RE: Web login
- From: Dan Williams <dcbw redhat com>
- To: Mattias Bengtsson <moonlite student chalmers se>
- Cc: "networkmanager-list gnome org" <networkmanager-list gnome org>
- Subject: RE: Web login
- Date: Wed, 14 Apr 2010 14:44:55 -0700
On Wed, 2010-04-14 at 11:28 +0000, Mattias Bengtsson wrote:
> > > Just got it - it is simple as that. Try to open any page you're sure
> > > isn't accessible without authentication. It will redirect to login
> > > page. If there is clear shot that is indeed login page, go ahead. If
> > > not, fall back to current default - do nothing :)
> >
> >
> > bool requiresWebLogin()
> > {
> > return ( http://www.google.com
> > == http://www.yahoo.com/
> > == http://www.hotmail.com/ )
> > }
> >
> > Something like that.
> >
>
> I think Dan was against this sort of functionality. I think he referred to some netgear routers that autoconnected to some hosts on startup or something. A sort of unintentional DoS. Search the archives.
> Some at least slightly more likely URLs then google, yahoo and hotmail are "http://www.canonical.com/nmtest"; for ubuntu and "www.redhat.com/nmtest" for fedora etc etc.
I wasn't against it per-se, but we need to really think about this since
it certainly does have the potential to make people really mad. The
reference was about some DLink routers that DoS-ed the UW Madison NTP
servers because they'd hard-coded the NTP server address in the firmware
and didn't have any rate-limiting when the server couldn't be reached,
so they'd just retry over and over and over.
Think about a couple hundred thousand of these wifi APs trying to
connect to a server that doesn't exist anymore, which still uses up
bandwidth for the initial TCP connection setup.
The point was that blindly adding some "am I really connected" query
into NM itself is error-prone in a few ways:
1) if a bunch of NM-enabled machines boot up at the same time, you get a
DoS effect against the site that you're trying to ping
2) you'll need a few sites to try, and you'll need to handle errors if
for example a routing split means you can't contact one of the sites:
http://gigaom.com/2008/10/30/cogent-sprint-un-peer-may-cause-web-slowdown/
3) it's more complicated than you may think; some captive portals (I've
seen this with Bluesocket ones) will respond to *any* ping request, even
if you ping www.google.com, they'll respond to that. If you go to
www.google.com, they'll respond to that too with the portal login page.
This is pretty popular.
So you can't just ping a site. You'll need to keep a database of login
portals and associate "magic"; I know some exist out there already. You
do a quick request to your preferred "am-i-on-teh-intarwebs" server, and
if it matches anything in the portal database, then you know you're not
connected yet. Plus this means you can have something automatically
enter your username/password for you too. Otherwise, there are some
standards for captive portals (WISPR?) that help you autodetect and log
in more easily than doing screenscraping of the HTML.
I've long wondered what Windows Vista and later do for this, since they
have some sort of functionality to detect whether you're connected to
the internet or not. Maybe we could take a similar approach? Windows
certainly doesn't make you enter the addresses of various sites you'd
like to ping.
Next, this is a great use of pre-up scripts. I'd like to roll this into
the same infrastructure, since for auto-login to portals, you're not
really "up" and online unless you've gotten through the portal first.
Which is what pre-up was all about.
Dan
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
