diff options
| author | Renato Botelho <renato.botelho@bluepex.com> | 2010-08-03 10:59:34 -0300 |
|---|---|---|
| committer | Renato Botelho <renato.botelho@bluepex.com> | 2010-08-03 10:59:34 -0300 |
| commit | 270f81d9607be5f372a4bb89bbb53dd1e45a1f82 (patch) | |
| tree | b9511afa10dfd1b311606a74af707f000b50e9e4 | |
| parent | 416686be4caf89487f98f6bade2c6a72887e9157 (diff) | |
| parent | 073a2697dd86a8dece8dafa28b71084a547ba31e (diff) | |
| download | pfsense-270f81d9607be5f372a4bb89bbb53dd1e45a1f82.zip pfsense-270f81d9607be5f372a4bb89bbb53dd1e45a1f82.tar.gz | |
Merge remote branch 'mainline/master' into 2_firewall
Conflicts:
usr/local/www/diag_nanobsd.php
usr/local/www/diag_packet_capture.php
usr/local/www/firewall_shaper.php
89 files changed, 1614 insertions, 780 deletions
diff --git a/PCBSD/pc-sysinstall/backend/functions-unmount.sh b/PCBSD/pc-sysinstall/backend/functions-unmount.sh index abd2491..f47c3fb 100644 --- a/PCBSD/pc-sysinstall/backend/functions-unmount.sh +++ b/PCBSD/pc-sysinstall/backend/functions-unmount.sh @@ -85,7 +85,7 @@ unmount_all_filesystems() # Last lets the /mnt partition ######################################################### - rc_nohalt "umount -f ${FSMNT}" + # rc_nohalt "umount -f ${FSMNT}" # If are using a ZFS on "/" set it to legacy if [ ! -z "${FOUNDZFSROOT}" ] @@ -100,7 +100,7 @@ unmount_all_filesystems() fi # Unmount our CDMNT - rc_nohalt "umount -f ${CDMNT}" + # rc_nohalt "umount -f ${CDMNT}" # Check if we need to run any gmirror syncing ls ${MIRRORCFGDIR}/* >/dev/null 2>/dev/null @@ -155,7 +155,7 @@ unmount_all_filesystems_failure() # Last lets the /mnt partition ######################################################### - rc_nohalt "umount -f ${FSMNT}" + # rc_nohalt "umount -f ${FSMNT} 2>/dev/null" fi else @@ -168,7 +168,7 @@ unmount_all_filesystems_failure() fi # Unmount our CDMNT - rc_nohalt "umount ${CDMNT}" + # rc_nohalt "umount ${CDMNT} 2>/dev/null" # Import any pools, so they are active at shutdown and ready to boot potentially zpool import -a diff --git a/conf.default/config.xml b/conf.default/config.xml index 06513de..2296a42 100644 --- a/conf.default/config.xml +++ b/conf.default/config.xml @@ -566,7 +566,7 @@ --> </shaper> <ipsec> - <preferredoldsa/> + <preferoldsa/> <!-- <enable/> --> <!-- syntax: <tunnel> diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 4b5578b..f85f897 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -417,6 +417,9 @@ function local_user_get_groups($user, $all = false) { if (in_array($user['uid'], $group['member'])) $groups[] = $group['name']; + if ( $all ) + $groups[] = "all"; + sort($groups); return $groups; @@ -452,9 +455,11 @@ function local_user_set_groups($user, $new_groups = NULL ) { if (in_array($groupname,$new_groups)) continue; $group = & $config['system']['group'][$groupindex[$groupname]]; - $index = array_search($user['uid'], $group['member']); - array_splice($group['member'], $index, 1); - $mod_groups[] = $group; + if (is_array($group['member'])) { + $index = array_search($user['uid'], $group['member']); + array_splice($group['member'], $index, 1); + $mod_groups[] = $group; + } } /* sync all modified groups */ @@ -973,6 +978,8 @@ function radius_backed($username, $passwd, $authcfg){ global $debug, $config; $ret = false; + require_once("radius.inc"); + $rauth = new Auth_RADIUS_PAP($username, $passwd); if ($authcfg) { $radiusservers = array(); @@ -1235,4 +1242,4 @@ function session_auth() { return true; } -?>
\ No newline at end of file +?> diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 1e96b41..0d3853b 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -425,45 +425,14 @@ EOD; foreach ($cpips as $cpip) $ips .= "or {$cpip} "; $ips = "{ {$ips} }"; - //# allow access to our DHCP server (which needs to be able to ping clients as well) - $cprules .= "add {$rulenum} set 1 pass udp from any 68 to {$ips} 67 in \n"; + $cprules .= "add {$rulenum} set 1 pass ip from any to {$ips} in\n"; $rulenum++; - $cprules .= "add {$rulenum} set 1 pass udp from any 68 to {$ips} 67 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass udp from {$ips} 67 to any 68 out \n"; + $cprules .= "add {$rulenum} set 1 pass ip from {$ips} to any out\n"; $rulenum++; $cprules .= "add {$rulenum} set 1 pass icmp from {$ips} to any out icmptype 0\n"; $rulenum++; $cprules .= "add {$rulenum} set 1 pass icmp from any to {$ips} in icmptype 8 \n"; $rulenum++; - //# allow access to our DNS forwarder - $cprules .= "add {$rulenum} set 1 pass udp from any to {$ips} 53 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass udp from {$ips} 53 to any out \n"; - $rulenum++; - # allow access to our web server - $cprules .= "add {$rulenum} set 1 pass tcp from any to {$ips} 8000 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from {$ips} 8000 to any out \n"; - - if (isset($config['captiveportal']['httpslogin'])) { - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from any to {$ips} 8001 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from {$ips} 8001 to any out \n"; - } - if (!empty($config['system']['webgui']['port'])) - $port = $config['system']['webgui']['port']; - else if ($config['system']['webgui']['proto'] == "http") - $port = 80; - else - $port = 443; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from any to {$ips} {$port} in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from {$ips} {$port} to any out \n"; - $rulenum++; - /* Allowed ips */ $cprules .= "add {$rulenum} allow ip from table(3) to any in\n"; $rulenum++; @@ -917,14 +886,17 @@ function captiveportal_allowedip_configure_entry($ipent) { $bw_up = $ruleno + 20000; $rules .= "pipe {$bw_up} config bw {$ipent['bw_up']}Kbit/s queue 100\n"; } + $subnet = ""; + if (!empty($ipent['sn'])) + $subnet = "/{$ipent['sn']}"; foreach ($tablein as $table) - $rules .= "table {$table} add {$ipent['ip']} {$bw_up}\n"; + $rules .= "table {$table} add {$ipent['ip']}{$subnet} {$bw_up}\n"; if ($enBwdown) { $bw_down = $ruleno + 20001; $rules .= "pipe {$bw_down} config bw {$ipent['bw_down']}Kbit/s queue 100\n"; } foreach ($tableout as $table) - $rules .= "table {$table} add {$ipent['ip']} {$bw_down}\n"; + $rules .= "table {$table} add {$ipent['ip']}{$subnet} {$bw_down}\n"; return $rules; } diff --git a/etc/inc/config.inc b/etc/inc/config.inc index aa5fb69..78c6b04 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -195,11 +195,15 @@ else if ($g['booting'] and !file_exists($g['cf_conf_path'] . "/config.xml") ) { mwexec("/sbin/mount -a"); } - - if($g['booting']) echo "."; $config = parse_config(); +/* set timezone */ +$timezone = $config['system']['timezone']; +if (!$timezone) + $timezone = "Etc/UTC"; +date_default_timezone_set("$timezone"); + if($config_parsed == true) { /* process packager manager custom rules */ if(is_dir("/usr/local/pkg/parse_config")) { @@ -207,4 +211,4 @@ if($config_parsed == true) { } } -?> +?>
\ No newline at end of file diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 707dee8..c236594 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -91,7 +91,7 @@ function encrypted_configxml() { * $config - array containing all configuration variables ******/ function parse_config($parse = false) { - global $g, $config_parsed; + global $g, $config_parsed, $config_extra; $lockkey = lock('config'); $config_parsed = false; @@ -169,11 +169,19 @@ function parse_config($parse = false) { * boolean - true on completion ******/ function generate_config_cache($config) { - global $g; + global $g, $config_extra; $configcache = fopen($g['tmp_path'] . '/config.cache', "w"); fwrite($configcache, serialize($config)); fclose($configcache); + unset($configcache); + /* Used for config.extra.xml */ + if(file_exists($g['tmp_path'] . '/config.extra.cache') && $config_extra) { + $configcacheextra = fopen($g['tmp_path'] . '/config.extra.cache', "w"); + fwrite($configcacheextra, serialize($config_extra)); + fclose($configcacheextra); + unset($configcacheextra); + } } function discover_last_backup() { @@ -457,6 +465,10 @@ function safe_write_file($file, $content, $force_binary) { function write_config($desc="Unknown", $backup = true) { global $config, $g; + /* TODO: Not sure what this was added for; commenting out + * for now, since it was preventing config saving. */ + // $config = parse_config(true, false, false); + if($g['bootup']) log_error("WARNING! Configuration written on bootup. This can cause stray openvpn and load balancing items in config.xml"); @@ -977,7 +989,7 @@ EODD; $config['interfaces']['wan']['if'] = $wanif; $config['interfaces']['wan']['enable'] = true; if (preg_match($g['wireless_regex'], $wanif)) { - if (is_array($config['interfaces']['lan']) && + if (is_array($config['interfaces']['wan']) && (!is_array($config['interfaces']['wan']['wireless']))) $config['interfaces']['wan']['wireless'] = array(); } else { @@ -1277,4 +1289,4 @@ function set_device_perms() { } } -?> +?>
\ No newline at end of file diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index af4619d..a417d07 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -996,7 +996,7 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_ /* Generate a 'nat on' or 'no nat on' rule for given interface */ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false, $proto = "") { - global $config; + global $config, $FilterIflist; /* XXX: billm - any idea if this code is needed? */ if($src == "/32" || $src{0} == "/") return "# src incorrectly specified\n"; @@ -1007,7 +1007,7 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = " if(is_ipaddr($natip)) $tgt = "{$natip}/32"; else - $tgt = "($if)"; + $tgt = "(" . $FilterIflist[$if]['if'] . ")"; } /* Add the protocol, if defined */ if (!empty($proto) && $proto != "any") { @@ -1049,7 +1049,7 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = " $nat = "nat"; $target = "-> {$tgt}"; } - $if_friendly = convert_friendly_interface_to_friendly_descr($if); + $if_friendly = $FilterIflist[$if]['descr']; /* Put all the pieces together */ if($if_friendly) $natrule = "{$nat} on \${$if_friendly} {$protocol} from {$src} to {$dst} {$target}{$staticnatport_txt}\n"; @@ -1396,18 +1396,10 @@ function filter_nat_rules_generate() { else sigkillbypid("/var/run/inetd.pid", "HUP"); - if($pptpdcfg['mode'] && $pptpdcfg['mode'] != "off") { - if($pptpdcfg['mode'] == "server") - $pptpdtarget = "127.0.0.1"; - else if($pptpdcfg['mode'] == "redir") - $pptpdtarget = $pptpdcfg['redir']; - if($pptpdcfg['mode'] == "redir" && is_array($FilterIflist['wan'])) { - /* - * NB: ermal -- the rdr rule below is commented out now that we have a solution - * for PPTP passthrough. This unbreaks other GRE traffic passing - * through pfSense. - * After some more testing this will be removed compeletely. - */ + $pptpdcfg = $config['pptpd']; + if($pptpdcfg['mode'] && $pptpdcfg['mode'] == "redir") { + $pptpdtarget = $pptpdcfg['redir']; + if(is_ipaddr($pptpdtarget) && is_array($FilterIflist['wan'])) { $natrules .= <<<EOD # PPTP diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index dae4ea7..edf578b 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -151,6 +151,7 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024", "net.inet.udp.maxdgram" => "57344", "net.link.bridge.pfil_onlyip" => "0", "net.link.bridge.pfil_member" => "1", + "net.link.bridge.pfil_local_phys" => "1", "net.link.bridge.pfil_bridge" => "0", "net.link.tap.user_open" => "1", "kern.rndtest.verbose" => "0", diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index 94ddd17..2ff52a1 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -160,11 +160,16 @@ EOD; if (!is_ipaddr($gateway['monitor'])) continue; - $apingercfg .= "target \"{$gateway['monitor']}\" {\n"; - $apingercfg .= " description \"{$gateway['name']}\"\n"; - $gwifip = find_interface_ip($gateway['interface']); + if($gateway['monitor'] == "127.0.0.{$i}") { + $gwifip = "127.0.0.1"; + } else { + $gwifip = find_interface_ip($gateway['interface']); + } if (!is_ipaddr($gwifip)) continue; //Skip this target + + $apingercfg .= "target \"{$gateway['monitor']}\" {\n"; + $apingercfg .= " description \"{$gateway['name']}\"\n"; $apingercfg .= " srcip \"{$gwifip}\"\n"; $alarms = ""; $override = false; @@ -235,16 +240,13 @@ EOD; fwrite($fd, $apingerconfig); fclose($fd); - if (is_process_running("apinger")) { - sigkillbypid("{$g['varrun_path']}/apinger.pid", "HUP"); - } else { - if (is_dir("{$g['tmp_path']}")) - chmod("{$g['tmp_path']}", 01777); - if (is_dir("{$g['vardb_path']}/rrd")) - chown("{$g['vardb_path']}/rrd", "nobody"); - /* start a new apinger process */ - mwexec_bg("/usr/local/sbin/apinger -c {$g['varetc_path']}/apinger.conf"); - } + killbypid("{$g['varrun_path']}/apinger.pid"); + if (is_dir("{$g['tmp_path']}")) + chmod("{$g['tmp_path']}", 01777); + if (is_dir("{$g['vardb_path']}/rrd")) + chown("{$g['vardb_path']}/rrd", "nobody"); + /* start a new apinger process */ + mwexec_bg("/usr/local/sbin/apinger -c {$g['varetc_path']}/apinger.conf"); return 0; } diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index dc4cbdf..843ca36 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -475,9 +475,14 @@ function interface_bridge_add_member($bridgeif, $interface) { pfSense_get_interface_addresses($bridgeif); if (isset($options['encaps']['txcsum'])) + pfSense_interface_capabilities($interface, IFCAP_TXCSUM); + else pfSense_interface_capabilities($interface, -IFCAP_TXCSUM); + + if (isset($options['encaps']['rxcsum'])) + pfSense_interface_capabilities($interface, IFCAP_RXCSUM); else - pfSense_interface_capabilities($interface, IFCAP_TXCSUM); + pfSense_interface_capabilities($interface, -IFCAP_RXCSUM); interfaces_bring_up($interface); mwexec("/sbin/ifconfig {$bridgeif} addm {$interface}"); @@ -819,10 +824,11 @@ function interface_bring_down($interface = "wan", $destroy = false) { if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { foreach ($config['ppps']['ppp'] as $pppid => $ppp) { if ($realif == $ppp['if']) { - if (!isset($ppp['ondemand'])) { - killbypid("{$g['varrun_path']}/{$ifcfg['ipaddr']}_{$interface}.pid"); - sleep(2); - unlink_if_exists("{$g['varetc_path']}/mpd_{$interface}.conf"); + killbypid("{$g['varrun_path']}/{$ifcfg['ipaddr']}_{$interface}.pid"); + sleep(2); + unlink_if_exists("{$g['varetc_path']}/mpd_{$interface}.conf"); + if (isset($ppp['ondemand']) && !$destroy) { + interface_configure("wan"); } break; } @@ -996,7 +1002,7 @@ function handle_pppoe_reset($post_array) { $config['cron']['item'][] = $item; } -/* This function can configure PPPoE, MLPPP (PPPoE), PPtP. +/* This function can configure PPPoE, MLPPP (PPPoE), PPTP. * It writes the mpd config file to /var/etc every time the link is opened. */ @@ -1050,7 +1056,7 @@ function interface_ppps_configure($interface) { $subnets = explode(',',$ppp['subnet']); /* We bring up the parent interface first because if DHCP is configured on the parent we need - to obtain an address first so we can write it in the mpd .conf file for PPtP and L2tP configs + to obtain an address first so we can write it in the mpd .conf file for PPTP and L2TP configs */ foreach($ports as $pid => $port){ switch ($ppp['type']) { @@ -1069,7 +1075,7 @@ function interface_ppps_configure($interface) { $localips[$pid] = get_interface_ip($port); // try to get the interface IP from the port if(!is_ipaddr($localips[$pid])){ - log_error("Could not get a Local IP address for PPtP/L2tP link on {$port} in interfaces_ppps_configure."); + log_error("Could not get a Local IP address for PPTP/L2TP link on {$port} in interfaces_ppps_configure."); return 0; } /* XXX: This needs to go away soon! [It's commented out!] */ @@ -1084,7 +1090,7 @@ function interface_ppps_configure($interface) { */ } if(!is_ipaddr($gateways[$pid])){ - log_error("Could not get a PPtP/L2tP Remote IP address from {$dhcp_gateway} for {$gway} in interfaces_ppps_configure."); + log_error("Could not get a PPTP/L2TP Remote IP address from {$dhcp_gateway} for {$gway} in interfaces_ppps_configure."); return 0; } break; @@ -1601,16 +1607,21 @@ function interface_reload_carps($cif) { foreach ($viparr as $vip) { if (in_array($vip['carpif'], $carps)) { switch ($vip['mode']) { - case "carp": + case "carp": interface_vip_bring_down($vip); sleep(1); interface_carp_configure($vip); break; - case "carpdev-dhcp": + case "carpdev-dhcp": interface_vip_bring_down($vip); sleep(1); interface_carpdev_configure($vip); break; + case "ipalias": + interface_vip_bring_down($vip); + sleep(1); + interface_ipalias_configure($vip); + break; } } } @@ -1823,6 +1834,7 @@ function interface_sync_wireless_clones(&$ifcfg, $sync_changes = false) { $baseif = interface_get_wireless_base($ifcfg['if']); + // Sync shared settings for assigned clones $iflist = get_configured_interface_list(false, true); foreach ($iflist as $if) { if ($baseif == interface_get_wireless_base($config['interfaces'][$if]['if']) && $ifcfg['if'] != $config['interfaces'][$if]['if']) { @@ -1840,6 +1852,18 @@ function interface_sync_wireless_clones(&$ifcfg, $sync_changes = false) { } } + // Read or write settings at shared area + if (isset($config['wireless']['interfaces'][$baseif])) { + foreach ($shared_settings as $setting) { + if ($sync_changes) { + $config['wireless']['interfaces'][$baseif][$setting] = $ifcfg['wireless'][$setting]; + } else if (isset($config['wireless']['interfaces'][$baseif][$setting])) { + $ifcfg['wireless'][$setting] = $config['wireless']['interfaces'][$baseif][$setting]; + } + } + } + + // Sync the mode on the clone creation page with the configured mode on the interface if (interface_is_wireless_clone($ifcfg['if'])) { foreach ($config['wireless']['clone'] as &$clone) { if ($clone['cloneif'] == $ifcfg['if']) { @@ -2326,21 +2350,20 @@ function interface_configure($interface = "wan", $reloadall = false) { interface_reload_carps($realif); if (!$g['booting']) { - if (link_interface_to_gre($interface)) { - foreach ($config['gres']['gre'] as $gre) - if ($gre['if'] == $interface) - interface_gre_configure($gre); - } - if (link_interface_to_gif($interface)) { - foreach ($config['gifs']['gif'] as $gif) - if ($gif['if'] == $interface) - interface_gif_configure($gif); - } - if (link_interface_to_bridge($interface)) { - foreach ($config['bridges']['bridged'] as $bridge) - if (stristr($bridge['members'], "{$interface}")) - interface_bridge_add_member($bridge['bridgeif'], $realif); - } + unset($gre); + $gre = link_interface_to_gre($interface); + if (!empty($gre)) + interface_gre_configure($gre); + + unset($gif); + $gif = link_interface_to_gif($interface); + if (!empty($gif)) + interface_gif_configure($gif); + + unset($bridgetmp); + $bridgetmp = link_interface_to_bridge($interface); + if (!empty($bridgetmp)) + interface_bridge_add_member($bridgetmp, $realif); link_interface_to_vips($interface, "update"); @@ -2512,25 +2535,19 @@ function convert_real_interface_to_friendly_interface_name($interface = "wan") { return $vip['interface']; } } - } else if (stristr($interface, "carp")) { - $index = intval(substr($interface, 4)); - foreach ($config['virtualip']['vip'] as $counter => $vip) { - if ($vip['mode'] == "carpdev-dhcp" || $vip['mode'] == "carp") { - if ($index == $counter) - return $vip['interface']; - } - } } /* XXX: For speed reasons reference directly the interface array */ - $ifdescrs = $config['interfaces']; + $ifdescrs =& $config['interfaces']; //$ifdescrs = get_configured_interface_list(false, true); foreach ($ifdescrs as $if => $ifname) { if ($config['interfaces'][$if]['if'] == $interface) return $if; - /* XXX: ermal - The 3 lines below are totally bogus code. */ + if (get_real_interface($if) == $interface) + return $if; + $int = interface_translate_type_to_real($if); if ($int == $interface) return $ifname; @@ -2547,10 +2564,10 @@ function convert_friendly_interface_to_friendly_descr($interface) { $ifdesc = "L2TP"; break; case "pptp": - $ifdesc = "pptp"; + $ifdesc = "PPTP"; break; case "pppoe": - $ifdesc = "pppoe"; + $ifdesc = "PPPoE"; break; case "openvpn": $ifdesc = "OpenVPN"; @@ -2560,6 +2577,13 @@ function convert_friendly_interface_to_friendly_descr($interface) { $ifdesc = "IPsec"; break; default: + if (isset($config['interfaces'][$interface])) { + if (empty($config['interfaces'][$interface]['descr'])) + $ifdesc = strtoupper($interface); + else + $ifdesc = strtoupper($config['interfaces'][$interface]['descr']); + break; + } /* if list */ $ifdescrs = get_configured_interface_with_descr(false, true); foreach ($ifdescrs as $if => $ifname) { @@ -2752,6 +2776,7 @@ function find_number_of_created_carp_interfaces() { function get_all_carp_interfaces() { $ints = str_replace("\n", " ", `ifconfig | grep "carp:" -B2 | grep ": flag" | cut -d: -f1`); + $ints = explode(" ", $ints); return $ints; } @@ -2764,7 +2789,7 @@ function find_carp_interface($ip) { foreach ($config['virtualip']['vip'] as $vip) { if ($vip['mode'] == "carp" || $vip['mode'] == "carpdev") { $carp_ip = get_interface_ip($vip['interface']); - $if = `ifconfig | grep '$ip' -B1 | head -n1 | cut -d: -f1`; + $if = `ifconfig | grep '$ip ' -B1 | head -n1 | cut -d: -f1`; if ($if) return $if; } @@ -2871,10 +2896,12 @@ function link_interface_to_vips($int, $action = "") { function link_interface_to_bridge($int) { global $config; - if (is_array($config['bridges']['bridged'])) - foreach ($config['bridges']['bridged'] as $bridge) - if(stristr($bridge['members'], "{$int}")) + if (is_array($config['bridges']['bridged'])) { + foreach ($config['bridges']['bridged'] as $bridge) { + if (in_array($int, explode(',', $bridge['members']))) return "{$bridge['bridgeif']}"; + } + } } function link_interface_to_gre($interface) { @@ -2883,7 +2910,7 @@ function link_interface_to_gre($interface) { if (is_array($config['gres']['gre'])) foreach ($config['gres']['gre'] as $gre) if($gre['if'] == $interface) - return "{$gre['greif']}"; + return $gre; } function link_interface_to_gif($interface) { @@ -2892,7 +2919,7 @@ function link_interface_to_gif($interface) { if (is_array($config['gifs']['gif'])) foreach ($config['gifs']['gif'] as $gif) if($gif['if'] == $interface) - return "{$gif['gifif']}"; + return $gif; } /* @@ -2978,6 +3005,8 @@ function get_interfaces_with_gateway() { /* loop interfaces, check config for outbound */ foreach($config['interfaces'] as $ifdescr => $ifname) { + if (substr($ifdescr, 0, 5) == "ovpnc") + return true; switch ($ifname['ipaddr']) { case "dhcp": @@ -3003,6 +3032,8 @@ function interface_has_gateway($friendly) { global $config; if (!empty($config['interfaces'][$friendly])) { + if (substr($friendly, 0, 5) == "ovpnc") + return true; $ifname =& $config['interfaces'][$friendly]; switch ($ifname['ipaddr']) { case "dhcp": @@ -3066,10 +3097,10 @@ function is_interface_wireless($interface) { $friendly = convert_real_interface_to_friendly_interface_name($interface); if(!isset($config['interfaces'][$friendly]['wireless'])) { if (preg_match($g['wireless_regex'], $interface)) { - $config['interfaces'][$friendly]['wireless'] = array(); + if (isset($config['interfaces'][$friendly])) + $config['interfaces'][$friendly]['wireless'] = array(); return true; } - unset($config['interfaces'][$friendly]['wireless']); return false; } else return true; diff --git a/etc/inc/led.inc b/etc/inc/led.inc index d684100..ed67db5 100644 --- a/etc/inc/led.inc +++ b/etc/inc/led.inc @@ -138,6 +138,15 @@ function led_kitt() { } /* + * Custom pattern for assigning interfaces + */ +function led_assigninterfaces() { + led_pattern(1, 'AaaAaaaaaaaaaaaa'); + led_pattern(2, 'aaaaaAaaAaaaaaaa'); + led_pattern(3, 'aaaaaaaaaaAaaAaa'); +} + +/* * Return the three LEDs to a standard setup (1=on, 2 and 3 = off) */ function led_normalize() { @@ -147,6 +156,15 @@ function led_normalize() { } /* + * Shut off ALL LEDs. + */ +function led_alloff() { + led_off(1); + led_off(2); + led_off(3); +} + +/* * Translate a string to morse code. Characters not known to have a * valid morse code representation will be ignored. */ diff --git a/etc/inc/notices.inc b/etc/inc/notices.inc index 558a86e..4415987 100644 --- a/etc/inc/notices.inc +++ b/etc/inc/notices.inc @@ -344,6 +344,7 @@ function notify_via_smtp($message) { function notify_via_growl($message) { require_once("growl.class"); global $config; + $hostname = $config['system']['hostname'] . "." . $config['system']['domain']; $growl_ip = $config['notifications']['growl']['ipaddress']; $growl_password = $config['notifications']['growl']['password']; $growl_name = $config['notifications']['growl']['name']; @@ -351,7 +352,7 @@ function notify_via_growl($message) { if(!empty($growl_ip)) { $growl = new Growl($growl_ip, $growl_password, $growl_name); - $growl->notify("{$growl_notification}", "pfSense", "{$message}"); + $growl->notify("{$growl_notification}", "pfSense ($hostname) - Notification", "{$message}"); } } diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 3d12fa9..14a2579 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1542,6 +1542,9 @@ function download_file_with_progress_bar($url_file, $destination_file, $readbody $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url_file); curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header'); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); + /* Don't verify SSL peers since we don't have the certificates to do so. */ + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody); curl_setopt($ch, CURLOPT_NOPROGRESS, '1'); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5'); diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 6015f72..ea7c175 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -484,7 +484,7 @@ function install_package($package, $pkg_info = "") { update_output_window($static_output); if($pkg_info['after_install_info']) update_output_window($pkg_info['after_install_info']); - start_service($pkg_info['config_file']); + start_service($pkg_info['name']); $restart_sync = true; } diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc index 98766e3..356037e 100644 --- a/etc/inc/rrd.inc +++ b/etc/inc/rrd.inc @@ -1,7 +1,7 @@ <?php /* $Id$ */ /* - Copyright (C) 2008 Seth Mos + Copyright (C) 2010 Seth Mos <seth.mos@dds.nl> All rights reserved. Redistribution and use in source and binary forms, with or without @@ -174,6 +174,7 @@ function enable_rrd_graphing() { $proc = "-processor.rrd"; $mem = "-memory.rrd"; $cellular = "-cellular.rrd"; + $vpnusers = "-vpnusers.rrd"; $rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool"; $netstat = "/usr/bin/netstat"; @@ -197,6 +198,7 @@ function enable_rrd_graphing() { $rrdprocinterval = 60; $rrdmeminterval = 60; $rrdcellularinterval = 60; + $rrdvpninterval = 60; $trafficvalid = $rrdtrafficinterval * 2; $wirelessvalid = $rrdwirelessinterval * 2; @@ -209,6 +211,7 @@ function enable_rrd_graphing() { $procvalid = $rrdlbpoolinterval * 2; $memvalid = $rrdmeminterval * 2; $cellularvalid = $rrdcellularinterval * 2; + $vpnvalid = $rrdvpninterval * 2; /* Asume GigE for now */ $downstream = 125000000; @@ -250,8 +253,17 @@ function enable_rrd_graphing() { $i = 0; $ifdescrs = get_configured_interface_with_descr(); + /* IPsec counters */ $ifdescrs['ipsec'] = "IPsec"; + /* OpenVPN server counters */ + if(is_array($config['openvpn']['openvpn-server'])) { + foreach($config['openvpn']['openvpn-server'] as $server) { + $serverid = "ovpns" . $server['vpnid']; + $ifdescrs[$serverid] = "{$server['description']}"; + } + } + /* process all real and pseudo interfaces */ foreach ($ifdescrs as $ifname => $ifdescr) { $temp = get_real_interface($ifname); if($temp <> "") { @@ -336,190 +348,264 @@ function enable_rrd_graphing() { $rrdupdatesh .= "`$ifconfig {$realif} list sta| $awk 'gsub(\"M\", \"\") {getline 2;print substr(\$5, 0, length(\$5)-2) \":\" $4 \":\" $3}'`\n"; } - /* QUEUES, set up the queues databases */ - if ($altq_list_queues[$ifname]) { - $altq =& $altq_list_queues[$ifname]; - /* NOTE: Is it worth as its own function?! */ - switch ($altq->GetBwscale()) { - case "Gb": - $factor = 1024 * 1024 * 1024; - break; - case "Mb": - $factor = 1024 * 1024; - break; - case "Kb": - $factor = 1024; - break; - case "b": - default: - $factor = 1; - break; - } - $qbandwidth = $altq->GetBandwidth() * $factor; - if ($qbandwidth <=0) - $qbandwidth = 100 * 1000 * 1000; /* 100Mbit */ - $qlist =& $altq->get_queue_list($notused); - if (!file_exists("$rrddbpath$ifname$queues")) { - $rrdcreate = "$rrdtool create $rrddbpath$ifname$queues --step $rrdqueuesinterval "; - /* loop list of shaper queues */ - $q = 0; - foreach ($qlist as $qname => $q) { - $rrdcreate .= "DS:$qname:COUNTER:$queuesvalid:0:$qbandwidth "; - } + /* OpenVPN, set up the rrd file */ + if(stristr($ifname, "ovpns")) { + if (!file_exists("$rrddbpath$ifname$vpnusers")) { + $rrdcreate = "$rrdtool create $rrddbpath$ifname$vpnusers --step $rrdvpninterval "; + $rrdcreate .= "DS:users:GAUGE:$vpnvalid:0:10000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + + create_new_rrd($rrdcreate); + } - $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + /* enter UNKNOWN values in the RRD so it knows we rebooted. */ + if($g['booting']) { + mwexec("$rrdtool update $rrddbpath$ifname$vpnusers N:U"); + } - create_new_rrd($rrdcreate); + if(is_array($config['openvpn']['openvpn-server'])) { + foreach($config['openvpn']['openvpn-server'] as $server) { + if("ovpns{$server['vpnid']}" == $ifname) { + $port = $server['local_port']; + } } + } + $rrdupdatesh .= "\n"; + $rrdupdatesh .= "# polling vpn users for interface $ifname $realif port $port\n"; + $rrdupdatesh .= "list_current_users() {\n"; + $rrdupdatesh .= " sleep 0.2\n"; + $rrdupdatesh .= " echo \"status 2\"\n"; + $rrdupdatesh .= " sleep 0.2\n"; + $rrdupdatesh .= " echo \"quit\"\n"; + $rrdupdatesh .= "}\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$vpnusers N:\\\n"; + $rrdupdatesh .= "`list_current_users | nc localhost {$port} | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'`\n"; + } - if (!file_exists("$rrddbpath$ifname$queuesdrop")) { - $rrdcreate = "$rrdtool create $rrddbpath$ifname$queuesdrop --step $rrdqueuesdropinterval "; - /* loop list of shaper queues */ - $q = 0; - foreach ($qlist as $qname => $q) { - $rrdcreate .= "DS:$qname:COUNTER:$queuesdropvalid:0:$qbandwidth "; - } + /* QUEUES, set up the queues databases */ + if ($altq_list_queues[$ifname]) { + $altq =& $altq_list_queues[$ifname]; + /* NOTE: Is it worth as its own function?! */ + switch ($altq->GetBwscale()) { + case "Gb": + $factor = 1024 * 1024 * 1024; + break; + case "Mb": + $factor = 1024 * 1024; + break; + case "Kb": + $factor = 1024; + break; + case "b": + default: + $factor = 1; + break; + } + $qbandwidth = $altq->GetBandwidth() * $factor; + if ($qbandwidth <=0) { + $qbandwidth = 100 * 1000 * 1000; /* 100Mbit */ + } + $qlist =& $altq->get_queue_list($notused); + if (!file_exists("$rrddbpath$ifname$queues")) { + $rrdcreate = "$rrdtool create $rrddbpath$ifname$queues --step $rrdqueuesinterval "; + /* loop list of shaper queues */ + $q = 0; + foreach ($qlist as $qname => $q) { + $rrdcreate .= "DS:$qname:COUNTER:$queuesvalid:0:$qbandwidth "; + } - $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + + create_new_rrd($rrdcreate); + } - create_new_rrd($rrdcreate); + if (!file_exists("$rrddbpath$ifname$queuesdrop")) { + $rrdcreate = "$rrdtool create $rrddbpath$ifname$queuesdrop --step $rrdqueuesdropinterval "; + /* loop list of shaper queues */ + $q = 0; + foreach ($qlist as $qname => $q) { + $rrdcreate .= "DS:$qname:COUNTER:$queuesdropvalid:0:$qbandwidth "; } - if($g['booting']) { - $rrdqcommand = "-t "; - $rrducommand = "N"; - $q = 0; - foreach ($qlist as $qname => $q) { - if($q == 0) { - $rrdqcommand .= "{$qname}"; - } else { - $rrdqcommand .= ":{$qname}"; - } - $q++; - $rrducommand .= ":U"; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + + create_new_rrd($rrdcreate); + } + + if($g['booting']) { + $rrdqcommand = "-t "; + $rrducommand = "N"; + $q = 0; + foreach ($qlist as $qname => $q) { + if($q == 0) { + $rrdqcommand .= "{$qname}"; + } else { + $rrdqcommand .= ":{$qname}"; } - mwexec("$rrdtool update $rrddbpath$ifname$queues $rrdqcommand $rrducommand"); - mwexec("$rrdtool update $rrddbpath$ifname$queuesdrop $rrdqcommand $rrducommand"); + $q++; + $rrducommand .= ":U"; } - - /* awk function to gather shaper data */ - /* yes, it's special */ - $rrdupdatesh .= "` pfctl -vsq -i {$realif} | awk 'BEGIN {printf \"$rrdtool update $rrddbpath$ifname$queues \" } "; - $rrdupdatesh .= "{ "; - $rrdupdatesh .= "if ((\$1 == \"queue\") && ( \$2 ~ /^q/ )) { "; - $rrdupdatesh .= "dsname = dsname \":\" \$2 ; "; - $rrdupdatesh .= "q=1; "; - $rrdupdatesh .= "} "; - $rrdupdatesh .= "else if ((\$4 == \"bytes:\") && ( q == 1 ) ) { "; - $rrdupdatesh .= "dsdata = dsdata \":\" \$5 ; "; - $rrdupdatesh .= "q=0; "; - $rrdupdatesh .= "} "; - $rrdupdatesh .= "} END { "; - $rrdupdatesh .= "dsname = substr(dsname,2); "; - $rrdupdatesh .= "dsdata = substr(dsdata,2); "; - $rrdupdatesh .= "printf \"-t \" dsname \" N:\" dsdata }' "; - $rrdupdatesh .= "dsname=\"\" dsdata=\"\"`\n\n"; - - $rrdupdatesh .= "` pfctl -vsq -i {$realif} | awk 'BEGIN {printf \"$rrdtool update $rrddbpath$ifname$queuesdrop \" } "; - $rrdupdatesh .= "{ "; - $rrdupdatesh .= "if ((\$1 == \"queue\") && ( \$2 ~ /^q/ )) { "; - $rrdupdatesh .= "dsname = dsname \":\" \$2 ; "; - $rrdupdatesh .= "q=1; "; - $rrdupdatesh .= "} "; - $rrdupdatesh .= "else if ((\$4 == \"bytes:\") && ( q == 1 ) ) { "; - $rrdupdatesh .= "dsdata = dsdata \":\" \$8 ; "; - $rrdupdatesh .= "q=0; "; - $rrdupdatesh .= "} "; - $rrdupdatesh .= "} END { "; - $rrdupdatesh .= "dsname = substr(dsname,2); "; - $rrdupdatesh .= "dsdata = substr(dsdata,2); "; - $rrdupdatesh .= "printf \"-t \" dsname \" N:\" dsdata }' "; - $rrdupdatesh .= "dsname=\"\" dsdata=\"\"`\n\n"; + mwexec("$rrdtool update $rrddbpath$ifname$queues $rrdqcommand $rrducommand"); + mwexec("$rrdtool update $rrddbpath$ifname$queuesdrop $rrdqcommand $rrducommand"); } + + /* awk function to gather shaper data */ + /* yes, it's special */ + $rrdupdatesh .= "` pfctl -vsq -i {$realif} | awk 'BEGIN {printf \"$rrdtool update $rrddbpath$ifname$queues \" } "; + $rrdupdatesh .= "{ "; + $rrdupdatesh .= "if ((\$1 == \"queue\") && ( \$2 ~ /^q/ )) { "; + $rrdupdatesh .= " dsname = dsname \":\" \$2 ; "; + $rrdupdatesh .= " q=1; "; + $rrdupdatesh .= "} "; + $rrdupdatesh .= " else if ((\$4 == \"bytes:\") && ( q == 1 ) ) { "; + $rrdupdatesh .= " dsdata = dsdata \":\" \$5 ; "; + $rrdupdatesh .= " q=0; "; + $rrdupdatesh .= "} "; + $rrdupdatesh .= "} END { "; + $rrdupdatesh .= " dsname = substr(dsname,2); "; + $rrdupdatesh .= " dsdata = substr(dsdata,2); "; + $rrdupdatesh .= " printf \"-t \" dsname \" N:\" dsdata }' "; + $rrdupdatesh .= " dsname=\"\" dsdata=\"\"`\n\n"; + + $rrdupdatesh .= "` pfctl -vsq -i {$realif} | awk 'BEGIN {printf \"$rrdtool update $rrddbpath$ifname$queuesdrop \" } "; + $rrdupdatesh .= "{ "; + $rrdupdatesh .= "if ((\$1 == \"queue\") && ( \$2 ~ /^q/ )) { "; + $rrdupdatesh .= " dsname = dsname \":\" \$2 ; "; + $rrdupdatesh .= " q=1; "; + $rrdupdatesh .= "} "; + $rrdupdatesh .= " else if ((\$4 == \"bytes:\") && ( q == 1 ) ) { "; + $rrdupdatesh .= " dsdata = dsdata \":\" \$8 ; "; + $rrdupdatesh .= " q=0; "; + $rrdupdatesh .= "} "; + $rrdupdatesh .= "} END { "; + $rrdupdatesh .= " dsname = substr(dsname,2); "; + $rrdupdatesh .= " dsdata = substr(dsdata,2); "; + $rrdupdatesh .= " printf \"-t \" dsname \" N:\" dsdata }' "; + $rrdupdatesh .= " dsname=\"\" dsdata=\"\"`\n\n"; + } } $i++; /* System only statistics */ $ifname = "system"; - /* STATES, create pf states database */ - if(! file_exists("$rrddbpath$ifname$states")) { - $rrdcreate = "$rrdtool create $rrddbpath$ifname$states --step $rrdstatesinterval "; - $rrdcreate .= "DS:pfrate:GAUGE:$statesvalid:0:10000000 "; - $rrdcreate .= "DS:pfstates:GAUGE:$statesvalid:0:10000000 "; - $rrdcreate .= "DS:pfnat:GAUGE:$statesvalid:0:10000000 "; - $rrdcreate .= "DS:srcip:GAUGE:$statesvalid:0:10000000 "; - $rrdcreate .= "DS:dstip:GAUGE:$statesvalid:0:10000000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + /* STATES, create pf states database */ + if(! file_exists("$rrddbpath$ifname$states")) { + $rrdcreate = "$rrdtool create $rrddbpath$ifname$states --step $rrdstatesinterval "; + $rrdcreate .= "DS:pfrate:GAUGE:$statesvalid:0:10000000 "; + $rrdcreate .= "DS:pfstates:GAUGE:$statesvalid:0:10000000 "; + $rrdcreate .= "DS:pfnat:GAUGE:$statesvalid:0:10000000 "; + $rrdcreate .= "DS:srcip:GAUGE:$statesvalid:0:10000000 "; + $rrdcreate .= "DS:dstip:GAUGE:$statesvalid:0:10000000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + + create_new_rrd($rrdcreate); + } - create_new_rrd($rrdcreate); - } + /* enter UNKNOWN values in the RRD so it knows we rebooted. */ + if($g['booting']) { + mwexec("$rrdtool update $rrddbpath$ifname$states N:U:U:U:U:U"); + } - /* enter UNKNOWN values in the RRD so it knows we rebooted. */ - if($g['booting']) { - mwexec("$rrdtool update $rrddbpath$ifname$states N:U:U:U:U:U"); - } + /* the pf states gathering function. */ + $rrdupdatesh .= "\n"; + $rrdupdatesh .= "pfctl_si_out=\"` $pfctl -si > /tmp/pfctl_si_out `\"\n"; + $rrdupdatesh .= "pfctl_ss_out=\"` $pfctl -ss > /tmp/pfctl_ss_out`\"\n"; + $rrdupdatesh .= "pfrate=\"` cat /tmp/pfctl_si_out | egrep \"inserts|removals\" | awk '{ pfrate = \$3 + pfrate } {print pfrate}'|tail -1 `\"\n"; + $rrdupdatesh .= "pfstates=\"` cat /tmp/pfctl_ss_out | egrep -v \"<\\-.*?<\\-|\\->.*?\\->\" | wc -l|sed 's/ //g'`\"\n"; + $rrdupdatesh .= "pfnat=\"` cat /tmp/pfctl_ss_out | egrep '<\\-.*?<\\-|\\->.*?\\->' | wc -l|sed 's/ //g' `\"\n"; + $rrdupdatesh .= "srcip=\"` cat /tmp/pfctl_ss_out | egrep -v '<\\-.*?<\\-|\\->.*?\\->' | grep '\\->' | awk '{print \$3}' | awk -F: '{print \$1}' | sort -u|wc -l|sed 's/ //g' `\"\n"; + $rrdupdatesh .= "dstip=\"` cat /tmp/pfctl_ss_out | egrep -v '<\\-.*?<\\-|\\->.*?\\->' | grep '<\\-' | awk '{print \$3}' | awk -F: '{print \$1}' | sort -u|wc -l|sed 's/ //g' `\"\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$states N:\$pfrate:\$pfstates:\$pfnat:\$srcip:\$dstip\n\n"; + + /* End pf states statistics */ + + /* CPU, create CPU statistics database */ + if(! file_exists("$rrddbpath$ifname$proc")) { + $rrdcreate = "$rrdtool create $rrddbpath$ifname$proc --step $rrdprocinterval "; + $rrdcreate .= "DS:user:GAUGE:$procvalid:0:10000000 "; + $rrdcreate .= "DS:nice:GAUGE:$procvalid:0:10000000 "; + $rrdcreate .= "DS:system:GAUGE:$procvalid:0:10000000 "; + $rrdcreate .= "DS:interrupt:GAUGE:$procvalid:0:10000000 "; + $rrdcreate .= "DS:processes:GAUGE:$procvalid:0:10000000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + + create_new_rrd($rrdcreate); + } - /* the pf states gathering function. */ - $rrdupdatesh .= "\n"; - $rrdupdatesh .= "pfctl_si_out=\"` $pfctl -si > /tmp/pfctl_si_out `\"\n"; - $rrdupdatesh .= "pfctl_ss_out=\"` $pfctl -ss > /tmp/pfctl_ss_out`\"\n"; - $rrdupdatesh .= "pfrate=\"` cat /tmp/pfctl_si_out | egrep \"inserts|removals\" | awk '{ pfrate = \$3 + pfrate } {print pfrate}'|tail -1 `\"\n"; - $rrdupdatesh .= "pfstates=\"` cat /tmp/pfctl_ss_out | egrep -v \"<\\-.*?<\\-|\\->.*?\\->\" | wc -l|sed 's/ //g'`\"\n"; - $rrdupdatesh .= "pfnat=\"` cat /tmp/pfctl_ss_out | egrep '<\\-.*?<\\-|\\->.*?\\->' | wc -l|sed 's/ //g' `\"\n"; - $rrdupdatesh .= "srcip=\"` cat /tmp/pfctl_ss_out | egrep -v '<\\-.*?<\\-|\\->.*?\\->' | grep '\\->' | awk '{print \$3}' | awk -F: '{print \$1}' | sort -u|wc -l|sed 's/ //g' `\"\n"; - $rrdupdatesh .= "dstip=\"` cat /tmp/pfctl_ss_out | egrep -v '<\\-.*?<\\-|\\->.*?\\->' | grep '<\\-' | awk '{print \$3}' | awk -F: '{print \$1}' | sort -u|wc -l|sed 's/ //g' `\"\n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$states N:\$pfrate:\$pfstates:\$pfnat:\$srcip:\$dstip\n\n"; - - /* End pf states statistics */ - - /* CPU, create CPU statistics database */ - if(! file_exists("$rrddbpath$ifname$proc")) { - $rrdcreate = "$rrdtool create $rrddbpath$ifname$proc --step $rrdprocinterval "; - $rrdcreate .= "DS:user:GAUGE:$procvalid:0:10000000 "; - $rrdcreate .= "DS:nice:GAUGE:$procvalid:0:10000000 "; - $rrdcreate .= "DS:system:GAUGE:$procvalid:0:10000000 "; - $rrdcreate .= "DS:interrupt:GAUGE:$procvalid:0:10000000 "; - $rrdcreate .= "DS:processes:GAUGE:$procvalid:0:10000000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + /* enter UNKNOWN values in the RRD so it knows we rebooted. */ + if($g['booting']) { + mwexec("$rrdtool update $rrddbpath$ifname$proc N:U:U:U:U:U"); + } - create_new_rrd($rrdcreate); - } + /* the CPU stats gathering function. */ + $rrdupdatesh .= "`$top -d 2 -s 1 0 | $awk '{gsub(/%/, \"\")} BEGIN { \\\n"; + $rrdupdatesh .= "printf \"$rrdtool update $rrddbpath$ifname$proc \" } \\\n"; + $rrdupdatesh .= "{ if ( \$2 == \"processes:\" ) { processes = \$1; } \\\n"; + $rrdupdatesh .= "else if ( \$1 == \"CPU:\" ) { user = \$2; nice = \$4; sys = \$6; interrupt = \$8; } \\\n"; + $rrdupdatesh .= "} END { printf \"N:\"user\":\"nice\":\"sys\":\"interrupt\":\"processes }'`\n\n"; + + /* End CPU statistics */ + + /* Memory, create Memory statistics database */ + if(! file_exists("$rrddbpath$ifname$mem")) { + $rrdcreate = "$rrdtool create $rrddbpath$ifname$mem --step $rrdmeminterval "; + $rrdcreate .= "DS:active:GAUGE:$memvalid:0:10000000 "; + $rrdcreate .= "DS:inactive:GAUGE:$memvalid:0:10000000 "; + $rrdcreate .= "DS:free:GAUGE:$memvalid:0:10000000 "; + $rrdcreate .= "DS:cache:GAUGE:$memvalid:0:10000000 "; + $rrdcreate .= "DS:wire:GAUGE:$memvalid:0:10000000 "; + $rrdcreate .= "RRA:MIN:0.5:1:1000 "; + $rrdcreate .= "RRA:MIN:0.5:5:1000 "; + $rrdcreate .= "RRA:MIN:0.5:60:1000 "; + $rrdcreate .= "RRA:MIN:0.5:720:3000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + $rrdcreate .= "RRA:MAX:0.5:1:1000 "; + $rrdcreate .= "RRA:MAX:0.5:5:1000 "; + $rrdcreate .= "RRA:MAX:0.5:60:1000 "; + $rrdcreate .= "RRA:MAX:0.5:720:3000"; + + create_new_rrd($rrdcreate); + } - /* enter UNKNOWN values in the RRD so it knows we rebooted. */ - if($g['booting']) { - mwexec("$rrdtool update $rrddbpath$ifname$proc N:U:U:U:U:U"); - } + /* enter UNKNOWN values in the RRD so it knows we rebooted. */ + if($g['booting']) { + mwexec("$rrdtool update $rrddbpath$ifname$mem N:U:U:U:U:U"); + } - /* the CPU stats gathering function. */ - $rrdupdatesh .= "`$top -d 2 -s 1 0 | $awk '{gsub(/%/, \"\")} BEGIN { \\\n"; - $rrdupdatesh .= "printf \"$rrdtool update $rrddbpath$ifname$proc \" } \\\n"; - $rrdupdatesh .= "{ if ( \$2 == \"processes:\" ) { processes = \$1; } \\\n"; - $rrdupdatesh .= "else if ( \$1 == \"CPU:\" ) { user = \$2; nice = \$4; sys = \$6; interrupt = \$8; } \\\n"; - $rrdupdatesh .= "} END { printf \"N:\"user\":\"nice\":\"sys\":\"interrupt\":\"processes }'`\n\n"; - - /* End CPU statistics */ - - /* Memory, create Memory statistics database */ - if(! file_exists("$rrddbpath$ifname$mem")) { - $rrdcreate = "$rrdtool create $rrddbpath$ifname$mem --step $rrdmeminterval "; - $rrdcreate .= "DS:active:GAUGE:$memvalid:0:10000000 "; - $rrdcreate .= "DS:inactive:GAUGE:$memvalid:0:10000000 "; - $rrdcreate .= "DS:free:GAUGE:$memvalid:0:10000000 "; - $rrdcreate .= "DS:cache:GAUGE:$memvalid:0:10000000 "; - $rrdcreate .= "DS:wire:GAUGE:$memvalid:0:10000000 "; + /* the Memory stats gathering function. */ + $rrdupdatesh .= "`$sysctl -n vm.stats.vm.v_page_count vm.stats.vm.v_active_count vm.stats.vm.v_inactive_count vm.stats.vm.v_free_count vm.stats.vm.v_cache_count vm.stats.vm.v_wire_count | "; + $rrdupdatesh .= " $awk '{getline active;getline inactive;getline free;getline cache;getline wire;printf \"$rrdtool update $rrddbpath$ifname$mem N:\""; + $rrdupdatesh .= "((active/$0) * 100)\":\"((inactive/$0) * 100)\":\"((free/$0) * 100)\":\"((cache/$0) * 100)\":\"(wire/$0 * 100)}'`\n\n"; + + /* End Memory statistics */ + + /* SPAMD, set up the spamd rrd file */ + if (isset($config['installedpackages']['spamdsettings']) && + isset ($config['installedpackages']['spamdsettings']['config'][0]['enablerrd'])) { + /* set up the spamd rrd file */ + if (!file_exists("$rrddbpath$ifname$spamd")) { + $rrdcreate = "$rrdtool create $rrddbpath$ifname$spamd --step $rrdspamdinterval "; + $rrdcreate .= "DS:conn:GAUGE:$spamdvalid:0:10000 "; + $rrdcreate .= "DS:time:GAUGE:$spamdvalid:0:86400 "; $rrdcreate .= "RRA:MIN:0.5:1:1000 "; $rrdcreate .= "RRA:MIN:0.5:5:1000 "; $rrdcreate .= "RRA:MIN:0.5:60:1000 "; @@ -531,56 +617,21 @@ function enable_rrd_graphing() { $rrdcreate .= "RRA:MAX:0.5:1:1000 "; $rrdcreate .= "RRA:MAX:0.5:5:1000 "; $rrdcreate .= "RRA:MAX:0.5:60:1000 "; - $rrdcreate .= "RRA:MAX:0.5:720:3000"; + $rrdcreate .= "RRA:MAX:0.5:720:3000 "; create_new_rrd($rrdcreate); } - /* enter UNKNOWN values in the RRD so it knows we rebooted. */ - if($g['booting']) { - mwexec("$rrdtool update $rrddbpath$ifname$mem N:U:U:U:U:U"); - } - - /* the Memory stats gathering function. */ - $rrdupdatesh .= "`$sysctl -n vm.stats.vm.v_page_count vm.stats.vm.v_active_count vm.stats.vm.v_inactive_count vm.stats.vm.v_free_count vm.stats.vm.v_cache_count vm.stats.vm.v_wire_count | "; - $rrdupdatesh .= " $awk '{getline active;getline inactive;getline free;getline cache;getline wire;printf \"$rrdtool update $rrddbpath$ifname$mem N:\""; - $rrdupdatesh .= "((active/$0) * 100)\":\"((inactive/$0) * 100)\":\"((free/$0) * 100)\":\"((cache/$0) * 100)\":\"(wire/$0 * 100)}'`\n\n"; - - /* End Memory statistics */ - - /* SPAMD, set up the spamd rrd file */ - if (isset($config['installedpackages']['spamdsettings']) && - isset ($config['installedpackages']['spamdsettings']['config'][0]['enablerrd'])) { - /* set up the spamd rrd file */ - if (!file_exists("$rrddbpath$ifname$spamd")) { - $rrdcreate = "$rrdtool create $rrddbpath$ifname$spamd --step $rrdspamdinterval "; - $rrdcreate .= "DS:conn:GAUGE:$spamdvalid:0:10000 "; - $rrdcreate .= "DS:time:GAUGE:$spamdvalid:0:86400 "; - $rrdcreate .= "RRA:MIN:0.5:1:1000 "; - $rrdcreate .= "RRA:MIN:0.5:5:1000 "; - $rrdcreate .= "RRA:MIN:0.5:60:1000 "; - $rrdcreate .= "RRA:MIN:0.5:720:3000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; - $rrdcreate .= "RRA:MAX:0.5:1:1000 "; - $rrdcreate .= "RRA:MAX:0.5:5:1000 "; - $rrdcreate .= "RRA:MAX:0.5:60:1000 "; - $rrdcreate .= "RRA:MAX:0.5:720:3000 "; - - create_new_rrd($rrdcreate); - } - - $rrdupdatesh .= "\n"; - $rrdupdatesh .= "# polling spamd for connections and tarpitness \n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$spamd \\\n"; - $rrdupdatesh .= "`$php -q $spamd_gather`\n"; + $rrdupdatesh .= "\n"; + $rrdupdatesh .= "# polling spamd for connections and tarpitness \n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$spamd \\\n"; + $rrdupdatesh .= "`$php -q $spamd_gather`\n"; - } + } /* End System statistics */ /* 3G WIRELESS, set up the rrd file */ + /* XXX: Are multiple 3G interfaces not possible? smos@ */ if(isset($config['ppps']['ppp'])) { $ifname = "ppp"; if (!file_exists("$rrddbpath$ifname$cellular")) { diff --git a/etc/inc/services.inc b/etc/inc/services.inc index af0d0c2..65ed7ba 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -136,6 +136,8 @@ EOD; $dhcpnum = 0; foreach ($dhcpdcfg as $dhcpif => $dhcpifconf) { + interfaces_staticarp_configure($dhcpif); + if (!isset($dhcpifconf['enable'])) continue; @@ -156,7 +158,7 @@ EOD; foreach ($a_vip as $vipent) { if($int == $real_dhcpif) { /* this is the interface! */ - if($vipent['advskew'] < "20") + if(!empty($vipent['advskew']) && ($vipent['advskew'] < "20")) $skew = 0; } } @@ -501,12 +503,35 @@ function services_dhcrelay_configure() { $iflist = get_configured_interface_list(); foreach ($iflist as $ifname) { $subnet = get_interface_ip($ifname) . "/" . get_interface_subnet($ifname); - if (ip_in_subnet($dhcrelaycfg['server'],$subnet)) + if (ip_in_subnet($dhcrelaycfg['server'],$subnet)) { $destif = get_real_interface($ifname); + break; + } + } + if (!isset($destif)) { + if (is_array($config['staticroutes']['route'])) { + foreach ($config['staticroutes']['route'] as $rtent) { + if (ip_in_subnet($dhcrelaycfg['server'], $rtent['network'])) { + $a_gateways = return_gateways_array(true); + $destif = $a_gateways[$rtent['gateway']]['interface']; + break; + } + } + } } - if (!isset($destif)) - $destif = $config['interfaces']['wan']['if']; + if (!isset($destif)) { + if (is_array($config['gateways']['gateway_item'])) { + foreach ($config['gateways']['gateway_item'] as $gateway) { + if (isset($gateway['defaultgw'])) { + $a_gateways = return_gateways_array(true); + $destif = $a_gateways[$rtent['gateway']]['interface']; + break; + } + } + } else + $destif = get_real_interface("wan"); + } $dhcrelayifs[] = $destif; $dhcrelayifs = array_unique($dhcrelayifs); @@ -613,13 +638,18 @@ function services_dnsmasq_configure() { /* Allow DNS Rebind for forwarded domains */ if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) { - foreach($config['dnsmasq']['domainoverrides'] as $override) { - $args .= ' --rebind-domain-ok=/' . $override['domain'] . '/ '; + if(!isset($config['system']['webgui']['nodnsrebindcheck'])) { + foreach($config['dnsmasq']['domainoverrides'] as $override) { + $args .= ' --rebind-domain-ok=/' . $override['domain'] . '/ '; + } } } + if(!isset($config['system']['webgui']['nodnsrebindcheck'])) + $dns_rebind = "--rebind-localhost-ok --stop-dns-rebind"; + /* run dnsmasq */ - mwexec("/usr/local/sbin/dnsmasq --rebind-localhost-ok --stop-dns-rebind --local-ttl 1 --all-servers --dns-forward-max=5000 --cache-size=10000 {$args}"); + mwexec("/usr/local/sbin/dnsmasq --local-ttl 1 --all-servers {$dns_rebind} --dns-forward-max=5000 --cache-size=10000 {$args}"); if ($g['booting']) echo "done.\n"; @@ -879,7 +909,7 @@ EOD; fclose($fd); /* invoke nsupdate */ - $cmd = "/usr/sbin/nsupdate -k {$g['varetc_path']}/K{$i}{$keyname}+157+00000.key"; + $cmd = "/usr/bin/nsupdate -k {$g['varetc_path']}/K{$i}{$keyname}+157+00000.key"; if (isset($dnsupdate['usetcp'])) $cmd .= " -v"; $cmd .= " {$g['varetc_path']}/nsupdatecmds{$i}"; diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 85090bb..a9b9815 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -333,11 +333,9 @@ class altq_root_queue { function ReadConfig(&$conf) { if (isset($conf['tbrconfig'])) $this->SetTbrConfig($conf['tbrconfig']); - if ($conf['bandwidth'] <> "") { - $this->SetBandwidth($conf['bandwidth']); - if ($conf['bandwidthtype'] <> "") - $this->SetBwscale($conf['bandwidthtype']); - } + $this->SetBandwidth($conf['bandwidth']); + if ($conf['bandwidthtype'] <> "") + $this->SetBwscale($conf['bandwidthtype']); if (isset($conf['scheduler'])) { if ($this->GetScheduler() != $conf['scheduler']) { foreach ($this->queues as $q) { @@ -517,10 +515,11 @@ class altq_root_queue { $rules = " altq on " . get_real_interface($this->GetInterface()); if ($this->GetScheduler()) $rules .= " ".strtolower($this->GetScheduler()); - if ($this->GetBandwidth()) + if ($this->GetBandwidth()) { $rules .= " bandwidth ".trim($this->GetBandwidth()); - if ($this->GetBwscale()) - $rules .= $this->GetBwscale(); + if ($this->GetBwscale()) + $rules .= $this->GetBwscale(); + } if ($this->GetTbrConfig()) $rules .= " tbrsize ".$this->GetTbrConfig(); if (count($this->queues)) { @@ -593,19 +592,19 @@ class altq_root_queue { * to the user like the traffic wizard does. */ function build_form() { - $form = "<tr><td valign=\"top\" class=\"vncellreq\"><br>"; + $form = "<tr><td valign=\"center\" class=\"vncellreq\"><br>"; $form .= "Enable/Disable"; - $form .= "</td><td class=\"vncellreq\">"; + $form .= "<br/></td><td class=\"vncellreq\">"; $form .= " <input type=\"checkbox\" id=\"enabled\" name=\"enabled\" value=\"on\""; if ($this->GetEnabled() == "on") $form .= " CHECKED"; $form .= " ><span class=\"vexpl\"> Enable/disable discipline and its children</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\"><br><span class=\"vexpl\">Name</span></td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\"><br><span class=\"vexpl\">Name</span></td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<strong>".$this->GetQname()."</strong>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">Scheduler Type "; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Scheduler Type "; $form .= "</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<select id=\"scheduler\" name=\"scheduler\" class=\"formselect\">"; @@ -631,7 +630,7 @@ class altq_root_queue { $form .= " Beware you can lose information."; $form .= "</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">Bandwidth"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Bandwidth"; $form .= "</td><td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"bandwidth\" name=\"bandwidth\" value=\""; $form .= $this->GetBandwidth() . "\">"; @@ -654,15 +653,15 @@ class altq_root_queue { $form .= ">Bit/s</option>"; $form .= "</select>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">Queue Limit</td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Queue Limit</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"qlimit\" name=\"qlimit\" value=\""; $form .= $this->GetQlimit(); $form .= "\">"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">TBR Size</td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">TBR Size</td>"; $form .= "<td class=\"vncellreq\">"; - $form .= "<input type=\"text\" id=\"tbrconfig\" name=\"tbrconfig\" value=\""; + $form .= "<br /><input type=\"text\" id=\"tbrconfig\" name=\"tbrconfig\" value=\""; $form .= $this->GetTbrConfig(); $form .= "\">"; $form .= "<br> <span class=\"vexpl\">"; @@ -956,11 +955,9 @@ class priq_queue { $this->SetQname($q['name']); if (isset($q['interface'])) $this->SetInterface($q['interface']); - if ($q['bandwidth'] <> "") { - $this->SetBandwidth($q['bandwidth']); - if ($q['bandwidthtype'] <> "") - $this->SetBwscale($q['bandwidthtype']); - } + $this->SetBandwidth($q['bandwidth']); + if ($q['bandwidthtype'] <> "") + $this->SetBwscale($q['bandwidthtype']); if (!empty($q['qlimit'])) $this->SetQlimit($q['qlimit']); else @@ -1075,38 +1072,38 @@ class priq_queue { * need to update it. */ function build_form() { - $form = "<tr><td valign=\"top\" class=\"vncellreq\"><br>"; + $form = "<tr><td valign=\"center\" class=\"vncellreq\"><br>"; $form .= "Enable/Disable"; - $form .= "</td><td class=\"vncellreq\">"; + $form .= "<br/></td><td class=\"vncellreq\">"; $form .= " <input type=\"checkbox\" id=\"enabled\" name=\"enabled\" value=\"on\""; if ($this->GetEnabled() == "on") $form .= " CHECKED"; $form .= " ><span class=\"vexpl\"> Enable/Disable queue and its children</span>"; $form .= "</td></tr>"; $form .= "<tr>"; - $form .= "<td width=\"22%\" valign=\"top\" class=\"vncellreq\">"; + $form .= "<td width=\"22%\" valign=\"center\" class=\"vncellreq\">"; $form .= "Queue Name</td><td width=\"78%\" class=\"vtable\">"; $form .= "<input name=\"name\" type=\"text\" id=\"name\" class=\"formfld unknown\" size=\"15\" maxlength=\"15\" value=\""; $form .= htmlspecialchars($this->GetQname()); $form .= "\">"; - $form .= "<br> <span class=\"vexpl\">Enter the name of the queue here. Do not use spaces and limit the size to 15 characters."; - $form .= "</span></td>"; + $form .= "<br /> <span class=\"vexpl\">Enter the name of the queue here. Do not use spaces and limit the size to 15 characters."; + $form .= "</span><br /></td>"; $form .= "</tr><tr>"; - $form .= "<td width=\"22%\" valign=\"top\" class=\"vncellreq\">Priority</td>"; + $form .= "<td width=\"22%\" valign=\"center\" class=\"vncellreq\">Priority</td>"; $form .= "<td width=\"78%\" class=\"vtable\"> <input name=\"priority\" type=\"text\" id=\"priority\" size=\"5\" value=\""; $form .= htmlspecialchars($this->GetQpriority()); $form .= "\">"; $form .= "<br> <span class=\"vexpl\">For hfsc, the range is 0 to 7. The default is 1. Hfsc queues with a higher priority are preferred in the case of overload.</span></td>"; $form .= "</tr>"; - $form .= "</tr>"; - $form .= "<td width=\"22%\" valign=\"top\" class=\"vncellreq\">Queue limit</td>"; - $form .= "<td width=\"78%\" class=\"vtable\"> <input name=\"qlimit\" type=\"text\" id=\"qlimit\" size=\"5\" value=\""; + $form .= "<tr>"; + $form .= "<td width=\"22%\" valign=\"center\" class=\"vncellreq\">Queue limit</td>"; + $form .= "<td width=\"78%\" class=\"vtable\"> <input name=\"qlimit\" type=\"text\" id=\"qlimit\" size=\"8\" value=\""; $form .= htmlspecialchars($this->GetQlimit()); $form .= "\">"; $form .= "<br> <span class=\"vexpl\">Queue limit in packets per second."; $form .= "</span></td>"; $form .= "<tr>"; - $form .= "<td width=\"22%\" valign=\"top\" class=\"vncell\">Scheduler options</td>"; + $form .= "<td width=\"22%\" valign=\"center\" class=\"vncell\">Scheduler options</td>"; $form .= "<td width=\"78%\" class=\"vtable\">"; $tmpvalue = $this->GetDefault(); if (!empty($tmpvalue)) { @@ -1791,8 +1788,9 @@ class hfsc_queue extends priq_queue { } function build_form() { - $form = "<tr>"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Bandwidth</td>"; + $form = parent::build_form(); + $form .= "<tr>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Bandwidth</td>"; $form .= "<td class=\"vtable\"> <input name=\"bandwidth\" id=\"bandwidth\" class=\"formfld unknown\" value=\""; $form .= htmlspecialchars($this->GetBandwidth()); $form .= "\">"; @@ -1819,10 +1817,9 @@ class hfsc_queue extends priq_queue { $form .= ">%</option>"; $form .= "</select> <br>"; $form .= "<span class=\"vexpl\">Choose the amount of bandwidth for this queue"; - $form .= "</span></td>"; - $form .= parent::build_form(); + $form .= "</span></td></tr>"; $form .= "<tr>"; - $form .= "<td width=\"22%\" valign=\"top\" class=\"vncellreq\">Service Curve (sc)</td>"; + $form .= "<td width=\"22%\" valign=\"center\" class=\"vncellreq\">Service Curve (sc)</td>"; $form .= "<td width=\"78%\" class=\"vtable\">"; $form .= "<table>"; $form .= "<tr><td> </td><td><center>m1</center></td><td><center>d</center></td><td><center><b>m2</b></center></td></tr>"; @@ -2265,8 +2262,9 @@ class cbq_queue extends priq_queue { } function build_form() { - $form = "<tr>"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Bandwidth</td>"; + $form = parent::build_form(); + $form .= "<tr>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Bandwidth</td>"; $form .= "<td class=\"vtable\"> <input name=\"bandwidth\" id=\"bandwidth\" class=\"formfld unknown\" value=\""; if ($this->GetBandwidth() > 0) $form .= htmlspecialchars($this->GetBandwidth()); @@ -2295,7 +2293,6 @@ class cbq_queue extends priq_queue { $form .= "</select> <br>"; $form .= "<span class=\"vexpl\">Choose the amount of bandwidth for this queue"; $form .= "</span></td></tr>"; - $form .= parent::build_form(); $form .= "<tr><td class=\"vncellreq\">Scheduler specific options</td>"; $form .= "<td class=\"vtable\"><input type=\"checkbox\" id=\"borrow\" name=\"borrow\""; if($this->GetBorrow() == "on") @@ -2528,8 +2525,9 @@ class fairq_queue extends priq_queue { } function build_form() { - $form = "<tr>"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Bandwidth</td>"; + $form = parent::build_form(); + $form .= "<tr>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Bandwidth</td>"; $form .= "<td class=\"vtable\"> <input name=\"bandwidth\" id=\"bandwidth\" class=\"formfld unknown\" value=\""; if ($this->GetBandwidth() > 0) $form .= htmlspecialchars($this->GetBandwidth()); @@ -2558,7 +2556,6 @@ class fairq_queue extends priq_queue { $form .= "</select> <br>"; $form .= "<span class=\"vexpl\">Choose the amount of bandwidth for this queue"; $form .= "</span></td></tr>"; - $form .= parent::build_form(); $form .= "<tr><td class=\"vncellreq\">Scheduler specific options</td>"; $form .= "<td class=\"vtable\"><table><tr><td>"; $form .= "<input id=\"buckets\" name=\"buckets\" value=\""; @@ -2923,7 +2920,7 @@ class dnpipe_class extends dummynet_class { } function build_form() { - $form = "<tr><td valign=\"top\" class=\"vncellreq\"><br>"; + $form = "<tr><td valign=\"center\" class=\"vncellreq\"><br>"; $form .= "Enable/Disable"; $form .= "</td><td class=\"vncellreq\">"; $form .= " <input type=\"checkbox\" id=\"enabled\" name=\"enabled\" value=\"on\""; @@ -2931,12 +2928,12 @@ class dnpipe_class extends dummynet_class { $form .= " CHECKED"; $form .= " ><span class=\"vexpl\"> Enable/Disable limiter and its children</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\"><br><span class=\"vexpl\">Name</span></td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\"><br><span class=\"vexpl\">Name</span></td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"name\" name=\"name\" value=\""; $form .= $this->GetQname()."\">"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">Bandwidth"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Bandwidth"; $form .= "</td><td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"bandwidth\" name=\"bandwidth\" value=\""; $form .= $this->GetBandwidth() . "\">"; @@ -2959,7 +2956,7 @@ class dnpipe_class extends dummynet_class { $form .= ">Bit/s</option>"; $form .= "</select>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">Mask</td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Mask</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<select name=\"mask\" class=\"formselect\">"; $form .= "<option value=\"none\""; @@ -2982,7 +2979,7 @@ class dnpipe_class extends dummynet_class { $form .= "respectively. This makes it possible to easily specify bandwidth \n"; $form .= "limits per host.</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">Description</td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Description</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" class=\"formfld unknown\" size=\"50%\" id=\"description\" name=\"description\" value=\""; $form .= $this->GetDescription(); @@ -2999,16 +2996,16 @@ class dnpipe_class extends dummynet_class { $form .= "</div></td></tr>"; $form .= "<tr style=\"display:none\" id=\"sprtable\" name=\"sprtable\">"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Delay</td>"; - $form .= "<td valign=\"top\" class=\"vncellreq\">"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Delay</td>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">"; $form .= "<input name=\"delay\" type=\"text\" id=\"delay\" size=\"5\" value=\""; $form .= $this->GetDelay() . "\">"; $form .= " ms<br> <span class=\"vexpl\">Hint: in most cases, you "; $form .= "should specify 0 here (or leave the field empty)</span>"; $form .= "</td></tr><br/>"; $form .= "<tr style=\"display:none\" id=\"sprtable1\" name=\"sprtable1\">"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Packet loss rate</td>"; - $form .= "<td valign=\"top\" class=\"vncellreq\">"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Packet loss rate</td>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">"; $form .= "<input name=\"plr\" type=\"text\" id=\"plr\" size=\"5\" value=\""; $form .= $this->GetPlr() . "\">"; $form .= " <br> <span class=\"vexpl\">Hint: in most cases, you "; @@ -3016,7 +3013,7 @@ class dnpipe_class extends dummynet_class { $form .= "A value of 0.001 means one packet in 1000 gets dropped</span>"; $form .= "</td></tr>"; $form .= "<tr style=\"display:none\" id=\"sprtable2\" name=\"sprtable2\">"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Queue Size</td>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Queue Size</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"qlimit\" name=\"qlimit\" value=\""; $form .= $this->GetQlimit() . "\">"; @@ -3027,7 +3024,7 @@ class dnpipe_class extends dummynet_class { $form .= "are delivered to their destination.</span>"; $form .= "</td></tr>"; $form .= "<tr style=\"display:none\" id=\"sprtable5\" name=\"sprtable5\">"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Bucket Size</td>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Bucket Size</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"buckets\" name=\"buckets\" value=\""; $form .= $this->GetBuckets() . "\">"; @@ -3166,7 +3163,7 @@ class dnqueue_class extends dummynet_class { } function build_form() { - $form = "<tr><td valign=\"top\" class=\"vncellreq\"><br>"; + $form = "<tr><td valign=\"center\" class=\"vncellreq\"><br>"; $form .= "Enable/Disable"; $form .= "</td><td class=\"vncellreq\">"; $form .= " <input type=\"checkbox\" id=\"enabled\" name=\"enabled\" value=\"on\""; @@ -3174,12 +3171,12 @@ class dnqueue_class extends dummynet_class { $form .= " CHECKED"; $form .= " ><span class=\"vexpl\"> Enable/Disable queue and its children</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\"><br><span class=\"vexpl\">Name</span></td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\"><br><span class=\"vexpl\">Name</span></td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"name\" name=\"name\" value=\""; $form .= $this->GetQname()."\">"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">Mask</td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Mask</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<select name=\"mask\" class=\"formselect\">"; $form .= "<option value=\"none\""; @@ -3202,7 +3199,7 @@ class dnqueue_class extends dummynet_class { $form .= "respectively. This makes it possible to easily specify bandwidth \n"; $form .= "limits per host.</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">Description</td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Description</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"description\" class=\"formfld unknown\" size=\"50%\" name=\"description\" value=\""; $form .= $this->GetDescription(); @@ -3218,16 +3215,16 @@ class dnqueue_class extends dummynet_class { $form .= " value=\"Show advanced options\"></input></a>"; $form .= "</div></td></tr>"; $form .= "<tr style=\"display:none\" id=\"sprtable\" name=\"sprtable\">"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Weight</td>"; - $form .= "<td valign=\"top\" class=\"vncellreq\">"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Weight</td>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">"; $form .= "<input name=\"weight\" type=\"text\" id=\"weight\" size=\"5\" value=\""; $form .= $this->GetWeight() . "\">"; $form .= " ms<br> <span class=\"vexpl\">Hint: For queues under the same parent "; $form .= "this specifies the share that a queue gets(values range from 1 to 100, you can leave it blank otherwise)</span>"; $form .= "</td></tr>"; $form .= "<tr style=\"display:none\" id=\"sprtable1\" name=\"sprtable1\">"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Packet loss rate</td>"; - $form .= "<td valign=\"top\" class=\"vncellreq\">"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Packet loss rate</td>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">"; $form .= "<input name=\"plr\" type=\"text\" id=\"plr\" size=\"5\" value=\""; $form .= $this->GetPlr() . "\">"; $form .= " <br> <span class=\"vexpl\">Hint: in most cases, you "; @@ -3235,7 +3232,7 @@ class dnqueue_class extends dummynet_class { $form .= "A value of 0.001 means one packet in 1000 gets dropped</span>"; $form .= "</td></tr>"; $form .= "<tr style=\"display:none\" id=\"sprtable2\" name=\"sprtable2\">"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Queue Size</td>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Queue Size</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"qlimit\" name=\"qlimit\" value=\""; $form .= $this->GetQlimit() . "\">"; @@ -3246,7 +3243,7 @@ class dnqueue_class extends dummynet_class { $form .= "are delivered to their destination.</span>"; $form .= "</td></tr>"; $form .= "<tr style=\"display:none\" id=\"sprtable5\" name=\"sprtable5\">"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Bucket Size</td>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Bucket Size</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"buckets\" name=\"buckets\" value=\""; $form .= $this->GetBuckets() . "\">"; @@ -3384,7 +3381,7 @@ class layer7 { } function build_form() { - $form = "<tr><td valign=\"top\" class=\"vncellreq\"><br>"; + $form = "<tr><td valign=\"center\" class=\"vncellreq\"><br>"; $form .= "Enable/Disable"; $form .= "</td><td class=\"vncellreq\">"; $form .= " <input type=\"checkbox\" id=\"enabled\" name=\"enabled\" value=\"on\" "; @@ -3393,12 +3390,12 @@ class layer7 { } $form .= " ><span class=\"vexpl\"> Enable/Disable layer7 Container</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\"><br><span class=\"vexpl\">Name</span></td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\"><br><span class=\"vexpl\">Name</span></td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"container\" name=\"container\" value=\""; $form .= $this->GetRName()."\">"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">Description</td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Description</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" class=\"formfld unknown\" size=\"50%\" id=\"description\" name=\"description\" value=\""; $form .= $this->GetRDescription(); diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 41f3123..e7fc684 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -276,10 +276,10 @@ function system_routing_configure($interface = "") { $gatewayip = ""; $interfacegw = ""; + $foundgw = false; /* tack on all the hard defined gateways as well */ if (is_array($config['gateways']['gateway_item'])) { mwexec("/bin/rm {$g['tmp_path']}/*_defaultgw", true); - $foundgw = false; foreach ($config['gateways']['gateway_item'] as $gateway) { if (isset($gateway['defaultgw'])) { if ($gateway['gateway'] == "dynamic") @@ -295,13 +295,13 @@ function system_routing_configure($interface = "") { break; } } - if ($foundgw == false) { - $defaultif = get_real_interface("wan"); - $interfacegw = "wan"; - $gatewayip = get_interface_gateway("wan"); - @touch("{$g['tmp_path']}/{$defaultif}_defaultgw"); - } } + if ($foundgw == false) { + $defaultif = get_real_interface("wan"); + $interfacegw = "wan"; + $gatewayip = get_interface_gateway("wan"); + @touch("{$g['tmp_path']}/{$defaultif}_defaultgw"); + } $dont_add_route = false; /* if OLSRD is enabled, allow WAN to house DHCP. */ if($config['installedpackages']['olsrd']) { @@ -727,7 +727,7 @@ function system_generate_lighty_config($filename, $cert_location = "cert.pem", $ca_location = "ca.pem", $max_procs = 1, - $max_requests = "1", + $max_requests = "2", $fast_cgi_enable = true, $captive_portal = false) { @@ -1451,4 +1451,4 @@ function system_get_dmesg_boot() { return file_get_contents("{$g['varlog_path']}/dmesg.boot"); } -?>
\ No newline at end of file +?> diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 104d5ac..3466719 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -622,6 +622,8 @@ function upgrade_039_to_040() { $config['system']['user'][0]['groupname'] = "admins"; $config['system']['user'][0]['password'] = "{$config['system']['password']}"; $config['system']['user'][0]['uid'] = "0"; + /* Ensure that we follow what this new "admin" username should be in the session. */ + $_SESSION["Username"] = "{$config['system']['username']}"; $config['system']['user'][0]['priv'] = array(); $config['system']['user'][0]['priv'][0]['id'] = "lockwc"; @@ -1122,20 +1124,11 @@ function upgrade_047_to_048() { unset($config['dyndns']); } if (!empty($config['dnsupdate'])) { - $config['dnsupdates'][0]['dnsupdate'] = array(); - $pconfig = array(); - $pconfig['dnsupdate_enable'] = isset($config['dnsupdate'][0]['enable']); - $pconfig['dnsupdate_host'] = $config['dnsupdate'][0]['host']; - $pconfig['dnsupdate_ttl'] = $config['dnsupdate'][0]['ttl']; - if (!$pconfig['dnsupdate_ttl']) - $pconfig['dnsupdate_ttl'] = 60; - $pconfig['dnsupdate_keydata'] = $config['dnsupdate'][0]['keydata']; - $pconfig['dnsupdate_keyname'] = $config['dnsupdate'][0]['keyname']; - $pconfig['dnsupdate_keytype'] = $config['dnsupdate'][0]['keytype']; - if (!$pconfig['dnsupdate_keytype']) - $pconfig['dnsupdate_keytype'] = "zone"; - $pconfig['dnsupdate_server'] = $config['dnsupdate'][0]['server']; - $pconfig['dnsupdate_usetcp'] = isset($config['dnsupdate'][0]['usetcp']); + $pconfig = $config['dnsupdate'][0]; + if (!$pconfig['ttl']) + $pconfig['ttl'] = 60; + if (!$pconfig['keytype']) + $pconfig['keytype'] = "zone"; $pconfig['interface'] = "wan"; $config['dnsupdates']['dnsupdate'][] = $pconfig; unset($config['dnsupdate']); @@ -1619,8 +1612,9 @@ function upgrade_053_to_054() { $lbpool_srv_arr = array(); $gateway_group_arr = array(); $gateways = return_gateways_array(); - if (is_array($config['gateways']['gateway_item'])) + if (! is_array($config['gateways']['gateway_item'])) $config['gateways']['gateway_item'] = array(); + $a_gateways =& $config['gateways']['gateway_item']; foreach($lbpool_arr as $lbpool) { if($lbpool['type'] == "gateway") { @@ -1637,10 +1631,7 @@ function upgrade_053_to_054() { $static_name = "GW_" . strtoupper($interface); if(is_ipaddr($monitor)) { $interface = $static_name; - if(is_array($gateways[$static_name]) && isset($gateways[$static_name]['attribute'])) - $a_gateways[$gateways[$static_name]['attribute']]['monitor'] = $monitor; - else - $config['interfaces'][$interface]['monitorip'] = $monitor; + $config['interfaces'][$interface]['monitorip'] = $monitor; } /* on failover increment tier. Else always assign 1 */ if($lbpool['behaviour'] == "failover") { @@ -1705,14 +1696,15 @@ function upgrade_054_to_055() { } /* the roundtrip times need to be divided by 1000 to get seconds, really */ $databases = array(); - exec("cd $rrddbpath;/usr/bin/find *-quality.rrd", $databases); - echo "done.\n"; + chdir($rrddbpath); + $databases = glob("*-quality.rrd"); rsort($databases); foreach($databases as $database) { $xmldump = "{$database}.old.xml"; $xmldumpnew = "{$database}.new.xml"; - echo "Migrate RRD database {$database} to new format \n"; + if ($g['booting']) + echo "Migrate RRD database {$database} to new format \n"; mwexec("$rrdtool tune {$rrddbpath}{$database} -r roundtrip:delay 2>&1"); dump_rrd_to_xml("{$rrddbpath}/{$database}", "{$g['tmp_path']}/{$xmldump}"); @@ -1749,7 +1741,8 @@ function upgrade_054_to_055() { $xmldumptmp = "{$database}.tmp.xml"; $xmldumpnew = "{$database}.new.xml"; - echo "Migrate RRD database {$database} to new format \n"; + if ($g['booting']) + echo "Migrate RRD database {$database} to new format \n"; /* rename DS source */ mwexec("$rrdtool tune {$rrddbpath}/{$database} -r in:inpass 2>&1"); mwexec("$rrdtool tune {$rrddbpath}/{$database} -r out:outpass 2>71"); @@ -1796,7 +1789,8 @@ function upgrade_054_to_055() { } enable_rrd_graphing(); - echo "Updating configuration..."; + if ($g['booting']) + echo "Updating configuration..."; } diff --git a/etc/inc/util.inc b/etc/inc/util.inc index da1b496..ced2be0 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -433,21 +433,7 @@ function is_domain($domain) { /* returns true if $macaddr is a valid MAC address */ function is_macaddr($macaddr) { - if (!is_string($macaddr)) - return false; - - $maca = explode(":", $macaddr); - if (count($maca) != 6) - return false; - - foreach ($maca as $macel) { - if (($macel === "") || (strlen($macel) > 2)) - return false; - if (preg_match("/[^0-9a-f]/i", $macel)) - return false; - } - - return true; + return preg_match('/^[0-9A-F]{2}(?=([:]?))(?:\\1[0-9A-F]{2}){5}$/i', $macaddr) == 1 ? true : false; } /* returns true if $name is a valid name for an alias */ @@ -1384,4 +1370,4 @@ function array_merge_recursive_unique($array0, $array1) return $result; } -?> +?>
\ No newline at end of file diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 8a2bb85..1933e9f 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -86,7 +86,7 @@ function vpn_ipsec_configure($ipchg = false) unlink_if_exists("{$g['vardb_path']}/ipsecpinghosts"); touch("{$g['vardb_path']}/ipsecpinghosts"); - if(isset($config['ipsec']['preferredoldsa'])) + if(isset($config['ipsec']['preferoldsa'])) mwexec("/sbin/sysctl -w net.key.preferred_oldsa=-30"); else mwexec("/sbin/sysctl net.key.preferred_oldsa=0"); @@ -103,21 +103,21 @@ function vpn_ipsec_configure($ipchg = false) if (!isset($ipseccfg['enable'])) { mwexec("/sbin/ifconfig enc0 down"); + /* send a SIGKILL to be sure */ + sigkillbypid("{$g['varrun_path']}/racoon.pid", "KILL"); + /* kill racoon */ if(is_process_running("racoon")) mwexec("/usr/bin/killall racoon", true); killbypid("{$g['varrun_path']}/dnswatch-ipsec.pid"); - + /* wait for racoon process to die */ sleep(2); - /* send a SIGKILL to be sure */ - sigkillbypid("{$g['varrun_path']}/racoon.pid", "KILL"); - /* flush SPD and SAD */ - mwexec("/usr/local/sbin/setkey -FP"); mwexec("/usr/local/sbin/setkey -F"); - + mwexec("/usr/local/sbin/setkey -FP"); + /* disallow IPSEC, it is off */ // exec("/sbin/sysctl net.inet.ip.ipsec_in_use=0"); @@ -162,7 +162,7 @@ function vpn_ipsec_configure($ipchg = false) $rg = $ph1ent['remote-gateway']; if (!is_ipaddr($rg)) { - $dnswatch_list[] = $rg; + $dnswatch_list[] = "{$rg} = value"; add_hostname_to_watch($rg); $rg = resolve_retry($rg); if (!$rg) diff --git a/etc/inc/xmlparse.inc b/etc/inc/xmlparse.inc index 7a9d7b8..162894f 100644 --- a/etc/inc/xmlparse.inc +++ b/etc/inc/xmlparse.inc @@ -37,7 +37,7 @@ function listtags() { */ $ret = explode(" ", "alias aliasurl allowedip authserver bridged ca cacert cert clone config ". - "container columnitem depends_on_package disk dnsserver dnsupdate ". + "container columnitem build_port_path depends_on_package disk dnsserver dnsupdate ". "domainoverrides dyndns earlyshellcmd element encryption-algorithm-option ". "field fieldname hash-algorithm-option gateway_item gateway_group gif gre ". "group hosts member ifgroupentry igmpentry interface_array item key lagg " . @@ -54,7 +54,7 @@ function listtags() { /* Package XML tags that should be treat as a list not as a traditional array */ function listtags_pkg() { - $ret = array("depends_on_package", "onetoone", "queue", "rule", "servernat", "alias", "additional_files_needed", "tab", "template", "menu", "rowhelperfield", "service", "step", "package", "columnitem", "option", "item", "field", "package", "file"); + $ret = array("build_port_path", "depends_on_package", "onetoone", "queue", "rule", "servernat", "alias", "additional_files_needed", "tab", "template", "menu", "rowhelperfield", "service", "step", "package", "columnitem", "option", "item", "field", "package", "file"); return $ret; } @@ -291,4 +291,4 @@ function dump_xml_config_raw($arr, $rootobj) { return $xmlconfig; } -?> +?>
\ No newline at end of file @@ -245,6 +245,7 @@ if [ "$DISABLESYSLOGCLOG" -gt "0" ]; then touch /var/log/relayd.log touch /var/log/lighttpd.log touch /var/log/ntpd.log + touch /var/log/apinger.log else ENABLEFIFOLOG=`cat /cf/conf/config.xml | grep usefifolog | wc -l | awk '{ print $1 }'` if [ "$ENABLEFIFOLOG" -gt "0" ]; then @@ -263,6 +264,7 @@ else /usr/sbin/fifolog_create -s 50688 /var/log/relayd.log /usr/sbin/fifolog_create -s 50688 /var/log/lighttpd.log /usr/sbin/fifolog_create -s 50688 /var/log/ntpd.log + /usr/sbin/fifolog_create -s 50688 /var/log/apinger.log else /usr/sbin/clog -i -s 512144 /var/log/system.log /usr/sbin/clog -i -s 512144 /var/log/filter.log @@ -278,7 +280,8 @@ else /usr/sbin/clog -i -s 65535 /var/log/slbd.log /usr/sbin/clog -i -s 65535 /var/log/lighttpd.log /usr/sbin/clog -i -s 65535 /var/log/ntpd.log - /usr/sbin/clog -i -s 65535 /var/log/relayd.log + /usr/sbin/clog -i -s 65535 /var/log/relayd.log + /usr/sbin/clog -i -s 65535 /var/log/apinger.log fi fi # change permissions on newly created fifolog files. diff --git a/etc/rc.bootup b/etc/rc.bootup index eb5a0b4..a433568 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -164,8 +164,10 @@ $wan_if = get_real_interface(); * avoid a reboot and thats a good thing. */ while(is_interface_mismatch() == true) { + led_assigninterfaces(); echo "\nNetwork interface mismatch -- Running interface assignment option.\n"; set_networking_interfaces_ports(); + led_kitt(); } /* convert config and clean backups */ @@ -370,6 +372,10 @@ upnp_start(); /* If powerd is enabled, lets launch it */ activate_powerd(); +/* Remove the old shutdown binary if we kept it. */ +if (file_exists("/sbin/shutdown.old")) + unlink("/sbin/shutdown.old"); + /* done */ unset($g['booting']); diff --git a/etc/rc.filter_configure_xmlrpc b/etc/rc.filter_configure_xmlrpc new file mode 100755 index 0000000..4a42df7 --- /dev/null +++ b/etc/rc.filter_configure_xmlrpc @@ -0,0 +1,54 @@ +#!/usr/local/bin/php -f +<?php +/* + rc.filter_configure_xmlrpc + Copyright (C) 2004-2006 Scott Ullrich + Copyright (C) 2005 Bill Marquette + Copyright (C) 2006 Peter Allgeyer + Copyright (C) 2008 Ermal Luci + All rights reserved. + + originally part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + +require_once("globals.inc"); +require_once("config.inc"); +require_once("functions.inc"); +require_once("filter.inc"); +require_once("shaper.inc"); +require_once("xmlrpc.inc"); +require_once("interfaces.inc"); + +filter_configure(); +system_routing_configure(); +setup_gateways_monitor(); +relayd_configure(); +require_once("openvpn.inc"); +openvpn_resync_all(); +services_dhcpd_configure(); + +?>
\ No newline at end of file diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index 0a6cdb8..ded772c 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -168,6 +168,7 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens case 'cert': case 'ca': case 'user': + case 'group': $xml['system'][$section] = $config_copy['system'][$section]; break; default: @@ -270,6 +271,10 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { $mergesections[] = 'cert'; $mergesections[] = 'ca'; } + if ($carp['synchronizeusers'] != "") { + $mergesections[] = 'user'; + $mergesections[] = 'group'; + } if ($carp['synchronizednsforwarder'] != "" and is_array($config['dnsmasq'])) $sections[] = 'dnsmasq'; if ($carp['synchronizeschedules'] != "" and is_array($config['schedules'])) diff --git a/etc/rc.firmware b/etc/rc.firmware index f752335..a7cbfaf 100755 --- a/etc/rc.firmware +++ b/etc/rc.firmware @@ -83,6 +83,8 @@ binary_update() { ERR_F="/tmp/bdiff.log" rm ${ERR_F} 2>/dev/null /bin/mkdir /tmp/patched /tmp/patches 2>>${ERR_F} + # Save the old shutdown binary. If we switch from i386 to amd64 (or back) the reboot binary won't run at the end since it doesn't match up. + /bin/cp -p /sbin/shutdown /sbin/shutdown.old backup_chflags remove_chflags cd /tmp/patches @@ -154,7 +156,8 @@ pfSenseNanoBSDupgrade) echo "NanoBSD Firmware upgrade in progress..." >> /conf/upgrade_log.txt 2>&1 echo "NanoBSD Firmware upgrade in progress..." | wall - + /etc/rc.firmware_notify -e -g -m "NanoBSD Firmware upgrade in progress..." + # backup config /bin/mkdir -p /tmp/configbak cp -Rp /conf/* /tmp/configbak 2>/dev/null @@ -356,6 +359,10 @@ pfSenseNanoBSDupgrade) /etc/rc.conf_mount_ro /bin/sync + echo "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds." >> /conf/upgrade_log.txt 2>&1 + echo "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds." | wall + /etc/rc.firmware_notify -e -g -m "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds." + sleep 10 rm -f /var/run/firmwarelock.dirty @@ -400,7 +407,8 @@ pfSenseupgrade) echo "Firmware upgrade in progress..." >> /conf/upgrade_log.txt 2>&1 echo "Firmware upgrade in progress..." | wall - + /etc/rc.firmware_notify -e -g -m "Firmware upgrade in progress..." + # backup config /bin/mkdir -p /tmp/configbak cp -Rp /conf/* /tmp/configbak 2>/dev/null @@ -464,6 +472,10 @@ pfSenseupgrade) rm -f /var/run/firmware.lock /bin/sync + echo "Firmware upgrade is complete. Rebooting in 10 seconds." >> /conf/upgrade_log.txt 2>&1 + echo "Firmware upgrade is complete. Rebooting in 10 seconds." | wall + /etc/rc.firmware_notify -e -g -m "Firmware upgrade is complete. Rebooting in 10 seconds." + # Sleep and allow disks to catch up sleep 10 diff --git a/etc/rc.linkup b/etc/rc.linkup index 59c604e..682adb1 100755 --- a/etc/rc.linkup +++ b/etc/rc.linkup @@ -52,6 +52,12 @@ function handle_argument_group($iface, $argument2) { interface_bring_down($iface); break; case "start": + log_error("DEVD Ethernet attached event for {$iface}"); + $riface = get_real_interface($iface); + exec("/usr/sbin/arp -d -i {$riface} -a"); + log_error("HOTPLUG: Configuring interface {$iface}"); + interface_configure($iface); + break; case "up": log_error("DEVD Ethernet attached event for {$iface}"); $riface = get_real_interface($iface); diff --git a/etc/rc.newipsecdns b/etc/rc.newipsecdns index 18b3b5b..4bb247c 100755 --- a/etc/rc.newipsecdns +++ b/etc/rc.newipsecdns @@ -5,7 +5,7 @@ part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2007 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2009 Seth Mos <seth.mos@xs4all.nl>. + Copyright (C) 2009 Seth Mos <seth.mos@dds.nl>. All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/etc/rc.notify_message b/etc/rc.notify_message new file mode 100755 index 0000000..887b4c6 --- /dev/null +++ b/etc/rc.notify_message @@ -0,0 +1,64 @@ +#!/usr/local/bin/php +<?php +/* + rc.notify_message + part of pfSense (http://www.pfSense.com) + Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("config.inc"); +require("functions.inc"); +require("notices.inc"); + +$arguments = getopt("e:g:m:"); + +$send_email = false; +$send_growl = false; +$message = ""; + +foreach($arguments as $item => $arg) { + switch($item) { + case "e": + $send_email = true; + break; + case "g": + $send_growl = true; + break; + case "m": + $message = $arg; + break; + } +} + +if($message) { + if($send_email) { + notify_via_smtp($message); + } + if($send_growl) { + notify_via_growl($message); + } +} + +?>
\ No newline at end of file diff --git a/etc/rc.php_ini_setup b/etc/rc.php_ini_setup index 870db1c..54f0245 100755 --- a/etc/rc.php_ini_setup +++ b/etc/rc.php_ini_setup @@ -1,7 +1,7 @@ #!/bin/sh # # rc.php_ini_setup -# Copyright (C)2008 Scott K Ullrich <sullrich@gmail.com> +# Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -43,23 +43,29 @@ fi # Calculate APC SHM size according # to detected memory values +if [ "$AVAILMEM" -lt "65" ]; then + APCSHMEMSIZE="1" +fi +if [ "$AVAILMEM" -lt "96" ]; then + APCSHMEMSIZE="5" +fi if [ "$AVAILMEM" -lt "128" ]; then APCSHMEMSIZE="10" fi if [ "$AVAILMEM" -gt "128" ]; then - APCSHMEMSIZE="25" + APCSHMEMSIZE="15" fi if [ "$AVAILMEM" -gt "256" ]; then - APCSHMEMSIZE="45" + APCSHMEMSIZE="20" fi if [ "$AVAILMEM" -gt "384" ]; then - APCSHMEMSIZE="65" + APCSHMEMSIZE="25" fi if [ "$AVAILMEM" -gt "512" ]; then - APCSHMEMSIZE="80" + APCSHMEMSIZE="30" fi if [ "$AVAILMEM" -gt "784" ]; then - APCSHMEMSIZE="100" + APCSHMEMSIZE="35" fi # Set upload directory @@ -120,7 +126,6 @@ PHPMODULES="apc \ # sockets \ # Reflection \ # mysql \ - # bz2 \ # json \ @@ -192,6 +197,25 @@ done # Get amount of ram installed on this system RAM=`sysctl hw.realmem | awk '{print $2/1000000}' | awk -F '.' '{print $1}'` export RAM +export LOWMEM +if [ "$RAM" -lt "97" ]; then + LOWMEM="TRUE" + cat >>/usr/local/lib/php.ini <<EOF + +[suhosin] +suhosin.get.max_array_depth = 5000 +suhosin.get.max_array_index_length = 256 +suhosin.get.max_vars = 5000 +suhosin.post.max_array_depth = 5000 +suhosin.post.max_array_index_length = 256 +suhosin.post.max_vars = 5000 +suhosin.request.max_array_depth = 5000 +suhosin.request.max_array_index_length = 256 +suhosin.request.max_vars = 5000 + +EOF + +fi if [ $RAM -gt 96 ]; then cat >>/usr/local/lib/php.ini <<EOF @@ -238,6 +262,15 @@ for EXT in $PHPMODULES; do SHOULDREMOVE="false" fi done + # Handle low memory situations + if [ "$LOWMEM" = "TRUE" ]; then + if [ "$EXT" = "apc" ]; then + SHOULDREMOVE="true" + fi + if [ "$EXT" = "xcache" ]; then + SHOULDREMOVE="true" + fi + fi if [ "$SHOULDREMOVE" = "true" ]; then if [ -f "${EXTENSIONSDIR}${EXT}.so" ]; then echo ">>> ${EXT} did not load correctly. Removing from php.ini..." >> /var/run/php_modules_load_errors.txt diff --git a/etc/rc.reboot b/etc/rc.reboot index ecc47c2..66efae4 100755 --- a/etc/rc.reboot +++ b/etc/rc.reboot @@ -23,4 +23,9 @@ fi sleep 1 -/sbin/shutdown -r now +SHUTDOWN=/sbin/shutdown +if [ -f /sbin/shutdown.old ]; then + SHUTDOWN=/sbin/shutdown.old +fi + +$SHUTDOWN -r now diff --git a/etc/version b/etc/version index 3ae7c31..7c92322 100644 --- a/etc/version +++ b/etc/version @@ -1 +1 @@ -2.0-BETA3 +2.0-BETA4 diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 7d432e2..5a089e5 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -318,7 +318,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut } } } else { - portal_reply_page($redirurl, "error", "Username: {$username} is known with another mac address.", + portal_reply_page($redirurl, "error", "Username: {$username} is already authenticated using another MAC address.", $clientmac, $clientip, $username, $password); exit; } diff --git a/usr/local/pkg/carp_settings.xml b/usr/local/pkg/carp_settings.xml index 97aee7a..0ebe98d 100644 --- a/usr/local/pkg/carp_settings.xml +++ b/usr/local/pkg/carp_settings.xml @@ -77,6 +77,12 @@ </description> </field> <field> + <fielddescr>Synchronize Users and Groups</fielddescr> + <fieldname>synchronizeusers</fieldname> + <description>When this option is enabled, this system will automatically sync the users and groups over to the other CARP host when changes are made.</description> + <type>checkbox</type> + </field> + <field> <fielddescr>Synchronize rules</fielddescr> <fieldname>synchronizerules</fieldname> <description>When this option is enabled, this system will automatically sync the firewall rules to the other CARP host when changes are made..</description> @@ -192,3 +198,4 @@ filter_configure(); </custom_add_php_command_late> </packagegui> + diff --git a/usr/local/www/carp_status.php b/usr/local/www/carp_status.php index 793a9ae..8693625 100755 --- a/usr/local/www/carp_status.php +++ b/usr/local/www/carp_status.php @@ -55,18 +55,41 @@ if($_POST['disablecarp'] <> "") { if($status == true) { $carp_ints = get_all_carp_interfaces(); mwexec("/sbin/sysctl net.inet.carp.allow=0"); - $carp_counter = find_number_of_created_carp_interfaces(); - if (is_array($carp_ints)) { - foreach($carp_ints as $int) { - mwexec("/sbin/ifconfig $int down"); - mwexec("/sbin/ifconfig $int destroy"); - } - } + if(is_array($config['virtualip']['vip'])) { + $viparr = &$config['virtualip']['vip']; + foreach ($viparr as $vip) { + switch ($vip['mode']) { + case "carp": + interface_vip_bring_down($vip); + sleep(1); + break; + case "carpdev-dhcp": + interface_vip_bring_down($vip); + sleep(1); + break; + } + } + } $savemsg = "{$carp_counter} IPs have been disabled."; } else { $savemsg = "CARP has been enabled."; mwexec("/sbin/sysctl net.inet.carp.allow=1"); interfaces_carp_setup(); + if(is_array($config['virtualip']['vip'])) { + $viparr = &$config['virtualip']['vip']; + foreach ($viparr as $vip) { + switch ($vip['mode']) { + case "carp": + interface_carp_configure($vip); + sleep(1); + break; + case "carpdev-dhcp": + interface_carpdev_configure($vip); + sleep(1); + break; + } + } + } } } @@ -107,7 +130,7 @@ include("head.inc"); <p> <table class="tabcont sortable" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td class="listhdrr"><b><center>Carp Interface</center></b></td> + <td class="listhdrr"><b><center>CARP Interface</center></b></td> <td class="listhdrr"><b><center>Virtual IP</center></b></td> <td class="listhdrr"><b><center>Status</center></b></td> </tr> diff --git a/usr/local/www/diag_backup.php b/usr/local/www/diag_backup.php index 2e9e8b2..882240f 100755 --- a/usr/local/www/diag_backup.php +++ b/usr/local/www/diag_backup.php @@ -86,7 +86,7 @@ function add_base_packages_menu_items() { } function remove_bad_chars($string) { - return preg_replace('/[^a-z|_|0-9]/i','',$string); + return preg_replace('/[^a-z_0-9]/i','',$string); } function check_and_returnif_section_exists($section) { diff --git a/usr/local/www/diag_dns.php b/usr/local/www/diag_dns.php index d1392d3..c286d44 100644 --- a/usr/local/www/diag_dns.php +++ b/usr/local/www/diag_dns.php @@ -38,6 +38,54 @@ require("guiconfig.inc"); if ($_GET['host']) $_POST = $_GET; +if($_GET['createalias'] == "true") { + $host = trim($_POST['host']); + if($_GET['override']) + $override = true; + $a_aliases = &$config['aliases']['alias']; + $type = "hostname"; + $resolved = gethostbyname($host); + if($resolved) { + $host = trim($_POST['host']); + $dig=`dig "$host" A | grep "$host" | grep -v ";" | awk '{ print $5 }'`; + $resolved = split("\n", $dig); + $isfirst = true; + foreach($resolved as $re) { + if($re <> "") { + if(!$isfirst) + $addresses .= " "; + $addresses .= $re . "/32"; + $isfirst = false; + } + } + $newalias = array(); + $aliasname = str_replace(array(".","-"), "_", $host); + $alias_exists = false; + $counter=0; + foreach($a_aliases as $a) { + if($a['name'] == $aliasname) { + $alias_exists = true; + $id=$counter; + } + $counter++; + } + if($override) + $alias_exists = false; + if($alias_exists == false) { + $newalias['name'] = $aliasname; + $newalias['type'] = "network"; + $newalias['address'] = $addresses; + $newalias['descr'] = "Created from Diagnostics-> DNS Lookup"; + if($override) + $a_aliases[$id] = $newalias; + else + $a_aliases[] = $newalias; + write_config(); + $createdalias = true; + } + } +} + if ($_POST) { unset($input_errors); @@ -82,9 +130,13 @@ if ($_POST) { } elseif (is_hostname($host)) { $type = "hostname"; $resolved = gethostbyname($host); + if($resolved) { + $dig=`dig "$host" A | grep "$host" | grep -v ";" | awk '{ print $5 }'`; + $resolved = split("\n", $dig); + } $hostname = $host; if ($host != $resolved) - $ipaddr = $resolved; + $ipaddr = $resolved[0]; } if ($host == $resolved) { @@ -108,10 +160,42 @@ include("head.inc"); ?> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname or IP");?></td> <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="host" type="text" class="formfld" id="host" size="20" value="<?=htmlspecialchars($host);?>"> + <?=$mandfldhtml;?> + <table> + <tr><td valign="top"> + <input name="host" type="text" class="formfld" id="host" size="20" value="<?=htmlspecialchars($host);?>"> + </td> + <td> <? if ($resolved && $type) { ?> - = <font size="+1"><?php echo $resolved; ?><font size="-1>"> + = <font size="+1"> +<?php + $found = 0; + if(is_array($resolved)) { + foreach($resolved as $hostitem) { + if($hostitem <> "") { + echo $hostitem . "<br/>"; + $found++; + } + } + } else { + echo $resolved; + } + if($found > 0) { + if($alias_exists) { + echo "<br/><font size='-2'>An alias already exists for the hostname {$host}. To overwrite, click <a href='diag_dns.php?host=" . trim(urlencode($host)) . "&createalias=true&override=true'>here</a>."; + } else { + if(!$createdalias) { + echo "<br/><font size='-2'><a href='diag_dns.php?host=" . trim(urlencode($host)) . "&createalias=true'>Create alias</a> out of these entries."; + } else { + echo "<br/><font size='-2'>Alias created with name {$newalias['name']}"; + } + } + } +?> + <font size="-1>"> + <? } ?> + </td></tr></table> </td> </tr> <?php if($_POST): ?> diff --git a/usr/local/www/diag_logs_relayd.php b/usr/local/www/diag_logs_relayd.php index f267c74..7bf67bf 100755 --- a/usr/local/www/diag_logs_relayd.php +++ b/usr/local/www/diag_logs_relayd.php @@ -5,7 +5,7 @@ part of pfSense Copyright (C) 2008 Bill Marquette <bill.marquette@gmail.com>. - Copyright (C) 2008 Seth Mos <seth.mos@xs4all.nl>. + Copyright (C) 2008 Seth Mos <seth.mos@dds.nl>. All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/usr/local/www/diag_nanobsd.php b/usr/local/www/diag_nanobsd.php index 3e9bed1..4e64c8f 100755 --- a/usr/local/www/diag_nanobsd.php +++ b/usr/local/www/diag_nanobsd.php @@ -67,10 +67,11 @@ nanobsd_detect_slice_info(); $NANOBSD_SIZE = nanobsd_get_size(); if($_POST['bootslice']) { + $statusmsg = gettext("Setting slice information, please wait..."); echo <<<EOF <div id="loading"> <img src="/themes/metallic/images/misc/loader.gif"> - Setting slice information, please wait... + $statusmsg <p/> </div> EOF; @@ -82,10 +83,11 @@ EOF; } if($_POST['destslice']) { + $statusmsg = gettext("Duplicating slice. Please wait, this will take a moment..."); echo <<<EOF <div id="loading"> <img src="/themes/metallic/images/misc/loader.gif"> - Duplicating slice. Please wait, this will take a moment... + $statusmsg <p/> </div> EOF; diff --git a/usr/local/www/diag_overload_tables.php b/usr/local/www/diag_overload_tables.php index 235e868..7b0ffe1 100644 --- a/usr/local/www/diag_overload_tables.php +++ b/usr/local/www/diag_overload_tables.php @@ -48,12 +48,9 @@ require_once("guiconfig.inc"); // Set default table $tablename = "sshlockout"; -if($_REQUEST['type'] == "sshlockout") - $tablename = "sshlockout"; +if($_REQUEST['type']) + $tablename = $_REQUEST['type']; -if($_REQUEST['type'] == "virusprot") - $tablename = "virusprot"; - if($_REQUEST['delete']) { if(is_ipaddr($_REQUEST['delete'])) { exec("/sbin/pfctl -t " . escapeshellarg($_REQUEST['type']) . " -T delete " . escapeshellarg($_REQUEST['delete']), $delete); @@ -73,6 +70,7 @@ if($_REQUEST['deleteall']) { } exec("/sbin/pfctl -t $tablename -T show", $entries); +exec("/sbin/pfctl -sT", $tables); include("head.inc"); include("fbegin.inc"); @@ -98,9 +96,13 @@ include("fbegin.inc"); Table: <select id='type' onChange='method_change($F("type"));' name='type'> - <option name='<?=$tablename?>' value='<?=$tablename?>'><?=$tablename?></option> - <option name='virusprot' value='virusprot'>virusprot</option> - <option name='sshlockout' value='sshlockout'>sshlockout</option> + <?php foreach ($tables as $table) { + echo "<option name='{$table}' value='{$table}'"; + if ($tablename == $table) + echo " selected "; + echo ">{$table}</option>\n"; + } + ?> </select> <p/> diff --git a/usr/local/www/diag_packet_capture.php b/usr/local/www/diag_packet_capture.php index 68248ea..bfdb52d 100644 --- a/usr/local/www/diag_packet_capture.php +++ b/usr/local/www/diag_packet_capture.php @@ -41,7 +41,7 @@ require_once("pfsense-utils.inc"); $fp = "/root/"; $fn = "packetcapture.cap"; -$snaplen = 1500;//default packet length +$snaplen = 0;//default packet length $count = 100;//default number of packets to capture if ($_POST) { @@ -71,8 +71,8 @@ if ($_POST) { unlink ($fp.$fn); } elseif ($_POST['stopbtn']!= "") { - $action = "Stop"; - $processes_running = trim(shell_exec('/bin/ps axw -O pid= | /usr/bin/grep tcpdump | /usr/bin/grep $fn | /usr/bin/grep -v pflog')); + $action = gettext("Stop"); + $processes_running = trim(shell_exec('/bin/ps axw -O pid= | /usr/bin/grep tcpdump | /usr/bin/grep '.$fn.' | /usr/bin/grep -v pflog')); //explode processes into an array, (delimiter is new line) $processes_running_array = explode("\n", $processes_running); @@ -120,12 +120,12 @@ include("fbegin.inc"); $interfaces = get_configured_interface_with_descr(); foreach ($interfaces as $iface => $ifacename): ?> - <option value="<?=$iface;?>" <?php if (!link_interface_to_bridge($iface) && $selectedif == $iface) echo "selected"; ?>> + <option value="<?=$iface;?>" <?php if ($selectedif == $iface) echo "selected"; ?>> <?php echo $ifacename;?> </option> <?php endforeach;?> </select> - <br/>Select the interface the traffic will be passing through. Typically this will be the WAN interface. + <br/><?=gettext("Select the interface on which to capture traffic. ");?> </td> </tr> <tr> @@ -149,7 +149,7 @@ include("fbegin.inc"); <td width="17%" valign="top" class="vncellreq">Packet Length</td> <td width="83%" class="vtable"> <input name="snaplen" type="text" class="formfld unknown" id="snaplen" size="5" value="<?=$snaplen;?>"> - <br/>The Packet length is the number of bytes the packet will capture for each payload. Default value is 1500. + <br/><?=gettext("The Packet length is the number of bytes of each packet that will be captured. Default value is 0, which will capture the entire frame regardless of its size.");?> </td> </tr> <tr> diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index 488a313..9bcc8b5 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -105,8 +105,7 @@ $interfaces_menu = msort(array_merge($interfaces_menu, return_ext_menu("Interfac // Firewall $firewall_menu = array(); $firewall_menu[] = array("Aliases", "/firewall_aliases.php"); -if(count($config['interfaces']) > 1) - $firewall_menu[] = array("NAT", "/firewall_nat.php"); +$firewall_menu[] = array("NAT", "/firewall_nat.php"); $firewall_menu[] = array("Rules", "/firewall_rules.php"); $firewall_menu[] = array("Schedules", "/firewall_schedule.php"); $firewall_menu[] = array("Traffic Shaper", "/firewall_shaper.php"); diff --git a/usr/local/www/firewall_aliases.php b/usr/local/www/firewall_aliases.php index c06f6fa..8bcfcf6 100755 --- a/usr/local/www/firewall_aliases.php +++ b/usr/local/www/firewall_aliases.php @@ -87,26 +87,29 @@ if ($_GET['act'] == "del") { if($is_alias_referenced == false) { if(is_array($config['filter']['rule'])) { foreach($config['filter']['rule'] as $rule) { - if($rule['source']['address'] && $rule['source']['address'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - if($rule['source']['port'] && $rule['source']['port'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - if($rule['destination']['address'] && $rule['destination']['address'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - if($rule['destination']['port'] && $rule['destination']['port'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; + if($rule['source']) { + if($rule['source']['address'] && $rule['source']['address'] == $alias_name) { + $is_alias_referenced = true; + $referenced_by = $rule['descr']; + break; + } + if($rule['source']['port'] && $rule['source']['port'] == $alias_name) { + $is_alias_referenced = true; + $referenced_by = $rule['descr']; + break; + } + if($rule['destination']['address'] && $rule['destination']['address'] == $alias_name) { + $is_alias_referenced = true; + $referenced_by = $rule['descr']; + break; + } } + if($rule['destination']) + if($rule['destination']['port'] && $rule['destination']['port'] == $alias_name) { + $is_alias_referenced = true; + $referenced_by = $rule['descr']; + break; + } } } } diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index 22479dc..27b0e5c 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -46,7 +46,7 @@ // Keywords not allowed in names -$reserved_keywords = array("pass", "out", "queue", "max", "min", "pptp", "pppoe", "l2tp", "openvpn"); +$reserved_keywords = array("pass", "out", "queue", "max", "min", "pptp", "pppoe", "L2TP", "OpenVPN", "IPsec"); require("guiconfig.inc"); require_once("functions.inc"); diff --git a/usr/local/www/firewall_aliases_import.php b/usr/local/www/firewall_aliases_import.php index 1902fd1..39311c4 100755 --- a/usr/local/www/firewall_aliases_import.php +++ b/usr/local/www/firewall_aliases_import.php @@ -38,7 +38,7 @@ ##|-PRIV -$reserved_keywords = array("pass", "out", "queue", "max", "min", "pptp"); +$reserved_keywords = array("pass", "out", "queue", "max", "min", "pptp", "pppoe", "L2TP", "OpenVPN", "IPsec"); require("guiconfig.inc"); require_once("util.inc"); diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php index 4cab5d6..9646f52 100755 --- a/usr/local/www/firewall_nat.php +++ b/usr/local/www/firewall_nat.php @@ -261,12 +261,10 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <td class="listlr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> <?=$textss;?> <?php - if (!$natent['interface'] || ($natent['interface'] == "wan")) - echo "WAN"; - else if(strtolower($natent['interface']) == "lan") - echo "LAN"; + if (!$natent['interface']) + echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan")); else - echo strtoupper($config['interfaces'][$natent['interface']]['descr']); + echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])); ?> <?=$textse;?> </td> diff --git a/usr/local/www/firewall_nat_1to1.php b/usr/local/www/firewall_nat_1to1.php index 1472146..74e0ce8 100755 --- a/usr/local/www/firewall_nat_1to1.php +++ b/usr/local/www/firewall_nat_1to1.php @@ -117,10 +117,10 @@ include("head.inc"); <tr> <td class="listlr" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';"> <?php - if (!$natent['interface'] || ($natent['interface'] == "wan")) - echo "WAN"; + if (!$natent['interface']) + echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan")); else - echo htmlspecialchars($config['interfaces'][$natent['interface']]['descr']); + echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])); ?> </td> <td class="listr" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';"> diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index 7c248b7..2039848 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -361,14 +361,10 @@ include("head.inc"); <td class="listt" align="center"></td> <td class="listlr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';"> <?php - if (!$natent['interface'] || ($natent['interface'] == "wan")) - echo "WAN"; - else if (!$natent['interface'] || ($natent['interface'] == "lan")) - echo "LAN"; - else if ($natent['interface'] == "openvpn") - echo "OpenVPN"; + if (!$natent['interface']) + echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan")); else - echo htmlspecialchars($config['interfaces'][$natent['interface']]['descr']); + echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])); ?> </td> diff --git a/usr/local/www/firewall_shaper.php b/usr/local/www/firewall_shaper.php index 7382c7e..26954c2 100755 --- a/usr/local/www/firewall_shaper.php +++ b/usr/local/www/firewall_shaper.php @@ -341,9 +341,9 @@ $tree .= "</ul>"; if (!$dontshow || $newqueue) { -$output_form .= "<tr><td width=\"22%\" valign=\"top\" class=\"vncellreq\">"; -$output_form .= gettext("Queue Actions"); -$output_form .= "</td><td valign=\"top\" class=\"vncellreq\" width=\"78%\">"; +$output_form .= "<tr><td width=\"22%\" valign=\"center\" class=\"vncellreq\">"; +$output_form .= "<br />" . gettext("Queue Actions") . "<br />"; +$output_form .= "</td><td valign=\"center\" class=\"vncellreq\" width=\"78%\"><br />"; $output_form .= "<input type=\"submit\" name=\"Submit\" value=\"" . gettext("Save") . "\" class=\"formbtn\" />"; if ($can_add || $addnewaltq) { @@ -368,9 +368,9 @@ if ($can_add || $addnewaltq) { $output_form .= " value=\"" . gettext("Disable shaper on interface") . "\">"; $output_form .= "</a>"; } -$output_form .= "</td></tr>"; +$output_form .= "<br /></td></tr>"; $output_form .= "</div>"; -} +} else $output_form .= "</div>"; diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index 1125312..605705e 100755 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -206,11 +206,12 @@ $wkports = array( /* TCP flags */ $tcpflags = array("fin", "syn", "rst", "psh", "ack", "urg"); -$specialnets = array("wanip" => "WAN address", "lanip" => "LAN address", "lan" => "LAN net", "pptp" => "PPTP clients", "pppoe" => "PPPoE clients", "l2tp" => "L2TP clients"); +$specialnets = array("pptp" => "PPTP clients", "pppoe" => "PPPoE clients", "l2tp" => "L2TP clients"); -$spiflist = get_configured_interface_with_descr(true, true); +$spiflist = get_configured_interface_with_descr(false, true); foreach ($spiflist as $ifgui => $ifdesc) { $specialnets[$ifgui] = $ifdesc . " net"; + $specialnets[$ifgui . 'ip'] = $ifdesc . " address"; } $medias = array("auto" => "autoselect", "100full" => "100BASE-TX full-duplex", @@ -422,11 +423,7 @@ function pprint_address($adr) { if (isset($adr['any'])) { $padr = "*"; } else if ($adr['network']) { - if (preg_match("/opt[0-999]ip/", $adr['network'])) { - $padr = "Interface IP address"; - } else { - $padr = $specialnets[$adr['network']]; - } + $padr = $specialnets[$adr['network']]; } else { $padr = $adr['address']; } diff --git a/usr/local/www/head.inc b/usr/local/www/head.inc index 3b1f028..076f274 100755 --- a/usr/local/www/head.inc +++ b/usr/local/www/head.inc @@ -76,4 +76,17 @@ $pagetitle = gentitle( $pgtitle ); if (!isset($closehead)) echo "</head>"; + +/* If this page is being remotely managed then do not allow the loading of the contents. */ +if($config['remote_managed_pages']['item']) { + foreach($config['remote_managed_pages']['item'] as $rmp) { + if($rmp == $_SERVER['SCRIPT_NAME']) { + include("fbegin.inc"); + print_info_box_np("This page is currently being managed by a remote machine."); + include("fend.inc"); + exit; + } + } +} + ?>
\ No newline at end of file diff --git a/usr/local/www/installer.php b/usr/local/www/installer.php index f988d02..f5e37e0 100644 --- a/usr/local/www/installer.php +++ b/usr/local/www/installer.php @@ -27,8 +27,15 @@ POSSIBILITY OF SUCH DAMAGE. */ +require("globals.inc"); require("guiconfig.inc"); +// Handle other type of file systems +if($_REQUEST['fstype']) + $fstype = strtoupper($_REQUEST['fstype']); +else + $fstype = "UFS+S"; + if($g['platform'] == "pfSense" or $g['platform'] == "nanobsd") { Header("Location: /index.php"); exit; @@ -42,13 +49,12 @@ switch ($_REQUEST['state']) { case "update_installer_status": update_installer_status(); exit; - case "quickeasyinstall": - begin_quick_easy_install(); default: installer_main(); } function write_out_pc_sysinstaller_config($disk) { + global $fstype; $fd = fopen("/PCBSD/pc-sysinstall/examples/pfSense-install.cfg", "w"); if(!$fd) { return true; @@ -71,7 +77,7 @@ commitDiskPart # All sizes are expressed in MB # Avail FS Types, UFS, UFS+S, UFS+J, ZFS, SWAP # Size 0 means use the rest of the slice size -disk0-part=UFS+S 0 / +disk0-part={$fstype} 0 / # Do it now! commitDiskLabel @@ -83,7 +89,7 @@ packageType=cpdup # Optional Components cpdupPaths=boot,COPYRIGHT,bin,conf,conf.default,dev,etc,home,kernels,libexec,lib,root,sbin,sys,usr,var -runExtCommand=chmod a+rx /usr/local/bin/after_installation_routines.sh && cd / && /usr/local/bin/after_installation_routines.sh +# runExtCommand=chmod a+rx /usr/local/bin/after_installation_routines.sh && cd / && /usr/local/bin/after_installation_routines.sh EOF; fwrite($fd, $config); fclose($fd); @@ -91,40 +97,140 @@ EOF; } function start_installation() { + global $g, $fstype; + if(file_exists("/tmp/install_complete")) + return; + $ps_running = exec("ps awwwux | grep -v grep | grep 'sh /tmp/installer.sh'"); + if($ps_running) + return; $fd = fopen("/tmp/installer.sh", "w"); if(!$fd) { die("Could not open /tmp/installer.sh for writing"); exit; - } - fwrite($fd, "/PCBSD/pc-sysinstall/pc-sysinstall -c /PCBSD/pc-sysinstall/examples/pfSense-install.cfg && touch /tmp/install_complete"); + } + fwrite($fd, "rm /tmp/.pc-sysinstall/pc-sysinstall.log 2>/dev/null\n"); + fwrite($fd, "/PCBSD/pc-sysinstall/pc-sysinstall -c /PCBSD/pc-sysinstall/examples/pfSense-install.cfg \n"); + fwrite($fd, "chmod a+rx /usr/local/bin/after_installation_routines.sh\n"); + fwrite($fd, "cd / && /usr/local/bin/after_installation_routines.sh\n"); + fwrite($fd, "mkdir /mnt/tmp\n"); + fwrite($fd, "umount /mnt\n"); + fwrite($fd, "touch /tmp/install_complete\n"); fclose($fd); exec("chmod a+rx /tmp/installer.sh"); mwexec_bg("sh /tmp/installer.sh"); } function installer_find_first_disk() { + global $g, $fstype; $disk = `/PCBSD/pc-sysinstall/pc-sysinstall disk-list | head -n1 | cut -d':' -f1`; return $disk; } function update_installer_status() { - if(!file_exists("/tmp/.pc-sysinstall/pc-sysinstall.log")) + global $g, $fstype; + // Ensure status files exist + if(!file_exists("/tmp/installer_installer_running")) + touch("/tmp/installer_installer_running"); + $status = `cat /tmp/.pc-sysinstall/pc-sysinstall.log`; + $status = str_replace("\n", "\\n", $status); + $status = str_replace("\n", "\\r", $status); + echo "this.document.forms[0].installeroutput.value='$status';\n"; + echo "this.document.forms[0].installeroutput.scrollTop = this.document.forms[0].installeroutput.scrollHeight;\n"; + // Find out installer progress + $progress = "5"; + if(strstr($status, "Running: dd")) + $progress = "6"; + if(strstr($status, "Running: gpart create -s GPT")) + $progress = "7"; + if(strstr($status, "Running: gpart bootcode")) + $progress = "7"; + if(strstr($status, "Running: newfs -U")) + $progress = "8"; + if(strstr($status, "Running: sync")) + $progress = "9"; + if(strstr($status, "/boot /mnt/boot")) + $progress = "10"; + if(strstr($status, "/COPYRIGHT /mnt/COPYRIGHT")) + $progress = "11"; + if(strstr($status, "/bin /mnt/bin")) + $progress = "12"; + if(strstr($status, "/conf /mnt/conf")) + $progress = "15"; + if(strstr($status, "/conf.default /mnt/conf.default")) + $progress = "20"; + if(strstr($status, "/dev /mnt/dev")) + $progress = "25"; + if(strstr($status, "/etc /mnt/etc")) + $progress = "30"; + if(strstr($status, "/home /mnt/home")) + $progress = "35"; + if(strstr($status, "/kernels /mnt/kernels")) + $progress = "40"; + if(strstr($status, "/libexec /mnt/libexec")) + $progress = "50"; + if(strstr($status, "/lib /mnt/lib")) + $progress = "60"; + if(strstr($status, "/root /mnt/root")) + $progress = "70"; + if(strstr($status, "/sbin /mnt/sbin")) + $progress = "75"; + if(strstr($status, "/sys /mnt/sys")) + $progress = "80"; + if(strstr($status, "/usr /mnt/usr")) + $progress = "95"; + if(strstr($status, "/usr /mnt/usr")) + $progress = "90"; + if(strstr($status, "/var /mnt/var")) + $progress = "95"; + if(strstr($status, "cap_mkdb /etc/login.conf")) + $progress = "96"; + if(strstr($status, "Setting hostname")) + $progress = "97"; + if(strstr($status, "umount -f /mnt")) + $progress = "98"; + if(strstr($status, "umount -f /mnt")) + $progress = "99"; + if(strstr($status, "Installation finished")) + $progress = "100"; + // Check for error and bail if we see one. + if(stristr($status, "error")) { + $error = true; + echo "\$('installerrunning').innerHTML='<img class=\"infoboxnpimg\" src=\"/themes/{$g['theme']}/images/icons/icon_exclam.gif\"> <font size=\"2\"><b>An error occurred. Aborting installation.'; "; + echo "\$('progressbar').style.width='100%';\n"; + unlink("/tmp/install_complete"); return; - echo `tail -n20 /tmp/.pc-sysinstall/pc-sysinstall.log`; + } + $running_old = trim(file_get_contents("/tmp/installer_installer_running")); + if($installer_running <> "running") { + $ps_running = exec("ps awwwux | grep -v grep | grep 'sh /tmp/installer.sh'"); + if($ps_running) { + $running = "\$('installerrunning').innerHTML='<table><tr><td valign=\"middle\"><img src=\"/themes/{$g['theme']}/images/misc/loader.gif\"></td><td valign=\"middle\"> <font size=\"2\"><b>Installer running ({$progress}% completed)...</td></tr></table>'; "; + if($running_old <> $running) { + echo $running; + file_put_contents("/tmp/installer_installer_running", "$running"); + } + } + } + if($progress) + echo "\$('progressbar').style.width='{$progress}%';\n"; if(file_exists("/tmp/install_complete")) { - echo "Installation completed."; + echo "\$('installerrunning').innerHTML='<img class=\"infoboxnpimg\" src=\"/themes/{$g['theme']}/images/icons/icon_exclam.gif\"> <font size=\"+1\">Installation completed. Please <a href=\"reboot.php\">reboot</a> to continue';\n"; unlink_if_exists("/tmp/installer.sh"); + file_put_contents("/tmp/installer_installer_running", "finished"); } } function update_installer_status_win($status) { + global $g, $fstype; echo "<script type=\"text/javascript\">\n"; - echo "\$('installeroutput').value = '" . str_replace(htmlentities($status), "\n", "") . "';\n"; - echo "installeroutput.scroll = installeroutput.maxScroll;\n"; + echo " \$('installeroutput').value = '" . str_replace(htmlentities($status), "\n", "") . "';\n"; echo "</script>"; } function begin_quick_easy_install() { + global $g, $fstype; + if(file_exists("/tmp/install_complete")) + return; unlink_if_exists("/tmp/install_complete"); $disk = installer_find_first_disk(); if(!$disk) { @@ -138,37 +244,69 @@ function begin_quick_easy_install() { start_installation(); } +function head_html() { + global $g, $fstype; + echo <<<EOF +<html> + <head> + <style type='text/css'> + a:link { + color: #000000; + text-decoration:underline; + font-size:14; + } + a:visited { + color: #000000; + text-decoration:underline; + font-size:14; + } + a:hover { + color: #FFFF00; + text-decoration: none; + font-size:14; + } + a:active { + color: #FFFF00; + text-decoration:underline; + font-size:14; + } + </style> + </head> +EOF; + +} + function body_html() { + global $g, $fstype; $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); if(strstr($pfSversion, "1.2")) $one_two = true; - $pgtitle = "pfSense: Installer"; + $pgtitle = "{$g['product_name']}: Installer"; include("head.inc"); echo <<<EOF <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script> - <script type="text/javascript"> - function getinstallerprogress() { - url = 'installer.php'; - pars = 'state=update_installer_status'; - callajax(url, pars, installcallback); - } - function callajax(url, pars, activitycallback) { - var myAjax = new Ajax.Request( - url, - { - method: 'post', - parameters: pars, - onComplete: activitycallback - }); - } - function installcallback(transport) { - this.document.forms[0].installeroutput.value=transport.responseText; - setTimeout('getinstallerprogress()', 1000); - } + <script type="text/javascript"> + function getinstallerprogress() { + url = 'installer.php'; + pars = 'state=update_installer_status'; + callajax(url, pars, installcallback); + } + function callajax(url, pars, activitycallback) { + var myAjax = new Ajax.Request( + url, + { + method: 'post', + parameters: pars, + onComplete: activitycallback + }); + } + function installcallback(transport) { + setTimeout('getinstallerprogress()', 2000); + eval(transport.responseText); + } </script> EOF; - include("fbegin.inc"); if($one_two) echo "<p class=\"pgtitle\">{$pgtitle}</font></p>"; @@ -177,13 +315,15 @@ EOF; } function end_html() { + global $g, $fstype; echo "</form>"; - include("fend.inc"); echo "</body>"; echo "</html>"; } function template() { + global $g, $fstype; + head_html(); body_html(); echo <<<EOF <div id="mainlevel"> @@ -212,64 +352,158 @@ EOF; } function quickeasyinstall_gui() { + global $g, $fstype; + head_html(); body_html(); + echo "<form action=\"installer.php\" method=\"post\" state=\"step1_post\">"; + page_table_start(); echo <<<EOF - <div id="mainlevel"> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - <form action="installer.php" method="post" state="step1_post"> - <div id="pfsenseinstaller"> - Starting Installer... Please wait...<p/> - {{ Insert progressbar here }}<p/> - <textarea name='installeroutput' id='installeroutput' rows="20" cols="80"> - </textarea> - </div> - </td> - </tr> - </table> - </div> - </td> - </tr> + <center> + <table width="100%"> + <tr><td> + <div id="mainlevel"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <div id="mainarea"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <div id="pfsenseinstaller" width="100%"> + <div id='installerrunning' width='100%' style="padding:8px; border:1px dashed #000000"> + <table> + <tr> + <td valign="middle"> + <img src="/themes/{$g['theme']}/images/misc/loader.gif"> + </td> + <td valign="middle"> + <font size="2"><b>Starting Installer... Please wait... + </td> + </tr> + </table> + </div> + <br/> + <center> + <table height='15' width='640' border='0' colspacing='0' cellpadding='0' cellspacing='0'> + <tr> + <td background="./themes/the_wall/images/misc/bar_left.gif" height='15' width='5'> + </td> + <td> + <table id="progholder" name="progholder" height='15' width='630' border='0' colspacing='0' cellpadding='0' cellspacing='0'> + <td background="./themes/the_wall/images/misc/bar_gray.gif" valign="top" align="left"> + <img src='./themes/the_wall/images/misc/bar_blue.gif' width='0' height='15' name='progressbar' id='progressbar'> + </td> + </table> + </td> + <td background="./themes/the_wall/images/misc/bar_right.gif" height='15' width='5'> + </td> + </tr> + </table> + <br/> + <textarea name='installeroutput' id='installeroutput' rows="31" cols="90"> + </textarea> + </div> + </td> + </tr> + </table> + </div> + </td> + </tr> + </table> + </div> + </td></tr> </table> - </div> + </center> <script type="text/javascript">setTimeout('getinstallerprogress()', 250);</script> + EOF; + page_table_end(); end_html(); + begin_quick_easy_install(); +} + +function page_table_start() { + global $g, $fstype; + echo <<<EOF + <center> + <img border="0" src="./themes/{$g['theme']}/images/logo.gif"></a><br/> + <table cellpadding="6" cellspacing="0" width="640" height="480" style="border:1px solid #000000"> + <tr height="10" bgcolor="#990000"> + <td style="border-bottom:1px solid #000000"> + <font color='white'> + <b> + {$g['product_name']} installer + </b> + </font> + </td> + </tr> + <tr> + <td> + +EOF; + +} + +function page_table_end() { + global $g, $fstype; + echo <<<EOF + </td> + </tr> + </table> + </center> + +EOF; + } function installer_main() { + global $g, $fstype; + if(file_exists("/tmp/.pc-sysinstall/pc-sysinstall.log")) + unlink("/tmp/.pc-sysinstall/pc-sysinstall.log"); + head_html(); body_html(); + // Only enable ZFS if this exists. The install will fail otherwise. + if(file_exists("/boot/gptzfsboot")) + $zfs_enabled = "or <a href=\"installer.php?state=quickeasyinstall&fstype=ZFS\">ZFS</a> "; $disk = installer_find_first_disk(); if(!$disk) echo "WARNING: Could not find any suitable disks for installation."; + page_table_start(); echo <<<EOF - <div id="mainlevel"> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - <form action="installer.php" method="post" state="step1_post"> - <div id="pfsenseinstaller"> - <a onclick="return confirm('Are you sure you want to install pfSense to $disk?')"> href='installer.php?state=quickeasyinstall'>Quick/Easy installation</a> - </p> - </div> - </td> - </tr> - </table> - </div> - </td> - </tr> - </table> - </div> + <form action="installer.php" method="post" state="step1_post"> + <div id="mainlevel"> + <center> + <b><font face="arial" size="+2">Welcome to the {$g['product_name']} PCSysInstaller!</b></font><p/> + <font face="arial" size="+1">This utility will install {$g['product_name']} to a hard disk, flash drive, etc.</font> + <table width="100%" border="0" cellpadding="5" cellspacing="0"> + <tr> + <td> + <center> + <div id="mainarea"> + <br/> + <center> + Please select an installer option to begin: + <table width="100%" border="0" cellpadding="5" cellspacing="5"> + <tr> + <td> + <div id="pfsenseinstaller"> + <center> + Rescue config.xml<p/> + Install {$g['product_name']} using the <a href="installer.php?state=quickeasyinstall">UFS</a> + {$zfs_enabled} + filesystem. + </p> + </div> + </td> + </tr> + </table> + </div> + </td> + </tr> + </table> + </div> EOF; + page_table_end(); end_html(); } diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 7d3a548..340a6f8 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -71,7 +71,7 @@ if (!is_array($config['ppps']['ppp'])) $a_ppps = &$config['ppps']['ppp']; function remove_bad_chars($string) { - return preg_replace('/[^a-z|_|0-9]/i','',$string); + return preg_replace('/[^a-z_0-9]/i','',$string); } if (!is_array($config['gateways']['gateway_item'])) @@ -215,6 +215,8 @@ $pconfig['mtu'] = $wancfg['mtu']; /* Wireless interface? */ if (isset($wancfg['wireless'])) { + /* Sync first to be sure it displays the actual settings that will be used */ + interface_sync_wireless_clones($wancfg, false); /* Get wireless modes */ $wlanif = get_real_interface($if); if (!does_interface_exist($wlanif)) @@ -228,6 +230,7 @@ if (isset($wancfg['wireless'])) { $wl_regdomains_attr = &$wl_regdomain_xml_attr['regulatory-domains']['rd']; $wl_countries = &$wl_regdomain_xml['country-codes']['country']; $wl_countries_attr = &$wl_regdomain_xml_attr['country-codes']['country']; + $pconfig['persistcommonwireless'] = isset($config['wireless']['interfaces'][$wlanbaseif]); $pconfig['standard'] = $wancfg['wireless']['standard']; $pconfig['mode'] = $wancfg['wireless']['mode']; $pconfig['protmode'] = $wancfg['wireless']['protmode']; @@ -666,7 +669,7 @@ if ($_POST) { } // end if($_POST) function handle_wireless_post() { - global $_POST, $config, $g, $wancfg, $if, $wl_countries_attr; + global $_POST, $config, $g, $wancfg, $if, $wl_countries_attr, $wlanbaseif; if (!is_array($wancfg['wireless'])) $wancfg['wireless'] = array(); $wancfg['wireless']['standard'] = $_POST['standard']; @@ -702,6 +705,11 @@ function handle_wireless_post() { $wancfg['wireless']['auth_server_addr'] = $_POST['auth_server_addr']; $wancfg['wireless']['auth_server_port'] = $_POST['auth_server_port']; $wancfg['wireless']['auth_server_shared_secret'] = $_POST['auth_server_shared_secret']; + if ($_POST['persistcommonwireless'] == "yes") { + if (!is_array($config['wireless']['interfaces'][$wlanbaseif])) + $config['wireless']['interfaces'][$wlanbaseif] = array(); + } else if (isset($config['wireless']['interfaces'][$wlanbaseif])) + unset($config['wireless']['interfaces'][$wlanbaseif]); if ($_POST['hidessid_enable'] == "yes") $wancfg['wireless']['hidessid']['enable'] = true; else if (isset($wancfg['wireless']['hidessid']['enable'])) @@ -1454,12 +1462,12 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "ppp" = <?php if (isset($pconfig['pppid'])): ?> <td width="78%" class="vtable"> <a href="/interfaces_ppps_edit.php?id=<?=htmlspecialchars($pconfig['pppid']);?>" class="navlnk">Click here</a> - for additional PPtP and L2tP configuration options. Save first if you made changes. + for additional PPTP and L2TP configuration options. Save first if you made changes. </td> <? else: ?> <td width="78%" class="vtable"> <a href="/interfaces_ppps_edit.php" class="navlnk">Click here</a> - for advanced PPtP and L2tP configuration options. + for advanced PPTP and L2TP configuration options. </td> <? endif; ?> </tr> @@ -1477,6 +1485,13 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "ppp" = <td colspan="2" valign="top" class="listtopic">Common wireless configuration - Settings apply to all wireless networks on <?=$wlanbaseif;?>.</td> </tr> <tr> + <td valign="top" class="vncell">Persist common settings</td> + <td class="vtable"> + <input name="persistcommonwireless" type="checkbox" value="yes" class="formfld" id="persistcommonwireless" <? if ($pconfig['persistcommonwireless']) echo "checked";?>> + <br/>Enabling this preserves the common wireless configuration through interface deletions and reassignments. + </td> + </tr> + <tr> <td valign="top" class="vncellreq">Standard</td> <td class="vtable"> <select name="standard" class="formselect" id="standard"> @@ -1615,7 +1630,7 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "ppp" = <td colspan="2" valign="top" height="16"></td> </tr> <tr> - <td colspan="2" valign="top" class="listtopic">Wireless configuration</td> + <td colspan="2" valign="top" class="listtopic">Network-specific wireless configuration</td> </tr> <tr> <td valign="top" class="vncellreq">Mode</td> @@ -1979,10 +1994,7 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "ppp" = } } <?php - if ($if == "wan" || $if == "lan") - echo "\$('allcfg').show();\n"; - else - echo "show_allcfg(document.iform.enable);"; + echo "show_allcfg(document.iform.enable);"; echo "updateType('{$pconfig['type']}');\n"; ?> </script> diff --git a/usr/local/www/interfaces_groups_edit.php b/usr/local/www/interfaces_groups_edit.php index 51feffd..430bd7b 100755 --- a/usr/local/www/interfaces_groups_edit.php +++ b/usr/local/www/interfaces_groups_edit.php @@ -71,6 +71,11 @@ if ($_POST) { if (preg_match("/([^a-zA-Z])+/", $_POST['ifname'], $match)) $input_errors[] = "Only letters A-Z are allowed as the group name."; + $ifaces = get_configured_interface_with_descr(); + foreach ($ifaces as $gif => $gdescr) { + if ($gdescr == $_POST['ifname'] || $gif == $_POST['ifname']) + $input_errors[] = "The specified group name is already used by an interface. Please choose another name."; + } $ifgroupentry = array(); $ifgroupentry['ifname'] = $_POST['ifname']; $members = ""; diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index 29acb1c..171f583 100755 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -59,10 +59,16 @@ if ($_GET['act'] == "del") { $ipent = $a_allowedips[$_GET['id']]; if (isset($config['captiveportal']['enable'])) { + if (!empty($ipent['sn'])) + $ipent['ip'] .= "/{$ipent['sn']}"; mwexec("/sbin/ipfw table 3 delete " . $ipent['ip']); mwexec("/sbin/ipfw table 4 delete " . $ipent['ip']); mwexec("/sbin/ipfw table 5 delete " . $ipent['ip']); mwexec("/sbin/ipfw table 6 delete " . $ipent['ip']); + mwexec("/sbin/ipfw table 7 delete " . $ipent['ip']); + mwexec("/sbin/ipfw table 8 delete " . $ipent['ip']); + mwexec("/sbin/ipfw table 9 delete " . $ipent['ip']); + mwexec("/sbin/ipfw table 10 delete " . $ipent['ip']); } unset($a_allowedips[$_GET['id']]); @@ -109,13 +115,23 @@ include("head.inc"); <?php $i = 0; foreach ($a_allowedips as $ip): ?> <tr ondblclick="document.location='services_captiveportal_ip_edit.php?id=<?=$i;?>'"> <td class="listlr"> - <?php if($ip['dir'] == "to") - echo "any <img src=\"in.gif\" width=\"11\" height=\"11\" align=\"absmiddle\">"; + <?php + if($ip['dir'] == "to") { + echo "any <img src=\"/themes/{$g['theme']}/images/icons/icon_in.gif\" width=\"11\" height=\"11\" align=\"absmiddle\"> "; + } + if($ip['dir'] == "both") { + echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_pass.gif\" width=\"11\" height=\"11\" align=\"absmiddle\"> "; + } + echo strtolower($ip['ip']); + if($ip['sn'] != "32" && is_numeric($ip['sn'])) { + $sn = $ip['sn']; + echo "/$sn"; + } + if($ip['dir'] == "from") { + echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_in.gif\" width=\"11\" height=\"11\" align=\"absmiddle\"> any"; + } + ?> - <?=strtolower($ip['ip']);?> - <?php if($ip['dir'] == "from") - echo "<img src=\"in.gif\" width=\"11\" height=\"11\" align=\"absmiddle\"> any"; - ?> </td> <td class="listbg"> <?=htmlspecialchars($ip['descr']);?> @@ -152,6 +168,10 @@ include("head.inc"); <td>x.x.x.x <span class="vexpl"><img src="/themes/<?=$g['theme'];?>/images/icons/icon_in.gif" width="11" height="11" align="absmiddle"></span> any </td> <td><span class="vexpl">All connections <strong>from</strong> the IP address are allowed </span></td> </tr> + <tr> + <td><span class="vexpl"><img src="/themes/<?=$g['theme'];?>/images/icons/icon_pass.gif" width="11" height="11" align="right"></span> </td> + <td><span class="vexpl"> All connections <strong>to</strong> and <strong>from</strong> the IP address are allowed </span></td> + </tr> </table></td> <td class="list"> </td> </tr> diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php index 419327d..e6eab55 100755 --- a/usr/local/www/services_captiveportal_ip_edit.php +++ b/usr/local/www/services_captiveportal_ip_edit.php @@ -70,6 +70,7 @@ if (isset($_POST['id'])) if (isset($id) && $a_allowedips[$id]) { $pconfig['ip'] = $a_allowedips[$id]['ip']; + $pconfig['sn'] = $a_allowedips[$id]['sn']; $pconfig['dir'] = $a_allowedips[$id]['dir']; $pconfig['bw_up'] = $a_allowedips[$id]['bw_up']; $pconfig['bw_down'] = $a_allowedips[$id]['bw_down']; @@ -108,6 +109,7 @@ if ($_POST) { if (!$input_errors) { $ip = array(); $ip['ip'] = $_POST['ip']; + $ip['sn'] = $_POST['sn']; $ip['dir'] = $_POST['dir']; $ip['descr'] = $_POST['descr']; if ($_POST['bw_up']) @@ -116,9 +118,13 @@ if ($_POST) { $ip['bw_down'] = $_POST['bw_down']; if (isset($id) && $a_allowedips[$id]) { $oldip = $a_allowedips[$id]['ip']; + if (!empty($a_allowedips[$id]['sn'])) + $oldip .= "/{$a_allowedips[$id]['sn']}"; $a_allowedips[$id] = $ip; } else { $oldip = $ip['ip']; + if (!empty($$ip['sn'])) + $oldip .= "/{$$ip['sn']}"; $a_allowedips[] = $ip; } allowedips_sort(); @@ -168,8 +174,13 @@ include("head.inc"); <td width="22%" valign="top" class="vncellreq">IP address</td> <td width="78%" class="vtable"> <?=$mandfldhtml;?><input name="ip" type="text" class="formfld unknown" id="ip" size="17" value="<?=htmlspecialchars($pconfig['ip']);?>"> + /<select name='sn' class="formselect" id='sn'> + <?php for ($i = 32; $i >= 1; $i--): ?> + <option value="<?=$i;?>" <?php if ($i == $pconfig['sn']) echo "selected"; ?>><?=$i;?></option> + <?php endfor; ?> + </select> <br> - <span class="vexpl">IP address</span></td> + <span class="vexpl">IP address and subnet mask. Use /32 for a single IP.</span></td> </tr> <tr> <td width="22%" valign="top" class="vncell">Description</td> diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php index b55e750..d5dace5 100755 --- a/usr/local/www/services_captiveportal_mac_edit.php +++ b/usr/local/www/services_captiveportal_mac_edit.php @@ -131,11 +131,12 @@ if ($_POST) { captiveportal_free_ipfw_ruleno($ruleno); $rules = "delete {$ruleno}\n"; $rules .= "delete " . ++$ruleno . "\n"; - $rules .= captiveportal_passthrumac_configure_entry($mac); - file_put_contents("{$g['tmp_path']}/tmpmacedit{$id}", $rules); - mwexec("/sbin/ipfw -q {$g['tmp_path']}/tmpmacedit{$id}"); - @unlink("{$g['tmp_path']}/tmpmacedit{$id}"); } + + $rules .= captiveportal_passthrumac_configure_entry($mac); + file_put_contents("{$g['tmp_path']}/tmpmacedit{$id}", $rules); + mwexec("/sbin/ipfw -q {$g['tmp_path']}/tmpmacedit{$id}"); + @unlink("{$g['tmp_path']}/tmpmacedit{$id}"); header("Location: services_captiveportal_mac.php"); exit; diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php index 79fd1d8..9f4d9d6 100755 --- a/usr/local/www/services_dhcp.php +++ b/usr/local/www/services_dhcp.php @@ -252,6 +252,13 @@ if ($_POST) { } } + $noip = false; + foreach ($a_maps as $map) + if (empty($map['ipaddr'])) + $noip = true; + if ($_POST['staticarp'] && $noip) + $input_errors[] = "Cannot enable static ARP when you have static map entries without IP addresses. Ensure all static maps have IP addresses and try again."; + if (!$input_errors) { /* make sure the range lies within the current subnet */ $subnet_start = ip2ulong(long2ip32(ip2long($ifcfgip) & gen_subnet_mask_long($ifcfgsn))); @@ -330,9 +337,6 @@ if ($_POST) { write_config(); - /* static arp configuration */ - interfaces_staticarp_configure($if); - $retval = 0; $retvaldhcp = 0; $retvaldns = 0; diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php index 02a7315..dd98fa4 100755 --- a/usr/local/www/services_dhcp_edit.php +++ b/usr/local/www/services_dhcp_edit.php @@ -72,7 +72,7 @@ if (!is_array($config['dhcpd'][$if]['staticmap'])) { $config['dhcpd'][$if]['staticmap'] = array(); } -$static_map_enabled=isset($config['dhcpd'][$if]['staticarp']); +$static_arp_enabled=isset($config['dhcpd'][$if]['staticarp']); $a_maps = &$config['dhcpd'][$if]['staticmap']; $ifcfgip = get_interface_ip($if); @@ -123,8 +123,8 @@ if ($_POST) { if (($_POST['mac'] && !is_macaddr($_POST['mac']))) { $input_errors[] = "A valid MAC address must be specified."; } - if($static_map_enabled && !$_POST['ipaddr']) { - $input_errors[] = "Static map is enabled. You must specify an IP address."; + if($static_arp_enabled && !$_POST['ipaddr']) { + $input_errors[] = "Static ARP is enabled. You must specify an IP address."; } /* check for overlaps */ diff --git a/usr/local/www/services_rfc2136.php b/usr/local/www/services_rfc2136.php index 80edc0b..a8e9913 100644 --- a/usr/local/www/services_rfc2136.php +++ b/usr/local/www/services_rfc2136.php @@ -48,7 +48,7 @@ if ($_GET['act'] == "del") { write_config(); - header("Location: services_dyndns.php"); + header("Location: services_rfc2136.php"); exit; } @@ -105,9 +105,9 @@ include("head.inc"); </tr> <tr> <td colspan="3" class="list"><p class="vexpl"><span class="red"><strong> - Note:<br> + <br> </strong></span> - Add something meaningful here. + </td> <td class="list"> </td> </tr> diff --git a/usr/local/www/services_rfc2136_edit.php b/usr/local/www/services_rfc2136_edit.php index 97f8770..a7d9e7b 100644 --- a/usr/local/www/services_rfc2136_edit.php +++ b/usr/local/www/services_rfc2136_edit.php @@ -81,7 +81,7 @@ if ($_POST) { if (!$input_errors) { $rfc2136 = array(); - $rfc2136['enable'] = $_POST['enable'] ? false : true; + $rfc2136['enable'] = $_POST['enable'] ? true : false; $rfc2136['host'] = $_POST['host']; $rfc2136['ttl'] = $_POST['ttl']; $rfc2136['keyname'] = $_POST['keyname']; diff --git a/usr/local/www/services_snmp.php b/usr/local/www/services_snmp.php index 9540d98..a9f8b7b 100755 --- a/usr/local/www/services_snmp.php +++ b/usr/local/www/services_snmp.php @@ -290,7 +290,7 @@ function enable_change(whichone) { <td width="22%" valign="top" class="vncellreq">Read Community String</td> <td width="78%" class="vtable"> <input name="rocommunity" type="text" class="formfld unknown" id="rocommunity" size="40" value="<?=htmlspecialchars($pconfig['rocommunity']);?>"> - <br>In most cases, "public" is used here</br> + <br>The community string is like a password, restricting access to querying SNMP to hosts knowing the community string. Use a strong value here to protect from unauthorized information disclosure.</br> </td> </tr> diff --git a/usr/local/www/status.php b/usr/local/www/status.php index bc2656d..d1985e3 100755 --- a/usr/local/www/status.php +++ b/usr/local/www/status.php @@ -168,7 +168,7 @@ defCmdT("pftop -w 150 -a -b -v speed","/usr/local/sbin/pftop -w 150 -a -b -v spe defCmdT("resolv.conf","cat /etc/resolv.conf"); defCmdT("Processes","ps xauww"); -defCmdT("dhcpd.conf","cat /var/etc/dhcpd.conf"); +defCmdT("dhcpd.conf","cat /var/dhcpd/etc/dhcpd.conf"); defCmdT("ez-ipupdate.cache","cat /conf/ez-ipupdate.cache"); defCmdT("df","/bin/df"); diff --git a/usr/local/www/status_gateway_groups.php b/usr/local/www/status_gateway_groups.php index 5ed4aa9..2a91b77 100755 --- a/usr/local/www/status_gateway_groups.php +++ b/usr/local/www/status_gateway_groups.php @@ -4,7 +4,7 @@ status_gateway_groups.php part of pfSense (http://pfsense.com) - Copyright (C) 2007 Seth Mos <seth.mos@xs4all.nl>. + Copyright (C) 2010 Seth Mos <seth.mos@dds.nl>. All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/usr/local/www/status_gateways.php b/usr/local/www/status_gateways.php index 72e14b2..bffdb3b 100755 --- a/usr/local/www/status_gateways.php +++ b/usr/local/www/status_gateways.php @@ -4,7 +4,7 @@ status_gateways.php part of pfSense (http://www.pfsense.com/) - Copyright (C) 2006 Seth Mos <seth.mos@xs4all.nl>. + Copyright (C) 2010 Seth Mos <seth.mos@dds.nl>. All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/usr/local/www/status_lb_pool.php b/usr/local/www/status_lb_pool.php index 18b4c57..5a87e35 100755 --- a/usr/local/www/status_lb_pool.php +++ b/usr/local/www/status_lb_pool.php @@ -4,7 +4,7 @@ status_lb_pool.php part of pfSense (http://www.pfsense.com/) - Copyright (C) 2006 Seth Mos <seth.mos@xs4all.nl>. + Copyright (C) 2010 Seth Mos <seth.mos@dds.nl>. All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/usr/local/www/status_lb_vs.php b/usr/local/www/status_lb_vs.php index 0589425..5d74cf3 100755 --- a/usr/local/www/status_lb_vs.php +++ b/usr/local/www/status_lb_vs.php @@ -4,7 +4,7 @@ status_lb_vs.php part of pfSense (http://www.pfsense.com/) - Copyright (C) 2007 Seth Mos <seth.mos@xs4all.nl>. + Copyright (C) 2010 Seth Mos <seth.mos@dds.nl>. All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/usr/local/www/status_rrd_graph.php b/usr/local/www/status_rrd_graph.php index 115d12c..97454c9 100755 --- a/usr/local/www/status_rrd_graph.php +++ b/usr/local/www/status_rrd_graph.php @@ -3,7 +3,7 @@ /* status_rrd_graph.php Part of pfSense - Copyright (C) 2007 Seth Mos <seth.mos@xs4all.nl> + Copyright (C) 2007 Seth Mos <seth.mos@dds.nl> All rights reserved. Redistribution and use in source and binary forms, with or without @@ -28,7 +28,6 @@ POSSIBILITY OF SUCH DAMAGE. */ /* - pfSense_BUILDER_BINARIES: /usr/bin/find pfSense_MODULE: system */ @@ -50,8 +49,9 @@ if(! isset($config['rrd']['enable'])) { } $rrddbpath = "/var/db/rrd/"; -/* XXX: (billm) do we have an exec() type function that does this type of thing? */ -exec("cd $rrddbpath;/usr/bin/find -name *.rrd", $databases); +chdir($rrddbpath); +$databases = glob("*.rrd"); + if ($_GET['cat']) { $curcat = $_GET['cat']; @@ -109,12 +109,46 @@ if ($_GET['option']) { continue 2; } } + case "vpnusers": + foreach($databases as $database) { + if(preg_match("/[-]vpnusers\.rrd/i", $database)) { + /* pick off the 1st database we find that matches the VPN graphs */ + $name = explode("-", $database); + $curoption = "$name[0]"; + continue 2; + } + } default: $curoption = "wan"; break; } } +$now = time(); +if($curcat == "custom") { + if (is_numeric($_GET['start'])) { + if($start < ($now - (3600 * 24 * 365 * 5))) { + $start = $now - (4 * 3600); + } + $start = $_GET['start']; + } else { + $start = $now - (4 * 3600); + } +} + +if (is_numeric($_GET['end'])) { + $end = $_GET['end']; +} else { + $end = $now; +} + +/* this should never happen */ +if($end < $start) { + $end = $now; +} + +$seconds = $end - $start; + if ($_GET['style']) { $curstyle = $_GET['style']; } else { @@ -133,6 +167,7 @@ $dbheader = array("allgraphs-traffic.rrd", "allgraphs-quality.rrd", "allgraphs-wireless.rrd", "allgraphs-cellular.rrd", + "allgraphs-vpnusers.rrd", "allgraphs-packets.rrd", "system-allgraphs.rrd", "system-throughput.rrd", @@ -141,15 +176,18 @@ $dbheader = array("allgraphs-traffic.rrd", "outbound-traffic.rrd"); foreach($databases as $database) { - if(stristr($database, "wireless")) { + if(stristr($database, "-wireless")) { $wireless = true; } - if(stristr($database, "queues")) { + if(stristr($database, "-queues")) { $queues = true; } - if(stristr($database, "cellular")) { + if(stristr($database, "-cellular")) { $cellular = true; } + if(stristr($database, "-vpnusers")) { + $vpnusers = true; + } } /* append the existing array to the header */ $ui_databases = array_merge($dbheader, $databases); @@ -168,7 +206,7 @@ function get_dates($curperiod, $graph) { $curyear = date('Y', $now); $curmonth = date('m', $now); $curweek = date('W', $now); - $curweekday = date('w', $now); + $curweekday = date('N', $now) - 1; // We want to start on monday $curday = date('d', $now); switch($curperiod) { @@ -184,8 +222,16 @@ function get_dates($curperiod, $graph) { $end = mktime(0, 0, 0, $curmonth, (($curday + $offset) + 1), $curyear); break; case "week": - $start = mktime(0, 0, 0, $curmonth, (($curday + $curweekday) - $offset), $curyear); - $end = mktime(0, 0, 0, $curmonth, (($curday + $curweekday) + 7), $curyear); + switch($offset) { + case 0; + $weekoffset = 0; + break; + default: + $weekoffset = ($offset * 7) - 7; + break; + } + $start = mktime(0, 0, 0, $curmonth, (($curday - $curweekday) + $weekoffset), $curyear); + $end = mktime(0, 0, 0, $curmonth, (($curday - $curweekday) + $weekoffset + 7), $curyear); break; case "month": $start = mktime(0, 0, 0, ($curmonth + $offset), 0, $curyear); @@ -232,9 +278,9 @@ function get_dates($curperiod, $graph) { $tab_array[] = array("Quality", $tabactive, "status_rrd_graph.php?cat=quality"); if($queues) { if($curcat == "queues") { $tabactive = True; } else { $tabactive = False; } - $tab_array[] = array("Queues", $tabactive, "status_rrd_graph.php?cat=queues"); + $tab_array[] = array("Queues", $tabactive, "status_rrd_graph.php?cat=queues"); if($curcat == "queuedrops") { $tabactive = True; } else { $tabactive = False; } - $tab_array[] = array("QueueDrops", $tabactive, "status_rrd_graph.php?cat=queuedrops"); + $tab_array[] = array("QueueDrops", $tabactive, "status_rrd_graph.php?cat=queuedrops"); } if($wireless) { if($curcat == "wireless") { $tabactive = True; } else { $tabactive = False; } @@ -244,6 +290,12 @@ function get_dates($curperiod, $graph) { if($curcat == "cellular") { $tabactive = True; } else { $tabactive = False; } $tab_array[] = array("Cellular", $tabactive, "status_rrd_graph.php?cat=cellular"); } + if($vpnusers) { + if($curcat == "vpnusers") { $tabactive = True; } else { $tabactive = False; } + $tab_array[] = array("VPN", $tabactive, "status_rrd_graph.php?cat=vpnusers"); + } + if($curcat == "custom") { $tabactive = True; } else { $tabactive = False; } + $tab_array[] = array("Custom", $tabactive, "status_rrd_graph.php?cat=custom"); if($curcat == "settings") { $tabactive = True; } else { $tabactive = False; } $tab_array[] = array("Settings", $tabactive, "status_rrd_graph_settings.php"); display_top_tabs($tab_array); @@ -263,6 +315,19 @@ function get_dates($curperiod, $graph) { <select name="option" class="formselect" style="z-index: -10;" onchange="document.form1.submit()"> <?php + if($curcat == "custom") { + foreach ($databases as $db => $database) { + $optionc = split("-", $database); + $search = array("-", ".rrd", $optionc); + $replace = array(" :: ", "", $friendly); + echo "<option value=\"{$database}\""; + $prettyprint = ucwords(str_replace($search, $replace, $database)); + if($curoption == $database) { + echo " selected "; + } + echo ">" . htmlspecialchars($prettyprint) . "</option>\n"; + } + } foreach ($ui_databases as $db => $database) { if(! preg_match("/($curcat)/i", $database)) { continue; @@ -270,11 +335,12 @@ function get_dates($curperiod, $graph) { $optionc = split("-", $database); $search = array("-", ".rrd", $optionc); $replace = array(" :: ", "", $friendly); + switch($curcat) { case "system": - $optionc = str_replace($search, $replace, $optionc[1]); - echo "<option value=\"$optionc\""; - $prettyprint = ucwords(str_replace($search, $replace, $optionc)); + $optioncf = str_replace($search, $replace, $optionc[1]); + echo "<option value=\"$optioncf\""; + $prettyprint = ucwords(str_replace($search, $replace, $optioncf)); break; default: /* Deduce a interface if possible and use the description */ @@ -308,65 +374,86 @@ function get_dates($curperiod, $graph) { ?> </select> - <?=gettext("Period:");?> - <select name="period" class="formselect" style="z-index: -10;" onchange="document.form1.submit()"> - <?php - foreach ($periods as $period => $value) { - echo "<option value=\"$period\""; - if ($period == $curperiod) echo " selected"; - echo ">" . htmlspecialchars($value) . "</option>\n"; + <? + if($curcat <> "custom") { + ?> + <?=gettext("Period:");?> + <select name="period" class="formselect" style="z-index: -10;" onchange="document.form1.submit()"> + <?php + foreach ($periods as $period => $value) { + echo "<option value=\"$period\""; + if ($period == $curperiod) echo " selected"; + echo ">" . htmlspecialchars($value) . "</option>\n"; + } } ?> - </select> - <?php - // echo "year $curyear, month $curmonth, week $curweek, day $curday, weekday $curweekday<br>"; - foreach($graphs as $graph) { - /* check which databases are valid for our category */ - foreach($ui_databases as $curdatabase) { - if(! preg_match("/($curcat)/i", $curdatabase)) { - continue; - } - $optionc = split("-", $curdatabase); - $search = array("-", ".rrd", $optionc); - $replace = array(" :: ", "", $friendly); - switch($curoption) { - case "outbound": - /* only show interfaces with a gateway */ - $optionc = "$optionc[0]"; - if(!interface_has_gateway($optionc)) { - if(!preg_match("/($optionc)-(quality)/", $curdatabase)) { + if($curcat == "custom") { + ?> + <?=gettext("Start:");?> + <input type="text" name="start" class="formfldunknown" length="32" value="<?php echo $start;?>"> + <?=gettext("End:");?> + <input type="text" name="end" class="formfldunknown" length="32" value="<?php echo $now;?>"> + <input type="submit" name="Submit" value="Go"> + <? + $curdatabase = $curoption; + $graph = "custom-$curdatabase"; + if(in_array($curdatabase, $databases)) { + echo "<tr><td colspan=2 class=\"list\">\n"; + echo "<IMG BORDER='0' name='{$graph}-{$curoption}-{$curdatabase}' "; + echo "id='{$graph}-{$curoption}-{$curdatabase}' ALT=\"$prettydb Graph\" "; + echo "SRC=\"status_rrd_graph_img.php?start={$start}&end={$end}&database={$curdatabase}&style={$curstyle}&graph={$graph}\" />\n"; + echo "<br /><hr><br />\n"; + echo "</td></tr>\n"; + } + } else { + foreach($graphs as $graph) { + /* check which databases are valid for our category */ + foreach($ui_databases as $curdatabase) { + if(! preg_match("/($curcat)/i", $curdatabase)) { + continue; + } + $optionc = split("-", $curdatabase); + $search = array("-", ".rrd", $optionc); + $replace = array(" :: ", "", $friendly); + switch($curoption) { + case "outbound": + /* only show interfaces with a gateway */ + $optionc = "$optionc[0]"; + if(!interface_has_gateway($optionc)) { + if(!preg_match("/($optionc)-(quality)/", $curdatabase)) { + continue 2; + } + } + if(! preg_match("/($optionc)[-.]/i", $curdatabase)) { continue 2; } - } - if(! preg_match("/($optionc)[-.]/i", $curdatabase)) { - continue 2; - } - break; - case "allgraphs": - /* make sure we do not show the placeholder databases in the all view */ - if((stristr($curdatabase, "outbound")) || (stristr($curdatabase, "allgraphs"))) { - continue 2; - } - break; - default: - /* just use the name here */ - if(! preg_match("/($curoption)[-.]/i", $curdatabase)) { - continue 2; - } - } - if(in_array($curdatabase, $databases)) { - $dates = get_dates($curperiod, $graph); - $start = $dates['start']; - $end = $dates['end']; - echo "<tr><td colspan=2 class=\"list\">\n"; - echo "<IMG BORDER='0' name='{$graph}-{$curoption}-{$curdatabase}' "; - echo "id='{$graph}-{$curoption}-{$curdatabase}' ALT=\"$prettydb Graph\" "; - echo "SRC=\"status_rrd_graph_img.php?start={$start}&end={$end}&database={$curdatabase}&style={$curstyle}&graph={$graph}\" />\n"; - echo "<br /><hr><br />\n"; - echo "</td></tr>\n"; + break; + case "allgraphs": + /* make sure we do not show the placeholder databases in the all view */ + if((stristr($curdatabase, "outbound")) || (stristr($curdatabase, "allgraphs"))) { + continue 2; + } + break; + default: + /* just use the name here */ + if(! preg_match("/($curoption)[-.]/i", $curdatabase)) { + continue 2; + } + } + if(in_array($curdatabase, $databases)) { + $dates = get_dates($curperiod, $graph); + $start = $dates['start']; + $end = $dates['end']; + echo "<tr><td colspan=2 class=\"list\">\n"; + echo "<IMG BORDER='0' name='{$graph}-{$curoption}-{$curdatabase}' "; + echo "id='{$graph}-{$curoption}-{$curdatabase}' ALT=\"$prettydb Graph\" "; + echo "SRC=\"status_rrd_graph_img.php?start={$start}&end={$end}&database={$curdatabase}&style={$curstyle}&graph={$graph}\" />\n"; + echo "<br /><hr><br />\n"; + echo "</td></tr>\n"; + } } } } diff --git a/usr/local/www/status_rrd_graph_img.php b/usr/local/www/status_rrd_graph_img.php index 567d272..c559d3d 100644 --- a/usr/local/www/status_rrd_graph_img.php +++ b/usr/local/www/status_rrd_graph_img.php @@ -3,7 +3,7 @@ /* status_rrd_graph_img.php Part of pfSense - Copyright (C) 2009 Seth Mos <seth.mos@xs4all.nl> + Copyright (C) 2009 Seth Mos <seth.mos@dds.nl> All rights reserved. Redistribution and use in source and binary forms, with or without @@ -28,7 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. */ /* - pfSense_BUILDER_BINARIES: /usr/bin/find /bin/rm /usr/local/bin/rrdtool + pfSense_BUILDER_BINARIES: /bin/rm /usr/local/bin/rrdtool pfSense_MODULE: system */ @@ -40,7 +40,7 @@ require_once("rrd.inc"); $pgtitle = array("System","RRD Graphs","Image viewer"); if ($_GET['database']) { - $curdatabase = $_GET['database']; + $curdatabase = basename($_GET['database']); } else { $curdatabase = "wan-traffic.rrd"; } @@ -146,8 +146,9 @@ $havg = timeDiff($average, $defOptions); $hperiod = timeDiff($seconds, $defOptions); $data = true; -/* XXX: (billm) do we have an exec() type function that does this type of thing? */ -exec("cd $rrddbpath;/usr/bin/find -name *.rrd", $databases); +$rrddbpath = "/var/db/rrd/"; +chdir($rrddbpath); +$databases = glob("*.rrd"); rsort($databases); /* compare bytes/sec counters, divide bps by 8 */ @@ -205,6 +206,7 @@ if(file_exists($rrdcolors)) { $colorwireless = array('333333','a83c3c','999999'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); + $colorvpnusers = array('990000'); } switch ($curstyle) { @@ -570,6 +572,25 @@ elseif((strstr($curdatabase, "-wireless.rrd")) && (file_exists("$rrddbpath$curda $graphcmd .= "COMMENT:\"\\n\" "; $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; } +elseif((strstr($curdatabase, "-vpnusers.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { + /* define graphcmd for vpn users stats */ + $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; + $graphcmd .= "--start $start --end $end "; + $graphcmd .= "--vertical-label \"users\" "; + $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; + $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--height 200 --width 620 "; + $graphcmd .= "DEF:\"$curif-users=$rrddbpath$curdatabase:users:AVERAGE\" "; + $graphcmd .= "LINE2:\"$curif-users#{$colorvpnusers[0]}:$curif-users\" "; + $graphcmd .= "COMMENT:\"\\n\" "; + $graphcmd .= "COMMENT:\"\t\t\t maximum\t\t average\t current\\n\" "; + $graphcmd .= "COMMENT:\"Users Online\t\" "; + $graphcmd .= "GPRINT:\"$curif-users:MAX:%7.2lf \" "; + $graphcmd .= "GPRINT:\"$curif-users:AVERAGE:%7.2lf \" "; + $graphcmd .= "GPRINT:\"$curif-users:LAST:%7.2lf \" "; + $graphcmd .= "COMMENT:\"\\n\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; +} elseif((strstr($curdatabase, "-states.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for states stats */ $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; diff --git a/usr/local/www/status_rrd_graph_settings.php b/usr/local/www/status_rrd_graph_settings.php index d1398c4..b173e00 100755 --- a/usr/local/www/status_rrd_graph_settings.php +++ b/usr/local/www/status_rrd_graph_settings.php @@ -3,7 +3,7 @@ /* status_rrd_graph.php Part of pfSense - Copyright (C) 2007 Seth Mos <seth.mos@xs4all.nl> + Copyright (C) 2007 Seth Mos <seth.mos@dds.nl> All rights reserved. Redistribution and use in source and binary forms, with or without @@ -77,9 +77,11 @@ if ($_POST) { } } + + $rrddbpath = "/var/db/rrd/"; -/* XXX: (billm) do we have an exec() type function that does this type of thing? */ -exec("cd $rrddbpath;/usr/bin/find -name *.rrd", $databases); +chdir($rrddbpath); +$databases = glob("*.rrd"); foreach($databases as $database) { if(stristr($database, "wireless")) { @@ -91,6 +93,9 @@ foreach($databases as $database) { if(stristr($database, "cellular")) { $cellular = true; } + if(stristr($database, "-vpnusers")) { + $vpnusers = true; + } } $pgtitle = array("Status","RRD Graphs"); @@ -106,32 +111,39 @@ include("head.inc"); <tr> <td> <?php - $tab_array = array(); - if($curcat == "system") { $tabactive = True; } else { $tabactive = False; } - $tab_array[] = array("System", $tabactive, "status_rrd_graph.php?cat=system"); - if($curcat == "traffic") { $tabactive = True; } else { $tabactive = False; } - $tab_array[] = array("Traffic", $tabactive, "status_rrd_graph.php?cat=traffic"); - if($curcat == "packets") { $tabactive = True; } else { $tabactive = False; } - $tab_array[] = array("Packets", $tabactive, "status_rrd_graph.php?cat=packets"); - if($curcat == "quality") { $tabactive = True; } else { $tabactive = False; } - $tab_array[] = array("Quality", $tabactive, "status_rrd_graph.php?cat=quality"); + $tab_array = array(); + if($curcat == "system") { $tabactive = True; } else { $tabactive = False; } + $tab_array[] = array("System", $tabactive, "status_rrd_graph.php?cat=system"); + if($curcat == "traffic") { $tabactive = True; } else { $tabactive = False; } + $tab_array[] = array("Traffic", $tabactive, "status_rrd_graph.php?cat=traffic"); + if($curcat == "packets") { $tabactive = True; } else { $tabactive = False; } + $tab_array[] = array("Packets", $tabactive, "status_rrd_graph.php?cat=packets"); + if($curcat == "quality") { $tabactive = True; } else { $tabactive = False; } + $tab_array[] = array("Quality", $tabactive, "status_rrd_graph.php?cat=quality"); if($queues) { - if($curcat == "queues") { $tabactive = True; } else { $tabactive = False; } - $tab_array[] = array("Queues", $tabactive, "status_rrd_graph.php?cat=queues"); + if($curcat == "queues") { $tabactive = True; } else { $tabactive = False; } + $tab_array[] = array("Queues", $tabactive, "status_rrd_graph.php?cat=queues"); if($curcat == "queuedrops") { $tabactive = True; } else { $tabactive = False; } - $tab_array[] = array("QueueDrops", $tabactive, "status_rrd_graph.php?cat=queuedrops"); + $tab_array[] = array("QueueDrops", $tabactive, "status_rrd_graph.php?cat=queuedrops"); } if($wireless) { - if($curcat == "wireless") { $tabactive = True; } else { $tabactive = False; } - $tab_array[] = array("Wireless", $tabactive, "status_rrd_graph.php?cat=wireless"); + if($curcat == "wireless") { $tabactive = True; } else { $tabactive = False; } + $tab_array[] = array("Wireless", $tabactive, "status_rrd_graph.php?cat=wireless"); } if($cellular) { if($curcat == "cellular") { $tabactive = True; } else { $tabactive = False; } - $tab_array[] = array("Cellular", $tabactive, "status_rrd_graph.php?cat=cellular"); + $tab_array[] = array("Cellular", $tabactive, "status_rrd_graph.php?cat=cellular"); + } + if($vpnusers) { + if($curcat == "vpnusers") { $tabactive = True; } else { $tabactive = False; } + $tab_array[] = array("VPN", $tabactive, "status_rrd_graph.php?cat=vpnusers"); } - if($curcat == "settings") { $tabactive = True; } else { $tabactive = False; } - $tab_array[] = array("Settings", $tabactive, "status_rrd_graph_settings.php"); - display_top_tabs($tab_array); + if($curcat == "custom") { $tabactive = True; } else { $tabactive = False; } + $tab_array[] = array("Custom", $tabactive, "status_rrd_graph.php?cat=custom"); + if($curcat == "settings") { $tabactive = True; } else { $tabactive = False; } + $tab_array[] = array("Settings", $tabactive, "status_rrd_graph_settings.php"); + + display_top_tabs($tab_array); ?> </td> </tr> diff --git a/usr/local/www/status_upnp.php b/usr/local/www/status_upnp.php index 024633f..e5908d3 100644 --- a/usr/local/www/status_upnp.php +++ b/usr/local/www/status_upnp.php @@ -4,7 +4,7 @@ status_upnp.php part of pfSense (http://www.pfsense.com/) - Copyright (C) 2006 Seth Mos <seth.mos@xs4all.nl>. + Copyright (C) 2010 Seth Mos <seth.mos@dds.nl>. All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/usr/local/www/status_wireless.php b/usr/local/www/status_wireless.php index 751810a..0ec7e6a 100755 --- a/usr/local/www/status_wireless.php +++ b/usr/local/www/status_wireless.php @@ -50,8 +50,10 @@ if(empty($if)) { /* Find the first interface that is wireless */ foreach($ciflist as $interface => $ifdescr) { - if(is_interface_wireless(get_real_interface($interface))) + if(is_interface_wireless(get_real_interface($interface))) { $if = $interface; + break; + } } } ?> diff --git a/usr/local/www/system_advanced_misc.php b/usr/local/www/system_advanced_misc.php index 41f0979..1bdefe9 100644 --- a/usr/local/www/system_advanced_misc.php +++ b/usr/local/www/system_advanced_misc.php @@ -224,7 +224,7 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Security Assocications"); ?></td> <td width="78%" class="vtable"> - <input name="preferoldsa_enable" type="checkbox" id="preferoldsa_enable" value="yes" <?php if ($pconfig['preferoldsa_enable']) echo "checked"; ?> /> + <input name="preferoldsa_enable" type="checkbox" id="preferoldsa_enable" value="yes" <?php if (isset($pconfig['preferoldsa_enable'])) echo "checked"; ?> /> <strong><?=gettext("Prefer older IPsec SAs"); ?></strong> <br /> <?=gettext("By default, if several SAs match, the newest one is " . diff --git a/usr/local/www/system_advanced_notifications.php b/usr/local/www/system_advanced_notifications.php index cdd8b2d..0ee67c7 100644 --- a/usr/local/www/system_advanced_notifications.php +++ b/usr/local/www/system_advanced_notifications.php @@ -111,13 +111,13 @@ if ($_POST) { if($config['notifications']['growl']['ipaddress'] && $config['notifications']['growl']['password'] = $_POST['password']) { register_via_growl(); - notify_via_growl(gettext("This is a test message form pfSense. It is safe to ignore this message.")); + notify_via_growl(gettext("This is a test message from pfSense. It is safe to ignore this message.")); } // Send test message via smtp if(file_exists("/var/db/notices_lastmsg.txt")) unlink("/var/db/notices_lastmsg.txt"); - $savemsg = notify_via_smtp(gettext("This is a test message form pfSense. It is safe to ignore this message.")); + $savemsg = notify_via_smtp(gettext("This is a test message from pfSense. It is safe to ignore this message.")); pfSenseHeader("system_advanced_notifications.php"); exit; diff --git a/usr/local/www/system_gateway_groups.php b/usr/local/www/system_gateway_groups.php index 43dfea7..f767aff 100755 --- a/usr/local/www/system_gateway_groups.php +++ b/usr/local/www/system_gateway_groups.php @@ -4,7 +4,7 @@ system_gateway_groups.php part of pfSense (http://pfsense.com) - Copyright (C) 2007 Seth Mos <seth.mos@xs4all.nl>. + Copyright (C) 2010 Seth Mos <seth.mos@dds.nl>. All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/usr/local/www/system_gateway_groups_edit.php b/usr/local/www/system_gateway_groups_edit.php index 1a504c5..268a5da 100755 --- a/usr/local/www/system_gateway_groups_edit.php +++ b/usr/local/www/system_gateway_groups_edit.php @@ -4,7 +4,7 @@ system_gateway_groups_edit.php part of pfSense (http://pfsense.com) - Copyright (C) 2007 Seth Mos <seth.mos@xs4all.nl>. + Copyright (C) 2010 Seth Mos <seth.mos@dds.nl>. All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/usr/local/www/system_gateways.php b/usr/local/www/system_gateways.php index 82004a7..d789d76 100755 --- a/usr/local/www/system_gateways.php +++ b/usr/local/www/system_gateways.php @@ -4,7 +4,7 @@ system_gateways.php part of pfSense (http://pfsense.com) - Copyright (C) 2007 Seth Mos <seth.mos@xs4all.nl>. + Copyright (C) 2010 Seth Mos <seth.mos@dds.nl>. All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index 98d1e81..e679b90 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -4,7 +4,7 @@ system_gateways_edit.php part of pfSense (http://pfsense.com) - Copyright (C) 2007 Seth Mos <seth.mos@xs4all.nl>. + Copyright (C) 2010 Seth Mos <seth.mos@dds.nl>. All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/usr/local/www/system_groupmanager.php b/usr/local/www/system_groupmanager.php index a167790..37c5ec3 100644 --- a/usr/local/www/system_groupmanager.php +++ b/usr/local/www/system_groupmanager.php @@ -152,10 +152,12 @@ if ($_POST) { local_group_set($group); /* Refresh users in this group since their privileges may have changed. */ - $a_user = &$config['system']['user']; - foreach ($a_user as & $user) { - if (in_array($user['uid'], $group['member'])) - local_user_set($user); + if (is_array($group['member'])) { + $a_user = &$config['system']['user']; + foreach ($a_user as & $user) { + if (in_array($user['uid'], $group['member'])) + local_user_set($user); + } } write_config(); @@ -410,8 +412,11 @@ function presubmit() { $grpimg = "/themes/{$g['theme']}/images/icons/icon_system-group-grey.png"; else $grpimg = "/themes/{$g['theme']}/images/icons/icon_system-group.png"; + $groupcount = count($group['member']); + if ($group["name"] == "all") + $groupcount = count($config['system']['user']); ?> - <tr> + <tr ondblclick="document.location='system_groupmanager.php?act=edit&id=<?=$i;?>'"> <td class="listlr"> <table border="0" cellpadding="0" cellspacing="0"> <tr> @@ -429,7 +434,7 @@ function presubmit() { <?=htmlspecialchars($group['description']);?> </td> <td class="listbg"> - <?=count($group['member'])?> + <?=$groupcount;?> </td> <td valign="middle" nowrap class="list"> <a href="system_groupmanager.php?act=edit&id=<?=$i;?>"> diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index 352d5cc..0a52028 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -136,8 +136,6 @@ if(!$pconfig['backend']) <?php $auth_servers = auth_get_authserver_list(); foreach ($auth_servers as $auth_server): - if ($auth_server['type'] == 'radius') - continue; $selected = ""; if ($auth_server['name'] == $pconfig['authmode']) $selected = "selected"; diff --git a/usr/local/www/themes/code-red/rrdcolors.inc.php b/usr/local/www/themes/code-red/rrdcolors.inc.php index cbd6a8d..1ab0fd0 100755 --- a/usr/local/www/themes/code-red/rrdcolors.inc.php +++ b/usr/local/www/themes/code-red/rrdcolors.inc.php @@ -46,5 +46,6 @@ $colorqualityloss = "ee0000"; $colorwireless = array('990000','a83c3c','b36666');
$colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066');
$colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600');
+$colorvpnusers = array('990000');
?>
diff --git a/usr/local/www/themes/metallic/rrdcolors.inc.php b/usr/local/www/themes/metallic/rrdcolors.inc.php index e3153fd..8e74545 100644 --- a/usr/local/www/themes/metallic/rrdcolors.inc.php +++ b/usr/local/www/themes/metallic/rrdcolors.inc.php @@ -46,5 +46,6 @@ $colorqualityloss = "ee0000"; $colorwireless = array('333333','a83c3c','999999'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); +$colorvpnusers = array('990000'); ?> diff --git a/usr/local/www/themes/nervecenter/rrdcolors.inc.php b/usr/local/www/themes/nervecenter/rrdcolors.inc.php index e3153fd..8e74545 100644 --- a/usr/local/www/themes/nervecenter/rrdcolors.inc.php +++ b/usr/local/www/themes/nervecenter/rrdcolors.inc.php @@ -46,5 +46,6 @@ $colorqualityloss = "ee0000"; $colorwireless = array('333333','a83c3c','999999'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); +$colorvpnusers = array('990000'); ?> diff --git a/usr/local/www/themes/pfsense-dropdown/rrdcolors.inc.php b/usr/local/www/themes/pfsense-dropdown/rrdcolors.inc.php index e3153fd..8e74545 100644 --- a/usr/local/www/themes/pfsense-dropdown/rrdcolors.inc.php +++ b/usr/local/www/themes/pfsense-dropdown/rrdcolors.inc.php @@ -46,5 +46,6 @@ $colorqualityloss = "ee0000"; $colorwireless = array('333333','a83c3c','999999'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); +$colorvpnusers = array('990000'); ?> diff --git a/usr/local/www/themes/pfsense/rrdcolors.inc.php b/usr/local/www/themes/pfsense/rrdcolors.inc.php index e3153fd..8e74545 100644 --- a/usr/local/www/themes/pfsense/rrdcolors.inc.php +++ b/usr/local/www/themes/pfsense/rrdcolors.inc.php @@ -46,5 +46,6 @@ $colorqualityloss = "ee0000"; $colorwireless = array('333333','a83c3c','999999'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); +$colorvpnusers = array('990000'); ?> diff --git a/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php b/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php index e3153fd..8e74545 100644 --- a/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php +++ b/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php @@ -46,5 +46,6 @@ $colorqualityloss = "ee0000"; $colorwireless = array('333333','a83c3c','999999'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); +$colorvpnusers = array('990000'); ?> diff --git a/usr/local/www/themes/the_wall/rrdcolors.inc.php b/usr/local/www/themes/the_wall/rrdcolors.inc.php index e3153fd..8e74545 100644 --- a/usr/local/www/themes/the_wall/rrdcolors.inc.php +++ b/usr/local/www/themes/the_wall/rrdcolors.inc.php @@ -46,5 +46,6 @@ $colorqualityloss = "ee0000"; $colorwireless = array('333333','a83c3c','999999'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); +$colorvpnusers = array('990000'); ?> diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index 6e1e242..5daa29a 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -229,6 +229,8 @@ function filter_configure_xmlrpc($raw_params) { require_once("openvpn.inc"); openvpn_resync_all(); services_dhcpd_configure(); + services_dnsmasq_configure(); + local_sync_accounts(); return $xmlrpc_g['return']['true']; } |
