diff options
| author | Ermal Luçi <eri@pfsense.org> | 2008-09-10 13:15:59 +0000 |
|---|---|---|
| committer | Ermal Luçi <eri@pfsense.org> | 2008-09-10 13:15:59 +0000 |
| commit | 9b1c39e3a3d766c94d59fea75f7bf9e96ca87f85 (patch) | |
| tree | 5e580d53aab2045c2b2c4daf8eb04c266b476b12 /etc | |
| parent | 1d4bd2bc7926c0ab961e917cb90b0bb21fb9dffe (diff) | |
| download | pfsense-9b1c39e3a3d766c94d59fea75f7bf9e96ca87f85.zip pfsense-9b1c39e3a3d766c94d59fea75f7bf9e96ca87f85.tar.gz | |
* Fixup stray dots('...') on bootup and add some comments since we do loading of the filters twice during bootup?!
* Merge all interface related bootstraps under interfaces_configure so this allows us to handle propperly assigned bridge/gre/gif/.. devices that might are initialized later than assigned interfaces.
* Make possible configuring multiple dial-out(ppp) interfaces/configs. Though i am not configdent on the quality of the ppp code that was imported before since GUI and backend have some inconsistencies in the fields. While i fixed most of them still 1 or 2 remain which needs propper investigation on the config.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 34 | ||||
| -rw-r--r-- | etc/inc/interfaces.inc | 143 | ||||
| -rw-r--r-- | etc/inc/pfsense-utils.inc | 26 | ||||
| -rwxr-xr-x | etc/rc.bootup | 25 |
4 files changed, 129 insertions, 99 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 61b167c..c2d4fc1 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -116,24 +116,35 @@ function filter_configure_sync() { /* Get interface list to work with. */ generate_optcfg_array(); + if ($g['booting'] == true) + echo "Configuring firewall"; /* generate aliases */ - if($g['booting'] == true) echo "."; + if ($g['booting'] == true) + echo "."; update_filter_reload_status("Creating aliases"); $aliases = filter_generate_aliases(); + /* generate nat rules */ - if($g['booting'] == true) echo "."; + if ($g['booting'] == true) + echo "."; update_filter_reload_status("Generating NAT rules"); $natrules = filter_nat_rules_generate(); + /* generate pfctl rules */ - if($g['booting'] == true) echo "."; + if ($g['booting'] == true) + echo "."; update_filter_reload_status("Generating filter rules"); $pfrules = filter_rules_generate(); - /* generate altq */ - if($g['booting'] == true) echo "."; + + /* generate altq, limiter */ + if ($g['booting'] == true) + echo "."; update_filter_reload_status("Generating ALTQ queues"); $altq_queues = filter_generate_altq_queues(); - update_filter_reload_status("Generating Virtual interfaces rules"); + update_filter_reload_status("Generating Limiter rules"); $dummynet_rules = filter_generate_dummynet_rules(); + if ($g['booting'] == true) + echo "."; update_filter_reload_status("Loading filter rules"); @@ -144,6 +155,8 @@ function filter_configure_sync() { mwexec("/sbin/pfctl -d"); unlink_if_exists("{$g['tmp_path']}/filter_loading"); update_filter_reload_status("Filter is disabled. Not loading rules."); + if ($g['booting'] == true) + echo "done.\n"; return; } @@ -265,11 +278,6 @@ function filter_configure_sync() { system_start_ftp_helpers(); - if($config['system']['shapertype'] == "m0n0") { - require_once ("/etc/inc/m0n0/shaper.inc"); - shaper_configure(); - } - /* if time based rules are enabled then swap in the set */ if($time_based_rules == true) { tdr_install_cron(true); @@ -289,12 +297,16 @@ function filter_configure_sync() { /* sync carp entries to other firewalls */ update_filter_reload_status("Syncing CARP data"); carp_sync_client(); + if ($g['booting'] == true) + echo "."; system_routing_configure(); find_dns_aliases(); update_filter_reload_status("Done"); + if ($g['booting'] == true) + echo "done.\n"; return 0; } diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index bfe7807..019d180 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -413,22 +413,82 @@ function interface_gif_configure(&$gif) { } function interfaces_configure() { - global $g; + global $config, $g; + + /* set up VLAN virtual interfaces */ + interfaces_vlan_configure(); + + /* set up LAGG virtual interfaces */ + interfaces_lagg_configure(); + + /* Set up PPP interfaces */ + interfaces_ppp_configure(); $iflist = get_configured_interface_with_descr(); + $delayed_list = array(); + $bridge_list = array(); foreach($iflist as $if => $ifname) { - if ($g['booting']) - echo "Configuring {$ifname} interface..."; - if($debug) - log_error("Configuring {$ifname}"); + $realif = $config['interfaces'][$if]['if']; + + if (strstr($realif, "bridge")) + $bridge_list[$if] = $ifname; + else if (strstr($realif, "gre")) + $delayed_list[$if] = $ifname; + else if (strstr($realif, "gif")) + $delayed_list[$if] = $ifname; + else { + if ($g['booting']) + echo "Configuring {$ifname} interface..."; + if($debug) + log_error("Configuring {$ifname}"); + + interface_configure($if); + + if ($g['booting']) + echo "done.\n"; + } + } + + /* set up GRE virtual interfaces */ + interfaces_gre_configure(); + + /* set up GIF virtual interfaces */ + interfaces_gif_configure(); + + foreach ($delayed_list as $if => $ifname) { + if ($g['booting']) + echo "Configuring {$ifname} interface..."; + if($debug) + log_error("Configuring {$ifname}"); interface_configure($if); - if ($g['booting']) - echo "done.\n"; + if ($g['booting']) + echo "done.\n"; } + /* set up BRIDGe virtual interfaces */ + interfaces_bridge_configure(); + + foreach ($bridge_list as $if => $ifname) { + if ($g['booting']) + echo "Configuring {$ifname} interface..."; + if($debug) + log_error("Configuring {$ifname}"); + + interface_configure($if); + + if ($g['booting']) + echo "done.\n"; + } + + /* bring up carp interfaces */ + interfaces_carp_configure(); + + /* bring ip IP aliases */ + interfaces_ipalias_configure(); + if (!$g['booting']) { /* reconfigure static routes (kernel may have deleted them) */ system_routing_configure(); @@ -459,24 +519,44 @@ function interface_bring_down($interface) { mwexec("/sbin/ifconfig " . escapeshellarg($cfg['if']) . " delete down"); } -function interfaces_ppp_configure_if($ifcfg) { +function interfaces_ppp_configure() { + global $config; + + $i = 0; + if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { + foreach ($config['ppps']['ppp'] as $ppp) { + if(empty($ppp['pppif'])) { + $ppp['pppif'] = "ppp{$i}"; + } + /* XXX: Maybe we should report any errors?! */ + interface_vlan_configure($ppp); + $i++; + } + } +} + +function interface_ppp_configure($ifcfg) { global $config; - if(file_exists("/var/run/ppp0.pid")) { - $pid = file_get_contents("/var/run/ppp0.pid"); - mwexec('kill $pid'); + /* Remove the /dev/ from the device name. */ + $dev = substr($ifcfg['port'], 4); + + if(file_exists("/var/run/ppp_{$dev}.pid")) { + $pid = trim(file_get_contents("/var/run/ppp_{$dev}.pid")); + mwexec("kill {$pid}"); } - mwexec("/sbin/ifconfig ppp0 down destroy"); + if ($ifcfg['pppif'] <> "") + mwexec("/sbin/ifconfig {$ifcfg['pppif']} destroy"); $peerfile = "lcp-echo-failure 0\n"; $peerfile .= "lcp-echo-interval 0\n"; - $peerfile .= "connect /etc/ppp/peers/ppp0-connect-chat\n"; - //$peerfile .= "disconnect /etc/ppp/peers/ppp0-disconnect-chat\n"; - $peerfile .= "/dev/{$ifcfg['serialport']}\n"; + $peerfile .= "connect /etc/ppp/peers/ppp{$dev}-connect-chat\n"; + //$peerfile .= "disconnect /etc/ppp/peers/ppp{$dev}-disconnect-chat\n"; + $peerfile .= "/dev/{$ifcfg['if']}\n"; $peerfile .= "crtscts\n"; $peerfile .= "local\n"; - $peerfile .= ":{$ifcfg['gateway']}\n"; + //$peerfile .= ":{$ifcfg['gateway']}\n"; $peerfile .= "noipdefault\n"; $peerfile .= "ipcp-accept-local\n"; $peerfile .= "novj\n"; @@ -492,7 +572,7 @@ function interfaces_ppp_configure_if($ifcfg) { //$peerfile .= "nodetach\n"; // KD - so I know where to look! $peerfile .= "# created by /etc/inc/interfaces.inc\n"; - file_put_contents("/etc/ppp/peers/ppp0", $peerfile); + file_put_contents("/etc/ppp/peers/ppp_{$dev}", $peerfile); // Added single quotes to some strings below: // the \rAT is *always* going to need it @@ -521,10 +601,12 @@ function interfaces_ppp_configure_if($ifcfg) { $chatfile .= "TIMEOUT 22 \\\n"; $chatfile .= "CONNECT \"\" \\\n"; $chatfile .= "SAY \"\\nConnected.\"\n"; - file_put_contents("/etc/ppp/peers/ppp0-connect-chat", $chatfile); - chmod("/etc/ppp/peers/ppp0-connect-chat", 0755); - mwexec("/sbin/ifconfig ppp0 create"); - return 0; + file_put_contents("/etc/ppp/peers/ppp{$dev}-connect-chat", $chatfile); + chmod("/etc/ppp/peers/ppp{$dev}-connect-chat", 0755); + + $realif = exec("/sbin/ifconfig ppp create"); + + return $realif; } function interfaces_carp_configure() { @@ -1666,10 +1748,7 @@ function get_real_wan_interface($interface = "wan") { $wanif = "pptp" . substr($if, 3); break; default: - if (isset($cfg['ispointtopoint']) && $cfg['pointtopoint']) - $wanif = "ppp0"; // XXX: PPP needs to convert to mpd - else - $wanif = $cfg['if']; + $wanif = $cfg['if']; break; } @@ -1796,20 +1875,6 @@ function is_altq_capable($int) { return false; } -function get_number_of_ppp_interfaces() { - $ppps_total = 0; - $ppps = split("\n", `/sbin/ifconfig -a | /usr/bin/grep ppp | grep flags`); - foreach($ppps as $bridge) { - $match_array = ""; - preg_match_all("/ppp(.*):/",$bridge,$match_array); - if($match_array[1][0] <> "") { - if($match_array[1][0] > $ppps_total) - $ppps_total = $match_array[1][0]; - } - } - return "{$ppps_total}"; -} - function get_wireless_modes($interface) { /* return wireless modes and channels */ diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index d2a7567..b36bf50 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -2473,18 +2473,9 @@ function reload_interfaces_sync() { mwexec("/sbin/ifconfig {$ifname_real} delete"); } - /* set up VLAN interface */ - interfaces_vlan_configure(); - /* set up interfaces */ interfaces_configure(); - /* set up other cloned interfaces */ - interfaces_gif_configure(); - interfaces_gre_configure(); - interfaces_lagg_configure(); - interfaces_bridge_configure(); - /* set up static routes */ if($debug) log_error("Configuring system Routing"); @@ -2500,11 +2491,6 @@ function reload_interfaces_sync() { log_error("Configuring Captive portal"); captiveportal_configure(); - /* bring up carp interfaces */ - if($debug) - log_error("Configuring CARP"); - interfaces_carp_configure(); - /* restart webConfigurator if needed */ if($shutdown_webgui_needed == true) touch("/tmp/restart_webgui"); @@ -2603,21 +2589,9 @@ function reload_all_sync() { mwexec("/sbin/ifconfig {$ifname_real} delete"); } - /* set up VLAN interfaces */ - interfaces_vlan_configure(); - /* set up interfaces */ interfaces_configure(); - /* set up other cloned interfaces */ - interfaces_gif_configure(); - interfaces_gre_configure(); - interfaces_lagg_configure(); - interfaces_bridge_configure(); - - /* bring up carp interfaces */ - interfaces_carp_configure(); - /* set up static routes */ system_routing_configure(); diff --git a/etc/rc.bootup b/etc/rc.bootup index 28fe42f..6bea7cc 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -134,9 +134,6 @@ /* start syslogd */ system_syslogd_start(); - /* set up VLAN virtual interfaces */ - interfaces_vlan_configure(); - /* set up interfaces */ if(!$debugging) mute_kernel_msgs(); @@ -144,30 +141,10 @@ if(!$debugging) unmute_kernel_msgs(); - /* set up GRE virtual interfaces */ - interfaces_gre_configure(); - - /* set up GIF virtual interfaces */ - interfaces_gif_configure(); - - /* set up LAGG virtual interfaces */ - interfaces_lagg_configure(); - - /* set up BRIDGe virtual interfaces */ - interfaces_bridge_configure(); - - /* bring up carp interfaces */ - interfaces_carp_configure(); - - /* bring ip IP aliases */ - interfaces_ipalias_configure(); - /* setup altq + pf */ - echo "Configuring firewall..."; //mute_kernel_msgs(); filter_configure_sync(); //unmute_kernel_msgs(); - echo "done.\n"; /* generate resolv.conf */ system_resolvconf_generate(); @@ -250,6 +227,7 @@ setup_microcode(); echo "done.\n"; + /* XXX: what is up with such hacks!? */ mwexec("/sbin/pfctl -f /tmp/rules.debug"); /* start IPsec tunnels */ @@ -270,6 +248,7 @@ if(isset($config['system']['disableconsolemenu'])) touch("/var/etc/console_lockdown"); + /* XXX: something like this is done 3 times in here?!?!?!?! */ filter_configure_sync(); /* load graphing functions */ |
