diff options
author | Ermal Luçi <eri@pfsense.org> | 2009-03-08 00:32:22 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2009-03-08 00:32:22 +0000 |
commit | 1ab56363bbc910157191850b45d78f9ec98e5099 (patch) | |
tree | 410010ad8e06b8ff8a045bf9a26e8757f2fb9a96 /etc/inc | |
parent | 179941d470b52b6d4164a62bf1c146d7ee0e590b (diff) | |
download | pfsense-1ab56363bbc910157191850b45d78f9ec98e5099.zip pfsense-1ab56363bbc910157191850b45d78f9ec98e5099.tar.gz |
* Do not restart ipfw-classifyd on every iteration just send a signal to reload the config. This way no data is lost
* Some cleanups to fix warning/spamming of the System logs
* Present is_module_loaded() function to check if a module is loaded.
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/config.inc | 2 | ||||
-rw-r--r-- | etc/inc/filter.inc | 11 | ||||
-rw-r--r-- | etc/inc/shaper.inc | 25 | ||||
-rw-r--r-- | etc/inc/util.inc | 10 |
4 files changed, 34 insertions, 14 deletions
diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 6bd22c8..6e9edc6 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -2834,7 +2834,7 @@ function system_start_ftp_helpers() { if($g['debug']) log_error("Config: FTP proxy disabled for interface {$ifent}"); - $helpers = exec("/bin/ps awux | grep \"/usr/local/sbin/ftp-proxy {$shaper_queue} -p {$port}\" | grep -v grep | sed \"s/ */ /g\" | cut -f2 -d\" \""); + $helpers = `/bin/ps awux | grep "ftp-proxy" | grep "{$port}" | grep -v grep | awk '{ print $2 }'`; if($helpers) mwexec("/bin/kill {$helpers}"); $interface_counter++; diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index f838b9d..b62cee6 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1072,11 +1072,12 @@ function filter_nat_rules_generate() } fclose($inetd_fd); // Close file handle // Check if inetd is running, if not start it. If so, restart it gracefully. - $helpers = trim(exec("/bin/ps ax | /usr/bin/grep inetd | /usr/bin/grep -v grep | /usr/bin/grep 127")); + $helpers = isvalidproc("inetd"); if(!$helpers) - mwexec("/usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf"); + killbypid("/var/run/inetd.pid"); else - mwexec("/usr/bin/killall -HUP inetd", true); + sigkillbypid("/var/run/inetd.pid", "HUP"); + if ($pptpdcfg['mode'] && $pptpdcfg['mode'] != "off") { if ($pptpdcfg['mode'] == "server") $pptpdtarget = "127.0.0.1"; @@ -1751,8 +1752,8 @@ function filter_rules_generate() $cp_interface = $config['captiveportal']['interface']; $cp_interface_real = $FilterIflist[$cp_interface]['if']; $cp_interface_ip = $FilterIflist[$cp_interface_real]['ip']; - if (isset($config['captiveportal']['peruserbw'])) - mwexec("kldload dummynet"); + if (isset($config['captiveportal']['peruserbw']) && !is_module_loaded("dummynet.ko")) + mwexec("/sbin/kldload dummynet"); if(is_ipaddr($cp_interface_ip) and $cp_interface_real) $ipfrules .= "pass in quick on {$cp_interface_real} proto tcp from any to {$cp_interface_ip} port { 8000 8001 } keep state\n"; } diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 7d5b5b7..4390b7e 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -3235,6 +3235,8 @@ class layer7 { } function delete_l7c() { + $l7pid = `/bin/ps -ax | /usr/bin/grep ipfw-classifyd | /usr/bin/grep ". $l7rules->GetRPort() . " | /usr/bin/grep -v \"grep\" | /usr/bin/awk '{ print $1 }'`; + mwexec("/bin/kill {$l7pid}"); unset_l7_object_by_reference($this->GetRName()); cleanup_l7_from_rules($this->GetRName()); } @@ -3364,8 +3366,9 @@ function generate_layer7_files() { read_layer7_config(); if (!empty($layer7_rules_list)) { - mwexec("kldload ipdivert.ko"); - mwexec("killall -9 ipfw-classifyd"); + if (!is_module_loaded("ipdivert.ko")) + mwexec("/sbin/kldload ipdivert.ko"); + //mwexec("killall -9 ipfw-classifyd"); mwexec("rm -f /tmp/*.l7"); } @@ -3387,7 +3390,7 @@ function layer7_start_l7daemon() { global $layer7_rules_list; /* - * XXX: Needed ?! + * XXX: ermal - Needed ?! * read_layer7_config(); */ @@ -3396,9 +3399,16 @@ function layer7_start_l7daemon() { $filename = $l7rules->GetRName() . ".l7"; $path = "/tmp/" . $filename; - // XXX: Hardcoded number of packets to garbage collect. - $ipfw_classifyd_init = "/usr/local/sbin/ipfw-classifyd -n 5 -c {$path} -p " . $l7rules->GetRPort() . " -P /usr/local/share/protocols"; - mwexec_bg($ipfw_classifyd_init); + unset($l7pid); + /* Only reread the configuration rather than restart to avoid loosing information. */ + $l7pid = `/bin/ps -ax | /usr/bin/grep ipfw-classifyd | /usr/bin/grep ". $l7rules->GetRPort() . " | /usr/bin/grep -v \"grep\" | /usr/bin/awk '{ print $1}'`; + if (isset($l7pid)) + mwexec("/bin/kill -HUP {$l7pid}"); + else { + // XXX: Hardcoded number of packets to garbage collect and queue length.. + $ipfw_classifyd_init = "/usr/local/sbin/ipfw-classifyd -n 5 -q 700 -c {$path} -p " . $l7rules->GetRPort() . " -P /usr/local/share/protocols"; + mwexec_bg($ipfw_classifyd_init); + } } } } @@ -3679,7 +3689,8 @@ function filter_generate_dummynet_rules() { read_dummynet_config(); if (!empty($dummynet_pipe_list)) { - mwexec("kldload dummynet"); + if (!is_module_loaded("dummynet.ko")) + mwexec("/sbin/kldload dummynet"); /* XXX: Needs to be added code elsewhere to clear pipes/queues from kernel when not needed! */ //mwexec("pfctl -F dummynet"); } diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 3ef01fc..f85a672 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -42,7 +42,7 @@ function isvalidpid($pid) { function isvalidproc($proc) { $running = `ps awux | grep $proc | grep -v grep | wc -l`; - if(intval($running) > 1) + if(intval($running) >= 1) return true; else return false; @@ -71,6 +71,14 @@ function killbyname($procname) { mwexec("/usr/bin/killall " . escapeshellarg($procname)); } +function is_module_loaded($module_name) { + $running = `/sbin/kldstat -n {$module_name} | /usr/bin/grep {$module_name} | /usr/bin/wc -l`; + if (intval($running) >= 1) + return true; + else + return false; +} + /* return the subnet address given a host address and a subnet bit count */ function gen_subnet($ipaddr, $bits) { if (!is_ipaddr($ipaddr) || !is_numeric($bits)) |