diff options
author | Jim P <jim@pingle.org> | 2012-09-22 18:46:43 -0700 |
---|---|---|
committer | Jim P <jim@pingle.org> | 2012-09-22 18:46:43 -0700 |
commit | 5dc66dffab931aaa9303ad76ec245cd7e9dd6c17 (patch) | |
tree | 81fcf03ebeec9420dc15915ba402081c3486d62a | |
parent | ea68f6cc92fb6167c084d6786984bdf35caef132 (diff) | |
parent | d41bb44745966a668f55d14e9bb53ebd22c4d91e (diff) | |
download | pfsense-5dc66dffab931aaa9303ad76ec245cd7e9dd6c17.zip pfsense-5dc66dffab931aaa9303ad76ec245cd7e9dd6c17.tar.gz |
Merge pull request #225 from PiBa-NL/master
Virtual IP Edit consistent options, "Sockets listening" page, openVPN allow change mode
-rw-r--r-- | etc/inc/openvpn.inc | 7 | ||||
-rw-r--r-- | usr/local/www/diag_sockets.php | 115 | ||||
-rwxr-xr-x | usr/local/www/fbegin.inc | 1 | ||||
-rwxr-xr-x | usr/local/www/firewall_virtual_ip_edit.php | 147 | ||||
-rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 3 |
5 files changed, 185 insertions, 88 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index bddb5c8..8416264 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -710,7 +710,12 @@ function openvpn_delete($mode, & $settings) { $vpnid = $settings['vpnid']; $mode_id = $mode.$vpnid; - $tunname = "tun{$vpnid}"; + if (isset($settings['dev_mode'])) + $tunname = "{$settings['dev_mode']}{$vpnid}"; + else { /* defaults to tun */ + $tunname = "tun{$vpnid}"; + } + if ($mode == "server") $devname = "ovpns{$vpnid}"; else diff --git a/usr/local/www/diag_sockets.php b/usr/local/www/diag_sockets.php new file mode 100644 index 0000000..3c81fc7 --- /dev/null +++ b/usr/local/www/diag_sockets.php @@ -0,0 +1,115 @@ +<?php
+
+/* $Id$ */
+/*
+ diag_sockets.php
+ Copyright (C) 2012
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+/*
+ pfSense_BUILDER_BINARIES: /usr/bin/sockstat
+*/
+##|+PRIV
+##|*IDENT=page-diagnostics-sockets
+##|*NAME=Diagnostics: Sockets page
+##|*DESCR=Allow access to the 'Diagnostics: Sockets' page.
+##|*MATCH=diag_sockets.php*
+##|-PRIV
+
+include('guiconfig.inc');
+
+$pgtitle = array(gettext("Diagnostics"),gettext("Sockets listening"));
+
+include('head.inc');
+
+?>
+<body link="#000000" vlink="#000000" alink="#000000">
+<?php include("fbegin.inc"); ?>
+
+<div id="mainarea">
+<table class="tabcont" style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0" border="1">
+ <tr><td colspan="2" class="listtopic" >Socket information explanation</td></tr>
+<tr><td colspan="2" class="">
+This page show the output for the commands: "sockstat -4lL" and "sockstat -6lL".<br/>
+The information listed for each socket is:<br/></td></tr>
+ <tr><td class="listlr">USER </td><td class="listr">The user who owns the socket.</td></tr>
+ <tr><td class="listlr">COMMAND </td><td class="listr">The command which holds the socket.</td></tr>
+ <tr><td class="listlr">PID </td><td class="listr">The process ID of the command which holds the socket.</td></tr>
+ <tr><td class="listlr">FD </td><td class="listr">The file descriptor number of the socket.</td></tr>
+ <tr><td class="listlr">PROTO </td><td class="listr">The transport protocol associated with the socket for Internet sockets, or the type of socket (stream or data-gram) for UNIX sockets.</td></tr>
+ <tr><td class="listlr">ADDRESS </td><td class="listr">(UNIX sockets only) For bound sockets, this is the file-name of the socket. For other sockets, it is the name, PID and file descriptor number of the peer, or ``(none)'' if the socket is neither bound nor connected.</td></tr>
+ <tr><td class="listlr">LOCAL ADDRESS </td><td class="listr">(Internet sockets only) The address the local end of the socket is bound to (see getsockname(2)).</td></tr>
+ <tr><td class="listlr">FOREIGN ADDRESS </td><td class="listr">(Internet sockets only) The address the foreign end of the socket is bound to (see getpeername(2)).</td></tr>
+</table>
+<?php
+
+ $internet4 = shell_exec('sockstat -4lL');
+ $internet6 = shell_exec('sockstat -6lL');
+
+ foreach (array(&$internet4, &$internet6) as $tabindex => $table) {
+ $elements = ($tabindex == 0 ? 7 : 7);
+ $name = ($tabindex == 0 ? 'IPv4' : 'IPv6');
+?>
+<br/>
+<table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td class="listtopic" colspan="<?=$elements?>"><strong><?=$name;?></strong></font></td></tr>
+<tr><td>
+<table class="tabcont sortable" id="sortabletable" width="100%" cellspacing="0" cellpadding="6" border="0">
+<?php
+ foreach (explode("\n", $table) as $i => $line) {
+ if ($i == 0)
+ $class = 'listhdrr';
+ else
+ $class = 'listlr';
+
+ if (trim($line) == "")
+ continue;
+ print("<tr id=\"$i\">\n");
+ $j = 0;
+ foreach (explode(' ', $line) as $entry) {
+ if ($entry == '' || $entry == "ADDRESS") continue;
+ if ($i == 0)
+ print("<th class=\"$class\">$entry</th>\n");
+ else
+ print("<td class=\"$class\">$entry</td>\n");
+ if ($i > 0)
+ $class = 'listr';
+ $j++;
+ }
+ print("</tr>\n");
+ }?>
+</table>
+</td></tr></table>
+<?php
+ }
+?>
+</table>
+
+</div>
+
+<?php
+include('fend.inc');
+?>
diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index bb11869..17c3185 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -229,6 +229,7 @@ $diagnostics_menu[] = array(gettext("pfTop"), "/diag_system_pftop.php"); $diagnostics_menu[] = array(gettext("Reboot"), "/reboot.php"); $diagnostics_menu[] = array(gettext("Routes"), "/diag_routes.php"); $diagnostics_menu[] = array(gettext("SMART Status"), "/diag_smart.php"); +$diagnostics_menu[] = array(gettext("Sockets listening"), "/diag_sockets.php" ); $diagnostics_menu[] = array(gettext("States"), "/diag_dump_states.php"); $diagnostics_menu[] = array(gettext("States Summary"), "/diag_states_summary.php"); $diagnostics_menu[] = array(gettext("System Activity"), "/diag_system_activity.php"); diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index f91fa79..6b7d6ef 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -276,97 +276,71 @@ function get_radio_value(obj) } return null; } -function enable_change(enable_over) { - var note = document.getElementById("typenote"); - var carpnote = document.createTextNode("<?=gettext("This must be the network's subnet mask. It does not specify a CIDR range.");?>"); - var proxyarpnote = document.createTextNode("<?=gettext("This is a CIDR block of proxy ARP addresses.");?>"); - var ipaliasnote = document.createTextNode("<?=gettext("This must be the network's subnet mask. It does not specify a CIDR range.");?>"); - if ((get_radio_value(document.iform.mode) == "carp") || enable_over) { - document.iform.vhid.disabled = 0; - document.iform.password.disabled = 0; - document.iform.advskew.disabled = 0; - document.iform.advbase.disabled = 0; - document.iform.type.disabled = 1; - document.iform.subnet_bits.disabled = 0; +function set_note(noteMessage){ + var note = document.getElementById("typenote"); + if (note.firstChild != null) + note.removeChild(note.firstChild); + if (noteMessage) + note.appendChild(noteMessage); +} +function enable_change() { + var carpnote = document.createTextNode("<?=gettext("This must be the network's subnet mask. It does not specify a CIDR range.");?>"); + var proxyarpnote = document.createTextNode("<?=gettext("This is a CIDR block of proxy ARP addresses.");?>"); + var ipaliasnote = document.createTextNode("<?=gettext("This must be the network's subnet mask. It does not specify a CIDR range.");?>"); + + $mode = get_radio_value(document.iform.mode); + + document.iform.password.disabled = $mode != "carp"; + document.iform.vhid.disabled = $mode != "carp"; + document.iform.advskew.disabled = $mode != "carp"; + document.iform.advbase.disabled = $mode != "carp"; + document.iform.type.disabled = $mode in {"carp":1,"ipalias":1}; + + if ($mode in {"carp":1,"ipalias":1}) + document.iform.type.selectedIndex = 0;// single-adress + switch($mode) + { + case "carp" : set_note(carpnote); break; + case "ipalias" : set_note(ipaliasnote); break; + case "proxyarp": set_note(proxyarpnote); break; + default: set_note(undefined); + } + typesel_change(); +} + +function typesel_change() { + switch (document.iform.type.selectedIndex) { + case 0: // single document.iform.subnet.disabled = 0; + document.iform.subnet_bits.disabled = (get_radio_value(document.iform.mode) == "proxyarp") || (get_radio_value(document.iform.mode) == "other"); document.iform.noexpand.disabled = 1; jQuery('#noexpandrow').css('display','none'); - if (note.firstChild == null) { - note.appendChild(carpnote); - } else { - note.removeChild(note.firstChild); - note.appendChild(carpnote); - } - } else { - document.iform.vhid.disabled = 1; - document.iform.password.disabled = 1; - document.iform.advskew.disabled = 1; - document.iform.advbase.disabled = 1; - document.iform.type.disabled = 0; - document.iform.subnet_bits.disabled = 1; + break; + case 1: // network document.iform.subnet.disabled = 0; + document.iform.subnet_bits.disabled = 0; document.iform.noexpand.disabled = 0; jQuery('#noexpandrow').css('display',''); - if (note.firstChild == null) { - note.appendChild(proxyarpnote); - } else { - note.removeChild(note.firstChild); - note.appendChild(proxyarpnote); - } - } - if (get_radio_value(document.iform.mode) == "other") { - document.iform.type.disabled = 1; - if (note.firstChild != null) { - note.removeChild(note.firstChild); - } - document.iform.subnet.disabled = 0; + //document.iform.range_from.disabled = 1; + //document.iform.range_to.disabled = 1; + break; + case 2: // range + document.iform.subnet.disabled = 1; + document.iform.subnet_bits.disabled = 1; document.iform.noexpand.disabled = 1; jQuery('#noexpandrow').css('display','none'); - } - if (get_radio_value(document.iform.mode) == "ipalias") { - document.iform.type.disabled = 1; - note.removeChild(note.firstChild); - note.appendChild(ipaliasnote); + //document.iform.range_from.disabled = 0; + //document.iform.range_to.disabled = 0; + break; + case 3: // IP alias + document.iform.subnet.disabled = 1; document.iform.subnet_bits.disabled = 0; - document.iform.subnet.disabled = 0; document.iform.noexpand.disabled = 1; jQuery('#noexpandrow').css('display','none'); + //document.iform.range_from.disabled = 0; + //document.iform.range_to.disabled = 0; + break; } - typesel_change(); -} -function typesel_change() { - switch (document.iform.type.selectedIndex) { - case 0: // single - document.iform.subnet.disabled = 0; - if((get_radio_value(document.iform.mode) == "proxyarp")) document.iform.subnet_bits.disabled = 1; - document.iform.noexpand.disabled = 1; - jQuery('#noexpandrow').css('display','none'); - break; - case 1: // network - document.iform.subnet.disabled = 0; - document.iform.subnet_bits.disabled = 0; - document.iform.noexpand.disabled = 0; - jQuery('#noexpandrow').css('display',''); - //document.iform.range_from.disabled = 1; - //document.iform.range_to.disabled = 1; - break; - case 2: // range - document.iform.subnet.disabled = 1; - document.iform.subnet_bits.disabled = 1; - document.iform.noexpand.disabled = 1; - jQuery('#noexpandrow').css('display','none'); - //document.iform.range_from.disabled = 0; - //document.iform.range_to.disabled = 0; - break; - case 3: // IP alias - document.iform.subnet.disabled = 1; - document.iform.subnet_bits.disabled = 0; - document.iform.noexpand.disabled = 1; - jQuery('#noexpandrow').css('display','none'); - //document.iform.range_from.disabled = 0; - //document.iform.range_to.disabled = 0; - break; - } } //--> </script> @@ -380,14 +354,14 @@ function typesel_change() { <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Type");?></td> <td width="78%" class="vtable"> - <input name="mode" type="radio" onclick="enable_change(false)" value="proxyarp" - <?php if ($pconfig['mode'] == "proxyarp" || $pconfig['type'] != "carp") echo "checked";?>> <?=gettext("Proxy ARP"); ?> - <input name="mode" type="radio" onclick="enable_change(false)" value="carp" + <input name="mode" type="radio" onclick="enable_change()" value="ipalias" + <?php if ($pconfig['mode'] == "ipalias") echo "checked";?>> <?=gettext("IP Alias");?> + <input name="mode" type="radio" onclick="enable_change()" value="carp" <?php if ($pconfig['mode'] == "carp") echo "checked";?>> <?=gettext("CARP"); ?> - <input name="mode" type="radio" onclick="enable_change(false)" value="other" + <input name="mode" type="radio" onclick="enable_change()" value="proxyarp" + <?php if ($pconfig['mode'] == "proxyarp" || $pconfig['type'] != "carp") echo "checked";?>> <?=gettext("Proxy ARP"); ?> + <input name="mode" type="radio" onclick="enable_change()" value="other" <?php if ($pconfig['mode'] == "other") echo "checked";?>> <?=gettext("Other");?> - <input name="mode" type="radio" onclick="enable_change(false)" value="ipalias" - <?php if ($pconfig['mode'] == "ipalias") echo "checked";?>> <?=gettext("IP Alias");?> </td> </tr> <tr> @@ -526,8 +500,7 @@ function typesel_change() { </form> <script language="JavaScript"> <!-- -enable_change(false); -typesel_change(); +enable_change(); //--> </script> <?php include("fend.inc"); ?> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 02d530d..d098f43 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -202,6 +202,9 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; + if ($pconfig['dev_mode'] <> $a_server[$id]['dev_mode']) + openvpn_delete('server', $a_server[$id]);// delete(rename) interface so a new TUN or TAP interface can be created. + if (isset($id) && $a_server[$id]) $vpnid = $a_server[$id]['vpnid']; else |