ICMPv6 Captive Portal URI Option

Ever wondered how your wifi-capable device knows whether or not you are behind a captive portal? Well, depending on the implementation it is a ugly business, that involves DNS requests and fetching text files from well-known locations. This is an ugly solution to an even uglier problem.

But there is hope! The (currently experimental) captive portal URI option as proposed in draft-wkumari-dhc-capport-12 might make things go smoother, as the information about an active captive portal is advertised in the IPv6 Router Advertisement.

If you like to start fiddling around with that option, wait no longer! I put together a ratools module called cpuri which stands for captive portal uniform resource identifier. Until IANA assigns an official option number, it will use the experimental option number 253.

The following demo uses the next branch of ratools. Make sure you install the latest version before starting your own experiments!

First we create a new RA on interface enp0s3

# ractl ra@enp0s3 create

Then we add a cpuri option. Until we have a final RFC, I will allow having multiple cpuri options in a single RA, although it makes only little sense.

# ractl cpuri0@enp0s3 create

Finally we set the captive portal URI.

# ractl cpuri0@enp0s3 set uri http://www.danrl.de/captive.html

Let’s have a look at our masterpiece:

# ractl show
Router Advertisement `ra@enp0s3':
  State:                  Disabled
  Created:                2015-03-24 21:54:54
  Updated:                2015-03-24 21:55:03
  Version:                0/9             (Compilation scheduled)
  Interface ID:           2               (enp0s3)
  Interface State:        1               (Up)
  Interface MTU:          1500
  Hardware Address:       08:00:27:64:14:c0
  Link-local Address:     ::
  Maximum Interval:       600             (0d 0h 10m 0s)
  Minimum Interval:       198             (0d 0h 3m 18s)
  Solicited/Unsolicited:  0/0
  Unicast/Multicast:      0/0
  Total RAs:              0               (0 Bytes)
  Current Hop Limit:      64
  Managed Flag:           0               (No Managed Address Configuration)
  Other Managed Flag:     0               (No Other Managed Configuration)
  Home Agent Flag:        0               (No Mobile IPv6 Home Agent)
  Router Preference:      00              (Medium)
  NDP Proxy Flag:         0               (No NDP Proxy)
  Lifetime:               1800            (0h 30m 0s)
  Reachable Time:         0               (0h 0m 0s 0ms)
  Retransmission Timer:   0               (0h 0m 0s 0ms)
  Captive Portal URI Option `cpuri0@enp0s3':
    State:                Disabled
    URI:                  http://www.danrl.de/captive.html

Looks good! We give it a shot!

# ractl cpuri0@enp0s3 enable
# ractl ra@enp0s3 enable

Proof of concept is provided by wireshark: