diff options
author | Ermal LUÇI <eri@pfsense.org> | 2015-01-12 12:17:00 +0100 |
---|---|---|
committer | Ermal LUÇI <eri@pfsense.org> | 2015-01-12 12:18:49 +0100 |
commit | 339e2fe5e66e07a953c28b59e964a96f77edcecd (patch) | |
tree | e61b00e1c6d12bada7e36cd24168f92406de1d41 /etc | |
parent | 6a752ca21acc099b0510d741b9774e876cfd0405 (diff) | |
download | pfsense-339e2fe5e66e07a953c28b59e964a96f77edcecd.zip pfsense-339e2fe5e66e07a953c28b59e964a96f77edcecd.tar.gz |
* Try to autodetect if the execution limit needs to be raised on big number of passthrough entries.
Set the time limit to 0 and restore it back to default value when this is detected.
* Do not leak pipes when reloading ruleset for CP since this will consume available descriptors.
This has been noted before but considered fixed, this is the real fix actually for dnpipes.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/captiveportal.inc | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 3964b40..c42eb35 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -194,6 +194,14 @@ function captiveportal_configure_zone($cpcfg) { } else captiveportal_syslog("Reconfiguring captive portal({$cpcfg['zone']})."); + if (is_array($cpcfg['passthrumac'])) { + $nentries = count($cpcfg['passthrumac']); + if ($nentries > 2000) { + if (!set_time_limit(0)) + log_error("Execution time limit may be reached while reconfiguring zone = {$cpzone} due to many passthrugh entries!"); + } + } + /* init ipfw rules */ captiveportal_init_rules(true); @@ -381,6 +389,8 @@ EOD; } } + /* XXX: Same as in rc.php_init_setup */ + set_time_limit(900); unlock($captiveportallck); return 0; @@ -474,6 +484,7 @@ function captiveportal_init_rules($reinit = false) { captiveportal_load_modules(); mwexec("/sbin/ipfw zone {$cpzoneid} create", true); + captiveportal_flush_dn_ruleno($cpzone); $cpips = array(); $ifaces = get_configured_interface_list(); @@ -1480,6 +1491,26 @@ function captiveportal_free_dn_ruleno($ruleno) { unlock($cpruleslck); } +/* + * To avoid allocating more ids than needed to a zone need + * to flush them before loading/creating new ruleset + */ +function captiveportal_flush_dn_ruleno($cpzone) { + global $config, $g; + + $cpruleslck = lock("captiveportalrulesdn", LOCK_EX); + if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) { + $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules")); + foreach ($rules as $idx => $zone) { + if ($zone == $cpzone) + $rules[$idx] = false; + } + file_put_contents("{$g['vardb_path']}/captiveportaldn.rules", serialize($rules)); + unset($rules); + } + unlock($cpruleslck); +} + function captiveportal_get_dn_passthru_ruleno($value) { global $config, $g, $cpzone, $cpzoneid; |