diff options
author | Seth Mos <seth.mos@xs4all.nl> | 2009-01-15 09:00:30 +0000 |
---|---|---|
committer | Seth Mos <seth.mos@xs4all.nl> | 2009-01-15 09:00:30 +0000 |
commit | bf92bc791de6b04246c7a2f67945ce1412906d95 (patch) | |
tree | 7f0663d3aeeeb1773e9e6bb0127517d3310b2b11 /etc/inc/pfsense-utils.inc | |
parent | e07ff7c0a5872668da5a65d9c2b1cdedd64cb56d (diff) | |
download | pfsense-bf92bc791de6b04246c7a2f67945ce1412906d95.zip pfsense-bf92bc791de6b04246c7a2f67945ce1412906d95.tar.gz |
- Add proper support for using hostnames for the remote IPsec gateway.
- Make IPsec reloading granular, this resolves the long standing issue
that a IPsec reload will cause all tunnels to drop.
- Change IPsec edit screen description for remote gateway that a IP
address or hostname is allowed here. We already accepted hostnames
before.
- Add /etc/rc.newipsecdns, when a hostname changes IP we invoke this
script to remove the old tunnel and setup the new one.
Diffstat (limited to 'etc/inc/pfsense-utils.inc')
-rw-r--r-- | etc/inc/pfsense-utils.inc | 95 |
1 files changed, 94 insertions, 1 deletions
diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 56ab757..2794543 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1434,7 +1434,7 @@ function find_interface_ip($interface, $flush = false) { } function guess_interface_from_ip($ipaddress) { - $ret = exec_command("/usr/bin/netstat -rn | /usr/bin/awk '/^{$ipaddress}/ {print \$6}'"); + $ret = exec_command("/usr/bin/netstat -rn | /usr/bin/awk '/^{$ipaddress}/ {print $6}'"); if(empty($ret)) { return false; } @@ -3740,4 +3740,97 @@ function safe_write_file($file, $content, $force_binary) { return true; } +/* Write out all the found IP addresses to a file + * so we can compare it on change */ +function add_hostname_to_watch($hostname) { + if(!is_dir("/var/db/dnscache")) { + mkdir("/var/db/dnscache"); + } + if((is_fqdn($hostname)) && (!is_ipaddr($hostname))) { + $domrecords = array(); + $domips = array(); + exec("host -t A $hostname", $domrecords, $rethost); + if($rethost == 0) { + foreach($domrecords as $domr) { + $doml = explode(" ", $domr); + $domip = $doml[3]; + /* fill array with domain ip addresses */ + if(is_ipaddr($domip)) { + $domips[] = $domip; + } + } + } + sort($domips); + $contents = ""; + if(! empty($domips)) { + foreach($domips as $ip) { + $contents .= "$ip\n"; + } + } + file_put_contents("/var/db/dnscache/$hostname", $contents); + } +} + +/* Compare the current hostname DNS to the DNS cache we made + * if it has changed we return the old records + * if no change we return true */ +function compare_hostname_to_dnscache($hostname) { + if(!is_dir("/var/db/dnscache")) { + mkdir("/var/db/dnscache"); + } + $hostname = trim($hostname); + if(is_readable("/var/db/dnscache/{$hostname}")) { + $oldcontents = file_get_contents("/var/db/dnscache/{$hostname}"); + } else { + $oldcontents = ""; + } + if((is_fqdn($hostname)) && (!is_ipaddr($hostname))) { + $domrecords = array(); + $domips = array(); + exec("host -t A $hostname", $domrecords, $rethost); + if($rethost == 0) { + foreach($domrecords as $domr) { + $doml = explode(" ", $domr); + $domip = $doml[3]; + /* fill array with domain ip addresses */ + if(is_ipaddr($domip)) { + $domips[] = $domip; + } + } + } + sort($domips); + $contents = ""; + if(! empty($domips)) { + foreach($domips as $ip) { + $contents .= "$ip\n"; + } + } + } + + if(trim($oldcontents) != trim($contents)) { + log_error("DNSCACHE: Found old IP {$oldcontents} and new IP {$contents}"); + return ($oldcontents); + } else { + return false; + } +} + +function is_fqdn($fqdn) { + $hostname = false; + if(preg_match("/[-A-Z0-9\.]+\.[-A-Z0-9\.]+/i", $fqdn)) { + $hostname = true; + } + if(preg_match("/\.\./", $fqdn)) { + $hostname = false; + } + if(preg_match("/^\./i", $fqdn)) { + $hostname = false; + } + if(preg_match("/\//i", $fqdn)) { + $hostname = false; + } + return($hostname); +} + + ?> |