search

coova / coova-chilli

CoovaChilli is an open-source software access controller for captive portal hotspots.
Other
516 stars 258 forks source link

DNS filtering does not work #214

Closed miguelangel-nubla closed 8 years ago

miguelangel-nubla commented 8 years ago

As I understand you should not be able to make DNS queries before login, unless the domain is specified in uamdomains, but I am able query dig bing.com @<uamlisten> and get an answer.

I guess the default here https://github.com/coova/coova-chilli/blob/master/src/dns.c#L435 should be return -1 (error)?

Anyone experiencing similar issues?

wlanmac commented 8 years ago

DNS has to work before login, otherwise users wouldn't get redirected (they would time out on DNS). The uamdomain options allows walled garden access to those domains (so... the user can browse those domains before logging in).

miguelangel-nubla commented 8 years ago

Yes, that is what I mean. I have not added the domain bing.com to uamdomain, and the query is still resolving the IP correctly. It should just not resolve that domain.

nzamps commented 8 years ago

All domains resolve you just can’t access them before login in any other way e.g. via http unless in uamdomain, uamallowed etc.

brian

On 17/02/2016, at 7:40 AM, miguelangel-nubla notifications@github.com wrote:

Yes, that is what I mean. I have not added the domain bing.com to uamdomain, and the query is still resolving the IP correctly. It should just not resolve that domain.

— Reply to this email directly or view it on GitHub https://github.com/coova/coova-chilli/issues/214#issuecomment-184820490.

miguelangel-nubla commented 8 years ago

Is that the expected behavior? Then what is the purpose of this filtering https://github.com/coova/coova-chilli/blob/master/src/dns.c#L214-L253?

nzamps commented 8 years ago

That’s the expected behaviour. That chunk of code sets *qmatch = 1 which is used later on to add the A record to the walled-garden.

brian

On 17/02/2016, at 7:57 AM, miguelangel-nubla notifications@github.com wrote:

Is that the expected behavior? Then what is the purpose of this filtering https://github.com/coova/coova-chilli/blob/master/src/dns.c#L214-L253 https://github.com/coova/coova-chilli/blob/master/src/dns.c#L214-L253?

— Reply to this email directly or view it on GitHub https://github.com/coova/coova-chilli/issues/214#issuecomment-184830140.