Make initial changes to allow pfSense to work in a jail.

This mostly avoids starting things that will not work and gets the
initial config. Most of the pfSense functionality will not work
(pf rules, routing, etc) but it can be used for testing.

10 files changed, 126 insertions, 43 deletions

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 3809a2f..7cf320e 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -118,6 +118,8 @@ function filter_load_ipfw() {
 
 function filter_pflog_start() {
 	global $config, $g;
+	if ($g['platform'] == 'jail')
+		return;
 	if(isset($config['system']['developerspew'])) {
 		$mt = microtime();
 		echo "filter_pflog_start() being called $mt\n";
diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc
index 2228749..cb5bef3 100644
--- a/etc/inc/interfaces.inc
+++ b/etc/inc/interfaces.inc
@@ -205,6 +205,10 @@ This block of code is only entered for OPTx interfaces that are configured for P
 }
 
 function interfaces_loopback_configure() {
+	global $g;
+
+	if ($g['platform'] == 'jail')
+		return;
 	if($g['booting'])
 		echo gettext("Configuring loopback interface...");
 	pfSense_interface_setaddress("lo0", "127.0.0.1");
@@ -876,6 +880,9 @@ function interface_gif_configure(&$gif, $gifkey = "") {
 function interfaces_configure() {
 	global $config, $g;
 
+	if ($g['platform'] == 'jail')
+		return;
+
 	/* Set up our loopback interface */
 	interfaces_loopback_configure();
 
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index 53f4a74..80b65a9 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -722,6 +722,8 @@ function openvpn_resync($mode, $settings) {
 function openvpn_resync_all($interface = "") {
 	global $g, $config;
 
+	if ($g['platform'] == 'jail')
+		return;
 	// delay our setup until the system
 	// has a chance to init our paths
 	if (!file_exists($g['varetc_path']."/openvpn") ||
diff --git a/etc/inc/services.inc b/etc/inc/services.inc
index af98232..311af1b 100644
--- a/etc/inc/services.inc
+++ b/etc/inc/services.inc
@@ -43,6 +43,9 @@
 function services_rtadvd_configure() {
 	global $config, $g;
 	
+	if ($g['platform'] == 'jail') 
+		return;
+
 	if(isset($config['system']['developerspew'])) {
 		$mt = microtime();
 		echo "services_rtadvd_configure() being called $mt\n";
@@ -915,6 +918,8 @@ EOD;
 
 function services_dhcrelay_configure() {
 	global $config, $g;
+	if ($g['platform'] == 'jail')
+		return;
 	if(isset($config['system']['developerspew'])) {
 		$mt = microtime();
 		echo "services_dhcrelay_configure() being called $mt\n";
@@ -1405,7 +1410,7 @@ EOD;
 
 function setup_wireless_olsr() {
 	global $config, $g;
-	if(!$config['installedpackages']['olsrd'] || !$config['installedpackages'])
+	if ($g['platform'] == 'jail' || !$config['installedpackages']['olsrd'] || !$config['installedpackages'])
 		return;
 	if(isset($config['system']['developerspew'])) {
 		$mt = microtime();
diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index 7779fde..e3a4558 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -40,6 +40,8 @@
 
 function activate_powerd() {
 	global $config, $g;
+	if ($g['platform'] == 'jail')
+		return;
 	if(isset($config['system']['powerd_enable'])) {
 		if ($g["platform"] == "nanobsd")
 			exec("/sbin/kldload cpufreq");
@@ -59,6 +61,8 @@ function get_default_sysctl_value($id) {
 
 function activate_sysctls() {
 	global $config, $g;
+	if ($g['platform'] == 'jail')
+		return;
 	exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000001");
 	exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x00000001");
 	exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000002");
@@ -285,6 +289,8 @@ function system_hosts_generate() {
 function system_dhcpleases_configure() {
 	global $config, $g;
 	
+	if ($g['platform'] == 'jail')
+		return;
 	/* Start the monitoring process for dynamic dhcpclients. */
 	if (isset($config['dnsmasq']['regdhcp'])) {
 		/* Make sure we do not error out */
@@ -320,6 +326,8 @@ function system_hostname_configure() {
 
 function system_routing_configure($interface = "") {
 	global $config, $g;
+	if ($g['platform'] == 'jail')
+		return;
 	if(isset($config['system']['developerspew'])) {
 		$mt = microtime();
 		echo "system_routing_configure() being called $mt\n";
@@ -1230,6 +1238,9 @@ function system_timezone_configure() {
 function system_ntp_configure() {
 	global $config, $g;
 
+	if ($g['platform'] == 'jail')
+		return;
+
 	$ntpcfg = "# \n";
 	$ntpcfg .= "# pfSense OpenNTPD configuration file \n";
 	$ntpcfg .= "# \n\n";
diff --git a/etc/inc/util.inc b/etc/inc/util.inc
index 4831c13..94f1205 100644
--- a/etc/inc/util.inc
+++ b/etc/inc/util.inc
@@ -1307,8 +1307,11 @@ function mute_kernel_msgs() {
 	global $config;
 	// Do not mute serial console.  The kernel gets very very cranky
 	// and will start dishing you cannot control tty errors.
-	if(trim(file_get_contents("/etc/platform")) == "nanobsd") 
-		return;
+	switch (trim(file_get_contents("/etc/platform"))) {
+		case "nanobsd":
+		case "jail":
+			return;
+	}
 	if($config['system']['enableserial']) 
 		return;			
 	exec("/sbin/conscontrol mute on");
@@ -1318,14 +1321,19 @@ function unmute_kernel_msgs() {
 	global $config;
 	// Do not mute serial console.  The kernel gets very very cranky
 	// and will start dishing you cannot control tty errors.
-	if(trim(file_get_contents("/etc/platform")) == "nanobsd") 
-		return;
+	switch (trim(file_get_contents("/etc/platform"))) {
+		case "nanobsd":
+		case "jail":
+			return;
+	}
 	exec("/sbin/conscontrol mute off");
 }
 
 function start_devd() {
 	global $g;
 
+	if ($g['platform'] == 'jail')
+		return;
 	exec("/sbin/devd");
 	sleep(1);
 }
@@ -1592,4 +1600,4 @@ function array_merge_recursive_unique($array0, $array1) {
 	return $result;
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 59e6d78..99eecab 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -82,6 +82,8 @@ function vpn_ipsec_configure($ipchg = false)
 {
 	global $config, $g, $sa, $sn, $p1_ealgos, $p2_ealgos;
 
+	if ($g['platform'] == 'jail')
+		return;
 	/* get the automatic ping_hosts.sh ready */
 	unlink_if_exists("{$g['vardb_path']}/ipsecpinghosts");
 	touch("{$g['vardb_path']}/ipsecpinghosts");
@@ -1011,6 +1013,11 @@ function vpn_ipsec_force_reload() {
 
 /* master setup for vpn (mpd) */
 function vpn_setup() {
+	global $g;
+
+	if ($g['platform'] == 'jail')
+		return;
+
 	/* start pptpd */
 	vpn_pptpd_configure();
 
diff --git a/etc/rc b/etc/rc
index 0070dff..d8fc9a5 100755
--- a/etc/rc
+++ b/etc/rc
@@ -80,12 +80,14 @@ if [ ! "$PLATFORM" = "cdrom" ] ; then
 	fi
 fi
 
-# Check to see if a compact flash mountpoint exists
-# If it fails to mount then run a fsck -fy
-if grep -q cf /etc/fstab; then
-	/sbin/mount -w /cf 2>/dev/null
-    /sbin/mount -uw /cf || \
-	(/sbin/umount /cf; /sbin/fsck -fy /cf; /sbin/mount -w /cf)
+if [ ! "$PLATFORM" = "jail" ]; then
+	# Check to see if a compact flash mountpoint exists
+	# If it fails to mount then run a fsck -fy
+	if grep -q cf /etc/fstab; then
+		/sbin/mount -w /cf 2>/dev/null
+		/sbin/mount -uw /cf || \
+			(/sbin/umount /cf; /sbin/fsck -fy /cf; /sbin/mount -w /cf)
+	fi
 fi
 
 # sync pw database after mount.
@@ -109,8 +111,10 @@ echo
 echo "Welcome to ${product} ${version} ${platformbanner} ..."
 echo
 
-# Enable console output if its muted.
-/sbin/conscontrol mute off >/dev/null
+if [ ! "$PLATFORM" = "jail" ]; then
+	# Enable console output if its muted.
+	/sbin/conscontrol mute off >/dev/null
+fi
 
 if [ "$PLATFORM" = "cdrom" ] ; then
 	# do nothing for cdrom platform
@@ -121,6 +125,8 @@ elif [ "$PLATFORM" = "nanobsd" ] ; then
 	/bin/mkdir -p /root/var/db/pkg
 	/bin/rm -rf /var/db/pkg
 	/bin/ln -s /root/var/db/pkg/ /var/db/pkg
+elif [ "$PLATFORM" = "jail" ]; then
+	# do nothing for jail platform
 else
 	SWAPDEVICE=`/bin/cat /etc/fstab | /usr/bin/grep swap | /usr/bin/cut -f1`
 	/sbin/swapon -a 2>/dev/null >/dev/null
@@ -302,9 +308,11 @@ fi
 /bin/chmod 0600 /var/log/*.log
 
 echo -n "."
-DEVFS=`/sbin/mount | /usr/bin/grep devfs | /usr/bin/wc -l | /usr/bin/cut -d" " -f8`
-if [ "$DEVFS" = "0" ]; then
-    mount_devfs devfs /dev
+if [ ! "$PLATFORM" = "jail" ]; then
+	DEVFS=`/sbin/mount | /usr/bin/grep devfs | /usr/bin/wc -l | /usr/bin/cut -d" " -f8`
+	if [ "$DEVFS" = "0" ]; then
+		mount_devfs devfs /dev
+	fi
 fi
 
 # Create an initial utmp file
@@ -318,18 +326,20 @@ if [ -f /etc/rc.conf ]; then
     /bin/rm -rf /etc/rc.conf
 fi
 
-# Launching kbdmux(4)
-if [ -f "/dev/kbdmux0" ]; then
-	echo -n "."
-	/usr/sbin/kbdcontrol -k /dev/kbdmux0 < /dev/console
-	[ -c "/dev/atkbd0" ] && kbdcontrol -a atkbd0 < /dev/console
-	[ -c "/dev/ukbd0" ] && kbdcontrol -a ukbd0 < /dev/console
-fi
+if [ ! "$PLATFORM" = "jail" ]; then
+	# Launching kbdmux(4)
+	if [ -f "/dev/kbdmux0" ]; then
+		echo -n "."
+		/usr/sbin/kbdcontrol -k /dev/kbdmux0 < /dev/console
+		[ -c "/dev/atkbd0" ] && kbdcontrol -a atkbd0 < /dev/console
+		[ -c "/dev/ukbd0" ] && kbdcontrol -a ukbd0 < /dev/console
+	fi
 
-# Fire up unionfs if mount points exist.
-if [ -f /dist/uniondirs ]; then
-	echo -n "."
-	/etc/rc.d/unionfs start
+	# Fire up unionfs if mount points exist.
+	if [ -f /dist/uniondirs ]; then
+		echo -n "."
+		/etc/rc.d/unionfs start
+	fi
 fi
 
 echo "done."
@@ -411,6 +421,6 @@ echo "Bootup complete"
 /usr/local/bin/beep.sh start 2>&1 >/dev/null
 
 # Reset the cache.  read-only requires this.
-/bin/rm /tmp/config.cache
+/bin/rm -f /tmp/config.cache
 
 exit 0
diff --git a/etc/rc.bootup b/etc/rc.bootup
index c1749cf..e224519 100755
--- a/etc/rc.bootup
+++ b/etc/rc.bootup
@@ -157,21 +157,48 @@ echo "Loading configuration...";
 parse_config_bootup();
 echo "done.\n";
 
-/*
- *  Determine if we need to throw a interface exception
- *  and ask the user to reassign interfaces.  This will
- *  avoid a reboot and thats a good thing.
- */
-while(is_interface_mismatch() == true) {
-	led_assigninterfaces();
-	echo "\nNetwork interface mismatch -- Running interface assignment option.\n";
-	$ifaces = get_interface_list();
-	if (is_array($ifaces)) {
-		foreach($ifaces as $iface => $ifdata)
-			interfaces_bring_up($iface);
+if($g['platform'] == "jail") {
+	/* We must determine what network settings have been configured for us */
+	$wanif = "lo0";	/* defaults, if the jail admin hasn't set us up */
+	$ipaddr = "127.0.0.1";
+	$iflist = get_interface_list();
+	foreach ($iflist as $iface => $ifa) {
+		if (isset($ifa['ipaddr'])) {
+			$wanif = $iface;
+			$ipaddr = $ifa['ipaddr'];
+			break;
+		}
+	}
+	$config['interfaces'] = array();
+	$config['interfaces']['lan'] = array();
+	$config['interfaces']['lan']['enable'] = false;
+	$config['interfaces']['wan'] = array();
+	/* XXX, todo */
+	$config['interfaces']['wan']['if'] = $wanif;
+	$config['interfaces']['wan']['ipaddr'] = $ipaddr;
+	$config['interfaces']['wan']['subnet'] = "32";	/* XXX right? */
+	$config['interfaces']['wan']['enable'] = true;
+	if($config['dhcpd']['lan']) 
+		unset($config['dhcpd']['lan']['enable']);
+	unlink_if_exists('/conf/trigger_initial_wizard');
+	write_config();
+} else {
+	/*
+	 *  Determine if we need to throw a interface exception
+	 *  and ask the user to reassign interfaces.  This will
+	 *  avoid a reboot and thats a good thing.
+	 */
+	while(is_interface_mismatch() == true) {
+		led_assigninterfaces();
+		echo "\nNetwork interface mismatch -- Running interface assignment option.\n";
+		$ifaces = get_interface_list();
+		if (is_array($ifaces)) {
+			foreach($ifaces as $iface => $ifdata)
+				interfaces_bring_up($iface);
+		}
+		set_networking_interfaces_ports();
+		led_kitt();
 	}
-	set_networking_interfaces_ports();
-	led_kitt();
 }
 
 /* convert config and clean backups */
diff --git a/etc/rc.initial b/etc/rc.initial
index 9f2de7a..ef636b4 100755
--- a/etc/rc.initial
+++ b/etc/rc.initial
@@ -44,6 +44,10 @@ WORD="https"
 # Set our operating platform
 PLATFORM=`cat /etc/platform`
 
+if [ "$PLATFORM" = "jail" ]; then
+	exit
+fi
+
 # endless loop
 while : ; do