diff options
| author | Bill Marquette <bill.marquette@gmail.com> | 2011-06-03 17:29:49 -0500 |
|---|---|---|
| committer | Bill Marquette <bill.marquette@gmail.com> | 2011-06-03 17:29:49 -0500 |
| commit | 5cb0360bf47e000f1d3e41266b8225479a490e40 (patch) | |
| tree | 7ab0c99b6441ef7f41b64c6a60ebe31a95d15c01 /etc | |
| parent | 5b542ae5055e3667f317f099753f38c89ffbbc9c (diff) | |
| parent | bd4b09826c4f0a6ecae94c99a9fdfa8bf7bc4a95 (diff) | |
| download | pfsense-5cb0360bf47e000f1d3e41266b8225479a490e40.zip pfsense-5cb0360bf47e000f1d3e41266b8225479a490e40.tar.gz | |
Merge branch 'master' of github.com:bsdperimeter/pfsense
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/dyndns.class | 11 | ||||
| -rw-r--r-- | etc/inc/filter.inc | 18 | ||||
| -rw-r--r-- | etc/inc/gwlb.inc | 2 | ||||
| -rw-r--r-- | etc/inc/ipsec.inc | 4 | ||||
| -rw-r--r-- | etc/inc/openvpn.inc | 13 | ||||
| -rw-r--r-- | etc/inc/pfsense-utils.inc | 4 | ||||
| -rw-r--r-- | etc/inc/system.inc | 8 | ||||
| -rw-r--r-- | etc/inc/vpn.inc | 9 | ||||
| -rwxr-xr-x | etc/rc.filter_synchronize | 2 | ||||
| -rwxr-xr-x | etc/rc.newwanip | 2 | ||||
| -rwxr-xr-x | etc/rc.restart_webgui | 9 | ||||
| -rwxr-xr-x | etc/rc.shutdown | 4 | ||||
| -rw-r--r--[-rwxr-xr-x] | etc/rc.stop_packages | 4 |
13 files changed, 59 insertions, 31 deletions
diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class index 01209b9..65defb2 100644 --- a/etc/inc/dyndns.class +++ b/etc/inc/dyndns.class @@ -98,7 +98,9 @@ $this->_debugFile = "{$g['varetc_path']}/dyndns_{$dnsIf}{$dnsService}" . escapeshellarg($dnsHost) . ".debug"; log_error("DynDns: updatedns() starting"); - + + $dyndnslck = lock($dnsHost, LOCK_EX); + if (!$dnsService) $this->_error(2); switch ($dnsService) { case 'freedns': @@ -128,6 +130,7 @@ // Ensure that we where able to lookup the IP if(!is_ipaddr($this->_ifIP)) { log_error("There was an error trying to determine the IP for interface - {$dnsIf}({$this->_if}). Probably interface has no ip or is down. Dyndns update not possible for {$dnsService}."); + unlock($dyndnslck); return; } @@ -162,6 +165,8 @@ break; } } + + unlock($dyndnslck); } /* @@ -178,7 +183,7 @@ curl_setopt($ch, CURLOPT_USERAGENT, $this->_UserAgent); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_INTERFACE, $this->_ifIP); - curl_setopt($ch, CURLOPT_TIMEOUT, 60); // Completely empirical + curl_setopt($ch, CURLOPT_TIMEOUT, 120); // Completely empirical } switch ($this->_dnsService) { @@ -961,7 +966,7 @@ curl_setopt($ip_ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ip_ch, CURLOPT_INTERFACE, $ip_address); curl_setopt($ip_ch, CURLOPT_CONNECTTIMEOUT, '30'); - curl_setopt($ip_ch, CURLOPT_TIMEOUT, 60); + curl_setopt($ip_ch, CURLOPT_TIMEOUT, 120); $ip_result_page = curl_exec($ip_ch); curl_close($ip_ch); $ip_result_decoded = urldecode($ip_result_page); diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 3ce44a3..0988093 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -429,7 +429,7 @@ function filter_generate_scrubing() { } /* disable scrub option */ foreach ($FilterIflist as $scrubif => $scrubcfg) { - if(isset($scrubcfg['virtual'])) + if(isset($scrubcfg['virtual']) || empty($scrubcfg['descr'])) continue; /* set up MSS clamping */ if($scrubcfg['mss'] <> "" && is_numeric($scrubcfg['mss']) && $scrubcfg['if'] != "pppoe" && $scrubcfg['if'] != "pptp" && @@ -518,7 +518,7 @@ function filter_generate_aliases() { $aliases .= "{$ifcfg[0]['descr']} = \"{ {$ifcfg[0]['if']}"; $aliases .= " }\"\n"; } - } else { + } elseif (!empty($ifcfg['descr']) && !empty($ifcfg['if'])) { $aliases .= "{$ifcfg['descr']} = \"{ {$ifcfg['if']}"; $aliases .= " }\"\n"; } @@ -801,8 +801,8 @@ function filter_generate_optcfg_array() { $oic['virtual'] = true; $FilterIflist['l2tp'] = $oic; } - if (is_array($config['pppoes']['pppoe'])) { - $FilterIflist['pppoe'] = array(); + if (is_array($config['pppoes']['pppoe']) && (count($config['pppoes']['pppoe']) > 0)) { + $pppoeifs = array(); foreach($config['pppoes']['pppoe'] as $pppoe) { if ($pppoe['mode'] == "server") { $oic = array(); @@ -816,9 +816,11 @@ function filter_generate_optcfg_array() { $oic['sn'] = $pppoe['pppoe_subnet']; else $oic['sn'] = "32"; - $FilterIflist['pppoe'][] = $oic; + $pppoeifs[] = $oic; } } + if (count($pppoeifs)) + $FilterIflist['pppoe'] = $pppoeifs; } /* add ipsec interfaces */ if(isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) { @@ -1382,6 +1384,12 @@ function filter_nat_rules_generate() { } } } + /* IPsec mode_cfg subnet */ + if (isset($config['ipsec']['client']['enable']) && + !empty($config['ipsec']['client']['pool_address']) && + !empty($config['ipsec']['client']['pool_netbits'])) { + $tonathosts .= "{$config['ipsec']['client']['pool_address']}/{$config['ipsec']['client']['pool_netbits']} "; + } $natrules .= "\n# Subnets to NAT \n"; $tonathosts .= "127.0.0.0/8 "; if($numberofnathosts > 4) { diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index 9b4c32b..66a0af3 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -367,7 +367,7 @@ function return_gateway_groups_array() { $gateways_arr = return_gateways_array(); $gateway_groups_array = array(); - if (0) { + if (isset($config['system']['gw_switch_default'])) { /* * NOTE: The code below is meant to replace the default gateway when it goes down. * This facilitates services running on pfSense itself and are not handled by a PBR to continue working. diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index e15a14c..7371702 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -449,6 +449,10 @@ function ipsec_dump_sad() case 3: $cursa['aalgo'] = $linea[1]; break; + case 8: + $sadata = explode("(", $linea[1]); + $cursa['data'] = $sadata[0] . " B"; + break; } } $i++; diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 7f82975..edd22be 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -367,8 +367,8 @@ function openvpn_reconfigure($mode, $settings) { // server specific settings if ($mode == 'server') { - list($ip, $mask) = explode('/', $settings['tunnel_network']); - $mask = gen_subnet_mask($mask); + list($ip, $cidr) = explode('/', $settings['tunnel_network']); + $mask = gen_subnet_mask($cidr); // configure tls modes switch($settings['mode']) { @@ -383,8 +383,13 @@ function openvpn_reconfigure($mode, $settings) { // configure p2p/server modes switch($settings['mode']) { case 'p2p_tls': - $conf .= "server {$ip} {$mask}\n"; - $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; + // If the CIDR is less than a /30, OpenVPN will complain if you try to + // use the server directive. It works for a single client without it. + // See ticket #1417 + if ($cidr < 30) { + $conf .= "server {$ip} {$mask}\n"; + $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; + } case 'p2p_shared_key': $baselong = ip2long32($ip) & ip2long($mask); $ip1 = long2ip32($baselong + 1); diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 01d3762..c75ae20 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -2235,12 +2235,12 @@ function is_ipaddr_configured($ipaddr) { function pfSense_handle_custom_code($src_dir) { // Allow extending of the nat edit page and include custom input validation if(is_dir("$src_dir")) { - $cf = glob($src_dir); + $cf = glob($src_dir . "/*.inc"); foreach($cf as $nf) { if($nf == "." || $nf == "..") continue; // Include the extra handler - include("$src_dir/$nf"); + include("$nf"); } } } diff --git a/etc/inc/system.inc b/etc/inc/system.inc index e2c02aa..7e105ab 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -116,9 +116,12 @@ function system_resolvconf_generate($dynupdate = false) { } } + $dnslock = lock('resolvconf', LOCK_EX); + $fd = fopen("{$g['varetc_path']}/resolv.conf", "w"); if (!$fd) { printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n"); + unlock($dnslock); return 1; } @@ -148,7 +151,9 @@ function system_resolvconf_generate($dynupdate = false) { } } } - + + unlock($dnslock); + return 0; } @@ -1251,6 +1256,7 @@ function system_reboot_cleanup() { captiveportal_radius_stop_all(); require_once("voucher.inc"); voucher_save_db_to_config(); + // mwexec("/etc/rc.stop_packages"); } function system_do_shell_commands($early = 0) { diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index f595c9b..5e014fd 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -481,7 +481,7 @@ function vpn_ipsec_configure($ipchg = false) $natt = $ph1ent['nat_traversal']; $init = "on"; - $genp = "off"; + $genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "off"; $pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "claim"; $passive = ""; if (isset($ph1ent['mobile'])) { @@ -490,10 +490,10 @@ function vpn_ipsec_configure($ipchg = false) /* Mimic 1.2.3's behavior for pure-psk mobile tunnels */ if ($ph1ent['authentication_method'] == "pre_shared_key") { $pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "obey"; - $genp = "on"; + $genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "on"; } else { $init = "off"; - $genp = "unique"; + $genp = !empty($ph1ent['generate_policy']) ? $ph1ent['generate_policy'] : "unique"; } } @@ -864,8 +864,7 @@ EOD; /* FIXME: does adding route-to and reply-to on the in/outbound * rules fix this? smos@ 13-01-2009 */ // log_error("IPSEC interface is not WAN but {$parentinterface}, adding static route for VPN endpoint {$rgip} via {$gatewayip}"); - mwexec("/sbin/route delete -host {$rgip}"); - mwexec("/sbin/route add -host {$rgip} {$gatewayip}"); + mwexec("/sbin/route delete -host {$rgip}; /sbin/route add -host {$rgip} {$gatewayip}", true); } } } diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index 6acadc0..af0e5cc 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -390,7 +390,7 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { update_filter_reload_status("Signaling CARP reload signal..."); carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port); if (is_array($mergesections)) - carp_sync_xml($synchronizetoip, $carp['password'], $mergesections, $port, 'pfsense.merge_config_section'); + carp_sync_xml($synchronizetoip, $carp['password'], $mergesections, $port, 'pfsense.restore_config_section'); $cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port); $params = array( XML_RPC_encode($carp['password']) diff --git a/etc/rc.newwanip b/etc/rc.newwanip index 0395099..93eb089 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -51,7 +51,7 @@ function restart_packages() { /* restart packages */ system_ntp_configure(); log_error("{$g['product_name']} package system has detected an ip change $oldip -> $curwanip ... Restarting packages."); - mwexec_bg("/etc/rc.start_packages"); + send_event("reload packages"); } /* Interface IP address has changed */ diff --git a/etc/rc.restart_webgui b/etc/rc.restart_webgui index 463f934..e74f201 100755 --- a/etc/rc.restart_webgui +++ b/etc/rc.restart_webgui @@ -8,10 +8,15 @@ require("shaper.inc"); require("captiveportal.inc"); require("rrd.inc"); -mwexec("killall -9 lighttpd"); - echo "Restarting webConfigurator..."; +sigkillbyname("lighttpd", "INT"); + +while (is_process_running("lighttpd")) { + echo '.'; + sleep(1); +} + system_webgui_start(); captiveportal_init_webgui(); diff --git a/etc/rc.shutdown b/etc/rc.shutdown index 14faf80..c7e8b25 100755 --- a/etc/rc.shutdown +++ b/etc/rc.shutdown @@ -5,10 +5,6 @@ if ! /usr/bin/lockf -s -t 30 /tmp/config.lock /usr/bin/true; then exit -1 fi -if [ -e /dev/ukbd0 ]; then - /usr/sbin/vidcontrol -s 2 -fi - product=`cat /etc/inc/globals.inc | grep product_name | cut -d'"' -f4` echo diff --git a/etc/rc.stop_packages b/etc/rc.stop_packages index 95e77fd..f20fa04 100755..100644 --- a/etc/rc.stop_packages +++ b/etc/rc.stop_packages @@ -51,7 +51,7 @@ else { if (is_array($config['installedpackages']['package'])) { foreach($config['installedpackages']['package'] as $package) { - echo " Stoping package {$package['name']}..."; + echo " Stopping package {$package['name']}..."; stop_service($package['name']); unset($rcfiles["{$rcfileprefix}{$package['name']}.sh"]); echo "done.\n"; @@ -61,7 +61,7 @@ if (is_array($config['installedpackages']['package'])) { $shell = @popen("/bin/sh", "w"); if ($shell) { foreach ($rcfiles as $rcfile => $number) { - echo " Stoping {$rcfile}..."; + echo " Stopping {$rcfile}..."; fwrite($shell, "{$rcfile} stop >>/tmp/bootup_messages 2>&1"); echo "done.\n"; } |
