diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-11-20 20:06:48 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-11-20 20:06:48 -0600 |
commit | d65c61130ae616c372dd4ef73632bcbaf5d058d8 (patch) | |
tree | ba9d390f98a1a44aa17b203eb3c0208e8fd52b20 /src/etc/inc/shaper.inc | |
parent | d036bc07bca646598cfde90e4c440b033869afdb (diff) | |
download | pfsense-d65c61130ae616c372dd4ef73632bcbaf5d058d8.zip pfsense-d65c61130ae616c372dd4ef73632bcbaf5d058d8.tar.gz |
Remove layer7 components. Ticket #5508
Diffstat (limited to 'src/etc/inc/shaper.inc')
-rw-r--r-- | src/etc/inc/shaper.inc | 455 |
1 files changed, 0 insertions, 455 deletions
diff --git a/src/etc/inc/shaper.inc b/src/etc/inc/shaper.inc index f4fab87..e2a71ea 100644 --- a/src/etc/inc/shaper.inc +++ b/src/etc/inc/shaper.inc @@ -4338,461 +4338,6 @@ class dnqueue_class extends dummynet_class { } } -// List of layer7 objects -$layer7_rules_list = array(); - -class layer7 { - - var $rname; //alias - var $rdescription; //alias description - var $rport; //divert port - var $renabled; //rule enabled - var $rsets = array(); //array of l7 associations - - // Auxiliary functions - - function GetRName() { - return $this->rname; - } - function SetRName($rname) { - $this->rname = $rname; - } - function GetRDescription() { - return $this->rdescription; - } - function SetRDescription($rdescription) { - $this->rdescription = $rdescription; - } - function GetRPort() { - return $this->rport; - } - function SetRPort($rport) { - $this->rport = $rport; - } - function GetREnabled() { - return $this->renabled; - } - function SetREnabled($value) { - $this->renabled = $value; - } - function GetRl7() { - return $this->rsets; - } - function SetRl7($rsets) { - $this->rsets = $rsets; - } - - //Add a tuple (rule,structure,element) to the $rsets - - function add_rule($l7set) { - $this->rsets[] = $l7set; - } - - // Build the layer7 rules - function build_l7_rules() { - if ($this->GetREnabled() == "") { - return; - } - //$l7rules = "#" . $this->rdescription . "\n"; - foreach ($this->rsets as $rl7) { - $l7rules .= $rl7->build_rules(); - } - return $l7rules; - } - - // Read the config from array - function ReadConfig(&$qname, &$q) { - $this->SetRName($qname); - $this->SetREnabled($q['enabled']); - $this->SetRPort($q['divert_port']); - if (isset($q['description']) && $q['description'] <> "") { - $this->SetRDescription($q['description']); - } - $rsets = $q['l7rules']; - //Put individual rules in the array - if (is_array($rsets)) { - $this->rsets = array(); // XXX: ugly hack - foreach ($rsets as $l7r) { - $l7obj = new l7rule(); - $l7obj->SetRProtocol($l7r['protocol']); - $l7obj->SetRStructure($l7r['structure']); - $l7obj->SetRBehaviour($l7r['behaviour']); - $this->add_rule($l7obj); - } - } - } - - //Generate a random port for the divert socket - function gen_divert_port() { - $dports = get_divert_ports(); //array of used ports - $divert_port = 1; // Initialize - while (($divert_port % 2) != 0 || in_array($divert_port, $dports)) { - $divert_port = rand(40000, 60000); - } - return $divert_port; - } - - //Helps building the left tree - function build_tree() { - $tree = " <li><a href=\"firewall_shaper_layer7.php?container=" . $this->GetRName() ."&action=show\">"; - $tree .= $this->GetRName() . "</a>"; - $tree .= "</li>"; - - return $tree; - } - - function build_form() { - - $form = new Form(new Form_Button( - 'Submit', - 'Save' - )); - - $section = new Form_Section('Traffic Shaper'); - - $section->addInput(new Form_Checkbox( - 'enabled', - 'Enable/Disable', - 'Enable/disable discipline and its children', - ($this->GetREnabled() == "on"), - 'on' - )); - - $section->addInput(new Form_Input( - 'container', - 'Name', - 'text', - $this->GetRName() - )); - - $section->addInput(new Form_Input( - 'description', - 'Description', - 'text', - $this->GetRDescription() - ))->setHelp('You may enter a description here for your reference (not parsed).'); - - $form->add($section); - - return $form; - } - - //Write the setting to the $config array - function wconfig() { - global $config; - - if (!is_array($config['l7shaper']['container'])) { - $config['l7shaper']['container'] = array(); - } - // - $cflink =& get_l7c_reference_to_me_in_config($this->GetRName()); - // Test if this rule exists already - if (!$cflink) { - $cflink =& $config['l7shaper']['container'][]; - } - $cflink['name'] = $this->GetRName(); - $cflink['enabled'] = $this->GetREnabled(); - $cflink['description'] = $this->GetRDescription(); - $cflink['divert_port'] = $this->GetRPort(); - - // Destroy previously existent rules - if (is_array($cflink['rules'])) { - unset($cflink['l7rules']); - } - - $cflink['l7rules'] = array(); - - $i = 0; - foreach ($this->rsets as $rulel7) { - $cflink['l7rules'][$i]['protocol'] = $rulel7->GetRProtocol(); - $cflink['l7rules'][$i]['structure'] = $rulel7->GetRStructure(); - $cflink['l7rules'][$i]['behaviour'] = $rulel7->GetRBehaviour(); - $i++; - } - } - - //This function is necessary to help producing the overload options for keep state - function get_unique_structures() { - - $unique_structures = array("action" => false, "dummynet" => false, "altq" => false); - foreach ($this->rsets as $l7rule) { - if ($l7rule->GetRStructure() == "action") { - $unique_structures['action'] = true; - } else if ($l7rule->GetRStructure() == "limiter") { - $unique_structures['dummynet'] = true; - } else { - $unique_structures['altq'] = true; - } - } - //Delete non used structures so we don't have to check this in filter.inc - foreach ($unique_structures as $key => $value) { - if (!$value) { - unset($unique_structures[$key]); - } - } - return $unique_structures; - } - - function validate_input($data, &$input_errors) { - $reqdfields[] = "container"; - $reqdfieldsn[] = gettext("Name"); - - shaper_do_input_validation($data, $reqdfields, $reqdfieldsn, $input_errors); - - if (!preg_match("/^[a-zA-Z0-9_-]+$/", $data['container'])) { - $input_errors[] = gettext("Queue names must be alphanumeric and _ or - only."); - } - } - - function delete_l7c() { - mwexec("/bin/pkill -f 'ipfw-classifyd .* -p ". $this->GetRPort() . "'", true); - unset_l7_object_by_reference($this->GetRName()); - cleanup_l7_from_rules($this->GetRName()); - } -} - -class l7rule { - - var $rprotocol; //protocol - var $rstructure; //action, limiter, queue - var $rbehaviour; //allow, block, queue_name, pipe_number ... - - //Auxiliary Functions - - function GetRProtocol() { - return $this->rprotocol; - } - function SetRProtocol($rprotocol) { - $this->rprotocol = $rprotocol; - } - function GetRStructure() { - return $this->rstructure; - } - function SetRStructure($rstructure) { - $this->rstructure = $rstructure; - } - function GetRBehaviour() { - return $this->rbehaviour; - } - function SetRBehaviour($rbehaviour) { - $this->rbehaviour = $rbehaviour; - } - - //XXX Do we need to test any particularity for AltQ queues? - function build_rules() { - global $dummynet_pipe_list; - switch ($this->GetRStructure()) { - case "limiter": - read_dummynet_config(); - $dn_list =& get_unique_dnqueue_list(); - $found = false; - if (is_array($dn_list)) { - foreach ($dn_list as $key => $value) { - if ($key == $this->GetRBehaviour()) { - if ($value[0] == "?") { - $l7rule = $this->GetRProtocol() . " = dnqueue " . substr($value, 1) . "\n"; - } else { - $l7rule = $this->GetRProtocol() . " = dnpipe " . $value . "\n"; - } - $found = true; - } - if ($found) { - break; - } - } - } - break; - default: //This is for action and for altq - $l7rule = $this->GetRProtocol() . " = " . $this->GetRStructure() . " " . $this->GetRBehaviour() . "\n"; - break; - } - return $l7rule; - } -} - -/* - * This function allows to return an array with all the used divert socket ports - */ -function get_divert_ports() { - global $layer7_rules_list; - $dports = array(); - - foreach ($layer7_rules_list as $l7r) { - $dports[] = $l7r->GetRPort(); - } - - return $dports; -} - -function &get_l7c_reference_to_me_in_config(&$name) { - global $config; - - $ptr = NULL; - - if (is_array($config['l7shaper']['container'])) { - foreach ($config['l7shaper']['container'] as $key => $value) { - if ($value['name'] == $name) { - $ptr =& $config['l7shaper']['container'][$key]; - } - } - } - return $ptr; - // $ptr can be null. has to be checked later -} - -function unset_l7_object_by_reference(&$name) { - global $config; - - if (is_array($config['l7shaper']['container'])) { - foreach ($config['l7shaper']['container'] as $key => $value) { - if ($value['name'] == $name) { - unset($config['l7shaper']['container'][$key]['l7rules']); - unset($config['l7shaper']['container'][$key]); - break; - } - } - } -} - -function read_layer7_config() { - global $layer7_rules_list, $config; - - if (!is_array($config['l7shaper']['container']) || !count($config['l7shaper']['container'])) { - $layer7_rules_list = array(); - return; - } - - $l7cs = &$config['l7shaper']['container']; - - $layer7_rules_list = array(); - - foreach ($l7cs as $conf) { - if (empty($conf['name'])) { - continue; /* XXX: grrrrrr at php */ - } - $root =& new layer7(); - $root->ReadConfig($conf['name'], $conf); - $layer7_rules_list[$root->GetRName()] = &$root; - } -} - -function update_layer7_custom_patterns() { - global $config; - - if (!is_array($config['l7shaper']['custom_pat'])) { - return; - } - - foreach ($config['l7shaper']['custom_pat'] as $filename => $filecontent) { - if (!file_exists("/usr/local/share/protocols/" . $filename)) { - @file_put_contents("/usr/local/share/protocols/" . $filename, base64_decode($filecontent)); - } - } -} - -function generate_layer7_files() { - global $layer7_rules_list, $g; - - read_layer7_config(); - - if (!empty($layer7_rules_list)) { - if (!is_module_loaded("ipdivert.ko")) { - mwexec("/sbin/kldload ipdivert.ko"); - } - - array_map('unlink', glob("{$g['tmp_path']}/*.l7")); - } - - update_layer7_custom_patterns(); - - foreach ($layer7_rules_list as $l7rules) { - if ($l7rules->GetREnabled()) { - $filename = $l7rules->GetRName() . ".l7"; - $path = "{$g['tmp_path']}/" . $filename; - - $rules = $l7rules->build_l7_rules(); - - $fp = fopen($path, 'w'); - fwrite($fp, $rules); - fclose($fp); - } - } -} - -function layer7_start_l7daemon() { - global $layer7_rules_list, $g; - - /* - * XXX: ermal - Needed ?! - * read_layer7_config(); - */ - - foreach ($layer7_rules_list as $l7rules) { - if ($l7rules->GetREnabled()) { - $filename = $l7rules->GetRName() . ".l7"; - $path = "{$g['tmp_path']}/" . $filename; - - unset($l7pid); - /* Only reread the configuration rather than restart to avoid losing information. */ - exec("/bin/pgrep -f 'ipfw-classifyd .* -p ". $l7rules->GetRPort() . "'", $l7pid); - if (count($l7pid) > 0) { - log_error(sprintf(gettext("Sending HUP signal to %s"), $l7pid[0])); - mwexec("/bin/kill -HUP {$l7pid[0]}"); - } else { - // XXX: Hardcoded number of packets to garbage collect and queue length. - $ipfw_classifyd_init = "/usr/local/sbin/ipfw-classifyd -n 8 -q 700 -c {$path} -p " . $l7rules->GetRPort() . " -P /usr/local/share/protocols"; - mwexec_bg($ipfw_classifyd_init); - } - } - } -} - -// This function uses /usr/local/share/protocols as a default directory for searching .pat files -function generate_protocols_array() { - - update_layer7_custom_patterns(); - - $protocols = return_dir_as_array("/usr/local/share/protocols"); - $protocols_new = array(); - if (is_array($protocols)) { - foreach ($protocols as $key => $proto) { - if (strstr($proto, ".pat")) { - $protocols_new[$key] =& str_replace(".pat", "", $proto); - } - } - sort($protocols_new); - } - return $protocols_new; -} - -function get_l7_unique_list() { - global $layer7_rules_list; - - $l7list = array(); - if (is_array($layer7_rules_list)) { - foreach ($layer7_rules_list as $l7c) { - if ($l7c->GetREnabled()) { - $l7list[] = $l7c->GetRName(); - } - } - } - - return $l7list; -} - -// Disable a removed l7 container from the filter -function cleanup_l7_from_rules(&$name) { - global $config; - - if (is_array($config['filter']['rule'])) { - foreach ($config['filter']['rule'] as $key => $rule) { - if ($rule['l7container'] == $name) { - unset($config['filter']['rule'][$key]['l7container']); - } - } - } -} - function get_dummynet_name_list() { $dn_name_list =& get_unique_dnqueue_list(); |