Captive portal detection fix + Phase 2 tests 16-18,20 passing (17/17)

- Add DoT reject server on port 853 (TCP RST forces DNS-over-TLS fallback) - DNS hijack returns NXDOMAIN for all non-A query types (no forwarding for unauthed) - Shorter TTL on hijack responses (10s) for faster captive detection - Explicit 302 redirect handlers for /generate_204, /hotspot-detect.html, etc. - HTTP and DNS request logging for debugging captive detection - Per-MAC tracking in firewall (find_by_mac, get_mac_for_ip with ARP fallback) - Session MAC tracking (session_find_by_mac) - Phase 2 test 18: add route through TollGate before ping test - All 17 Phase 2 tests pass (15-21 + whoami + portal form)
author: Your Name <you@example.com> 2026-05-16 04:46:32 +0530
committer: Your Name <you@example.com> 2026-05-16 04:46:32 +0530
commit: 50b5975ac8793d6d820c35b5999f8a909f64e71b (patch)
tree: 2592f9e7a671af2aca56e46887e50b8ad8e418b6 /main/session.c
parent: 3f46bb83cb1041889034c88adce1895dd330793f (diff)
1 files changed, 23 insertions, 2 deletions
diff --git a/main/session.c b/main/session.c
index 6d9c334..5d2efee 100644
--- a/main/session.c
+++ b/main/session.c
@@ -29,6 +29,13 @@ esp_err_t session_manager_init(void)
    return ESP_OK;
 }
+static void populate_mac(session_t *session, uint32_t client_ip)
+{
+    if (firewall_get_mac_for_ip(client_ip, session->mac, sizeof(session->mac)) != ESP_OK) {
+        session->mac[0] = '\0';
+    }
+}
 session_t *session_create(uint32_t client_ip, uint64_t allotment_ms,
                          const char *spent_secrets[], int secret_count)
 {
@@ -59,6 +66,7 @@ session_t *session_create(uint32_t client_ip, uint64_t allotment_ms,
            s_sessions[i].start_time_ms = get_time_ms();
            s_sessions[i].active = true;
            s_sessions[i].spent_secret_count = 0;
+            populate_mac(&s_sessions[i], client_ip);
            for (int j = 0; j < secret_count && j < 5; j++) {
                strncpy(s_sessions[i].spent_secrets[s_sessions[i].spent_secret_count],
@@ -77,7 +85,8 @@ session_t *session_create(uint32_t client_ip, uint64_t allotment_ms,
            firewall_grant_access(client_ip);
            esp_ip4_addr_t ip = { .addr = client_ip };
-            ESP_LOGI(TAG, "Session created: " IPSTR " allotment=%llums", IP2STR(&ip),
+            ESP_LOGI(TAG, "Session created: " IPSTR " mac=%s allotment=%llums", IP2STR(&ip),
+                     s_sessions[i].mac[0] ? s_sessions[i].mac : "unknown",
                     (unsigned long long)allotment_ms);
            return &s_sessions[i];
        }
@@ -97,6 +106,17 @@ session_t *session_find_by_ip(uint32_t client_ip)
    return NULL;
 }
+session_t *session_find_by_mac(const char *mac)
+{
+    for (int i = 0; i < SESSION_MAX_CLIENTS; i++) {
+        if (s_sessions[i].active && s_sessions[i].mac[0] != '\0' &&
+            strcmp(s_sessions[i].mac, mac) == 0) {
+            return &s_sessions[i];
+        }
+    }
+    return NULL;
+}
 void session_extend(session_t *session, uint64_t additional_ms)
 {
    if (!session || !session->active) return;
@@ -126,7 +146,8 @@ void session_check_expiry(void)
    for (int i = 0; i < SESSION_MAX_CLIENTS; i++) {
        if (s_sessions[i].active && session_is_expired(&s_sessions[i])) {
            esp_ip4_addr_t ip = { .addr = s_sessions[i].client_ip };
-            ESP_LOGI(TAG, "Session expired: " IPSTR, IP2STR(&ip));
+            ESP_LOGI(TAG, "Session expired: " IPSTR " mac=%s", IP2STR(&ip),
+                     s_sessions[i].mac[0] ? s_sessions[i].mac : "unknown");
            session_revoke(&s_sessions[i]);
        }
    }
author	Your Name <you@example.com>	2026-05-16 04:46:32 +0530
committer	Your Name <you@example.com>	2026-05-16 04:46:32 +0530
commit	50b5975ac8793d6d820c35b5999f8a909f64e71b (patch)
tree	2592f9e7a671af2aca56e46887e50b8ad8e418b6 /main/session.c
parent	3f46bb83cb1041889034c88adce1895dd330793f (diff)