diff options
author | sullrich <sullrich@pfsense.org> | 2009-12-06 00:48:32 -0500 |
---|---|---|
committer | sullrich <sullrich@pfsense.org> | 2009-12-06 00:48:32 -0500 |
commit | d0b461f524df02aa8766f88dde23c5f4996d8553 (patch) | |
tree | 9401d83b28c8d793109436657731fe0e31107a3d /etc | |
parent | e02099c638b259a0f109d07a254e2efcc02db15d (diff) | |
download | pfsense-d0b461f524df02aa8766f88dde23c5f4996d8553.zip pfsense-d0b461f524df02aa8766f88dde23c5f4996d8553.tar.gz |
Add lookup table for sysctl tunable (sysctl.inc). Make config.xml values default to value 'default' Ticket #71
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/sysctl.inc | 40 | ||||
-rw-r--r-- | etc/inc/system.inc | 10 |
2 files changed, 47 insertions, 3 deletions
diff --git a/etc/inc/sysctl.inc b/etc/inc/sysctl.inc new file mode 100644 index 0000000..c90b074 --- /dev/null +++ b/etc/inc/sysctl.inc @@ -0,0 +1,40 @@ +<?php + +$sysctls = array("net.inet.ip.portrange.first" => "1024", + "net.inet.tcp.blackhole" => "2", + "net.inet.udp.blackhole" => "1", + "net.inet.ip.random_id" => "1", + "net.inet.tcp.drop_synfin" => "1", + "net.inet.ip.redirect" => "1", + "net.inet6.ip6.redirect" => "1", + "net.inet.tcp.syncookies" => "1", + "net.inet.tcp.recvspace" => "65228", + "net.inet.tcp.sendspace" => "65228", + "net.inet.ip.fastforwarding" => "1", + "net.inet.tcp.delayed_ack" => "0", + "net.inet.udp.maxdgram" => "57344", + "net.link.bridge.pfil_onlyip" => "0", + "net.link.bridge.pfil_member" => "1", + "net.link.bridge.pfil_bridge" => "0", + "net.link.tap.user_open" => "1", + "kern.rndtest.verbose" => "0", + "kern.randompid" => "347", + "net.inet.ip.intr_queue_maxlen" => "1000", + "hw.syscons.kbd_reboot" => "0", + "net.inet.tcp.inflight.enable" => "1", + "net.inet.tcp.log_debug" => "0", + "net.inet.icmp.icmplim" => "750", + "net.inet.tcp.tso" => "0", + "hw.bce.tso_enable" => "0" + ); + +function get_default_sysctl_value($id) { + global $sysctls; + foreach($sysctls as $sysctl => $value) { + if($sysctl == $id) + return $value; + } +} + + +?>
\ No newline at end of file diff --git a/etc/inc/system.inc b/etc/inc/system.inc index dd54527..e3611ea 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -50,16 +50,20 @@ function activate_powerd() { function activate_sysctls() { global $config, $g; - + require("sysctl.inc"); exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000001"); exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x00000001"); exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000002"); exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x00000002"); - if (is_array($config['sysctl'])) - foreach ($config['sysctl']['item'] as $tunable) + if (is_array($config['sysctl'])) { + foreach ($config['sysctl']['item'] as $tunable) { + if($tunable['value'] == "default") + $tunable['value'] = get_default_sysctl_value($tunable['tunable']); mwexec("sysctl " . $tunable['tunable'] . "=\"" . $tunable['value'] . "\""); + } + } } function system_resolvconf_generate($dynupdate = false) { |