summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorgnhb <gnoahb@gmail.com>2010-06-16 22:13:23 +0700
committergnhb <gnoahb@gmail.com>2010-06-16 22:13:23 +0700
commit4a1779a90e0e831c380bbc10886b4138a106c37a (patch)
treedb20c2833bb0ae8929e99358d9309e5ecdcc20b6 /etc
parent59db783acd71b6663758d7a64f85395851e5c889 (diff)
parent53824804f4c5ffb3c75838bf8235b979dfb650f5 (diff)
downloadpfsense-4a1779a90e0e831c380bbc10886b4138a106c37a.zip
pfsense-4a1779a90e0e831c380bbc10886b4138a106c37a.tar.gz
Merge branch 'master' of rcs.pfsense.org:pfsense/mainline
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/filter.inc19
-rw-r--r--etc/inc/filter_log.inc2
-rw-r--r--etc/inc/gwlb.inc4
-rw-r--r--etc/inc/interfaces.inc48
-rw-r--r--etc/inc/shaper.inc2
-rw-r--r--etc/inc/vpn.inc40
6 files changed, 52 insertions, 63 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 0bbcf58..7ef9f32 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1057,7 +1057,7 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "
}
function filter_nat_rules_generate() {
- global $config, $g, $after_filter_configure_run, $FilterIflist;
+ global $config, $g, $after_filter_configure_run, $FilterIflist, $GatewaysList;
$natrules = "nat-anchor \"natearly/*\"\n";
@@ -1145,16 +1145,13 @@ function filter_nat_rules_generate() {
if(is_array($config['staticroutes']['route'])) {
foreach ($config['staticroutes']['route'] as $route) {
$netip = explode("/", $route['network']);
- if(is_array($config['gateways']['gateway_item'])) {
- foreach($config['gateways']['gateway_item'] as $gateway) {
- if($route['gateway'] == $gateway['name']) {
- $gatewayip = $gateway['gateway'];
- $interfacegw = $gateway['interface'];
- if((! interface_has_gateway($gateway['interface'])) && (is_private_ip($netip[0]))) {
- $numberofnathosts++;
- $tonathosts .= "{$route['network']} ";
- }
- }
+ if (isset($GatewaysList[$route['gateway']])) {
+ $gateway =& $GatewaysList[$route['gateway']];
+ $gatewayip = $gateway['gateway'];
+ $interfacegw = $gateway['interface'];
+ if(!interface_has_gateway($gateway['interface']) && is_private_ip($netip[0])) {
+ $numberofnathosts++;
+ $tonathosts .= "{$route['network']} ";
}
}
}
diff --git a/etc/inc/filter_log.inc b/etc/inc/filter_log.inc
index 3005d8c..f5eb3af 100644
--- a/etc/inc/filter_log.inc
+++ b/etc/inc/filter_log.inc
@@ -150,6 +150,8 @@ function parse_filter_line($line) {
if ($flent['proto'] == "TCP") {
$flags = split('[\, ]', $leftovers);
$flent['tcpflags'] = str_replace(".", "A", substr($flags[1], 1, -1));
+ } elseif ($flent['proto'] == "Options") {
+ $flent['proto'] = "none";
}
/* If there is a src, a dst, and a time, then the line should be usable/good */
diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc
index 4e19e2b..268d94c 100644
--- a/etc/inc/gwlb.inc
+++ b/etc/inc/gwlb.inc
@@ -395,7 +395,7 @@ function return_gateway_groups_array() {
} else {
$tiers[$tier][] = $gwname;
}
- } elseif ($status['status'] == "none")) {
+ } elseif ($status['status'] == "none") {
/* Online add member */
$tiers[$tier][] = $gwname;
}
@@ -480,7 +480,7 @@ function lookup_gateway_monitor_ip_by_name($name) {
$gateway['monitor'] = "127.0.0.2";
$monitorip = $gateway['monitor'];
- if($monitorip == "")
+ if(!is_ipaddr($monitorip))
$monitorip = $gateway['gateway'];
return ($monitorip);
diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc
index 84e1376..e28ec51 100644
--- a/etc/inc/interfaces.inc
+++ b/etc/inc/interfaces.inc
@@ -775,9 +775,13 @@ function interface_reconfigure($interface = "wan") {
}
function interface_vip_bring_down(&$vip) {
+ global $g;
+
switch ($vip['mode']) {
case "proxyarp":
- interface_proxyarp_configure();
+ $vipif = get_real_interface($vip['interface']);
+ if (file_exists("{$g['varrun_path']}/choparp_{$vipif}.pid"))
+ killbypid("{$g['varrun_path']}/choparp_{$vipif}.pid");
break;
case "ipalias":
$vipif = get_real_interface($vip['interface']);
@@ -812,9 +816,18 @@ function interface_bring_down($interface = "wan", $destroy = false) {
case "pppoe":
case "pptp":
case "l2tp":
- killbypid("{$g['varrun_path']}/{$ifcfg['ipaddr']}_{$interface}.pid");
- sleep(2);
- unlink_if_exists("{$g['varetc_path']}/mpd_{$interface}.conf");
+ if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) {
+ foreach ($config['ppps']['ppp'] as $pppid => $ppp) {
+ if ($realif == $ppp['if']) {
+ if (!isset($ppp['ondemand'])) {
+ killbypid("{$g['varrun_path']}/{$ifcfg['ipaddr']}_{$interface}.pid");
+ sleep(2);
+ unlink_if_exists("{$g['varetc_path']}/mpd_{$interface}.conf");
+ }
+ break;
+ }
+ }
+ }
break;
case "carpdev-dhcp":
/*
@@ -1461,7 +1474,7 @@ function interfaces_carp_setup() {
}
}
-function interface_proxyarp_configure() {
+function interface_proxyarp_configure($interface = "") {
global $config, $g;
if(isset($config['system']['developerspew'])) {
$mt = microtime();
@@ -1469,7 +1482,8 @@ function interface_proxyarp_configure() {
}
/* kill any running choparp */
- killbyname("choparp");
+ if (empty($interface))
+ killbyname("choparp");
if (isset($config['virtualip']) && is_array($config['virtualip']['vip'])) {
$paa = array();
@@ -1487,26 +1501,38 @@ function interface_proxyarp_configure() {
$paa[$proxyif][] = $vipent;
}
+ }
}
- if (count($paa))
+ if (!empty($interface)) {
+ if (is_array($paa[$interface])) {
+ $paaifip = get_interface_ip($interface);
+ if (!is_ipaddr($paaifip))
+ return;
+ $args = get_real_interface($interface) . " auto";
+ foreach ($paa[$interface] as $paent) {
+ if (isset($paent['subnet']))
+ $args .= " " . escapeshellarg("{$paent['subnet']}/{$paent['subnet_bits']}");
+ else if (isset($paent['range']))
+ $args .= " " . escapeshellarg($paent['range']['from'] . "-" . $paent['range']['to']);
+ }
+ mwexec_bg("/usr/local/sbin/choparp " . $args);
+ }
+ } else if (count($paa)) {
foreach ($paa as $paif => $paents) {
$paaifip = get_interface_ip($paif);
if (!(is_ipaddr($paaifip)))
continue;
$args = get_real_interface($paif) . " auto";
foreach ($paents as $paent) {
-
if (isset($paent['subnet']))
$args .= " " . escapeshellarg("{$paent['subnet']}/{$paent['subnet_bits']}");
else if (isset($paent['range']))
- $args .= " " . escapeshellarg($paent['range']['from'] . "-" .
- $paent['range']['to']);
+ $args .= " " . escapeshellarg($paent['range']['from'] . "-" . $paent['range']['to']);
}
mwexec_bg("/usr/local/sbin/choparp " . $args);
}
}
-
}
function interfaces_vips_configure($interface = "") {
diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc
index c6e19d3..0729557 100644
--- a/etc/inc/shaper.inc
+++ b/etc/inc/shaper.inc
@@ -2622,7 +2622,7 @@ class fairq_queue extends priq_queue {
/*
- * XXX: TODO Link dummynet(4) in the system.
+ * dummynet(4) wrappers.
*/
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index a98969d..8a2bb85 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -78,29 +78,10 @@ function vpn_ipsec_failover_configure() {
}
}
-function find_last_gif_device() {
- $last_gif_found = -1;
- $regs = "";
- if (!($fp = popen("/sbin/ifconfig -l", "r")))
- return -1;
- $ifconfig_data = fread($fp, 4096);
- pclose($fp);
- $ifconfig_array = split(" ", $ifconfig_data);
- foreach ($ifconfig_array as $ifconfig) {
- ereg("gif(.)", $ifconfig, $regs);
- if ($regs[0] && $regs[0] > $last_gif_found) {
- $last_gif_found = $regs[1];
- }
- }
- return $last_gif_found;
-}
-
function vpn_ipsec_configure($ipchg = false)
{
global $config, $g, $sa, $sn, $p1_ealgos, $p2_ealgos;
- mwexec("/sbin/ifconfig enc0 up");
-
/* get the automatic ping_hosts.sh ready */
unlink_if_exists("{$g['vardb_path']}/ipsecpinghosts");
touch("{$g['vardb_path']}/ipsecpinghosts");
@@ -110,10 +91,6 @@ function vpn_ipsec_configure($ipchg = false)
else
mwexec("/sbin/sysctl net.key.preferred_oldsa=0");
- $number_of_gifs = find_last_gif_device();
- for ($x = 0; $x < $number_of_gifs; $x++)
- mwexec("/sbin/ifconfig gif" . $x . " delete");
-
$syscfg = $config['system'];
$ipseccfg = $config['ipsec'];
$a_phase1 = $config['ipsec']['phase1'];
@@ -146,6 +123,8 @@ function vpn_ipsec_configure($ipchg = false)
return true;
} else {
+ mwexec("/sbin/ifconfig enc0 up");
+
if ($g['booting'])
echo "Configuring IPsec VPN... ";
@@ -803,21 +782,6 @@ EOD;
$localid = ipsec_idinfo_to_cidr($ph2ent['localid'],true);
$remoteid = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true);
- if (isset ($ph2ent['creategif'])) {
- $number_of_gifs = find_last_gif_device();
- $number_of_gifs++;
- $curwanip = get_interface_ip();
- if ($config['installedpackages']['sasyncd']['config'] <> "") {
- foreach ($config['installedpackages']['sasyncd']['config'] as $sasyncd) {
- if ($sasyncd['ip'] <> "")
- $curwanip = $sasyncd['ip'];
- }
- }
- mwexec("/sbin/ifconfig gif" . $number_of_gifs . " tunnel" . $curwanip . " " . $rgip);
- if ($config['interfaces']['lan'])
- mwexec("/sbin/ifconfig gif" . $number_of_gifs . " {$lansa}/{$lansn} {$lanip}/32");
- }
-
if($ph2ent['mode'] == "tunnel") {
$spdconf .= "spdadd {$localid} {$remoteid} any -P out ipsec " .
OpenPOWER on IntegriCloud