diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2013-05-27 10:17:46 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2013-05-27 10:17:54 -0300 |
| commit | e47d24e46a7357ee598f1c6ae8a023127ed9493f (patch) | |
| tree | 3e96380e470c30b07116e7b5ea872e6fff57ef36 /etc/inc/system.inc | |
| parent | 1901463cfc3151628deb9784bda5b6c6a45d7d9e (diff) | |
| download | pfsense-e47d24e46a7357ee598f1c6ae8a023127ed9493f.zip pfsense-e47d24e46a7357ee598f1c6ae8a023127ed9493f.tar.gz | |
Fixes to get routes + dns working:
. Simplify code using new parameter of get_staticroutes()
. Check for subnets instead of ip addrs
. Avoid touch filterdns when we are just updating dns
Diffstat (limited to 'etc/inc/system.inc')
| -rw-r--r-- | etc/inc/system.inc | 123 |
1 files changed, 58 insertions, 65 deletions
diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 3212bad..8e59af4 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -458,7 +458,7 @@ function system_staticroutes_configure($interface = "", $update_dns = false) { $filterdns_list = array(); - $static_routes = get_staticroutes(); + $static_routes = get_staticroutes(false, true); if (count($static_routes)) { $gateways_arr = return_gateways_array(false, true); @@ -478,87 +478,80 @@ function system_staticroutes_configure($interface = "", $update_dns = false) { if (!strcasecmp("Null", substr($rtent['gateway'], 0, 3))) $blackhole = "-blackhole"; - $targets = array(); - if (is_alias($rtent['network'])) { - if (alias_get_type($rtent['network'] != "host")) - continue; - if (!isset($aliastable[$rtent['network']])) - continue; - $targets = preg_split('/\s+/', $aliastable[$rtent['network']]); - } else if (is_fqdn($rtent['network']) || is_ipaddr($rtent['network'])) { - $targets[] = $rtent['network']; - } else { + if (!is_fqdn($rtent['network']) && !is_subnet($rtent['network'])) continue; - } - foreach ($targets as $target) { - if(isset($rtent['disabled'])) { - if (!is_ipaddr($target)) { - $target = resolve_retry($target); - if (!is_ipaddr($target)) - continue; - } - /* XXX: This is a bit dangerous in case of routing daemons!? */ - mwexec("/sbin/route delete " . escapeshellarg($target), true); + $dnscache = array(); + if ($update_dns === true) { + if (is_subnet($rtent['network'])) continue; - } + $dnscache = explode("\n", trim(compare_hostname_to_dnscache($rtent['network']))); + if (empty($dnscache)) + continue; + } - $dnscache = array(); - if ($update_dns === true) { - if (is_ipaddr($target)) - continue; - $dnscache = explode("\n", trim(compare_hostname_to_dnscache($target))); - if (empty($dnscache)) - continue; - } + if (is_subnet($rtent['network'])) + $ips = array($rtent['network']); + else { + if (!isset($rtent['disabled'])) + $filterdns_list[] = $rtent['network']; + $ips = add_hostname_to_watch($rtent['network']); + } - if (is_ipaddr($target)) - $ips = array($target); - else { - $filterdns_list[] = $target; - $ips = add_hostname_to_watch($target); - } + foreach ($dnscache as $ip) { + if (in_array($ip, $ips)) + continue; + mwexec("/sbin/route delete " . escapeshellarg($ip), true); + } - foreach ($dnscache as $ip) { - if (in_array($ip, $ips)) - continue; + if (isset($rtent['disabled'])) { + /* XXX: This is a bit dangerous in case of routing daemons!? */ + foreach ($ips as $ip) mwexec("/sbin/route delete " . escapeshellarg($ip), true); - } + continue; + } - foreach ($ips as $ip) { - $inet = (is_subnetv6($ip) ? "-inet6" : "-inet"); + foreach ($ips as $ip) { + if (is_ipaddrv4($ip)) + $ip .= "/32"; + else if (is_ipaddrv6($ip)) + $ip .= "/128"; - $cmd = "/sbin/route change {$inet} {$blackhole} " . escapeshellarg($ip) . " "; + $inet = (is_subnetv6($ip) ? "-inet6" : "-inet"); - if (is_subnet($ip)) - if (is_ipaddr($gatewayip)) - mwexec($cmd . escapeshellarg($gatewayip)); - else if (!empty($interfacegw)) - mwexec($cmd . "-iface " . escapeshellarg($interfacegw)); - } + $cmd = "/sbin/route change {$inet} {$blackhole} " . escapeshellarg($ip) . " "; + + if (is_subnet($ip)) + if (is_ipaddr($gatewayip)) + mwexec($cmd . escapeshellarg($gatewayip)); + else if (!empty($interfacegw)) + mwexec($cmd . "-iface " . escapeshellarg($interfacegw)); } } unset($gateways_arr); } unset($static_routes); - if (count($filterdns_list)) { - $interval = 60; - $hostnames = ""; - array_unique($filterdns_list); - foreach ($filterdns_list as $hostname) - $hostnames .= "cmd {$hostname} '/usr/local/sbin/pfSctl -c \"service reload routedns\"'\n"; - file_put_contents("{$g['varetc_path']}/filterdns-route.hosts", $hostnames); - unset($hostnames); - - if (isvalidpid("{$g['varrun_path']}/filterdns-route.pid")) - sigkillbypid("{$g['varrun_path']}/filterdns-route.pid", "HUP"); - else - mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns-route.pid -i {$interval} -c {$g['varetc_path']}/filterdns-route.hosts -d 1"); - } else { - killbypid("{$g['varrun_path']}/filterdns-route.pid"); - @unlink("{$g['varrun_path']}/filterdns-route.pid"); + if ($update_dns === false) { + if (count($filterdns_list)) { + $interval = 60; + $hostnames = ""; + array_unique($filterdns_list); + foreach ($filterdns_list as $hostname) + $hostnames .= "cmd {$hostname} '/usr/local/sbin/pfSctl -c \"service reload routedns\"'\n"; + file_put_contents("{$g['varetc_path']}/filterdns-route.hosts", $hostnames); + unset($hostnames); + + if (isvalidpid("{$g['varrun_path']}/filterdns-route.pid")) + sigkillbypid("{$g['varrun_path']}/filterdns-route.pid", "HUP"); + else + mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns-route.pid -i {$interval} -c {$g['varetc_path']}/filterdns-route.hosts -d 1"); + } else { + killbypid("{$g['varrun_path']}/filterdns-route.pid"); + @unlink("{$g['varrun_path']}/filterdns-route.pid"); + } } + unset($filterdns_list); return 0; } |
