I’m still trying to solve the crashing problem with nodogsplash on OpenWRT Backfire and Kamikaze.

I have never attempted to setup an OpenWRT build environment.

What are the chances you could help me get a patched nodogsplash package I can use on my deployed WRT54GL units either by providing instructions/suggestions for compiling myself, or (if you have a OpenWRT buildroot already setup) by sending me your nodogspalsh.ipk on the off chance we use compatible hardware.

Feel free to reply by e-mail.

Regards,
Bob

I would be interested in knowing if you could make the tokens encrypted. e.g. Set an encryption key in the config file and be able to decrypt it on a website once the user logs in (the website would be in PHP)

Otherwise the user can just sniff the pages and find the token and login straight away.

Regards,
Cody

Regarding the nodogsplash daemon crashing – yes, I’ve got a workaround for that. Have a look at my patch here [1]. I’ve simply added an additional test that verifies the end user sent a redir GET variable. If they don’t, it redirects the end user to whatever is value is set in the nodogsplash.conf.

Prior to that patch, I’d never actually encountered an instance in which someone crashed nodogsplash by not sending that variable. That bug only came to light during some fuzzing tests I was conducting. I don’t have an Iphone, but I know some browsers have a tendency to unfortunately not pass things along properly

**Slightly off topic – Hughesnet satellite internet is the WORST offender in waxing GET and POST variables from HTTP requests. It appears they put a web proxy inline to hold TCP sessions open due to high latency (as evidenced by an X-forwarded-for header added to requests). If SSL isn’t used on a site, they wax variables left and right. Good luck getting them to fix it.

I do have rate-limiting working fine under Backfire 10.03 without issue. There is a kernel version difference in what we’re running (mine appears to be 2.6.30.10, and I should probably update that). But I do frequently test things, and my rate-limit of 1M/128k definitely works.

Are you building from source or using pre-packaged releases? If from source, try throwing in my patch. I should probably contact Paul Kube (the author) and start contributing upstream.

[1]http://www.braindeadprojects.com/src/OpenWRT/001-allow-magic-token.patch

I am also having the problem with the daemon crashing via the GET variable issue that seems to be caused by some users’ iPhone or iPod Touch.

Have you managed to fix or work around that problem?

I have nodogspash installed on two routers and both are having this problem…

- 0.9_beta9.9.6 running on Backfire (10.03.1-rc4, r24045), Linux OpenWrt 2.6.32.25, WRT54GL 1.1
- 0.9_beta9.9 running on KAMIKAZE (8.09.2, r18961), Linux OpenWrt 2.4.35.4, WRT54GL 1.1

I’m running the second one on KAMIKAZE because I needed traffic control and, from what I understand, traffic control doesn’t work with nodogspalsh on Backfire.

I’m using the [form] method on my splash.html page on the router…

[form method="GET" action="$authaction"]
[input type="hidden" name="tok" value="$tok"]
[input type="hidden" name="redir" value="$redir"]
[input type="submit" value="Login/Enter"]
[/form]

Any help or guidance you can provide is appreciated.

I would like to have a similar setup for a high traffic area where we are trying to capture information and provide a social network service of sorts in exchange for free wireless.

Still trying to determine how or if it’s at all possible to correct nodog source and keep it from running out of program memory with lots of users.

Do you syslog anything to a remote server? There are some messages that get syslogged elsewhere that can give additional clues as to what’s going on under the hood.

For an example, if you exceed MaxClients the call to client_list_append() logs a message that the max is exceeded and returns NULL.

My install presently has had no more than 6 people online at a single time, usually averaging 2-3 people online at a single time, so I’ve not come across what you’re seeing yet. I’ll see if I can replicate what you’re referring to and get back to you shortly (ping me if I take too long).