diff options
| -rw-r--r-- | etc/inc/filter.inc | 19 | ||||
| -rw-r--r-- | etc/inc/filter_log.inc | 2 | ||||
| -rw-r--r-- | etc/inc/gwlb.inc | 4 | ||||
| -rw-r--r-- | etc/inc/interfaces.inc | 48 | ||||
| -rw-r--r-- | etc/inc/shaper.inc | 2 | ||||
| -rw-r--r-- | etc/inc/vpn.inc | 40 | ||||
| -rwxr-xr-x | usr/local/www/firewall_virtual_ip.php | 3 | ||||
| -rwxr-xr-x | usr/local/www/services_snmp.php | 15 | ||||
| -rwxr-xr-x | usr/local/www/status_gateway_groups.php | 2 | ||||
| -rwxr-xr-x | usr/local/www/status_gateways.php | 6 | ||||
| -rwxr-xr-x | usr/local/www/status_wireless.php | 1 | ||||
| -rwxr-xr-x | usr/local/www/vpn_ipsec.php | 8 | ||||
| -rw-r--r-- | usr/local/www/widgets/widgets/gateways.widget.php | 8 |
13 files changed, 70 insertions, 88 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 0bbcf58..7ef9f32 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1057,7 +1057,7 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = " } function filter_nat_rules_generate() { - global $config, $g, $after_filter_configure_run, $FilterIflist; + global $config, $g, $after_filter_configure_run, $FilterIflist, $GatewaysList; $natrules = "nat-anchor \"natearly/*\"\n"; @@ -1145,16 +1145,13 @@ function filter_nat_rules_generate() { if(is_array($config['staticroutes']['route'])) { foreach ($config['staticroutes']['route'] as $route) { $netip = explode("/", $route['network']); - if(is_array($config['gateways']['gateway_item'])) { - foreach($config['gateways']['gateway_item'] as $gateway) { - if($route['gateway'] == $gateway['name']) { - $gatewayip = $gateway['gateway']; - $interfacegw = $gateway['interface']; - if((! interface_has_gateway($gateway['interface'])) && (is_private_ip($netip[0]))) { - $numberofnathosts++; - $tonathosts .= "{$route['network']} "; - } - } + if (isset($GatewaysList[$route['gateway']])) { + $gateway =& $GatewaysList[$route['gateway']]; + $gatewayip = $gateway['gateway']; + $interfacegw = $gateway['interface']; + if(!interface_has_gateway($gateway['interface']) && is_private_ip($netip[0])) { + $numberofnathosts++; + $tonathosts .= "{$route['network']} "; } } } diff --git a/etc/inc/filter_log.inc b/etc/inc/filter_log.inc index 3005d8c..f5eb3af 100644 --- a/etc/inc/filter_log.inc +++ b/etc/inc/filter_log.inc @@ -150,6 +150,8 @@ function parse_filter_line($line) { if ($flent['proto'] == "TCP") { $flags = split('[\, ]', $leftovers); $flent['tcpflags'] = str_replace(".", "A", substr($flags[1], 1, -1)); + } elseif ($flent['proto'] == "Options") { + $flent['proto'] = "none"; } /* If there is a src, a dst, and a time, then the line should be usable/good */ diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index 4e19e2b..268d94c 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -395,7 +395,7 @@ function return_gateway_groups_array() { } else { $tiers[$tier][] = $gwname; } - } elseif ($status['status'] == "none")) { + } elseif ($status['status'] == "none") { /* Online add member */ $tiers[$tier][] = $gwname; } @@ -480,7 +480,7 @@ function lookup_gateway_monitor_ip_by_name($name) { $gateway['monitor'] = "127.0.0.2"; $monitorip = $gateway['monitor']; - if($monitorip == "") + if(!is_ipaddr($monitorip)) $monitorip = $gateway['gateway']; return ($monitorip); diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 84e1376..e28ec51 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -775,9 +775,13 @@ function interface_reconfigure($interface = "wan") { } function interface_vip_bring_down(&$vip) { + global $g; + switch ($vip['mode']) { case "proxyarp": - interface_proxyarp_configure(); + $vipif = get_real_interface($vip['interface']); + if (file_exists("{$g['varrun_path']}/choparp_{$vipif}.pid")) + killbypid("{$g['varrun_path']}/choparp_{$vipif}.pid"); break; case "ipalias": $vipif = get_real_interface($vip['interface']); @@ -812,9 +816,18 @@ function interface_bring_down($interface = "wan", $destroy = false) { case "pppoe": case "pptp": case "l2tp": - killbypid("{$g['varrun_path']}/{$ifcfg['ipaddr']}_{$interface}.pid"); - sleep(2); - unlink_if_exists("{$g['varetc_path']}/mpd_{$interface}.conf"); + if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { + foreach ($config['ppps']['ppp'] as $pppid => $ppp) { + if ($realif == $ppp['if']) { + if (!isset($ppp['ondemand'])) { + killbypid("{$g['varrun_path']}/{$ifcfg['ipaddr']}_{$interface}.pid"); + sleep(2); + unlink_if_exists("{$g['varetc_path']}/mpd_{$interface}.conf"); + } + break; + } + } + } break; case "carpdev-dhcp": /* @@ -1461,7 +1474,7 @@ function interfaces_carp_setup() { } } -function interface_proxyarp_configure() { +function interface_proxyarp_configure($interface = "") { global $config, $g; if(isset($config['system']['developerspew'])) { $mt = microtime(); @@ -1469,7 +1482,8 @@ function interface_proxyarp_configure() { } /* kill any running choparp */ - killbyname("choparp"); + if (empty($interface)) + killbyname("choparp"); if (isset($config['virtualip']) && is_array($config['virtualip']['vip'])) { $paa = array(); @@ -1487,26 +1501,38 @@ function interface_proxyarp_configure() { $paa[$proxyif][] = $vipent; } + } } - if (count($paa)) + if (!empty($interface)) { + if (is_array($paa[$interface])) { + $paaifip = get_interface_ip($interface); + if (!is_ipaddr($paaifip)) + return; + $args = get_real_interface($interface) . " auto"; + foreach ($paa[$interface] as $paent) { + if (isset($paent['subnet'])) + $args .= " " . escapeshellarg("{$paent['subnet']}/{$paent['subnet_bits']}"); + else if (isset($paent['range'])) + $args .= " " . escapeshellarg($paent['range']['from'] . "-" . $paent['range']['to']); + } + mwexec_bg("/usr/local/sbin/choparp " . $args); + } + } else if (count($paa)) { foreach ($paa as $paif => $paents) { $paaifip = get_interface_ip($paif); if (!(is_ipaddr($paaifip))) continue; $args = get_real_interface($paif) . " auto"; foreach ($paents as $paent) { - if (isset($paent['subnet'])) $args .= " " . escapeshellarg("{$paent['subnet']}/{$paent['subnet_bits']}"); else if (isset($paent['range'])) - $args .= " " . escapeshellarg($paent['range']['from'] . "-" . - $paent['range']['to']); + $args .= " " . escapeshellarg($paent['range']['from'] . "-" . $paent['range']['to']); } mwexec_bg("/usr/local/sbin/choparp " . $args); } } - } function interfaces_vips_configure($interface = "") { diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index c6e19d3..0729557 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -2622,7 +2622,7 @@ class fairq_queue extends priq_queue { /* - * XXX: TODO Link dummynet(4) in the system. + * dummynet(4) wrappers. */ diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index a98969d..8a2bb85 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -78,29 +78,10 @@ function vpn_ipsec_failover_configure() { } } -function find_last_gif_device() { - $last_gif_found = -1; - $regs = ""; - if (!($fp = popen("/sbin/ifconfig -l", "r"))) - return -1; - $ifconfig_data = fread($fp, 4096); - pclose($fp); - $ifconfig_array = split(" ", $ifconfig_data); - foreach ($ifconfig_array as $ifconfig) { - ereg("gif(.)", $ifconfig, $regs); - if ($regs[0] && $regs[0] > $last_gif_found) { - $last_gif_found = $regs[1]; - } - } - return $last_gif_found; -} - function vpn_ipsec_configure($ipchg = false) { global $config, $g, $sa, $sn, $p1_ealgos, $p2_ealgos; - mwexec("/sbin/ifconfig enc0 up"); - /* get the automatic ping_hosts.sh ready */ unlink_if_exists("{$g['vardb_path']}/ipsecpinghosts"); touch("{$g['vardb_path']}/ipsecpinghosts"); @@ -110,10 +91,6 @@ function vpn_ipsec_configure($ipchg = false) else mwexec("/sbin/sysctl net.key.preferred_oldsa=0"); - $number_of_gifs = find_last_gif_device(); - for ($x = 0; $x < $number_of_gifs; $x++) - mwexec("/sbin/ifconfig gif" . $x . " delete"); - $syscfg = $config['system']; $ipseccfg = $config['ipsec']; $a_phase1 = $config['ipsec']['phase1']; @@ -146,6 +123,8 @@ function vpn_ipsec_configure($ipchg = false) return true; } else { + mwexec("/sbin/ifconfig enc0 up"); + if ($g['booting']) echo "Configuring IPsec VPN... "; @@ -803,21 +782,6 @@ EOD; $localid = ipsec_idinfo_to_cidr($ph2ent['localid'],true); $remoteid = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true); - if (isset ($ph2ent['creategif'])) { - $number_of_gifs = find_last_gif_device(); - $number_of_gifs++; - $curwanip = get_interface_ip(); - if ($config['installedpackages']['sasyncd']['config'] <> "") { - foreach ($config['installedpackages']['sasyncd']['config'] as $sasyncd) { - if ($sasyncd['ip'] <> "") - $curwanip = $sasyncd['ip']; - } - } - mwexec("/sbin/ifconfig gif" . $number_of_gifs . " tunnel" . $curwanip . " " . $rgip); - if ($config['interfaces']['lan']) - mwexec("/sbin/ifconfig gif" . $number_of_gifs . " {$lansa}/{$lansn} {$lanip}/32"); - } - if($ph2ent['mode'] == "tunnel") { $spdconf .= "spdadd {$localid} {$remoteid} any -P out ipsec " . diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index 1d2e634..f4b4567 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -72,7 +72,7 @@ if ($_POST) { interface_ipalias_configure($a_vip[$vid]); break; case "proxyarp": - interface_proxyarp_configure(); + interface_proxyarp_configure($a_vip[$vid]['interface']); break; case "carp": interface_carp_configure($a_vip[$vid]); @@ -85,6 +85,7 @@ if ($_POST) { } } } + @unlink("{$g['tmp_path']}/firewall_virtual_ip.apply"); $retval = 0; $retval |= filter_configure(); $savemsg = get_std_save_message($retval); diff --git a/usr/local/www/services_snmp.php b/usr/local/www/services_snmp.php index 29ae1b0..9540d98 100755 --- a/usr/local/www/services_snmp.php +++ b/usr/local/www/services_snmp.php @@ -194,7 +194,7 @@ function enable_change(whichone) { document.iform.syscontact.disabled = false; document.iform.rocommunity.disabled = false; document.iform.trapenable.disabled = false; - document.iform.bindlan.disabled = false; + //document.iform.bindlan.disabled = false; /* disabled until some docs show up on what this does. document.iform.rwenable.disabled = false; if( document.iform.rwenable.checked == true ) @@ -222,7 +222,7 @@ function enable_change(whichone) { document.iform.netgraph.disabled = false; document.iform.pf.disabled = false; document.iform.hostres.disabled = false; - document.iform.bridge.disabled = false; + //document.iform.bridge.disabled = false; } else { @@ -243,9 +243,8 @@ function enable_change(whichone) { document.iform.netgraph.disabled = true; document.iform.pf.disabled = true; document.iform.hostres.disabled = true; - document.iform.bridge.disabled = true; - - document.iform.bindlan.disabled = true; + //document.iform.bridge.disabled = true; + //document.iform.bindlan.disabled = true; } } //--> @@ -261,7 +260,7 @@ function enable_change(whichone) { <td colspan="2" valign="top" class="optsect_t"> <table border="0" cellspacing="0" cellpadding="0" width="100%"> <tr><td class="optsect_s"><strong>SNMP Daemon</strong></td> - <td align="right" class="optsect_s"><input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(this)"> <strong>Enable</strong></td></tr> + <td align="right" class="optsect_s"><input name="enable" id="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(this)"> <strong>Enable</strong></td></tr> </table></td> </tr> @@ -300,7 +299,7 @@ function enable_change(whichone) { <tr> <td width="22%" valign="top" class="vtable"> </td> <td width="78%" class="vtable"> - <input name="rwenable" type="checkbox" value="yes" <?php if ($pconfig['rwenable']) echo "checked"; ?> onClick="enable_change(this)"> + <input name="rwenable" id="rwenable" type="checkbox" value="yes" <?php if ($pconfig['rwenable']) echo "checked"; ?> onClick="enable_change(this)"> <strong>Enable Write Community String</strong> </td> </tr> @@ -321,7 +320,7 @@ function enable_change(whichone) { <td colspan="2" valign="top" class="optsect_t"> <table border="0" cellspacing="0" cellpadding="0" width="100%"> <tr><td class="optsect_s"><strong>SNMP Traps</strong></td> - <td align="right" class="optsect_s"><input name="trapenable" type="checkbox" value="yes" <?php if ($pconfig['trapenable']) echo "checked"; ?> onClick="enable_change(this)"> <strong>Enable</strong></td></tr> + <td align="right" class="optsect_s"><input name="trapenable" id="trapenable" type="checkbox" value="yes" <?php if ($pconfig['trapenable']) echo "checked"; ?> onClick="enable_change(this)"> <strong>Enable</strong></td></tr> </table></td> </tr> diff --git a/usr/local/www/status_gateway_groups.php b/usr/local/www/status_gateway_groups.php index d4f0d85..5ed4aa9 100755 --- a/usr/local/www/status_gateway_groups.php +++ b/usr/local/www/status_gateway_groups.php @@ -128,7 +128,7 @@ include("head.inc"); } elseif (stristr($status, "delay")) { $online = "Warning, Latency"; $bgcolor = "khaki"; - } elseif (stristr($status, "none")) { + } elseif ($status == "none") { $online = "Online"; $bgcolor = "lightgreen"; } else { diff --git a/usr/local/www/status_gateways.php b/usr/local/www/status_gateways.php index 125100b..4d85a42 100755 --- a/usr/local/www/status_gateways.php +++ b/usr/local/www/status_gateways.php @@ -99,7 +99,7 @@ include("head.inc"); } elseif (stristr($gateway['status'], "delay")) { $online = "Warning, Latency"; $bgcolor = "khaki"; - } elseif (stristr($gateway['status'], "none")) { + } elseif ($gateway['status'] == "none") { $online = "Online"; $bgcolor = "lightgreen"; } @@ -110,9 +110,9 @@ include("head.inc"); array_shift($lastchange); array_shift($lastchange); $lastchange = implode(" ", $lastchange); - PRINT "Last check $lastchange"; + echo "Last check $lastchange"; } else { - print "Gathering data"; + echo "Gathering data"; } echo "</td></tr>"; ?> diff --git a/usr/local/www/status_wireless.php b/usr/local/www/status_wireless.php index e8c96a9..37ef825 100755 --- a/usr/local/www/status_wireless.php +++ b/usr/local/www/status_wireless.php @@ -111,7 +111,6 @@ display_top_tabs($tab_array); $bssid = $bssid[0]; /* Split the rest by using spaces for this line using the 2nd part */ $split = preg_split("/[ ]+/i", $split[1]); - $bssid = $split[0]; $channel = $split[1]; $rate = $split[2]; $rssi = $split[3]; diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index 0fdecc8..2c34085 100755 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -74,13 +74,7 @@ if ($_POST) { $config['ipsec']['enable'] = $_POST['enable'] ? true : false; - if(!$config['ipsec']['enable']) { - if(is_process_running("racoon")) - mwexec("killall racoon"); - } else { - $retval = vpn_ipsec_configure(); - } - + $retval = vpn_ipsec_configure(); write_config(); } } diff --git a/usr/local/www/widgets/widgets/gateways.widget.php b/usr/local/www/widgets/widgets/gateways.widget.php index b8bca28..a744d5b 100644 --- a/usr/local/www/widgets/widgets/gateways.widget.php +++ b/usr/local/www/widgets/widgets/gateways.widget.php @@ -54,11 +54,11 @@ $counter = 1; <tr> <td class="listlr" id="gateway<?= $counter; ?>"> <?=$gateway['name'];?> - <?php $counter++; ?> + <?php $counter++; ?> </td> <td class="listr" align="center" id="gateway<?= $counter; ?>"> - <?php echo lookup_gateway_ip_by_name($gateway['name']);?> - <?php $counter++; ?> + <?php echo lookup_gateway_ip_by_name($gateway['name']);?> + <?php $counter++; ?> </td> <td class="listr" align="center" id="gateway<?= $counter; ?>"> <?=$gateway['delay'];?> @@ -80,7 +80,7 @@ $counter = 1; } elseif (stristr($gateway['status'], "delay")) { $online = "Warning, Latency"; $bgcolor = "khaki"; - } elseif (stristr($gateway['status'], "none")) { + } elseif ($gateway['status'] == "none") { $online = "Online"; $bgcolor = "lightgreen"; } else |
