diff options
| author | Vinicius Coque <vinicius.coque@bluepex.com> | 2011-03-25 08:49:04 -0300 |
|---|---|---|
| committer | Vinicius Coque <vinicius.coque@bluepex.com> | 2011-03-25 08:49:04 -0300 |
| commit | 54bdff758f68e2e1b1ebd42b8b0b629b68ed1a3d (patch) | |
| tree | 27b7d45e582e3d84cdf8d0fa0f3bc93b65f3c986 /usr/local | |
| parent | b845290619244e8cfe3bc2aa6271c6629eeb86b5 (diff) | |
| parent | 401fb0ad8fa7ad06743435808dac8e913b3c16bb (diff) | |
| download | pfsense-54bdff758f68e2e1b1ebd42b8b0b629b68ed1a3d.zip pfsense-54bdff758f68e2e1b1ebd42b8b0b629b68ed1a3d.tar.gz | |
Merge remote-tracking branch 'mainline/master' into inc
Conflicts:
etc/inc/auth.inc
etc/inc/config.lib.inc
etc/inc/filter.inc
etc/inc/pfsense-utils.inc
etc/inc/pkg-utils.inc
etc/inc/priv.defs.inc
etc/inc/services.inc
etc/inc/shaper.inc
etc/inc/voucher.inc
etc/inc/vpn.inc
usr/local/www/fbegin.inc
Diffstat (limited to 'usr/local')
85 files changed, 1162 insertions, 993 deletions
diff --git a/usr/local/bin/ping_hosts.sh b/usr/local/bin/ping_hosts.sh index 8455015..97629c4 100755 --- a/usr/local/bin/ping_hosts.sh +++ b/usr/local/bin/ping_hosts.sh @@ -108,7 +108,7 @@ for TOPING in $PINGHOSTS ; do fi fi # Wan ping time threshold - WANTIME=`rrdtool fetch /var/db/rrd/wan-quality.rrd AVERAGE -r 120 -s -1min -e -1min | grep ":" | cut -f3 -d" " | cut -d"e" -f1` + #WANTIME=`rrdtool fetch /var/db/rrd/wan-quality.rrd AVERAGE -r 120 -s -1min -e -1min | grep ":" | cut -f3 -d" " | cut -d"e" -f1` echo "Checking wan ping time $WANTIME" echo $WANTIME > /var/db/wanaverage if [ "$WANTHRESHOLD" != "" ]; then diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index caaa4d2..0170a7a 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -29,7 +29,6 @@ POSSIBILITY OF SUCH DAMAGE. */ /* - pfSense_BUILDER_BINARIES: /sbin/ipfw pfSense_MODULE: captiveportal */ @@ -122,7 +121,7 @@ setTimeout('window.close();',5000) ; </HTML> EOD; - disconnect_client($_POST['logout_id']); + captiveportal_disconnect_client($_POST['logout_id']); exit; } else if ($clientmac && $radmac_enable && portal_mac_radius($clientmac,$clientip)) { /* radius functions handle everything so we exit here since we're done */ @@ -204,411 +203,5 @@ EOD; exit; -function portal_reply_page($redirurl, $type = null, $message = null, $clientmac = null, $clientip = null, $username = null, $password = null) { - global $g, $config; - - /* Get captive portal layout */ - if ($type == "redir") { - header("Location: {$redirurl}"); - return; - } else if ($type == "login") - $htmltext = get_include_contents("{$g['varetc_path']}/captiveportal.html"); - else - $htmltext = get_include_contents("{$g['varetc_path']}/captiveportal-error.html"); - - /* substitute the PORTAL_REDIRURL variable */ - if ($config['captiveportal']['preauthurl']) { - $htmltext = str_replace("\$PORTAL_REDIRURL\$", "{$config['captiveportal']['preauthurl']}", $htmltext); - $htmltext = str_replace("#PORTAL_REDIRURL#", "{$config['captiveportal']['preauthurl']}", $htmltext); - } - - /* substitute other variables */ - if (isset($config['captiveportal']['httpslogin'])) { - $htmltext = str_replace("\$PORTAL_ACTION\$", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext); - $htmltext = str_replace("#PORTAL_ACTION#", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext); - } else { - $ifip = portal_ip_from_client_ip($clientip); - if (!$ifip) - $ourhostname = $config['system']['hostname'] . ":8000"; - else - $ourhostname = "{$ifip}:8000"; - $htmltext = str_replace("\$PORTAL_ACTION\$", "http://{$ourhostname}/", $htmltext); - $htmltext = str_replace("#PORTAL_ACTION#", "http://{$ourhostname}/", $htmltext); - } - - $htmltext = str_replace("\$PORTAL_REDIRURL\$", htmlspecialchars($redirurl), $htmltext); - $htmltext = str_replace("\$PORTAL_MESSAGE\$", htmlspecialchars($message), $htmltext); - $htmltext = str_replace("\$CLIENT_MAC\$", htmlspecialchars($clientmac), $htmltext); - $htmltext = str_replace("\$CLIENT_IP\$", htmlspecialchars($clientip), $htmltext); - - // Special handling case for captive portal master page so that it can be ran - // through the PHP interpreter using the include method above. We convert the - // $VARIABLE$ case to #VARIABLE# in /etc/inc/captiveportal.inc before writing out. - $htmltext = str_replace("#PORTAL_REDIRURL#", htmlspecialchars($redirurl), $htmltext); - $htmltext = str_replace("#PORTAL_MESSAGE#", htmlspecialchars($message), $htmltext); - $htmltext = str_replace("#CLIENT_MAC#", htmlspecialchars($clientmac), $htmltext); - $htmltext = str_replace("#CLIENT_IP#", htmlspecialchars($clientip), $htmltext); - $htmltext = str_replace("#USERNAME#", htmlspecialchars($username), $htmltext); - $htmltext = str_replace("#PASSWORD#", htmlspecialchars($password), $htmltext); - - echo $htmltext; -} - -function portal_mac_radius($clientmac,$clientip) { - global $config ; - - $radmac_secret = $config['captiveportal']['radmac_secret']; - - /* authentication against the radius server */ - $username = mac_format($clientmac); - $auth_list = radius($username,$radmac_secret,$clientip,$clientmac,"MACHINE LOGIN"); - if ($auth_list['auth_val'] == 2) - return TRUE; - if (!empty($auth_list['url_redirection'])) - portal_reply_page($auth_list['url_redirection'], "redir"); - - return FALSE; -} - -function portal_allow($clientip,$clientmac,$username,$password = null, $attributes = null, $ruleno = null) { - - global $redirurl, $g, $config, $type, $passthrumac, $_POST; - - /* See if a ruleno is passed, if not start sessions because this means there isn't one atm */ - if ($ruleno == null) - $ruleno = captiveportal_get_next_ipfw_ruleno(); - - /* if the pool is empty, return appropriate message and exit */ - if (is_null($ruleno)) { - portal_reply_page($redirurl, "error", "System reached maximum login capacity"); - log_error("WARNING! Captive portal has reached maximum login capacity"); - exit; - } - - // Ensure we create an array if we are missing attributes - if (!is_array($attributes)) - $attributes = array(); - - /* read in client database */ - $cpdb = captiveportal_read_db(); - - $radiusservers = captiveportal_get_radius_servers(); - - if ($attributes['voucher']) - $remaining_time = $attributes['session_timeout']; - - $writecfg = false; - /* Find an existing session */ - if ((isset($config['captiveportal']['noconcurrentlogins'])) && $passthrumac) { - if (isset($config['captiveportal']['passthrumacadd'])) { - $mac = captiveportal_passthrumac_findbyname($username); - if (!empty($mac)) { - if ($_POST['replacemacpassthru']) { - foreach ($config['captiveportal']['passthrumac'] as $idx => $macent) { - if ($macent['mac'] == $mac['mac']) { - $macrules = ""; - $ruleno = captiveportal_get_ipfw_passthru_ruleno($mac['mac']); - if ($ruleno) { - captiveportal_free_ipfw_ruleno($ruleno, true); - $macrules .= "delete {$ruleno}\n"; - ++$ruleno; - $macrules .= "delete {$ruleno}\n"; - } - unset($config['captiveportal']['passthrumac'][$idx]); - $mac['mac'] = $clientmac; - $config['captiveportal']['passthrumac'][] = $mac; - $macrules .= captiveportal_passthrumac_configure_entry($mac); - file_put_contents("{$g['tmp_path']}/macentry.rules.tmp", $macrules); - mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.rules.tmp"); - $writecfg = true; - $sessionid = true; - break; - } - } - } else { - portal_reply_page($redirurl, "error", "Username: {$username} is already authenticated using another MAC address.", - $clientmac, $clientip, $username, $password); - exit; - } - } - } - } - - $nousers = count($cpdb); - for ($i = 0; $i < $nousers; $i++) { - /* on the same ip */ - if($cpdb[$i][2] == $clientip) { - captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - REUSING OLD SESSION"); - $sessionid = $cpdb[$i][5]; - break; - } - elseif (($attributes['voucher']) && ($username != 'unauthenticated') && ($cpdb[$i][4] == $username)) { - // user logged in with an active voucher. Check for how long and calculate - // how much time we can give him (voucher credit - used time) - $remaining_time = $cpdb[$i][0] + $cpdb[$i][7] - time(); - if ($remaining_time < 0) // just in case. - $remaining_time = 0; - - /* This user was already logged in so we disconnect the old one */ - captiveportal_disconnect($cpdb[$i],$radiusservers,13); - captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - TERMINATING OLD SESSION"); - unset($cpdb[$i]); - break; - } - elseif ((isset($config['captiveportal']['noconcurrentlogins'])) && ($username != 'unauthenticated')) { - /* on the same username */ - if (strcasecmp($cpdb[$i][4], $username) == 0) { - /* This user was already logged in so we disconnect the old one */ - captiveportal_disconnect($cpdb[$i],$radiusservers,13); - captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - TERMINATING OLD SESSION"); - unset($cpdb[$i]); - break; - } - } - } - - if ($attributes['voucher'] && $remaining_time <= 0) - return 0; // voucher already used and no time left - - if (!isset($sessionid)) { - /* generate unique session ID */ - $tod = gettimeofday(); - $sessionid = substr(md5(mt_rand() . $tod['sec'] . $tod['usec'] . $clientip . $clientmac), 0, 16); - - /* Add rules for traffic shaping - * We don't need to add extra rules since traffic will pass due to the following kernel option - * net.inet.ip.fw.one_pass: 1 - */ - $peruserbw = isset($config['captiveportal']['peruserbw']); - - $bw_up = isset($attributes['bw_up']) ? trim($attributes['bw_up']) : $config['captiveportal']['bwdefaultup']; - $bw_down = isset($attributes['bw_down']) ? trim($attributes['bw_down']) : $config['captiveportal']['bwdefaultdn']; - - if ($passthrumac) { - $mac = array(); - $mac['mac'] = $clientmac; - if (isset($config['captiveportal']['passthrumacaddusername'])) - $mac['username'] = $username; - $mac['descr'] = "Auto added pass-through MAC for user {$username}"; - if (!empty($bw_up)) - $mac['bw_up'] = $bw_up; - if (!empty($bw_down)) - $mac['bw_down'] = $bw_down; - if (!is_array($config['captiveportal']['passthrumac'])) - $config['captiveportal']['passthrumac'] = array(); - $config['captiveportal']['passthrumac'][] = $mac; - $macrules = captiveportal_passthrumac_configure_entry($mac); - file_put_contents("{$g['tmp_path']}/macentry.rules.tmp", $macrules); - mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.rules.tmp"); - $writecfg = true; - } else { - if ($peruserbw && !empty($bw_up) && is_numeric($bw_up)) { - $bw_up_pipeno = $ruleno + 20000; - //$bw_up /= 1000; // Scale to Kbit/s - mwexec("/sbin/ipfw pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100"); - - if (!isset($config['captiveportal']['nomacfilter'])) - mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac} {$bw_up_pipeno}"); - else - mwexec("/sbin/ipfw table 1 add {$clientip} {$bw_up_pipeno}"); - } else { - if (!isset($config['captiveportal']['nomacfilter'])) - mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac}"); - else - mwexec("/sbin/ipfw table 1 add {$clientip}"); - } - if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) { - $bw_down_pipeno = $ruleno + 20001; - //$bw_down /= 1000; // Scale to Kbit/s - mwexec("/sbin/ipfw pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100"); - - if (!isset($config['captiveportal']['nomacfilter'])) - mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac} {$bw_down_pipeno}"); - else - mwexec("/sbin/ipfw table 2 add {$clientip} {$bw_down_pipeno}"); - } else { - if (!isset($config['captiveportal']['nomacfilter'])) - mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac}"); - else - mwexec("/sbin/ipfw table 2 add {$clientip}"); - } - - if ($attributes['voucher']) - $attributes['session_timeout'] = $remaining_time; - - /* encode password in Base64 just in case it contains commas */ - $bpassword = base64_encode($password); - $cpdb[] = array(time(), $ruleno, $clientip, $clientmac, $username, $sessionid, $bpassword, - $attributes['session_timeout'], $attributes['idle_timeout'], $attributes['session_terminate_time']); - - if (isset($config['captiveportal']['radacct_enable']) && !empty($radiusservers)) { - $acct_val = RADIUS_ACCOUNTING_START($ruleno, - $username, $sessionid, $radiusservers, $clientip, $clientmac); - if ($acct_val == 1) - captiveportal_logportalauth($username,$clientmac,$clientip,$type,"RADIUS ACCOUNTING FAILED"); - } - - /* rewrite information to database */ - captiveportal_write_db($cpdb); - } - } - - if ($writecfg == true) - write_config(); - - /* redirect user to desired destination */ - if (!empty($attributes['url_redirection'])) - $my_redirurl = $attributes['url_redirection']; - else if ($config['captiveportal']['redirurl']) - $my_redirurl = $config['captiveportal']['redirurl']; - else - $my_redirurl = $redirurl; - - if(isset($config['captiveportal']['logoutwin_enable']) && !$passthrumac) { - - if (isset($config['captiveportal']['httpslogin'])) - $logouturl = "https://{$config['captiveportal']['httpsname']}:8001/"; - else { - $ifip = portal_ip_from_client_ip($clientip); - if (!$ifip) - $ourhostname = $config['system']['hostname'] . ":8000"; - else - $ourhostname = "{$ifip}:8000"; - $logouturl = "http://{$ourhostname}/"; - } - - if (isset($attributes['reply_message'])) - $message = $attributes['reply_message']; - else - $message = 0; - - include("{$g['varetc_path']}/captiveportal-logout.html"); - - } else { - header("Location: " . $my_redirurl); - } - - return $sessionid; -} - - - -/* remove a single client by session ID - * by Dinesh Nair - */ -function disconnect_client($sessionid, $logoutReason = "LOGOUT", $term_cause = 1) { - global $g, $config; - - /* read database */ - $cpdb = captiveportal_read_db(); - - $radiusservers = captiveportal_get_radius_servers(); - - /* find entry */ - $dbcount = count($cpdb); - for ($i = 0; $i < $dbcount; $i++) { - if ($cpdb[$i][5] == $sessionid) { - captiveportal_disconnect($cpdb[$i],$radiusservers, $term_cause); - captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],$logoutReason); - unset($cpdb[$i]); - break; - } - } - - /* write database */ - captiveportal_write_db($cpdb); -} - -/* - * Used for when pass-through credits are enabled. - * Returns true when there was at least one free login to deduct for the MAC. - * Expired entries are removed as they are seen. - * Active entries are updated according to the configuration. - */ -function portal_consume_passthrough_credit($clientmac) { - global $config; - - if (!empty($config['captiveportal']['freelogins_count']) && is_numeric($config['captiveportal']['freelogins_count'])) - $freeloginscount = $config['captiveportal']['freelogins_count']; - else - return false; - - if (!empty($config['captiveportal']['freelogins_resettimeout']) && is_numeric($config['captiveportal']['freelogins_resettimeout'])) - $resettimeout = $config['captiveportal']['freelogins_resettimeout']; - else - return false; - - if ($freeloginscount < 1 || $resettimeout <= 0 || !clientmac) - return false; - - $updatetimeouts = isset($config['captiveportal']['freelogins_updatetimeouts']); - - /* - * Read database of used MACs. Lines are a comma-separated list - * of the time, MAC, then the count of pass-through credits remaining. - */ - $usedmacs = captiveportal_read_usedmacs_db(); - - $currenttime = time(); - $found = false; - foreach ($usedmacs as $key => $usedmac) { - $usedmac = explode(",", $usedmac); - - if ($usedmac[1] == $clientmac) { - if ($usedmac[0] + ($resettimeout * 3600) > $currenttime) { - if ($usedmac[2] < 1) { - if ($updatetimeouts) { - $usedmac[0] = $currenttime; - unset($usedmacs[$key]); - $usedmacs[] = implode(",", $usedmac); - captiveportal_write_usedmacs_db($usedmacs); - } - - return false; - } else { - $usedmac[2] -= 1; - $usedmacs[$key] = implode(",", $usedmac); - } - - $found = true; - } else - unset($usedmacs[$key]); - - break; - } else if ($usedmac[0] + ($resettimeout * 3600) <= $currenttime) - unset($usedmacs[$key]); - } - - if (!$found) { - $usedmac = array($currenttime, $clientmac, $freeloginscount - 1); - $usedmacs[] = implode(",", $usedmac); - } - - captiveportal_write_usedmacs_db($usedmacs); - return true; -} - -function captiveportal_read_usedmacs_db() { - global $g; - - $cpumaclck = lock('captiveusedmacs'); - if (file_exists("{$g['vardb_path']}/captiveportal_usedmacs.db")) { - $usedmacs = file("{$g['vardb_path']}/captiveportal_usedmacs.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); - if (!usedmacs) - $usedmacs = array(); - } else - $usedmacs = array(); - - unlock($cpumaclck); - return $usedmacs; -} - -function captiveportal_write_usedmacs_db($usedmacs) { - global $g; - - $cpumaclck = lock('captiveusedmacs', LOCK_EX); - @file_put_contents("{$g['vardb_path']}/captiveportal_usedmacs.db", implode("\n", $usedmacs)); - unlock($cpumaclck); -} ?> diff --git a/usr/local/pkg/carp_settings.xml b/usr/local/pkg/carp_settings.xml index 075a919..3365bba 100644 --- a/usr/local/pkg/carp_settings.xml +++ b/usr/local/pkg/carp_settings.xml @@ -99,6 +99,12 @@ <type>checkbox</type> </field> <field> + <fielddescr>Synchronize Certificates</fielddescr> + <fieldname>synchronizecerts</fieldname> + <description>When this option is enabled, this system will automatically sync the Certificate Authorities, Certificates, and Certificate Revocation Lists over to the other CARP host when changes are made.</description> + <type>checkbox</type> + </field> + <field> <fielddescr>Synchronize rules</fielddescr> <fieldname>synchronizerules</fieldname> <description>When this option is enabled, this system will automatically sync the firewall rules to the other CARP host when changes are made..</description> @@ -131,7 +137,7 @@ <field> <fielddescr>Synchronize OpenVPN</fielddescr> <fieldname>synchronizeopenvpn</fieldname> - <description>When this option is enabled, this system will automatically sync the OpenVPN configuration to the other CARP host when changes are made.</description> + <description>When this option is enabled, this system will automatically sync the OpenVPN configuration to the other CARP host when changes are made. Using this option implies "Synchronize Certificates" as they are required for OpenVPN.</description> <type>checkbox</type> </field> <field> diff --git a/usr/local/pkg/miniupnpd.inc b/usr/local/pkg/miniupnpd.inc index 2da8c93..f52214b 100644 --- a/usr/local/pkg/miniupnpd.inc +++ b/usr/local/pkg/miniupnpd.inc @@ -1,24 +1,25 @@ <?php + require_once("util.inc"); require_once("config.inc"); require_once("functions.inc"); require_once("shaper.inc"); /* MiniUPnPd */ - function upnp_notice ($msg) { syslog(LOG_NOTICE, "miniupnpd: {$msg}"); } - function upnp_warn ($msg) { syslog(LOG_WARNING, "miniupnpd: {$msg}"); } + function upnp_notice ($msg) { log_error("miniupnpd: {$msg}"); } + function upnp_warn ($msg) { log_error("miniupnpd: {$msg}"); } function upnp_running () { - if((int)exec('pgrep miniupnpd | wc -l') > 0) + if((int)exec('/bin/pgrep -a miniupnpd | /usr/bin/wc -l') > 0) return true; return false; - } + } function upnp_write_config($file, $text) { $handle = fopen($file, 'w'); if(!$handle) { upnp_warn("Could not open {$file} for writing."); - exit; + return; } fwrite($handle, $text); fclose($handle); @@ -26,7 +27,7 @@ function upnp_uuid() { /* md5 hash of wan mac */ - $uuid = md5(exec('arp -an -i '.get_real_interface().' | /usr/bin/cut -d " " -f4')); + $uuid = md5(get_interface_mac(get_real_interface("wan"))); /* put uuid in correct format 8-4-4-4-12 */ return substr($uuid,0,8).'-'.substr($uuid,9,4).'-'.substr($uuid,13,4).'-'.substr($uuid,17,4).'-'.substr($uuid,21,12); } @@ -42,7 +43,8 @@ } function upnp_validate_ip($ip, $check_cdir) { - /* validate cdir */ + /* validate cidr */ + $ip_array = array(); if($check_cdir) { $ip_array = explode('/', $ip); if(count($ip_array) == 2) { @@ -55,11 +57,8 @@ $ip_array[] = $ip; /* validate ip */ - if(!eregi('^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$', $ip_array[0])) + if (!is_ipaddr($ip_array[0])) return false; - foreach(explode('.', $ip_array[0]) as $sub) - if($sub < 0 || $sub > 256) - return false; return true; } @@ -73,15 +72,6 @@ function before_form_miniupnpd($pkg) { global $config; - /* if shaper connection speed defined hide fields */ - if($config['ezshaper']['step2']['download'] && $config['ezshaper']['step2']['upload']) { - $i=0; - foreach ($pkg['fields']['field'] as $field) { - if ($field['fieldname'] == 'download' || $field['fieldname'] == 'upload') - unset($pkg['fields']['field'][$i]); - $i++; - } - } } function validate_form_miniupnpd($post, $input_errors) { @@ -138,49 +128,38 @@ $ifaces_active = ''; /* since config is written before this file invoked we don't need to read post data */ - if($upnp_config['enable'] && $upnp_config['iface_array']) + if($upnp_config['enable'] && !empty($upnp_config['iface_array'])) { $iface_array = explode(',', $upnp_config['iface_array']); - if($iface_array) { foreach($iface_array as $iface) { $if = convert_friendly_interface_to_real_interface_name($iface); /* above function returns iface if fail */ if($if!=$iface) { $addr = find_interface_ip($if); - /* non enabled interfaces are displayed in list on miniupnpd settings page */ /* check that the interface has an ip address before adding parameters */ - if($addr) { + if (is_ipaddr($addr)) { $config_text .= "listening_ip={$addr}\n"; if(!$ifaces_active) { $webgui_ip = $addr; $ifaces_active = $iface; - } else { + } else $ifaces_active .= ", {$iface}"; - } - } else { + } else upnp_warn("Interface {$iface} has no ip address, ignoring"); - } - } else { + } else upnp_warn("Could not resolve real interface for {$iface}"); - } } - if($ifaces_active) { + if (!empty($ifaces_active)) { /* override wan ip address, common for carp, etc */ if($upnp_config['overridewanip']) $config_text .= "ext_ip={$upnp_config['overridewanip']}\n"; - /* if shaper connection speed defined use those values */ - if($config['ezshaper']['step2']['download'] && $config['ezshaper']['step2']['upload']) { - $download = $config['ezshaper']['step2']['download']*1000; - $upload = $config['ezshaper']['step2']['upload']*1000; - } else { - $download = $upnp_config['download']*1000; - $upload = $upnp_config['upload']*1000; - } + $download = $upnp_config['download']*1000; + $upload = $upnp_config['upload']*1000; /* set upload and download bitrates */ - if($download && $upload) { + if(!empty($download) && !empty($upload)) { $config_text .= "bitrate_down={$download}\n"; $config_text .= "bitrate_up={$upload}\n"; } @@ -194,9 +173,9 @@ $config_text .= "system_uptime=yes\n"; /* set webgui url */ - if($config['system']['webgui']['protocol']) { + if(!empty($config['system']['webgui']['protocol'])) { $config_text .= "presentation_url={$config['system']['webgui']['protocol']}://{$webgui_ip}"; - if($config['system']['webgui']['port']) + if(!empty($config['system']['webgui']['port'])) $config_text .= ":{$config['system']['webgui']['port']}"; $config_text .= "/\n"; } @@ -206,7 +185,7 @@ $config_text .= "serial=".strtoupper(substr(upnp_uuid(),0,8))."\n"; /* set model number */ - $config_text .= "model_number=".exec("/bin/cat /etc/version")."\n"; + $config_text .= "model_number=".file_get_contents("/etc/version")."\n"; /* upnp access restrictions */ for($i=1; $i<=4; $i++) { @@ -238,25 +217,23 @@ upnp_action('start'); } /* or restart miniupnpd if settings were changed */ - elseif($_POST['iface_array']) { + else { upnp_notice("Restarting service on interface: {$ifaces_active}"); upnp_action('restart'); } } - } - - if(!$iface_array || !$ifaces_active) { - /* no parameters user does not want miniupnpd running */ + } else { + /* user does not want miniupnpd running */ /* lets stop the service and remove the rc file */ - if(file_exists($config_file)) { + if (file_exists($config_file)) { if(!$upnp_config['enable']) upnp_notice('Stopping service: miniupnpd disabled'); else upnp_notice('Stopping service: no interfaces selected'); upnp_action('stop'); - unlink($config_file); + @unlink($config_file); } } } diff --git a/usr/local/sbin/ovpn-linkup b/usr/local/sbin/ovpn-linkup index f962ac2..60489c2 100755 --- a/usr/local/sbin/ovpn-linkup +++ b/usr/local/sbin/ovpn-linkup @@ -1,7 +1,5 @@ #!/bin/sh -# write nameservers to file needs dns fidnings?! - # let the configuration system know that the ip has changed. #/usr/local/sbin/pfSctl -c "interface newip $interface" /bin/echo $4 > /tmp/$1_router diff --git a/usr/local/www/crash_reporter.php b/usr/local/www/crash_reporter.php new file mode 100755 index 0000000..d423568 --- /dev/null +++ b/usr/local/www/crash_reporter.php @@ -0,0 +1,143 @@ +<?php +/* $Id$ */ +/* + crash_reporter.php + part of pfSense + Copyright (C) 2011 Scott Ullrich + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_MODULE: header +*/ + +##|+PRIV +##|*IDENT=page-diagnostics-crash-reporter +##|*NAME=Crash reporter +##|*DESCR=Uploads crash reports to pfSense and or deletes crash reports. +##|*MATCH=crash_reporter.php* +##|-PRIV + +require("guiconfig.inc"); +require("functions.inc"); +require("captiveportal.inc"); + +define("FILE_SIZE", 450000); + +function upload_crash_report($files) { + global $g; + $post = array(); + $counter = 0; + foreach($files as $file) { + $post["file{$counter}"] = "@{$file}"; + $counter++; + } + $ch = curl_init(); + curl_setopt($ch, CURLOPT_HEADER, 0); + curl_setopt($ch, CURLOPT_VERBOSE, 0); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible;)"); + curl_setopt($ch, CURLOPT_URL, $g['crashreporterurl']); + curl_setopt($ch, CURLOPT_POST, true); + curl_setopt($ch, CURLOPT_POSTFIELDS, $post); + $response = curl_exec($ch); + return $response; +} + +function output_crash_reporter_html($crash_reports) { + echo "<strong>" . gettext("Unfortunately we have detected a kernel crash (panic).") . "</strong></p>"; + echo "If you are unfamiliar with kernel panics wikipedia has information <a target='_new' href='http://en.wikipedia.org/wiki/Kernel_panic'>here</a>.<p/>"; + echo gettext("Would you like to submit the crash debug logs to the pfSense developers for inspection?") . "</p>"; + echo "<p>"; + echo "<i>" . gettext("Please double check the contents to ensure you are comfortable sending this information before clicking Yes.") . "</i><br/>"; + echo "<p>"; + echo gettext("Contents of crash reports") . ":<br/>"; + echo "<textarea readonly rows='40' cols='65' name='crashreports'>{$crash_reports}</textarea>"; + echo "<p/>"; + echo "<input name=\"Submit\" type=\"submit\" class=\"formbtn\" value=\"" . gettext("Yes") . "\">" . gettext(" - Submit this to the developers for inspection"); + echo "<p/><input name=\"Submit\" type=\"submit\" class=\"formbtn\" value=\"" . gettext("No") . "\">" . gettext(" - Just delete the crash report and take me back to the Dashboard"); + echo "<p/>"; + echo "</form>"; +} + +$pgtitle = array(gettext("Diagnostics"),gettext("Crash reporter")); +include('head.inc'); + +$crash_report_header = "Crash report begins. Anonymous machine information:\n\n"; +$crash_report_header .= php_uname("m") . "\n"; +$crash_report_header .= php_uname("r") . "\n"; +$crash_report_header .= php_uname("v") . "\n"; +$crash_report_header .= "\nCrash report details:\n"; + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php include("fbegin.inc"); ?> + + <form action="crash_reporter.php" method="post"> + +<?php + if (gettext($_POST['Submit']) == "Yes") { + echo gettext("Processing..."); + file_put_contents("/var/crash/crashreport_header.txt", $crash_report_header); + exec("/usr/bin/gzip /var/crash/*"); + $files_to_upload = glob("/var/crash/*"); + echo "<p/>"; + echo gettext("Uploading..."); + ob_flush(); + flush(); + if(is_array($files_to_upload)) { + $resp = upload_crash_report($files_to_upload); + exec("rm /var/crash/*"); + echo "<p/>"; + print_r($resp); + echo "<p/><a href='/'>" . gettext("Continue") . "</a>" . gettext(" and delete crash report files from local disk."); + } else { + echo "Could not find any crash files."; + } + } else if(gettext($_POST['Submit']) == "No") { + exec("rm /var/crash/*"); + Header("Location: /"); + exit; + } else { + $crash_files = glob("/var/crash/*"); + $crash_reports = $crash_report_header; + if(is_array($crash_files)) { + foreach($crash_files as $cf) { + if(filesize($cf) < FILE_SIZE) { + $crash_reports .= "\nFilename: {$cf}\n"; + $crash_reports .= file_get_contents($cf); + } + } + } else { + echo "Could not locate any crash data."; + } + output_crash_reporter_html($crash_reports); + } +?> + +<?php include("fend.inc"); ?> + +</body> +</html> diff --git a/usr/local/www/diag_backup.php b/usr/local/www/diag_backup.php index 5892f06..598f4d6 100755 --- a/usr/local/www/diag_backup.php +++ b/usr/local/www/diag_backup.php @@ -355,17 +355,14 @@ if ($_POST) { // Firewall rules $origname = $config['interfaces'][$iface]['descr']; $newname = $config['interfaces'][$iface]['descr'] . "Alias"; - update_alias_names_upon_change('filter', 'rule', 'source', 'address', $newname, $origname); - update_alias_names_upon_change('filter', 'rule', 'destination', 'address', $newname, $origname); + update_alias_names_upon_change(array('filter', 'rule'), array('source', 'address'), $newname, $origname); + update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'address'), $newname, $origname); // NAT Rules - update_alias_names_upon_change('nat', 'rule', 'source', 'address', $newname, $origname); - update_alias_names_upon_change('nat', 'rule', 'source', 'port', $newname, $origname); - update_alias_names_upon_change('nat', 'rule', 'destination', 'address', $newname, $origname); - update_alias_names_upon_change('nat', 'rule', 'destination', 'port', $newname, $origname); - update_alias_names_upon_change('nat', 'rule', 'target', '', $newname, $origname); - update_alias_names_upon_change('nat', 'rule', 'local-port', '', $newname, $origname); + update_alias_names_upon_change(array('nat', 'rule'), array('source', 'address'), $newname, $origname); + update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'address'), $newname, $origname); + update_alias_names_upon_change(array('nat', 'rule'), array('target'), $newname, $origname); // Alias in an alias - update_alias_names_upon_change('aliases', 'alias', 'address', '', $newname, $origname); + update_alias_names_upon_change(array('aliases', 'alias'), array('address'), $newname, $origname); } } } diff --git a/usr/local/www/diag_defaults.php b/usr/local/www/diag_defaults.php index 85c05da..612e02a 100755 --- a/usr/local/www/diag_defaults.php +++ b/usr/local/www/diag_defaults.php @@ -73,7 +73,7 @@ include("head.inc"); <li><?=gettext("Reboot after changes are installed");?></li> <li><?=gettext("WAN interface will be set to obtain an address automatically from a DHCP server");?></li> <li><?=gettext("webConfigurator admin username will be reset to 'admin'");?></li> - <li><?=gettext("webConfigurator admin password will be reset to");?> '<?=$g['product_name']?>'</li> + <li><?=gettext("webConfigurator admin password will be reset to");?> '<?=$g['factory_shipped_password']?>'</li> </ul> <?=gettext("Are you sure you want to proceed?");?></strong></p> diff --git a/usr/local/www/diag_ipsec_xml.php b/usr/local/www/diag_ipsec_xml.php new file mode 100644 index 0000000..4b9d6ea --- /dev/null +++ b/usr/local/www/diag_ipsec_xml.php @@ -0,0 +1,83 @@ +<?php +/* $Id$ */ +/* + diag_ipsec_xml.php + Copyright (C) 2007 pfSense Project + Copyright (C) 2010 Seth Mos + All rights reserved. + + Parts of this code was originally based on vpn_ipsec_sad.php + Copyright (C) 2003-2004 Manuel Kasper + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +##|+PRIV +##|*IDENT=page-ipsecxml +##|*NAME=Diag IPsec XML page +##|*DESCR=Allow access to the 'Diag IPsec XML' page. +##|*MATCH=diag_ipsec_xml.php +##|-PRIV + +global $g; +$nocsrf = true; + +require("guiconfig.inc"); +require("ipsec.inc"); + +if (!is_array($config['ipsec']['phase2'])) + $config['ipsec']['phase2'] = array(); + +$ipsec_status = array(); + +$a_phase2 = &$config['ipsec']['phase2']; + +$spd = ipsec_dump_spd(); +$sad = ipsec_dump_sad(); + +if(is_array($a_phase2)) { + foreach ($a_phase2 as $ph2ent) { + ipsec_lookup_phase1($ph2ent,$ph1ent); + $tunnel = array(); + if (!isset($ph2ent['disabled']) && !isset($ph1ent['disabled'])) { + if(ipsec_phase2_status($spd,$sad,$ph1ent,$ph2ent)) + $tunnel['state'] = "up"; + elseif(!isset($config['ipsec']['enable'])) + $tunnel['state'] = "disabled"; + else + $tunnel['state'] = "down"; + + $tunnel['src'] = ipsec_get_phase1_src($ph1ent); + $tunnel['endpoint'] = $ph1ent['remote-gateway']; + $tunnel['local'] = ipsec_idinfo_to_text($ph2ent['localid']); + $tunnel['remote'] = ipsec_idinfo_to_text($ph2ent['remoteid']); + $tunnel['name'] = "{$ph2ent['descr']}"; + $ipsec_status['tunnel'][] = $tunnel; + } + } +} + +$listtags = array("tunnel"); +$xml = dump_xml_config($ipsec_status, "ipsec"); + +echo $xml; +?> diff --git a/usr/local/www/diag_limiter_info.php b/usr/local/www/diag_limiter_info.php index 1d4ca28..6f525dc 100644 --- a/usr/local/www/diag_limiter_info.php +++ b/usr/local/www/diag_limiter_info.php @@ -71,7 +71,7 @@ include("head.inc"); }); } function activitycallback(transport) { - $('limiteractivitydiv').innerHTML = '<font face="Courier"><font size="2"><b><pre>' + transport.responseText + '</pre></font>'; + $('limiteractivitydiv').innerHTML = '<font face="Courier"><font size="2"><b><pre style="text-align:left;">' + transport.responseText + '</pre></font>'; setTimeout('getlimiteractivity()', 2000); } setTimeout('getlimiteractivity()', 5000); diff --git a/usr/local/www/diag_logs_ipsec.php b/usr/local/www/diag_logs_ipsec.php index b0bba94..560cd1a 100755 --- a/usr/local/www/diag_logs_ipsec.php +++ b/usr/local/www/diag_logs_ipsec.php @@ -54,6 +54,8 @@ $replace = array(); if(is_array($config['ipsec']['phase1'])) foreach($config['ipsec']['phase1'] as $ph1ent) { $gateway = ipsec_get_phase1_dst($ph1ent); + if(!is_ipaddr($gateway)) + continue; $search[] = "/(racoon: )([A-Z:].*?)({$gateway}\[[0-9].+\]|{$gateway})(.*)/i"; $replace[] = "$1<strong>[{$ph1ent['descr']}]</strong>: $2$3$4"; } diff --git a/usr/local/www/diag_packet_capture.php b/usr/local/www/diag_packet_capture.php index 835b99b..8a9cb41 100644 --- a/usr/local/www/diag_packet_capture.php +++ b/usr/local/www/diag_packet_capture.php @@ -117,8 +117,18 @@ include("fbegin.inc"); <select name="interface"> <?php $interfaces = get_configured_interface_with_descr(); - foreach ($interfaces as $iface => $ifacename): -?> + if (isset($config['ipsec']['enable'])) + $interfaces['ipsec'] = "IPsec"; + foreach (array('server', 'client') as $mode) { + if (is_array($config['openvpn']["openvpn-{$mode}"])) { + foreach ($config['openvpn']["openvpn-{$mode}"] as $id => $setting) { + if (!isset($setting['disable'])) { + $interfaces['ovpn' . substr($mode, 0, 1) . $setting['vpnid']] = gettext("OpenVPN") . " ".$mode.": ".htmlspecialchars($setting['description']); + } + } + } + } + foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?php if ($selectedif == $iface) echo "selected"; ?>> <?php echo $ifacename;?> </option> diff --git a/usr/local/www/diag_pf_info.php b/usr/local/www/diag_pf_info.php index 633cd1e..cba9727 100644 --- a/usr/local/www/diag_pf_info.php +++ b/usr/local/www/diag_pf_info.php @@ -75,7 +75,7 @@ include("head.inc"); }); } function activitycallback(transport) { - $('cpuactivitydiv').innerHTML = '<font face="Courier"><font size="2"><b><pre>' + transport.responseText + '</pre></font>'; + $('cpuactivitydiv').innerHTML = '<font face="Courier"><font size="2"><b><pre style="text-align:left;">' + transport.responseText + '</pre></font>'; setTimeout('getcpuactivity()', 2000); } setTimeout('getcpuactivity()', 5000); diff --git a/usr/local/www/diag_smart.php b/usr/local/www/diag_smart.php index 05239fa..d3da72b 100644 --- a/usr/local/www/diag_smart.php +++ b/usr/local/www/diag_smart.php @@ -256,7 +256,7 @@ switch($action) default: { // Get all AD* and DA* (IDE and SCSI) devices currently installed and stores them in the $devs array - exec("ls /dev | grep '^[ad][da]*[0-9]$'", $devs); + exec("ls /dev | grep '^[ad][da][0-9]\{1,2\}$'", $devs); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> diff --git a/usr/local/www/diag_system_activity.php b/usr/local/www/diag_system_activity.php index b94dc92..e1e8003 100644 --- a/usr/local/www/diag_system_activity.php +++ b/usr/local/www/diag_system_activity.php @@ -70,7 +70,7 @@ include("head.inc"); }); } function activitycallback(transport) { - $('cpuactivitydiv').innerHTML = '<font face="Courier"><font size="2"><b><pre>' + transport.responseText + '</pre></font>'; + $('cpuactivitydiv').innerHTML = '<font face="Courier"><font size="2"><b><pre style="text-align:left;">' + transport.responseText + '</pre></font>'; setTimeout('getcpuactivity()', 2500); } setTimeout('getcpuactivity()', 1000); diff --git a/usr/local/www/diag_system_pftop.php b/usr/local/www/diag_system_pftop.php index a064f27..af0a581 100644 --- a/usr/local/www/diag_system_pftop.php +++ b/usr/local/www/diag_system_pftop.php @@ -77,7 +77,7 @@ else }); } function activitycallback(transport) { - $('cpuactivitydiv').innerHTML = '<font face="Courier"><font size="2"><b><pre>' + transport.responseText + '</pre></font>'; + $('cpuactivitydiv').innerHTML = '<font face="Courier"><font size="2"><b><pre style="text-align:left;">' + transport.responseText + '</pre></font>'; setTimeout('getcpuactivity()', 2500); } setTimeout('getcpuactivity()', 1000); diff --git a/usr/local/www/edit.php b/usr/local/www/edit.php index 3b94d69..942904a 100644 --- a/usr/local/www/edit.php +++ b/usr/local/www/edit.php @@ -29,6 +29,13 @@ pfSense_MODULE: shell */ +##|+PRIV +##|*IDENT=page-diagnostics-edit +##|*NAME=Diagnostics: Edit FIle +##|*DESCR=Allow access to the 'Diagnostics: Edit File' page. +##|*MATCH=edit.php* +##|-PRIV + $pgtitle = array(gettext("Diagnostics"), gettext("Edit file")); require("guiconfig.inc"); diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index 8183797..8687e3a 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -212,6 +212,8 @@ $diagnostics_menu = msort(array_merge($diagnostics_menu, return_ext_menu("Diagno if(! $g['disablehelpmenu']) { $help_menu = array(); $help_menu[] = array(gettext("About this Page"), $helpurl); + if($g['product_name'] == "pfSense") + $help_menu[] = array(gettext("Bug Database"), "http://www.pfsense.org/j.php?jumpto=redmine"); $help_menu[] = array(gettext("User Forum"), "http://www.pfsense.org/j.php?jumpto=forum"); $help_menu[] = array(gettext("Documentation"), "http://www.pfsense.org/j.php?jumpto=doc"); $help_menu[] = array(gettext("Developers Wiki"), "http://www.pfsense.org/j.php?jumpto=devwiki"); @@ -387,7 +389,7 @@ if ($_REQUEST['noticeaction'] == 'acknowledge') { $notices = get_notices(); if(!$notices) { $need_alert_display = true; - $display_text = print_notices() . "<br>"; + $display_text = print_notices($notices) . "<br>"; } } if($need_alert_display == true) { diff --git a/usr/local/www/firewall_aliases.php b/usr/local/www/firewall_aliases.php index b72e3c4..4a16bac 100755 --- a/usr/local/www/firewall_aliases.php +++ b/usr/local/www/firewall_aliases.php @@ -75,80 +75,30 @@ if ($_GET['act'] == "del") { $is_alias_referenced = false; $referenced_by = false; $alias_name = $a_aliases[$_GET['id']]['name']; - if(is_array($config['nat']['rule'])) { - foreach($config['nat']['rule'] as $rule) { - if($rule['localip'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - } - } - if($is_alias_referenced == false) { - if(is_array($config['filter']['rule'])) { - foreach($config['filter']['rule'] as $rule) { - if($rule['source']) { - if($rule['source']['address'] && $rule['source']['address'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - if($rule['source']['port'] && $rule['source']['port'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - if($rule['destination']['address'] && $rule['destination']['address'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - } - if($rule['destination']) - if($rule['destination']['port'] && $rule['destination']['port'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - } - } - } - if($is_alias_referenced == false) { - if(is_array($config['nat']['rule'])) { - foreach($config['nat']['rule'] as $rule) { - if($rule['source']['address'] && $rule['source']['address'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - if($rule['source']['port'] && $rule['source']['port'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - if($rule['destination']['address'] && $rule['destination']['address'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - if($rule['destination']['port'] && $rule['destination']['port'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - if($rule['target'] && $rule['target'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - if($rule['local-port'] && $rule['local-port'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - } - } - } + // Firewall rules + find_alias_reference(array('filter', 'rule'), array('source', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('filter', 'rule'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('filter', 'rule'), array('source', 'port'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('filter', 'rule'), array('destination', 'port'), $alias_name, $is_alias_referenced, $referenced_by); + // NAT Rules + find_alias_reference(array('nat', 'rule'), array('source', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'rule'), array('source', 'port'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'rule'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'rule'), array('destination', 'port'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'rule'), array('target'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'rule'), array('local-port'), $alias_name, $is_alias_referenced, $referenced_by); + // NAT 1:1 Rules + //find_alias_reference(array('nat', 'onetoone'), array('external'), $alias_name, $is_alias_referenced, $referenced_by); + //find_alias_reference(array('nat', 'onetoone'), array('source', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'onetoone'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + // NAT Outbound Rules + find_alias_reference(array('nat', 'advancedoutbound', 'rule'), array('source', 'network'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'advancedoutbound', 'rule'), array('sourceport'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'advancedoutbound', 'rule'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'advancedoutbound', 'rule'), array('dstport'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'advancedoutbound', 'rule'), array('target'), $alias_name, $is_alias_referenced, $referenced_by); + // Alias in an alias + find_alias_reference(array('aliases', 'alias'), array('address'), $alias_name, $is_alias_referenced, $referenced_by); if($is_alias_referenced == true) { $savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s"), $referenced_by); } else { @@ -162,6 +112,41 @@ if ($_GET['act'] == "del") { } } +function find_alias_reference($section, $field, $origname, &$is_alias_referenced, &$referenced_by) { + global $config; + if(!$origname || $is_alias_referenced) + return; + + $sectionref = &$config; + foreach($section as $sectionname) { + if(is_array($sectionref) && isset($sectionref[$sectionname])) + $sectionref = &$sectionref[$sectionname]; + else + return; + } + + if(is_array($sectionref)) { + foreach($sectionref as $itemkey => $item) { + $fieldfound = true; + $fieldref = &$sectionref[$itemkey]; + foreach($field as $fieldname) { + if(is_array($fieldref) && isset($fieldref[$fieldname])) + $fieldref = &$fieldref[$fieldname]; + else { + $fieldfound = false; + break; + } + } + if($fieldfound && $fieldref == $origname) { + $is_alias_referenced = true; + if(is_array($item)) + $referenced_by = $item['descr']; + break; + } + } + } +} + $pgtitle = array(gettext("Firewall"),gettext("Aliases")); include("head.inc"); diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index 3710644..33d124e 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -293,17 +293,29 @@ if ($_POST) { */ if ($_POST['name'] <> $_POST['origname']) { // Firewall rules - update_alias_names_upon_change('filter', 'rule', 'source', 'address', $_POST['name'], $origname); - update_alias_names_upon_change('filter', 'rule', 'destination', 'address', $_POST['name'], $origname); + update_alias_names_upon_change(array('filter', 'rule'), array('source', 'address'), $_POST['name'], $origname); + update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'address'), $_POST['name'], $origname); + update_alias_names_upon_change(array('filter', 'rule'), array('source', 'port'), $_POST['name'], $origname); + update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'port'), $_POST['name'], $origname); // NAT Rules - update_alias_names_upon_change('nat', 'rule', 'source', 'address', $_POST['name'], $origname); - update_alias_names_upon_change('nat', 'rule', 'source', 'port', $_POST['name'], $origname); - update_alias_names_upon_change('nat', 'rule', 'destination', 'address', $_POST['name'], $origname); - update_alias_names_upon_change('nat', 'rule', 'destination', 'port', $_POST['name'], $origname); - update_alias_names_upon_change('nat', 'rule', 'target', '', $_POST['name'], $origname); - update_alias_names_upon_change('nat', 'rule', 'local-port', '' , $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'rule'), array('source', 'address'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'rule'), array('source', 'port'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'address'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'port'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'rule'), array('target'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'rule'), array('local-port'), $_POST['name'], $origname); + // NAT 1:1 Rules + //update_alias_names_upon_change(array('nat', 'onetoone'), array('external'), $_POST['name'], $origname); + //update_alias_names_upon_change(array('nat', 'onetoone'), array('source', 'address'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'onetoone'), array('destination', 'address'), $_POST['name'], $origname); + // NAT Outbound Rules + update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('source', 'network'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('sourceport'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('destination', 'address'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('dstport'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('target'), $_POST['name'], $origname); // Alias in an alias - update_alias_names_upon_change('aliases', 'alias', 'address', '' , $_POST['name'], $origname); + update_alias_names_upon_change(array('aliases', 'alias'), array('address'), $_POST['name'], $origname); } if (isset($id) && $a_aliases[$id]) { diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index 1a3ce77..135dd99 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -284,9 +284,8 @@ function typesel_change() { if(have_ruleint_access("pptp")) $interfaces['pptp'] = "PPTP VPN"; - if ($config['pppoe']['mode'] == "server") - if(have_ruleint_access("pppoe")) - $interfaces['pppoe'] = "PPPoE VPN"; + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) + $interfaces['pppoe'] = "PPPoE VPN"; /* add ipsec interfaces */ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) @@ -413,7 +412,7 @@ function typesel_change() { <tr> <td><?=gettext("Address:"); ?> </td> <td> - <input name="dst" type="text" class="formfld" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> + <input name="dst" type="text" autocomplete="off" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> / <select name="dstmask" class="formselect" id="dstmask"> <?php diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 125a34f..361d324 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -478,9 +478,8 @@ include("fbegin.inc"); ?> if(have_ruleint_access("pptp")) $interfaces['pptp'] = "PPTP VPN"; - if ($config['pppoe']['mode'] == "server") - if(have_ruleint_access("pppoe")) - $interfaces['pppoe'] = "PPPoE VPN"; + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) + $interfaces['pppoe'] = "PPPoE VPN"; /* add ipsec interfaces */ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) @@ -670,7 +669,7 @@ include("fbegin.inc"); ?> <tr> <td><?=gettext("Address:"); ?> </td> <td> - <input name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> + <input autocomplete='off' name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> / <select name="dstmask" class="formselect" id="dstmask"> <?php diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index 85c4550..4649795 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -145,22 +145,24 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { } } /* PPPoE subnet */ - if($config['pppoe']['mode'] == "server") { - if (is_ipaddr($config['pppoe']['localip'])) { - if($config['pppoe']['pppoe_subnet'] <> "") - $ossubnet = $config['pppoe']['pppoe_subnet']; - else - $ossubnet = "32"; - $osn = gen_subnet($config['pppoe']['localip'], $ossubnet); - $natent = array(); - $natent['source']['network'] = "{$osn}/{$ossubnet}"; - $natent['sourceport'] = ""; - $natent['descr'] = gettext("Auto created rule for PPPoE server"); - $natent['target'] = ""; - $natent['interface'] = $if2; - $natent['destination']['any'] = true; - $natent['natport'] = ""; - $a_out[] = $natent; + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { + foreach ($config['pppoes']['pppoe'] as $pppoes) { + if (($pppoes['mode'] == "server") && is_ipaddr($pppoes['localip'])) { + if($pppoes['pppoe_subnet'] <> "") + $ossubnet = $pppoes['pppoe_subnet']; + else + $ossubnet = "32"; + $osn = gen_subnet($pppoes['localip'], $ossubnet); + $natent = array(); + $natent['source']['network'] = "{$osn}/{$ossubnet}"; + $natent['sourceport'] = ""; + $natent['descr'] = gettext("Auto created rule for PPPoE server"); + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $a_out[] = $natent; + } } } /* L2TP subnet */ @@ -445,14 +447,18 @@ include("head.inc"); </tr> <tr> <td colspan="12"> - <p><span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br> - </strong></span><?=gettext("If advanced outbound NAT is enabled, no outbound NAT " . - "rules will be automatically generated any longer. Instead, only the mappings " . - "you specify below will be used. With advanced outbound NAT disabled, " . - "a mapping is automatically created for each interface's subnet " . - "(except WAN). If you use target addresses other than the WAN interface's " . - "IP address, then depending on the way your WAN connection is setup, you " . - "may also need a"); ?> <a href="firewall_virtual_ip.php"><?=gettext("Virtual IP."); ?></a></span><br> + <p><span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br> + </strong></span> + <?=gettext("With automatic outbound NAT enabled, a mapping is automatically created " . + "for each interface's subnet (except WAN-type connections) and the rules " . + "on this page are ignored.<br/><br/> " . + "If manual outbound NAT is enabled, outbound NAT rules will not be " . + "automatically generated and only the mappings you specify on this page " . + "will be used. <br/><br/> " . + "If a target address other than a WAN-type interface's IP address is used, " . + "then depending on the way the WAN connection is setup, a "); ?> + <a href="firewall_virtual_ip.php"><?=gettext("Virtual IP"); ?></a> + <?= gettext(" may also be required.") ?></span><br> </td> </tr> diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index f03bded..db6d03d 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -72,6 +72,8 @@ if (isset($_GET['dup'])) { if (isset($id) && $a_out[$id]) { $pconfig['protocol'] = $a_out[$id]['protocol']; list($pconfig['source'],$pconfig['source_subnet']) = explode('/', $a_out[$id]['source']['network']); + if (!is_numeric($pconfig['source_subnet'])) + $pconfig['source_subnet'] = 32; $pconfig['sourceport'] = $a_out[$id]['sourceport']; address_to_pconfig($a_out[$id]['destination'], $pconfig['destination'], $pconfig['destination_subnet'], $pconfig['destination_not'], @@ -122,28 +124,25 @@ if ($_POST) { $protocol_uses_ports = in_array($_POST['protocol'], explode(" ", "any tcp udp tcp/udp")); - if($protocol_uses_ports && $_POST['sourceport'] <> "" && !is_port($_POST['sourceport'])) - $input_errors[] = gettext("You must supply either a valid port for the source port entry."); + if($protocol_uses_ports && $_POST['sourceport'] <> "" && !is_portoralias($_POST['sourceport'])) + $input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry."); - if($protocol_uses_ports and $_POST['dstport'] <> "" and !is_port($_POST['dstport'])) - $input_errors[] = gettext("You must supply either a valid port for the destination port entry."); + if($protocol_uses_ports and $_POST['dstport'] <> "" and !is_portoralias($_POST['dstport'])) + $input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry."); if($protocol_uses_ports and $_POST['natport'] <> "" and !is_port($_POST['natport']) and !isset($_POST['nonat'])) - $input_errors[] = gettext("You must supply either a valid port for the nat port entry."); + $input_errors[] = gettext("You must supply a valid port for the nat port entry."); if ($_POST['source_type'] != "any") { - if ($_POST['source'] && !is_ipaddr($_POST['source']) && $_POST['source'] <> "any") { + if ($_POST['source'] && !is_ipaddroralias($_POST['source']) && $_POST['source'] <> "any") { $input_errors[] = gettext("A valid source must be specified."); } } if ($_POST['source_subnet'] && !is_numericint($_POST['source_subnet'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } - if ($protocol_uses_ports && $_POST['sourceport'] && !is_numericint($_POST['sourceport'])) { - $input_errors[] = gettext("A valid source port must be specified."); - } if ($_POST['destination_type'] != "any") { - if ($_POST['destination'] && !is_ipaddr($_POST['destination'])) { + if ($_POST['destination'] && !is_ipaddroralias($_POST['destination'])) { $input_errors[] = gettext("A valid destination must be specified."); } } @@ -185,6 +184,8 @@ if ($_POST) { /* if user has selected any as source, set it here */ if($_POST['source_type'] == "any") { $osn = "any"; + } else if(is_alias($_POST['source'])) { + $osn = $_POST['source']; } else { $osn = gen_subnet($_POST['source'], $_POST['source_subnet']) . "/" . $_POST['source_subnet']; } @@ -192,6 +193,8 @@ if ($_POST) { /* check for existing entries */ if ($_POST['destination_type'] == "any") { $ext = "any"; + } else if(is_alias($_POST['destination'])) { + $ext = $_POST['destination']; } else { $ext = gen_subnet($_POST['destination'], $_POST['destination_subnet']) . "/" . $_POST['destination_subnet']; } @@ -285,6 +288,8 @@ include("head.inc"); ?> +<script type="text/javascript" src="/javascript/suggestions.js"></script> +<script type="text/javascript" src="/javascript/autosuggest.js"></script> <script language="JavaScript"> <!-- var portsenabled = 1; @@ -407,9 +412,8 @@ function poolopts_change() { if(have_ruleint_access("pptp")) $interfaces['pptp'] = "PPTP VPN"; - if ($config['pppoe']['mode'] == "server") - if(have_ruleint_access("pppoe")) - $interfaces['pppoe'] = "PPPoE VPN"; + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) + $interfaces['pppoe'] = "PPPoE VPN"; /* add ipsec interfaces */ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) @@ -454,7 +458,7 @@ function poolopts_change() { </select> </td></tr> <td><?=gettext("Address:");?> </td> - <td><input name="source" type="text" class="formfld unknown" id="source" size="20" value="<?=htmlspecialchars($pconfig['source']);?>">/<select name="source_subnet" class="formfld" id="source_subnet"> + <td><input name="source" type="text" autocomplete="off" class="formfldalias" id="source" size="20" value="<?=htmlspecialchars($pconfig['source']);?>">/<select name="source_subnet" class="formfld" id="source_subnet"> <?php for ($i = 32; $i >= 0; $i--): ?> <option value="<?=$i;?>"<?php if ($i == $pconfig['source_subnet']) echo " selected"; ?>><?=$i;?></option> <?php endfor; ?> @@ -466,7 +470,7 @@ function poolopts_change() { </tr> <tr name="sport_tr" id="sport_tr"> <td><?=gettext("Source port:");?> </td> - <td><input name="sourceport" type="text" class="formfld unknown" id="sourceport" size="5" value="<?=htmlspecialchars($pconfig['sourceport']);?>"> <?=gettext("(leave + <td><input name="sourceport" type="text" autocomplete="off" class="formfldalias" id="sourceport" size="5" value="<?=htmlspecialchars($pconfig['sourceport']);?>"> <?=gettext("(leave blank for any)");?></td> </tr> </table></td> @@ -490,7 +494,7 @@ blank for any)");?></td> </tr> <tr> <td><?=gettext("Address:");?> </td> - <td><input name="destination" type="text" class="formfld unknown" id="destination" size="20" value="<?=htmlspecialchars($pconfig['destination']);?>"> + <td><input name="destination" type="text" autocomplete="off" class="formfldalias" id="destination" size="20" value="<?=htmlspecialchars($pconfig['destination']);?>"> / <select name="destination_subnet" class="formselect" id="destination_subnet"> <?php for ($i = 32; $i >= 0; $i--): ?> @@ -505,7 +509,7 @@ blank for any)");?></td> </tr> <tr name="dport_tr" id="dport_tr"> <td><?=gettext("Destination port:");?> </td> - <td><input name="dstport" type="text" class="formfld unknown" id="dstport" size="5" value="<?=htmlspecialchars($pconfig['dstport']);?>"> <?=gettext("(leave blank for + <td><input name="dstport" type="text" autocomplete="off" class="formfldalias" id="dstport" size="5" value="<?=htmlspecialchars($pconfig['dstport']);?>"> <?=gettext("(leave blank for any)");?></td> </tr> </table> @@ -635,6 +639,41 @@ staticportchange(); nonat_change(); proto_change(); poolopts_change(); + +<?php + $isfirst = 0; + $aliases = ""; + $addrisfirst = 0; + $aliasesaddr = ""; + if($config['aliases']['alias'] <> "" and is_array($config['aliases']['alias'])) + foreach($config['aliases']['alias'] as $alias_name) { + switch ($alias_name['type']) { + case "port": + if($isfirst == 1) $portaliases .= ","; + $portaliases .= "'" . $alias_name['name'] . "'"; + $isfirst = 1; + break; + case "host": + case "network": + case "openvpn": + case "urltable": + if($addrisfirst == 1) $aliasesaddr .= ","; + $aliasesaddr .= "'" . $alias_name['name'] . "'"; + $addrisfirst = 1; + break; + default: + break; + } + } +?> + + var addressarray=new Array(<?php echo $aliasesaddr; ?>); + var customarray=new Array(<?php echo $portaliases; ?>); + + var oTextbox1 = new AutoSuggestControl(document.getElementById("source"), new StateSuggestions(addressarray)); + var oTextbox2 = new AutoSuggestControl(document.getElementById("sourceport"), new StateSuggestions(customarray)); + var oTextbox3 = new AutoSuggestControl(document.getElementById("destination"), new StateSuggestions(addressarray)); + var oTextbox4 = new AutoSuggestControl(document.getElementById("dstport"), new StateSuggestions(customarray)); //--> </script> <?php include("fend.inc"); ?> diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index a0b34b4..8fa4670 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -162,9 +162,11 @@ if ($config['pptpd']['mode'] == "server") if(have_ruleint_access("pptp")) $iflist['pptp'] = "PPTP VPN"; -if ($config['pppoe']['mode'] == "server") - if(have_ruleint_access("pppoe")) - $iflist['pppoe'] = "PPPoE VPN"; +if (is_array($config['pppoes']['pppoe'])) { + foreach ($config['pppoes']['pppoe'] as $pppoes) + if (($pppoes['mode'] == 'server') && have_ruleint_access("pppoe")) + $iflist['pppoe'] = "PPPoE Server"; +} /* add ipsec interfaces */ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) @@ -192,7 +194,7 @@ if ($_POST) { clear_subsystem_dirty('filter'); - $savemsg = sprintf(gettext("The settings have been applied. The firewall rules are now reloading in the background. You can also %s monitor %s the reload progress"),"<a href='status_filter_reload.php'>","</a>"); + $savemsg = sprintf(gettext("The settings have been applied. The firewall rules are now reloading in the background.<br/>You can also %s monitor %s the reload progress"),"<a href='status_filter_reload.php'>","</a>"); } } diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 8933344..29b0336 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -196,6 +196,9 @@ if ($_POST) { if ($_POST['type'] == "reject" && $_POST['proto'] <> "tcp") $input_errors[] = gettext("Reject type rules only works when the protocol is set to TCP."); + if ($_POST['type'] == "match" && $_POST['defaultqueue'] == "none") + $input_errors[] = gettext("Queue type rules only work with queues."); + if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) { $_POST['srcbeginport'] = 0; $_POST['srcendport'] = 0; @@ -602,6 +605,9 @@ include("head.inc"); <?=htmlspecialchars($type);?> </option> <?php endforeach; ?> +<?php if ($if == "FloatingRules" || isset($pconfig['floating'])): ?> + <option value="match" <?php if ("match" == strtolower($pconfig['type'])) echo "selected"; ?>>Queue</option> +<?php endif; ?> </select> <br/> <span class="vexpl"> @@ -683,9 +689,8 @@ include("head.inc"); if(have_ruleint_access("pptp")) $interfaces['pptp'] = "PPTP VPN"; - if ($config['pppoe']['mode'] == "server") - if(have_ruleint_access("pppoe")) - $interfaces['pppoe'] = "PPPoE VPN"; + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) + $interfaces['pppoe'] = "PPPoE VPN"; /* add ipsec interfaces */ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) if(have_ruleint_access("enc0")) @@ -905,7 +910,7 @@ include("head.inc"); <tr> <td><?=gettext("Address:");?> </td> <td> - <input <?=$edit_disabled;?> name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> + <input <?=$edit_disabled;?> autocomplete='off' name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> / <select <?=$edit_disabled;?> name="dstmask" class="formselect" id="dstmask"> <?php @@ -1122,7 +1127,7 @@ include("head.inc"); <br/><center> <input onClick='tcpflags_anyclick(this);' type='checkbox' name='tcpflags_any' value='on' <?php if ($pconfig['tcpflags_any']) echo "checked"; ?>><strong><?=gettext("Any flags.");?></strong><br/></center> <br/> - <span class="vexpl"><?=gettext("Use this to choose TCP flags that must". + <span class="vexpl"><?=gettext("Use this to choose TCP flags that must ". "be set or cleared for this rule to match.");?></span> </div> </td> @@ -1314,7 +1319,10 @@ include("head.inc"); $qselected = 1; echo " SELECTED"; } - echo ">{$q}</option>"; + if (isset($ifdisp[$q])) + echo ">{$ifdisp[$q]}</option>"; + else + echo ">{$q}</option>"; } ?> </select> / @@ -1332,7 +1340,10 @@ include("head.inc"); $qselected = 1; echo " SELECTED"; } - echo ">{$q}</option>"; + if (isset($ifdisp[$q])) + echo ">{$ifdisp[$q]}</option>"; + else + echo ">{$q}</option>"; } ?> </select> diff --git a/usr/local/www/firewall_shaper_vinterface.php b/usr/local/www/firewall_shaper_vinterface.php index 865f048..5222771 100644 --- a/usr/local/www/firewall_shaper_vinterface.php +++ b/usr/local/www/firewall_shaper_vinterface.php @@ -71,10 +71,12 @@ if ($_GET) { if ($_POST) { if ($_POST['name']) $qname = htmlspecialchars(trim($_POST['name'])); + else if ($_POST['newname']) + $qname = htmlspecialchars(trim($_POST['name'])); if ($_POST['pipe']) $pipe = htmlspecialchars(trim($_POST['pipe'])); else - $pipe = htmlspecialchars(trim($_POST['name'])); + $pipe = htmlspecialchars(trim($qname)); if ($_POST['parentqueue']) $parentqueue = htmlspecialchars(trim($_POST['parentqueue'])); } @@ -94,12 +96,25 @@ if ($_GET) { switch ($action) { case "delete": if ($queue) { - $queue->delete_queue(); - write_config(); - mark_subsystem_dirty('shaper'); + if (is_array($config['filter']['rule'])) { + foreach ($config['filter']['rule'] as $rule) { + if ($rule['dnpipe'] == $queue->GetNumber() || $rule['pdnpipe'] == $queue->GetNumber()) + $input_errors[] = gettext("This pipe/queue is referenced in filter rules, please remove references from there before deleteing."); + } + } + if (!$input_errors) { + $queue->delete_queue(); + write_config(); + mark_subsystem_dirty('shaper'); + header("Location: firewall_shaper_vinterface.php"); + exit; + } + $output_form .= $queue->build_form(); + } else { + $input_errors[] = gettext("No queue with name {$qname} was found!"); + $output_form .= "<p class=\"pgtitle\">" . $dn_default_shaper_msg."</p>"; + $dontshow = true; } - header("Location: firewall_shaper_vinterface.php"); - exit; break; case "resetall": foreach ($dummynet_pipe_list as $dn) diff --git a/usr/local/www/graph_cpu.php b/usr/local/www/graph_cpu.php index 3908153..9c6dbd7 100644 --- a/usr/local/www/graph_cpu.php +++ b/usr/local/www/graph_cpu.php @@ -39,6 +39,8 @@ ##|*MATCH=graph_cpu.php* ##|-PRIV +require_once("guiconfig.inc"); + header("Last-Modified: " . gmdate( "D, j M Y H:i:s" ) . " GMT" ); header("Expires: " . gmdate( "D, j M Y H:i:s", time() ) . " GMT" ); header("Cache-Control: no-store, no-cache, must-revalidate" ); // HTTP/1.1 diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index c6a58b3..6b3aefd 100755 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -418,8 +418,15 @@ function print_info_box($msg) { function get_std_save_message($ok) { global $d_sysrebootreqd_path; - - return "The changes have been applied successfully. You can also <a href='status_filter_reload.php'>monitor</a> the filter reload progress."; + $filter_related = false; + $filter_pages = array("nat", "filter"); + $to_return = "The changes have been applied successfully."; + foreach($filter_pages as $fp) + if(stristr($_SERVER['SCRIPT_FILENAME'], $fp)) + $filter_related = true; + if($filter_related) + $to_return .= "<br/>You can also <a href='status_filter_reload.php'>monitor</a> the filter reload progress."; + return $to_return; } function pprint_address($adr) { diff --git a/usr/local/www/head.inc b/usr/local/www/head.inc index e4a7a95..97c7111 100755 --- a/usr/local/www/head.inc +++ b/usr/local/www/head.inc @@ -62,7 +62,7 @@ $pagetitle = gentitle( $pgtitle ); * Coded by: Erik Kristensen */ - $dir = trim(basename($_SERVER["SCRIPT_FILENAME"]), '.php'); + $dir = trim(basename($_SERVER["SCRIPT_FILENAME"], '.php')); $path = "{$g['www_path']}/javascript/" . $dir . "/"; if (is_dir($path)) { if ($dh = opendir($path)) { diff --git a/usr/local/www/headjs.php b/usr/local/www/headjs.php index 063d9bc..eacaa23 100644 --- a/usr/local/www/headjs.php +++ b/usr/local/www/headjs.php @@ -34,6 +34,8 @@ ##|*MATCH=headjs.php* ##|-PRIV +require_once("guiconfig.inc"); + function getHeadJS() { global $_SERVER, $HTTP_SERVER_VARS, $g, $use_loader_tab_gif; @@ -163,4 +165,4 @@ function getHeadJS() { return $headjs; } -?>
\ No newline at end of file +?> diff --git a/usr/local/www/help.php b/usr/local/www/help.php index 59cc905..a89a551 100644 --- a/usr/local/www/help.php +++ b/usr/local/www/help.php @@ -4,6 +4,8 @@ * */ +require_once("guiconfig.inc"); + /* Define hash of jumpto url maps */ /* Links to categories could probably be more specific. */ diff --git a/usr/local/www/index.php b/usr/local/www/index.php index c1fdc26..92376e5 100755 --- a/usr/local/www/index.php +++ b/usr/local/www/index.php @@ -56,6 +56,21 @@ require_once('functions.inc'); require_once('guiconfig.inc'); require_once('notices.inc'); +if($g['disablecrashreporter'] != true) { + // Check to see if we have a crash report + $crash = glob("/var/crash/*"); + $x = 0; + $skip_files = array(".", "..", "minfree", ""); + if(is_array($crash)) { + foreach($crash as $c) { + if (!in_array(basename($c), $skip_files)) + $x++; + } + if($x > 0) + $savemsg = "{$g['product_name']} has detected a crash report. Click <a href='crash_reporter.php'>here</a> for more information."; + } +} + ##build list of widgets $directory = "/usr/local/www/widgets/widgets/"; $dirhandle = opendir($directory); @@ -451,6 +466,10 @@ include("fbegin.inc"); echo $jscriptstr; if(!file_exists("/usr/local/www/themes/{$g['theme']}/no_big_logo")) echo "<center><img src=\"./themes/".$g['theme']."/images/logobig.jpg\"></center><br>"; + +if ($savemsg) + print_info_box($savemsg); + ?> <div id="widgetcontainer" style="display:none"> <div id="content1"><h1><?=gettext("Available Widgets"); ?></h1><p><?php diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 98d449b..d1fa6f7 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -517,7 +517,12 @@ if ($_POST['apply']) { if (in_array($wancfg['ipaddr'], array("ppp", "pppoe", "pptp", "l2tp"))) { $wancfg['if'] = $a_ppps[$pppid]['ports']; unset($a_ppps[$pppid]); + } else if ($wancfg['type'] == "dhcp") { + $pid = find_dhclient_process($realif); + if($pid) + posix_kill($pid, SIGTERM); } + } $ppp = array(); if ($wancfg['ipaddr'] != "ppp") diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php index 3d2cec0..5dca193 100755 --- a/usr/local/www/interfaces_assign.php +++ b/usr/local/www/interfaces_assign.php @@ -298,7 +298,7 @@ if ($_GET['act'] == "del") { * then ensure that we are not running DHCP on the wan which * will make a lot of ISP's unhappy. */ - if($config['interfaces']['lan']) { + if($config['interfaces']['lan'] && $config['dhcpd']['wan']) { unset($config['dhcpd']['wan']); } diff --git a/usr/local/www/interfaces_bridge_edit.php b/usr/local/www/interfaces_bridge_edit.php index ec48bc9..91085a8 100644 --- a/usr/local/www/interfaces_bridge_edit.php +++ b/usr/local/www/interfaces_bridge_edit.php @@ -223,7 +223,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("Firewall"),gettext("Bridge"),gettext("Edit")); +$pgtitle = array(gettext("Interfaces"),gettext("Bridge"),gettext("Edit")); include("head.inc"); ?> diff --git a/usr/local/www/interfaces_gif_edit.php b/usr/local/www/interfaces_gif_edit.php index 6744979..74fe8ee 100644 --- a/usr/local/www/interfaces_gif_edit.php +++ b/usr/local/www/interfaces_gif_edit.php @@ -121,7 +121,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("Firewall"),gettext("GIF"),gettext("Edit")); +$pgtitle = array(gettext("Interfaces"),gettext("GIF"),gettext("Edit")); include("head.inc"); ?> diff --git a/usr/local/www/interfaces_gre_edit.php b/usr/local/www/interfaces_gre_edit.php index ca95369..08cd350 100644 --- a/usr/local/www/interfaces_gre_edit.php +++ b/usr/local/www/interfaces_gre_edit.php @@ -124,7 +124,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("Firewall"),gettext("GRE"),gettext("Edit")); +$pgtitle = array(gettext("Interfaces"),gettext("GRE"),gettext("Edit")); include("head.inc"); ?> diff --git a/usr/local/www/interfaces_lagg_edit.php b/usr/local/www/interfaces_lagg_edit.php index 09dbf51..606d06b 100644 --- a/usr/local/www/interfaces_lagg_edit.php +++ b/usr/local/www/interfaces_lagg_edit.php @@ -93,6 +93,8 @@ if ($_POST) { $lagg['descr'] = $_POST['descr']; $lagg['laggif'] = $_POST['laggif']; $lagg['proto'] = $_POST['proto']; + if (isset($id) && $a_laggs[$id]) + $lagg['laggif'] = $a_laggs[$id]['laggif']; $lagg['laggif'] = interface_lagg_configure($lagg); if ($lagg['laggif'] == "" || !stristr($lagg['laggif'], "lagg")) @@ -115,7 +117,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("Firewall"),gettext("LAGG"),gettext("Edit")); +$pgtitle = array(gettext("Interfaces"),gettext("LAGG"),gettext("Edit")); include("head.inc"); ?> diff --git a/usr/local/www/interfaces_ppps_edit.php b/usr/local/www/interfaces_ppps_edit.php index 140b998..1f3c748 100644 --- a/usr/local/www/interfaces_ppps_edit.php +++ b/usr/local/www/interfaces_ppps_edit.php @@ -54,8 +54,9 @@ if (!is_array($config['ppps']['ppp'])) $a_ppps = &$config['ppps']['ppp']; +$iflist = get_configured_interface_with_descr(); $portlist = get_interface_list(); -$portlist = array_merge($portlist, get_configured_interface_with_descr()); +$portlist = array_merge($portlist, $iflist); $id = $_GET['id']; if (isset($_POST['id'])) @@ -355,24 +356,18 @@ if ($_POST) { must be able to clear the config data in the <cron> section of config.xml if it exists */ handle_pppoe_reset($_POST); - - $iflist = get_configured_interface_list(); - foreach ($iflist as $if) { - if ($config['interfaces'][$if]['if'] == $ppp['if']){ - $thisif = $if; - break; - } - } + if (isset($id) && $a_ppps[$id]) $a_ppps[$id] = $ppp; else $a_ppps[] = $ppp; - + write_config(); configure_cron(); - - if (isset($thisif)){ - interface_ppps_configure($thisif); + + foreach ($iflist as $pppif => $ifdescr) { + if ($config['interfaces'][$if]['if'] == $ppp['if']) + interface_ppps_configure($pppif); } header("Location: interfaces_ppps.php"); exit; diff --git a/usr/local/www/interfaces_vlan_edit.php b/usr/local/www/interfaces_vlan_edit.php index ea43508..145fe0a 100755 --- a/usr/local/www/interfaces_vlan_edit.php +++ b/usr/local/www/interfaces_vlan_edit.php @@ -128,7 +128,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("Firewall"),gettext("VLAN"),gettext("Edit")); +$pgtitle = array(gettext("Interfaces"),gettext("VLAN"),gettext("Edit")); include("head.inc"); ?> diff --git a/usr/local/www/interfaces_wireless_edit.php b/usr/local/www/interfaces_wireless_edit.php index 686345d..ae56add 100644 --- a/usr/local/www/interfaces_wireless_edit.php +++ b/usr/local/www/interfaces_wireless_edit.php @@ -142,7 +142,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("Firewall"),gettext("Wireless"),gettext("Edit")); +$pgtitle = array(gettext("Interfaces"),gettext("Wireless"),gettext("Edit")); include("head.inc"); ?> diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php index 32c9463..b3485f0 100755 --- a/usr/local/www/pkg.php +++ b/usr/local/www/pkg.php @@ -238,15 +238,17 @@ if ($pkg['tabs'] <> "") { $page = 1; $tmpcount = 0; $tmppp = 0; - foreach ($evaledvar as $ipa) { - if($tmpcount == $display_maximum_rows) { - $page++; - $tmpcount = 0; + if(is_array($evaledvar)) { + foreach ($evaledvar as $ipa) { + if($tmpcount == $display_maximum_rows) { + $page++; + $tmpcount = 0; + } + if($tmppp == $startdisplayingat) + break; + $tmpcount++; + $tmppp++; } - if($tmppp == $startdisplayingat) - break; - $tmpcount++; - $tmppp++; } echo "<tr><td colspan='" . count($pkg['adddeleteeditpagefields']['columnitem']) . "'>"; echo "<table width='100%'>"; diff --git a/usr/local/www/pkg_mgr_installed.php b/usr/local/www/pkg_mgr_installed.php index 02fb8d3..78a3362 100755 --- a/usr/local/www/pkg_mgr_installed.php +++ b/usr/local/www/pkg_mgr_installed.php @@ -129,6 +129,7 @@ include("head.inc"); } } else { // unknown available package version + $pkgver = ""; if(!strcmp($pkg['version'], $latest_package)) { $tdclass = "listr"; $pkgver = $pkg['version']; diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 8d12c7c..faaeb37 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -82,6 +82,7 @@ $pconfig['radmac_secret'] = $config['captiveportal']['radmac_secret']; $pconfig['reauthenticate'] = isset($config['captiveportal']['reauthenticate']); $pconfig['reauthenticateacct'] = $config['captiveportal']['reauthenticateacct']; $pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']); +$pconfig['httpsname'] = $config['captiveportal']['httpsname']; $pconfig['preauthurl'] = strtolower($config['captiveportal']['preauthurl']); $pconfig['cert'] = base64_decode($config['captiveportal']['certificate']); $pconfig['cacert'] = base64_decode($config['captiveportal']['cacertificate']); @@ -583,7 +584,7 @@ value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td> </tr> <tr> - <td class="vncell" valign="top"><?=gettext("Radius ip attribute"); ?></td> + <td class="vncell" valign="top"><?=gettext("RADIUS NAS IP attribute"); ?></td> <td> <select name="radiussrcip_attribute" id="radiussrcip_attribute"> <?php $iflist = get_configured_interface_with_descr(); diff --git a/usr/local/www/services_captiveportal_hostname_edit.php b/usr/local/www/services_captiveportal_hostname_edit.php index b6e580a..a199341 100755 --- a/usr/local/www/services_captiveportal_hostname_edit.php +++ b/usr/local/www/services_captiveportal_hostname_edit.php @@ -133,19 +133,8 @@ if ($_POST) { write_config(); - if (isset($config['captiveportal']['enable']) && is_module_loaded("ipfw.ko")) { - $rules = ""; - $hostname = gethostbyname($oldip); - if($hostname) - for ($i = 3; $i < 10; $i++) - $rules .= "table {$i} delete {$hostname}\n"; - $hostname = gethostbyname($ip); - if(is_ipaddr($hostname)) - $rules .= captiveportal_allowedip_configure_entry($hostname); - file_put_contents("{$g['tmp_path']}/allowedhostname_tmp{$id}", $rules); - mwexec("/sbin/ipfw -q {$g['tmp_path']}/allowedhostname_tmp{$id}"); - @unlink("{$g['tmp_path']}/allowedhostname_tmp{$id}"); - } + if (isset($config['captiveportal']['enable']) && is_module_loaded("ipfw.ko")) + captiveportal_init_rules(); header("Location: services_captiveportal_hostname.php"); exit; diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php index cddc8e0..ecde99b 100755 --- a/usr/local/www/services_dhcp_edit.php +++ b/usr/local/www/services_dhcp_edit.php @@ -150,8 +150,8 @@ if ($_POST) { if ($_POST['ipaddr']) { $dynsubnet_start = ip2ulong($config['dhcpd'][$if]['range']['from']); $dynsubnet_end = ip2ulong($config['dhcpd'][$if]['range']['to']); - if ((ip2ulong($_POST['ipaddr']) > $dynsubnet_start) && - (ip2ulong($_POST['ipaddr']) < $dynsubnet_end)) { + if ((ip2ulong($_POST['ipaddr']) >= $dynsubnet_start) && + (ip2ulong($_POST['ipaddr']) <= $dynsubnet_end)) { $input_errors[] = sprintf(gettext("The IP address must not be within the DHCP range for this interface.")); } diff --git a/usr/local/www/services_dnsmasq.php b/usr/local/www/services_dnsmasq.php index 4535f6b..defb275 100755 --- a/usr/local/www/services_dnsmasq.php +++ b/usr/local/www/services_dnsmasq.php @@ -28,7 +28,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* +/* pfSense_MODULE: dnsforwarder */ @@ -44,18 +44,18 @@ require_once("functions.inc"); require_once("filter.inc"); require_once("shaper.inc"); -$pconfig['enable'] = isset($config['dnsmasq']['enable']); +$pconfig['enable'] = isset($config['dnsmasq']['enable']); $pconfig['regdhcp'] = isset($config['dnsmasq']['regdhcp']); $pconfig['regdhcpstatic'] = isset($config['dnsmasq']['regdhcpstatic']); -if (!is_array($config['dnsmasq']['hosts'])) +if (!is_array($config['dnsmasq']['hosts'])) $config['dnsmasq']['hosts'] = array(); -if (!is_array($config['dnsmasq']['domainoverrides'])) - $config['dnsmasq']['domainoverrides'] = array(); +if (!is_array($config['dnsmasq']['domainoverrides'])) + $config['dnsmasq']['domainoverrides'] = array(); -$a_hosts = &$config['dnsmasq']['hosts']; +$a_hosts = &$config['dnsmasq']['hosts']; $a_domainOverrides = &$config['dnsmasq']['domainoverrides']; if ($_POST) { @@ -80,24 +80,24 @@ if ($_POST) { } if ($_GET['act'] == "del") { - if ($_GET['type'] == 'host') { - if ($a_hosts[$_GET['id']]) { - unset($a_hosts[$_GET['id']]); - write_config(); + if ($_GET['type'] == 'host') { + if ($a_hosts[$_GET['id']]) { + unset($a_hosts[$_GET['id']]); + write_config(); mark_subsystem_dirty('hosts'); - header("Location: services_dnsmasq.php"); - exit; - } - } - elseif ($_GET['type'] == 'doverride') { - if ($a_domainOverrides[$_GET['id']]) { - unset($a_domainOverrides[$_GET['id']]); - write_config(); + header("Location: services_dnsmasq.php"); + exit; + } + } + elseif ($_GET['type'] == 'doverride') { + if ($a_domainOverrides[$_GET['id']]) { + unset($a_domainOverrides[$_GET['id']]); + write_config(); mark_subsystem_dirty('hosts'); - header("Location: services_dnsmasq.php"); - exit; - } - } + header("Location: services_dnsmasq.php"); + exit; + } + } } $pgtitle = array(gettext("Services"),gettext("DNS forwarder")); @@ -123,157 +123,173 @@ function enable_change(enable_over) { <?php if (is_subsystem_dirty('hosts')): ?><p> <?php print_info_box_np(gettext("The DNS forwarder configuration has been changed") . ".<br>" . gettext("You must apply the changes in order for them to take effect."));?><br> <?php endif; ?> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="vtable"><p> - <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable'] == "yes") echo "checked";?> onClick="enable_change(false)"> - <strong><?=gettext("Enable DNS forwarder");?><br> - </strong></p></td> - </tr> - <tr> - <td class="vtable"><p> - <input name="regdhcp" type="checkbox" id="regdhcp" value="yes" <?php if ($pconfig['regdhcp'] == "yes") echo "checked";?>> - <strong><?=gettext("Register DHCP leases in DNS forwarder");?><br> - </strong><?php printf(gettext("If this option is set, then machines that specify". - " their hostname when requesting a DHCP lease will be registered". - " in the DNS forwarder, so that their name can be resolved.". - " You should also set the domain in %sSystem:". - " General setup%s to the proper value."),'<a href="system.php">','</a>')?></p> - </td> - </tr> - <tr> - <td class="vtable"><p> - <input name="regdhcpstatic" type="checkbox" id="regdhcpstatic" value="yes" <?php if ($pconfig['regdhcpstatic'] == "yes") echo "checked";?>> - <strong><?=gettext("Register DHCP static mappings in DNS forwarder");?><br> - </strong><?php printf(gettext("If this option is set, then DHCP static mappings will ". - "be registered in the DNS forwarder, so that their name can be ". - "resolved. You should also set the domain in %s". - "System: General setup%s to the proper value."),'<a href="system.php">','</a>');?></p> - </td> - </tr> - <tr> - <td> <input name="submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onclick="enable_change(true)"> - </td> - </tr> - <tr> - <td><p><span class="vexpl"><span class="red"><strong><?=gettext("Note:");?><br> - </strong></span><?php printf(gettext("If the DNS forwarder is enabled, the DHCP". - " service (if enabled) will automatically serve the LAN IP". - " address as a DNS server to DHCP clients so they will use". - " the forwarder. The DNS forwarder will use the DNS servers". - " entered in %sSystem: General setup%s". - " or those obtained via DHCP or PPP on WAN if the "Allow". - " DNS server list to be overridden by DHCP/PPP on WAN"". - " is checked. If you don't use that option (or if you use". - " a static IP address on WAN), you must manually specify at". - " least one DNS server on the %sSystem:". - "General setup%s page."),'<a href="system.php">','</a>','<a href="system.php">','</a>');?><br> - <br> - <?=gettext("You may enter records that override the results from the". - " forwarders below.");?></span></p></td> - </tr> - </table> - <br> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="20%" class="listhdrr"><?=gettext("Host");?></td> - <td width="25%" class="listhdrr"><?=gettext("Domain");?></td> - <td width="20%" class="listhdrr"><?=gettext("IP");?></td> - <td width="25%" class="listhdr"><?=gettext("Description");?></td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="services_dnsmasq_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> +<table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td class="vtable"><p> + <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable'] == "yes") echo "checked";?> onClick="enable_change(false)"> + <strong><?=gettext("Enable DNS forwarder");?><br> + </strong></p></td> </tr> - <?php $i = 0; foreach ($a_hosts as $hostent): ?> - <tr> - <td class="listlr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';"> - <?=strtolower($hostent['host']);?> - </td> - <td class="listr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';"> - <?=strtolower($hostent['domain']);?> - </td> - <td class="listr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';"> - <?=$hostent['ip'];?> - </td> - <td class="listbg" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';"> - <?=htmlspecialchars($hostent['descr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="services_dnsmasq_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="services_dnsmasq.php?type=host&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this host?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </tr> - <?php $i++; endforeach; ?> - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="services_dnsmasq_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </table> -<!-- update to enable domain overrides --> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr><td> </td></tr> - <tr> - <td><p><?=gettext("Below you can override an entire domain by specifying an". - " authoritative DNS server to be queried for that domain.");?></p></td> - </tr> - </table> - <br> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="35%" class="listhdrr"><?=gettext("Domain");?></td> - <td width="20%" class="listhdrr"><?=gettext("IP");?></td> - <td width="35%" class="listhdr"><?=gettext("Description");?></td> - <td width="10%" class="list"> + <tr> + <td class="vtable"><p> + <input name="regdhcp" type="checkbox" id="regdhcp" value="yes" <?php if ($pconfig['regdhcp'] == "yes") echo "checked";?>> + <strong><?=gettext("Register DHCP leases in DNS forwarder");?><br> + </strong><?php printf(gettext("If this option is set, then machines that specify". + " their hostname when requesting a DHCP lease will be registered". + " in the DNS forwarder, so that their name can be resolved.". + " You should also set the domain in %sSystem:". + " General setup%s to the proper value."),'<a href="system.php">','</a>')?></p> + </td> + </tr> + <tr> + <td class="vtable"><p> + <input name="regdhcpstatic" type="checkbox" id="regdhcpstatic" value="yes" <?php if ($pconfig['regdhcpstatic'] == "yes") echo "checked";?>> + <strong><?=gettext("Register DHCP static mappings in DNS forwarder");?><br> + </strong><?php printf(gettext("If this option is set, then DHCP static mappings will ". + "be registered in the DNS forwarder, so that their name can be ". + "resolved. You should also set the domain in %s". + "System: General setup%s to the proper value."),'<a href="system.php">','</a>');?></p> + </td> + </tr> + <tr> + <td> + <input name="submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onclick="enable_change(true)"> + </td> + </tr> + <tr> + <td> + <p><span class="vexpl"><span class="red"><strong><?=gettext("Note:");?><br> + </strong></span><?php printf(gettext("If the DNS forwarder is enabled, the DHCP". + " service (if enabled) will automatically serve the LAN IP". + " address as a DNS server to DHCP clients so they will use". + " the forwarder. The DNS forwarder will use the DNS servers". + " entered in %sSystem: General setup%s". + " or those obtained via DHCP or PPP on WAN if the "Allow". + " DNS server list to be overridden by DHCP/PPP on WAN"". + " is checked. If you don't use that option (or if you use". + " a static IP address on WAN), you must manually specify at". + " least one DNS server on the %sSystem:". + "General setup%s page."),'<a href="system.php">','</a>','<a href="system.php">','</a>');?><br> + <br> + <?=gettext("You may enter records that override the results from the". + " forwarders below.");?></span></p> + </td> + </tr> +</table> + <br> +<table width="100%" border="0" cellpadding="0" cellspacing="0" class="sortable"> + <thead> + <tr> + <td width="20%" class="listhdrr"><?=gettext("Host");?></td> + <td width="25%" class="listhdrr"><?=gettext("Domain");?></td> + <td width="20%" class="listhdrr"><?=gettext("IP");?></td> + <td width="25%" class="listhdr"><?=gettext("Description");?></td> + <td width="10%" class="list"> <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17" heigth="17"></td> - <td><a href="services_dnsmasq_domainoverride_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> + <tr> + <td width="17"></td> + <td valign="middle"><a href="services_dnsmasq_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + </tr> </table> - </td> - </tr> - <?php $i = 0; foreach ($a_domainOverrides as $doment): ?> - <tr> - <td class="listlr"> - <?=strtolower($doment['domain']);?> - </td> - <td class="listr"> - <?=$doment['ip'];?> - </td> - <td class="listbg"> - <?=htmlspecialchars($doment['descr']);?> - </td> - <td valign="middle" nowrap class="list"> <a href="services_dnsmasq_domainoverride_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a> - <a href="services_dnsmasq.php?act=del&type=doverride&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this domain override?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - <?php $i++; endforeach; ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> + </td> + </tr> + </thead> + <tbody> + <?php $i = 0; foreach ($a_hosts as $hostent): ?> + <tr> + <td class="listlr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';"> + <?=strtolower($hostent['host']);?> + </td> + <td class="listr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';"> + <?=strtolower($hostent['domain']);?> + </td> + <td class="listr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';"> + <?=$hostent['ip'];?> + </td> + <td class="listbg" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';"> + <?=htmlspecialchars($hostent['descr']);?> + </td> + <td valign="middle" nowrap class="list"> <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17" heigth="17"></td> - <td><a href="services_dnsmasq_domainoverride_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> + <tr> + <td valign="middle"><a href="services_dnsmasq_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> + <td><a href="services_dnsmasq.php?type=host&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this host?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </tr> + <?php $i++; endforeach; ?> + </tbody> + <tfoot> + <tr> + <td class="list" colspan="4"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td width="17"></td> + <td valign="middle"><a href="services_dnsmasq_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + </tr> </table> - </td> - </tr> - </table> - </form> + </td> + </tr> + </tfoot> +</table> +<!-- update to enable domain overrides --> +<table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr><td> </td></tr> + <tr> + <td><p><?=gettext("Below you can override an entire domain by specifying an". + " authoritative DNS server to be queried for that domain.");?></p></td> + </tr> +</table> + <br> +<table width="100%" border="0" cellpadding="0" cellspacing="0" class="sortable"> + <thead> + <tr> + <td width="35%" class="listhdrr"><?=gettext("Domain");?></td> + <td width="20%" class="listhdrr"><?=gettext("IP");?></td> + <td width="35%" class="listhdr"><?=gettext("Description");?></td> + <td width="10%" class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td width="17" heigth="17"></td> + <td><a href="services_dnsmasq_domainoverride_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> + </thead> + <tbody> + <?php $i = 0; foreach ($a_domainOverrides as $doment): ?> + <tr> + <td class="listlr"> + <?=strtolower($doment['domain']);?> + </td> + <td class="listr"> + <?=$doment['ip'];?> + </td> + <td class="listbg"> + <?=htmlspecialchars($doment['descr']);?> + </td> + <td valign="middle" nowrap class="list"> <a href="services_dnsmasq_domainoverride_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a> + <a href="services_dnsmasq.php?act=del&type=doverride&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this domain override?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> + </tr> + <?php $i++; endforeach; ?> + </tbody> + <tfoot> + <tr> + <td class="list" colspan="3"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td width="17" heigth="17"></td> + <td><a href="services_dnsmasq_domainoverride_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> + </tfoot> +</table> +</form> <script language="JavaScript"> <!-- enable_change(false); diff --git a/usr/local/www/services_dyndns_edit.php b/usr/local/www/services_dyndns_edit.php index 9ff0f22..f2a3072 100644 --- a/usr/local/www/services_dyndns_edit.php +++ b/usr/local/www/services_dyndns_edit.php @@ -76,16 +76,15 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; + + if(($pconfig['type'] == "freedns" || $pconfig['type'] == "namecheap") && $_POST['username'] == "") + $_POST['username'] = "none"; /* input validation */ $reqdfields = array(); $reqdfieldsn = array(); - $reqdfields = array("host", "password", "type"); - $reqdfieldsn = array(gettext("Hostname"),gettext("Password"),gettext("Service type")); - if ($pconfig['type'] != "namecheap") { - $reqdfields[] = "username"; - $reqdfieldsn[] = gettext("Username"); - } + $reqdfields = array("host", "username", "password", "type"); + $reqdfieldsn = array(gettext("Hostname"),gettext("Username"),gettext("Password"),gettext("Service type")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); @@ -105,6 +104,9 @@ if ($_POST) { $dyndns['enable'] = $_POST['enable'] ? false : true; $dyndns['interface'] = $_POST['interface']; $dyndns['descr'] = $_POST['descr']; + + if($dyndns['username'] == "none") + $dyndns['username'] = ""; if (isset($id) && $a_dyndns[$id]) $a_dyndns[$id] = $dyndns; @@ -217,6 +219,8 @@ include("head.inc"); <td width="22%" valign="top" class="vncellreq"><?=gettext("Password");?></td> <td width="78%" class="vtable"> <input name="password" type="password" class="formfld pwd" id="password" size="20" value="<?=htmlspecialchars($pconfig['password']);?>"> + <br/> + <?=gettext("FreeDNS (freedns.afraid.org): Enter your \"Authentication Token\" provided by FreeDNS.");?> </td> </tr> <tr> diff --git a/usr/local/www/services_wol.php b/usr/local/www/services_wol.php index e3c5b7d..cdc3e6a 100755 --- a/usr/local/www/services_wol.php +++ b/usr/local/www/services_wol.php @@ -54,15 +54,15 @@ if($_GET['wakeall'] <> "") { $mac = $wolent['mac']; $if = $wolent['interface']; $description = $wolent['descr']; - $bcip = gen_subnet_max(get_interface_ip($if), - get_interface_subnet($if)); + $ipaddr = get_interface_ip($if); + if (!is_ipaddr($ipaddr)) + continue; + $bcip = gen_subnet_max($ipaddr, get_interface_subnet($if)); /* Execute wol command and check return code. */ - if(!mwexec("/usr/local/bin/wol -i {$bcip} {$mac}")){ + if (!mwexec("/usr/local/bin/wol -i {$bcip} {$mac}")) $savemsg .= sprintf(gettext('Sent magic packet to %1$s (%2$s)%3$s'),$mac, $description, ".<br>"); - } - else { + else $savemsg .= sprintf(gettext('Please check the %1$ssystem log%2$s, the wol command for %3$s (%4$s) did not complete successfully%5$s'),'<a href="/diag_logs.php">','</a>',$description,$mac,".<br>"); - } } } @@ -89,14 +89,16 @@ if ($_POST || $_GET['mac']) { if (!$input_errors) { /* determine broadcast address */ - $bcip = gen_subnet_max(get_interface_ip($if), - get_interface_subnet($if)); - /* Execute wol command and check return code. */ - if(!mwexec("/usr/local/bin/wol -i {$bcip} {$mac}")){ - $savemsg .= sprintf(gettext("Sent magic packet to %s."),$mac); - } + $ipaddr = get_interface_ip($if); + if (!is_ipaddr($ipaddr)) + $input_errors[] = gettext("A valid ip could not be found!"); else { - $savemsg .= sprintf(gettext('Please check the %1$ssystem log%2$s, the wol command for %3$s did not complete successfully%4$s'),'<a href="/diag_logs.php">', '</a>', $mac, ".<br>"); + $bcip = gen_subnet_max($ipaddr, get_interface_subnet($if)); + /* Execute wol command and check return code. */ + if(!mwexec("/usr/local/bin/wol -i {$bcip} {$mac}")) + $savemsg .= sprintf(gettext("Sent magic packet to %s."),$mac); + else + $savemsg .= sprintf(gettext('Please check the %1$ssystem log%2$s, the wol command for %3$s did not complete successfully%4$s'),'<a href="/diag_logs.php">', '</a>', $mac, ".<br>"); } } } diff --git a/usr/local/www/stats.php b/usr/local/www/stats.php index 54e5ef6..3ce8096 100644 --- a/usr/local/www/stats.php +++ b/usr/local/www/stats.php @@ -28,11 +28,19 @@ POSSIBILITY OF SUCH DAMAGE. */ -require("includes/functions.inc.php"); +##|+PRIV +##|*IDENT=page-diagnostics-cpuutilization +##|*NAME=Diagnostics: CPU Utilization page +##|*DESCR=Allow access to the 'Diagnostics: CPU Utilization' page. +##|*MATCH=stats.php* +##|-PRIV + +require_once("guiconfig.inc"); +require_once("includes/functions.inc.php"); $cpu = cpu_usage(); echo $cpu; exit; -?>
\ No newline at end of file +?> diff --git a/usr/local/www/status_captiveportal.php b/usr/local/www/status_captiveportal.php index 9560041..8913367 100755 --- a/usr/local/www/status_captiveportal.php +++ b/usr/local/www/status_captiveportal.php @@ -81,9 +81,10 @@ $concurrent = count($cpcontents); foreach ($cpcontents as $cpcontent) { $cpent = explode(",", $cpcontent); + $sessionid = $cpent[5]; if ($_GET['showact']) $cpent[5] = captiveportal_get_last_activity($cpent[2]); - $cpdb[] = $cpent; + $cpdb[$sessionid] = $cpent; } if ($_GET['order']) { if ($_GET['order'] == "ip") @@ -131,7 +132,7 @@ if ($_GET['order']) { <?php endif; ?> <td class="list sort_ignore"></td> </tr> -<?php foreach ($cpdb as $cpent): ?> +<?php foreach ($cpdb as $sid => $cpent): ?> <tr> <td class="listlr"><?=$cpent[2];?></td> <td class="listr"><?=$cpent[3];?> </td> @@ -141,7 +142,7 @@ if ($_GET['order']) { <td class="listr"><?php if ($cpent[5]) echo htmlspecialchars(date("m/d/Y H:i:s", $cpent[5]));?></td> <?php endif; ?> <td valign="middle" class="list" nowrap> - <a href="?order=<?=$_GET['order'];?>&showact=<?=htmlspecialchars($_GET['showact']);?>&act=del&id=<?=$cpent[1];?>" onclick="return confirm('<?=gettext("Do you really want to disconnect this client?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("Disconnect");?>"></a></td> + <a href="?order=<?=$_GET['order'];?>&showact=<?=htmlspecialchars($_GET['showact']);?>&act=del&id=<?=$sid;?>" onclick="return confirm('<?=gettext("Do you really want to disconnect this client?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("Disconnect");?>"></a></td> </tr> <?php endforeach; ?> </table> diff --git a/usr/local/www/status_filter_reload.php b/usr/local/www/status_filter_reload.php index ddd57ca..aa6348b 100644 --- a/usr/local/www/status_filter_reload.php +++ b/usr/local/www/status_filter_reload.php @@ -50,12 +50,12 @@ if($_GET['getstatus']) { echo "|{$status}|"; exit; } -if($_GET['reloadfilter']) { +if($_POST['reloadfilter']) { send_event("filter reload"); header("Location: status_filter_reload.php"); exit; } -if($_GET['syncfilter']) { +if($_POST['syncfilter']) { send_event("filter sync"); header("Location: status_filter_reload.php"); exit; @@ -68,11 +68,13 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <br/> -<a href="/status_filter_reload.php?reloadfilter=true"><input type="button" value="Reload Filter" id="reloadfilter"></a> -<?php if ($config["installedpackages"]["carpsettings"]["config"][0]["pfsyncpeerip"] != ""): ?> +<form action="status_filter_reload.php" method="POST" name="filter"> +<input type="submit" value="Reload Filter" name="reloadfilter" id="reloadfilter"> +<?php if (is_array($config["installedpackages"]["carpsettings"]["config"][0]) && $config["installedpackages"]["carpsettings"]["config"][0]["pfsyncpeerip"] != ""): ?> -<a href="/status_filter_reload.php?syncfilter=true"><input type="button" value="Force Config Sync" id="syncfilter"></a> +<input type="submit" value="Force Config Sync" name="syncfilter" id="syncfilter"> <? endif; ?> +</form> <br/><br/><br/> <div id="status" name="status" style="padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000;"> <?php echo $status; ?> diff --git a/usr/local/www/status_rrd_graph_img.php b/usr/local/www/status_rrd_graph_img.php index 34040db..8af6e7d 100644 --- a/usr/local/www/status_rrd_graph_img.php +++ b/usr/local/www/status_rrd_graph_img.php @@ -194,6 +194,7 @@ if(file_exists($rrdcolors)) { log_error(sprintf(gettext("rrdcolors.inc.php for theme %s does not exist, using defaults!"),$g['theme'])); $colortrafficup = array("666666", "CCCCCC"); $colortrafficdown = array("990000", "CC0000"); + $colortraffic95 = array("660000", "FF0000"); $colorpacketsup = array("666666", "CCCCCC"); $colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); @@ -313,23 +314,33 @@ if((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdatabas $graphcmd .= "CDEF:\"$curif-bytes_t_block=$curif-bytes_in_t_block,$curif-bytes_out_t_block,+\" "; $graphcmd .= "CDEF:\"$curif-bytes_t=$curif-bytes_in_t_pass,$curif-bytes_out_t_block,+\" "; + $graphcmd .= "VDEF:\"$curif-in_bits_95=$curif-in_bits,95,PERCENT\" "; + $graphcmd .= "VDEF:\"$curif-out_bits_95=$curif-out_bits,95,PERCENT\" "; + $graphcmd .= "AREA:\"$curif-in_bits_block#{$colortrafficdown[1]}:$curif-in-block\" "; $graphcmd .= "AREA:\"$curif-in_bits_pass#{$colortrafficdown[0]}:$curif-in-pass:STACK\" "; $graphcmd .= "{$AREA}:\"$curif-out_bits_block_neg#{$colortrafficup[1]}:$curif-out-block\" "; $graphcmd .= "{$AREA}:\"$curif-out_bits_pass_neg#{$colortrafficup[0]}:$curif-out-pass:STACK\" "; + $graphcmd .= "HRULE:\"$curif-in_bits_95#{$colortraffic95[1]}:$curif-in (95%)\" "; + $graphcmd .= "HRULE:\"$curif-out_bits_95#{$colortraffic95[0]}:$curif-out (95%)\" "; + $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t maximum average current period\\n\" "; + $graphcmd .= "COMMENT:\"\t\t maximum average current period 95th percentile\\n\" "; + $graphcmd .= "COMMENT:\"in-pass\t\" "; $graphcmd .= "GPRINT:\"$curif-in_bits_pass:MAX:%7.2lf %sb/s\" "; $graphcmd .= "GPRINT:\"$curif-in_bits_pass:AVERAGE:%7.2lf %Sb/s\" "; $graphcmd .= "GPRINT:\"$curif-in_bits_pass:LAST:%7.2lf %Sb/s\" "; $graphcmd .= "GPRINT:\"$curif-bytes_in_t_pass:AVERAGE:%7.2lf %sB i\" "; + $graphcmd .= "GPRINT:\"$curif-in_bits_95:%7.2lf %sb/s\" "; + $graphcmd .= "COMMENT:\"\\n\" "; $graphcmd .= "COMMENT:\"out-pass\t\" "; $graphcmd .= "GPRINT:\"$curif-out_bits_pass:MAX:%7.2lf %sb/s\" "; $graphcmd .= "GPRINT:\"$curif-out_bits_pass:AVERAGE:%7.2lf %Sb/s\" "; $graphcmd .= "GPRINT:\"$curif-out_bits_pass:LAST:%7.2lf %Sb/s\" "; $graphcmd .= "GPRINT:\"$curif-bytes_out_t_pass:AVERAGE:%7.2lf %sB o\" "; + $graphcmd .= "GPRINT:\"$curif-out_bits_95:%7.2lf %sb/s\" "; $graphcmd .= "COMMENT:\"\\n\" "; $graphcmd .= "COMMENT:\"in-block\t\" "; $graphcmd .= "GPRINT:\"$curif-in_bits_block:MAX:%7.2lf %sb/s\" "; diff --git a/usr/local/www/system_advanced_admin.php b/usr/local/www/system_advanced_admin.php index 7b4b8e3..e23ceb0 100644 --- a/usr/local/www/system_advanced_admin.php +++ b/usr/local/www/system_advanced_admin.php @@ -62,6 +62,7 @@ $pconfig['enableserial'] = $config['system']['enableserial']; $pconfig['enablesshd'] = $config['system']['enablesshd']; $pconfig['sshport'] = $config['system']['ssh']['port']; $pconfig['sshdkeyonly'] = isset($config['system']['ssh']['sshdkeyonly']); +$pconfig['quietlogin'] = isset($config['system']['webgui']['quietlogin']); $a_cert =& $config['cert']; @@ -117,6 +118,11 @@ if ($_POST) { unset($config['system']['webgui']['disablehttpredirect']); $restart_webgui = true; } + if ($_POST['quietlogin'] == "yes") { + $config['system']['webgui']['quietlogin'] = true; + } else { + unset($config['system']['webgui']['quietlogin']); + } if($_POST['disableconsolemenu'] == "yes") { $config['system']['disableconsolemenu'] = true; @@ -315,13 +321,24 @@ function prot_change() { <input name="disablehttpredirect" type="checkbox" id="disablehttpredirect" value="yes" <?php if ($pconfig['disablehttpredirect']) echo "checked"; ?> /> <strong><?=gettext("Disable webConfigurator redirect rule"); ?></strong> <br/> - <?php gettext("When this is unchecked, access to the webConfigurator " . + <?php echo gettext("When this is unchecked, access to the webConfigurator " . "is always permitted even on port 80, regardless of the listening port configured." . "Check this box to disable this automatically added redirect rule. "); ?> </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("WebGUI login messages"); ?></td> + <td width="78%" class="vtable"> + <input name="quietlogin" type="checkbox" id="quietlogin" value="yes" <?php if ($pconfig['quietlogin']) echo "checked"; ?> /> + <strong><?=gettext("Disable webConfigurator successful logins"); ?></strong> + <br/> + <?php echo gettext("When this is checked, successful logins to the webConfigurator " . + "will not be logged."); + ?> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Anti-lockout"); ?></td> <td width="78%" class="vtable"> <?php diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php index 38d12c1..8165922 100644 --- a/usr/local/www/system_advanced_firewall.php +++ b/usr/local/www/system_advanced_firewall.php @@ -56,6 +56,7 @@ $pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout']; $pconfig['optimization'] = $config['filter']['optimization']; $pconfig['maximumstates'] = $config['system']['maximumstates']; $pconfig['maximumtableentries'] = $config['system']['maximumtableentries']; +$pconfig['disablereplyto'] = isset($config['system']['disablereplyto']); $pconfig['disablenatreflection'] = $config['system']['disablenatreflection']; if (!isset($config['system']['enablebinatreflection'])) $pconfig['disablebinatreflection'] = "yes"; @@ -124,6 +125,11 @@ if ($_POST) { else $config['system']['enablebinatreflection'] = "yes"; + if($_POST['disablereplyto'] == "yes") + $config['system']['disablereplyto'] = $_POST['disablereplyto']; + else + unset($config['system']['disablereplyto']); + if($_POST['enablenatreflectionhelper'] == "yes") $config['system']['enablenatreflectionhelper'] = "yes"; else @@ -325,6 +331,17 @@ function update_description(itemnum) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Disable reply-to</td> + <td width="78%" class="vtable"> + <input name="disablereplyto" type="checkbox" id="disablereplyto" value="yes" <?php if ($pconfig['disablereplyto']) echo "checked"; ?> /> + <strong><?=gettext("Disable reply-to on WAN rules");?></strong> + <br /> + <?=gettext("With Multi-WAN you generally want to ensure traffic leaves the same interface it arrives on, hence reply-to is added automatically by default. " . + "When using bridging, you must disable this behavior if the WAN gateway IP is different from the gateway IP of the hosts behind the bridged interface.");?> + <br /> + </td> + </tr> + <tr> <td colspan="2" class="list" height="12"> </td> </tr> <?php if(count($config['interfaces']) > 1): ?> diff --git a/usr/local/www/system_advanced_sysctl.php b/usr/local/www/system_advanced_sysctl.php index 4cd279a..d2b796f 100644 --- a/usr/local/www/system_advanced_sysctl.php +++ b/usr/local/www/system_advanced_sysctl.php @@ -124,7 +124,7 @@ if ($_POST) { include("head.inc"); -$pgtitle = array(gettext("System"),gettext("Advanced: Miscellaneous")); +$pgtitle = array(gettext("System"),gettext("Advanced: System Tunables")); include("head.inc"); ?> diff --git a/usr/local/www/system_firmware_auto.php b/usr/local/www/system_firmware_auto.php index 06a9eb1..2daa6a2 100755 --- a/usr/local/www/system_firmware_auto.php +++ b/usr/local/www/system_firmware_auto.php @@ -136,6 +136,7 @@ if ($g['platform'] == "nanobsd") { $nanosize .= strtolower(trim(file_get_contents("/etc/nanosize.txt"))); } +@unlink("/tmp/{$g['product_name']}_version"); download_file_with_progress_bar("{$updater_url}/version{$nanosize}", "/tmp/{$g['product_name']}_version"); $latest_version = str_replace("\n", "", @file_get_contents("/tmp/{$g['product_name']}_version")); if(!$latest_version) { diff --git a/usr/local/www/system_firmware_check.php b/usr/local/www/system_firmware_check.php index cb80b6a..25d3095 100755 --- a/usr/local/www/system_firmware_check.php +++ b/usr/local/www/system_firmware_check.php @@ -131,8 +131,8 @@ if ($g['platform'] == "nanobsd") { $nanosize .= strtolower(trim(file_get_contents("/etc/nanosize.txt"))); } -download_file_with_progress_bar("{$updater_url}/version{$nanosize}", "/tmp/{$g['product_name']}_version"); -$remote_version = trim(@file_get_contents("/tmp/{$g['product_name']}_version")); +if(download_file_with_progress_bar("{$updater_url}/version{$nanosize}", "/tmp/{$g['product_name']}_version", 'read_body', 5, 5) === true) + $remote_version = trim(@file_get_contents("/tmp/{$g['product_name']}_version")); $static_text .= gettext("done") . "\\n"; if (!$remote_version) { $static_text .= gettext("Unable to check for updates.") . "\\n"; diff --git a/usr/local/www/system_firmware_settings.php b/usr/local/www/system_firmware_settings.php index ea3c215..ebdebef 100755 --- a/usr/local/www/system_firmware_settings.php +++ b/usr/local/www/system_firmware_settings.php @@ -157,14 +157,14 @@ function enable_altfirmwareurl(enable_over) { <td colspan="2" valign="top" class="listtopic"><?=gettext("Updates"); ?></td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Not signed images."); ?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("Unsigned images"); ?></td> <td width="78%" class="vtable"> <input name="allowinvalidsig" type="checkbox" id="allowinvalidsig" value="yes" <?php if (isset($curcfg['allowinvalidsig'])) echo "checked"; ?> /> <br /> - <?=gettext("Allow updating the system with auto-updater and images with no signature."); ?> + <?=gettext("Allow auto-update firmware images with a missing or invalid digital signature to be used."); ?> </td> </tr> -<?php if(file_exists("/usr/local/bin/git")): ?> +<?php if(file_exists("/usr/local/bin/git") && $g['platform'] == "pfSense"): ?> <tr> <td colspan="2" class="list" height="12"> </td> </tr> @@ -179,18 +179,53 @@ function enable_altfirmwareurl(enable_over) { <?=gettext("After updating, sync with the following repository/branch before reboot."); ?> </td> </tr> +<?php + if(is_dir("/root/pfsense/pfSenseGITREPO/pfSenseGITREPO")) { + exec("cd /root/pfsense/pfSenseGITREPO/pfSenseGITREPO && git config remote.origin.url", $output_str); + if(is_array($output_str) && !empty($output_str[0])) + $lastrepositoryurl = $output_str[0]; + unset($output_str); + } +?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Repository URL"); ?></td> <td width="78%" class="vtable"> <input name="repositoryurl" type="input" class="formfld url" id="repositoryurl" size="64" value="<?php if ($gitcfg['repositoryurl']) echo $gitcfg['repositoryurl']; ?>"> +<?php if($lastrepositoryurl): ?> + <br /> + <?=sprintf(gettext("The most recently used repository was %s"), $lastrepositoryurl); ?> + <br /> + <?=gettext("This will be used if the field is left blank."); ?> +<?php endif; ?> </td> </tr> +<?php + if(is_dir("/root/pfsense/pfSenseGITREPO/pfSenseGITREPO")) { + exec("cd /root/pfsense/pfSenseGITREPO/pfSenseGITREPO && git branch", $output_str); + if(is_array($output_str)) { + foreach($output_str as $output_line) { + if(strstr($output_line, '* ')) { + $lastbranch = substr($output_line, 2); + break; + } + } + } + unset($output_str); + } +?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Branch name"); ?></td> <td width="78%" class="vtable"> <input name="branch" type="input" class="formfld unknown" id="branch" size="64" value="<?php if ($gitcfg['branch']) echo $gitcfg['branch']; ?>"> +<?php if($lastbranch): ?> + <br /> + <?=sprintf(gettext("The most recently used branch was %s"), $lastbranch); ?> +<?php else: ?> + <br /> + <?=gettext("Usually the branch name is master"); ?> +<?php endif; ?> <br /> - <?=gettext("Sync will not be performed if a branch is not specified."); ?> + <?=gettext("Note: Sync will not be performed if a branch is not specified."); ?> </td> </tr> <?php endif; ?> diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index 9256c40..6b1a81b 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -205,6 +205,9 @@ if (isAllowedPage("system_usermanager")) { if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) $input_errors[] = gettext("The username contains invalid characters."); + if (strlen($_POST['usernamefld']) > 16) + $input_errors[] = gettext("The username is longer than 16 characters."); + if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) $input_errors[] = gettext("The passwords do not match."); @@ -478,7 +481,7 @@ function sshkeyClicked(obj) { <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td> <td width="78%" class="vtable"> - <input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?=$ro;?>/> + <input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" maxlength="16" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?=$ro;?>/> <input name="oldusername" type="hidden" id="oldusername" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" /> </td> </tr> diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index d9017c4..f8269ad 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -64,10 +64,11 @@ if ($_POST) { if (!$input_errors) { if ($_POST['authmode'] != "local") { $authsrv = auth_get_authserver($_POST['authmode']); - if ($_POST['savetest'] && $authsrv['type'] == "ldap") - $save_and_test = true; - else - $savemsg = gettext("The test was not performed becuase it is supported only for ldap based backends."); + if ($_POST['savetest']) + if ($authsrv['type'] == "ldap") + $save_and_test = true; + else + $savemsg = gettext("The test was not performed because it is supported only for ldap based backends."); } diff --git a/usr/local/www/themes/code-red/rrdcolors.inc.php b/usr/local/www/themes/code-red/rrdcolors.inc.php index cdaff68..869727f 100755 --- a/usr/local/www/themes/code-red/rrdcolors.inc.php +++ b/usr/local/www/themes/code-red/rrdcolors.inc.php @@ -32,6 +32,7 @@ $colortrafficup = array("666666", "CCCCCC"); $colortrafficdown = array("990000", "CC0000"); +$colortraffic95 = array("660000", "FF0000"); $colorpacketsup = array("666666", "CCCCCC"); $colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); @@ -47,5 +48,6 @@ $colorwireless = array('990000','a83c3c','b36666'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); $colorvpnusers = array('990000'); +$colorcaptiveportalusers = array('990000'); ?> diff --git a/usr/local/www/themes/metallic/rrdcolors.inc.php b/usr/local/www/themes/metallic/rrdcolors.inc.php index 8e74545..09956cc 100644 --- a/usr/local/www/themes/metallic/rrdcolors.inc.php +++ b/usr/local/www/themes/metallic/rrdcolors.inc.php @@ -32,6 +32,7 @@ $colortrafficup = array("666666", "CCCCCC"); $colortrafficdown = array("990000", "CC0000"); +$colortraffic95 = array("660000", "FF0000"); $colorpacketsup = array("666666", "CCCCCC"); $colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); @@ -47,5 +48,6 @@ $colorwireless = array('333333','a83c3c','999999'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); $colorvpnusers = array('990000'); +$colorcaptiveportalusers = array('990000'); ?> diff --git a/usr/local/www/themes/nervecenter/rrdcolors.inc.php b/usr/local/www/themes/nervecenter/rrdcolors.inc.php index 8e74545..c681f78 100644 --- a/usr/local/www/themes/nervecenter/rrdcolors.inc.php +++ b/usr/local/www/themes/nervecenter/rrdcolors.inc.php @@ -32,6 +32,7 @@ $colortrafficup = array("666666", "CCCCCC"); $colortrafficdown = array("990000", "CC0000"); +$colortraffic95 = array("660000", "FF0000"); $colorpacketsup = array("666666", "CCCCCC"); $colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); diff --git a/usr/local/www/themes/pfsense-dropdown/rrdcolors.inc.php b/usr/local/www/themes/pfsense-dropdown/rrdcolors.inc.php index 8e74545..09956cc 100644 --- a/usr/local/www/themes/pfsense-dropdown/rrdcolors.inc.php +++ b/usr/local/www/themes/pfsense-dropdown/rrdcolors.inc.php @@ -32,6 +32,7 @@ $colortrafficup = array("666666", "CCCCCC"); $colortrafficdown = array("990000", "CC0000"); +$colortraffic95 = array("660000", "FF0000"); $colorpacketsup = array("666666", "CCCCCC"); $colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); @@ -47,5 +48,6 @@ $colorwireless = array('333333','a83c3c','999999'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); $colorvpnusers = array('990000'); +$colorcaptiveportalusers = array('990000'); ?> diff --git a/usr/local/www/themes/pfsense/images/icons/icon_info_pkg.gif b/usr/local/www/themes/pfsense/images/icons/icon_info_pkg.gif Binary files differnew file mode 100644 index 0000000..cd3a532 --- /dev/null +++ b/usr/local/www/themes/pfsense/images/icons/icon_info_pkg.gif diff --git a/usr/local/www/themes/pfsense/rrdcolors.inc.php b/usr/local/www/themes/pfsense/rrdcolors.inc.php index 8e74545..09956cc 100644 --- a/usr/local/www/themes/pfsense/rrdcolors.inc.php +++ b/usr/local/www/themes/pfsense/rrdcolors.inc.php @@ -32,6 +32,7 @@ $colortrafficup = array("666666", "CCCCCC"); $colortrafficdown = array("990000", "CC0000"); +$colortraffic95 = array("660000", "FF0000"); $colorpacketsup = array("666666", "CCCCCC"); $colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); @@ -47,5 +48,6 @@ $colorwireless = array('333333','a83c3c','999999'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); $colorvpnusers = array('990000'); +$colorcaptiveportalusers = array('990000'); ?> diff --git a/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php b/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php index 8e74545..09956cc 100644 --- a/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php +++ b/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php @@ -32,6 +32,7 @@ $colortrafficup = array("666666", "CCCCCC"); $colortrafficdown = array("990000", "CC0000"); +$colortraffic95 = array("660000", "FF0000"); $colorpacketsup = array("666666", "CCCCCC"); $colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); @@ -47,5 +48,6 @@ $colorwireless = array('333333','a83c3c','999999'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); $colorvpnusers = array('990000'); +$colorcaptiveportalusers = array('990000'); ?> diff --git a/usr/local/www/themes/the_wall/rrdcolors.inc.php b/usr/local/www/themes/the_wall/rrdcolors.inc.php index 8e74545..c2bc613 100644 --- a/usr/local/www/themes/the_wall/rrdcolors.inc.php +++ b/usr/local/www/themes/the_wall/rrdcolors.inc.php @@ -47,5 +47,6 @@ $colorwireless = array('333333','a83c3c','999999'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); $colorvpnusers = array('990000'); +$colorcaptiveportalusers = array('990000'); ?> diff --git a/usr/local/www/vpn_ipsec_mobile.php b/usr/local/www/vpn_ipsec_mobile.php index 4e9c537..b4b1b05 100755 --- a/usr/local/www/vpn_ipsec_mobile.php +++ b/usr/local/www/vpn_ipsec_mobile.php @@ -386,7 +386,7 @@ function login_banner_change() { <input name="pool_enable" type="checkbox" id="pool_enable" value="yes" <?=$chk;?> onClick="pool_change()"> </td> <td> - <?=gettext("Provide a vitual IP address to clients"); ?><br> + <?=gettext("Provide a virtual IP address to clients"); ?><br> </td> </tr> </table> diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 6240a63..12bb235 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -282,7 +282,7 @@ if ($_POST) { /* the vpn_ipsec_configure() handles adding the route */ if ($pconfig['interface'] <> "wan") { if($old_ph1ent['remote-gateway'] <> $pconfig['remotegw']) { - mwexec("/sbin/route delete -host {$oldph1ent['remote-gateway']}"); + mwexec("/sbin/route delete -host {$old_ph1ent['remote-gateway']}"); } } @@ -389,6 +389,8 @@ function methodsel_change() { document.getElementById('opt_peerid').style.display = ''; document.getElementById('opt_cert').style.display = ''; document.getElementById('opt_ca').style.display = ''; + document.getElementById('opt_cert').disabled = false; + document.getElementById('opt_ca').disabled = false; break; case 'xauth_rsa_server': case 'rsasig': @@ -396,6 +398,8 @@ function methodsel_change() { document.getElementById('opt_peerid').style.display = ''; document.getElementById('opt_cert').style.display = ''; document.getElementById('opt_ca').style.display = ''; + document.getElementById('opt_cert').disabled = false; + document.getElementById('opt_ca').disabled = false; break; <?php if ($pconfig['mobile']) { ?> case 'pre_shared_key': @@ -403,6 +407,8 @@ function methodsel_change() { document.getElementById('opt_peerid').style.display = 'none'; document.getElementById('opt_cert').style.display = 'none'; document.getElementById('opt_ca').style.display = 'none'; + document.getElementById('opt_cert').disabled = true; + document.getElementById('opt_ca').disabled = true; break; <?php } ?> default: /* psk modes*/ @@ -410,6 +416,8 @@ function methodsel_change() { document.getElementById('opt_peerid').style.display = ''; document.getElementById('opt_cert').style.display = 'none'; document.getElementById('opt_ca').style.display = 'none'; + document.getElementById('opt_cert').disabled = true; + document.getElementById('opt_ca').disabled = true; break; } } diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index b20fe0c..d45b0d6 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -141,7 +141,7 @@ if ($_POST) { } } -/* TODO : Validate enabled phase2's are not duplicates */ + /* TODO : Validate enabled phase2's are not duplicates */ $ealgos = pconfig_to_ealgos($pconfig); @@ -184,6 +184,7 @@ if ($_POST) { if(is_array($ph2ent)) { ipsec_lookup_phase1($ph2ent, $ph1ent); $old_ph1ent = $ph1ent; + $old_ph1ent['remote-gateway'] = resolve_retry($old_ph1ent['remote-gateway']); reload_tunnel_spd_policy ($ph1ent, $ph2ent, $old_ph1ent, $old_ph2ent); } diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index d2374b2..d28315d 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -125,7 +125,7 @@ if($_GET['act']=="edit"){ } else $pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']); $pconfig['crypto'] = $a_client[$id]['crypto']; - $pconfig['engine'] = $a_server[$id]['engine']; + $pconfig['engine'] = $a_client[$id]['engine']; $pconfig['tunnel_network'] = $a_client[$id]['tunnel_network']; $pconfig['remote_network'] = $a_client[$id]['remote_network']; diff --git a/usr/local/www/widgets/widgets/captive_portal_status.widget.php b/usr/local/www/widgets/widgets/captive_portal_status.widget.php index d240d69..829515f 100644 --- a/usr/local/www/widgets/widgets/captive_portal_status.widget.php +++ b/usr/local/www/widgets/widgets/captive_portal_status.widget.php @@ -68,9 +68,10 @@ $concurrent = count($cpcontents); foreach ($cpcontents as $cpcontent) { $cpent = explode(",", $cpcontent); + $sessionid = $cpent[5]; if ($_GET['showact']) $cpent[5] = captiveportal_get_last_activity($cpent[2]); - $cpdb[] = $cpent; + $cpdb[$sessionid] = $cpent; } if ($_GET['order']) { @@ -97,7 +98,7 @@ if ($_GET['order']) { <td class="listhdrr"><a href="?order=start&showact=<?=$_GET['showact'];?>"><?=gettext("Last activity");?></a></td> <?php endif; ?> </tr> -<?php foreach ($cpdb as $cpent): ?> +<?php foreach ($cpdb as $sid => $cpent): ?> <tr> <td class="listlr"><?=$cpent[2];?></td> <td class="listr"><?=$cpent[3];?> </td> @@ -107,7 +108,7 @@ if ($_GET['order']) { <td class="listr"><?php if ($cpent[5]) echo htmlspecialchars(date("m/d/Y H:i:s", $cpent[5]));?></td> <?php endif; ?> <td valign="middle" class="list" nowrap> - <a href="?order=<?=$_GET['order'];?>&showact=<?=$_GET['showact'];?>&act=del&id=<?=$cpent[1];?>" onclick="return confirm('Do you really want to disconnect this client?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> + <a href="?order=<?=$_GET['order'];?>&showact=<?=$_GET['showact'];?>&act=del&id=<?=$sid;?>" onclick="return confirm('Do you really want to disconnect this client?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> </tr> <?php endforeach; ?> </table> diff --git a/usr/local/www/widgets/widgets/openvpn.widget.php b/usr/local/www/widgets/widgets/openvpn.widget.php index fdf2e3c..c93c708 100644 --- a/usr/local/www/widgets/widgets/openvpn.widget.php +++ b/usr/local/www/widgets/widgets/openvpn.widget.php @@ -13,7 +13,7 @@ if($_GET['action']) { $retval = kill_client($port, $remipp); echo htmlentities("|{$port}|{$remipp}|{$retval}|"); } else { - echo "invalid input"; + echo gettext("invalid input"); } exit; } @@ -21,7 +21,10 @@ if($_GET['action']) { function kill_client($port, $remipp) { - $tcpsrv = "tcp://127.0.0.1:{$port}"; + global $g; + + //$tcpsrv = "tcp://127.0.0.1:{$port}"; + $tcpsrv = "unix://{$g['varetc_path']}/openvpn/{$port}.sock"; $errval; $errstr; @@ -29,13 +32,19 @@ function kill_client($port, $remipp) { $fp = @stream_socket_client($tcpsrv, $errval, $errstr, 1); $killed = -1; if ($fp) { + stream_set_timeout($fp, 1); fputs($fp, "kill {$remipp}\n"); while (!feof($fp)) { $line = fgets($fp, 1024); + + $info = stream_get_meta_data($fp); + if ($info['timed_out']) + break; + /* parse header list line */ - if (strpos($line, "INFO:")) + if (strpos($line, "INFO:") !== false) continue; - if (strpos($line, "UCCESS")) { + if (strpos($line, "SUCCESS") !== false) { $killed = 0; } break; @@ -97,7 +106,7 @@ $clients = openvpn_get_active_clients(); <td class="listhdrr">Real/Virtual IP</td> </tr> <?php foreach ($server['conns'] as $conn): ?> - <tr name='<?php echo "r:{$server['port']}:{$conn['remote_host']}"; ?>'> + <tr name='<?php echo "r:{$server['mgmt']}:{$conn['remote_host']}"; ?>'> <td class="listlr"> <?=$conn['common_name'];?> </td> @@ -106,12 +115,12 @@ $clients = openvpn_get_active_clients(); </td> <td class='list' rowspan="2"> <img src='/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif' height='17' width='17' border='0' - onclick="killClient('<?php echo $server['port']; ?>', '<?php echo $conn['remote_host']; ?>');" style='cursor:pointer;' - name='<?php echo "i:{$server['port']}:{$conn['remote_host']}"; ?>' + onclick="killClient('<?php echo $server['mgmt']; ?>', '<?php echo $conn['remote_host']; ?>');" style='cursor:pointer;' + name='<?php echo "i:{$server['mgmt']}:{$conn['remote_host']}"; ?>' title='Kill client connection from <?php echo $conn['remote_host']; ?>' alt='' /> </td> </tr> - <tr name='<?php echo "r:{$server['port']}:{$conn['remote_host']}"; ?>'> + <tr name='<?php echo "r:{$server['mgmt']}:{$conn['remote_host']}"; ?>'> <td class="listlr"> <?=$conn['connect_time'];?> </td> diff --git a/usr/local/www/widgets/widgets/system_information.widget.php b/usr/local/www/widgets/widgets/system_information.widget.php index 1b9683a..e1e4645 100644 --- a/usr/local/www/widgets/widgets/system_information.widget.php +++ b/usr/local/www/widgets/widgets/system_information.widget.php @@ -38,7 +38,7 @@ require_once("guiconfig.inc"); require_once('notices.inc'); if($_REQUEST['getupdatestatus']) { - if(isset($curcfg['alturl']['enable'])) + if(isset($config['system']['firmware']['alturl']['enable'])) $updater_url = "{$config['system']['firmware']['alturl']['firmwareurl']}"; else $updater_url = $g['update_url']; @@ -48,9 +48,10 @@ if($_REQUEST['getupdatestatus']) { $nanosize = "-nanobsd-" . strtolower(trim(file_get_contents("/etc/nanosize.txt"))); } - download_file_with_progress_bar("{$updater_url}/version{$nanosize}", "/tmp/{$g['product_name']}_version"); + @unlink("/tmp/{$g['product_name']}_version"); + if (download_file_with_progress_bar("{$updater_url}/version{$nanosize}", "/tmp/{$g['product_name']}_version", 'read_body', 5, 5) === true) + $remote_version = trim(@file_get_contents("/tmp/{$g['product_name']}_version")); - $remote_version = trim(@file_get_contents("/tmp/{$g['product_name']}_version")); if(empty($remote_version)) echo "<br /><br />Unable to check for updates."; else { diff --git a/usr/local/www/wizards/openvpn_wizard.inc b/usr/local/www/wizards/openvpn_wizard.inc index 5af4510..e48cfb3 100644 --- a/usr/local/www/wizards/openvpn_wizard.inc +++ b/usr/local/www/wizards/openvpn_wizard.inc @@ -603,7 +603,7 @@ function step12_submitphpaction() { $rule['destination']['network'] = $server['interface'] . "ip"; $rule['destination']['port'] = $server['local_port']; $rule['interface'] = $server['interface']; - $rule['protocol'] = $server['protocol']; + $rule['protocol'] = strtolower($server['protocol']); $rule['type'] = "pass"; $rule['enabled'] = "on"; $config['filter']['rule'][] = $rule; diff --git a/usr/local/www/wizards/setup_wizard.xml b/usr/local/www/wizards/setup_wizard.xml index 5a33d39..8d37518 100644 --- a/usr/local/www/wizards/setup_wizard.xml +++ b/usr/local/www/wizards/setup_wizard.xml @@ -256,7 +256,7 @@ </field> <field> <name>Gateway</name> - <bindstofield>interfaces->wan->gateway</bindstofield> + <bindstofield>wizardtemp->wangateway</bindstofield> <type>input</type> <validate>^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$</validate> <message>Gateway IP Address field is invalid</message> @@ -387,6 +387,11 @@ <stepbeforeformdisplay> <![CDATA[ $config['interfaces']['tmp'] = array(); + + if (is_array($config['gateways']['gateway_item'])) + foreach ($config['gateways']['gateway_item'] as $gw) + if ($gw['name'] == 'WANGW') + $config['wizardtemp']['wangateway'] = $gw['gateway']; ]]> </stepbeforeformdisplay> <stepsubmitphpaction> @@ -554,12 +559,37 @@ <description>A reload is now in progress. Please wait. <p> The system will automatically try to access $myurl in 120 seconds. <p> You can click on the icon above to access the site more quickly. <meta http-equiv="refresh" content="60; url=$myurl" ></description> <stepafterformdisplay> + <![CDATA[ $config['system']['hostname'] = $config['wizardtemp']['system']['hostname']; $config['system']['domain'] = $config['wizardtemp']['system']['domain']; + if (!empty($config['wizardtemp']['wangateway'])) { + if (!is_array($config['gateways']['gateway_item'])) + $config['gateways']['gateway_item'] = array(); + $found = false; + foreach ($config['gateways']['gateway_item'] as & $gw) { + if ($gw['name'] == 'WANGW') { + $found = true; + $gw['gateway'] = $config['wizardtemp']['wangateway']; + } + } + if (!$found) { + $newgw = array(); + $newgw['interface'] = "wan"; + $newgw['gateway'] = $config['wizardtemp']['wangateway']; + $newgw['name'] = "WANGW"; + $newgw['weight'] = 1; + $newgw['descr'] = "WAN Gateway"; + $newgw['defaultgw'] = true; + $config['gateways']['gateway_item'][] = $newgw; + } + $config['interfaces']['wan']['gateway'] = "WANGW"; + } unset($config['wizardtemp']); write_config(); reload_all(); - mwexec_bg("/etc/rc.update_bogons.sh now"); + setup_gateways_monitor(); + mwexec_bg("/etc/rc.update_bogons.sh now"); + ]]> </stepafterformdisplay> </step> </pfsensewizard> diff --git a/usr/local/www/wizards/traffic_shaper_wizard.inc b/usr/local/www/wizards/traffic_shaper_wizard.inc index b684fb6..408d663 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard.inc @@ -456,15 +456,24 @@ function step3_stepsubmitphpaction() { $stepid--; return; } - $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); - $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); - $factor = wizard_get_bandwidthtype_scale($_POST["conn{$i}uploadspeed"]); - $input_bw = $factor * floatval($_POST["conn{$i}upload"]); - if ((0.8 * $ifbw) < $input_bw) { - $friendly_interface = $i+1; - $savemsg=gettext("You cannot set the VoIP upload bandwidth on WAN #{$friendly_interface} higher than 80% of the connection."); - $stepid--; - return; + if ($_POST["conn{$i}uploadspeed"] == "%") { + if (intval($_POST["conn{$i}upload"]) > 80) { + $friendly_interface = $i+1; + $savemsg=gettext("You cannot set the VoIP upload bandwidth on WAN #{$friendly_interface} higher than 80% of the connection."); + $stepid--; + return; + } + } else { + $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); + $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); + $factor = wizard_get_bandwidthtype_scale($_POST["conn{$i}uploadspeed"]); + $input_bw = $factor * floatval($_POST["conn{$i}upload"]); + if ((0.8 * $ifbw) < $input_bw) { + $friendly_interface = $i+1; + $savemsg=gettext("You cannot set the VoIP upload bandwidth on WAN #{$friendly_interface} higher than 80% of the connection."); + $stepid--; + return; + } } } @@ -949,8 +958,8 @@ function apply_all_choosen_items() { if ($penalty) { if( is_ipaddr($config['ezshaper']['step4']['address']) || is_alias($config['ezshaper']['step4']['address'])) { $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("Penalty Box"); - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['defaultqueue'] = "qOthersLow"; $rule['source']['address'] = $config['ezshaper']['step4']['address']; @@ -968,8 +977,8 @@ function apply_all_choosen_items() { if( is_ipaddr($config['ezshaper']['step3']['address']) || is_alias($config['ezshaper']['step3']['address'])) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("VOIP Adapter"); - $rule['direction'] = "out"; $rule['protocol'] = "udp"; $rule['defaultqueue'] = "qVoIP"; $rule['source']['address'] = $config['ezshaper']['step3']['address']; @@ -982,8 +991,8 @@ function apply_all_choosen_items() { } elseif( $config['ezshaper']['step3']['provider'] == "Generic" ) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = "DiffServ/Lowdelay/Upload"; - $rule['direction'] = "out"; $rule['protocol'] = "udp"; $rule['source']['any'] = TRUE; $rule['defaultqueue'] = "qVoIP"; @@ -998,8 +1007,8 @@ function apply_all_choosen_items() { /* loop through voiplist[] */ foreach ($voiplist[$config['ezshaper']['step3']['provider']] as $voip) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qVoIP'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['descr'] = "m_voip {$voip[0]} outbound"; @@ -1021,8 +1030,8 @@ function apply_all_choosen_items() { continue; foreach ($p2plist[$key] as $p2pclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qP2P'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['descr'] = "m_P2P {$p2pclient[0]} outbound"; @@ -1043,10 +1052,10 @@ function apply_all_choosen_items() { continue; foreach ($gamesplist[$key] as $Gameclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qGames'; if ($Gameclient[1] == "tcp") $rule['ackqueue'] = 'qACK'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['floating'] = "yes"; @@ -1068,6 +1077,7 @@ function apply_all_choosen_items() { continue; foreach ($othersplist[$key] as $otherclient) { $rule = array(); + $rule['type'] = "match"; switch ($val) { case "H": $rule['defaultqueue'] = 'qOthersHigh'; /* posted value H or L */ @@ -1094,7 +1104,6 @@ function apply_all_choosen_items() { $loop = 1; } if (!$loop) { - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['floating'] = "yes"; diff --git a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc index b59c5a7..9e1b03c 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc @@ -469,14 +469,22 @@ function step3_stepsubmitphpaction() { $stepid--; return; } - $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); - $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); - $factor = wizard_get_bandwidthtype_scale($_POST["conn{$i}uploadspeed"]); - $input_bw = $factor * floatval($_POST["conn{$i}upload"]); - if ((0.8 * $ifbw) < $input_bw) { - $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); - $stepid--; - return; + if ($_POST["conn{$i}uploadspeed"] == "%") { + if (intval($_POST["conn{$i}upload"]) > 80) { + $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } + } else { + $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); + $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); + $factor = wizard_get_bandwidthtype_scale($_POST["conn{$i}uploadspeed"]); + $input_bw = $factor * floatval($_POST["conn{$i}upload"]); + if ((0.8 * $ifbw) < $input_bw) { + $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } } if (!is_numeric($_POST["local{$i}download"])) { @@ -484,14 +492,22 @@ function step3_stepsubmitphpaction() { $stepid--; return; } - $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}downloadspeed"]); - $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}download"]); - $factor = wizard_get_bandwidthtype_scale($_POST["local{$i}downloadspeed"]); - $input_bw = $factor * floatval($_POST["local{$i}download"]); - if ((0.8 * $ifbw) < $input_bw) { - $savemsg=gettext("You cannot set the VoIP download bandwidth on connection {$i} higher than 80% of the connection."); - $stepid--; - return; + if ($_POST["local{$i}downloadspeed"] == "%") { + if (intval($_POST["local{$i}download"]) > 80) { + $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } + } else { + $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}downloadspeed"]); + $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}download"]); + $factor = wizard_get_bandwidthtype_scale($_POST["local{$i}downloadspeed"]); + $input_bw = $factor * floatval($_POST["local{$i}download"]); + if ((0.8 * $ifbw) < $input_bw) { + $savemsg=gettext("You cannot set the VoIP download bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } } } @@ -1006,8 +1022,8 @@ function apply_all_choosen_items() { if ($penalty) { if( is_ipaddr($config['ezshaper']['step4']['address']) || is_alias($config['ezshaper']['step4']['address'])) { $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("Penalty Box"); - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['defaultqueue'] = "qOthersLow"; $rule['source']['address'] = $config['ezshaper']['step4']['address']; @@ -1025,8 +1041,8 @@ function apply_all_choosen_items() { if( is_ipaddr($config['ezshaper']['step3']['address']) || is_alias($config['ezshaper']['step3']['address'])) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("VOIP Adapter"); - $rule['direction'] = "out"; $rule['protocol'] = "udp"; $rule['defaultqueue'] = "qVoIP"; $rule['source']['address'] = $config['ezshaper']['step3']['address']; @@ -1039,8 +1055,8 @@ function apply_all_choosen_items() { } elseif( $config['ezshaper']['step3']['provider'] == "Generic" ) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = "DiffServ/Lowdelay/Upload"; - $rule['direction'] = "out"; $rule['protocol'] = "udp"; $rule['source']['any'] = TRUE; $rule['defaultqueue'] = "qVoIP"; @@ -1055,8 +1071,8 @@ function apply_all_choosen_items() { /* loop through voiplist[] */ foreach ($voiplist[$config['ezshaper']['step3']['provider']] as $voip) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qVoIP'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['descr'] = "m_voip {$voip[0]} outbound"; @@ -1078,8 +1094,8 @@ function apply_all_choosen_items() { continue; foreach ($p2plist[$key] as $p2pclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qP2P'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['descr'] = "m_P2P {$p2pclient[0]} outbound"; @@ -1100,10 +1116,10 @@ function apply_all_choosen_items() { continue; foreach ($gamesplist[$key] as $Gameclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qGames'; if ($Gameclient[1] == "tcp") $rule['ackqueue'] = 'qACK'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['floating'] = "yes"; @@ -1125,6 +1141,7 @@ function apply_all_choosen_items() { continue; foreach ($othersplist[$key] as $otherclient) { $rule = array(); + $rule['type'] = "match"; switch ($val) { case "H": $rule['defaultqueue'] = 'qOthersHigh'; /* posted value H or L */ @@ -1151,7 +1168,6 @@ function apply_all_choosen_items() { $loop = 1; } if (!$loop) { - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['floating'] = "yes"; diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc index c6347da..aaeeccc 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc @@ -495,10 +495,17 @@ function step3_stepsubmitphpaction() { $steps = intval($config['ezshaper']['step1']['numberofconnections']); for ($i = 0; $i < $steps; $i++) { if (!is_numeric($_POST["conn{$i}upload"])) { - $savemsg = gettext("Upload bandwidth of connection {$i} is not valid."); + $savemsg = gettext("Upload bandwidth of connection {$i} is not valid."); + $stepid--; + return; + } + if ($_POST["conn{$i}uploadspeed"] == "%") { + if (intval($_POST["conn{$i}upload"]) > 80) { + $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); $stepid--; return; } + } else { $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); $factor = wizard_get_bandwidthtype_scale($_POST["conn{$i}uploadspeed"]); @@ -507,6 +514,7 @@ function step3_stepsubmitphpaction() { $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); $stepid--; return; + } } } @@ -517,14 +525,22 @@ function step3_stepsubmitphpaction() { $stepid--; return; } - $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}downloadspeed"]); - $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}download"]); - $factor = wizard_get_bandwidthtype_scale($_POST["local{$i}downloadspeed"]); - $input_bw = $factor * floatval($_POST["local{$i}download"]); - if ((0.8 * $ifbw) < $input_bw) { - $savemsg=gettext("You cannot set the VoIP download bandwidth on connection {$i} higher than 80% of the connection."); - $stepid--; - return; + if ($_POST["local{$i}downloadspeed"] == "%") { + if (intval($_POST["local{$i}download"]) > 80) { + $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } + } else { + $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}downloadspeed"]); + $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}download"]); + $factor = wizard_get_bandwidthtype_scale($_POST["local{$i}downloadspeed"]); + $input_bw = $factor * floatval($_POST["local{$i}download"]); + if ((0.8 * $ifbw) < $input_bw) { + $savemsg=gettext("You cannot set the VoIP download bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } } } @@ -1039,8 +1055,8 @@ function apply_all_choosen_items() { if ($penalty) { if( is_ipaddr($config['ezshaper']['step4']['address']) || is_alias($config['ezshaper']['step4']['address'])) { $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("Penalty Box"); - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['defaultqueue'] = "qOthersLow"; $rule['source']['address'] = $config['ezshaper']['step4']['address']; @@ -1058,8 +1074,8 @@ function apply_all_choosen_items() { if( is_ipaddr($config['ezshaper']['step3']['address']) || is_alias($config['ezshaper']['step3']['address'])) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("VOIP Adapter"); - $rule['direction'] = "out"; $rule['protocol'] = "udp"; $rule['defaultqueue'] = "qVoIP"; $rule['source']['address'] = $config['ezshaper']['step3']['address']; @@ -1072,8 +1088,8 @@ function apply_all_choosen_items() { } elseif( $config['ezshaper']['step3']['provider'] == "Generic" ) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = "DiffServ/Lowdelay/Upload"; - $rule['direction'] = "out"; $rule['protocol'] = "udp"; $rule['source']['any'] = TRUE; $rule['defaultqueue'] = "qVoIP"; @@ -1088,8 +1104,8 @@ function apply_all_choosen_items() { /* loop through voiplist[] */ foreach ($voiplist[$config['ezshaper']['step3']['provider']] as $voip) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qVoIP'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['descr'] = "m_voip {$voip[0]} outbound"; @@ -1111,8 +1127,8 @@ function apply_all_choosen_items() { continue; foreach ($p2plist[$key] as $p2pclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qP2P'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['descr'] = "m_P2P {$p2pclient[0]} outbound"; @@ -1133,10 +1149,10 @@ function apply_all_choosen_items() { continue; foreach ($gamesplist[$key] as $Gameclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qGames'; if ($Gameclient[1] == "tcp") $rule['ackqueue'] = 'qACK'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['floating'] = "yes"; @@ -1158,6 +1174,7 @@ function apply_all_choosen_items() { continue; foreach ($othersplist[$key] as $otherclient) { $rule = array(); + $rule['type'] = "match"; switch ($val) { case "H": $rule['defaultqueue'] = 'qOthersHigh'; /* posted value H or L */ @@ -1184,7 +1201,6 @@ function apply_all_choosen_items() { $loop = 1; } if (!$loop) { - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['floating'] = "yes"; diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc index a5de47e..0dedfea 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc @@ -296,21 +296,46 @@ function step3_stepsubmitphpaction() { } } + if (!is_numeric($_POST["connupload"]) || !is_numeric($_POST['conndownload'])) { + $savemsg = gettext("Upload or download bandwidth is not valid."); + $stepid--; + return; + } $steps = intval($config['ezshaper']['step1']['numberofconnections']); for ($i = 0; $i < $steps; $i++) { - if (!is_numeric($_POST["connupload"])) { - $savemsg = gettext("Upload bandwidth of connection {$i} is not valid."); - $stepid--; - return; - } - $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); - $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); - $factor = wizard_get_bandwidthtype_scale($_POST["conn{$i}uploadspeed"]); - $input_bw = $factor * floatval($_POST["conn{$i}upload"]); - if ((0.8 * $ifbw) < $input_bw) { - $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); - $stepid--; - return; + if ($_POST["connuploadspeed"] == "%") { + if (intval($_POST['connupload']) > 80) { + $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } + } else { + $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); + $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); + $factor = wizard_get_bandwidthtype_scale($_POST["connuploadspeed"]); + $input_bw = $factor * floatval($_POST["connupload"]); + if ((0.8 * $ifbw) < $input_bw) { + $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } + } + if ($_POST["conndownloadspeed"] == "%") { + if (intval($_POST['conndownload']) > 80) { + $savemsg=gettext("You cannot set the VoIP download bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } + } else { + $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}downloadspeed"]); + $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}download"]); + $factor = wizard_get_bandwidthtype_scale($_POST["conndownloadspeed"]); + $input_bw = $factor * floatval($_POST["conndownload"]); + if ((0.8 * $ifbw) < $input_bw) { + $savemsg=gettext("You cannot set the VoIP download bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } } } } @@ -1178,8 +1203,8 @@ function apply_all_choosen_items() { if ($penalty) { if( is_ipaddr($config['ezshaper']['step4']['address']) || is_alias($config['ezshaper']['step4']['address'])) { $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("Penalty Box"); - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['defaultqueue'] = "qOthersLow"; $rule['source']['address'] = $config['ezshaper']['step4']['address']; @@ -1197,8 +1222,8 @@ function apply_all_choosen_items() { if( is_ipaddr($config['ezshaper']['step3']['address']) || is_alias($config['ezshaper']['step3']['address'])) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("VOIP Adapter"); - $rule['direction'] = "out"; $rule['protocol'] = "udp"; $rule['defaultqueue'] = "qVoIP"; $rule['source']['address'] = $config['ezshaper']['step3']['address']; @@ -1211,8 +1236,8 @@ function apply_all_choosen_items() { } elseif( $config['ezshaper']['step3']['provider'] == "Generic" ) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = "DiffServ/Lowdelay/Upload"; - $rule['direction'] = "out"; $rule['protocol'] = "udp"; $rule['source']['any'] = TRUE; $rule['defaultqueue'] = "qVoIP"; @@ -1227,8 +1252,8 @@ function apply_all_choosen_items() { /* loop through voiplist[] */ foreach ($voiplist[$config['ezshaper']['step3']['provider']] as $voip) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qVoIP'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['descr'] = "m_voip {$voip[0]} outbound"; @@ -1250,8 +1275,8 @@ function apply_all_choosen_items() { continue; foreach ($p2plist[$key] as $p2pclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qP2P'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['descr'] = "m_P2P {$p2pclient[0]} outbound"; @@ -1272,10 +1297,10 @@ function apply_all_choosen_items() { continue; foreach ($gamesplist[$key] as $Gameclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qGames'; if ($Gameclient[1] == "tcp") $rule['ackqueue'] = 'qACK'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['floating'] = "yes"; @@ -1297,6 +1322,7 @@ function apply_all_choosen_items() { continue; foreach ($othersplist[$key] as $otherclient) { $rule = array(); + $rule['type'] = "match"; switch ($val) { case "H": $rule['defaultqueue'] = 'qOthersHigh'; /* posted value H or L */ @@ -1323,7 +1349,6 @@ function apply_all_choosen_items() { $loop = 1; } if (!$loop) { - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['floating'] = "yes"; diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.xml b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.xml index ae5a139..30bc566 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.xml +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.xml @@ -124,7 +124,8 @@ <message>IP Address field is non-blank and doesn't look like an IP address.</message> </field> <field> - <name>Download Speed</name> + <displayname>Upload Speed</displayname> + <name>connupload</name> <type>input</type> <bindstofield>ezshaper->step3->connupload</bindstofield> <combinefieldsbegin>true</combinefieldsbegin> @@ -134,7 +135,7 @@ <dontdisplayname>true</dontdisplayname> <dontcombinecells>true</dontcombinecells> <donotdisable>true</donotdisable> - <name>Download Speed Unit</name> + <name>connuploadspeed</name> <description>The limit you want to apply.</description> <type>select</type> <options> @@ -158,7 +159,8 @@ <bindstofield>ezshaper->step3->connuploadspeed</bindstofield> </field> <field> - <name>Upload Speed</name> + <displayname>Download Speed</displayname> + <name>conndownload</name> <type>input</type> <bindstofield>ezshaper->step3->conndownload</bindstofield> <combinefieldsbegin>true</combinefieldsbegin> @@ -168,14 +170,14 @@ <dontdisplayname>true</dontdisplayname> <dontcombinecells>true</dontcombinecells> <donotdisable>true</donotdisable> - <name>Upload Speed Unit</name> + <name>conndownloadspeed</name> <description>The limit you want to apply.</description> <type>select</type> <options> <option> - <name>%</name> - <value>%</value> - </option> + <name>%</name> + <value>%</value> + </option> <option> <name>Kilobit/s</name> <value>Kb</value> @@ -189,7 +191,7 @@ <value>Gb</value> </option> </options> - <bindstofield>ezshaper->step3->conndownloadspeed</bindstofield> + <bindstofield>ezshaper->step3->conndownloadspeed</bindstofield> </field> <field> <name>Next</name> diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index ea0166b..ebb3a24 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -171,7 +171,7 @@ function restore_config_section_xmlrpc($raw_params) { // Then add ipalias and proxyarp types already defined on the backup if (is_array($vipbackup)) { foreach ($vipbackup as $vip) { - if (($vip['mode'] == 'ipalias') || ($vip['mode'] == 'proxyarp')) + if ((($vip['mode'] == 'ipalias') || ($vip['mode'] == 'proxyarp')) && substr($vip['interface'], 0, 3) != "vip") array_unshift($config['virtualip']['vip'], $vip); } } @@ -226,8 +226,16 @@ function merge_config_section_xmlrpc($raw_params) { foreach ($config['virtualip']['vip'] as $vip) interface_vip_bring_down($vip); } + $vipbackup = $config['virtualip']['vip']; } $config = array_merge_recursive_unique($config, $params[0]); + // Then add ipalias and proxyarp types already defined on the backup + if (is_array($vipbackup)) { + foreach ($vipbackup as $vip) { + if ((($vip['mode'] == 'ipalias') || ($vip['mode'] == 'proxyarp')) && substr($vip['interface'], 0, 3) != "vip") + array_unshift($config['virtualip']['vip'], $vip); + } + } $mergedkeys = implode(",", array_keys($params[0])); write_config("Merged in config ({$mergedkeys} sections) from XMLRPC client."); interfaces_vips_configure(); |
