3.x series
All releases in the 3.x series are named after types of toothpaste.
3.1.0 “Tartar Control” (?? July 2012)
This release is still in development.
3.0.2 “Cavity Protection” (20 July 2012)
This release is still in development. This release includes security fixes, and is recommended for all users.
- Commenced cleanup of PEP8 warnings, wrote style guide documentation.
- docs: Documented permissions.
- frontend: Added extra reason why “cannot find MAC” page would display on the page.
- frontend: Added labels to IPv4 port forwards. (Issue #15)
- frontend: Added support for DHCP servers (dnsmasq and ISC) to notify when hosts come online / go offline. (Issue #32)
- frontend: Default protocol of IPv4 port forwards is now TCP. (Issue #17)
- frontend: Fix a bug where non-superusers could not sign in other users that are new, when they had the permission they would require.
- frontend: New permissions: can_revoke_access, can_reset_own_quota, can_toggle_internet.
- frontend: New user profile flags to control the number of times a user may reset another user’s quota, and the maximum amount of quota they may grant a user at sign-in.
- frontend: Permission names are now much shorter.
- frontend: Security: Fix a CSRF issue where a malicious user could trick an administrative user into toggling or revoking internet access for other users, toggling internet access for all users, and where it could trick a regular user into toggling their own internet access or (dis)owning hosts.
- frontend: Usage graph now shows usage in the local time of the user, rather than UTC.
- scripts: Added new OUI vendors, improved detection of Cisco. OUI scraper now grabs all vendors, even if it doesn’t recognise them. Fixed some encoding issues when handling non-ASCII vendor names.
3.0.1 “Cavity Protection” (13th May 2012)
This is the first point release, intended for some bug fixing.
- Improve daemon behaviours so they write PID files, fix Debian init scripts so that you can stop the daemons properly. (Issue #29)
- Switched backend and captivity to use daemon instead of python-daemon module.
- backend: Fix DBus service not working when run as a daemon.
- backend: Fix integer overflow in get_all_users_quota_remaining for users who had used more than 4GB quota.
- backend: Fix regression when TPROXY-based captivity was introduced that broke port forwarding functionality.
- backend: Fix backend continuing to count rejected connection attempts after quota has been exceeded. Quota will continue to be counted if it has been allowed through the standard mechanisms (so CARP setups may continue to show negative amounts). (Issue #20)
- frontend: Added scraper detection for Foxconn, HTC, Murata, RIM and Samsung.
- frontend: Added workaround for MySQL stopping accounting for quota at 4GB (mysql_bigint_patch), migrated all byte counters to use bigger integers (limit is now about 8.16 EiB).
- frontend: Fix missing CSRF toden on captive landing page, which would prevent you logging in using that view. (Issue #28)
- frontend: Fix port forward user online colour always being red (no).
- frontend: Fix template syntax error on internet-login-success page.
- frontend: Fix template error on “my devices and quota” page when being offered a free reset (Issue #21)
- frontend: Fix usage graph so that it shows the correct speed used (in KiB/s rather than KiB/ms). (Issue #30)
- frontend: Improve display of quota when internet access has been revoked so it makes a bit more sense. (Issue #27)
- frontend: Internet usage report now shows when quota is unmetered for a user. (Issue #22)
- frontend: Port forward creator field is now filled in automatically, and no longer allows user changes of it. (Issue #16)
- frontend: Prevented creation of new events with overlapping times, start times after the end date, or non-unique event names. (Issue #23)
3.0.0 “Cavity Protection” (5th May 2012)
This represents the first public stable release of tollgate (formerly portal2). Changes from 2.8.3 (September 2010):
- Added basic IPv4 port/protocol forwarding ability.
- Application migrated to setuptools-based deployment, and can be hosted inside of another Django project in typical deployment. (Issue #7)
- Implemented proper rollover handling, so when there is no current event or the event changes, access is revoked appropriately. (Issue #13)
- Improved documentation.
- License changed to Affero GPL v3.
- Major repository shuffle and cleanups.
- api: NetworkHost objects now report a bit more information about the vendor (not just the type of console), match many non-console items. Consoles are now identified by a new is_console field.
- backend: Tollgate backend daemonised, renamed files. Created init scripts.
- backend: Configuration file absence now handled better. (Issue #10)
- backend: Default configuration location is now /etc/tollgate/backend.ini.
- backend: New TPROXY-based captivity handler backported from experimental IPv6 branch.
- builder: Added new tollgatebuilder script for experimental deployment documentation. ;)
- frontend: Absence of python-dbus is handled more gracefully, allowing testing and development of the frontend on non-DBUS systems (Windows).
- frontend: Added system for automatically downloading and parsing MAC OUIs for system identification.
- frontend: All StreetGeek and SAGA-specific authentication code has been removed, as well as all external authentication code.
- frontend: All sign-ins and events are now handled locally, and locally administerable with sign-in wizard.
- frontend: Platform-specific code has been abstracted out, and moved into seperate modules, with a dummy fallback module for non-supported platforms (non-Linux).
- frontend: Remove several redundant (non-minimised) and unused Javascripts.
- frontend: Use django.contrib.staticfiles. (Issue #8)
- frontend: When iplib is not available, also attempt to use IPy. (David B)
- frontend: Security: Fixed issue where arbitrary protocols would be included on the captive landing page, leading to XSS issue. (Reported by David B)
Ancient Changes
First versions 2.0 - 2.2 were from October - December 2008. These were often pulled shortly after the start of the LAN due to bugs. It was later found that many of these problems were related to faulty networking equipment. The equipment has since been replaced.
The system was implemented due to issues with the previous WiFiDog-based setup (GLaDOS).
- Quota limits are now done kernel level so it is much more accurate and cut-offs are instant (previously a 10 minute window).
- Can now log in to more than two consoles at once.
- Logout timeouts removed.