wifidog源码分析 - 初始化阶段

Wifidog是一个linux下开源的认证网关软件,它主要用于配合认证服务器实现无线路由器的认证放行功能。

wifidog是一个后台的服务程序,可以通过wdctrl命令对wifidog主程序进行控制。

本文解释wifidog在启动阶段所做的初始化主要工作(代码片段1.1)

初始化配置(先将配置结构体初始化为默认值,在读取配置文件修改配置结构体)
初始化已连接客户端列表(如果是通过wdctrl重启wifidog,将会读取之前wifidog的已连接客户端列表 代码片段1.2 代码片段1.3)
如无特殊情况,分离进程,建立守护进程 (代码片段1.1)
添加多个http请求回调函数(包括404错误回调函数) (见之后章节)
摧毁删除现有的iptables路由表规则 (见之后章节)
建立新的iptables路由表规则 (见之后章节)
启动多个功能线程 (见之后章节)
循环等待客户端连接 (见之后章节)

代码片段1.1:
int main(int argc, char **argv) {

      s_config *config = config_get_config();  //就是返回全局变量config结构体的地址
      config_init();    //初始化全局变量config结构体为默认值

      parse_commandline(argc, argv);    //根据传入参数执行操作(如果参数有-x则会设置restart_orig_pid为已运行的wifidog的pid)

      /* Initialize the config */
     config_read(config->configfile);    //根据配置文件设置全局变量config结构体
     config_validate();    //判断GatewayInterface和AuthServer是否为空,空则无效退出程序。

     /* Initializes the linked list of connected clients */
     client_list_init();    //将已连接客户端链表置空。

     /* Init the signals to catch chld/quit/etc */
     init_signals();    //初始化一些信号

     if (restart_orig_pid) {    //用于restart,如果有已运行的wifidog,先会kill它
         /*
          * We were restarted and our parent is waiting for us to talk to it over the socket
          */
         get_clients_from_parent();    //从已运行的wifidog中获取客户端列表,详见 代码片段1.2

         /*
          * At this point the parent will start destroying itself and the firewall. Let it finish it's job before we continue
          */

         while (kill(restart_orig_pid, 0) != -1) {    //kill已运行的wifidog
             debug(LOG_INFO, "Waiting for parent PID %d to die before continuing loading", restart_orig_pid);
             sleep(1);
         }

         debug(LOG_INFO, "Parent PID %d seems to be dead. Continuing loading.");
    }

     if (config->daemon) {    //创建为守护进程,config->daemon默认值为-1

         debug(LOG_INFO, "Forking into background");

        switch(safe_fork()) {
             case 0: /* child */
                 setsid();    //创建新会话,脱离此终端,实现守护进程
                 append_x_restartargv();
                 main_loop();    //进入主循环(核心代码在此)。
                 break;

             default: /* parent */
                 exit(0);
                 break;
         }
     }
     else {
         append_x_restartargv();
         main_loop();
     }

     return(0); /* never reached */
}

代码片段1.2(获取已启动的wifidog的客户端列表):

此段代表描述了新启动的wifidog如何从已启动的wifidog程序中获取已连接的客户端列表。发送端见 代码片段1.3

void get_clients_from_parent(void) {
    int sock;
    struct sockaddr_un    sa_un;
    s_config * config = NULL;
    char linebuffer[MAX_BUF];
    int len = 0;
    char *running1 = NULL;
    char *running2 = NULL;
    char *token1 = NULL;
    char *token2 = NULL;
    char onechar;
    char *command = NULL;
    char *key = NULL;
    char *value = NULL;
    t_client * client = NULL;
    t_client * lastclient = NULL;

    config = config_get_config();

    debug(LOG_INFO, "Connecting to parent to download clients");

    /* 连接socket */
    sock = socket(AF_UNIX, SOCK_STREAM, 0);
    memset(&sa_un, 0, sizeof(sa_un));
    sa_un.sun_family = AF_UNIX;
    strncpy(sa_un.sun_path, config->internal_sock, (sizeof(sa_un.sun_path) - 1));    //config->internal_sock的值为"/tmp/wifidog.sock"

    /* 连接已启动的wifidog */
    if (connect(sock, (struct sockaddr *)&sa_un, strlen(sa_un.sun_path) + sizeof(sa_un.sun_family))) {
        debug(LOG_ERR, "Failed to connect to parent (%s) - client list not downloaded", strerror(errno));
        return;
    }

    debug(LOG_INFO, "Connected to parent.  Downloading clients");

    LOCK_CLIENT_LIST();

    command = NULL;
    memset(linebuffer, 0, sizeof(linebuffer));
    len = 0;
    client = NULL;
    /* 接收数据,逐个字符接收 */
    /* 数据包格式为 CLIENT|ip=%s|mac=%s|token=%s|fw_connection_state=%u|fd=%d|counters_incoming=%llu|counters_outgoing=%llu|counters_last_updated=%lu\n */
    while (read(sock, &onechar, 1) == 1) {
        if (onechar == '\n') {
            /* 如果接收到末尾('\n'),则转为'\0' */
            onechar = '\0';
        }
        linebuffer[len++] = onechar;

        if (!onechar) {
            /* 以下将数据转化为t_client结构体添加到客户端列表 */
            debug(LOG_DEBUG, "Received from parent: [%s]", linebuffer);
            running1 = linebuffer;
            while ((token1 = strsep(&running1, "|")) != NULL) {
                if (!command) {
                    /* The first token is the command */
                    command = token1;
                }
                else {
                /* Token1 has something like "foo=bar" */
                    running2 = token1;
                    key = value = NULL;
                    while ((token2 = strsep(&running2, "=")) != NULL) {
                        if (!key) {
                            key = token2;
                        }
                        else if (!value) {
                            value = token2;
                        }
                    }
                }

                if (strcmp(command, "CLIENT") == 0) {
                    /* This line has info about a client in the client list */
                    if (!client) {
                        /* Create a new client struct */
                        client = safe_malloc(sizeof(t_client));
                        memset(client, 0, sizeof(t_client));
                    }
                }

                if (key && value) {
                    if (strcmp(command, "CLIENT") == 0) {
                        /* Assign the key into the appropriate slot in the connection structure */
                        if (strcmp(key, "ip") == 0) {
                            client->ip = safe_strdup(value);
                        }
                        else if (strcmp(key, "mac") == 0) {
                            client->mac = safe_strdup(value);
                        }
                        else if (strcmp(key, "token") == 0) {
                            client->token = safe_strdup(value);
                        }
                        else if (strcmp(key, "fw_connection_state") == 0) {
                            client->fw_connection_state = atoi(value);
                        }
                        else if (strcmp(key, "fd") == 0) {
                            client->fd = atoi(value);
                        }
                        else if (strcmp(key, "counters_incoming") == 0) {
                            client->counters.incoming_history = atoll(value);
                            client->counters.incoming = client->counters.incoming_history;
                        }
                        else if (strcmp(key, "counters_outgoing") == 0) {
                            client->counters.outgoing_history = atoll(value);
                            client->counters.outgoing = client->counters.outgoing_history;
                        }
                        else if (strcmp(key, "counters_last_updated") == 0) {
                            client->counters.last_updated = atol(value);
                        }
                        else {
                            debug(LOG_NOTICE, "I don't know how to inherit key [%s] value [%s] from parent", key, value);
                        }
                    }
                }
            }

            /* End of parsing this command */
            if (client) {
                /* Add this client to the client list */
                if (!firstclient) {
                    firstclient = client;
                    lastclient = firstclient;
                }
                else {
                    lastclient->next = client;
                    lastclient = client;
                }
            }

            /* Clean up */
            command = NULL;
            memset(linebuffer, 0, sizeof(linebuffer));
            len = 0;
            client = NULL;
        }
    }

    UNLOCK_CLIENT_LIST();
    debug(LOG_INFO, "Client list downloaded successfully from parent");

    close(sock);
}

代码片段1.3(已启动的wifidog发送客户端列表到新启动的wifidog):

//thread_wdctl_handler(void *arg)函数是wifidog启动后自动创建的控制线程,主要用于与wdctrl进行socket通信,根据wdctrl命令执行不同的操作。这里我们着重讲解的是wdctrl发送restart后wifidog的执行逻辑。
static void *
thread_wdctl_handler(void *arg)
{
    int    fd,
        done,
        i;
    char    request[MAX_BUF];
    ssize_t    read_bytes,
        len;

    debug(LOG_DEBUG, "Entering thread_wdctl_handler....");

    fd = (int)arg;

    debug(LOG_DEBUG, "Read bytes and stuff from %d", fd);

    /* 初始化变量 */
    read_bytes = 0;
    done = 0;
    memset(request, 0, sizeof(request));

    /* 读取命令 */
    while (!done && read_bytes < (sizeof(request) - 1)) {
        len = read(fd, request + read_bytes,
                sizeof(request) - read_bytes);    //读取wdctrl发送的命令

        /* 判断命令正确性 */
        for (i = read_bytes; i < (read_bytes + len); i++) {
            if (request[i] == '\r' || request[i] == '\n') {
                request[i] = '\0';
                done = 1;
            }
        }

        /* Increment position */
        read_bytes += len;
    }

        //判断命令
    if (strncmp(request, "status", 6) == 0) {
        wdctl_status(fd);
    } else if (strncmp(request, "stop", 4) == 0) {
        wdctl_stop(fd);
    } else if (strncmp(request, "reset", 5) == 0) {
        wdctl_reset(fd, (request + 6));
    } else if (strncmp(request, "restart", 7) == 0) {
        wdctl_restart(fd);    //执行wdctl_restart(int afd)函数
    }

    if (!done) {
        debug(LOG_ERR, "Invalid wdctl request.");
                //关闭套接字
        shutdown(fd, 2);
        close(fd);
        pthread_exit(NULL);
    }

    debug(LOG_DEBUG, "Request received: [%s]", request);

        //关闭套接字
    shutdown(fd, 2);
    close(fd);
    debug(LOG_DEBUG, "Exiting thread_wdctl_handler....");

    return NULL;
}


//wdctl_restart(int afd)函数详解
static void
wdctl_restart(int afd)
{
    int    sock,
        fd;
    char    *sock_name;
    struct     sockaddr_un    sa_un;
    s_config * conf = NULL;
    t_client * client = NULL;
    char * tempstring = NULL;
    pid_t pid;
    ssize_t written;
    socklen_t len;

    conf = config_get_config();

    debug(LOG_NOTICE, "Will restart myself");

    /*
     * 准备内部连接socket
     */
    memset(&sa_un, 0, sizeof(sa_un));
    sock_name = conf->internal_sock;    //conf->internal_sock值为"/tmp/wifidog.sock"
    debug(LOG_DEBUG, "Socket name: %s", sock_name);

    if (strlen(sock_name) > (sizeof(sa_un.sun_path) - 1)) {

        debug(LOG_ERR, "INTERNAL socket name too long");
        return;
    }

    debug(LOG_DEBUG, "Creating socket");
    sock = socket(PF_UNIX, SOCK_STREAM, 0);    //建立内部socket套接字

    debug(LOG_DEBUG, "Got internal socket %d", sock);

    /* 如果sock_name文件存在,则删除*/
    unlink(sock_name);

    debug(LOG_DEBUG, "Filling sockaddr_un");
    strcpy(sa_un.sun_path, sock_name); 
    sa_un.sun_family = AF_UNIX;

    debug(LOG_DEBUG, "Binding socket (%s) (%d)", sa_un.sun_path, strlen(sock_name));


    if (bind(sock, (struct sockaddr *)&sa_un, strlen(sock_name) + sizeof(sa_un.sun_family))) {
        debug(LOG_ERR, "Could not bind internal socket: %s", strerror(errno));
        return;
    }

    if (listen(sock, 5)) {
        debug(LOG_ERR, "Could not listen on internal socket: %s", strerror(errno));
        return;
    }

    /*
     * socket建立完成,创建子进程
     */
    debug(LOG_DEBUG, "Forking in preparation for exec()...");
    pid = safe_fork();
    if (pid > 0) {
        /* 父进程 */

        /* 等待子进程连接此socket :*/
        debug(LOG_DEBUG, "Waiting for child to connect on internal socket");
        len = sizeof(sa_un);
        if ((fd = accept(sock, (struct sockaddr *)&sa_un, &len)) == -1){    //接受连接
            debug(LOG_ERR, "Accept failed on internal socket: %s", strerror(errno));
            close(sock);
            return;
        }

        close(sock);

        debug(LOG_DEBUG, "Received connection from child.  Sending them all existing clients");

        /*子进程已经完成连接,发送客户端列表 */
        LOCK_CLIENT_LIST();
        client = client_get_first_client();    //获取第一个客户端
        while (client) {
            /* Send this client */
            safe_asprintf(&tempstring, "CLIENT|ip=%s|mac=%s|token=%s|fw_connection_state=%u|fd=%d|counters_incoming=%llu|counters_outgoing=%llu|counters_last_updated=%lu\n", client->ip, client->mac, client->token, client->fw_connection_state, client->fd, client->counters.incoming, client->counters.outgoing, client->counters.last_updated);
            debug(LOG_DEBUG, "Sending to child client data: %s", tempstring);
            len = 0;
            while (len != strlen(tempstring)) {
                written = write(fd, (tempstring + len), strlen(tempstring) - len);    //发送给子进程
                if (written == -1) {
                    debug(LOG_ERR, "Failed to write client data to child: %s", strerror(errno));
                    free(tempstring);
                    break;
                }
                else {
                    len += written;
                }
            }
            free(tempstring);
            client = client->next;
        }
        UNLOCK_CLIENT_LIST();

        close(fd);

        debug(LOG_INFO, "Sent all existing clients to child.  Committing suicide!");

        shutdown(afd, 2);
        close(afd);


        wdctl_stop(afd);
    }
    else {
        /* 子进程,先关闭资源 */
        close(wdctl_socket_server);
        close(icmp_fd);
        close(sock);
        shutdown(afd, 2);
        close(afd);
        debug(LOG_NOTICE, "Re-executing myself (%s)", restartargv[0]);

        setsid();
        execvp(restartargv[0], restartargv);    //执行外部命令,这里重新启动wifidog

        debug(LOG_ERR, "I failed to re-execute myself: %s", strerror(errno));
        debug(LOG_ERR, "Exiting without cleanup");
        exit(1);
    }
}

小结
  客户端列表只有在restart命令中才会执行,实际上流程就是

父wifidog准备socket
父wifidog启动子wifidog
子wifidog连接父wifidog
客户端列表传递
子wifidog终止父wifidog

本文章由 http://www.wifidog.pro/2015/02/02/wifidog%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90-5.html 整理编辑,转载请注明出处

wifidog源码分析 - wifidog原理

wifidog是一个用于配合认证服务器实现无线网页认证功能的程序,常见的情景就是使用于公共场合的无线wifi接入点,首先移动设备会连接公共wifi接入点,之后会弹出网页要求输入用户名密码,认证过后才能够连入外网。其主页是http://dev.wifidog.org/
实现原理
  其实wifidog原理很简单,主要是通过管控iptables,配合认证服务器进行客户端的放行操作。wifidog在启动后都会自动启动三个线程,分别为客户端检测线程、wdctrl交互线程、认证服务器心跳检测线程。每当新用户连接无线AP并浏览网页时,wifidog会获取新用户的此次操作,并返回一个重定向到认证服务器的http于用户,此后用户通过认证服务器认证后,再继续浏览网页时,wifidog会询问认证服务器此用户权限,若放行则修改iptables放行此用户IP。

1)主要流程如下
添加关键路径对应的回调函数
删除所有iptables路由表
建立新的iptables路由表
开启客户端检测线程(用于判断客户端是否在线,是否登出)
开启wdctrl交互线程
开启认证服务器心跳检测线程
循环等待客户端连接(使用socket绑定2060端口并监听,实际上在建立新的iptables路由表规则时会将网关的80端口重定向到2060端口)

2)回调函数
  回调函数主要用于根据用户http报文执行不同的操作,其原理就是分析http报文请求中有没有关键路径,若有,则执行关键路径对应的回调函数,若没有,则返回一个重定向到认证服务器的包给用户。一次典型的流程为

用户连接无线AP,访问某网站(比如http://www.baidu.com
wifidog获取到此http报文,检查是否包含关键路径,没有则返回重定向包给用户,将其重定向到认证服务器
用户认证成功,认证服务器将用户重定向到无线AP网关,并包含关键路径"/wifidog/auth"和token
wifidog接收到用户重定向后访问的报文,检测到关键路径"/wifidog/auth",然后访问认证服务器进行token认证
认证成功,wifidog修改iptables放行此用户(根据mac和ip进行放行)

3)wifidog的iptables规则
  这一部分我没有仔细认真看源码,但可以推论出wifidog是怎么修改iptables的规则的,了解iptables基本原理的同学都清楚iptables实际上有两条路进行数据包处理,一条路会通过应用程序,一条路不同过应用程序,直接到POSTOUTPUT,而我认为wifidog建立的规则是

只要是访问认证服务器的http请求都直接不通过wifidog发送出去
只要是通过认证的客户端wifidog都会修改iptables让其数据直接从FORWARD到POSTOUTPUT,而不经过wifidog
其他行为都必须进过wifidog处理

4)客户端检测线程
  此线程每隔60s会遍历一次客户端列表,对每一个客户端列表统计流量,如果客户端在60s间隔内没有新产生的流量则不更新客户端的最新更新时间,当当前时间减去最新更新时间大于断线要求时间时,则会将此客户端从客户端列表删除,并修改iptables规则禁止其访问外部网络,然后发送此客户端登出包于认证服务器,认证服务器根据此登出包将此客户端做登出处理。如若没有超出断线要求时间,此线程还会发送客户端状态获取包于认证服务器,认证服务器返回此客户端在认证服务器上的信息,如若信息表示此客户端已在认证服务器上登出,wifidog则会执行此客户端下线操作。

5)wdctrl交互线程
  其原理是使用unix socket进行进程间通信,具体实现在之后文章中体现

6)认证服务器心跳检测线程
  原理也很简单,就是每隔60s将路由的一些系统信息发送给认证服务器,认证服务器接收到会返回一个回执

7)循环等待客户端连接
  这里主要会接收到两种类型的客户端连接

未认证的客户端打开网页操作,wifidog会接收到此http请求,并返回一个重定向到认证服务器的包于客户端
经过认证服务器认证成功后,认证服务器自动将客户端重定向到无线AP的操作,wifidog接收到此类http请求后会检测关键路径"/tmp/wifidog",并把http请求中携带的token与认证服务器进行认证,认证成功后则修改iptables放行客户端。

具体代码实现见之后章节

本文章由 http://www.wifidog.pro/2015/02/02/wifidog%E5%8E%9F%E7%90%86.html 整理编辑,转载请注明出处

广告路由器开发(二)实践-wifidog版

上篇文章中分析了wifidog下authpuppy之间的数据流这篇文章中我就介绍一下如何书写一个简单的广告路由器
经过以上分析不难看出 实现一个广告路由器还是非常简单的
由于我本人对symfony框架不感冒 故以下示例代码使用了phalcon框架进行书写(只是演示用而已)

<?php  

namespace controllers;  

class InterfaceController extends \Phalcon\Mvc\Controller  
{  

    public function initialize( )  
    {  

    }  

    public function indexAction( )  
    {  
    }  

    public function loginAction( )  
    {  
        if( $this->request->isGet() && null == $this->request->getQuery( 'advs' ) )  
        {  
            $strDebug = var_export( $_SERVER, true );  

            $this->view->setVar( 'iRefreshTime', 10 ); //广告时间10秒  
            $this->view->setVar( 'url', $this->request->getServer( 'REQUEST_URI' ) . '&advs=advs' );  

            $this->view->pick( 'interface/advs' );//这里展示广告  
        }  
        else  
        {  
            $this->view->disable();  

            $strToken = sha1( rand() . time() );  
            $this->persistent->set( 'redirectUrl', $this->request->getQuery( 'url' ));  
            $this->response->redirect( 'http://' . $this->request->get( 'gw_address' ) . ':' . $this->request->get( 'gw_port' ) . '/wifidog/auth?token=' . $strToken, true );  
        }  

    }  

    public function logoutAction( )  
    {  
        echo 'Auth:0';  
    }  

    public function portalAction( )  
    {//广告过后在此函数内进行跳转  
        $this->view->disable();  
        if( null != $strUrl = $this->persistent->get( 'redirectUrl' ) )  
        {  
            $this->response->redirect( $strUrl, true );  
        }  
        else   
        {  
            $this->response->redirect( 'http://blog.csdn.net/qzfzz', true );  
        }  
    }  

    public function pingAction( )  
    {  
        echo 'Pong';  
    }  

    public function msgAction( )  
    {  
    }  

    public function authAction( )  
    {  
        echo 'Auth: 1';  
    }  

}  

以下为视图

<!--advs.phtml-->  
<!doctype html  
<html>  
<head>  
<meta http-equiv="refresh" content="<?php echo $iRefreshTime;?>;url=<?php echo $url;?>"/>  
<title>Login</title>  
</head>  
<body>  
<p>这里可以展示广告等信息</p>  
</body>  
</html> 

经过以上的开发一个简单的广告路由器即完成了

本文章由 http://www.wifidog.pro/2015/01/30/wifidog%E5%BC%80%E5%8F%91.html 整理编辑,转载请注明出处

广告路由器开发(一)数据流-wifidog版

最近无事时对广告路由器进行了一个分析
常用的广告路由器一般是通过普通路由器刷openwrt或是ddwrt等固件后安装wifidog组件做的,我们这里分析的即是wifidog加authpuppy
以下数据为截取自authpuppy和wifidog的交互

1.用户请求页面http://www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm  
--------------------------------------------------------------------------------------  
request:  
/login/?gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm  

response:  
<form action="http://192.168.1.251:81/login/?gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm" method="POST">  
    <input type="hidden" name="gw_id" value="default" />  
  <input type="hidden" name="gw_address" value="192.168.4.1" />  
  <input type="hidden" name="gw_port" value="2060" />  
        <input type="hidden" id="authenticators" name="authenticator" value="apAuthLocalUser"/>  
      <div id="authPlugin_apAuthLocalUser" style="display: none">  
            <h1>Local network user authentication</h1>  

                    <input type="submit" name="submit[apAuthLocalUserconnect]" id="submit[apAuthLocalUserconnect]" value="Connect" onClick="deleteLinkElement()" />  
                    <input type="password" name="apAuthLocalUser[password]" value="Pb4AoWdlOhqu4B2T535zDg==" id="apAuthLocalUser_password" />  
                    <label for="apAuthLocalUser_remember_me">Remember me</label>  
                    <input type="checkbox" name="apAuthLocalUser[remember_me]" value="1" checked="checked" id="apAuthLocalUser_remember_me" />  
</form>  

array (  
  'REDIRECT_STATUS' => '200',  
  'HTTP_HOST' => '192.168.1.251:81',  
  'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',  
  'HTTP_COOKIE' => 'authpuppy=usb6bslekske7ek5rlorknvf43; localUserCookie=226f362768d281ff14cf428fa3c3b8c87a6c4834',  
  'HTTP_USER_AGENT' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.1.17 (KHTML, like Gecko) Version/7.1 Safari/537.85.10',  
  'HTTP_REFERER' => 'http://news.baidu.com/',  
  'SCRIPT_FILENAME' => 'F:/phpStudyAll/WWW/authpuppy/web/index.php',  
  'REMOTE_PORT' => '53961',  
  'REDIRECT_QUERY_STRING' => 'gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm',  
  'REDIRECT_URL' => '/login/',  
  'GATEWAY_INTERFACE' => 'CGI/1.1',  
  'SERVER_PROTOCOL' => 'HTTP/1.1',  
  'REQUEST_METHOD' => 'GET',  
  'QUERY_STRING' => 'gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm',  
  'REQUEST_URI' => '/login/?gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm',  
)  
++++++++++++++++++++++++++++++++++++++++++++++++  


2.登录成功以后而返回如下  
--------------------------------------------------------------------------------------  
request:  
/login/?gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm  

response:  
<html><head><meta http-equiv="refresh" content="0;url=http://192.168.4.1:2060/wifidog/auth?token=60bb7efe229270c4d6d36ed60bb5e98886900126"/></head></html>  

array (  
  'REDIRECT_STATUS' => '200',  
  'HTTP_HOST' => '192.168.1.251:81',  
  'CONTENT_TYPE' => 'application/x-www-form-urlencoded',  
  'HTTP_ORIGIN' => 'http://192.168.1.251:81',  
  'HTTP_COOKIE' => 'authpuppy=usb6bslekske7ek5rlorknvf43; localUserCookie=226f362768d281ff14cf428fa3c3b8c87a6c4834',  
  'HTTP_USER_AGENT' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.1.17 (KHTML, like Gecko) Version/7.1 Safari/537.85.10',  
  'HTTP_REFERER' => 'http://192.168.1.251:81/login/?gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm',  
  'HTTP_ACCEPT_LANGUAGE' => 'en-us',  
  'HTTP_ACCEPT_ENCODING' => 'gzip, deflate',  
  'REMOTE_ADDR' => '192.168.1.106',  
  'REMOTE_PORT' => '53950',  
  'REDIRECT_QUERY_STRING' => 'gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm',  
  'REDIRECT_URL' => '/login/',  
  'GATEWAY_INTERFACE' => 'CGI/1.1',  
  'SERVER_PROTOCOL' => 'HTTP/1.1',  
  'REQUEST_METHOD' => 'POST',  
  'QUERY_STRING' => 'gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm',  
  'REQUEST_URI' => '/login/?gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm',  
  'REQUEST_TIME' => 1411547194,  
)  
++++++++++++++++++++++++++++++++++++++++++++++++  

3. 在2中进行跳转后则WiFiDog服务器向授权服务器端发送GET授权请求 若成功则而返回Auth: 1  
--------------------------------------------------------------------------------------  
request:  
/auth/?stage=login&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=0&outgoing=0&gw_id=default  

response://千万要注意这里Auth:与1之间有一个空格否则不能通过验证  
Auth: 1  

array (  
  'REDIRECT_STATUS' => '200',  
  'HTTP_USER_AGENT' => 'WiFiDog 20130917',  
  'HTTP_HOST' => '192.168.1.251',  
  'SERVER_PORT' => '81',  
  'REMOTE_ADDR' => '192.168.1.106',  
  'REMOTE_PORT' => '33264',  
  'REDIRECT_QUERY_STRING' => 'stage=login&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=0&outgoing=0&gw_id=default',  
  'REDIRECT_URL' => '/auth/',  
  'GATEWAY_INTERFACE' => 'CGI/1.1',  
  'SERVER_PROTOCOL' => 'HTTP/1.0',  
  'REQUEST_METHOD' => 'GET',  
  'QUERY_STRING' => 'stage=login&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=0&outgoing=0&gw_id=default',  
  'REQUEST_URI' => '/auth/?stage=login&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=0&outgoing=0&gw_id=default',  
  'REQUEST_TIME' => 1411547194,  
)  
++++++++++++++++++++++++++++++++++++++++++++++++  

4.WiFiDog在接收到Auth:1之后向服务器端发送/portal/?gw_id=default的GET请求 授权服务器返回立即跳转的页面如下:  
--------------------------------------------------------------------------------------  
request:  
/portal/?gw_id=default  

reponse:  
<html><head><meta http-equiv="refresh" content="0;url=http://www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm"/></head></html>  

array (  
  'REDIRECT_STATUS' => '200',  
  'HTTP_HOST' => '192.168.1.251:81',  
  'HTTP_ORIGIN' => 'http://192.168.1.251:81',  
  'HTTP_COOKIE' => 'authpuppy=usb6bslekske7ek5rlorknvf43; localUserCookie=226f362768d281ff14cf428fa3c3b8c87a6c4834',  
  'HTTP_CONNECTION' => 'keep-alive',  
  'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',  
  'HTTP_USER_AGENT' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.1.17 (KHTML, like Gecko) Version/7.1 Safari/537.85.10',  
  'HTTP_ACCEPT_LANGUAGE' => 'en-us',  
  'HTTP_REFERER' => 'http://192.168.1.251:81/login/?gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm',  
  'HTTP_ACCEPT_ENCODING' => 'gzip, deflate',  
  'REDIRECT_QUERY_STRING' => 'gw_id=default',  
  'REDIRECT_URL' => '/portal/',  
  'GATEWAY_INTERFACE' => 'CGI/1.1',  
  'SERVER_PROTOCOL' => 'HTTP/1.1',  
  'REQUEST_METHOD' => 'GET',  
  'QUERY_STRING' => 'gw_id=default',  
  'REQUEST_URI' => '/portal/?gw_id=default',  
  'SCRIPT_NAME' => '/index.php',  
  'PHP_SELF' => '/index.php',  
  'REQUEST_TIME' => 1411547194,  
)  
++++++++++++++++++++++++++++++++++++++++++++++++  

5.WiFiDog服务器向授权服务器发送ping操作请求 服务器端通过后发送Pong响应串(纯文本)  
--------------------------------------------------------------------------------------  
request:  
/ping/?gw_id=default&sys_uptime=28824&sys_memfree=99284&sys_load=0.08&wifidog_uptime=61  

response:  
Pong  


array (  
  'REDIRECT_STATUS' => '200',  
  'HTTP_USER_AGENT' => 'WiFiDog 20130917',  
  'HTTP_HOST' => '192.168.1.251',  
  'SERVER_SIGNATURE' => '',  
  'SERVER_SOFTWARE' => 'Apache/2.4.9 (Win32) OpenSSL/0.9.8y PHP/5.3.28',  
  'SERVER_NAME' => '192.168.1.251',  
  'SERVER_ADDR' => '192.168.1.251',  
  'SERVER_PORT' => '81',  
  'REMOTE_ADDR' => '192.168.1.106',  
  'DOCUMENT_ROOT' => 'F:/phpStudyAll/WWW/authpuppy/web',  
  'REQUEST_SCHEME' => 'http',  
  'CONTEXT_PREFIX' => '',  
  'CONTEXT_DOCUMENT_ROOT' => 'F:/phpStudyAll/WWW/authpuppy/web',  
  'SERVER_ADMIN' => 'admin@phpStudy.net',  
  'SCRIPT_FILENAME' => 'F:/phpStudyAll/WWW/authpuppy/web/index.php',  
  'REMOTE_PORT' => '33265',  
  'REDIRECT_QUERY_STRING' => 'gw_id=default&sys_uptime=28824&sys_memfree=99284&sys_load=0.08&wifidog_uptime=61',  
  'REDIRECT_URL' => '/ping/',  
  'GATEWAY_INTERFACE' => 'CGI/1.1',  
  'SERVER_PROTOCOL' => 'HTTP/1.0',  
  'REQUEST_METHOD' => 'GET',  
  'QUERY_STRING' => 'gw_id=default&sys_uptime=28824&sys_memfree=99284&sys_load=0.08&wifidog_uptime=61',  
  'REQUEST_URI' => '/ping/?gw_id=default&sys_uptime=28824&sys_memfree=99284&sys_load=0.08&wifidog_uptime=61',  
  'SCRIPT_NAME' => '/index.php',  
  'PHP_SELF' => '/index.php',  
  'REQUEST_TIME' => 1411547224,  
)  
++++++++++++++++++++++++++++++++++++++++++++++++  

6.WiFiDog向服务器发送计费通知  
--------------------------------------------------------------------------------------  

request:  
/auth/?stage=counters&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=4660796&outgoing=192338&gw_id=default  

response:  
Auth: 1//中间一定要有一个空格  

array (  
  'REDIRECT_STATUS' => '200',  
  'HTTP_USER_AGENT' => 'WiFiDog 20130917',  
  'HTTP_HOST' => '192.168.1.251',  
  'SERVER_NAME' => '192.168.1.251',  
  'SERVER_ADDR' => '192.168.1.251',  
  'SERVER_PORT' => '81',  
  'REMOTE_ADDR' => '192.168.1.106',  
  'REMOTE_PORT' => '33266',  
  'REDIRECT_QUERY_STRING' => 'stage=counters&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=4660796&outgoing=192338&gw_id=default',  
  'REDIRECT_URL' => '/auth/',  
  'GATEWAY_INTERFACE' => 'CGI/1.1',  
  'SERVER_PROTOCOL' => 'HTTP/1.0',  
  'REQUEST_METHOD' => 'GET',  
  'QUERY_STRING' => 'stage=counters&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=4660796&outgoing=192338&gw_id=default',  
  'REQUEST_URI' => '/auth/?stage=counters&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=4660796&outgoing=192338&gw_id=default'  
)  
++++++++++++++++++++++++++++++++++++++++++++++++  

7.退出登录  
--------------------------------------------------------------------------------------  

request:  
/auth/?stage=logout&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=0&outgoing=0&gw_id=default  

response:  
Auth: 0  

array (  
  'REDIRECT_STATUS' => '200',  
  'HTTP_USER_AGENT' => 'WiFiDog 20130917',  
  'HTTP_HOST' => '192.168.1.251',  
  'SERVER_NAME' => '192.168.1.251',  
  'SERVER_ADDR' => '192.168.1.251',  
  'SERVER_PORT' => '81',  
  'REMOTE_ADDR' => '192.168.1.106',  
  'REQUEST_SCHEME' => 'http',  
  'CONTEXT_PREFIX' => '','stage=logout&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=0&outgoing=0&gw_id=default',  
  'REDIRECT_URL' => '/auth/',  
  'GATEWAY_INTERFACE' => 'CGI/1.1',  
  'SERVER_PROTOCOL' => 'HTTP/1.0',  
  'REQUEST_METHOD' => 'GET',  
  'QUERY_STRING' => 'stage=logout&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=0&outgoing=0&gw_id=default',  
  'REQUEST_URI' => '/auth/?stage=logout&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=0&outgoing=0&gw_id=default',  
  'SCRIPT_NAME' => '/index.php',  
  'PHP_SELF' => '/index.php',  
  'REQUEST_TIME' => 1411549984,  
)  
++++++++++++++++++++++++++++++++++++++++++++++++  

本文章由 http://www.wifidog.pro/2015/01/30/wifidog%E6%95%B0%E6%8D%AE%E6%B5%81.html 整理编辑,转载请注明出处