diff options
author | gnhb <gnoahb@gmail.com> | 2010-05-21 07:34:23 +0700 |
---|---|---|
committer | gnhb <gnoahb@gmail.com> | 2010-05-21 07:34:23 +0700 |
commit | d9e2c1714bc55f546702a8660f62e8cff2716aa4 (patch) | |
tree | 069b2f5369ad4bf9c7e60806b47f5dd42e409c78 /etc | |
parent | 30ade8461e65922c8d8a22d3b9ba5b07bb2912e0 (diff) | |
parent | c0ed686f9441b7019722954020057b23fe2f6603 (diff) | |
download | pfsense-d9e2c1714bc55f546702a8660f62e8cff2716aa4.zip pfsense-d9e2c1714bc55f546702a8660f62e8cff2716aa4.tar.gz |
Merge branch 'master' of http://gitweb.pfsense.org/pfsense/mainline into mlppp
Conflicts:
usr/local/www/interfaces.php
Not sure why there was a conflict since the last change to this file was May 20.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/captiveportal.inc | 1 | ||||
-rw-r--r-- | etc/inc/config.inc | 4 | ||||
-rw-r--r-- | etc/inc/config.lib.inc | 123 | ||||
-rw-r--r-- | etc/inc/filter.inc | 7 | ||||
-rw-r--r-- | etc/inc/gwlb.inc | 101 | ||||
-rw-r--r-- | etc/inc/openvpn.inc | 18 | ||||
-rw-r--r-- | etc/inc/pfsense-utils.inc | 2 | ||||
-rw-r--r-- | etc/inc/system.inc | 81 | ||||
-rw-r--r-- | etc/inc/util.inc | 26 | ||||
-rw-r--r-- | etc/inc/vpn.inc | 10 | ||||
-rw-r--r-- | etc/inc/xmlparse.inc | 13 | ||||
-rwxr-xr-x | etc/rc | 60 | ||||
-rwxr-xr-x | etc/rc.bootup | 14 | ||||
-rwxr-xr-x | etc/rc.initial.firmware_update | 26 |
14 files changed, 292 insertions, 194 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 31cc680..28dab57 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -43,6 +43,7 @@ /* include all configuration functions */ require_once("config.inc"); require_once("functions.inc"); +require_once("filter.inc"); require_once("radius.inc"); require_once("voucher.inc"); diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 1dd0d9a..5ec98be 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -54,10 +54,10 @@ if($g['booting']) echo "."; ini_set("memory_limit","128M"); /* include globals from notices.inc /utility/XML parser files */ -require_once('config.lib.inc'); -if($g['booting']) echo "."; require_once("notices.inc"); if($g['booting']) echo "."; +require_once('config.lib.inc'); +if($g['booting']) echo "."; require_once("util.inc"); if($g['booting']) echo "."; if(file_exists("/cf/conf/use_xmlreader")) diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 0fa2315..435949f 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -191,8 +191,8 @@ function restore_backup($file) { if (file_exists($file)) { conf_mount_rw(); - copy("$file","/cf/conf/config.xml"); unlink_if_exists("{$g['tmp_path']}/config.cache"); + copy("$file","/cf/conf/config.xml"); log_error("{$g['product_name']} is restoring the configuration $file"); file_notice("config.xml", "{$g['product_name']} is restoring the configuration $file", "pfSenseConfigurator", ""); conf_mount_ro(); @@ -496,13 +496,14 @@ function write_config($desc="Unknown", $backup = true) { /* re-read configuration */ /* NOTE: We assume that the file can be parsed since we wrote it. */ $config = parse_xml_config("{$g['conf_path']}/config.xml", $g['xml_rootobj']); - - /* write config cache */ - $fd = @fopen("{$g['tmp_path']}/config.cache", "wb"); - if ($fd) { - fwrite($fd, serialize($config)); - fclose($fd); - } + if ($config == -1) { + $last_backup = discover_last_backup(); + if ($last_backup) + restore_backup("/cf/conf/backup/{$last_backup}"); + else + log_error(gettext("Could not restore config.xml.")); + } else + generate_config_cache($config); unlock($lockkey); @@ -571,8 +572,8 @@ function config_restore($conffile) { $lockkey = lock('config', LOCK_EX); - copy($conffile, "{$g['cf_conf_path']}/config.xml"); unlink_if_exists("{$g['tmp_path']}/config.cache"); + copy($conffile, "{$g['cf_conf_path']}/config.xml"); unlock($lockkey); @@ -1136,63 +1137,69 @@ function cleanup_backupcache($revisions = 30, $lock = false) { if (!$lock) $lockkey = lock('config'); - if(file_exists($g['cf_conf_path'] . '/backup/backup.cache')) { - conf_mount_rw(); - $backups = get_backups(); - $newbaks = array(); - $bakfiles = glob($g['cf_conf_path'] . "/backup/config-*"); + + conf_mount_rw(); + + $backups = get_backups(); + if ($backups) { $baktimes = $backups['versions']; - $tocache = array(); unset($backups['versions']); - foreach($bakfiles as $backup) { // Check for backups in the directory not represented in the cache. - if(filesize($backup) == 0) { - unlink($backup); - continue; - } - $tocheck = array_shift(explode('.', array_pop(explode('-', $backup)))); - if(!in_array($tocheck, $baktimes)) { - $i = true; - if($g['booting']) - echo "."; - $newxml = parse_xml_config($backup, $g['xml_rootobj']); - if($newxml == "-1") { - log_error("The backup cache file $backup is corrupted. Unlinking."); - unlink($backup); - log_error("The backup cache file $backup is corrupted. Unlinking."); - continue; - } - if($newxml['revision']['description'] == "") - $newxml['revision']['description'] = "Unknown"; - $tocache[$tocheck] = array('description' => $newxml['revision']['description']); - } - } - foreach($backups as $checkbak) { + } else { + $backups = array(); + $baktimes = array(); + } + $newbaks = array(); + $bakfiles = glob($g['cf_conf_path'] . "/backup/config-*"); + $tocache = array(); - if(count(preg_grep('/' . $checkbak['time'] . '/i', $bakfiles)) != 0) { - $newbaks[] = $checkbak; - } else { - $i = true; - if($g['booting']) print " " . $tocheck . "r"; + foreach($bakfiles as $backup) { // Check for backups in the directory not represented in the cache. + if(filesize($backup) == 0) { + unlink($backup); + continue; + } + $tocheck = array_shift(explode('.', array_pop(explode('-', $backup)))); + if(!in_array($tocheck, $baktimes)) { + $i = true; + if($g['booting']) + echo "."; + $newxml = parse_xml_config($backup, $g['xml_rootobj']); + if($newxml == "-1") { + log_error("The backup cache file $backup is corrupted. Unlinking."); + unlink($backup); + log_error("The backup cache file $backup is corrupted. Unlinking."); + continue; } + if($newxml['revision']['description'] == "") + $newxml['revision']['description'] = "Unknown"; + $tocache[$tocheck] = array('description' => $newxml['revision']['description']); } - foreach($newbaks as $todo) $tocache[$todo['time']] = array('description' => $todo['description']); - if(is_int($revisions) and (count($tocache) > $revisions)) { - $toslice = array_slice(array_keys($tocache), 0, $revisions); - foreach($toslice as $sliced) - $newcache[$sliced] = $tocache[$sliced]; - foreach($tocache as $version => $versioninfo) { - if(!in_array($version, array_keys($newcache))) { - unlink_if_exists($g['conf_path'] . '/backup/config-' . $version . '.xml'); - if($g['booting']) print " " . $tocheck . "d"; - } + } + foreach($backups as $checkbak) { + if(count(preg_grep('/' . $checkbak['time'] . '/i', $bakfiles)) != 0) { + $newbaks[] = $checkbak; + } else { + $i = true; + if($g['booting']) print " " . $tocheck . "r"; + } + } + foreach($newbaks as $todo) $tocache[$todo['time']] = array('description' => $todo['description']); + if(is_int($revisions) and (count($tocache) > $revisions)) { + $toslice = array_slice(array_keys($tocache), 0, $revisions); + foreach($toslice as $sliced) + $newcache[$sliced] = $tocache[$sliced]; + foreach($tocache as $version => $versioninfo) { + if(!in_array($version, array_keys($newcache))) { + unlink_if_exists($g['conf_path'] . '/backup/config-' . $version . '.xml'); + if($g['booting']) print " " . $tocheck . "d"; } - $tocache = $newcache; } - $bakout = fopen($g['cf_conf_path'] . '/backup/backup.cache', "w"); - fwrite($bakout, serialize($tocache)); - fclose($bakout); - conf_mount_ro(); + $tocache = $newcache; } + $bakout = fopen($g['cf_conf_path'] . '/backup/backup.cache', "w"); + fwrite($bakout, serialize($tocache)); + fclose($bakout); + conf_mount_ro(); + if($g['booting'] && $i) print "done.\n"; if (!$lock) diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 77a06d2..f01faee 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -69,7 +69,8 @@ function flowtable_configure() { // nmbflows cpu count * ($maxstates * 2) $cpus = trim(`/sbin/sysctl kern.smp.cpus | /usr/bin/cut -d' ' -f2`); $nmbflows = ($cpus*($maxstates*2)); - // Is flowtable enabled? + // flowtable is not enabled + /* if($config['system']['flowtable']) $flowtable_enable = 1; else @@ -82,6 +83,7 @@ function flowtable_configure() { } mwexec("/sbin/sysctl net.inet.flowtable.enable={$flowtable_enable}"); } + */ } function filter_load_ipfw() { @@ -690,7 +692,7 @@ function filter_generate_optcfg_array() { if(!is_ipaddr($oc['ipaddr']) && !empty($oc['ipaddr'])) $oic['type'] = $oc['ipaddr']; $oic['sn'] = get_interface_subnet($if); - $oic['mtu'] = $oc['mtu']; + $oic['mtu'] = empty($oc['mtu']) ? 1500 : $oc['mtu']; $oic['descr'] = $ifdetail; $oic['sa'] = gen_subnet($oic['ip'], $oic['sn']); $oic['nonat'] = $oc['nonat']; @@ -2498,6 +2500,7 @@ function filter_process_carp_rules() { if(isset($config['installedpackages']['carp']['config']) && $config['installedpackages']['carpsettings']['config'] <> "" or $config['virtualip']['vip'] <> "") { + $lines .= "block in log quick proto carp from (self) to any\n"; $lines .= "pass quick proto carp\n"; $lines .= "pass quick proto pfsync\n"; } diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index 0dbf329..2411892 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -1,13 +1,13 @@ <?php -/* $Id$ */ /* Copyright (C) 2008 Bill Marquette, Seth Mos + Copyright (C) 2010 Ermal Luçi All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: -1. Redistributions of source code must retain the above copyright notice, + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright @@ -28,7 +28,7 @@ pfSense_BUILDER_BINARIES: /usr/bin/killall /sbin/route /usr/local/sbin/apinger pfSense_MODULE: routing - */ + */ /* add static routes for monitor IP addresse * creates monitoring configuration file @@ -151,15 +151,14 @@ EOD; if((is_numeric($gateway['attribute'])) && is_ipaddr($gwref['monitor'])) { $gateway['monitor'] = $gwref['monitor']; } else { - if(($gateway['gateway'] == "dynamic") && ($gateway['monitor'])) { + if ($gateway['gateway'] == "dynamic") { $gateway['monitor'] = "127.0.0.{$i}"; $i++; } - if(!is_ipaddr($gateway['monitor'])) { + if (!is_ipaddr($gateway['monitor'])) $gateway['monitor'] = $gateway['gateway']; - } } - + $apingercfg .= "target \"{$gateway['monitor']}\" {\n"; $apingercfg .= " description \"{$gateway['name']}\"\n"; $alarms = ""; @@ -249,7 +248,7 @@ function return_gateways_status() { $gateways_arr = return_gateways_array(); $apingerstatus = array(); - if(is_readable("{$g['tmp_path']}/apinger.status")) { + if (file_exists("{$g['tmp_path']}/apinger.status")) { $apingerstatus = file("{$g['tmp_path']}/apinger.status"); } @@ -383,7 +382,7 @@ function return_gateway_groups_array() { $gwname = $itemsplit[0]; /* check if the gateway is available before adding it to the array */ foreach($gateways_status as $status) { - if(($status['name'] != $gwname)) { + if ($status['name'] != $gwname) { continue; } if (stristr($status['status'], "down")) { @@ -421,20 +420,18 @@ function return_gateway_groups_array() { log_error($msg); notify_via_growl($msg); foreach($group['item'] as $item) { - foreach($group['item'] as $item) { - $itemsplit = explode("|", $item); - $tier = $itemsplit[1]; - $gwname = $itemsplit[0]; - $tiers[$tier][] = $gwname; - } + $itemsplit = explode("|", $item); + $tier = $itemsplit[1]; + $gwname = $itemsplit[0]; + $tiers[$tier][] = $gwname; } } /* sort the tiers array by the tier key */ ksort($tiers); /* we do not really foreach the tiers as we stop after the first tier */ - foreach($tiers as $tiernr => $tier) { + foreach($tiers as $tier) { /* process all gateways in this tier */ - foreach($tier as $tiernr => $member) { + foreach($tier as $member) { /* determine interface gateway */ if (isset($gateways_arr[$member])) { $gateway = $gateways_arr[$member]; @@ -446,9 +443,11 @@ function return_gateway_groups_array() { $gatewayip = get_interface_gateway($gateway['friendlyiface']); } if (($int <> "") && is_ipaddr($gatewayip)) { - $gateway_groups_array[$group['name']][$tiernr]['int'] = "$int"; - $gateway_groups_array[$group['name']][$tiernr]['gwip'] = "$gatewayip"; - $gateway_groups_array[$group['name']][$tiernr]['weight'] = isset($gateway['weight']) ? $gateway['weight'] : 1; + $groupmember = array(); + $groupmember['int'] = "$int"; + $groupmember['gwip'] = "$gatewayip"; + $groupmember['weight'] = isset($gateway['weight']) ? $gateway['weight'] : 1; + $gateway_groups_array[$group['name']][] = $groupmember; } } /* we should have the 1st available tier now, exit stage left */ @@ -456,7 +455,7 @@ function return_gateway_groups_array() { } } } - return($gateway_groups_array); + return ($gateway_groups_array); } /* Update DHCP WAN Interface ip address in gateway group item */ @@ -477,52 +476,46 @@ function dhclient_update_gateway_groups_defaultroute($interface = "wan") { function lookup_gateway_ip_by_name($name) { global $config; - if(is_array($config['gateways']['gateway_item'])) { - foreach($config['gateways']['gateway_item'] as $gateway) { - if($gateway['name'] == $name) { - $gatewayip = $gateway['gateway']; - //$interfacegw = $gateway['interface']; - return($gatewayip); - } - } - } else { - return(false); - } + + $gateways_arr = return_gateways_array(); + if (!empty($gateways_arr[$name])) { + $gatewayip = $gateway['gateway']; + //$interfacegw = $gateway['interface']; + return ($gatewayip); + } else + return (false); } function lookup_gateway_monitor_ip_by_name($name) { global $config; + $gateways_arr = return_gateways_array(); + if (!empty($gateways_arr[$name])) { + $gateway = $gateways_arr[$name]; + if ($gateway['gateway'] == "dynamic") + $gateway['monitor'] = "127.0.0.2"; - $i = 2; - foreach($gateways_arr as $gateway) { - if($gateway['gateway'] == "dynamic") { - $gateway['monitor'] = "127.0.0.{$i}"; - $i++; - } - if($gateway['name'] == "$name") { - $monitorip = $gateway['monitor']; - if($monitorip == "") - $monitorip = $gateway['gateway']; + $monitorip = $gateway['monitor']; + if($monitorip == "") + $monitorip = $gateway['gateway']; - return($monitorip); - } + return ($monitorip); } - return(false); + + return (false); } function lookup_gateway_interface_by_name($name) { global $config; - $gateways_arr = return_gateways_array(); - foreach($gateways_arr as $gateway) { - if($gateway['name'] == "$name") { - $gatewayip = $gateway['gateway']; - $interfacegw = $gateway['interface']; - return($interfacegw); - } + $gateways_arr = return_gateways_array(); + if (!empty($gateways_arr[$name])) { + //$gatewayip = $gateway['gateway']; + $interfacegw = $gateway['interface']; + return ($interfacegw); } - return(false); + + return (false); } function get_interface_gateway($interface, &$dynamic = false) { @@ -547,7 +540,7 @@ function get_interface_gateway($interface, &$dynamic = false) { } /* return gateway */ - return $gw; + return ($gw); } ?> diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 72630e7..3fe4574 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -363,9 +363,9 @@ function openvpn_reconfigure($mode,& $settings) { switch($settings['mode']) { case 'p2p_tls': case 'p2p_shared_key': - $baselong = ip2long($ip) & ip2long($mask); - $ip1 = long2ip($baselong + 1); - $ip2 = long2ip($baselong + 2); + $baselong = ip2long32($ip) & ip2long($mask); + $ip1 = long2ip32($baselong + 1); + $ip2 = long2ip32($baselong + 2); $conf .= "ifconfig $ip1 $ip2\n"; break; case 'server_tls': @@ -463,9 +463,9 @@ function openvpn_reconfigure($mode,& $settings) { if (!empty($settings['tunnel_network'])) { list($ip, $mask) = explode('/', $settings['tunnel_network']); $mask = gen_subnet_mask($mask); - $baselong = ip2long($ip) & ip2long($mask); - $ip1 = long2ip($baselong + 1); - $ip2 = long2ip($baselong + 2); + $baselong = ip2long32($ip) & ip2long($mask); + $ip1 = long2ip32($baselong + 1); + $ip2 = long2ip32($baselong + 2); $conf .= "ifconfig $ip2 $ip1\n"; } @@ -626,9 +626,9 @@ function openvpn_resync_csc(& $settings) { if (!empty($settings['tunnel_network'])) { list($ip, $mask) = explode('/', $settings['tunnel_network']); - $baselong = ip2long($ip) & gen_subnet_mask_long($mask); - $ip1 = long2ip($baselong + 1); - $ip2 = long2ip($baselong + 2); + $baselong = ip2long32($ip) & gen_subnet_mask_long($mask); + $ip1 = long2ip32($baselong + 1); + $ip2 = long2ip32($baselong + 2); $conf .= "ifconfig-push {$ip1} {$ip2}\n"; } diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 14beba4..b653010 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1314,7 +1314,7 @@ function get_interface_info($ifdescr) { } } $dev = $ppp['ports']; - if (empty($dev)) + if ($config['interfaces'][$if]['ptpid'] != $ppp['ptpid'] || empty($dev)) break; if (file_exists($dev)) { if (file_exists("{$g['varrun_path']}/ppp_{$if}.pid")) { diff --git a/etc/inc/system.inc b/etc/inc/system.inc index c3502c8..6281a14 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -1339,4 +1339,83 @@ function enable_watchdog() { exec("/usr/sbin/watchdogd"); } } -?> + +function system_check_reset_button() { + global $g; + if($g['platform'] != "nanobsd") + return 0; + + $specplatform = system_identify_specific_platform(); + + if ($specplatform['name'] != "wrap" && $specplatform['name'] != "alix") + return 0; + + $retval = mwexec("/usr/local/sbin/" . $specplatform['name'] . "resetbtn"); + + if ($retval == 99) { + /* user has pressed reset button for 2 seconds - + reset to factory defaults */ + echo <<<EOD + +*********************************************************************** +* Reset button pressed - resetting configuration to factory defaults. * +* The system will reboot after this completes. * +*********************************************************************** + + +EOD; + + reset_factory_defaults(); + system_reboot_sync(); + exit(0); + } + + return 0; +} + +/* attempt to identify the specific platform (for embedded systems) + Returns an array with two elements: + name => platform string (e.g. 'wrap', 'alix' etc.) + descr => human-readable description (e.g. "PC Engines WRAP") +*/ +function system_identify_specific_platform() { + global $g; + + if ($g['platform'] == 'generic-pc') + return array('name' => 'generic-pc', 'descr' => "Generic PC"); + + if ($g['platform'] == 'generic-pc-cdrom') + return array('name' => 'generic-pc-cdrom', 'descr' => "Generic PC (CD-ROM)"); + + /* the rest of the code only deals with 'embedded' platforms */ + if ($g['platform'] != 'nanobsd') + return array('name' => $g['platform'], 'descr' => $g['platform']); + + $dmesg = system_get_dmesg_boot(); + + if (strpos($dmesg, "PC Engines WRAP") !== false) + return array('name' => 'wrap', 'descr' => 'PC Engines WRAP'); + + if (strpos($dmesg, "PC Engines ALIX") !== false) + return array('name' => 'alix', 'descr' => 'PC Engines ALIX'); + + if (preg_match("/Soekris net45../", $dmesg, $matches)) + return array('name' => 'net45xx', 'descr' => $matches[0]); + + if (preg_match("/Soekris net48../", $dmesg, $matches)) + return array('name' => 'net48xx', 'descr' => $matches[0]); + + if (preg_match("/Soekris net55../", $dmesg, $matches)) + return array('name' => 'net55xx', 'descr' => $matches[0]); + + /* unknown embedded platform */ + return array('name' => 'embedded', 'descr' => 'embedded (unknown)'); +} + +function system_get_dmesg_boot() { + global $g; + + return file_get_contents("{$g['varlog_path']}/dmesg.boot"); +} + +?>
\ No newline at end of file diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 930f9ac..0828bbf 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -198,7 +198,7 @@ function gen_subnet_max($ipaddr, $bits) { if (!is_ipaddr($ipaddr) || !is_numeric($bits)) return ""; - return long2ip(ip2long($ipaddr) | ~gen_subnet_mask_long($bits)); + return long2ip32(ip2long($ipaddr) | ~gen_subnet_mask_long($bits)); } /* returns a subnet mask (long given a bit count) */ @@ -216,9 +216,19 @@ function gen_subnet_mask($bits) { return long2ip(gen_subnet_mask_long($bits)); } +/* Convert long int to IP address, truncating to 32-bits. */ +function long2ip32($ip) { + return long2ip($ip & 0xFFFFFFFF); +} + +/* Convert IP address to long int, truncated to 32-bits to avoid sign extension on 64-bit platforms. */ +function ip2long32($ip) { + return ( ip2long($ip) & 0xFFFFFFFF ); +} + /* Convert IP address to unsigned long int. */ function ip2ulong($ip) { - return sprintf("%u", ip2long($ip)); + return sprintf("%u", ip2long32($ip)); } /* Find out how many IPs are contained within a given IP range @@ -246,12 +256,12 @@ function find_smallest_cidr($number) { /* Return the previous IP address before the given address */ function ip_before($ip) { - return long2ip(ip2long($ip)-1); + return long2ip32(ip2long($ip)-1); } /* Return the next IP address after the given address */ function ip_after($ip) { - return long2ip(ip2long($ip)+1); + return long2ip32(ip2long($ip)+1); } /* Return true if the first IP is 'before' the second */ @@ -347,7 +357,7 @@ function is_ipaddr($ipaddr) { return false; $ip_long = ip2long($ipaddr); - $ip_reverse = long2ip($ip_long); + $ip_reverse = long2ip32($ip_long); if ($ipaddr == $ip_reverse) return true; @@ -891,9 +901,9 @@ function check_subnets_overlap($subnet1, $bits1, $subnet2, $bits2) { /* compare two IP addresses */ function ipcmp($a, $b) { - if (ip2long($a) < ip2long($b)) + if (ip_less_than($a, $b)) return -1; - else if (ip2long($a) > ip2long($b)) + else if (ip_greater_than($a, $b)) return 1; else return 0; @@ -902,7 +912,7 @@ function ipcmp($a, $b) { /* return true if $addr is in $subnet, false if not */ function ip_in_subnet($addr,$subnet) { list($ip, $mask) = explode('/', $subnet); - $mask = 0xffffffff << (32 - $mask); + $mask = (0xffffffff << (32 - $mask)) & 0xffffffff; return ((ip2long($addr) & $mask) == (ip2long($ip) & $mask)); } diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index f2343e1..c874a83 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -343,8 +343,8 @@ function vpn_ipsec_configure($ipchg = false) $pool_address = $a_client['pool_address']; $pool_netmask = gen_subnet_mask($a_client['pool_netbits']); - $pool_address = long2ip(ip2long($pool_address)+1); - $pool_size = ~ip2long($pool_netmask) - 2; + $pool_address = long2ip32(ip2long($pool_address)+1); + $pool_size = (~ip2long($pool_netmask) & 0xFFFFFFFF) - 2; $racoonconf .= "\tpool_size {$pool_size};\n"; $racoonconf .= "\tnetwork4 {$pool_address};\n"; @@ -1012,7 +1012,7 @@ EOD; for ($i = 0; $i < $pptpdcfg['n_pptp_units']; $i++) { - $clientip = long2ip(ip2long($pptpdcfg['remoteip']) + $i); + $clientip = long2ip32(ip2long($pptpdcfg['remoteip']) + $i); $mpdconf .= <<<EOD @@ -1219,7 +1219,7 @@ EOD; for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) { - $clientip = long2ip(ip2long($pppoecfg['remoteip']) + $i); + $clientip = long2ip32(ip2long($pppoecfg['remoteip']) + $i); if (isset ($pppoecfg['radius']['radiusissueips']) && isset ($pppoecfg['radius']['enable'])) { $isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 0.0.0.0/0"; @@ -1409,7 +1409,7 @@ EOD; for ($i = 0; $i < $l2tpcfg['n_l2tp_units']; $i++) { - $clientip = long2ip(ip2long($l2tpcfg['remoteip']) + $i); + $clientip = long2ip32(ip2long($l2tpcfg['remoteip']) + $i); if (isset ($l2tpcfg['radius']['radiusissueips']) && isset ($l2tpcfg['radius']['enable'])) { $isssue_ip_type = "set ipcp ranges {$l2tpcfg['localip']}/32 0.0.0.0/0"; diff --git a/etc/inc/xmlparse.inc b/etc/inc/xmlparse.inc index 22cb5d6..c19a3ae 100644 --- a/etc/inc/xmlparse.inc +++ b/etc/inc/xmlparse.inc @@ -144,10 +144,10 @@ function cData($parser, $data) { } if (is_string($ptr)) { - $ptr .= $data; + $ptr .= html_entity_decode($data); } else { if (trim($data, " ") != "") { - $ptr = $data; + $ptr = html_entity_decode($data); $havedata++; } } @@ -256,8 +256,10 @@ function dump_xml_config_sub($arr, $indent) { if($cval === false) continue; if(($cval === true) || ($cval === "")) { $xmlconfig .= "<$ent/>\n"; + } else if (substr($ent, 0, 5) == "descr") { + $xmlconfig .= "<$ent><![CDATA[" . htmlentities($cval) . "]]></$ent>\n"; } else { - $xmlconfig .= "<$ent>" . htmlspecialchars($cval) . "</$ent>\n"; + $xmlconfig .= "<$ent>" . htmlentities($cval) . "</$ent>\n"; } } } @@ -279,7 +281,10 @@ function dump_xml_config_sub($arr, $indent) { $xmlconfig .= "<$ent/>\n"; } else if (!is_bool($val)) { $xmlconfig .= str_repeat("\t", $indent); - $xmlconfig .= "<$ent>" . htmlspecialchars($val) . "</$ent>\n"; + if (substr($ent, 0, 5) == "descr") + $xmlconfig .= "<$ent><![CDATA[" . htmlentities($val) . "]]></$ent>\n"; + else + $xmlconfig .= "<$ent>" . htmlentities($val) . "</$ent>\n"; } } } @@ -22,6 +22,33 @@ export HOME PATH # Set our operating platform PLATFORM=`cat /etc/platform` +# Mount memory file system if it exists +echo -n "Mounting filesystems..." +/sbin/mount -a + +# Mount /. If it fails run a fsck. +if [ ! "$PLATFORM" = "cdrom" ] ; then + /sbin/mount -a || (/sbin/fsck -fy; /sbin/mount -a) + + # If /conf is a directory, convert it to a symlink + # to /cf/conf + if [ -d "/conf" ]; then + # If item is not a symlink then rm and recreate + CONFPOINTSTO=`readlink /conf` + if ! test "x$CONFPOINTSTO" = "x/cf/conf"; then + rm -rf /conf + ln -s /cf/conf /conf + fi + fi +fi + +# Check to see if a compact flash mountpoint exists +# If it fails to mount then run a fsck -fy +if grep -q cf /etc/fstab; then + /sbin/mount -uw /cf || \ + (/sbin/umount /cf; /sbin/fsck -fy /cf; /sbin/mount -w /cf) +fi + # Set our current version version=`cat /etc/version` @@ -41,9 +68,9 @@ if [ "$PLATFORM" = "pfSense" ]; then mdmfs -S -M -s 4m md /var/run fi -product=`cat /etc/inc/globals.inc | grep product_name | cut -d'"' -f4` -hideplatform=`cat /etc/inc/globals.inc | grep hideplatform | wc -l` -varrunpath=`cat /etc/inc/globals.inc | grep varrun_path | cut -d'"' -f4` +product=`grep product_name /etc/inc/globals.inc | cut -d'"' -f4` +hideplatform=`grep hideplatform /etc/inc/globals.inc | wc -l` +varrunpath=`grep varrun_path /etc/inc/globals.inc | cut -d'"' -f4` if [ "$hideplatform" -gt "0" ]; then platformbanner="" # hide the platform @@ -61,33 +88,6 @@ echo # Enable console output if its muted. /sbin/conscontrol mute off >/dev/null -# Mount memory file system if it exists -echo -n "Mounting filesystems..." -/sbin/mount -a - -# Mount /. If it fails run a fsck. -if [ ! "$PLATFORM" = "cdrom" ] ; then - /sbin/mount -uw / || (/sbin/fsck -fy; /sbin/mount -uw /) - - # If /conf is a directory, convert it to a symlink - # to /cf/conf - if [ -d "/conf" ]; then - # If item is not a symlink then rm and recreate - CONFPOINTSTO=`readlink /conf` - if ! test "x$CONFPOINTSTO" = "x/cf/conf"; then - rm -rf /conf - ln -s /cf/conf /conf - fi - fi -fi - -# Check to see if a compact flash mountpoint exists -# If it fails to mount then run a fsck -fy -if grep -q cf /etc/fstab; then - /sbin/mount -uw /cf || \ - (/sbin/umount /cf; /sbin/fsck -fy /cf; /sbin/mount -w /cf) -fi - if [ "$PLATFORM" = "cdrom" ] ; then # do nothing for cdrom platform elif [ "$PLATFORM" = "embedded" ] ; then diff --git a/etc/rc.bootup b/etc/rc.bootup index 8decbcd..95bdbc9 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -126,6 +126,12 @@ echo " done.\n"; conf_mount_rw(); +/* save dmesg output to file */ +system_dmesg_save(); + +/* check whether config reset is desired (via hardware button on WRAP/ALIX) */ +system_check_reset_button(); + /* remove previous firmware upgrade if present */ if (file_exists("/root/firmware.tgz")) unlink("/root/firmware.tgz"); @@ -180,9 +186,6 @@ load_glxsb(); /* run any early shell commands specified in config.xml */ system_do_shell_commands(1); -/* save dmesg output to file */ -system_dmesg_save(); - /* set up our timezone */ system_timezone_configure(); @@ -202,6 +205,9 @@ interfaces_configure(); if(!$debugging) unmute_kernel_msgs(); +/* re-make hosts file after configuring interfaces */ +system_hosts_generate(); + /* generate resolv.conf */ system_resolvconf_generate(); @@ -372,4 +378,4 @@ led_normalize(); conf_mount_ro(); -?> +?>
\ No newline at end of file diff --git a/etc/rc.initial.firmware_update b/etc/rc.initial.firmware_update index f510760..70e1dbc 100755 --- a/etc/rc.initial.firmware_update +++ b/etc/rc.initial.firmware_update @@ -37,7 +37,7 @@ switch ($command) { die; break; case "1": - echo "\nEnter the URL to the .tgz update file:\n> "; + echo "\nEnter the URL to the .tgz or .img.gz update file:\n> "; $url = chop(fgets($fp)); if(!$url) { fclose($fp); @@ -91,23 +91,17 @@ switch ($command) { if(strstr($url,"bdiff")) { echo "Binary DIFF upgrade file detected...\n"; $type = "bdiff"; - } - if(strstr($url,"nanobsd")) { - echo "NanoBSD upgrade file detected...\n"; - $type = "nanobsd"; - } - if(file_exists("/root/firmware.tgz")) { - $type = "normal"; - do_upgrade("/root/firmware.tgz", $type); - exit; + } elseif(strstr($url,"nanobsd")) { + echo "NanoBSD upgrade file detected...\n"; + $type = "nanobsd"; } else { - echo "\nCould not download update.\n\n"; - fclose($fp); - die -1; + $type = "normal"; } + do_upgrade("/root/firmware.tgz", $type); + exit; } case "2": - echo "\nEnter the complete path to the .tgz update file: "; + echo "\nEnter the complete path to the .tgz or .img.gz update file: "; $path = chop(fgets($fp)); if(!$path) { fclose($fp); @@ -192,9 +186,9 @@ function do_upgrade($path, $type) { mark_subsystem_dirty('firmwarelock'); check_for_kernel_file(); echo "\nOne moment please...\nInvoking firmware upgrade..."; - if($type == "bdiff") + if($type == "bdiff") mwexec_bg("/etc/rc.firmware delta_update $path"); - elseif($type == "nanobsd") + elseif($type == "nanobsd") mwexec_bg("/etc/rc.firmware pfSenseNanoBSDupgrade $path"); else mwexec_bg("/etc/rc.firmware pfSenseupgrade $path"); |