diff options
| author | Seth Mos <seth.mos@dds.nl> | 2011-02-01 15:28:55 +0100 |
|---|---|---|
| committer | Seth Mos <seth.mos@dds.nl> | 2011-02-01 15:28:55 +0100 |
| commit | 7203754c2ef2e457bcebec7cc96012b774e04681 (patch) | |
| tree | 4d3731e1c853b4ecaeb0214a8e05dd0783e2d575 /etc | |
| parent | cebd086a856086529728d2d8592ebd9687451ca3 (diff) | |
| parent | 20fef17c7398170e18c9d03bcc04ee794002e981 (diff) | |
| download | pfsense-7203754c2ef2e457bcebec7cc96012b774e04681.zip pfsense-7203754c2ef2e457bcebec7cc96012b774e04681.tar.gz | |
Merge remote branch 'upstream/master'
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/captiveportal.inc | 24 | ||||
| -rw-r--r-- | etc/inc/filter.inc | 2 | ||||
| -rw-r--r-- | etc/inc/openvpn.inc | 6 | ||||
| -rw-r--r-- | etc/inc/rrd.inc | 77 | ||||
| -rw-r--r-- | etc/inc/shaper.inc | 16 | ||||
| -rw-r--r-- | etc/inc/vpn.inc | 27 | ||||
| -rwxr-xr-x | etc/rc | 8 | ||||
| -rwxr-xr-x | etc/rc.dumpon | 22 | ||||
| -rwxr-xr-x | etc/rc.initial.setlanip | 3 | ||||
| -rwxr-xr-x | etc/rc.linkup | 1 | ||||
| -rwxr-xr-x | etc/rc.newipsecdns | 2 | ||||
| -rwxr-xr-x | etc/rc.savecore | 22 |
12 files changed, 150 insertions, 60 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 12701ab..3d4b61a 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -1072,16 +1072,20 @@ function captiveportal_allowedip_configure_entry($ipent) { */ function setup_dnsfilter_entries() { global $g, $config; + $cp_filterdns_filename = "{$g['varetc_path']}/filterdns-captiveportal.conf"; - $fd = fopen($cp_filterdns_filename, "w"); - if (is_array($config['captiveportal']['allowedhostname'])) - foreach ($config['captiveportal']['allowedhostname'] as $hostnameent) - fwrite($fd, $hostnameent['hostname'] . "\n"); - fclose($fd); - killbypid("{$g['tmp_path']}/dnswatch-cpah.pid"); - // For some reason the killbypid() is not working. Brute force if needed. - exec("/bin/ps awux | grep -v /usr/bin/grep | grep dnswatch-cpah.pid | /usr/bin/awk '{ print \$2 }' | /usr/bin/xargs kill"); - mwexec("/usr/local/sbin/dnswatch {$g['tmp_path']}/dnswatch-cpah.pid 300 /etc/rc.captiveportal_configure {$cp_filterdns_filename}"); + $cp_filterdns_conf = ""; + if (is_array($config['captiveportal']['allowedhostname'])) { + foreach ($config['captiveportal']['allowedhostname'] as $hostnameent) { + $cp_filterdns_conf .= "ipfw $hostnameent 3 '/etc/rc.captiveportal_configure'\n"; + $cp_filterdns_conf .= "ipfw $hostnameent 4 '/etc/rc.captiveportal_configure'\n"; + $cp_filterdns_conf .= "ipfw $hostnameent 7 '/etc/rc.captiveportal_configure'\n"; + $cp_filterdns_conf .= "ipfw $hostnameent 8 '/etc/rc.captiveportal_configure'\n"; + } + } + file_put_contents($cp_filterdns_filename, $cp_filterdns_conf); + killbypid("{$g['tmp_path']}/filterdns-cpah.pid"); + mwexec("/usr/local/sbin/filterdns -p {$g['tmp_path']}/filterdns-cpah.pid -i 300 -c {$cp_filterdns_filename} -d 1"); } function captiveportal_allowedhostname_configure() { @@ -1511,4 +1515,4 @@ function portal_ip_from_client_ip($cliip) { return false; } -?>
\ No newline at end of file +?> diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 8b6b5d2..f320531 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -472,7 +472,7 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr $tmpline = filter_generate_nested_alias($address, $aliastable[$address], $aliasnesting, $aliasaddrnesting); } else if(!isset($aliasaddrnesting[$address])) { if(!is_ipaddr($address) && !is_subnet($address) && !is_port($address)) { - $filterdns .= "{$address} = {$name}\n"; + $filterdns .= "pf {$address} {$name}\n"; continue; } $aliasaddrnesting[$address] = $address; diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index ce1e9fd..496b8bc 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -278,7 +278,7 @@ function openvpn_add_keyfile(& $data, & $conf, $mode_id, $directive, $opt = "") $conf .= "{$directive} {$fpath} {$opt}\n"; } -function openvpn_reconfigure($mode,& $settings) { +function openvpn_reconfigure($mode, $settings) { global $g, $config; if (empty($settings)) @@ -571,7 +571,7 @@ function openvpn_reconfigure($mode,& $settings) { @chmod("{$g['varetc_path']}/openvpn/{$mode_id}.conf", 0600); } -function openvpn_restart($mode, & $settings) { +function openvpn_restart($mode, $settings) { global $g, $config; $vpnid = $settings['vpnid']; @@ -683,7 +683,7 @@ function openvpn_delete_csc(& $settings) { } // Resync the configuration and restart the VPN -function openvpn_resync($mode, & $settings) { +function openvpn_resync($mode, $settings) { openvpn_reconfigure($mode, $settings); openvpn_restart($mode, $settings); } diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc index d811a85..cdb90c1 100644 --- a/etc/inc/rrd.inc +++ b/etc/inc/rrd.inc @@ -175,6 +175,8 @@ function enable_rrd_graphing() { $mem = "-memory.rrd"; $cellular = "-cellular.rrd"; $vpnusers = "-vpnusers.rrd"; + $captiveportalconcurrent = "-concurrent.rrd"; + $captiveportalloggedin = "-loggedin.rrd"; $rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool"; $netstat = "/usr/bin/netstat"; @@ -186,6 +188,7 @@ function enable_rrd_graphing() { $top = "/usr/bin/top"; $spamd_gather = "/usr/local/bin/spamd_gather_stats.php"; $ifconfig = "/sbin/ifconfig"; + $captiveportal_gather = "/usr/local/bin/captiveportal_gather_stats.php"; $rrdtrafficinterval = 60; $rrdwirelessinterval = 60; @@ -199,6 +202,7 @@ function enable_rrd_graphing() { $rrdmeminterval = 60; $rrdcellularinterval = 60; $rrdvpninterval = 60; + $rrdcaptiveportalinterval = 60; $trafficvalid = $rrdtrafficinterval * 2; $wirelessvalid = $rrdwirelessinterval * 2; @@ -212,6 +216,7 @@ function enable_rrd_graphing() { $memvalid = $rrdmeminterval * 2; $cellularvalid = $rrdcellularinterval * 2; $vpnvalid = $rrdvpninterval * 2; + $captiveportalvalid = $rrdcaptiveportalinterval * 2; /* Asume GigE for now */ $downstream = 125000000; @@ -666,6 +671,78 @@ function enable_rrd_graphing() { $rrdupdatesh .= "else $rrdtool update $rrddbpath$ifname$cellular N:U:U; fi\n"; } + /* Captive Portal statistics, set up the rrd file */ + if(isset($config['captiveportal']['enable'])) { + $ifname= "captiveportal"; + if (!file_exists("$rrddbpath$ifname$captiveportal")) { + $rrdcreate = "$rrdtool create $rrddbpath$ifname$captiveportalconcurrent --step $rrdcaptiveportalinterval "; + $rrdcreate .= "DS:concurrentusers:GAUGE:$captiveportalvalid:0:10000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + $rrdcreate .= "RRA:MIN:0.5:1:1000 "; + $rrdcreate .= "RRA:MIN:0.5:5:1000 "; + $rrdcreate .= "RRA:MIN:0.5:60:1000 "; + $rrdcreate .= "RRA:MIN:0.5:720:3000 "; + $rrdcreate .= "RRA:MAX:0.5:1:1000 "; + $rrdcreate .= "RRA:MAX:0.5:5:1000 "; + $rrdcreate .= "RRA:MAX:0.5:60:1000 "; + $rrdcreate .= "RRA:MAX:0.5:720:3000 "; + $rrdcreate .= "RRA:LAST:0.5:1:1000 "; + $rrdcreate .= "RRA:LAST:0.5:5:1000 "; + $rrdcreate .= "RRA:LAST:0.5:60:1000 "; + $rrdcreate .= "RRA:LAST:0.5:720:3000 "; + + create_new_rrd($rrdcreate); + } + + /* enter UNKNOWN values in the RRD so it knows we rebooted. */ + if($g['booting']) { + mwexec("$rrdtool update $rrddbpath$ifname$captiveportalconcurrent N:U"); + } + + /* the Captive Portal stats gathering function. */ + $rrdupdatesh .= "\n"; + $rrdupdatesh .= "# polling Captive Portal for number of concurrent users\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$captiveportalconcurrent \\\n"; + $rrdupdatesh .= "`$php -q $captiveportal_gather concurrent`\n"; + + $ifname= "captiveportal"; + if (!file_exists("$rrddbpath$ifname$captiveportal")) { + $rrdcreate = "$rrdtool create $rrddbpath$ifname$captiveportalloggedin --step $rrdcaptiveportalinterval "; + $rrdcreate .= "DS:loggedinusers:GAUGE:$captiveportalvalid:0:10000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + $rrdcreate .= "RRA:MIN:0.5:1:1000 "; + $rrdcreate .= "RRA:MIN:0.5:5:1000 "; + $rrdcreate .= "RRA:MIN:0.5:60:1000 "; + $rrdcreate .= "RRA:MIN:0.5:720:3000 "; + $rrdcreate .= "RRA:MAX:0.5:1:1000 "; + $rrdcreate .= "RRA:MAX:0.5:5:1000 "; + $rrdcreate .= "RRA:MAX:0.5:60:1000 "; + $rrdcreate .= "RRA:MAX:0.5:720:3000 "; + $rrdcreate .= "RRA:LAST:0.5:1:1000 "; + $rrdcreate .= "RRA:LAST:0.5:5:1000 "; + $rrdcreate .= "RRA:LAST:0.5:60:1000 "; + $rrdcreate .= "RRA:LAST:0.5:720:3000 "; + + create_new_rrd($rrdcreate); + } + + /* enter UNKNOWN values in the RRD so it knows we rebooted. */ + if($g['booting']) { + mwexec("$rrdtool update $rrddbpath$ifname$captiveportalloggedin N:U"); + } + + /* the Captive Portal stats gathering function. */ + $rrdupdatesh .= "\n"; + $rrdupdatesh .= "# polling Captive Portal for number of logged in users and concurrent users\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$captiveportalloggedin \\\n"; + $rrdupdatesh .= "`$php -q $captiveportal_gather loggedin`\n"; + } $rrdupdatesh .= "sleep 60\n"; $rrdupdatesh .= "done\n"; diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index bea2c04..85bae2b 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -517,7 +517,7 @@ class altq_root_queue { * foreach ($queues as $qkey => $queue) * this->queues[$qkey]->build_rule(); */ - function build_rules($default = false) { + function build_rules(&$default = false) { if (count($this->queues) > 0 && $this->GetEnabled() == "on") { $default = false; $rules = " altq on " . get_real_interface($this->GetInterface()); @@ -542,7 +542,7 @@ class altq_root_queue { } $rules .= " } \n"; foreach ($this->queues as $q) { - $rules .= $q->build_rules(&$default); + $rules .= $q->build_rules($default); } } if ($default == false) { @@ -1035,7 +1035,7 @@ class priq_queue { /* Should return something like: * queue $qname on $qinterface bandwidth .... */ - function build_rules($default = false) { + function build_rules(&$default = false) { $pfq_rule = " queue ". $this->qname; if ($this->GetInterface()) $pfq_rule .= " on ".get_real_interface($this->GetInterface()); @@ -1685,7 +1685,7 @@ class hfsc_queue extends priq_queue { } /* Even this should take children into consideration */ - function build_rules($default = false) { + function build_rules(&$default = false) { $pfq_rule = " queue ". $this->qname; if ($this->GetInterface()) @@ -1767,7 +1767,7 @@ class hfsc_queue extends priq_queue { } $pfq_rule .= " } \n"; foreach ($this->subqueues as $q) - $pfq_rule .= $q->build_rules(); + $pfq_rule .= $q->build_rules(&$default); } $pfq_rule .= " \n"; @@ -2227,7 +2227,7 @@ class cbq_queue extends priq_queue { } /* Even this should take children into consideration */ - function build_rules($default = false) { + function build_rules(&$default = false) { $pfq_rule = "queue ". $this->qname; if ($this->GetInterface()) $pfq_rule .= " on ".get_real_interface($this->GetInterface()); @@ -2288,7 +2288,7 @@ class cbq_queue extends priq_queue { } $pfq_rule .= " } \n"; foreach ($this->subqueues as $q) - $pfq_rule .= $q->build_rules(&$default); + $pfq_rule .= $q->build_rules($default); } $pfq_rule .= " \n"; @@ -2502,7 +2502,7 @@ class fairq_queue extends priq_queue { } /* Even this should take children into consideration */ - function build_rules($default = false) { + function build_rules(&$default = false) { $pfq_rule = "queue ". $this->qname; if ($this->GetInterface()) $pfq_rule .= " on ".get_real_interface($this->GetInterface()); diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index e4b49ec..caf8006 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -37,7 +37,7 @@ pfSense_BUILDER_BINARIES: /usr/bin/killall /usr/local/sbin/sasyncd /sbin/ifconfig /sbin/sysctl pfSense_BUILDER_BINARIES: /usr/local/sbin/setkey /usr/bin/netstat /sbin/route /bin/mkdir pfSense_BUILDER_BINARIES: /usr/local/sbin/racoonctl /usr/local/sbin/racoon - pfSense_BUILDER_BINARIES: /usr/local/sbin/dnswatch /usr/local/sbin/mpd4 + pfSense_BUILDER_BINARIES: /usr/local/sbin/filterdns /usr/local/sbin/mpd4 pfSense_MODULE: vpn */ @@ -103,7 +103,7 @@ function vpn_ipsec_configure($ipchg = false) /* kill racoon */ if(is_process_running("racoon")) mwexec("/usr/bin/killall racoon", true); - killbypid("{$g['varrun_path']}/dnswatch-ipsec.pid"); + killbypid("{$g['varrun_path']}/filterdns-ipsec.pid"); /* wait for racoon process to die */ sleep(2); @@ -133,7 +133,7 @@ function vpn_ipsec_configure($ipchg = false) /* resolve all local, peer addresses and setup pings */ $ipmap = array(); $rgmap = array(); - $dnswatch_list = array(); + $filterdns_list = array(); if (is_array($a_phase1) && count($a_phase1)) { /* step through each phase1 entry */ @@ -149,7 +149,7 @@ function vpn_ipsec_configure($ipchg = false) $ipmap[] = $ep; /* see if this tunnel has a hostname for the remote-gateway. If so, - try to resolve it now and add it to the list for dnswatch */ + try to resolve it now and add it to the list for filterdns */ if (isset ($ph1ent['mobile'])) continue; @@ -157,7 +157,7 @@ function vpn_ipsec_configure($ipchg = false) $rg = $ph1ent['remote-gateway']; if (!is_ipaddr($rg)) { - $dnswatch_list[] = "{$rg}=value"; + $filterdns_list[] = "{$rg}"; add_hostname_to_watch($rg); $rg = resolve_retry($rg); if (!$rg) @@ -897,19 +897,20 @@ EOD; /* load SPD */ mwexec("/usr/local/sbin/setkey -f {$g['varetc_path']}/spd.conf", false); - /* start dnswatch, if necessary */ - if (count($dnswatch_list) > 0) { + /* start filterdns, if necessary */ + if (count($filterdns_list) > 0) { $interval = 60; if (!empty($ipseccfg['dns-interval']) && is_numeric($ipseccfg['dns-interval'])) $interval = $ipseccfg['dns-interval']; $hostnames = ""; - array_unique($dnswatch_list); - $hostnames = implode("\n", $dnswatch_list); - file_put_contents("{$g['varetc_path']}/dnswatch-ipsec.hosts", $hostnames); + array_unique($filterdns_list); + foreach ($filterdns_list as $hostname) + $hostnames .= "cmd {$hostname} '/etc/rc.newipsecdns'\n"; + file_put_contents("{$g['varetc_path']}/filterdns-ipsec.hosts", $hostnames); - killbypid("{$g['varrun_path']}/dnswatch-ipsec.pid"); - mwexec("/usr/local/sbin/dnswatch {$g['varrun_path']}/dnswatch-ipsec.pid $interval /etc/rc.newipsecdns {$g['varetc_path']}/dnswatch-ipsec.hosts"); + killbypid("{$g['varrun_path']}/filterdns-ipsec.pid"); + mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns-ipsec.pid -i {$interval} -c {$g['varetc_path']}/filterdns-ipsec.hosts -d 1"); } } @@ -1674,7 +1675,7 @@ function reload_tunnel_spd_policy($phase1, $phase2, $old_phase1, $old_phase2) { $old_remote_subnet = ipsec_idinfo_to_cidr($old_phase2['remoteid']); /* see if this tunnel has a hostname for the remote-gateway, and if so, - * try to resolve it now and add it to the list for dnswatch */ + * try to resolve it now and add it to the list for filterdns */ if (!is_ipaddr($phase1['remote-gateway'])) { $rgip = resolve_retry($phase1['remote-gateway']); add_hostname_to_watch($phase1['remote-gateway']); @@ -25,6 +25,12 @@ PLATFORM=`/bin/cat /etc/platform` # Set our current version version=`/bin/cat /etc/version` +# Setup dumpdev/ddb/savecore" +echo "Configuring crash dumps..." +if [ "$PLATFORM" = "pfSense" ]; then + /etc/rc.dumpon +fi + # Mount memory file system if it exists echo "Mounting filesystems..." @@ -110,9 +116,9 @@ elif [ "$PLATFORM" = "nanobsd" ] ; then /bin/rm -rf /var/db/pkg /bin/ln -s /root/var/db/pkg/ /var/db/pkg else - /etc/rc.dumpon SWAPDEVICE=`/bin/cat /etc/fstab | /usr/bin/grep swap | /usr/bin/cut -f1` /sbin/swapon -a 2>/dev/null >/dev/null + /etc/rc.savecore fi if [ "$PLATFORM" = "cdrom" ] ; then diff --git a/etc/rc.dumpon b/etc/rc.dumpon index 7e72a73..fad1a82 100755 --- a/etc/rc.dumpon +++ b/etc/rc.dumpon @@ -1,7 +1,6 @@ #!/bin/sh # Based on: # FreeBSD: src/etc/rc.d/dumpon,v 1.12.2.1.4.1 2010/06/14 02:09:06 kensmith Exp -# FreeBSD: src/etc/rc.d/savecore,v 1.16.2.2.4.1 2010/06/14 02:09:06 kensmith Exp # dumpon @@ -34,24 +33,3 @@ fi if [ ! -z "`sysctl -Nq debug.ddb.scripting.scripts`" ]; then /sbin/ddb /etc/ddb.conf fi - -# savecore - -dumpdev=`/bin/realpath /dev/dumpdev` -dumpdir='/var/crash' - -if [ ! -c "${dumpdev}" ]; then - echo "Dump device does not exist. Savecore not run." - exit -fi - -if [ ! -d "${dumpdir}" ]; then - echo "Dump directory does not exist. Savecore not run." - exit -fi - -if savecore -C "${dumpdir}" "${dumpdev}" >/dev/null; then - savecore ${dumpdir} ${dumpdev} -else - echo 'No core dumps found.' -fi diff --git a/etc/rc.initial.setlanip b/etc/rc.initial.setlanip index 1aacfb1..c1f6ddc 100755 --- a/etc/rc.initial.setlanip +++ b/etc/rc.initial.setlanip @@ -139,6 +139,7 @@ $config['interfaces'][$interface]['ipaddr'] = $intip; $config['interfaces'][$interface]['subnet'] = $intbits; + $config['interfaces'][$interface]['enable'] = true; if($g['services_dhcp_server_enable']) $yn = prompt_for_enable_dhcp_server(); @@ -257,4 +258,4 @@ fgets($fp); fclose($fp); -?>
\ No newline at end of file +?> diff --git a/etc/rc.linkup b/etc/rc.linkup index 997228f..2e8bbcd 100755 --- a/etc/rc.linkup +++ b/etc/rc.linkup @@ -43,6 +43,7 @@ function handle_argument_group($iface, $argument2) { if (is_ipaddr($ipaddr) || empty($ipaddr)) { log_error("Hotplug event detected for {$iface} but ignoring since interface is configured with static IP ({$ipaddr})"); $iface = get_real_interface($iface); + interfaces_bring_up($iface); exec("/usr/sbin/arp -d -i {$iface} -a"); } else { switch ($argument2) { diff --git a/etc/rc.newipsecdns b/etc/rc.newipsecdns index 9239428..3061f16 100755 --- a/etc/rc.newipsecdns +++ b/etc/rc.newipsecdns @@ -45,7 +45,7 @@ log_error("IPSEC: One or more IPSEC tunnel endpoints has changed IP. Refreshing."); /* We will walk the list of hostnames found in the ipsec tunnel - * configuration. Since we are already triggered by dnswatch + * configuration. Since we are already triggered by filterdns * that a hostname has changed we can proceed to compare the * new IP address with the old address from the DNS cache. */ diff --git a/etc/rc.savecore b/etc/rc.savecore new file mode 100755 index 0000000..8685330 --- /dev/null +++ b/etc/rc.savecore @@ -0,0 +1,22 @@ +#!/bin/sh +# Based on: +# FreeBSD: src/etc/rc.d/savecore,v 1.16.2.2.4.1 2010/06/14 02:09:06 kensmith Exp + +dumpdev=`/bin/realpath /dev/dumpdev` +dumpdir='/var/crash' + +if [ ! -c "${dumpdev}" ]; then + echo "Dump device does not exist. Savecore not run." + exit +fi + +if [ ! -d "${dumpdir}" ]; then + echo "Dump directory does not exist. Savecore not run." + exit +fi + +if savecore -C "${dumpdir}" "${dumpdev}" >/dev/null; then + savecore ${dumpdir} ${dumpdev} +else + echo 'No core dumps found.' +fi |
