diff options
author | Renato Botelho <renato.botelho@bluepex.com> | 2010-08-18 14:13:00 -0300 |
---|---|---|
committer | Renato Botelho <renato.botelho@bluepex.com> | 2010-08-18 14:13:00 -0300 |
commit | 29c508f756b8fb6903da8502e1b125a0ef0d10de (patch) | |
tree | 098a1533bd4c94a0f079819913f6d2b0cf77f9ce /etc | |
parent | fd7b47b6f815a52a8cf699d7506c43d8661109b1 (diff) | |
parent | b01406759249bee22fd81b0258338473df18601a (diff) | |
download | pfsense-29c508f756b8fb6903da8502e1b125a0ef0d10de.zip pfsense-29c508f756b8fb6903da8502e1b125a0ef0d10de.tar.gz |
Merge remote branch 'mainline/master' into inc
Conflicts:
etc/inc/interfaces.inc
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/auth.inc | 2 | ||||
-rw-r--r-- | etc/inc/interfaces.inc | 87 | ||||
-rw-r--r-- | etc/inc/openvpn.inc | 41 | ||||
-rw-r--r-- | etc/inc/pfsense-utils.inc | 80 |
4 files changed, 121 insertions, 89 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 0e6c2ef..6fa418c 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -489,7 +489,7 @@ function local_group_set($group, $reset = false) { $group_name = $group['name']; $group_gid = $group['gid']; $group_members = "''"; - if (!$reset && count($group['member'])) + if (!$reset && !empty($group['member']) && count($group['member']) > 0) $group_members = implode(",",$group['member']); /* read from group db */ diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 9156815..8aedff3 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -327,9 +327,16 @@ function interface_bridge_configure(&$bridge) { /* Calculate smaller mtu and enforce it */ $smallermtu = 0; + $commonrx = true; + $commontx = true; foreach ($members as $member) { $realif = get_real_interface($member); - $mtu = get_interface_mtu($realif); + $opts = pfSense_get_interface_addresses($realif); + $mtu = $opts['mtu']; + if (!isset($opts['encaps']['txcsum'])) + $commontx = false; + if (!isset($opts['encaps']['rxcsum'])) + $commonrx = false; if ($smallermtu == 0 && !empty($mtu)) $smallermtu = $mtu; else if (!empty($mtu) && $mtu < $smallermtu) @@ -340,16 +347,25 @@ function interface_bridge_configure(&$bridge) { if ($smallermtu == 0) $smallermtu = 1500; + $flags = 0; + if ($commonrx == false) + $flags |= IFCAP_RXCSUM; + if ($commontx == false) + $flags |= IFCAP_TXCSUM; + /* Add interfaces to bridge */ foreach ($members as $member) { if (!array_key_exists($member, $checklist)) continue; $realif1 = get_real_interface($member); $realif = escapeshellarg($realif1); - /* make sure the parent interface is up */ - pfSense_interface_mtu($realif, $smallermtu); - if(!$realif) + if (!$realif) { log_error(gettext("realif not defined in interfaces bridge - up")); + continue; + } + /* make sure the parent interface is up */ + pfSense_interface_mtu($realif1, $smallermtu); + pfSense_interface_capabilities($realif1, -$flags); interfaces_bring_up($realif1); mwexec("/sbin/ifconfig {$bridgeif} addm {$realif}"); } @@ -474,15 +490,14 @@ function interface_bridge_add_member($bridgeif, $interface) { pfSense_interface_mtu($interface, $mtu); $options = pfSense_get_interface_addresses($bridgeif); - if (isset($options['encaps']['txcsum'])) - pfSense_interface_capabilities($interface, IFCAP_TXCSUM); - else - pfSense_interface_capabilities($interface, -IFCAP_TXCSUM); + $flags = 0; + if (!isset($options['encaps']['txcsum'])) + $flags |= IFCAP_TXCSUM; - if (isset($options['encaps']['rxcsum'])) - pfSense_interface_capabilities($interface, IFCAP_RXCSUM); - else - pfSense_interface_capabilities($interface, -IFCAP_RXCSUM); + if (!isset($options['encaps']['rxcsum'])) + $flags |= IFCAP_RXCSUM; + + pfSense_interface_capabilities($interface, -$flags); interfaces_bring_up($interface); mwexec("/sbin/ifconfig {$bridgeif} addm {$interface}"); @@ -2357,6 +2372,49 @@ function interface_configure($interface = "wan", $reloadall = false) { if (!empty($wancfg['mtu'])) pfSense_interface_mtu($realif, $wancfg['mtu']); + /* skip vlans for checksumming and polling */ + if (!stristr($realif, "vlan")) { + $options = pfSense_get_interface_addresses($realif); + $flags = 0; + if(isset($config['system']['disablechecksumoffloading'])) { + if (isset($options['encaps']['txcsum'])) + $flags |= IFCAP_TXCSUM; + if (isset($options['encaps']['rxcsum'])) + $flags |= IFCAP_RXCSUM; + } else { + if (!isset($options['caps']['txcsum'])) + $flags |= IFCAP_TXCSUM; + if (!isset($options['caps']['rxcsum'])) + $flags |= IFCAP_RXCSUM; + } + + if(isset($config['system']['disablesegmentationoffloading'])) { + if (isset($options['encaps']['tso4'])) + $flags |= IFCAP_TSO; + if (isset($options['encaps']['tso6'])) + $flags |= IFCAP_TSO; + } else { + if (!isset($options['caps']['tso4'])) + $flags |= IFCAP_TSO; + if (!isset($options['caps']['tso6'])) + $flags |= IFCAP_TSO; + } + + if(isset($config['system']['disablelargereceiveoffloading'])) { + if (isset($options['encaps']['lro'])) + $flags |= IFCAP_LRO; + } else { + if (!isset($options['caps']['lro'])) + $flags |= IFCAP_LRO; + } + + /* if the NIC supports polling *AND* it is enabled in the GUI */ + if (!isset($config['system']['polling']) || !isset($options['caps']['polling'])) { + $flags |= IFCAP_POLLING; + } + pfSense_interface_capabilities($realif, -$flags); + } + /* invalidate interface/ip/sn cache */ get_interface_arr(true); unset($interface_ip_arr_cache[$realif]); @@ -2402,10 +2460,9 @@ function interface_configure($interface = "wan", $reloadall = false) { if(does_interface_exist($wancfg['if'])) interfaces_bring_up($wancfg['if']); - if (!$g['booting']) - interface_reload_carps($realif); - if (!$g['booting']) { + interface_reload_carps($realif); + unset($gre); $gre = link_interface_to_gre($interface); if (!empty($gre)) diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index ec127b3..4ee029d 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -404,7 +404,9 @@ function openvpn_reconfigure($mode,& $settings) { $conf .= "lport {$settings['local_port']}\n"; // The management port to listen on - $conf .= "management 127.0.0.1 {$settings['local_port']}\n"; + // Use unix socket to overcome the problem on any type of server + $conf .= "management {$g['varetc_path']}/openvpn/{$mode_id}.sock unix\n"; + //$conf .= "management 127.0.0.1 {$settings['local_port']}\n"; if ($settings['maxclients']) $conf .= "max-clients {$settings['maxclients']}\n"; @@ -445,7 +447,9 @@ function openvpn_reconfigure($mode,& $settings) { // If local_port is used, bind the management port if ($settings['local_port']) { $conf .= "lport {$settings['local_port']}\n"; - $conf .= "management 127.0.0.1 {$settings['local_port']}\n"; + // Use unix socket to overcome the problem on any type of server + $conf .= "management {$g['varetc_path']}/openvpn/{$mode_id}.sock unix\n"; + //$conf .= "management 127.0.0.1 {$settings['local_port']}\n"; } // If there is no bind option at all (ip and/or port), add "nobind" directive @@ -709,8 +713,9 @@ function openvpn_resync_all($interface = "") { } function openvpn_get_active_servers() { + global $config, $g; + $servers = array(); - global $config; if (is_array($config['openvpn']['openvpn-server'])) { foreach ($config['openvpn']['openvpn-server'] as & $settings) { @@ -726,13 +731,17 @@ function openvpn_get_active_servers() { $server['name'] = "Server {$prot}:{$port}"; $server['conns'] = array(); - $tcpsrv = "tcp://127.0.0.1:{$port}"; + $vpnid = $settings['vpnid']; + $mode_id = "server{$vpnid}"; + $server['mgmt'] = $mode_id; + $tcpsrv = "unix://{$g['varetc_path']}/openvpn/{$mode_id}.sock"; $errval; $errstr; /* open a tcp connection to the management port of each server */ $fp = @stream_socket_client($tcpsrv, $errval, $errstr, 1); if ($fp) { + stream_set_timeout($fp, 1); /* send our status request */ fputs($fp, "status 2\n"); @@ -743,6 +752,10 @@ function openvpn_get_active_servers() { /* read the next line */ $line = fgets($fp, 1024); + $info = stream_get_meta_data($fp); + if ($info['timed_out']) + break; + /* parse header list line */ if (strstr($line, "HEADER")) continue; @@ -785,8 +798,9 @@ function openvpn_get_active_servers() { } function openvpn_get_active_clients() { + global $config, $g; + $clients = array(); - global $config; if (is_array($config['openvpn']['openvpn-client'])) { foreach ($config['openvpn']['openvpn-client'] as & $settings) { @@ -800,7 +814,10 @@ function openvpn_get_active_clients() { else $client['name'] = "Client {$prot}:{$port}"; - $tcpcli = "tcp://127.0.0.1:{$port}"; + $vpnid = $settings['vpnid']; + $mode_id = "client{$vpnid}"; + $client['mgmt'] = $mode_id; + $tcpcli = "unix://{$g['varetc_path']}/openvpn/{$mode_id}.sock"; $errval; $errstr; @@ -809,7 +826,7 @@ function openvpn_get_active_clients() { /* open a tcp connection to the management port of each cli */ $fp = @stream_socket_client($tcpcli, $errval, $errstr, 1); if ($fp) { - + stream_set_timeout($fp, 1); /* send our status request */ fputs($fp, "state 1\n"); @@ -817,7 +834,11 @@ function openvpn_get_active_clients() { while (!feof($fp)) { /* read the next line */ $line = fgets($fp, 1024); - + + $info = stream_get_meta_data($fp); + if ($info['timed_out']) + break; + /* Get the client state */ if (strstr($line,"CONNECTED")) { $client['status']="up"; @@ -840,6 +861,10 @@ function openvpn_get_active_clients() { /* read the next line */ $line = fgets($fp, 1024); + $info = stream_get_meta_data($fp); + if ($info['timed_out']) + break; + if (strstr($line,"TCP/UDP read bytes")) { $list = explode(",", $line); $client['bytes_recv'] = $list[1]; diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 89eac5b..794d1b6 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -180,69 +180,20 @@ function get_dns_servers() { function enable_hardware_offloading($interface) { global $g, $config; - if(stristr($interface,"lnc")) + if(isset($config['system']['do_not_use_nic_microcode'])) return; /* translate wan, lan, opt -> real interface if needed */ $int = get_real_interface($interface); - if($int <> "") - $interface = $int; - $int_family = preg_split("/[0-9]+/", $interface); - $options = pfSense_get_interface_addresses($interface); - if (!is_array($options)) + if(empty($int)) return; + $int_family = preg_split("/[0-9]+/", $int); $supported_ints = array('fxp'); if (in_array($int_family, $supported_ints)) { - if(isset($config['system']['do_not_use_nic_microcode'])) - continue; - if(does_interface_exist($interface)) - pfSense_interface_flags($interface, IFF_LINK0); + if(does_interface_exist($int)) + pfSense_interface_flags($int, IFF_LINK0); } - /* skip vlans for checksumming and polling */ - if(stristr($interface, "vlan")) - return; - - if(isset($config['system']['disablechecksumoffloading'])) { - if (isset($options['encaps']['txcsum'])) - pfSense_interface_capabilities($interface, -IFCAP_TXCSUM); - if (isset($options['encaps']['rxcsum'])) - pfSense_interface_capabilities($interface, -IFCAP_RXCSUM); - } else { - if (isset($options['caps']['txcsum'])) - pfSense_interface_capabilities($interface, IFCAP_TXCSUM); - if (isset($options['caps']['rxcsum'])) - pfSense_interface_capabilities($interface, IFCAP_RXCSUM); - } - - if(isset($config['system']['disablesegmentationoffloading'])) { - if (isset($options['encaps']['tso4'])) - pfSense_interface_capabilities($interface, -IFCAP_TSO); - if (isset($options['encaps']['tso6'])) - pfSense_interface_capabilities($interface, -IFCAP_TSO); - } else { - if (isset($options['caps']['tso4'])) - pfSense_interface_capabilities($interface, IFCAP_TSO); - if (isset($options['caps']['tso6'])) - pfSense_interface_capabilities($interface, IFCAP_TSO); - } - - if(isset($config['system']['disablelargereceiveoffloading'])) { - if (isset($options['encaps']['lro'])) - pfSense_interface_capabilities($interface, -IFCAP_LRO); - } else { - if (isset($options['caps']['lro'])) - pfSense_interface_capabilities($interface, IFCAP_LRO); - } - - - /* if the NIC supports polling *AND* it is enabled in the GUI */ - $polling = isset($config['system']['polling']); - if($polling && isset($options['caps']['polling'])) - pfSense_interface_capabilities($interface, IFCAP_POLLING); - else - pfSense_interface_capabilities($interface, -IFCAP_POLLING); - return; } @@ -359,22 +310,21 @@ function setup_polling() { setup_polling_defaults(); - $supported_ints = array('bge', 'dc', 'em', 'fwe', 'fwip', 'fxp', 'ixgb', 'ste', 'nge', 're', 'rl', 'sf', 'sis', 'ste', 'vge', 'vr', 'xl'); + if (isset($config['system']['polling'])) + mwexec("/sbin/sysctl kern.polling.idle_poll=1"); + else + mwexec("/sbin/sysctl kern.polling.idle_poll=0"); /* if list */ $iflist = get_configured_interface_list(); foreach ($iflist as $ifent => $ifname) { - $real_interface = convert_friendly_interface_to_real_interface_name($ifname); - $ifdevice = substr($real_interface, 0, -1); - if(!in_array($ifdevice, $supported_ints)) { - continue; - } - if(isset($config['system']['polling'])) { - mwexec("/sbin/ifconfig {$real_interface} polling"); - mwexec("/sbin/sysctl kern.polling.idle_poll=1"); - } else { - mwexec("/sbin/ifconfig {$real_interface} -polling"); + $real_interface = get_real_interface($ifname); + if (interface_supports_polling($real_interface)) { + if (isset($config['system']['polling'])) + pfSense_interface_capabilities($real_interface, IFCAP_POLLING); + else + pfSense_interface_capabilities($real_interface, -IFCAP_POLLING); } } } |