diff options
author | gnhb <gnoahb@gmail.com> | 2010-06-16 22:13:23 +0700 |
---|---|---|
committer | gnhb <gnoahb@gmail.com> | 2010-06-16 22:13:23 +0700 |
commit | 4a1779a90e0e831c380bbc10886b4138a106c37a (patch) | |
tree | db20c2833bb0ae8929e99358d9309e5ecdcc20b6 /etc | |
parent | 59db783acd71b6663758d7a64f85395851e5c889 (diff) | |
parent | 53824804f4c5ffb3c75838bf8235b979dfb650f5 (diff) | |
download | pfsense-4a1779a90e0e831c380bbc10886b4138a106c37a.zip pfsense-4a1779a90e0e831c380bbc10886b4138a106c37a.tar.gz |
Merge branch 'master' of rcs.pfsense.org:pfsense/mainline
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 19 | ||||
-rw-r--r-- | etc/inc/filter_log.inc | 2 | ||||
-rw-r--r-- | etc/inc/gwlb.inc | 4 | ||||
-rw-r--r-- | etc/inc/interfaces.inc | 48 | ||||
-rw-r--r-- | etc/inc/shaper.inc | 2 | ||||
-rw-r--r-- | etc/inc/vpn.inc | 40 |
6 files changed, 52 insertions, 63 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 0bbcf58..7ef9f32 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1057,7 +1057,7 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = " } function filter_nat_rules_generate() { - global $config, $g, $after_filter_configure_run, $FilterIflist; + global $config, $g, $after_filter_configure_run, $FilterIflist, $GatewaysList; $natrules = "nat-anchor \"natearly/*\"\n"; @@ -1145,16 +1145,13 @@ function filter_nat_rules_generate() { if(is_array($config['staticroutes']['route'])) { foreach ($config['staticroutes']['route'] as $route) { $netip = explode("/", $route['network']); - if(is_array($config['gateways']['gateway_item'])) { - foreach($config['gateways']['gateway_item'] as $gateway) { - if($route['gateway'] == $gateway['name']) { - $gatewayip = $gateway['gateway']; - $interfacegw = $gateway['interface']; - if((! interface_has_gateway($gateway['interface'])) && (is_private_ip($netip[0]))) { - $numberofnathosts++; - $tonathosts .= "{$route['network']} "; - } - } + if (isset($GatewaysList[$route['gateway']])) { + $gateway =& $GatewaysList[$route['gateway']]; + $gatewayip = $gateway['gateway']; + $interfacegw = $gateway['interface']; + if(!interface_has_gateway($gateway['interface']) && is_private_ip($netip[0])) { + $numberofnathosts++; + $tonathosts .= "{$route['network']} "; } } } diff --git a/etc/inc/filter_log.inc b/etc/inc/filter_log.inc index 3005d8c..f5eb3af 100644 --- a/etc/inc/filter_log.inc +++ b/etc/inc/filter_log.inc @@ -150,6 +150,8 @@ function parse_filter_line($line) { if ($flent['proto'] == "TCP") { $flags = split('[\, ]', $leftovers); $flent['tcpflags'] = str_replace(".", "A", substr($flags[1], 1, -1)); + } elseif ($flent['proto'] == "Options") { + $flent['proto'] = "none"; } /* If there is a src, a dst, and a time, then the line should be usable/good */ diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index 4e19e2b..268d94c 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -395,7 +395,7 @@ function return_gateway_groups_array() { } else { $tiers[$tier][] = $gwname; } - } elseif ($status['status'] == "none")) { + } elseif ($status['status'] == "none") { /* Online add member */ $tiers[$tier][] = $gwname; } @@ -480,7 +480,7 @@ function lookup_gateway_monitor_ip_by_name($name) { $gateway['monitor'] = "127.0.0.2"; $monitorip = $gateway['monitor']; - if($monitorip == "") + if(!is_ipaddr($monitorip)) $monitorip = $gateway['gateway']; return ($monitorip); diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 84e1376..e28ec51 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -775,9 +775,13 @@ function interface_reconfigure($interface = "wan") { } function interface_vip_bring_down(&$vip) { + global $g; + switch ($vip['mode']) { case "proxyarp": - interface_proxyarp_configure(); + $vipif = get_real_interface($vip['interface']); + if (file_exists("{$g['varrun_path']}/choparp_{$vipif}.pid")) + killbypid("{$g['varrun_path']}/choparp_{$vipif}.pid"); break; case "ipalias": $vipif = get_real_interface($vip['interface']); @@ -812,9 +816,18 @@ function interface_bring_down($interface = "wan", $destroy = false) { case "pppoe": case "pptp": case "l2tp": - killbypid("{$g['varrun_path']}/{$ifcfg['ipaddr']}_{$interface}.pid"); - sleep(2); - unlink_if_exists("{$g['varetc_path']}/mpd_{$interface}.conf"); + if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { + foreach ($config['ppps']['ppp'] as $pppid => $ppp) { + if ($realif == $ppp['if']) { + if (!isset($ppp['ondemand'])) { + killbypid("{$g['varrun_path']}/{$ifcfg['ipaddr']}_{$interface}.pid"); + sleep(2); + unlink_if_exists("{$g['varetc_path']}/mpd_{$interface}.conf"); + } + break; + } + } + } break; case "carpdev-dhcp": /* @@ -1461,7 +1474,7 @@ function interfaces_carp_setup() { } } -function interface_proxyarp_configure() { +function interface_proxyarp_configure($interface = "") { global $config, $g; if(isset($config['system']['developerspew'])) { $mt = microtime(); @@ -1469,7 +1482,8 @@ function interface_proxyarp_configure() { } /* kill any running choparp */ - killbyname("choparp"); + if (empty($interface)) + killbyname("choparp"); if (isset($config['virtualip']) && is_array($config['virtualip']['vip'])) { $paa = array(); @@ -1487,26 +1501,38 @@ function interface_proxyarp_configure() { $paa[$proxyif][] = $vipent; } + } } - if (count($paa)) + if (!empty($interface)) { + if (is_array($paa[$interface])) { + $paaifip = get_interface_ip($interface); + if (!is_ipaddr($paaifip)) + return; + $args = get_real_interface($interface) . " auto"; + foreach ($paa[$interface] as $paent) { + if (isset($paent['subnet'])) + $args .= " " . escapeshellarg("{$paent['subnet']}/{$paent['subnet_bits']}"); + else if (isset($paent['range'])) + $args .= " " . escapeshellarg($paent['range']['from'] . "-" . $paent['range']['to']); + } + mwexec_bg("/usr/local/sbin/choparp " . $args); + } + } else if (count($paa)) { foreach ($paa as $paif => $paents) { $paaifip = get_interface_ip($paif); if (!(is_ipaddr($paaifip))) continue; $args = get_real_interface($paif) . " auto"; foreach ($paents as $paent) { - if (isset($paent['subnet'])) $args .= " " . escapeshellarg("{$paent['subnet']}/{$paent['subnet_bits']}"); else if (isset($paent['range'])) - $args .= " " . escapeshellarg($paent['range']['from'] . "-" . - $paent['range']['to']); + $args .= " " . escapeshellarg($paent['range']['from'] . "-" . $paent['range']['to']); } mwexec_bg("/usr/local/sbin/choparp " . $args); } } - } function interfaces_vips_configure($interface = "") { diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index c6e19d3..0729557 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -2622,7 +2622,7 @@ class fairq_queue extends priq_queue { /* - * XXX: TODO Link dummynet(4) in the system. + * dummynet(4) wrappers. */ diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index a98969d..8a2bb85 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -78,29 +78,10 @@ function vpn_ipsec_failover_configure() { } } -function find_last_gif_device() { - $last_gif_found = -1; - $regs = ""; - if (!($fp = popen("/sbin/ifconfig -l", "r"))) - return -1; - $ifconfig_data = fread($fp, 4096); - pclose($fp); - $ifconfig_array = split(" ", $ifconfig_data); - foreach ($ifconfig_array as $ifconfig) { - ereg("gif(.)", $ifconfig, $regs); - if ($regs[0] && $regs[0] > $last_gif_found) { - $last_gif_found = $regs[1]; - } - } - return $last_gif_found; -} - function vpn_ipsec_configure($ipchg = false) { global $config, $g, $sa, $sn, $p1_ealgos, $p2_ealgos; - mwexec("/sbin/ifconfig enc0 up"); - /* get the automatic ping_hosts.sh ready */ unlink_if_exists("{$g['vardb_path']}/ipsecpinghosts"); touch("{$g['vardb_path']}/ipsecpinghosts"); @@ -110,10 +91,6 @@ function vpn_ipsec_configure($ipchg = false) else mwexec("/sbin/sysctl net.key.preferred_oldsa=0"); - $number_of_gifs = find_last_gif_device(); - for ($x = 0; $x < $number_of_gifs; $x++) - mwexec("/sbin/ifconfig gif" . $x . " delete"); - $syscfg = $config['system']; $ipseccfg = $config['ipsec']; $a_phase1 = $config['ipsec']['phase1']; @@ -146,6 +123,8 @@ function vpn_ipsec_configure($ipchg = false) return true; } else { + mwexec("/sbin/ifconfig enc0 up"); + if ($g['booting']) echo "Configuring IPsec VPN... "; @@ -803,21 +782,6 @@ EOD; $localid = ipsec_idinfo_to_cidr($ph2ent['localid'],true); $remoteid = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true); - if (isset ($ph2ent['creategif'])) { - $number_of_gifs = find_last_gif_device(); - $number_of_gifs++; - $curwanip = get_interface_ip(); - if ($config['installedpackages']['sasyncd']['config'] <> "") { - foreach ($config['installedpackages']['sasyncd']['config'] as $sasyncd) { - if ($sasyncd['ip'] <> "") - $curwanip = $sasyncd['ip']; - } - } - mwexec("/sbin/ifconfig gif" . $number_of_gifs . " tunnel" . $curwanip . " " . $rgip); - if ($config['interfaces']['lan']) - mwexec("/sbin/ifconfig gif" . $number_of_gifs . " {$lansa}/{$lansn} {$lanip}/32"); - } - if($ph2ent['mode'] == "tunnel") { $spdconf .= "spdadd {$localid} {$remoteid} any -P out ipsec " . |