diff options
author | Ermal Luçi <eri@pfsense.org> | 2009-03-30 00:37:45 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2009-03-30 00:38:36 +0000 |
commit | a55e9c701c2fc8914e0aebf12e37038f59b07cf8 (patch) | |
tree | 05b5a1bc85f8742706649429ec164f576d240975 | |
parent | cc460ee980e427bf4acdb8a4903e3278df59ea94 (diff) | |
download | pfsense-a55e9c701c2fc8914e0aebf12e37038f59b07cf8.zip pfsense-a55e9c701c2fc8914e0aebf12e37038f59b07cf8.tar.gz |
* Hide interfaces internals to other code and use the propper interfaces.
Basically use get_interface*() functions instead of accessing fields like 'ipaddr'/'descr' etc...
* Make get_interfaces_with_gateway less heavyweight by getting information from the configuration stored in config.xml
* Some other missed custom interface list building and substituing with propper get_configured_interface*()
NOTE: This should give indipendce on dynamic interfaces on some services that before could not be used on top of this type of interfaces.
-rw-r--r-- | etc/inc/captiveportal.inc | 14 | ||||
-rw-r--r-- | etc/inc/filter.inc | 37 | ||||
-rw-r--r-- | etc/inc/ipsec.inc | 10 | ||||
-rw-r--r-- | etc/inc/pfsense-utils.inc | 54 | ||||
-rw-r--r-- | etc/inc/services.inc | 25 | ||||
-rw-r--r-- | etc/inc/system.inc | 9 | ||||
-rw-r--r-- | etc/inc/vpn.inc | 16 | ||||
-rw-r--r-- | etc/rc.dhclient_cron | 11 | ||||
-rwxr-xr-x | etc/rc.linkup | 4 | ||||
-rwxr-xr-x | usr/local/captiveportal/index.php | 6 | ||||
-rw-r--r-- | usr/local/pkg/carp_settings.xml | 9 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_1to1_edit.php | 2 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_out.php | 13 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_server_edit.php | 2 | ||||
-rwxr-xr-x | usr/local/www/firewall_virtual_ip_edit.php | 9 | ||||
-rwxr-xr-x | usr/local/www/services_dhcp.php | 15 | ||||
-rwxr-xr-x | usr/local/www/services_dhcp_edit.php | 10 | ||||
-rwxr-xr-x | usr/local/www/services_wol.php | 8 | ||||
-rw-r--r-- | usr/local/www/vpn_l2tp.php | 2 | ||||
-rwxr-xr-x | usr/local/www/vpn_pppoe.php | 2 | ||||
-rwxr-xr-x | usr/local/www/vpn_pptp.php | 2 | ||||
-rwxr-xr-x | usr/local/www/wizard.php | 6 |
22 files changed, 118 insertions, 148 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 4228db6..deda563 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -294,9 +294,9 @@ function captiveportal_rules_generate() { global $config, $g; $cpifn = $config['captiveportal']['interface']; - $cpif = $config['interfaces'][$cpifn]['if']; - $cpip = $config['interfaces'][$cpifn]['ipaddr']; - $lanip = $config['interfaces']['lan']['ipaddr']; + $cpif = get_real_interface($cpifn); + $cpip = get_interface_ip($cpifn); + $lanip = get_interface_ip("lan"); /* note: the captive portal daemon inserts all pass rules for authenticated clients as skipto 50000 rules to make traffic shaping work */ @@ -307,16 +307,12 @@ function captiveportal_rules_generate() { /* allow nat redirects to work see http://cvstrac.pfsense.com/tktview?tn=651 */ - - $captive_portal_interface = strtoupper($cpifn); - /* if list */ $iflist = get_configured_interface_list(); - foreach ($iflist as $ifent => $ifname) { - if($captive_portal_interface == strtoupper($ifname)) + if($cpifn == $ifname) continue; - $int = convert_friendly_interface_to_real_interface_name($ifname); + $int = get_real_interface($ifname); $cprules .= "add 30 set 1 skipto 50000 all from any to any in via {$int} keep-state\n"; } diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index f09f7c6..0f643c8 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -597,13 +597,21 @@ function filter_nat_rules_generate() update_filter_reload_status("Creating outbound NAT rules"); $tonathosts = ""; $numberofnathosts = 0; - /* static routes */ + if (is_array($config['staticroutes']['route'])) { foreach ($config['staticroutes']['route'] as $route) { $netip = explode("/", $route['network']); - if ((! interface_has_gateway($route['interface'])) && (is_private_ip($netip[0]))) { - $numberofnathosts++; - $tonathosts .= "{$route['network']} "; + if(is_array($config['gateways']['gateway_item'])) { + foreach($config['gateways']['gateway_item'] as $gateway) { + if($route['gateway'] == $gateway['name']) { + $gatewayip = $gateway['gateway']; + $interfacegw = $gateway['interface']; + if ((! interface_has_gateway($gateway['interface'])) && (is_private_ip($netip[0]))) { + $numberofnathosts++; + $tonathosts .= "{$route['network']} "; + } + } + } } } } @@ -2216,27 +2224,6 @@ function carp_sync_client() { } } -function return_vpn_subnet($adr) -{ - global $config; - if(isset($config['system']['developerspew'])) { - $mt = microtime(); - echo "return_vpn_subnet() being called $mt\n"; - } - if ($adr['address']) { - list($padr, $pmask) = explode("/", $adr['address']); - if (is_null($pmask)) - return "{$padr}/32"; - return "{$padr}/{$pmask}"; - } - /* XXX: do not return wan, lan, etc */ - if(strstr($adr['network'], "wan") or strstr($adr['network'], "lan") or strstr($adr['network'], "opt")) - return convert_ip_to_network_format($config['interfaces'][$adr['network']]['ipaddr'], - $config['interfaces'][$adr['network']]['subnet']); - /* fallback - error */ - return " # error - {$adr['network']} "; -} - /* Generate IPSEC Filter Items */ function generate_ipsec_filter_rules() { global $config, $g, $FilterIflist, $GatewaysList; diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 44853d6..3d0c120 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -162,9 +162,9 @@ function ipsec_idinfo_to_cidr(& $idinfo,$addrbits = false) { return $idinfo['address']."/".$idinfo['netbits']; case "mobile": return "0.0.0.0/0"; - default: - $address = $config['interfaces']['lan']['ipaddr']; - $netbits = $config['interfaces'][$idinfo['type']]['subnet']; + default: + $address = get_interface_ip($idinfo['type']); + $netbits = get_interface_subnet($idinfo['type']); $address = gen_subnet($address,$netbits); return $address."/".$netbits; } @@ -188,8 +188,8 @@ function ipsec_idinfo_to_subnet(& $idinfo,$addrbits = false) { case "mobile": return "0.0.0.0/0"; default: - $address = $config['interfaces']['lan']['ipaddr']; - $netbits = $config['interfaces'][$idinfo['type']]['subnet']; + $address = get_interface_ip($idinfo['type']); + $netbits = get_interface_subnet($idinfo['type']); $address = gen_subnet($address,$netbits); $netbits = gen_subnet_mask($netbits); return $address."/".netbits; diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 9d6403d..ac86a89 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -561,12 +561,11 @@ function tdr_install_set() { mwexec("/sbin/ipfw add 1 check-state"); mwexec("/sbin/ipfw delete 65534"); mwexec("/sbin/ipfw add 1 allow all from me to any keep-state"); - if (!isset ($config['system']['webgui']['noantilockout'])) { + if (!isset ($config['system']['webgui']['noantilockout']) && count($config['interfaces']) > 1) { /* lan ip lockout */ - $lancfg = $config['interfaces']['lan']; - $lanip = $lancfg['ipaddr']; - $lansn = $lancfg['subnet']; - $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']); + $lanip = get_interface_ip("lan"); + $lansn = get_interface_subnet("lan"); + $lansa = gen_subnet($lanip, $lansn); mwexec("/sbin/ipfw add 1 allow all from {$lansa}/{$lansn} to $lanip keep-state"); } mwexec("/sbin/ipfw add 65534 check-state"); @@ -1249,12 +1248,11 @@ function link_carp_interface_to_parent($interface) { $carp_subnet = find_virtual_ip_netmask($carp_ip); $starting_ip = gen_subnet("{$carp_ip}", "{$carp_subnet}"); $carp_ints = ""; - $num_carp_ints = find_number_of_created_carp_interfaces(); foreach ($ifdescrs as $ifdescr => $ifname) { if(interface_has_gateway($ifname)) { - $interfaceip = $config['interfaces'][$ifname]['ipaddr']; - $subnet_bits = $config['interfaces'][$ifname]['subnet']; + $interfaceip = get_interface_ip($ifname); + $subnet_bits = get_interface_subnet($ifname); $subnet_ip = gen_subnet("{$interfaceip}", "{$subnet_bits}"); if(ip_in_subnet($carp_ip, "{$subnet_ip}/{$subnet_bits}")) { return $ifname; @@ -2855,39 +2853,24 @@ function is_dhcp_server_enabled() /* return outside interfaces with a gateway */ function get_interfaces_with_gateway() { global $config; + $ints = array(); - $vfaces = array( - 'bridge.?*', - 'ppp.?*', - 'sl.?*', - 'gif.?*', - 'faith.?*', - 'lo.?*', - 'ng.?*', - 'vlan.?*', - 'pflog.?*', - 'pfsync.?*', - 'enc.?*', - 'tun.?*', - 'carp.?*' - ); - $ifdescrs = get_interface_list("active","physical",$vfaces); + $ifdescrs = get_configured_interface_list(false, true); /* loop interfaces, check config for outbound */ foreach ($ifdescrs as $ifdescr => $ifname) { - $friendly = $ifname['friendly']; - switch ($config['interfaces'][$friendly]['ipaddr']) { + switch ($config['interfaces'][$ifname]['ipaddr']) { case "dhcp": case "carpdev-dhcp": case "pppoe": case "pptp": - $ints[] = $friendly; + $ints[] = $ifname; break; default: - if ($config['interfaces'][$friendly]['pointtopoint']) - $ints[] = $friendly; - else if ($config['interfaces'][$friendly]['gateway'] <> "") - $ints[] = $friendly; + if ($config['interfaces'][$ifname]['pointtopoint']) + $ints[] = $ifname; + else if (!empty($config['interfaces'][$ifname]['gateway'])) + $ints[] = $ifname; break; } } @@ -2897,13 +2880,10 @@ function get_interfaces_with_gateway() { /* return true if interface has a gateway */ function interface_has_gateway($friendly) { $friendly = strtolower($friendly); - if(in_array($friendly, get_interfaces_with_gateway())) { + if (in_array($friendly, get_interfaces_with_gateway())) return true; - } else { - /* extra check for real interface names if it falls through */ - $friendly = convert_real_interface_to_friendly_interface_name($friendly); - return(in_array($friendly, get_interfaces_with_gateway())); - } + + return false; } /****f* pfsense-utils/isAjax diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 6175a17..c8fdf73 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -186,9 +186,10 @@ EOPP; if (!isset($dhcpifconf['enable']) || !isset($Iflist[$dhcpif])) continue; - - $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']); - $subnetmask = gen_subnet_mask($ifcfg['subnet']); + $ifcfgip = get_interface_ip($dhcpif); + $ifcfgsn = get_interface_subnet($dhcpif); + $subnet = gen_subnet($ifcfgip, $ifcfgsn); + $subnetmask = gen_subnet_mask($ifcfgsn); if($is_olsr_enabled == true) if($dhcpifconf['netmask']) @@ -214,7 +215,7 @@ EOPP; if (is_array($dhcpifconf['dnsserver']) && ($dhcpifconf['dnsserver'][0])) { $dnscfg .= " option domain-name-servers " . join(",", $dhcpifconf['dnsserver']) . ";"; } else if (isset($config['dnsmasq']['enable'])) { - $dnscfg .= " option domain-name-servers " . $ifcfg['ipaddr'] . ";"; + $dnscfg .= " option domain-name-servers {$ifcfgip};"; } else if (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) { $dnscfg .= " option domain-name-servers " . join(",", $syscfg['dnsserver']) . ";"; } @@ -239,7 +240,7 @@ EOPP; if ($dhcpifconf['gateway']) $routers = $dhcpifconf['gateway']; else - $routers = $ifcfg['ipaddr']; + $routers = $ifcfgip; if($dhcpifconf['failover_peerip'] <> "") { $dhcpdconf .= " failover peer \"dhcp{$dhcpnum}\";\n"; @@ -456,13 +457,14 @@ function services_dhcrelay_configure() { link_interface_to_bridge($dhcrelayif)))) continue; - $dhcrelayifs[] = $ifcfg['if']; + $dhcrelayifs[] = get_real_interface($dhcprelayif); } /* In order for the relay to work, it needs to be active on the interface in which the destination server sits */ - foreach ($config['interfaces'] as $ifname) { - $subnet = $ifname['ipaddr'] . "/" . $ifname['subnet']; + $dhrelayifs = get_configured_interface_list(); + foreach ($dhrelayifs as $ifname) { + $subnet = get_interface_ip($ifname) . "/" . get_interface_subnet($ifname); if (ip_in_subnet($dhcrelaycfg['server'],$subnet)) $destif = $ifname['if']; } @@ -709,7 +711,7 @@ begemotSnmpdCommunityDisable = 1 EOD; if(isset($config['snmpd']['bindlan'])) { - $bind_to_ip = $config['interfaces']['lan']['ipaddr']; + $bind_to_ip = get_interface_ip("lan"); } else { $bind_to_ip = "0.0.0.0"; } @@ -823,10 +825,11 @@ function services_proxyarp_configure() { if (count($paa)) foreach ($paa as $paif => $paents) { - if (!(is_ipaddr($config['interfaces'][$paif]['ipaddr']))) + $paaifip = get_interface_ip($paif); + if (!(is_ipaddr($paaifip))) continue; - $args = $config['interfaces'][$paif]['if'] . " auto"; + $args = get_real_interface($paif) . " auto"; foreach ($paents as $paent) { diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 1ee4c0e..f714fe1 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -148,6 +148,7 @@ function system_hosts_generate() { $syscfg = $config['system']; $lancfg = $config['interfaces']['lan']; + $lancfgip = get_interface_ip("lan"); $dnsmasqcfg = $config['dnsmasq']; if (!is_array($dnsmasqcfg['hosts'])) { @@ -163,7 +164,11 @@ function system_hosts_generate() { $hosts = <<<EOD 127.0.0.1 localhost localhost.{$syscfg['domain']} -{$lancfg['ipaddr']} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']} + +EOD; + if (is_ipaddr($lancfgip)) + $hosts .= <<<EOD +{$lancfgip} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']} EOD; @@ -1124,4 +1129,4 @@ function enable_watchdog() { } } -?>
\ No newline at end of file +?> diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 84b8719..6b6ae3c 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -115,9 +115,9 @@ function vpn_ipsec_configure($ipchg = false) $a_phase2 = $config['ipsec']['phase2']; $a_client = $config['ipsec']['client']; $lancfg = $config['interfaces']['lan']; - $lanip = $lancfg['ipaddr']; - $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']); - $lansn = $lancfg['subnet']; + $lanip = get_interface_ip("lan"); + $lansn = get_interface_subnet("lan"); + $lansa = gen_subnet($lanip, $lansn); if (!isset($ipseccfg['enable'])) { mwexec("/sbin/ifconfig enc0 down"); @@ -791,8 +791,8 @@ EOD; /* add endpoint routes to correct gateway on interface */ if (interface_has_gateway($parentinterface)) { $gatewayip = get_interface_gateway("$parentinterface"); - $interfaceip = $config['interfaces'][$parentinterface]['ipaddr']; - $subnet_bits = $config['interfaces'][$parentinterface]['subnet']; + $interfaceip = get_interface_ip($parentinterface); + $subnet_bits = get_interface_subnet($parentinterface); $subnet_ip = gen_subnet("{$interfaceip}", "{$subnet_bits}"); /* if the remote gateway is in the local subnet, then don't add a route */ if (! ip_in_subnet($rgip, "{$subnet_ip}/{$subnet_bits}")) { @@ -1024,7 +1024,7 @@ EOD; $mpdconf .= " set ipcp dns " . join(" ", $pptpdcfg['dnsserver']) . "\n"; } else if (isset ($config['dnsmasq']['enable'])) { - $mpdconf .= " set ipcp dns " . $config['interfaces']['lan']['ipaddr']; + $mpdconf .= " set ipcp dns " . get_interface_ip("lan"); if ($syscfg['dnsserver'][0]) $mpdconf .= " " . $syscfg['dnsserver'][0]; $mpdconf .= "\n"; @@ -1224,7 +1224,7 @@ pppoe_standart: EOD; if (isset ($config['dnsmasq']['enable'])) { - $mpdconf .= " set ipcp dns " . $config['interfaces']['lan']['ipaddr']; + $mpdconf .= " set ipcp dns " . get_interface_ip("lan"); if ($syscfg['dnsserver'][0]) $mpdconf .= " " . $syscfg['dnsserver'][0]; $mpdconf .= "\n"; @@ -1406,7 +1406,7 @@ l2tp_standard: EOD; if (isset ($config['dnsmasq']['enable'])) { - $mpdconf .= " set ipcp dns " . $config['interfaces']['lan']['ipaddr']; + $mpdconf .= " set ipcp dns " . get_interface_ip("lan"); if ($syscfg['dnsserver'][0]) $mpdconf .= " " . $syscfg['dnsserver'][0]; $mpdconf .= "\n"; diff --git a/etc/rc.dhclient_cron b/etc/rc.dhclient_cron index 77254ec..c57b15b 100644 --- a/etc/rc.dhclient_cron +++ b/etc/rc.dhclient_cron @@ -31,17 +31,16 @@ require_once("config.inc"); require_once("functions.inc"); -require_once("filter.inc"); -require_once("interfaces.inc"); /* invalidate cache */ vc_invalidate(); unlink_if_exists("/tmp/config.cache"); -foreach($config['interfaces'] as $interface) { - $real_interface = $interface['if']; - if($interface['ipaddr'] == "dhcp") { +$iflist = get_configured_interface_with_descr(); +foreach($iflist as $ifname => $interface) { + $real_interface = get_real_interface($ifname); + if($config['interfaces'][$ifname]['ipaddr'] == "dhcp") { $pid = find_dhclient_process($real_interface); if($pid == 0 or !$pid) { /* dhclient is not running for interface, kick it */ @@ -51,4 +50,4 @@ foreach($config['interfaces'] as $interface) { } } -?>
\ No newline at end of file +?> diff --git a/etc/rc.linkup b/etc/rc.linkup index 6818bbe..6b04a19 100755 --- a/etc/rc.linkup +++ b/etc/rc.linkup @@ -32,7 +32,7 @@ /* parse the configuration and include all functions used below */ require_once("globals.inc"); require_once("config.inc"); -require_once("functions.inc"); +require_once("interfaces.inc"); function handle_argument_group($iface, $argument2) { global $config; @@ -88,4 +88,4 @@ if ($g['booting'] == true) { } } -?>
\ No newline at end of file +?> diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 011095a..9d21b8d 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -50,7 +50,7 @@ if (!$clientip) { if (isset($config['captiveportal']['httpslogin'])) $ourhostname = $config['captiveportal']['httpsname'] . ":8001"; else - $ourhostname = $config['interfaces'][$config['captiveportal']['interface']]['ipaddr'] . ":8000"; + $ourhostname = get_interface_ip($config['captiveportal']['interface']) . ":8000"; if ($orig_host != $ourhostname) { /* the client thinks it's connected to the desired web server, but instead @@ -168,7 +168,7 @@ function portal_reply_page($redirurl, $type = null, $message = null, $clientmac if (isset($config['captiveportal']['httpslogin'])) $htmltext = str_replace("\$PORTAL_ACTION\$", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext); else - $htmltext = str_replace("\$PORTAL_ACTION\$", "http://{$config['interfaces'][$config['captiveportal']['interface']]['ipaddr']}:8000/", $htmltext); + $htmltext = str_replace("\$PORTAL_ACTION\$", "http://" . get_interface_ip($config['captiveportal']['interface']) . ":8000/", $htmltext); $htmltext = str_replace("\$PORTAL_REDIRURL\$", htmlspecialchars($redirurl), $htmltext); $htmltext = str_replace("\$PORTAL_MESSAGE\$", htmlspecialchars($message), $htmltext); @@ -316,7 +316,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut if (isset($config['captiveportal']['httpslogin'])) $logouturl = "https://{$config['captiveportal']['httpsname']}:8001/"; else - $logouturl = "http://{$config['interfaces'][$config['captiveportal']['interface']]['ipaddr']}:8000/"; + $logouturl = "http://" . get_interface_ip($config['captiveportal']['interface']) . ":8000/"; echo <<<EOD <HTML> diff --git a/usr/local/pkg/carp_settings.xml b/usr/local/pkg/carp_settings.xml index 29c1ba9..8b37e8c 100644 --- a/usr/local/pkg/carp_settings.xml +++ b/usr/local/pkg/carp_settings.xml @@ -169,11 +169,9 @@ if($_POST["synchronizetoip"]) { if(!is_ipaddr($_POST["synchronizetoip"])) $input_errors[] = "You must specify a valid IP address."; - $ifdescrs = array('lan','wan'); - for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) - $ifdescrs['opt' . $j] = "opt" . $j; + $ifdescrs = get_configured_interface_list(); foreach($ifdescrs as $descr) - if($config['interfaces']['$descr']['ipaddr'] == $_POST["synchronizetoip"]) + if(get_interface_ip($descr) == $_POST["synchronizetoip"]) $input_errors[] = "CARP sync IP must be the backup firewall IP! You cannot specify this firewalls IP in this location."; if($config['virtualip']['vip']) { foreach($config['virtualip']['vip'] as $vip) { @@ -181,9 +179,6 @@ $input_errors[] = "CARP sync IP must be the backup firewall IP! You cannot specify this firewalls IP in this location."; } } - $wanip = get_interface_ip(); - if($wanip == $_POST["synchronizetoip"]) - $input_errors[] = "CARP sync IP must be the backup firewall's IP! You cannot specify this firewall's IP in this location."; } </custom_php_validation_command> <custom_add_php_command_late> diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index 116ca79..7ef2fab 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -85,7 +85,7 @@ if ($_POST) { if (is_ipaddr($config['interfaces']['wan']['ipaddr'])) { if (check_subnets_overlap($_POST['external'], $_POST['subnet'], - $config['interfaces']['wan']['ipaddr'], 32)) + get_interface_ip("wan"), 32)) $input_errors[] = "The WAN IP address may not be used in a 1:1 rule."; } diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index d9886e2..03eb8bd 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -91,14 +91,17 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { $ifdescrs = get_configured_interface_with_descr(); foreach($ifdescrs as $if => $ifdesc) { - if (interface_has_gateway()) + if (interface_has_gateway($if)) continue; - if($ifdesc == "WAN") + if($ifdesc == "wan") continue; $natent = array(); - $osn = gen_subnet($config['interfaces'][$if]['ipaddr'], - $config['interfaces'][$if]['subnet']); - $natent['source']['network'] = $osn . "/" . $config['interfaces'][$if]['subnet']; + $osipaddr = get_interface_ip($if); + $ossubnet = get_interface_subnet($if); + if (!is_ipaddr($osipaddr) || empty($ossubnet)) + continue; + $osn = gen_subnet($osipaddr, $ossubnet); + $natent['source']['network'] = "{$osn}/{$ossubnet}"; $natent['sourceport'] = ""; $natent['descr'] = "Auto created rule for {$ifdesc}"; $natent['target'] = ""; diff --git a/usr/local/www/firewall_nat_server_edit.php b/usr/local/www/firewall_nat_server_edit.php index 4558526..7cee424 100755 --- a/usr/local/www/firewall_nat_server_edit.php +++ b/usr/local/www/firewall_nat_server_edit.php @@ -71,7 +71,7 @@ if ($_POST) { $input_errors[] = "A valid external IP address must be specified."; } - if ($_POST['ipaddr'] == $config['interfaces']['wan']['ipaddr']) + if ($_POST['ipaddr'] == get_interface_ip("wan")) $input_errors[] = "The WAN IP address may not be used in a NAT Address entry."; /* check for overlaps with other server NAT */ diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index 52029b5..d6d82b8 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -88,11 +88,10 @@ if ($_POST) { if (($_POST['subnet'] && !is_ipaddr($_POST['subnet']))) $input_errors[] = "A valid IP address must be specified."; - if ($_POST['ipaddr'] == $config['interfaces']['wan']['ipaddr']) - $input_errors[] = "The WAN IP address may not be used in a virtual entry."; - - if ($_POST['ipaddr'] == $config['interfaces']['lan']['ipaddr']) - $input_errors[] = "The LAN IP address may not be used in a virtual entry."; + $natiflist = get_configured_interface_with_descr(); + foreach ($natiflist as $natif => $natdescr) + if ($_POST['ipaddr'] == get_interface_ip($natif)) + $input_errors[] = "The {$natdescr} IP address may not be used in a virtual entry."; if($_POST['subnet_bits'] == "32" and $_POST['type'] == "carp") $input_errors[] = "The /32 subnet mask is invalid for CARP IPs."; diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php index 6ddced7..59b3415 100755 --- a/usr/local/www/services_dhcp.php +++ b/usr/local/www/services_dhcp.php @@ -101,7 +101,8 @@ if (is_array($config['dhcpd'][$if])){ $a_maps = &$config['dhcpd'][$if]['staticmap']; } -$ifcfg = $config['interfaces'][$if]; +$ifcfgip = get_interface_ip($if); +$ifcfgsn = get_interface_subnet($if); /* set the enabled flag which will tell us if DHCP relay is enabled @@ -181,8 +182,8 @@ if ($_POST) { if (!$input_errors) { /* make sure the range lies within the current subnet */ - $subnet_start = (ip2long($ifcfg['ipaddr']) & gen_subnet_mask_long($ifcfg['subnet'])); - $subnet_end = (ip2long($ifcfg['ipaddr']) | (~gen_subnet_mask_long($ifcfg['subnet']))); + $subnet_start = (ip2long($ifcfgip) & gen_subnet_mask_long($ifcfgsn)); + $subnet_end = (ip2long($ifcfgip) | (~gen_subnet_mask_long($ifcfgsn))); if ((ip2long($_POST['range_from']) < $subnet_start) || (ip2long($_POST['range_from']) > $subnet_end) || (ip2long($_POST['range_to']) < $subnet_start) || (ip2long($_POST['range_to']) > $subnet_end)) { @@ -431,23 +432,23 @@ function show_netboot_config() { <tr> <td width="22%" valign="top" class="vncellreq">Subnet</td> <td width="78%" class="vtable"> - <?=gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']);?> + <?=gen_subnet($ifcfgip, $ifcfgsn);?> </td> </tr> <tr> <td width="22%" valign="top" class="vncellreq">Subnet mask</td> <td width="78%" class="vtable"> - <?=gen_subnet_mask($ifcfg['subnet']);?> + <?=gen_subnet_mask($ifcfgsn);?> </td> </tr> <tr> <td width="22%" valign="top" class="vncellreq">Available range</td> <td width="78%" class="vtable"> - <?=long2ip(ip2long($ifcfg['ipaddr']) & gen_subnet_mask_long($ifcfg['subnet']));?> + <?=long2ip(ip2long($ifcfgip) & gen_subnet_mask_long($ifcfgsn));?> - - <?=long2ip(ip2long($ifcfg['ipaddr']) | (~gen_subnet_mask_long($ifcfg['subnet']))); ?> + <?=long2ip(ip2long($ifcfgip) | (~gen_subnet_mask_long($ifcfgsn))); ?> </td> </tr> <?php if($is_olsr_enabled): ?> diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php index fb9718d..3239d05 100755 --- a/usr/local/www/services_dhcp_edit.php +++ b/usr/local/www/services_dhcp_edit.php @@ -62,7 +62,9 @@ $static_map_enabled=isset($config['dhcpd'][$if]['staticarp']); staticmaps_sort($if); $a_maps = &$config['dhcpd'][$if]['staticmap']; -$ifcfg = &$config['interfaces'][$if]; +$ifcfgip = get_interface_ip($if); +$ifcfgsn = get_interface_subnet($if); +$ifcfgdescr = convert_friendly_interface_to_friendly_descr($if); $id = $_GET['id']; if (isset($_POST['id'])) @@ -121,11 +123,11 @@ if ($_POST) { if ($_POST['ipaddr']) { $dynsubnet_start = ip2long($config['dhcpd'][$if]['range']['from']); $dynsubnet_end = ip2long($config['dhcpd'][$if]['range']['to']); - $lansubnet_start = (ip2long($ifcfg['ipaddr']) & gen_subnet_mask_long($ifcfg['subnet'])); - $lansubnet_end = (ip2long($ifcfg['ipaddr']) | (~gen_subnet_mask_long($ifcfg['subnet']))); + $lansubnet_start = (ip2long($ifcfgip) & gen_subnet_mask_long($ifcfgsn)); + $lansubnet_end = (ip2long($ifcfgip) | (~gen_subnet_mask_long($ifcfgsn))); if ((ip2long($_POST['ipaddr']) < $lansubnet_start) || (ip2long($_POST['ipaddr']) > $lansubnet_end)) { - $input_errors[] = "The IP address must lie in the {$ifcfg['descr']} subnet."; + $input_errors[] = "The IP address must lie in the {$ifcfgdescr} subnet."; } } diff --git a/usr/local/www/services_wol.php b/usr/local/www/services_wol.php index f6a87d9..a04920b 100755 --- a/usr/local/www/services_wol.php +++ b/usr/local/www/services_wol.php @@ -51,8 +51,8 @@ if($_GET['wakeall'] <> "") { foreach ($a_wol as $wolent) { $mac = $wolent['mac']; $if = $wolent['interface']; - $bcip = gen_subnet_max($config['interfaces'][$if]['ipaddr'], - $config['interfaces'][$if]['subnet']); + $bcip = gen_subnet_max($get_interface_ip($if), + get_interface_subnet($if)); mwexec("/usr/local/bin/wol -i {$bcip} {$mac}"); $savemsg .= "Sent magic packet to {$mac}.<br>"; } @@ -81,8 +81,8 @@ if ($_POST || $_GET['mac']) { if (!$input_errors) { /* determine broadcast address */ - $bcip = gen_subnet_max($config['interfaces'][$if]['ipaddr'], - $config['interfaces'][$if]['subnet']); + $bcip = gen_subnet_max(get_interface_ip($if), + get_interface_subnet($if)); mwexec("/usr/local/bin/wol -i {$bcip} {$mac}"); $savemsg = "Sent magic packet to {$mac}."; diff --git a/usr/local/www/vpn_l2tp.php b/usr/local/www/vpn_l2tp.php index 2dc487a..2e6829a 100644 --- a/usr/local/www/vpn_l2tp.php +++ b/usr/local/www/vpn_l2tp.php @@ -94,7 +94,7 @@ if ($_POST) { (ip2long($_POST['localip']) <= $subnet_end)) { $input_errors[] = gettext("The specified server address lies in the remote subnet."); } - if ($_POST['localip'] == $config['interfaces']['lan']['ipaddr']) { + if ($_POST['localip'] == get_interface_ip("lan")) { $input_errors[] = gettext("The specified server address is equal to the LAN interface address."); } } diff --git a/usr/local/www/vpn_pppoe.php b/usr/local/www/vpn_pppoe.php index 12c6cd8..192bb61 100755 --- a/usr/local/www/vpn_pppoe.php +++ b/usr/local/www/vpn_pppoe.php @@ -105,7 +105,7 @@ if ($_POST) { (ip2long($_POST['localip']) <= $subnet_end)) { $input_errors[] = "The specified server address lies in the remote subnet."; } - if ($_POST['localip'] == $config['interfaces']['lan']['ipaddr']) { + if ($_POST['localip'] == get_interface_ip("lan")) { $input_errors[] = "The specified server address is equal to the LAN interface address."; } } diff --git a/usr/local/www/vpn_pptp.php b/usr/local/www/vpn_pptp.php index 0ffff02..036a1c6 100755 --- a/usr/local/www/vpn_pptp.php +++ b/usr/local/www/vpn_pptp.php @@ -105,7 +105,7 @@ if ($_POST) { (ip2long($_POST['localip']) <= $subnet_end)) { $input_errors[] = "The specified server address lies in the remote subnet."; } - if ($_POST['localip'] == $config['interfaces']['lan']['ipaddr']) { + if ($_POST['localip'] == get_interface_ip("lan")) { $input_errors[] = "The specified server address is equal to the LAN interface address."; } } diff --git a/usr/local/www/wizard.php b/usr/local/www/wizard.php index 346a4c0..7dee0a4 100755 --- a/usr/local/www/wizard.php +++ b/usr/local/www/wizard.php @@ -228,7 +228,7 @@ function enablechange() { <?php if($title == "Reload in progress") { - $ip = "http://{$config['interfaces']['lan']['ipaddr']}"; + $ip = "http://" . get_interface_ip("lan"); } else { $ip = "/"; } @@ -619,13 +619,13 @@ function fixup_string($string) { $urlport = ""; } } - $myurl = $proto . "://" . $config['interfaces']['lan']['ipaddr'] . $urlport . "/"; + $myurl = $proto . "://" . get_interface_ip("lan") . $urlport . "/"; $newstring = str_replace("\$myurl", $myurl, $newstring); // fixup #2: $wanip $curwanip = get_interface_ip(); $newstring = str_replace("\$wanip", $curwanip, $newstring); // fixup #3: $lanip - $lanip = $config['interfaces']['lan']['ipaddr']; + $lanip = get_interface_ip("lan"); $newstring = str_replace("\$lanip", $lanip, $newstring); // fixup #4: fix'r'up here. return $newstring; |