Merge pull request #225 from PiBa-NL/master

Virtual IP Edit consistent options, "Sockets listening" page, openVPN allow change mode
author: Jim P <jim@pingle.org> 2012-09-22 18:46:43 -0700
committer: Jim P <jim@pingle.org> 2012-09-22 18:46:43 -0700
commit: 5dc66dffab931aaa9303ad76ec245cd7e9dd6c17 (patch)
tree: 81fcf03ebeec9420dc15915ba402081c3486d62a
parent: ea68f6cc92fb6167c084d6786984bdf35caef132 (diff)
parent: d41bb44745966a668f55d14e9bb53ebd22c4d91e (diff)
download: pfsense-5dc66dffab931aaa9303ad76ec245cd7e9dd6c17.zip
pfsense-5dc66dffab931aaa9303ad76ec245cd7e9dd6c17.tar.gz
5 files changed, 185 insertions, 88 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index bddb5c8..8416264 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -710,7 +710,12 @@ function openvpn_delete($mode, & $settings) {
 	$vpnid = $settings['vpnid'];
 	$mode_id = $mode.$vpnid;
 
-	$tunname = "tun{$vpnid}";
+	if (isset($settings['dev_mode']))
+		$tunname = "{$settings['dev_mode']}{$vpnid}";
+	else {	/* defaults to tun */
+		$tunname = "tun{$vpnid}";
+	}
+
 	if ($mode == "server")
 		$devname = "ovpns{$vpnid}";
 	else
diff --git a/usr/local/www/diag_sockets.php b/usr/local/www/diag_sockets.php
new file mode 100644
index 0000000..3c81fc7
--- /dev/null
+++ b/usr/local/www/diag_sockets.php
@@ -0,0 +1,115 @@
+<?php
+
+/* $Id$ */
+/*
+	diag_sockets.php
+	Copyright (C) 2012
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	notice, this list of conditions and the following disclaimer in the
+	documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+/*
+	pfSense_BUILDER_BINARIES:	/usr/bin/sockstat	
+*/
+##|+PRIV
+##|*IDENT=page-diagnostics-sockets
+##|*NAME=Diagnostics: Sockets page
+##|*DESCR=Allow access to the 'Diagnostics: Sockets' page.
+##|*MATCH=diag_sockets.php*
+##|-PRIV
+
+include('guiconfig.inc');
+
+$pgtitle = array(gettext("Diagnostics"),gettext("Sockets listening"));
+
+include('head.inc');
+
+?>
+<body link="#000000" vlink="#000000" alink="#000000">
+<?php include("fbegin.inc"); ?>
+
+<div id="mainarea">
+<table class="tabcont" style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0" border="1">
+	<tr><td colspan="2" class="listtopic" >Socket information explanation</td></tr>
+<tr><td colspan="2"  class="">
+This page show the output for the commands: "sockstat -4lL" and "sockstat -6lL".<br/>
+The information listed for each socket is:<br/></td></tr>
+	<tr><td class="listlr">USER	      </td><td class="listr">The user who owns the socket.</td></tr>
+	<tr><td class="listlr">COMMAND	      </td><td class="listr">The command which holds the socket.</td></tr>
+	<tr><td class="listlr">PID	      </td><td class="listr">The process ID of the command which holds the socket.</td></tr>
+	<tr><td class="listlr">FD 	      </td><td class="listr">The file descriptor number of the socket.</td></tr>
+	<tr><td class="listlr">PROTO	      </td><td class="listr">The transport protocol associated with the socket for Internet sockets, or the type of socket (stream or data-gram) for UNIX sockets.</td></tr>
+	<tr><td class="listlr">ADDRESS	      </td><td class="listr">(UNIX sockets only) For bound sockets, this is the file-name of the socket.  For other sockets, it is the name, PID and file descriptor number of the peer, or ``(none)'' if the socket is neither bound nor connected.</td></tr>
+	<tr><td class="listlr">LOCAL ADDRESS    </td><td class="listr">(Internet sockets only) The address the local end of the socket is bound to (see getsockname(2)).</td></tr>
+	<tr><td class="listlr">FOREIGN ADDRESS  </td><td class="listr">(Internet sockets only) The address the foreign end of the socket is bound to (see getpeername(2)).</td></tr>
+</table>
+<?php
+
+	$internet4 = shell_exec('sockstat -4lL');
+	$internet6 = shell_exec('sockstat -6lL');
+
+	foreach (array(&$internet4, &$internet6) as $tabindex => $table) {
+		$elements = ($tabindex == 0 ? 7 : 7);
+		$name = ($tabindex == 0 ? 'IPv4' : 'IPv6');
+?>
+<br/>
+<table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td class="listtopic" colspan="<?=$elements?>"><strong><?=$name;?></strong></font></td></tr>
+<tr><td>
+<table class="tabcont sortable" id="sortabletable" width="100%" cellspacing="0" cellpadding="6" border="0">
+<?php
+		foreach (explode("\n", $table) as $i => $line) {
+			if ($i == 0)
+				$class = 'listhdrr';
+			else
+				$class = 'listlr';
+
+			if (trim($line) == "")
+				continue;
+			print("<tr id=\"$i\">\n");
+			$j = 0;
+			foreach (explode(' ', $line) as $entry) {
+				if ($entry == '' || $entry == "ADDRESS") continue;
+				if ($i == 0)
+					print("<th class=\"$class\">$entry</th>\n");
+				else		
+					print("<td class=\"$class\">$entry</td>\n");
+				if ($i > 0)
+					$class = 'listr';
+				$j++;
+			}
+			print("</tr>\n");			
+		}?>
+</table>
+</td></tr></table>
+<?php
+	} 
+?>
+</table>
+
+</div>
+
+<?php
+include('fend.inc');
+?>
diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc
index bb11869..17c3185 100755
--- a/usr/local/www/fbegin.inc
+++ b/usr/local/www/fbegin.inc
@@ -229,6 +229,7 @@ $diagnostics_menu[] = array(gettext("pfTop"), "/diag_system_pftop.php");
 $diagnostics_menu[] = array(gettext("Reboot"), "/reboot.php");
 $diagnostics_menu[] = array(gettext("Routes"), "/diag_routes.php");
 $diagnostics_menu[] = array(gettext("SMART Status"), "/diag_smart.php");
+$diagnostics_menu[] = array(gettext("Sockets listening"), "/diag_sockets.php" );
 $diagnostics_menu[] = array(gettext("States"), "/diag_dump_states.php");
 $diagnostics_menu[] = array(gettext("States Summary"), "/diag_states_summary.php");
 $diagnostics_menu[] = array(gettext("System Activity"), "/diag_system_activity.php");
diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php
index f91fa79..6b7d6ef 100755
--- a/usr/local/www/firewall_virtual_ip_edit.php
+++ b/usr/local/www/firewall_virtual_ip_edit.php
@@ -276,97 +276,71 @@ function get_radio_value(obj)
         }
         return null;
 }
-function enable_change(enable_over) {
-		var note = document.getElementById("typenote");
-		var carpnote = document.createTextNode("<?=gettext("This must be the network's subnet mask. It does not specify a CIDR range.");?>");
-		var proxyarpnote = document.createTextNode("<?=gettext("This is a CIDR block of proxy ARP addresses.");?>");
-		var ipaliasnote = document.createTextNode("<?=gettext("This must be the network's subnet mask. It does not specify a CIDR range.");?>");
-        if ((get_radio_value(document.iform.mode) == "carp") || enable_over) {
-                document.iform.vhid.disabled = 0;
-                document.iform.password.disabled = 0;
-                document.iform.advskew.disabled = 0;
-                document.iform.advbase.disabled = 0;
-                document.iform.type.disabled = 1;
-                document.iform.subnet_bits.disabled = 0;
+function set_note(noteMessage){
+	var note = document.getElementById("typenote");
+	if (note.firstChild != null)
+		note.removeChild(note.firstChild);
+	if (noteMessage)
+		note.appendChild(noteMessage);
+}
+function enable_change() {
+	var carpnote     = document.createTextNode("<?=gettext("This must be the network's subnet mask. It does not specify a CIDR range.");?>");
+	var proxyarpnote = document.createTextNode("<?=gettext("This is a CIDR block of proxy ARP addresses.");?>");
+	var ipaliasnote  = document.createTextNode("<?=gettext("This must be the network's subnet mask. It does not specify a CIDR range.");?>");
+	
+	$mode = get_radio_value(document.iform.mode);
+	
+	document.iform.password.disabled = $mode != "carp";
+	document.iform.vhid.disabled     = $mode != "carp";
+	document.iform.advskew.disabled  = $mode != "carp";
+	document.iform.advbase.disabled  = $mode != "carp";
+	document.iform.type.disabled     = $mode in {"carp":1,"ipalias":1};
+	
+	if ($mode in {"carp":1,"ipalias":1})
+		document.iform.type.selectedIndex = 0;// single-adress
+	switch($mode)
+	{
+		case "carp"    : set_note(carpnote);		break;
+		case "ipalias" : set_note(ipaliasnote);		break;
+		case "proxyarp": set_note(proxyarpnote);	break;
+		default: set_note(undefined);
+	}
+	typesel_change();
+}
+
+function typesel_change() {
+	switch (document.iform.type.selectedIndex) {
+	case 0: // single
 		document.iform.subnet.disabled = 0;
+		document.iform.subnet_bits.disabled = (get_radio_value(document.iform.mode) == "proxyarp") || (get_radio_value(document.iform.mode) == "other");
 		document.iform.noexpand.disabled = 1;
 		jQuery('#noexpandrow').css('display','none');
-		if (note.firstChild == null) {
-			note.appendChild(carpnote);
-		} else {
-			note.removeChild(note.firstChild);
-			note.appendChild(carpnote);
-		}
-        } else {
-                document.iform.vhid.disabled = 1;
-                document.iform.password.disabled = 1;
-                document.iform.advskew.disabled = 1;
-                document.iform.advbase.disabled = 1;
-                document.iform.type.disabled = 0;
-                document.iform.subnet_bits.disabled = 1;
+		break;
+	case 1: // network
 		document.iform.subnet.disabled = 0;
+		document.iform.subnet_bits.disabled = 0;
 		document.iform.noexpand.disabled = 0;
 		jQuery('#noexpandrow').css('display','');
-		if (note.firstChild == null) {
-			note.appendChild(proxyarpnote);
-		} else {
-			note.removeChild(note.firstChild);
-			note.appendChild(proxyarpnote);
-		}
-        }
-	if (get_radio_value(document.iform.mode) == "other") {
-		document.iform.type.disabled = 1;
-		if (note.firstChild != null) {
-			note.removeChild(note.firstChild);
-		}
-		document.iform.subnet.disabled = 0;
+		//document.iform.range_from.disabled = 1;
+		//document.iform.range_to.disabled = 1;
+		break;
+	case 2: // range
+		document.iform.subnet.disabled = 1;
+		document.iform.subnet_bits.disabled = 1;
 		document.iform.noexpand.disabled = 1;
 		jQuery('#noexpandrow').css('display','none');
-	}
-	if (get_radio_value(document.iform.mode) == "ipalias") {
-		document.iform.type.disabled = 1;
-		note.removeChild(note.firstChild);
-		note.appendChild(ipaliasnote);
+		//document.iform.range_from.disabled = 0;
+		//document.iform.range_to.disabled = 0;
+		break;
+	case 3: // IP alias
+		document.iform.subnet.disabled = 1;
 		document.iform.subnet_bits.disabled = 0;
-		document.iform.subnet.disabled = 0;		
 		document.iform.noexpand.disabled = 1;
 		jQuery('#noexpandrow').css('display','none');
+		//document.iform.range_from.disabled = 0;
+		//document.iform.range_to.disabled = 0;
+		break;
 	}
-	typesel_change();
-}
-function typesel_change() {
-    switch (document.iform.type.selectedIndex) {
-        case 0: // single
-            document.iform.subnet.disabled = 0;
-            if((get_radio_value(document.iform.mode) == "proxyarp")) document.iform.subnet_bits.disabled = 1;
-	    document.iform.noexpand.disabled = 1;
-	    jQuery('#noexpandrow').css('display','none');
-            break;
-        case 1: // network
-            document.iform.subnet.disabled = 0;
-            document.iform.subnet_bits.disabled = 0;
-	    document.iform.noexpand.disabled = 0;
-	    jQuery('#noexpandrow').css('display','');
-            //document.iform.range_from.disabled = 1;
-            //document.iform.range_to.disabled = 1;
-            break;
-        case 2: // range
-            document.iform.subnet.disabled = 1;
-            document.iform.subnet_bits.disabled = 1;
-	    document.iform.noexpand.disabled = 1;
-	    jQuery('#noexpandrow').css('display','none');
-            //document.iform.range_from.disabled = 0;
-            //document.iform.range_to.disabled = 0;
-            break;
-	case 3: // IP alias
-            document.iform.subnet.disabled = 1;
-            document.iform.subnet_bits.disabled = 0;
-	    document.iform.noexpand.disabled = 1;
-	    jQuery('#noexpandrow').css('display','none');
-            //document.iform.range_from.disabled = 0;
-            //document.iform.range_to.disabled = 0;
-            break;
-    }
 }
 //-->
 </script>
@@ -380,14 +354,14 @@ function typesel_change() {
                 <tr>
 		  		  <td width="22%" valign="top" class="vncellreq"><?=gettext("Type");?></td>
                   <td width="78%" class="vtable">
-                    <input name="mode" type="radio" onclick="enable_change(false)" value="proxyarp"
-					<?php if ($pconfig['mode'] == "proxyarp" || $pconfig['type'] != "carp") echo "checked";?>> <?=gettext("Proxy ARP"); ?>
-					<input name="mode" type="radio" onclick="enable_change(false)" value="carp"
+					<input name="mode" type="radio" onclick="enable_change()" value="ipalias"
+					<?php if ($pconfig['mode'] == "ipalias") echo "checked";?>> <?=gettext("IP Alias");?>
+					<input name="mode" type="radio" onclick="enable_change()" value="carp"
 					<?php if ($pconfig['mode'] == "carp") echo "checked";?>> <?=gettext("CARP"); ?>
-					<input name="mode" type="radio" onclick="enable_change(false)" value="other"
+                    <input name="mode" type="radio" onclick="enable_change()" value="proxyarp"
+					<?php if ($pconfig['mode'] == "proxyarp" || $pconfig['type'] != "carp") echo "checked";?>> <?=gettext("Proxy ARP"); ?>
+					<input name="mode" type="radio" onclick="enable_change()" value="other"
 					<?php if ($pconfig['mode'] == "other") echo "checked";?>> <?=gettext("Other");?>
-					<input name="mode" type="radio" onclick="enable_change(false)" value="ipalias"
-					<?php if ($pconfig['mode'] == "ipalias") echo "checked";?>> <?=gettext("IP Alias");?>
 				  </td>
 				</tr>
 				<tr>
@@ -526,8 +500,7 @@ function typesel_change() {
 </form>
 <script language="JavaScript">
 <!--
-enable_change(false);
-typesel_change();
+enable_change();
 //-->
 </script>
 <?php include("fend.inc"); ?>
diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php
index 02d530d..d098f43 100644
--- a/usr/local/www/vpn_openvpn_server.php
+++ b/usr/local/www/vpn_openvpn_server.php
@@ -202,6 +202,9 @@ if ($_POST) {
 	unset($input_errors);
 	$pconfig = $_POST;
 
+	if ($pconfig['dev_mode'] <> $a_server[$id]['dev_mode'])
+		openvpn_delete('server', $a_server[$id]);// delete(rename) interface so a new TUN or TAP interface can be created.
+
 	if (isset($id) && $a_server[$id])
 		$vpnid = $a_server[$id]['vpnid'];
 	else
author	Jim P <jim@pingle.org>	2012-09-22 18:46:43 -0700
committer	Jim P <jim@pingle.org>	2012-09-22 18:46:43 -0700
commit	5dc66dffab931aaa9303ad76ec245cd7e9dd6c17 (patch)
tree	81fcf03ebeec9420dc15915ba402081c3486d62a
parent	ea68f6cc92fb6167c084d6786984bdf35caef132 (diff)
parent	d41bb44745966a668f55d14e9bb53ebd22c4d91e (diff)
download	pfsense-5dc66dffab931aaa9303ad76ec245cd7e9dd6c17.zip pfsense-5dc66dffab931aaa9303ad76ec245cd7e9dd6c17.tar.gz