* Do not restart ipfw-classifyd on every iteration just send a signal to reload the config. This way no data is lost

* Some cleanups to fix warning/spamming of the System logs
* Present is_module_loaded() function to check if a module is loaded.

4 files changed, 34 insertions, 14 deletions

diff --git a/etc/inc/config.inc b/etc/inc/config.inc
index 6bd22c8..6e9edc6 100644
--- a/etc/inc/config.inc
+++ b/etc/inc/config.inc
@@ -2834,7 +2834,7 @@ function system_start_ftp_helpers() {
 			if($g['debug'])
 				log_error("Config: FTP proxy disabled for interface {$ifent}");
 
-			$helpers = exec("/bin/ps awux | grep \"/usr/local/sbin/ftp-proxy {$shaper_queue} -p {$port}\" | grep -v grep | sed \"s/  */ /g\" | cut -f2 -d\" \"");
+			$helpers = `/bin/ps awux | grep "ftp-proxy" | grep  "{$port}" | grep -v grep | awk '{ print $2 }'`;
 			if($helpers)
 				mwexec("/bin/kill {$helpers}");
 			$interface_counter++;
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index f838b9d..b62cee6 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1072,11 +1072,12 @@ function filter_nat_rules_generate()
 	}
 	fclose($inetd_fd);		// Close file handle
 	// Check if inetd is running, if not start it.	If so, restart it gracefully.
-	$helpers = trim(exec("/bin/ps ax | /usr/bin/grep inetd | /usr/bin/grep -v grep | /usr/bin/grep 127"));
+	$helpers = isvalidproc("inetd");
 	if(!$helpers)
-		mwexec("/usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf");
+		killbypid("/var/run/inetd.pid");
 	else
-		mwexec("/usr/bin/killall -HUP inetd", true);
+		sigkillbypid("/var/run/inetd.pid", "HUP");
+
 	if ($pptpdcfg['mode'] && $pptpdcfg['mode'] != "off") {
 		if ($pptpdcfg['mode'] == "server")
 			$pptpdtarget = "127.0.0.1";
@@ -1751,8 +1752,8 @@ function filter_rules_generate()
 		$cp_interface = $config['captiveportal']['interface'];
 		$cp_interface_real = $FilterIflist[$cp_interface]['if'];
 		$cp_interface_ip = $FilterIflist[$cp_interface_real]['ip'];
-		if (isset($config['captiveportal']['peruserbw']))
-			mwexec("kldload dummynet");
+		if (isset($config['captiveportal']['peruserbw']) && !is_module_loaded("dummynet.ko"))
+			mwexec("/sbin/kldload dummynet");
 		if(is_ipaddr($cp_interface_ip) and $cp_interface_real)
 			$ipfrules .= "pass in quick on {$cp_interface_real} proto tcp from any to {$cp_interface_ip} port { 8000 8001 } keep state\n";
 	}
diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc
index 7d5b5b7..4390b7e 100644
--- a/etc/inc/shaper.inc
+++ b/etc/inc/shaper.inc
@@ -3235,6 +3235,8 @@ class layer7 {
     }
     
     function delete_l7c() {
+	$l7pid = `/bin/ps -ax | /usr/bin/grep ipfw-classifyd | /usr/bin/grep ". $l7rules->GetRPort() . " | /usr/bin/grep -v \"grep\" | /usr/bin/awk '{ print $1 }'`;
+	mwexec("/bin/kill {$l7pid}");
 	unset_l7_object_by_reference($this->GetRName());
 	cleanup_l7_from_rules($this->GetRName());
     }
@@ -3364,8 +3366,9 @@ function generate_layer7_files() {
     read_layer7_config();
     
     if (!empty($layer7_rules_list)) {
-	mwexec("kldload ipdivert.ko");
-        mwexec("killall -9 ipfw-classifyd");
+	if (!is_module_loaded("ipdivert.ko"))
+		mwexec("/sbin/kldload ipdivert.ko");
+        //mwexec("killall -9 ipfw-classifyd");
 	mwexec("rm -f /tmp/*.l7");
     }
     
@@ -3387,7 +3390,7 @@ function layer7_start_l7daemon() {
     global $layer7_rules_list;
 
     /*
-     * XXX: Needed ?!
+     * XXX: ermal - Needed ?!
      * read_layer7_config();
      */
 
@@ -3396,9 +3399,16 @@ function layer7_start_l7daemon() {
             $filename = $l7rules->GetRName() . ".l7";
             $path = "/tmp/" . $filename;
 
-            // XXX: Hardcoded number of packets to garbage collect.
-            $ipfw_classifyd_init = "/usr/local/sbin/ipfw-classifyd -n 5 -c {$path} -p " . $l7rules->GetRPort() . " -P /usr/local/share/protocols";
-            mwexec_bg($ipfw_classifyd_init);
+	    unset($l7pid);
+	    /* Only reread the configuration rather than restart to avoid loosing information. */
+	    $l7pid = `/bin/ps -ax | /usr/bin/grep ipfw-classifyd | /usr/bin/grep ". $l7rules->GetRPort() . " | /usr/bin/grep -v \"grep\" | /usr/bin/awk '{ print $1}'`;
+	    if (isset($l7pid))
+		mwexec("/bin/kill -HUP {$l7pid}");
+	    else {
+		// XXX: Hardcoded number of packets to garbage collect and queue length..
+		$ipfw_classifyd_init = "/usr/local/sbin/ipfw-classifyd -n 5 -q 700 -c {$path} -p " . $l7rules->GetRPort() . " -P /usr/local/share/protocols";
+		mwexec_bg($ipfw_classifyd_init);
+	    }
         }
     }
 }
@@ -3679,7 +3689,8 @@ function filter_generate_dummynet_rules() {
 	read_dummynet_config();
 	
 	if (!empty($dummynet_pipe_list)) {
-		mwexec("kldload dummynet");
+		if (!is_module_loaded("dummynet.ko"))
+			mwexec("/sbin/kldload dummynet");
 		/* XXX: Needs to be added code elsewhere to clear pipes/queues from kernel when not needed! */
 		//mwexec("pfctl -F dummynet");
 	}
diff --git a/etc/inc/util.inc b/etc/inc/util.inc
index 3ef01fc..f85a672 100644
--- a/etc/inc/util.inc
+++ b/etc/inc/util.inc
@@ -42,7 +42,7 @@ function isvalidpid($pid) {
 
 function isvalidproc($proc) {
 	$running = `ps awux | grep $proc | grep -v grep | wc -l`;
-	if(intval($running) > 1)
+	if(intval($running) >= 1)
 		return true;
 	else 
 		return false;
@@ -71,6 +71,14 @@ function killbyname($procname) {
 		mwexec("/usr/bin/killall " . escapeshellarg($procname));
 }
 
+function is_module_loaded($module_name) {
+	$running = `/sbin/kldstat -n {$module_name} | /usr/bin/grep {$module_name} | /usr/bin/wc -l`;
+	if (intval($running) >= 1)
+		return true;
+	else
+		return false;
+}
+
 /* return the subnet address given a host address and a subnet bit count */
 function gen_subnet($ipaddr, $bits) {
 	if (!is_ipaddr($ipaddr) || !is_numeric($bits))