diff options
author | Ermal LUÇI <eri@pfsense.org> | 2015-01-12 12:17:00 +0100 |
---|---|---|
committer | Ermal LUÇI <eri@pfsense.org> | 2015-01-12 12:18:49 +0100 |
commit | 339e2fe5e66e07a953c28b59e964a96f77edcecd (patch) | |
tree | e61b00e1c6d12bada7e36cd24168f92406de1d41 | |
parent | 6a752ca21acc099b0510d741b9774e876cfd0405 (diff) | |
download | pfsense-339e2fe5e66e07a953c28b59e964a96f77edcecd.zip pfsense-339e2fe5e66e07a953c28b59e964a96f77edcecd.tar.gz |
* Try to autodetect if the execution limit needs to be raised on big number of passthrough entries.
Set the time limit to 0 and restore it back to default value when this is detected.
* Do not leak pipes when reloading ruleset for CP since this will consume available descriptors.
This has been noted before but considered fixed, this is the real fix actually for dnpipes.
-rw-r--r-- | etc/inc/captiveportal.inc | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 3964b40..c42eb35 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -194,6 +194,14 @@ function captiveportal_configure_zone($cpcfg) { } else captiveportal_syslog("Reconfiguring captive portal({$cpcfg['zone']})."); + if (is_array($cpcfg['passthrumac'])) { + $nentries = count($cpcfg['passthrumac']); + if ($nentries > 2000) { + if (!set_time_limit(0)) + log_error("Execution time limit may be reached while reconfiguring zone = {$cpzone} due to many passthrugh entries!"); + } + } + /* init ipfw rules */ captiveportal_init_rules(true); @@ -381,6 +389,8 @@ EOD; } } + /* XXX: Same as in rc.php_init_setup */ + set_time_limit(900); unlock($captiveportallck); return 0; @@ -474,6 +484,7 @@ function captiveportal_init_rules($reinit = false) { captiveportal_load_modules(); mwexec("/sbin/ipfw zone {$cpzoneid} create", true); + captiveportal_flush_dn_ruleno($cpzone); $cpips = array(); $ifaces = get_configured_interface_list(); @@ -1480,6 +1491,26 @@ function captiveportal_free_dn_ruleno($ruleno) { unlock($cpruleslck); } +/* + * To avoid allocating more ids than needed to a zone need + * to flush them before loading/creating new ruleset + */ +function captiveportal_flush_dn_ruleno($cpzone) { + global $config, $g; + + $cpruleslck = lock("captiveportalrulesdn", LOCK_EX); + if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) { + $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules")); + foreach ($rules as $idx => $zone) { + if ($zone == $cpzone) + $rules[$idx] = false; + } + file_put_contents("{$g['vardb_path']}/captiveportaldn.rules", serialize($rules)); + unset($rules); + } + unlock($cpruleslck); +} + function captiveportal_get_dn_passthru_ruleno($value) { global $config, $g, $cpzone, $cpzoneid; |