-30 17:51obilodeauStatusnew => assigned
2011-08-30 17:51obilodeauAssigned To => obilodeau
2011-08-30 18:12obilodeauFile Added: vlan-assignment-retry-instead-of-redirect-loop-2.2.1.patch
2011-08-30 19:14obilodeauFile Added: vlan-assignment-retry-instead-of-redirect-loop-1.9.0.patch
2011-08-31 18:07obilodeauNote Added: 0002176
2011-09-02 16:00obilodeaumtn revision => 9bdb3559a2639121b7d4ff9b330bcc18b37befd9
2011-09-02 16:00obilodeauNote Added: 0002179
2011-09-02 16:00obilodeauStatusassigned => resolved
2011-09-02 16:00obilodeauFixed in Version => trunk
2011-09-02 16:00obilodeauResolutionopen => fixed
2011-09-21 22:07obilodeauFixed in Versiontrunk => 3.0.0
2011-09-21 22:15obilodeauNote Added: 0002237
2011-09-21 22:16obilodeauStatusresolved => closed

Notes
(0002176)
obilodeau   
2011-08-31 18:07   
The code is completed. I will test it in the lab tomorrow then commit. It's more intrusive than I originally thought because I can't call flip (because it doesn't support inline mode) and going through pf::enforcement wouldn't bypass the locationlog's potential out-of-date'ness. Added a "force" option to pf::enforcement instead.
(0002179)
obilodeau   
2011-09-02 16:00   
fixed in trunk. This fix has DoS prevention built-in.
(0002237)
obilodeau   
2011-09-21 22:15   
fix released in 3.0