MAC Groups

[nworbnhoj]

I have made a bit of a start on a new Gargoyle feature.

The idea is to be able to associate MAC addresses with custom Groups (MAC Groups). A MAC Group could be used to represent all of the devices owned by a single user (for example). Then (for example) a Gargoyle Quota could be applied to a MAC Group.

http://www.gargoyle-router.com/wiki/dok ... -teenagers
Currently, the user has to work with a IP range for the devices of each user throughout the Gargoyle GUI. MAC Groups will relieve the Gargoyle administrator of needing to assign a static IP address to each device requiring management.

Status: A new fully functional "MAC Groups" section has been built into Gargoyle - Connection - DHCP. The "MAC \t Groupname \t Hostname" data is stored in /etc/macs.

http://imgur.com/CwnjT9e

[ispyisail]

+100

I have wanted this feature forever

I once had a semi professional firewall that you could create a "group" then add MAC address to this group.

You would then use this "group" in other rules

fantastic

[nworbnhoj]

Moving right along .... so now we have:
http://imgur.com/ZuiDSGZ and http://imgur.com/LQhCyKQ

The next steps (ie getting the quota to actually work) is going to be a little more tricky

[tapper]

wo! nice feature

I have never thought of this but it wood be a grate time saver wen setting up rules.

[darkfibre]

That would be a stunning feature.

[ispyisail]

Christmas Island

Which one? (just for interest)

[darkfibre]

Christmas Island

Which one? (just for interest)

The one that used to known for the red crabs, but is now only known for the detention center.

[ispyisail]

Christmas Island

Which one? (just for interest)

The one that used to known for the red crabs, but is now only known for the detention center.

It is in New Zealand now, big time.

Its been front page news for weeks now

[darkfibre]

[/quote]

The one that used to known for the red crabs, but is now only known for the detention center.[/quote]

It is in New Zealand now, big time.

Its been front page news for weeks now[/quote]

Very small community here, the Detention center is on the other end of the Island. Only been here for 2 months and you don't even notice there is a detention center.

When that guy escaped, the locals found out a full day later, via the Perth news.
On the flip side, local contractors now have some work.

[nworbnhoj]

So I have been doing a little work on this project and learning a few little things along the way (minor stuff like Git, Gargoyle structure, UCI, and C which I have not touched for a couple of decades). Anyways, the idea and implementation has evolved a little and I have a few questions....

The idea of MAC Groups is a relatively easy step from working with static IP addresses in current Gargoyle. However, it probably makes more sense to make another small (user friendly) step and talk about DeviceGroups. We often think about policy (quotas, QoS, Restrictions) on a person by person basis, and each person has a number of devices, and each Device may have a number of MAC addresses. Hence it seems more user friendly to think about a Group of known Devices belonging to a person(s) with the Devices identifiable by their MAC address. Does this make sense?

Gargoyle utilizes the standard *nix /etc/hosts and /etc/ethers in various places and I began by creating a new file /etc/macs to hold MacGroup info. However, it became apparent that the OpenWRT uci system is a better place to store this info, and that I also need to store a hostname for each MAC (creating some overlap with info in /etc/hosts). So, thinking instead about Device Groups (above) I end up with the uci file /etc/config/known

Code: Select all

config device 'PC'
	option group GroupA
	list mac 'XX:XX:XX:XX:XX:01'
	list mac 'XX:XX:XX:XX:XX:02'

config device 'Phone'
	option group GroupA
	list mac 'XX:XX:XX:XX:XX:03'

config device 'another_PC'
	option group GroupB
	list mac 'XX:XX:XX:XX:XX:04'
	list mac 'XX:XX:XX:XX:XX:05'

Such that the uci command ...
# uci show known

Code: Select all

known.PC=device
known.PC.group="GroupA"
known.PC.mac='XX:XX:XX:XX:XX:01' 'XX:XX:XX:XX:XX:02'
known.Phone=device
known.Phone.group="GroupA"
known.Phone.mac='XX:XX:XX:XX:XX:03'
known.another_PC=device
known.another_PC.group="GroupB"
known.another_PC.mac='XX:XX:XX:XX:XX:04' 'XX:XX:XX:XX:XX:05'

This seems to me like a useful Gargoyle uci structure to store information about known devices on a given network. Thoughts?

The Gargoyle plugin system makes for a flexible way to extend functionality as the user requires and memory allows. (Having never developed a plugin) It seems relatively straight forward to develop stand-alone functionality. Providing a page to define and maintain known DeviceGroups can be entirely stand-alone. However, the integration/use of Groups into existing Gargoyle functionality such as Quotas QoS & Restrictions involves more invasive changes to a significant number of .sh .c .js files. These changes are not overly difficult (at first glance) but I do not yet understand how/if the plugin system handles changes to core code (rather than simply adding code files). Can someone enlighten me?

Thanks