diff options
author | gnhb <gnoahb@gmail.com> | 2011-03-22 07:50:11 +0700 |
---|---|---|
committer | gnhb <gnoahb@gmail.com> | 2011-03-22 07:50:11 +0700 |
commit | fc2c320e2cddb09764f5fb34b5043452654520be (patch) | |
tree | edaf089816331d951d1b58d70e21b42dcd132cbf | |
parent | e4d40f41aafe00353c0069b457a0b1b0d6c20987 (diff) | |
parent | 7efd99722a4334586655f70132b2e86cd1e2b8c0 (diff) | |
download | pfsense-fc2c320e2cddb09764f5fb34b5043452654520be.zip pfsense-fc2c320e2cddb09764f5fb34b5043452654520be.tar.gz |
Merge branch 'master' of rcs.pfsense.org:pfsense/mainline
-rw-r--r-- | etc/inc/filter.inc | 2 | ||||
-rw-r--r-- | etc/inc/openvpn.inc | 9 | ||||
-rw-r--r-- | etc/inc/rrd.inc | 38 | ||||
-rw-r--r-- | etc/inc/shaper.inc | 6 | ||||
-rw-r--r-- | etc/inc/system.inc | 34 | ||||
-rwxr-xr-x | usr/local/www/services_captiveportal.php | 2 | ||||
-rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 23 |
7 files changed, 67 insertions, 47 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 8fd042f..41e3708 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1913,8 +1913,6 @@ function filter_generate_user_rule($rule) { $aline['flags'] .= "max-src-conn-rate " . $rule['max-src-conn-rate'] . " "; $aline['flags'] .= "/" . $rule['max-src-conn-rates'] . ", overload <virusprot> flush global "; } - if(!empty($aline['divert'])) - $aline['flags'] .= "max-packets 10 "; $aline['flags'] .= " ) "; } diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 08e5f92..8d71fd2 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -295,11 +295,11 @@ function openvpn_reconfigure($mode, $settings) { $vpnid = $settings['vpnid']; $mode_id = $mode.$vpnid; - if (isset($settings['dev_mode'])) - $tunname = "{$settings['dev_mode']}{$vpnid}"; + if (isset($settings['device_mode'])) + $tunname = "{$settings['device_mode']}{$vpnid}"; else { /* defaults to tun */ $tunname = "tun{$vpnid}"; - $settings['dev_mode'] = "tun"; + $settings['device_mode'] = "tun"; } if ($mode == "server") @@ -323,6 +323,7 @@ function openvpn_reconfigure($mode, $settings) { $pfile = $g['varrun_path'] . "/openvpn_{$mode_id}.pid"; $proto = ($settings['protocol'] == 'UDP' ? 'udp' : "tcp-{$mode}"); + $device_mode = $settings['device_mode']; $cipher = $settings['crypto']; $interface = $settings['interface']; @@ -340,7 +341,7 @@ function openvpn_reconfigure($mode, $settings) { } $conf = "dev {$devname}\n"; - $conf .= "dev-type {$settings['dev_mode']}\n"; + $conf .= "dev-type {$settings['device_mode']}\n"; $conf .= "dev-node /dev/{$tunname}\n"; $conf .= "writepid {$pfile}\n"; $conf .= "#user nobody\n"; diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc index c45e885..7b7db68 100644 --- a/etc/inc/rrd.inc +++ b/etc/inc/rrd.inc @@ -186,7 +186,7 @@ function enable_rrd_graphing() { $pfctl = "/sbin/pfctl"; $sysctl = "/sbin/sysctl"; $php = "/usr/local/bin/php"; - $top = "/usr/bin/top"; + $cpustats = "/usr/local/sbin/cpustats"; $spamd_gather = "/usr/local/bin/spamd_gather_stats.php"; $ifconfig = "/sbin/ifconfig"; $captiveportal_gather = "/usr/local/bin/captiveportal_gather_stats.php"; @@ -356,8 +356,8 @@ function enable_rrd_graphing() { $rrdupdatesh .= "\n"; $rrdupdatesh .= "# polling wireless for interface $ifname $realif \n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$wireless N:\\\n"; - $rrdupdatesh .= "`$ifconfig {$realif} list sta| $awk 'gsub(\"M\", \"\") {getline 2;print substr(\$5, 0, length(\$5)-2) \":\" $4 \":\" $3}'`\n"; + $rrdupdatesh .= "WIFI=`$ifconfig {$realif} list sta| $awk 'gsub(\"M\", \"\") {getline 2;print substr(\$5, 0, length(\$5)-2) \":\" $4 \":\" $3}'`\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$wireless N:${WIFI}\n"; } /* OpenVPN, set up the rrd file */ @@ -394,8 +394,8 @@ function enable_rrd_graphing() { $rrdupdatesh .= " sleep 0.2\n"; $rrdupdatesh .= " echo \"quit\"\n"; $rrdupdatesh .= "}\n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$vpnusers N:\\\n"; - $rrdupdatesh .= "`list_current_users | nc -U {$g['varetc_path']}/openvpn/server{$vpnid}.sock | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'` &\n"; + $rrdupdatesh .= "OVPN=`list_current_users | nc -U {$g['varetc_path']}/openvpn/server{$vpnid}.sock | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'` &\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$vpnusers N:\${OVPN}\n"; } /* QUEUES, set up the queues databases */ @@ -567,11 +567,10 @@ function enable_rrd_graphing() { } /* the CPU stats gathering function. */ - $rrdupdatesh .= "`$top -d 2 -s 1 0 | $awk '{gsub(/%/, \"\")} BEGIN { \\\n"; - $rrdupdatesh .= "printf \"$rrdtool update $rrddbpath$ifname$proc \" } \\\n"; - $rrdupdatesh .= "{ if ( \$2 == \"processes:\" ) { processes = \$1; } \\\n"; - $rrdupdatesh .= "else if ( \$1 == \"CPU:\" ) { user = \$2; nice = \$4; sys = \$6; interrupt = \$8; } \\\n"; - $rrdupdatesh .= "} END { printf \"N:\"user\":\"nice\":\"sys\":\"interrupt\":\"processes }'`\n\n"; + $rrdupdatesh .= "CPU=`$cpustats | cut -f1-4 -d':'`\n"; + /* Using ps uxaH will count all processes including system threads. Top was undercounting. */ + $rrdupdatesh .= "PROCS=`ps uxaH | wc -l | awk '{print \$1;}'`\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$proc N:\${CPU}:\${PROCS}\n"; /* End CPU statistics */ @@ -605,9 +604,10 @@ function enable_rrd_graphing() { } /* the Memory stats gathering function. */ - $rrdupdatesh .= "`$sysctl -n vm.stats.vm.v_page_count vm.stats.vm.v_active_count vm.stats.vm.v_inactive_count vm.stats.vm.v_free_count vm.stats.vm.v_cache_count vm.stats.vm.v_wire_count | "; - $rrdupdatesh .= " $awk '{getline active;getline inactive;getline free;getline cache;getline wire;printf \"$rrdtool update $rrddbpath$ifname$mem N:\""; - $rrdupdatesh .= "((active/$0) * 100)\":\"((inactive/$0) * 100)\":\"((free/$0) * 100)\":\"((cache/$0) * 100)\":\"(wire/$0 * 100)}'`\n\n"; + $rrdupdatesh .= "MEM=`$sysctl -n vm.stats.vm.v_page_count vm.stats.vm.v_active_count vm.stats.vm.v_inactive_count vm.stats.vm.v_free_count vm.stats.vm.v_cache_count vm.stats.vm.v_wire_count | "; + $rrdupdatesh .= " $awk '{getline active;getline inactive;getline free;getline cache;getline wire;printf "; + $rrdupdatesh .= "((active/$0) * 100)\":\"((inactive/$0) * 100)\":\"((free/$0) * 100)\":\"((cache/$0) * 100)\":\"(wire/$0 * 100)}'`\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$mem N:\${MEM}\n"; /* End Memory statistics */ @@ -705,8 +705,8 @@ function enable_rrd_graphing() { /* the Captive Portal stats gathering function. */ $rrdupdatesh .= "\n"; $rrdupdatesh .= "# polling Captive Portal for number of concurrent users\n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$captiveportalconcurrent \\\n"; - $rrdupdatesh .= "`$php -q $captiveportal_gather concurrent`\n"; + $rrdupdatesh .= "CP=`$php -q $captiveportal_gather concurrent`\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$captiveportalconcurrent \${CP}\n"; $ifname= "captiveportal"; if (!file_exists("$rrddbpath$ifname$captiveportalloggedin")) { @@ -740,8 +740,8 @@ function enable_rrd_graphing() { /* the Captive Portal stats gathering function. */ $rrdupdatesh .= "\n"; $rrdupdatesh .= "# polling Captive Portal for number of logged in users\n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$captiveportalloggedin \\\n"; - $rrdupdatesh .= "`$php -q $captiveportal_gather loggedin`\n"; + $rrdupdatesh .= "CP=`$php -q $captiveportal_gather loggedin`\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$captiveportalloggedin \${CP}\n"; $ifname= "captiveportal"; if (!file_exists("$rrddbpath$ifname$captiveportaltotalusers")) { @@ -775,8 +775,8 @@ function enable_rrd_graphing() { /* the Captive Portal stats gathering function. */ $rrdupdatesh .= "\n"; $rrdupdatesh .= "# polling Captive Portal for number of concurrent users\n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$captiveportaltotalusers \\\n"; - $rrdupdatesh .= "`$php -q $captiveportal_gather total`\n"; + $rrdupdatesh .= "CP=`$php -q $captiveportal_gather total`\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$captiveportaltotalusers \${CP}\n"; } diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index c56543a..4b24f9b 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -2770,8 +2770,10 @@ class dummynet_class { $reqdfieldsn[] = "Bandwidth"; $reqdfields[] = "bandwidthtype"; $reqdfieldsn[] = "Bandwidthtype"; - $reqdfields[] = "name"; - $reqdfieldsn[] = "Name"; + if (!empty($data['newname'])) { + $reqdfields[] = "newname"; + $reqdfieldsn[] = "Name"; + } shaper_do_input_validation($data, $reqdfields, $reqdfieldsn, $input_errors); diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 4a8214d..4821a8a 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -1147,22 +1147,13 @@ function system_timezone_configure() { function system_ntp_configure() { global $config, $g; - $syscfg =& $config['system']; - - /* open configuration for wrting or bail */ - $fd = fopen("{$g['varetc_path']}/ntpd.conf","w"); - if(!$fd) { - log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing"); - return; - } - - fwrite($fd, "# \n"); - fwrite($fd, "# pfSense OpenNTPD configuration file \n"); - fwrite($fd, "# \n\n"); + $ntpcfg = "# \n"; + $ntpcfg .= "# pfSense OpenNTPD configuration file \n"; + $ntpcfg .= "# \n\n"; /* foreach through servers and write out to ntpd.conf */ - foreach (explode(' ', $syscfg['timeservers']) as $ts) - fwrite($fd, "servers {$ts}\n"); + foreach (explode(' ', $config['system']['timeservers']) as $ts) + $ntpcfg .= "servers {$ts}\n"; /* Setup listener(s) if the user has configured one */ if ($config['installedpackages']['openntpd']) { @@ -1175,12 +1166,19 @@ function system_ntp_configure() { $ips = array_map('find_interface_ip', $ifaces); foreach ($ips as $ip) { if (is_ipaddr($ip)) - fwrite($fd, "listen on $ip\n"); + $ntpdcfg .= "listen on $ip\n"; } } } + $ntpdcfg .= "\n"; - fwrite($fd, "\n"); + /* open configuration for wrting or bail */ + $fd = fopen("{$g['varetc_path']}/ntpd.conf","w"); + if(!$fd) { + log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing"); + return; + } + fwrite($fd, $ntpcfg); /* slurp! */ fclose($fd); @@ -1208,13 +1206,11 @@ function system_ntp_configure() { function sync_system_time() { global $config, $g; - $syscfg = $config['system']; - if ($g['booting']) echo "Syncing system time before startup..."; /* foreach through servers and write out to ntpd.conf */ - foreach (explode(' ', $syscfg['timeservers']) as $ts) { + foreach (explode(' ', $config['system']['timeservers']) as $ts) { mwexec("/usr/sbin/ntpdate -s $ts"); } diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index faaeb37..24595da 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -614,7 +614,7 @@ value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td> } ?> </select><br/> - <?=gettext("Choose the ip to use for calling station attribute."); ?> + <?=gettext("Choose the IP to use for calling station attribute."); ?> </td> </tr> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 0f751e7..ef82716 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -91,6 +91,7 @@ if($_GET['act']=="new"){ $pconfig['tlsauth_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; $pconfig['dh_length'] = 1024; + $pconfig['device_mode'] = "tun"; $pconfig['interface'] = "wan"; $pconfig['local_port'] = openvpn_port_next('UDP'); $pconfig['pool_enable'] = "yes"; @@ -104,6 +105,7 @@ if($_GET['act']=="edit"){ $pconfig['mode'] = $a_server[$id]['mode']; $pconfig['protocol'] = $a_server[$id]['protocol']; $pconfig['authmode'] = $a_server[$id]['authmode']; + $pconfig['device_mode'] = $a_server[$id]['device_mode']; $pconfig['interface'] = $a_server[$id]['interface']; if (!empty($a_server[$id]['ipaddr'])) { $pconfig['interface'] = $pconfig['interface'] . '|' . $a_server[$id]['ipaddr']; @@ -304,6 +306,7 @@ if ($_POST) { if (!empty($pconfig['authmode'])) $server['authmode'] = implode(",", $pconfig['authmode']); $server['protocol'] = $pconfig['protocol']; + $server['device_mode'] = $pconfig['device_mode']; list($server['interface'], $server['ipaddr']) = explode ("|",$pconfig['interface']); $server['local_port'] = $pconfig['local_port']; $server['description'] = $pconfig['description']; @@ -663,6 +666,26 @@ if ($savemsg) </td> </tr> <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Device Mode"); ?></td> + <td width="78%" class="vtable"> + <select name="device_mode" class="formselect"> + <?php + foreach ($openvpn_dev_mode as $device): + $selected = ""; + if (! empty($pconfig['device_mode'])) { + if ($pconfig['device_mode'] == $device) + $selected = "selected"; + } else { + if ($device == "tun") + $selected = "selected"; + } + ?> + <option value="<?=$device;?>" <?=$selected;?>><?=$device;?></option> + <?php endforeach; ?> + </select> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td> <td width="78%" class="vtable"> <select name="interface" class="formselect"> |