MFC 7401

Add support for per interface ftp helper.

Suggested-by: Dan Swartzendruber <dswartz_AT_druber.com>

In-Discussion-with: Bill M, Dan S

7 files changed, 131 insertions, 45 deletions

diff --git a/etc/inc/config.inc b/etc/inc/config.inc
index 4845ec9..288ce1a 100644
--- a/etc/inc/config.inc
+++ b/etc/inc/config.inc
@@ -1190,23 +1190,40 @@ function system_start_ftp_helpers() {
 	require_once("interfaces.inc");
 	global $config, $g;
 
-	/*    if the ftp proxy is disabled then kill pftpx instance and return
-	 *    note that the helpers for port forwards are launched in a different
-         *    sequence so we are filtering them out here by not including -g 8021 first.
-         */
-	if($config['system']['disableftpproxy'] <> "") {
-		$helpers = exec("ps aux | grep \"/usr/local/sbin/pftpx -g 8021\" | grep -v grep | cut -d\" \" -f6");
-		mwexec("/usr/bin/kill {$helpers}");
-		return;
+	/* build an array of interfaces to work with */
+	$iflist = array("lan" => "LAN", "wan" => "WAN");
+	for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) 
+		$iflist['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+
+	/* loop through all interfaces and handle pftpx */
+	$interface_counter = 0;
+	foreach ($iflist as $ifent => $ifname) {
+		/*    if the ftp proxy is disabled for this interface then kill pftpx 
+		 *    instance and continue. note that the helpers for port forwards are 
+		 *    launched in a  different sequence so we are filtering them out 
+                 *    here by not including -c {$port} -g 8021 first.
+		 */
+		$port = 8021 + $interface_counter;
+		if(isset($config['interfaces'][$ifname]['disableftpproxy'])) {
+			/*    item is disabled.  lets ++ the interface counter and
+			 *    keep processing interfaces. kill pftpx if already
+                         *    running for this instance.
+                         */
+			$helpers = exec("ps aux | grep \"/usr/local/sbin/pftpx -g 8021\" | grep -v grep | cut -d\" \" -f6");
+			mwexec("/usr/bin/kill {$helpers}");
+			$interface_counter++;
+			continue;
+		}
+		/* grab the current interface IP address */
+		$ip = find_interface_ip(convert_friendly_interface_to_real_interface_name($ifname));
+		/* if pftpx is already running then do not launch it again */
+		$helpers = exec("ps aux | grep \"/usr/local/sbin/pftpx -c {$port} -g 8021\" | grep -v grep | grep {$ip}");
+		if(!$helpers) 
+			mwexec("/usr/local/sbin/pftpx -c {$port} -g 8021 {$ip}");
+		
+		$interface_counter++;
 	}
-	
-	/* grab the current WAN IP address */
-	$wanip = get_current_wan_address();
-	
-	/* if pftpx is already running then do not launch it again */
-	$helpers = exec("ps aux | grep \"/usr/local/sbin/pftpx -g 8021\" | grep -v grep");
-	if(!$helpers) 
-		mwexec("/usr/local/sbin/pftpx -g 8021");
+
 }
 
 function cleanup_backupcache($revisions = 30) {
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 1e6750f..b283297 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -544,18 +544,25 @@ function filter_nat_rules_generate() {
 	$natrules .= "\n# Load balancing anchor - slbd updates\n";
 	$natrules .= "rdr-anchor \"slb\"\n";
 
-	if(!isset($config['system']['disableftpproxy'])) {
-		$optcfg = array();
-		generate_optcfg_array($optcfg);	
-		$natrules .= "# FTP proxy\n";
-		$natrules .= "rdr-anchor \"pftpx/*\"\n";
-		$natrules .= "rdr on {$lanif} proto tcp from any to any port 21 -> 127.0.0.1 port 8021\n";
-		# go through optional interfaces, setting up pftpx for them as well.		
-		foreach($optcfg as $oc) {
-			$natrules .= "rdr on {$oc['if']} proto tcp from any to any port 21 -> 127.0.0.1 port 8021\n";
+	/* build an array of interfaces to work with */
+	$iflist = array("lan" => "LAN", "wan" => "WAN");
+	for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) 
+		$iflist['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+	$natrules .= "# FTP proxy\n";
+	$natrules .= "rdr-anchor \"pftpx/*\"\n";
+	$interface_counter = 0;
+	/* loop through all interfaces and handle pftpx redirections */
+	foreach ($iflist as $ifent => $ifname) {
+		if(isset($config['interfaces'][$ifname]['disableftpproxy'])) {
+			$interface_counter++;
+			continue;
 		}
-		$natrules .= "\n";
+		$tmp_port = 8021 + $interface_counter;
+		$tmp_interface = convert_friendly_interface_to_real_interface_name($ifname);
+		$natrules .= "rdr on {$tmp_interface} proto tcp from any to any port 21 -> 127.0.0.1 port {$tmp_port}\n";
+		$interface_counter++;
 	}
+	$natrules .= "\n";
 	
 	/* DIAG: add ipv6 NAT, if requested */
 	if (isset($config['diag']['ipv6nat']['enable']) and $config['diag']['ipv6nat']['ipaddr'] <> "") {
diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php
index 3b061b4..9b5b817 100755
--- a/usr/local/www/interfaces.php
+++ b/usr/local/www/interfaces.php
@@ -51,6 +51,8 @@ $pconfig['pptp_remote'] = $config['pptp']['remote'];
 $pconfig['pptp_dialondemand'] = isset($config['pptp']['ondemand']);
 $pconfig['pptp_idletimeout'] = $config['pptp']['timeout'];
 
+$pconfig['disableftpproxy'] = isset($wancfg['disableftpproxy']);
+
 $pconfig['bigpond_username'] = $config['bigpond']['username'];
 $pconfig['bigpond_password'] = $config['bigpond']['password'];
 $pconfig['bigpond_authserver'] = $config['bigpond']['authserver'];
@@ -209,6 +211,15 @@ if ($_POST) {
 		unset($config['bigpond']['authserver']);
 		unset($config['bigpond']['authdomain']);
 		unset($config['bigpond']['minheartbeatinterval']);
+		unset($wancfg['disableftpproxy']);
+		
+		/* per interface pftpx helper */
+		if($_POST['disableftpproxy'] == "yes") {
+			$wancfg['disableftpproxy'] = true;
+			system_start_ftp_helpers();
+		} else {			
+			system_start_ftp_helpers();
+		}
 
 		if ($_POST['type'] == "Static") {
 			$wancfg['ipaddr'] = $_POST['ipaddr'];
@@ -687,6 +698,15 @@ function type_change(enable_change,enable_change_pptp) {
                     When set, this option blocks traffic from IP addresses that
                     are reserved (but not RFC 1918) or not yet assigned by IANA.<br>
                     Bogons are prefixes that should never appear in the Internet routing table, and obviously should not appear as the source address in any packets you receive.</td>
+		</tr>
+		<tr>
+			<td width="22%" valign="top" class="vncell">FTP Helper</td>
+			<td width="78%" class="vtable">
+				<input name="disableftpproxy" type="checkbox" id="disableftpproxy" value="yes" <?php if (isset($config['system']['disableftpproxy'])) echo "checked"; ?> onclick="enable_change(false)" />
+				<strong>Disable the userland FTP-Proxy application</strong>
+				<br />
+			</td>
+		</tr>		
                 <tr>
                   <td width="100" valign="top">&nbsp;</td>
                   <td> &nbsp;<br> <input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change_pptp(true)&&enable_change(true)">
diff --git a/usr/local/www/interfaces_lan.php b/usr/local/www/interfaces_lan.php
index 278bfd8..1133335 100755
--- a/usr/local/www/interfaces_lan.php
+++ b/usr/local/www/interfaces_lan.php
@@ -41,6 +41,8 @@ $pconfig['bridge'] = $lancfg['bridge'];
 $pconfig['bandwidth'] = $lancfg['bandwidth'];
 $pconfig['bandwidthtype'] = $lancfg['bandwidthtype'];
 
+$pconfig['disableftpproxy'] = isset($lancfg['disableftpproxy']);
+
 /* Wireless interface? */
 if (isset($lancfg['wireless'])) {
 	require("interfaces_wlan.inc");
@@ -105,6 +107,16 @@ if ($_POST) {
 
 	if (!$input_errors) {
 		
+		unset($lancfg['disableftpproxy']);
+		
+		/* per interface pftpx helper */
+		if($_POST['disableftpproxy'] == "yes") {
+			$lancfg['disableftpproxy'] = true;
+			system_start_ftp_helpers();
+		} else {			
+			system_start_ftp_helpers();
+		}			
+		
 		$bridge = discover_bridge($lancfg['if'], filter_translate_type_to_real_interface($lancfg['bridge']));
 		if($bridge <> "-1") {
 			destroy_bridge($bridge);
@@ -230,6 +242,14 @@ function enable_change(enable_over) {
 			<br> The bandwidth setting will define the speed of the interface for traffic shaping.  Do not enter your "Internet" bandwidth here, only the physical speed!
 		  </td>
                 </tr>
+		<tr>
+			<td width="22%" valign="top" class="vncell">FTP Helper</td>
+			<td width="78%" class="vtable">
+				<input name="disableftpproxy" type="checkbox" id="disableftpproxy" value="yes" <?php if (isset($config['system']['disableftpproxy'])) echo "checked"; ?> onclick="enable_change(false)" />
+				<strong>Disable the userland FTP-Proxy application</strong>
+				<br />
+			</td>
+		</tr>		
                 <tr>
                   <td width="22%" valign="top">&nbsp;</td>
                   <td width="78%">
@@ -278,4 +298,4 @@ if ($_POST['apply'] <> "") {
 	
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/usr/local/www/interfaces_opt.php b/usr/local/www/interfaces_opt.php
index bfcaed6..3add7d3 100755
--- a/usr/local/www/interfaces_opt.php
+++ b/usr/local/www/interfaces_opt.php
@@ -61,6 +61,7 @@ $pconfig['blockbogons'] = isset($optcfg['blockbogons']);
 $pconfig['spoofmac'] = $optcfg['spoofmac'];
 $pconfig['mtu'] = $optcfg['mtu'];
 
+$pconfig['disableftpproxy'] = isset($optcfg['disableftpproxy']);
 
 /* Wireless interface? */
 if (isset($optcfg['wireless'])) {
@@ -171,6 +172,15 @@ if ($_POST) {
 		}
 
 		unset($optcfg['dhcphostname']);
+		unset($optcfg['disableftpproxy']);
+		
+		/* per interface pftpx helper */
+		if($_POST['disableftpproxy'] == "yes") {
+			$optcfg['disableftpproxy'] = true;
+			system_start_ftp_helpers();
+		} else {			
+			system_start_ftp_helpers();
+		}		
 
 		$optcfg['descr'] = remove_bad_chars($_POST['descr']);
 		$optcfg['bridge'] = $_POST['bridge'];
@@ -413,7 +423,16 @@ function type_change(enable_change,enable_change_pptp) {
 			</select>
 			<br> The bandwidth setting will define the speed of the interface for traffic shaping.  Do not enter your "Internet" bandwidth here, only the physical speed!
 		  </td>
-                </tr>                <tr>
+                </tr>
+		<tr>
+			<td width="22%" valign="top" class="vncell">FTP Helper</td>
+			<td width="78%" class="vtable">
+				<input name="disableftpproxy" type="checkbox" id="disableftpproxy" value="yes" <?php if (isset($config['system']['disableftpproxy'])) echo "checked"; ?> onclick="enable_change(false)" />
+				<strong>Disable the userland FTP-Proxy application</strong>
+				<br />
+			</td>
+		</tr>		
+		<tr>
                   <td width="22%" valign="top">&nbsp;</td>
                   <td width="78%">
                     <input name="index" type="hidden" value="<?=$index;?>">
diff --git a/usr/local/www/interfaces_wan.php b/usr/local/www/interfaces_wan.php
index 3b061b4..9b5b817 100755
--- a/usr/local/www/interfaces_wan.php
+++ b/usr/local/www/interfaces_wan.php
@@ -51,6 +51,8 @@ $pconfig['pptp_remote'] = $config['pptp']['remote'];
 $pconfig['pptp_dialondemand'] = isset($config['pptp']['ondemand']);
 $pconfig['pptp_idletimeout'] = $config['pptp']['timeout'];
 
+$pconfig['disableftpproxy'] = isset($wancfg['disableftpproxy']);
+
 $pconfig['bigpond_username'] = $config['bigpond']['username'];
 $pconfig['bigpond_password'] = $config['bigpond']['password'];
 $pconfig['bigpond_authserver'] = $config['bigpond']['authserver'];
@@ -209,6 +211,15 @@ if ($_POST) {
 		unset($config['bigpond']['authserver']);
 		unset($config['bigpond']['authdomain']);
 		unset($config['bigpond']['minheartbeatinterval']);
+		unset($wancfg['disableftpproxy']);
+		
+		/* per interface pftpx helper */
+		if($_POST['disableftpproxy'] == "yes") {
+			$wancfg['disableftpproxy'] = true;
+			system_start_ftp_helpers();
+		} else {			
+			system_start_ftp_helpers();
+		}
 
 		if ($_POST['type'] == "Static") {
 			$wancfg['ipaddr'] = $_POST['ipaddr'];
@@ -687,6 +698,15 @@ function type_change(enable_change,enable_change_pptp) {
                     When set, this option blocks traffic from IP addresses that
                     are reserved (but not RFC 1918) or not yet assigned by IANA.<br>
                     Bogons are prefixes that should never appear in the Internet routing table, and obviously should not appear as the source address in any packets you receive.</td>
+		</tr>
+		<tr>
+			<td width="22%" valign="top" class="vncell">FTP Helper</td>
+			<td width="78%" class="vtable">
+				<input name="disableftpproxy" type="checkbox" id="disableftpproxy" value="yes" <?php if (isset($config['system']['disableftpproxy'])) echo "checked"; ?> onclick="enable_change(false)" />
+				<strong>Disable the userland FTP-Proxy application</strong>
+				<br />
+			</td>
+		</tr>		
                 <tr>
                   <td width="100" valign="top">&nbsp;</td>
                   <td> &nbsp;<br> <input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change_pptp(true)&&enable_change(true)">
diff --git a/usr/local/www/system_advanced.php b/usr/local/www/system_advanced.php
index 2f39dd5..03a1ade 100755
--- a/usr/local/www/system_advanced.php
+++ b/usr/local/www/system_advanced.php
@@ -35,7 +35,6 @@
 require("guiconfig.inc");
 
 $pconfig['disablefilter'] = $config['system']['disablefilter'];
-$pconfig['disableftpproxy'] = $config['system']['disableftpproxy'];
 $pconfig['rfc959workaround'] = $config['system']['rfc959workaround'];
 $pconfig['ipv6nat_enable'] = isset($config['diag']['ipv6nat']['enable']);
 $pconfig['ipv6nat_ipaddr'] = $config['diag']['ipv6nat']['ipaddr'];
@@ -130,14 +129,6 @@ if ($_POST) {
 			system_enable_arp_wrong_if();
 		}		
 
-		if($_POST['disableftpproxy'] == "yes") {
-			$config['system']['disableftpproxy'] = "enabled";
-			unset($config['system']['rfc959workaround']);
-			system_start_ftp_helpers();
-		} else {
-			unset($config['system']['disableftpproxy']);
-			system_start_ftp_helpers();
-		}
 		if($_POST['rfc959workaround'] == "yes")
 			$config['system']['rfc959workaround'] = "enabled";
 		else
@@ -525,14 +516,6 @@ include("head.inc");
 			<td colspan="2" valign="top" class="listtopic">Traffic Shaper and Firewall Advanced</td>
 		</tr>
 		<tr>
-			<td width="22%" valign="top" class="vncell">FTP Helper</td>
-			<td width="78%" class="vtable">
-				<input name="disableftpproxy" type="checkbox" id="disableftpproxy" value="yes" <?php if (isset($config['system']['disableftpproxy'])) echo "checked"; ?> onclick="enable_change(false)" />
-				<strong class="vexpl">Disable the userland FTP-Proxy application</strong>
-				<br />
-			</td>
-		</tr>
-		<tr>
 			<td width="22%" valign="top" class="vncell">FTP RFC 959 data port violation workaround</td>
 			<td width="78%" class="vtable">
 				<input name="rfc959workaround" type="checkbox" id="rfc959workaround" value="yes" <?php if (isset($config['system']['rfc959workaround'])) echo "checked"; ?> onclick="enable_change(false)" />