MAC Groups

[ispyisail]

Hence it seems more user friendly to think about a Group of known Devices belonging to a person(s) with the Devices identifiable by their MAC address. Does this make sense?

yes

In my opinion this feature is going to be very popular indeed.

I think this feature is so important that it should be hard baked rather than being a plug in?

We will have to drop 4meg routers at some stage?

[Lantis]

Id say once you start making changes to core functionality it stops being a plugin.

[nworbnhoj]

Thanks, I have built an interface for this that allows the admin to identify Known Devices by MAC and define Device Groups,
https://github.com/nworbnhoj/gargoyle/t ... wn-devices

@Lantis when I tried to build this for testing the build failed on dosfstools 3.0.27 not found in repositories so I bumped it to 3.0.28 and continued. My router did not like the build at all I dont know yet if the problem is related to dosfstools (seems unlikley) Any thoughts?

PS Git is a seriously good tool - but it catches me out daily - I think it's called learning on the job!

[Lantis]

Yeah dosfstools should be bumped, but I'm running .28 on 3 routers and I include it in every custom build I do and no one else has complained.

[nworbnhoj]

Thanks yes. The source of my problem is today's Git lesson.

[nworbnhoj]

So I have built a version of Gargoyle Devices that is up and running OK with most of the functionality working. It looks like this.....
http://imgur.com/nlg9IeN
I would be interested in your feedback
This piece is essentially stand alone (except the need to fix an existing Gargoyle bug related to handling uci list values).

So far the space requirements are under 13k
device.sh 3.6k
device.js 7.9k
device_template 0.6k
group_template 0.6k


The next steps are to iron out a few little bugs and then have a go at implementing for Quotas. This will touch existing Gargoyle code, but fairly lightly I hope.

[ispyisail]

+1

[nworbnhoj]

I have integrated Device Groups into the Quotas page, and it look like this:
http://imgur.com/56O1GMs

The next step is to get each Device Group Quota to translate into the appropriate firewall rules. This looks a little fiddly. I suspect that I will also need to create a cron job that monitors /tmp/dhcp.leases and constructs the appropriate firewall rules for the IP address assigned to new devices that have their MAC address in a Device Group. Sounds easy right?

Also, devices.sh does not have a complete set of validations yet. And I have no idea if there is much work to be done on the real time quota charts of if the Device Groups quotas will just flow thru automagically (hope)

[nworbnhoj]

It goes well - much easier than expected (still debugging required)
- The interface is the same as prior post
- Data now stored in uci dhcp (rather than uci known) better integration
- Each Device Group is reflected as an ipset of the same name
- iptables can now refer to ipsets as well as IP, and IP ranges
- The ipsets are updated with the new IP when a dhcp lease is issued

The use of ipsets may be extended to other areas of Gargoyle to simplify code and possible improve speed in some instances. Stuff for later...

[nworbnhoj]

OK Device Groups are ready for some testing

I have created a pull request
https://github.com/ericpaulbishop/gargoyle/pull/403

If you would like to build in the meantime use this branch
https://github.com/nworbnhoj/gargoyle/t ... wn-devices

The development weighs in at about 17k However, the use of ipsets could be used to simplify some existing Gargoyle code and claw some of this back. Also each Group uses an additional 550bytes min.

The bulk of this development could be delivered as a plugin so long as the relatively minor "hooks" are incorporated into the base code (ie about 200 lines of code)