summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorRenato Botelho <renato.botelho@bluepex.com>2010-08-18 14:13:00 -0300
committerRenato Botelho <renato.botelho@bluepex.com>2010-08-18 14:13:00 -0300
commit29c508f756b8fb6903da8502e1b125a0ef0d10de (patch)
tree098a1533bd4c94a0f079819913f6d2b0cf77f9ce /etc
parentfd7b47b6f815a52a8cf699d7506c43d8661109b1 (diff)
parentb01406759249bee22fd81b0258338473df18601a (diff)
downloadpfsense-29c508f756b8fb6903da8502e1b125a0ef0d10de.zip
pfsense-29c508f756b8fb6903da8502e1b125a0ef0d10de.tar.gz
Merge remote branch 'mainline/master' into inc
Conflicts: etc/inc/interfaces.inc
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/auth.inc2
-rw-r--r--etc/inc/interfaces.inc87
-rw-r--r--etc/inc/openvpn.inc41
-rw-r--r--etc/inc/pfsense-utils.inc80
4 files changed, 121 insertions, 89 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index 0e6c2ef..6fa418c 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -489,7 +489,7 @@ function local_group_set($group, $reset = false) {
$group_name = $group['name'];
$group_gid = $group['gid'];
$group_members = "''";
- if (!$reset && count($group['member']))
+ if (!$reset && !empty($group['member']) && count($group['member']) > 0)
$group_members = implode(",",$group['member']);
/* read from group db */
diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc
index 9156815..8aedff3 100644
--- a/etc/inc/interfaces.inc
+++ b/etc/inc/interfaces.inc
@@ -327,9 +327,16 @@ function interface_bridge_configure(&$bridge) {
/* Calculate smaller mtu and enforce it */
$smallermtu = 0;
+ $commonrx = true;
+ $commontx = true;
foreach ($members as $member) {
$realif = get_real_interface($member);
- $mtu = get_interface_mtu($realif);
+ $opts = pfSense_get_interface_addresses($realif);
+ $mtu = $opts['mtu'];
+ if (!isset($opts['encaps']['txcsum']))
+ $commontx = false;
+ if (!isset($opts['encaps']['rxcsum']))
+ $commonrx = false;
if ($smallermtu == 0 && !empty($mtu))
$smallermtu = $mtu;
else if (!empty($mtu) && $mtu < $smallermtu)
@@ -340,16 +347,25 @@ function interface_bridge_configure(&$bridge) {
if ($smallermtu == 0)
$smallermtu = 1500;
+ $flags = 0;
+ if ($commonrx == false)
+ $flags |= IFCAP_RXCSUM;
+ if ($commontx == false)
+ $flags |= IFCAP_TXCSUM;
+
/* Add interfaces to bridge */
foreach ($members as $member) {
if (!array_key_exists($member, $checklist))
continue;
$realif1 = get_real_interface($member);
$realif = escapeshellarg($realif1);
- /* make sure the parent interface is up */
- pfSense_interface_mtu($realif, $smallermtu);
- if(!$realif)
+ if (!$realif) {
log_error(gettext("realif not defined in interfaces bridge - up"));
+ continue;
+ }
+ /* make sure the parent interface is up */
+ pfSense_interface_mtu($realif1, $smallermtu);
+ pfSense_interface_capabilities($realif1, -$flags);
interfaces_bring_up($realif1);
mwexec("/sbin/ifconfig {$bridgeif} addm {$realif}");
}
@@ -474,15 +490,14 @@ function interface_bridge_add_member($bridgeif, $interface) {
pfSense_interface_mtu($interface, $mtu);
$options = pfSense_get_interface_addresses($bridgeif);
- if (isset($options['encaps']['txcsum']))
- pfSense_interface_capabilities($interface, IFCAP_TXCSUM);
- else
- pfSense_interface_capabilities($interface, -IFCAP_TXCSUM);
+ $flags = 0;
+ if (!isset($options['encaps']['txcsum']))
+ $flags |= IFCAP_TXCSUM;
- if (isset($options['encaps']['rxcsum']))
- pfSense_interface_capabilities($interface, IFCAP_RXCSUM);
- else
- pfSense_interface_capabilities($interface, -IFCAP_RXCSUM);
+ if (!isset($options['encaps']['rxcsum']))
+ $flags |= IFCAP_RXCSUM;
+
+ pfSense_interface_capabilities($interface, -$flags);
interfaces_bring_up($interface);
mwexec("/sbin/ifconfig {$bridgeif} addm {$interface}");
@@ -2357,6 +2372,49 @@ function interface_configure($interface = "wan", $reloadall = false) {
if (!empty($wancfg['mtu']))
pfSense_interface_mtu($realif, $wancfg['mtu']);
+ /* skip vlans for checksumming and polling */
+ if (!stristr($realif, "vlan")) {
+ $options = pfSense_get_interface_addresses($realif);
+ $flags = 0;
+ if(isset($config['system']['disablechecksumoffloading'])) {
+ if (isset($options['encaps']['txcsum']))
+ $flags |= IFCAP_TXCSUM;
+ if (isset($options['encaps']['rxcsum']))
+ $flags |= IFCAP_RXCSUM;
+ } else {
+ if (!isset($options['caps']['txcsum']))
+ $flags |= IFCAP_TXCSUM;
+ if (!isset($options['caps']['rxcsum']))
+ $flags |= IFCAP_RXCSUM;
+ }
+
+ if(isset($config['system']['disablesegmentationoffloading'])) {
+ if (isset($options['encaps']['tso4']))
+ $flags |= IFCAP_TSO;
+ if (isset($options['encaps']['tso6']))
+ $flags |= IFCAP_TSO;
+ } else {
+ if (!isset($options['caps']['tso4']))
+ $flags |= IFCAP_TSO;
+ if (!isset($options['caps']['tso6']))
+ $flags |= IFCAP_TSO;
+ }
+
+ if(isset($config['system']['disablelargereceiveoffloading'])) {
+ if (isset($options['encaps']['lro']))
+ $flags |= IFCAP_LRO;
+ } else {
+ if (!isset($options['caps']['lro']))
+ $flags |= IFCAP_LRO;
+ }
+
+ /* if the NIC supports polling *AND* it is enabled in the GUI */
+ if (!isset($config['system']['polling']) || !isset($options['caps']['polling'])) {
+ $flags |= IFCAP_POLLING;
+ }
+ pfSense_interface_capabilities($realif, -$flags);
+ }
+
/* invalidate interface/ip/sn cache */
get_interface_arr(true);
unset($interface_ip_arr_cache[$realif]);
@@ -2402,10 +2460,9 @@ function interface_configure($interface = "wan", $reloadall = false) {
if(does_interface_exist($wancfg['if']))
interfaces_bring_up($wancfg['if']);
- if (!$g['booting'])
- interface_reload_carps($realif);
-
if (!$g['booting']) {
+ interface_reload_carps($realif);
+
unset($gre);
$gre = link_interface_to_gre($interface);
if (!empty($gre))
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index ec127b3..4ee029d 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -404,7 +404,9 @@ function openvpn_reconfigure($mode,& $settings) {
$conf .= "lport {$settings['local_port']}\n";
// The management port to listen on
- $conf .= "management 127.0.0.1 {$settings['local_port']}\n";
+ // Use unix socket to overcome the problem on any type of server
+ $conf .= "management {$g['varetc_path']}/openvpn/{$mode_id}.sock unix\n";
+ //$conf .= "management 127.0.0.1 {$settings['local_port']}\n";
if ($settings['maxclients'])
$conf .= "max-clients {$settings['maxclients']}\n";
@@ -445,7 +447,9 @@ function openvpn_reconfigure($mode,& $settings) {
// If local_port is used, bind the management port
if ($settings['local_port']) {
$conf .= "lport {$settings['local_port']}\n";
- $conf .= "management 127.0.0.1 {$settings['local_port']}\n";
+ // Use unix socket to overcome the problem on any type of server
+ $conf .= "management {$g['varetc_path']}/openvpn/{$mode_id}.sock unix\n";
+ //$conf .= "management 127.0.0.1 {$settings['local_port']}\n";
}
// If there is no bind option at all (ip and/or port), add "nobind" directive
@@ -709,8 +713,9 @@ function openvpn_resync_all($interface = "") {
}
function openvpn_get_active_servers() {
+ global $config, $g;
+
$servers = array();
- global $config;
if (is_array($config['openvpn']['openvpn-server'])) {
foreach ($config['openvpn']['openvpn-server'] as & $settings) {
@@ -726,13 +731,17 @@ function openvpn_get_active_servers() {
$server['name'] = "Server {$prot}:{$port}";
$server['conns'] = array();
- $tcpsrv = "tcp://127.0.0.1:{$port}";
+ $vpnid = $settings['vpnid'];
+ $mode_id = "server{$vpnid}";
+ $server['mgmt'] = $mode_id;
+ $tcpsrv = "unix://{$g['varetc_path']}/openvpn/{$mode_id}.sock";
$errval;
$errstr;
/* open a tcp connection to the management port of each server */
$fp = @stream_socket_client($tcpsrv, $errval, $errstr, 1);
if ($fp) {
+ stream_set_timeout($fp, 1);
/* send our status request */
fputs($fp, "status 2\n");
@@ -743,6 +752,10 @@ function openvpn_get_active_servers() {
/* read the next line */
$line = fgets($fp, 1024);
+ $info = stream_get_meta_data($fp);
+ if ($info['timed_out'])
+ break;
+
/* parse header list line */
if (strstr($line, "HEADER"))
continue;
@@ -785,8 +798,9 @@ function openvpn_get_active_servers() {
}
function openvpn_get_active_clients() {
+ global $config, $g;
+
$clients = array();
- global $config;
if (is_array($config['openvpn']['openvpn-client'])) {
foreach ($config['openvpn']['openvpn-client'] as & $settings) {
@@ -800,7 +814,10 @@ function openvpn_get_active_clients() {
else
$client['name'] = "Client {$prot}:{$port}";
- $tcpcli = "tcp://127.0.0.1:{$port}";
+ $vpnid = $settings['vpnid'];
+ $mode_id = "client{$vpnid}";
+ $client['mgmt'] = $mode_id;
+ $tcpcli = "unix://{$g['varetc_path']}/openvpn/{$mode_id}.sock";
$errval;
$errstr;
@@ -809,7 +826,7 @@ function openvpn_get_active_clients() {
/* open a tcp connection to the management port of each cli */
$fp = @stream_socket_client($tcpcli, $errval, $errstr, 1);
if ($fp) {
-
+ stream_set_timeout($fp, 1);
/* send our status request */
fputs($fp, "state 1\n");
@@ -817,7 +834,11 @@ function openvpn_get_active_clients() {
while (!feof($fp)) {
/* read the next line */
$line = fgets($fp, 1024);
-
+
+ $info = stream_get_meta_data($fp);
+ if ($info['timed_out'])
+ break;
+
/* Get the client state */
if (strstr($line,"CONNECTED")) {
$client['status']="up";
@@ -840,6 +861,10 @@ function openvpn_get_active_clients() {
/* read the next line */
$line = fgets($fp, 1024);
+ $info = stream_get_meta_data($fp);
+ if ($info['timed_out'])
+ break;
+
if (strstr($line,"TCP/UDP read bytes")) {
$list = explode(",", $line);
$client['bytes_recv'] = $list[1];
diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc
index 89eac5b..794d1b6 100644
--- a/etc/inc/pfsense-utils.inc
+++ b/etc/inc/pfsense-utils.inc
@@ -180,69 +180,20 @@ function get_dns_servers() {
function enable_hardware_offloading($interface) {
global $g, $config;
- if(stristr($interface,"lnc"))
+ if(isset($config['system']['do_not_use_nic_microcode']))
return;
/* translate wan, lan, opt -> real interface if needed */
$int = get_real_interface($interface);
- if($int <> "")
- $interface = $int;
- $int_family = preg_split("/[0-9]+/", $interface);
- $options = pfSense_get_interface_addresses($interface);
- if (!is_array($options))
+ if(empty($int))
return;
+ $int_family = preg_split("/[0-9]+/", $int);
$supported_ints = array('fxp');
if (in_array($int_family, $supported_ints)) {
- if(isset($config['system']['do_not_use_nic_microcode']))
- continue;
- if(does_interface_exist($interface))
- pfSense_interface_flags($interface, IFF_LINK0);
+ if(does_interface_exist($int))
+ pfSense_interface_flags($int, IFF_LINK0);
}
- /* skip vlans for checksumming and polling */
- if(stristr($interface, "vlan"))
- return;
-
- if(isset($config['system']['disablechecksumoffloading'])) {
- if (isset($options['encaps']['txcsum']))
- pfSense_interface_capabilities($interface, -IFCAP_TXCSUM);
- if (isset($options['encaps']['rxcsum']))
- pfSense_interface_capabilities($interface, -IFCAP_RXCSUM);
- } else {
- if (isset($options['caps']['txcsum']))
- pfSense_interface_capabilities($interface, IFCAP_TXCSUM);
- if (isset($options['caps']['rxcsum']))
- pfSense_interface_capabilities($interface, IFCAP_RXCSUM);
- }
-
- if(isset($config['system']['disablesegmentationoffloading'])) {
- if (isset($options['encaps']['tso4']))
- pfSense_interface_capabilities($interface, -IFCAP_TSO);
- if (isset($options['encaps']['tso6']))
- pfSense_interface_capabilities($interface, -IFCAP_TSO);
- } else {
- if (isset($options['caps']['tso4']))
- pfSense_interface_capabilities($interface, IFCAP_TSO);
- if (isset($options['caps']['tso6']))
- pfSense_interface_capabilities($interface, IFCAP_TSO);
- }
-
- if(isset($config['system']['disablelargereceiveoffloading'])) {
- if (isset($options['encaps']['lro']))
- pfSense_interface_capabilities($interface, -IFCAP_LRO);
- } else {
- if (isset($options['caps']['lro']))
- pfSense_interface_capabilities($interface, IFCAP_LRO);
- }
-
-
- /* if the NIC supports polling *AND* it is enabled in the GUI */
- $polling = isset($config['system']['polling']);
- if($polling && isset($options['caps']['polling']))
- pfSense_interface_capabilities($interface, IFCAP_POLLING);
- else
- pfSense_interface_capabilities($interface, -IFCAP_POLLING);
-
return;
}
@@ -359,22 +310,21 @@ function setup_polling() {
setup_polling_defaults();
- $supported_ints = array('bge', 'dc', 'em', 'fwe', 'fwip', 'fxp', 'ixgb', 'ste', 'nge', 're', 'rl', 'sf', 'sis', 'ste', 'vge', 'vr', 'xl');
+ if (isset($config['system']['polling']))
+ mwexec("/sbin/sysctl kern.polling.idle_poll=1");
+ else
+ mwexec("/sbin/sysctl kern.polling.idle_poll=0");
/* if list */
$iflist = get_configured_interface_list();
foreach ($iflist as $ifent => $ifname) {
- $real_interface = convert_friendly_interface_to_real_interface_name($ifname);
- $ifdevice = substr($real_interface, 0, -1);
- if(!in_array($ifdevice, $supported_ints)) {
- continue;
- }
- if(isset($config['system']['polling'])) {
- mwexec("/sbin/ifconfig {$real_interface} polling");
- mwexec("/sbin/sysctl kern.polling.idle_poll=1");
- } else {
- mwexec("/sbin/ifconfig {$real_interface} -polling");
+ $real_interface = get_real_interface($ifname);
+ if (interface_supports_polling($real_interface)) {
+ if (isset($config['system']['polling']))
+ pfSense_interface_capabilities($real_interface, IFCAP_POLLING);
+ else
+ pfSense_interface_capabilities($real_interface, -IFCAP_POLLING);
}
}
}
OpenPOWER on IntegriCloud