Merge branch 'master' of https://github.com/pfsense/pfsense into

dyndns_dreamhost
author: frank <frankthetank@users.noreply.github.com> 2017-04-21 22:59:11 -0400
committer: frank <frankthetank@users.noreply.github.com> 2017-04-21 22:59:11 -0400
commit: a741f6e8af56c0cd6b013b60576287f0ffd6c84a (patch)
tree: e0c1b44b082de4c6e2dd9ec6e227076214d43286 /src/etc
parent: c00c6f672117d599649c324553e44e64f2d553cc (diff)
parent: b7d2a3da5a0ef272303c9e5455431267fc0e56ae (diff)
download: pfsense-a741f6e8af56c0cd6b013b60576287f0ffd6c84a.zip
pfsense-a741f6e8af56c0cd6b013b60576287f0ffd6c84a.tar.gz
17 files changed, 717 insertions, 122 deletions
diff --git a/src/etc/inc/authgui.inc b/src/etc/inc/authgui.inc
index c7d3362..db76b88 100644
--- a/src/etc/inc/authgui.inc
+++ b/src/etc/inc/authgui.inc
@@ -27,6 +27,7 @@ include_once("priv.inc");
 if (!function_exists('platform_booting')) {
 	require_once('globals.inc');
 }
+require_once('pfsense-utils.inc');
 
 /* Authenticate user - exit if failed */
 if (!session_auth()) {
diff --git a/src/etc/inc/certs.inc b/src/etc/inc/certs.inc
index bb114c8..ef12843 100644
--- a/src/etc/inc/certs.inc
+++ b/src/etc/inc/certs.inc
@@ -541,29 +541,26 @@ function cert_get_issuer($str_crt, $decode = true) {
 	return $issuer;
 }
 
-/* this function works on x509 (crt), rsa key (prv), and req(csr) */
-function cert_get_modulus($str_crt, $decode = true, $type = "crt") {
+/* Works for both RSA and ECC (crt) and key (prv) */
+function cert_get_publickey($str_crt, $decode = true, $type = "crt") {
 	if ($decode) {
 		$str_crt = base64_decode($str_crt);
 	}
-
-	$modulus = "";
-	if (in_array($type, array("crt", "prv", "csr"))) {
-		$type = str_replace(array("crt", "prv", "csr"), array("x509", "rsa", "req"), $type);
-		$modulus = exec("echo \"{$str_crt}\" | openssl {$type} -noout -modulus");
+	switch ($type) {
+		case 'prv':
+			exec("echo \"{$str_crt}\" | openssl pkey -pubout", $out);
+			break;
+		case 'crt':
+			exec("echo \"{$str_crt}\" | openssl x509 -inform pem -noout -pubkey", $out);
+			break;
+		case 'csr':
+			exec("echo \"{$str_crt}\" | openssl req -inform pem -noout -pubkey", $out);
+			break;
+		default:
+			$out = array();
+			break;
 	}
-	return $modulus;
-}
-
-/* Same but returns modulus keysize not modulus itself */
-function cert_get_modulus_keysize($str_crt, $decode = true, $type = "crt") {
-	// modulus usually returned as "modulus=.....". Remove anything before an "=" and return 4 x (hex string length)
-	$raw_modulus = explode('=', cert_get_modulus($str_crt, $decode, $type));
-	return strlen(array_pop($raw_modulus))*4;
-}
-
-function csr_get_modulus($str_crt, $decode = true) {
-	return cert_get_modulus($str_crt, $decode, "csr");
+	return implode("\n", $out);
 }
 
 function cert_get_purpose($str_crt, $decode = true) {
@@ -603,10 +600,6 @@ function cert_get_serial($str_crt, $decode = true) {
 	}
 }
 
-function prv_get_modulus($str_crt, $decode = true) {
-	return cert_get_modulus($str_crt, $decode, "prv");
-}
-
 function is_openvpn_server_ca($caref) {
 	global $config;
 	if (!is_array($config['openvpn']['openvpn-server'])) {
@@ -771,6 +764,27 @@ function cert_in_use($certref) {
 		is_package_cert($certref));
 }
 
+function cert_usedby_description($refid, $certificates_used_by_packages) {
+	$result = "";
+	if (is_array($certificates_used_by_packages)) {
+		foreach ($certificates_used_by_packages as $name => $package) {
+			if (isset($package['certificatelist'][$refid])) {
+				$hint = "" ;
+				if (is_array($package['certificatelist'][$refid])) {
+					foreach ($package['certificatelist'][$refid] as $cert_used) {
+						$hint = $hint . $cert_used['usedby']."\n";
+					}
+				}
+				$count = count($package['certificatelist'][$refid]);
+				$result .= "<div title='".htmlspecialchars($hint)."'>";
+				$result .= htmlspecialchars($package['pkgname'])." ($count)<br />";
+				$result .= "</div>";
+			}
+		}
+	}
+	return $result;
+}
+
 function crl_create(& $crl, $caref, $name, $serial = 0, $lifetime = 9999) {
 	global $config;
 	$ca =& lookup_ca($caref);
@@ -861,7 +875,7 @@ function cert_compare($cert1, $cert2) {
 	if ((cert_get_issuer($c1, false) == cert_get_issuer($c2, false)) &&
 	    (cert_get_subject($c1, false) == cert_get_subject($c2, false)) &&
 	    (cert_get_serial($c1, false) == cert_get_serial($c2, false)) &&
-	    (cert_get_modulus($c1, false) == cert_get_modulus($c2, false))) {
+	    (cert_get_publickey($c1, false) == cert_get_publickey($c2, false))) {
 		return true;
 	}
 	return false;
diff --git a/src/etc/inc/config.console.inc b/src/etc/inc/config.console.inc
index 1415e86..a61bbd7 100644
--- a/src/etc/inc/config.console.inc
+++ b/src/etc/inc/config.console.inc
@@ -71,7 +71,7 @@ EOD;
 			else
 				$status = "(down)";
 			$ifsmallist = $ifsmallist . $iface. " ";
-			echo sprintf("% -7s%s %s %s\n", $iface, $ifa['mac'],
+			echo sprintf("%-7s %s %s %s\n", $iface, $ifa['mac'],
 				$status, substr($ifa['dmesg'], 0, 48));
 		}
 	}
diff --git a/src/etc/inc/dyndns.class b/src/etc/inc/dyndns.class
index f0423c9..b32d761 100644
--- a/src/etc/inc/dyndns.class
+++ b/src/etc/inc/dyndns.class
@@ -60,6 +60,7 @@
 	 *    - All-Inkl (all-inkl.com)
 	 *    - DuiaDNS (www.duiadns.net)
 	 *    - DuiaDNS IPv6 (www.duiadns.net)
+	 *    - Hover (www.hover.com)
 	 *    - DreamHost DNS (www.dreamhost.com)
 	 * +----------------------------------------------------+
 	 *  Requirements:
@@ -114,6 +115,7 @@
 	 *  All-Inkl        - Last Tested: 12 November 2016
 	 *  DuiaDNS         - Last Tested: 25 November 2016
 	 *  DuiaDNS IPv6    - Last Tested: 25 November 2016
+	 *  Hover           - Last Tested: 15 February 2017
 	 *  DreamHost       - Not Tested
 	 *  DreamHost IPv6  - Not Tested
 	 * +====================================================+
@@ -214,6 +216,7 @@
 			case "cloudflare-v6":
 			case "cloudflare":
 			case "gratisdns":
+			case "hover":
 				if (!$dnsUser) $this->_error(3);
 				if (!$dnsPass) $this->_error(4);
 				if (!$dnsHost) $this->_error(5);
@@ -324,6 +327,7 @@
 					case 'spdyn':
 					case 'spdyn-v6':
 					case 'all-inkl':
+					case 'hover':
 						$this->_update();
 						if ($this->_dnsDummyUpdateDone == true) {
 							// If a dummy update was needed, then sleep a while and do the update again to put the proper address back.
@@ -835,6 +839,52 @@
 					curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass);
 					curl_setopt($ch, CURLOPT_URL, $server . 'myip=' . $this->_dnsIP);
 					break;
+				case 'hover':
+					$needsIP = FALSE;
+					$port = "";
+					curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+					curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
+					
+					//step 1: login to API
+					$post_data['username'] = $this->_dnsUser;
+					$post_data['password'] = $this->_dnsPass;
+					curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
+					curl_setopt($ch, CURLOPT_URL, "https://www.hover.com/api/login");
+					curl_setopt($ch, CURLOPT_HEADER, 1); //return the full headers to extract the cookies
+					$output = curl_exec($ch);
+					
+					//extract the cookies
+					preg_match_all("/^Set-cookie: (.*?);/ism", $output, $cookies);
+					if( count($cookies[1]) > 0 ){
+						$cookie_data = implode("; ",$cookies[1]);
+					}
+					
+					//step 2: find the id of the A record
+					$post_data = null;
+					curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
+					curl_setopt($ch, CURLOPT_COOKIE, $cookie_data);
+					curl_setopt($ch, CURLOPT_HEADER, 0);
+					curl_setopt($ch, CURLOPT_URL, "https://www.hover.com/api/dns");
+					curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
+					
+					$output = curl_exec($ch);
+					preg_match("/^{\"succeeded\":true.*?domain_name\":\"{$this->_dnsDomain}.*?entries.*?{\"id\":\"([^\"]*?)\",\"name\":\"{$this->_dnsHost}\".*?\$/", $output, $hostID);
+					$hostID = $hostID[1];
+					preg_match("/^{\"succeeded\":true.*?domain_name\":\"{$this->_dnsDomain}.*?entries.*?{[^\}]*?\"name\":\"{$this->_dnsHost}\".*?content\":\"([^\"]*?)\".*?\$/", $output, $hostIP);
+					$hostIP = $hostIP[1];
+					
+					//step 3: update the IP
+					if ($hostID) {
+						curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+						curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
+						curl_setopt($ch, CURLOPT_COOKIE, $cookie_data);
+						$post_data['content'] = $this->_dnsIP;
+						curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
+						curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT');
+						curl_setopt($ch, CURLOPT_URL, "https://www.hover.com/api/dns/{$hostID}");
+						log_error("HostID:{$hostID}, OldIP:{$hostIP}");
+					}
+					break;
 				case 'dreamhost':
 				case 'dreamhost-v6':
 					$needsIP = TRUE;
@@ -1707,6 +1757,16 @@
  							$this->_debug($header);
  					}
  					break;
+				case 'hover':
+					if (preg_match('/succeeded":true/i', $data)) {
+						$status = $status_intro . $success_str . gettext("IP Address Changed Successfully!") . " (" . $this->_dnsIP . ")";
+						$successful_update = true;
+					} else {
+						$status = $status_intro . "(" . gettext("Unknown Response") . ")";
+						log_error($status_intro . gettext("PAYLOAD:") . " " . $data);
+						$this->_debug($data);
+					}
+					break;
 				case 'dreamhost':
 				case 'dreamhost-v6':
 					$result = json_decode($data,true);
diff --git a/src/etc/inc/easyrule.inc b/src/etc/inc/easyrule.inc
index 766eb2e..8984c45 100644
--- a/src/etc/inc/easyrule.inc
+++ b/src/etc/inc/easyrule.inc
@@ -30,7 +30,7 @@ require_once("config.inc");
 function easyrule_find_rule_interface($int) {
 	global $config;
 	/* Borrowed from firewall_rules.php */
-	$iflist = get_configured_interface_with_descr(false, true);
+	$iflist = get_configured_interface_with_descr(true);
 
 	if ($config['pppoe']['mode'] == "server") {
 		$iflist['pppoe'] = "PPPoE Server";
diff --git a/src/etc/inc/functions.inc b/src/etc/inc/functions.inc
index 085fab1..abb3578 100644
--- a/src/etc/inc/functions.inc
+++ b/src/etc/inc/functions.inc
@@ -23,47 +23,17 @@
  * limitations under the License.
  */
 
-/* BEGIN compatibility goo with HEAD */
-if (!function_exists("pfSenseHeader")) {
-	/****f* pfsense-utils/pfSenseHeader
-	 * NAME
-	 *   pfSenseHeader
-	 * INPUTS
-	 *   none
-	 * RESULT
-	 *   Javascript header change or browser Location:
-	 ******/
-	function pfSenseHeader($text) {
-		global $_SERVER;
-		if (isAjax()) {
-			if ($_SERVER['HTTPS'] == "on") {
-				$protocol = "https";
-			} else {
-				$protocol = "http";
-			}
-
-			$port = ":{$_SERVER['SERVER_PORT']}";
-			if ($_SERVER['SERVER_PORT'] == "80" && $protocol == "http") {
-				$port = "";
-			}
-			if ($_SERVER['SERVER_PORT'] == "443" && $protocol == "https") {
-				$port = "";
-			}
-			$complete_url = "{$protocol}://{$_SERVER['HTTP_HOST']}{$port}/{$text}";
-			echo "\ndocument.location.href = '{$complete_url}';\n";
-		} else {
-			header("Location: $text");
-		}
-	}
-}
-/* END compatibility goo with HEAD */
+/*
+ * DEPRECATED! DO NOT INCLUDE THIS FILE!
+ * Use individual .inc files containing the required functions instead.
+ */
 
 /* include all configuration functions */
-require_once("interfaces.inc");
+require_once("certs.inc");
 require_once("gwlb.inc");
-require_once("services.inc");
+require_once("interfaces.inc");
 require_once("pfsense-utils.inc");
-require_once("certs.inc");
+require_once("services.inc");
 require_once("system.inc");
 require_once("vslb.inc");
 
diff --git a/src/etc/inc/gwlb.inc b/src/etc/inc/gwlb.inc
index d7cecc0..1e927f5 100644
--- a/src/etc/inc/gwlb.inc
+++ b/src/etc/inc/gwlb.inc
@@ -521,8 +521,13 @@ function return_gateways_status_text($byname = false, $brief = false) {
 	return $output;
 }
 
-/* Return all configured gateways on the system */
-function return_gateways_array($disabled = false, $localhost = false, $inactive = false) {
+/* Return all configured gateways on the system
+   $disabled = true - include gateways that are disabled
+   $localhost = true - include "Null" entries for localhost IP addresses
+   $inactive = true - include gateways on inactive interfaces
+   $integer_index = true - index the returned array by integers 0,1,2,... instead of by GW name
+*/
+function return_gateways_array($disabled = false, $localhost = false, $inactive = false, $integer_index = false) {
 	global $config, $g;
 
 	$gateways_arr = array();
@@ -638,7 +643,7 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive
 	if ($disabled == false) {
 		$iflist = get_configured_interface_with_descr();
 	} else {
-		$iflist = get_configured_interface_with_descr(false, true);
+		$iflist = get_configured_interface_with_descr(true);
 	}
 
 	/* Process/add dynamic v4 gateways. */
@@ -864,6 +869,11 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive
 		$gateways_arr['Null4'] = $gwlo4;
 		$gateways_arr['Null6'] = $gwlo6;
 	}
+
+	if ($integer_index) {
+		$gateways_arr = array_values($gateways_arr);
+	}
+
 	return($gateways_arr);
 }
 
@@ -1323,4 +1333,465 @@ function gateway_is_gwgroup_member($name) {
 
 	return $members;
 }
+/*
+  Check the proposed gateway settings to see if they are valid.
+  $gateway_settings - the proposed array of proposed gateway settings
+  $id - the index of the gateway proposed to be modified (otherwise "" if adding a new gateway)
+  $parent_ip - the IP (v4 or v6) address about to be set on the corresponding interface (if any)
+  $parent_sn - the subnet about to be set on the corresponding interface (if any)
+  (Note: the above 2 parameters allow gateway parameters to be validated concurrently with saving
+   an interface, before the new interface parameters are actually saved in the config.)
+  Return completed $input_errors array if there is any problem.
+  Otherwise return an empty $input_errors array
+*/
+function validate_gateway($gateway_settings, $id = "", $parent_ip = "", $parent_sn = "") {
+	global $config;
+
+	$a_gateways = return_gateways_array(true, false, true, true);
+	$input_errors = array();
+
+	/* input validation */
+	$reqdfields = explode(" ", "name interface");
+	$reqdfieldsn = array(gettext("Name"), gettext("Interface"));
+
+	do_input_validation($gateway_settings, $reqdfields, $reqdfieldsn, $input_errors);
+
+	if (!isset($gateway_settings['name'])) {
+		$input_errors[] = "A valid gateway name must be specified.";
+	}
+	if (!is_validaliasname($gateway_settings['name'])) {
+		$input_errors[] = invalidaliasnamemsg($gateway_settings['name'], gettext("gateway"));
+	} else if (isset($gateway_settings['disabled'])) {
+		// We have a valid gateway name that the user wants to mark as disabled.
+		// Check if the gateway name is used in any gateway group.
+		if (is_array($config['gateways']['gateway_group'])) {
+			foreach ($config['gateways']['gateway_group'] as $group) {
+				foreach ($group['item'] as $item) {
+					$items = explode("|", $item);
+					if ($items[0] == $gateway_settings['name']) {
+						$input_errors[] = sprintf(gettext('Gateway "%1$s" cannot be disabled because it is in use on Gateway Group "%2$s"'), $gateway_settings['name'], $group['name']);
+					}
+				}
+			}
+		}
+
+		// Check if the gateway name is used in any enabled Static Route.
+		if (is_array($config['staticroutes']['route'])) {
+			foreach ($config['staticroutes']['route'] as $route) {
+				if ($route['gateway'] == $gateway_settings['name']) {
+					if (!isset($route['disabled'])) {
+						// There is a static route that uses this gateway and is enabled (not disabled).
+						$input_errors[] = sprintf(gettext('Gateway "%1$s" cannot be disabled because it is in use on Static Route "%2$s"'), $gateway_settings['name'], $route['network']);
+					}
+				}
+			}
+		}
+	}
+	/* skip system gateways which have been automatically added */
+	if (($gateway_settings['gateway'] && (!is_ipaddr($gateway_settings['gateway'])) && ($gateway_settings['attribute'] !== "system")) && ($gateway_settings['gateway'] != "dynamic")) {
+		$input_errors[] = gettext("A valid gateway IP address must be specified.");
+	}
+
+	if ($gateway_settings['gateway'] && is_ipaddr($gateway_settings['gateway'])) {
+		if (is_ipaddrv4($gateway_settings['gateway'])) {
+			if ($parent_ip == '') {
+				$parent_ip = get_interface_ip($gateway_settings['interface']);
+				$parent_sn = get_interface_subnet($gateway_settings['interface']);
+			}
+			if (empty($parent_ip) || empty($parent_sn)) {
+				$input_errors[] = gettext("Cannot add IPv4 Gateway Address because no IPv4 address could be found on the interface.");
+			} elseif (!isset($gateway_settings["nonlocalgateway"])) {
+				$subnets = array(gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn);
+				$vips = link_interface_to_vips($gateway_settings['interface']);
+				if (is_array($vips)) {
+					foreach ($vips as $vip) {
+						if (!is_ipaddrv4($vip['subnet'])) {
+							continue;
+						}
+						$subnets[] = gen_subnet($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'];
+					}
+				}
+
+				$found = false;
+				foreach ($subnets as $subnet) {
+					if (ip_in_subnet($gateway_settings['gateway'], $subnet)) {
+						$found = true;
+						break;
+					}
+				}
+
+				if ($found === false) {
+					$input_errors[] = sprintf(gettext("The gateway address %s does not lie within one of the chosen interface's subnets."), $gateway_settings['gateway']);
+				}
+			}
+		} else if (is_ipaddrv6($gateway_settings['gateway'])) {
+			/* do not do a subnet match on a link local address, it's valid */
+			if (!is_linklocal($gateway_settings['gateway'])) {
+				if ($parent_ip == '') {
+					$parent_ip = get_interface_ipv6($gateway_settings['interface']);
+					$parent_sn = get_interface_subnetv6($gateway_settings['interface']);
+				}
+				if (empty($parent_ip) || empty($parent_sn)) {
+					$input_errors[] = gettext("Cannot add IPv6 Gateway Address because no IPv6 address could be found on the interface.");
+				} elseif (!isset($gateway_settings["nonlocalgateway"])) {
+					$subnets = array(gen_subnetv6($parent_ip, $parent_sn) . "/" . $parent_sn);
+					$vips = link_interface_to_vips($gateway_settings['interface']);
+					if (is_array($vips)) {
+						foreach ($vips as $vip) {
+							if (!is_ipaddrv6($vip['subnet'])) {
+								continue;
+							}
+							$subnets[] = gen_subnetv6($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'];
+						}
+					}
+
+					$found = false;
+					foreach ($subnets as $subnet) {
+						if (ip_in_subnet($gateway_settings['gateway'], $subnet)) {
+							$found = true;
+							break;
+						}
+					}
+
+					if ($found === false) {
+						$input_errors[] = sprintf(gettext("The gateway address %s does not lie within one of the chosen interface's subnets."), $gateway_settings['gateway']);
+					}
+				}
+			}
+		}
+
+		if (!empty($config['interfaces'][$gateway_settings['interface']]['ipaddr'])) {
+			if (is_ipaddr($config['interfaces'][$gateway_settings['interface']]['ipaddr']) && (empty($gateway_settings['gateway']) || $gateway_settings['gateway'] == "dynamic")) {
+				$input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv4 configuration.");
+			}
+		}
+		if (!empty($config['interfaces'][$gateway_settings['interface']]['ipaddrv6'])) {
+			if (is_ipaddr($config['interfaces'][$gateway_settings['interface']]['ipaddrv6']) && (empty($gateway_settings['gateway']) || $gateway_settings['gateway'] == "dynamic")) {
+				$input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv6 configuration.");
+			}
+		}
+	}
+	if (($gateway_settings['monitor'] != "") && ($gateway_settings['monitor'] != "dynamic")) {
+		validateipaddr($gateway_settings['monitor'], IPV4V6, "Monitor IP", $input_errors, false);
+	}
+	if (isset($gateway_settings['data_payload']) && is_numeric($gateway_settings['data_payload']) && $gateway_settings['data_payload'] < 0) {
+		$input_errors[] = gettext("A valid data payload must be specified.");
+	}
+	/* only allow correct IPv4 and IPv6 gateway addresses */
+	if (($gateway_settings['gateway'] <> "") && is_ipaddr($gateway_settings['gateway']) && $gateway_settings['gateway'] != "dynamic") {
+		if (is_ipaddrv6($gateway_settings['gateway']) && ($gateway_settings['ipprotocol'] == "inet")) {
+			$input_errors[] = sprintf(gettext("The IPv6 gateway address '%s' can not be used as a IPv4 gateway."), $gateway_settings['gateway']);
+		}
+		if (is_ipaddrv4($gateway_settings['gateway']) && ($gateway_settings['ipprotocol'] == "inet6")) {
+			$input_errors[] = sprintf(gettext("The IPv4 gateway address '%s' can not be used as a IPv6 gateway."), $gateway_settings['gateway']);
+		}
+	}
+	/* only allow correct IPv4 and IPv6 monitor addresses */
+	if (($gateway_settings['monitor'] <> "") && is_ipaddr($gateway_settings['monitor']) && $gateway_settings['monitor'] != "dynamic") {
+		if (is_ipaddrv6($gateway_settings['monitor']) && ($gateway_settings['ipprotocol'] == "inet")) {
+			$input_errors[] = sprintf(gettext("The IPv6 monitor address '%s' can not be used on a IPv4 gateway."), $gateway_settings['monitor']);
+		}
+		if (is_ipaddrv4($gateway_settings['monitor']) && ($gateway_settings['ipprotocol'] == "inet6")) {
+			$input_errors[] = sprintf(gettext("The IPv4 monitor address '%s' can not be used on a IPv6 gateway."), $gateway_settings['monitor']);
+		}
+	}
+
+	if (isset($gateway_settings['name'])) {
+		/* check for overlaps */
+		foreach ($a_gateways as $gateway) {
+			if (isset($id) && ($a_gateways[$id]) && ($a_gateways[$id] === $gateway)) {
+				if ($gateway['name'] != $gateway_settings['name']) {
+					$input_errors[] = gettext("Changing name on a gateway is not allowed.");
+				}
+				continue;
+			}
+			if ($gateway_settings['name'] <> "") {
+				if (($gateway['name'] <> "") && ($gateway_settings['name'] == $gateway['name']) && ($gateway['attribute'] !== "system")) {
+					$input_errors[] = sprintf(gettext('The gateway name "%s" already exists.'), $gateway_settings['name']);
+					break;
+				}
+			}
+			if (is_ipaddr($gateway_settings['gateway'])) {
+				if (($gateway['gateway'] <> "") && ($gateway_settings['gateway'] == $gateway['gateway']) && ($gateway['attribute'] !== "system")) {
+					$input_errors[] = sprintf(gettext('The gateway IP address "%s" already exists.'), $gateway_settings['gateway']);
+					break;
+				}
+			}
+			if (is_ipaddr($gateway_settings['monitor'])) {
+				if (($gateway['monitor'] <> "") && ($gateway_settings['monitor'] == $gateway['monitor']) && ($gateway['attribute'] !== "system")) {
+					$input_errors[] = sprintf(gettext('The monitor IP address "%s" is already in use. A different monitor IP must be chosen.'), $gateway_settings['monitor']);
+					break;
+				}
+			}
+		}
+	}
+
+	/* input validation of dpinger advanced parameters */
+
+	$dpinger_default = return_dpinger_defaults();
+	$latencylow = $dpinger_default['latencylow'];
+	if ($gateway_settings['latencylow']) {
+		if (!is_numeric($gateway_settings['latencylow'])) {
+			$input_errors[] = gettext("The low latency threshold needs to be a numeric value.");
+		} else if ($gateway_settings['latencylow'] < 1) {
+			$input_errors[] = gettext("The low latency threshold needs to be positive.");
+		} else {
+			$latencylow = $gateway_settings['latencylow'];
+		}
+	}
+
+	$latencyhigh = $dpinger_default['latencyhigh'];
+	if ($gateway_settings['latencyhigh']) {
+		if (!is_numeric($gateway_settings['latencyhigh'])) {
+			$input_errors[] = gettext("The high latency threshold needs to be a numeric value.");
+		} else if ($gateway_settings['latencyhigh'] < 1) {
+			$input_errors[] = gettext("The high latency threshold needs to be positive.");
+		} else {
+			$latencyhigh = $gateway_settings['latencyhigh'];
+		}
+	}
+
+	$losslow = $dpinger_default['losslow'];
+	if ($gateway_settings['losslow']) {
+		if (!is_numeric($gateway_settings['losslow'])) {
+			$input_errors[] = gettext("The low Packet Loss threshold needs to be a numeric value.");
+		} else if ($gateway_settings['losslow'] < 1) {
+			$input_errors[] = gettext("The low Packet Loss threshold needs to be positive.");
+		} else if ($gateway_settings['losslow'] >= 100) {
+			$input_errors[] = gettext("The low Packet Loss threshold needs to be less than 100.");
+		} else {
+			$losslow = $gateway_settings['losslow'];
+		}
+	}
+
+	$losshigh = $dpinger_default['losshigh'];
+	if ($gateway_settings['losshigh']) {
+		if (!is_numeric($gateway_settings['losshigh'])) {
+			$input_errors[] = gettext("The high Packet Loss threshold needs to be a numeric value.");
+		} else if ($gateway_settings['losshigh'] < 1) {
+			$input_errors[] = gettext("The high Packet Loss threshold needs to be positive.");
+		} else if ($gateway_settings['losshigh'] > 100) {
+			$input_errors[] = gettext("The high Packet Loss threshold needs to be 100 or less.");
+		} else {
+			$losshigh = $gateway_settings['losshigh'];
+		}
+	}
+
+	$time_period = $dpinger_default['time_period'];
+	if ($gateway_settings['time_period']) {
+		if (!is_numeric($gateway_settings['time_period'])) {
+			$input_errors[] = gettext("The time period over which results are averaged needs to be a numeric value.");
+		} else if ($gateway_settings['time_period'] < 1) {
+			$input_errors[] = gettext("The time period over which results are averaged needs to be positive.");
+		} else {
+			$time_period = $gateway_settings['time_period'];
+		}
+	}
+
+	$interval = $dpinger_default['interval'];
+	if ($gateway_settings['interval']) {
+		if (!is_numeric($gateway_settings['interval'])) {
+			$input_errors[] = gettext("The probe interval needs to be a numeric value.");
+		} else if ($gateway_settings['interval'] < 1) {
+			$input_errors[] = gettext("The probe interval needs to be positive.");
+		} else {
+			$interval = $gateway_settings['interval'];
+		}
+	}
+
+	$loss_interval = $dpinger_default['loss_interval'];
+	if ($gateway_settings['loss_interval']) {
+		if (!is_numeric($gateway_settings['loss_interval'])) {
+			$input_errors[] = gettext("The loss interval needs to be a numeric value.");
+		} else if ($gateway_settings['loss_interval'] < 1) {
+			$input_errors[] = gettext("The loss interval setting needs to be positive.");
+		} else {
+			$loss_interval = $gateway_settings['loss_interval'];
+		}
+	}
+
+	$alert_interval = $dpinger_default['alert_interval'];
+	if ($gateway_settings['alert_interval']) {
+		if (!is_numeric($gateway_settings['alert_interval'])) {
+			$input_errors[] = gettext("The alert interval needs to be a numeric value.");
+		} else if ($gateway_settings['alert_interval'] < 1) {
+			$input_errors[] = gettext("The alert interval setting needs to be positive.");
+		} else {
+			$alert_interval = $gateway_settings['alert_interval'];
+		}
+	}
+
+	if ($latencylow >= $latencyhigh) {
+		$input_errors[] = gettext(
+		    "The high latency threshold needs to be greater than the low latency threshold");
+	}
+
+	if ($losslow >= $losshigh) {
+		$input_errors[] = gettext(
+		    "The high packet loss threshold needs to be higher than the low packet loss threshold");
+	}
+
+	// If the loss interval is less than latencyhigh, then high latency could never be recorded
+	// because those high latency packets would be considered as lost. So do not allow that.
+	if ($latencyhigh > $loss_interval) {
+		$input_errors[] = gettext("The loss interval needs to be greater than or equal to the high latency threshold.");
+	}
+
+	// Ensure that the time period is greater than 2 times the probe interval plus the loss interval.
+	if (($interval * 2 + $loss_interval) >= $time_period) {
+		$input_errors[] = gettext("The time period needs to be greater than twice the probe interval plus the loss interval.");
+	}
+
+	// There is no point recalculating the average latency and loss more often than the probe interval.
+	// So the alert interval needs to be >= probe interval.
+	if ($interval > $alert_interval) {
+		$input_errors[] = gettext("The alert interval needs to be greater than or equal to the probe interval.");
+	}
+
+	return $input_errors;
+}
+
+// Save gateway settings.
+// $gateway_settings - the array of gateway setting parameters
+// $realid - the index of the gateway to be modified (otherwise "" if adding a new gateway)
+
+// This function is responsible to:
+//   Setup the gateway parameter structure from the gateway settings input parameter
+//   Save the structure into the config
+//   Remove any run-time settings from gateway parameters that are changed (e.g. remove routes to addresses that are changing)
+
+// A subsequent "apply" step will implement the added/changed gateway.
+
+function save_gateway($gateway_settings, $realid = "") {
+	global $config;
+
+	$a_gateway_item = &$config['gateways']['gateway_item'];
+	$reloadif = "";
+	$gateway = array();
+
+	if (empty($gateway_settings['interface'])) {
+		$gateway['interface'] = $gateway_settings['friendlyiface'];
+	} else {
+		$gateway['interface'] = $gateway_settings['interface'];
+	}
+	if (is_ipaddr($gateway_settings['gateway'])) {
+		$gateway['gateway'] = $gateway_settings['gateway'];
+	} else {
+		$gateway['gateway'] = "dynamic";
+	}
+	$gateway['name'] = $gateway_settings['name'];
+	$gateway['weight'] = $gateway_settings['weight'];
+	$gateway['ipprotocol'] = $gateway_settings['ipprotocol'];
+	if ($gateway_settings['interval']) {
+		$gateway['interval'] = $gateway_settings['interval'];
+	}
+
+	if ($gateway_settings['time_period']) {
+		$gateway['time_period'] = $gateway_settings['time_period'];
+	}
+	if ($gateway_settings['alert_interval']) {
+		$gateway['alert_interval'] = $gateway_settings['alert_interval'];
+	}
+
+	$gateway['descr'] = $gateway_settings['descr'];
+	if ($gateway_settings['monitor_disable'] == "yes") {
+		$gateway['monitor_disable'] = true;
+	}
+	if ($gateway_settings['action_disable'] == "yes") {
+		$gateway['action_disable'] = true;
+	}
+	if ($gateway_settings['nonlocalgateway'] == "yes") {
+		$gateway['nonlocalgateway'] = true;
+	}
+	if ($gateway_settings['force_down'] == "yes") {
+		$gateway['force_down'] = true;
+	}
+	if (is_ipaddr($gateway_settings['monitor'])) {
+		$gateway['monitor'] = $gateway_settings['monitor'];
+	}
+	if (isset($gateway_settings['data_payload']) && $gateway_settings['data_payload'] > 0) {
+		$gateway['data_payload'] = $gateway_settings['data_payload'];
+	}
+
+	/* NOTE: If gateway ip is changed need to cleanup the old static interface route */
+	if ($gateway_settings['monitor'] != "dynamic" && !empty($a_gateway_item[$realid]) && is_ipaddr($a_gateway_item[$realid]['gateway']) &&
+		$gateway['gateway'] != $a_gateway_item[$realid]['gateway'] &&
+		isset($a_gateway_item[$realid]["nonlocalgateway"])) {
+		$realif = get_real_interface($a_gateway_item[$realid]['interface']);
+		$inet = (!is_ipaddrv4($a_gateway_item[$realid]['gateway']) ? "-inet6" : "-inet");
+		$cmd = "/sbin/route delete $inet " . escapeshellarg($a_gateway_item[$realid]['gateway']) . " -iface " . escapeshellarg($realif);
+		mwexec($cmd);
+	}
+
+	/* NOTE: If monitor ip is changed need to cleanup the old static route */
+	if ($gateway_settings['monitor'] != "dynamic" && !empty($a_gateway_item[$realid]) && is_ipaddr($a_gateway_item[$realid]['monitor']) &&
+		$gateway_settings['monitor'] != $a_gateway_item[$realid]['monitor'] && $gateway['gateway'] != $a_gateway_item[$realid]['monitor']) {
+		if (is_ipaddrv4($a_gateway_item[$realid]['monitor'])) {
+			mwexec("/sbin/route delete " . escapeshellarg($a_gateway_item[$realid]['monitor']));
+		} else {
+			mwexec("/sbin/route delete -inet6 " . escapeshellarg($a_gateway_item[$realid]['monitor']));
+		}
+	}
+
+	if ($gateway_settings['defaultgw'] == "yes" || $gateway_settings['defaultgw'] == "on") {
+		$i = 0;
+		/* remove the default gateway bits for all gateways with the same address family */
+		foreach ($a_gateway_item as $gw) {
+			if ($gateway['ipprotocol'] == $gw['ipprotocol']) {
+				unset($config['gateways']['gateway_item'][$i]['defaultgw']);
+				if ($gw['interface'] != $gateway_settings['interface'] && $gw['defaultgw']) {
+					$reloadif = $gw['interface'];
+				}
+			}
+			$i++;
+		}
+		$gateway['defaultgw'] = true;
+	}
+
+	if ($gateway_settings['latencylow']) {
+		$gateway['latencylow'] = $gateway_settings['latencylow'];
+	}
+	if ($gateway_settings['latencyhigh']) {
+		$gateway['latencyhigh'] = $gateway_settings['latencyhigh'];
+	}
+	if ($gateway_settings['losslow']) {
+		$gateway['losslow'] = $gateway_settings['losslow'];
+	}
+	if ($gateway_settings['losshigh']) {
+		$gateway['losshigh'] = $gateway_settings['losshigh'];
+	}
+	if ($gateway_settings['loss_interval']) {
+		$gateway['loss_interval'] = $gateway_settings['loss_interval'];
+	}
+
+	if (isset($gateway_settings['disabled'])) {
+		$gateway['disabled'] = true;
+		/* Check if the gateway was enabled but changed to disabled. */
+		if ((isset($realid) && $a_gateway_item[$realid]) && ($a_gateway_item[$realid]['disabled'] == false)) {
+			/*  If the disabled gateway was the default route, remove the default route */
+			if (is_ipaddr($gateway['gateway']) &&
+				isset($gateway['defaultgw'])) {
+				$inet = (!is_ipaddrv4($gateway['gateway']) ? '-inet6' : '-inet');
+				mwexec("/sbin/route delete {$inet} default");
+			}
+		}
+	} else {
+		unset($gateway['disabled']);
+	}
+
+	/* when saving the manual gateway we use the attribute which has the corresponding id */
+	if (isset($realid) && $a_gateway_item[$realid]) {
+		$a_gateway_item[$realid] = $gateway;
+	} else {
+		$a_gateway_item[] = $gateway;
+	}
+
+	mark_subsystem_dirty('staticroutes');
+
+	write_config();
+
+	if (!empty($reloadif)) {
+		send_event("interface reconfigure {$reloadif}");
+	}
+}
 ?>
diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc
index d50aab8..414e51f 100644
--- a/src/etc/inc/interfaces.inc
+++ b/src/etc/inc/interfaces.inc
@@ -2519,7 +2519,7 @@ function interface_sync_wireless_clones(&$ifcfg, $sync_changes = false) {
 	$baseif = interface_get_wireless_base($ifcfg['if']);
 
 	// Sync shared settings for assigned clones
-	$iflist = get_configured_interface_list(false, true);
+	$iflist = get_configured_interface_list(true);
 	foreach ($iflist as $if) {
 		if ($baseif == interface_get_wireless_base($config['interfaces'][$if]['if']) && $ifcfg['if'] != $config['interfaces'][$if]['if']) {
 			if (isset($config['interfaces'][$if]['wireless']['standard']) || $sync_changes) {
@@ -4802,7 +4802,7 @@ function convert_real_interface_to_friendly_interface_name($interface = "wan", $
 
 	/* XXX: For speed reasons reference directly the interface array */
 	$ifdescrs = &$config['interfaces'];
-	//$ifdescrs = get_configured_interface_list(false, true);
+	//$ifdescrs = get_configured_interface_list(true);
 
 	foreach ($ifdescrs as $if => $ifname) {
 		if ($if == $interface || $ifname['if'] == $interface) {
@@ -4879,7 +4879,7 @@ function convert_friendly_interface_to_friendly_descr($interface) {
 				return get_interface_linklocal($interface);
 			} else {
 				/* if list */
-				$ifdescrs = get_configured_interface_with_descr(false, true);
+				$ifdescrs = get_configured_interface_with_descr(true);
 				foreach ($ifdescrs as $if => $ifname) {
 					if ($if == $interface || $ifname == $interface) {
 						return $ifname;
diff --git a/src/etc/inc/pfsense-utils.inc b/src/etc/inc/pfsense-utils.inc
index ea5d5fe..3fa06c0 100644
--- a/src/etc/inc/pfsense-utils.inc
+++ b/src/etc/inc/pfsense-utils.inc
@@ -130,6 +130,37 @@ function get_dns_servers() {
 	return array_unique($dns_servers);
 }
 
+/****f* pfsense-utils/pfSenseHeader
+ * NAME
+ *   pfSenseHeader
+ * INPUTS
+ *   none
+ * RESULT
+ *   Javascript header change or browser Location:
+ ******/
+function pfSenseHeader($text) {
+	global $_SERVER;
+	if (isAjax()) {
+		if ($_SERVER['HTTPS'] == "on") {
+			$protocol = "https";
+		} else {
+			$protocol = "http";
+		}
+
+		$port = ":{$_SERVER['SERVER_PORT']}";
+		if ($_SERVER['SERVER_PORT'] == "80" && $protocol == "http") {
+			$port = "";
+		}
+		if ($_SERVER['SERVER_PORT'] == "443" && $protocol == "https") {
+			$port = "";
+		}
+		$complete_url = "{$protocol}://{$_SERVER['HTTP_HOST']}{$port}/{$text}";
+		echo "\ndocument.location.href = '{$complete_url}';\n";
+	} else {
+		header("Location: $text");
+	}
+}
+
 /****f* pfsense-utils/get_css_files
  * NAME
  *   get_css_files - get a list of the available CSS files (themes)
@@ -605,7 +636,7 @@ function is_schedule_inuse($schedule) {
 function setup_microcode() {
 
 	/* if list */
-	$iflist = get_configured_interface_list(false, true);
+	$iflist = get_configured_interface_list(true);
 	foreach ($iflist as $if => $ifdescr) {
 		enable_hardware_offloading($if);
 	}
@@ -2078,6 +2109,37 @@ function update_progress_bar($percent, $first_time) {
 	}
 }
 
+function update_alias_name($new_alias_name, $orig_alias_name) {
+	if (!$orig_alias_name) {
+		return;
+	}
+
+	// Firewall rules
+	update_alias_names_upon_change(array('filter', 'rule'), array('source', 'address'), $new_alias_name, $orig_alias_name);
+	update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'address'), $new_alias_name, $orig_alias_name);
+	update_alias_names_upon_change(array('filter', 'rule'), array('source', 'port'), $new_alias_name, $orig_alias_name);
+	update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'port'), $new_alias_name, $orig_alias_name);
+	// NAT Rules
+	update_alias_names_upon_change(array('nat', 'rule'), array('source', 'address'), $new_alias_name, $orig_alias_name);
+	update_alias_names_upon_change(array('nat', 'rule'), array('source', 'port'), $new_alias_name, $orig_alias_name);
+	update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'address'), $new_alias_name, $orig_alias_name);
+	update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'port'), $new_alias_name, $orig_alias_name);
+	update_alias_names_upon_change(array('nat', 'rule'), array('target'), $new_alias_name, $orig_alias_name);
+	update_alias_names_upon_change(array('nat', 'rule'), array('local-port'), $new_alias_name, $orig_alias_name);
+	// NAT 1:1 Rules
+	//update_alias_names_upon_change(array('nat', 'onetoone'), array('external'), $new_alias_name, $orig_alias_name);
+	//update_alias_names_upon_change(array('nat', 'onetoone'), array('source', 'address'), $new_alias_name, $orig_alias_name);
+	update_alias_names_upon_change(array('nat', 'onetoone'), array('destination', 'address'), $new_alias_name, $orig_alias_name);
+	// NAT Outbound Rules
+	update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('source', 'network'), $new_alias_name, $orig_alias_name);
+	update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('sourceport'), $new_alias_name, $orig_alias_name);
+	update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('destination', 'address'), $new_alias_name, $orig_alias_name);
+	update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('dstport'), $new_alias_name, $orig_alias_name);
+	update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('target'), $new_alias_name, $orig_alias_name);
+	// Alias in an alias
+	update_alias_names_upon_change(array('aliases', 'alias'), array('address'), $new_alias_name, $orig_alias_name);
+}
+
 function update_alias_names_upon_change($section, $field, $new_alias_name, $origname) {
 	global $g, $config, $pconfig, $debug;
 	if (!$origname) {
@@ -2834,6 +2896,7 @@ function get_locale_list() {
 		"en_US" => gettext("English"),
 		"es" => gettext("Spanish"),
 		"nb" => gettext("Norwegian Bokmål"),
+		"ru" => gettext("Russian"),
 		"zh_Hans_CN" => gettext("Chinese (Simplified, China)"),
 		"zh_TW" => gettext("Chinese (Taiwan)"),
 	);
diff --git a/src/etc/inc/pkg-utils.inc b/src/etc/inc/pkg-utils.inc
index e576241..36e0885 100644
--- a/src/etc/inc/pkg-utils.inc
+++ b/src/etc/inc/pkg-utils.inc
@@ -337,8 +337,8 @@ function get_package_internal_name($package_data) {
 }
 
 // Get information about packages.
-function get_pkg_info($pkgs = 'all', $remote_repo_usage_disabled = false, $installed_pkgs_only = false) {
-
+function get_pkg_info($pkgs = 'all', $remote_repo_usage_disabled = false,
+    $installed_pkgs_only = false) {
 	global $g, $input_errors;
 
 	$out = $err = $extra_param = '';
@@ -375,30 +375,47 @@ function get_pkg_info($pkgs = 'all', $remote_repo_usage_disabled = false, $insta
 	}
 
 	if (!$installed_pkgs_only) {
-		$rc = pkg_exec("search {$extra_param}-R --raw-format json-compact " . $pkgs, $out, $err);
+		$rc = pkg_exec(
+		    "search {$extra_param}-R --raw-format json-compact " .
+		    $pkgs, $out, $err);
 	}
-	if (($installed_pkgs_only || ($rc != 0 && $remote_repo_usage_disabled)) && is_package_installed($pkgs)) {
-		/* Fall back on pkg info to return locally installed matching pkgs instead, if 
+	if (($installed_pkgs_only || ($rc != 0 && $remote_repo_usage_disabled))
+	    && is_pkg_installed($pkgs)) {
+		/*
+		 * Fall back on pkg info to return locally installed matching
+		 * pkgs instead, if:
 		 *
 		 *   (1) only installed pkgs needed, or
-		 *       we tried to check the local catalog copy (implying that we would have accepted incomplete/outdated pkg info)
-		 *       but it didn't have any contents, or for other reasons returned an error. 
+		 *       we tried to check the local catalog copy (implying that
+		 *       we would have accepted incomplete/outdated pkg info)
+		 *       but it didn't have any contents, or for other reasons
+		 *       returned an error.
 		 *   AND
 		 *   (2) at least some pkgs matching <pattern> are installed
 		 *
-		 * Following an unsuccessful attempt to access a remote repo catalog, the local copy is wiped clear. Thereafter any
-		 * "pkg search" will return an error until online+updated again. If the calling code would have accepted local copy info
-		 * (which could be incomplete/out of date), then it makes sense to fall back on pkg info to at least return the known
-		 * info about installed pkgs (pkg info should still work), instead of failing and returning no info at all. 
-		 * For example, this at least enables offline view + management of installed pkgs in GUI/console.
+		 * Following an unsuccessful attempt to access a remote repo
+		 * catalog, the local copy is wiped clear. Thereafter any
+		 * "pkg search" will return an error until online+updated again.
+		 * If the calling code would have accepted local copy info
+		 * (which could be incomplete/out of date), then it makes sense
+		 * to fall back on pkg info to at least return the known
+		 * info about installed pkgs (pkg info should still work),
+		 * instead of failing and returning no info at all. 
+		 * For example, this at least enables offline view + management
+		 * of installed pkgs in GUI/console.
 		 *
-		 * We skip this step if no matching pkgs are installed, because then pkg info would return a "no matching pkgs"
-		 * RC code, even though this wouldn't be considered an "error" (and $out+$err would be correct empty strings if none match).
-		 * Note that is_package_installed() is a wrapper for pkg info -e <pattern> which is what we need here.
+		 * We skip this step if no matching pkgs are installed, because
+		 * then pkg info would return a "no matching pkgs" RC code,
+		 * even though this wouldn't be considered an "error" (and
+		 * $out+$err would be correct empty strings if none match).
+		 *
+		 * Note that is_pkg_installed() is a wrapper for pkg info -e
+		 * <pattern> which is what we need here.
 		*/
 		
 		// ok, 1 or more packages match, so pkg info can be safely called to get the pkg list  
-		$rc = pkg_exec("info -R --raw-format json-compact " . $pkgs, $out, $err);  
+		$rc = pkg_exec("info -R --raw-format json-compact " . $pkgs,
+		    $out, $err);
 	}
 
 	if ($lock) {
@@ -410,8 +427,10 @@ function get_pkg_info($pkgs = 'all', $remote_repo_usage_disabled = false, $insta
 		    "ERROR: Error trying to get packages list. Aborting...")
 		    . "\n");
 		update_status($err);
-		$input_errors[] =  gettext("ERROR: Error trying to get packages list. Aborting...") . "\n";
-		$input_errors[] =  $err;
+		$input_errors[] = gettext(
+		    "ERROR: Error trying to get packages list. Aborting...") .
+		    "\n";
+		$input_errors[] = $err;
 		return array();
 	}
 
@@ -423,7 +442,8 @@ function get_pkg_info($pkgs = 'all', $remote_repo_usage_disabled = false, $insta
 			continue;
 		}
 
-		if (isset($pkg_filter) && !in_array($pkg_info['name'], $pkg_filter)) {
+		if (isset($pkg_filter) && !in_array($pkg_info['name'],
+		    $pkg_filter)) {
 			continue;
 		}
 
@@ -438,24 +458,29 @@ function get_pkg_info($pkgs = 'all', $remote_repo_usage_disabled = false, $insta
 		if (is_pkg_installed($pkg_info['name'])) {
 			$pkg_info['installed'] = true;
 
-			$rc = pkg_exec("query %v {$pkg_info['name']}", $out, $err);
+			$rc = pkg_exec("query %v {$pkg_info['name']}", $out,
+			    $err);
 
 			if ($rc != 0) {
 				update_status("\n" . gettext(
 				    "ERROR: Error trying to get package version. Aborting...")
 				    . "\n");
 				update_status($err);
-				$input_errors[] =  gettext("ERROR: Error trying to get package version. Aborting...") . "\n";
-				$input_errors[] =  $err;
+				$input_errors[] = gettext(
+				    "ERROR: Error trying to get package version. Aborting...") .
+				    "\n";
+				$input_errors[] = $err;
 				return array();
 			}
 
-			$pkg_info['installed_version'] = str_replace("\n", "", $out);
+			$pkg_info['installed_version'] = str_replace("\n", "",
+			    $out);
 		} else if (is_package_installed($pkg_info['shortname'])) {
 			$pkg_info['broken'] = true;
 		}
 
-		$pkg_info['desc'] = preg_replace('/\n+WWW:.*$/', '', $pkg_info['desc']);
+		$pkg_info['desc'] = preg_replace('/\n+WWW:.*$/', '',
+		    $pkg_info['desc']);
 
 		$result[] = $pkg_info;
 		unset($pkg_info);
@@ -482,12 +507,7 @@ function register_all_installed_packages() {
 
 	$pkg_info = get_pkg_info('all', true, true);
 
-
 	foreach ($pkg_info as $pkg) {
-		if (!isset($pkg['installed'])) {
-			continue;
-		}
-
 		pkg_remove_prefix($pkg['name']);
 
 		if (is_package_installed($pkg['name'])) {
diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc
index 5ed626b..f7aadd8 100644
--- a/src/etc/inc/services.inc
+++ b/src/etc/inc/services.inc
@@ -23,8 +23,8 @@
  * limitations under the License.
  */
 
-define('DYNDNS_PROVIDER_VALUES', 'all-inkl citynetwork cloudflare cloudflare-v6 custom custom-v6 dnsexit dnsimple dnsmadeeasy dnsomatic dreamhost dreamhost-v6 duiadns duiadns-v6 dyndns dyndns-custom dyndns-static dyns easydns eurodns freedns freedns-v6 glesys googledomains gratisdns he-net he-net-v6 he-net-tunnelbroker loopia namecheap noip noip-free ods opendns ovh-dynhost route53 selfhost spdyn spdyn-v6 zoneedit');
-define('DYNDNS_PROVIDER_DESCRIPTIONS', 'All-Inkl.com,City Network,CloudFlare,CloudFlare (v6),Custom,Custom (v6),DNSexit,DNSimple,DNS Made Easy,DNS-O-Matic,DreamHost,Dreamhost (v6),DuiaDns.net,DuiaDns.net (v6),DynDNS (dynamic),DynDNS (custom),DynDNS (static),DyNS,easyDNS,Euro Dns,freeDNS,freeDNS (v6),GleSYS,Google Domains,GratisDNS,HE.net,HE.net (v6),HE.net Tunnelbroker,Loopia,Namecheap,No-IP,No-IP (free),ODS.org,OpenDNS,OVH DynHOST,Route 53,SelfHost,SPDYN,SPDYN (v6),ZoneEdit');
+define('DYNDNS_PROVIDER_VALUES', 'all-inkl citynetwork cloudflare cloudflare-v6 custom custom-v6 dnsexit dnsimple dnsmadeeasy dnsomatic dreamhost dreamhost-v6 duiadns duiadns-v6 dyndns dyndns-custom dyndns-static dyns easydns eurodns freedns freedns-v6 glesys googledomains gratisdns he-net he-net-v6 he-net-tunnelbroker hover loopia namecheap noip noip-free ods opendns ovh-dynhost route53 selfhost spdyn spdyn-v6 zoneedit');
+define('DYNDNS_PROVIDER_DESCRIPTIONS', 'All-Inkl.com,City Network,CloudFlare,CloudFlare (v6),Custom,Custom (v6),DNSexit,DNSimple,DNS Made Easy,DNS-O-Matic,DreamHost,Dreamhost (v6),DuiaDns.net,DuiaDns.net (v6),DynDNS (dynamic),DynDNS (custom),DynDNS (static),DyNS,easyDNS,Euro Dns,freeDNS,freeDNS (v6),GleSYS,Google Domains,GratisDNS,HE.net,HE.net (v6),HE.net Tunnelbroker,Hover,Loopia,Namecheap,No-IP,No-IP (free),ODS.org,OpenDNS,OVH DynHOST,Route 53,SelfHost,SPDYN,SPDYN (v6),ZoneEdit');
 
 /* implement ipv6 route advertising daemon */
 function services_radvd_configure($blacklist = array()) {
diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc
index bbd6552..ab7574d 100644
--- a/src/etc/inc/upgrade_config.inc
+++ b/src/etc/inc/upgrade_config.inc
@@ -742,7 +742,7 @@ function upgrade_041_to_042() {
 function upgrade_042_to_043() {
 	global $config;
 	/* migrate old interface gateway to the new gateways config */
-	$iflist = get_configured_interface_list(false, true);
+	$iflist = get_configured_interface_list(true);
 	$gateways = array();
 	$i = 0;
 	foreach ($iflist as $ifname => $interface) {
@@ -837,7 +837,7 @@ function upgrade_043_to_044() {
 
 function upgrade_044_to_045() {
 	global $config;
-	$iflist = get_configured_interface_list(false, true);
+	$iflist = get_configured_interface_list(true);
 	if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) {
 		$i = 0;
 		foreach ($config['vlans']['vlan'] as $id => $vlan) {
diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc
index d294d1d..db8ec73 100644
--- a/src/etc/inc/util.inc
+++ b/src/etc/inc/util.inc
@@ -1367,16 +1367,13 @@ function compare_interface_friendly_names($a, $b) {
 }
 
 /* return the configured interfaces list. */
-function get_configured_interface_list($only_opt = false, $withdisabled = false) {
+function get_configured_interface_list($withdisabled = false) {
 	global $config;
 
 	$iflist = array();
 
 	/* if list */
 	foreach ($config['interfaces'] as $if => $ifdetail) {
-		if ($only_opt && ($if == "wan" || $if == "lan")) {
-			continue;
-		}
 		if (isset($ifdetail['enable']) || $withdisabled == true) {
 			$iflist[$if] = $if;
 		}
@@ -1386,16 +1383,13 @@ function get_configured_interface_list($only_opt = false, $withdisabled = false)
 }
 
 /* return the configured interfaces list. */
-function get_configured_interface_list_by_realif($only_opt = false, $withdisabled = false) {
+function get_configured_interface_list_by_realif($withdisabled = false) {
 	global $config;
 
 	$iflist = array();
 
 	/* if list */
 	foreach ($config['interfaces'] as $if => $ifdetail) {
-		if ($only_opt && ($if == "wan" || $if == "lan")) {
-			continue;
-		}
 		if (isset($ifdetail['enable']) || $withdisabled == true) {
 			$tmpif = get_real_interface($if);
 			if (!empty($tmpif)) {
@@ -1408,16 +1402,13 @@ function get_configured_interface_list_by_realif($only_opt = false, $withdisable
 }
 
 /* return the configured interfaces list with their description. */
-function get_configured_interface_with_descr($only_opt = false, $withdisabled = false) {
+function get_configured_interface_with_descr($withdisabled = false) {
 	global $config, $user_settings;
 
 	$iflist = array();
 
 	/* if list */
 	foreach ($config['interfaces'] as $if => $ifdetail) {
-		if ($only_opt && ($if == "wan" || $if == "lan")) {
-			continue;
-		}
 		if (isset($ifdetail['enable']) || $withdisabled == true) {
 			if (empty($ifdetail['descr'])) {
 				$iflist[$if] = strtoupper($if);
diff --git a/src/etc/pfSense-rc b/src/etc/pfSense-rc
index 4b9990d..0bb0f2b 100755
--- a/src/etc/pfSense-rc
+++ b/src/etc/pfSense-rc
@@ -228,7 +228,12 @@ SWAPDEVICE=`/bin/cat /etc/fstab | /usr/bin/grep swap | /usr/bin/cut -f1`
 
 # make some directories in /var
 /bin/mkdir -p $varrunpath /var/log /var/etc /var/db/entropy /var/db/rrd /var/at/jobs/ /var/empty /var/log/nginx 2>/dev/null
+
+# turn off the immutable flag, set /var/empty to read-only, make it immutable again
+chflags noschg /var/empty
 chmod 0555 /var/empty
+chflags schg /var/empty
+
 /bin/rm -rf $varrunpath/*
 
 # Cleanup configuration files from previous instance
diff --git a/src/etc/rc.banner b/src/etc/rc.banner
index 92d9e12..05f1e2c 100755
--- a/src/etc/rc.banner
+++ b/src/etc/rc.banner
@@ -32,7 +32,7 @@ $machine = trim(`uname -m`);
 
 print "*** Welcome to {$product} {$g['product_version_string']} ({$machine}) on {$hostname} ***\n";
 
-$iflist = get_configured_interface_with_descr(false, true);
+$iflist = get_configured_interface_with_descr(true);
 foreach ($iflist as $ifname => $friendly) {
 	/* point to this interface's config */
 	$ifconf = $config['interfaces'][$ifname];
diff --git a/src/etc/rc.initial.setlanip b/src/etc/rc.initial.setlanip
index b0b7144..25ed88e 100755
--- a/src/etc/rc.initial.setlanip
+++ b/src/etc/rc.initial.setlanip
@@ -134,7 +134,7 @@ function get_interface_config_description($iface) {
 $fp = fopen('php://stdin', 'r');
 
 /* build an interface collection */
-$ifdescrs = get_configured_interface_with_descr(false, true);
+$ifdescrs = get_configured_interface_with_descr(true);
 $count = count($ifdescrs);
 
 /* grab interface that we will operate on, unless there is only one interface */
diff --git a/src/etc/rc.packages b/src/etc/rc.packages
index b0f37b3..8a6f886 100755
--- a/src/etc/rc.packages
+++ b/src/etc/rc.packages
@@ -20,6 +20,11 @@
  * limitations under the License.
  */
 
+/* If PHP is not running, silently abort and run registration during boot */
+if (!file_exists('/var/run/php-fpm.pid')) {
+	exit;
+}
+
 require_once("config.inc");
 require_once("functions.inc");
 require_once("filter.inc");
@@ -41,11 +46,6 @@ if ($argc == 1) {
 	exit;
 }
 
-/* If PHP is not running, silently abort and run registration during boot */
-if (!isvalidpid('/var/run/php-fpm.pid')) {
-	exit;
-}
-
 $pkg = '';
 $when = '';
author	frank <frankthetank@users.noreply.github.com>	2017-04-21 22:59:11 -0400
committer	frank <frankthetank@users.noreply.github.com>	2017-04-21 22:59:11 -0400
commit	a741f6e8af56c0cd6b013b60576287f0ffd6c84a (patch)
tree	e0c1b44b082de4c6e2dd9ec6e227076214d43286 /src/etc
parent	c00c6f672117d599649c324553e44e64f2d553cc (diff)
parent	b7d2a3da5a0ef272303c9e5455431267fc0e56ae (diff)
download	pfsense-a741f6e8af56c0cd6b013b60576287f0ffd6c84a.zip pfsense-a741f6e8af56c0cd6b013b60576287f0ffd6c84a.tar.gz