diff options
67 files changed, 4578 insertions, 558 deletions
diff --git a/conf.default/config.xml b/conf.default/config.xml index 8b4a6b3..b291c38 100644 --- a/conf.default/config.xml +++ b/conf.default/config.xml @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!-- pfSense default system configuration --> <pfsense> - <version>7.6</version> + <version>7.8</version> <lastchange></lastchange> <theme>pfsense_ng</theme> <sysctl> diff --git a/etc/bogonsv6 b/etc/bogonsv6 new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/etc/bogonsv6 diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 239d7de..8dc0fe7 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -57,14 +57,21 @@ $security_passed = true; if (function_exists("display_error_form") && !isset($config['system']['webgui']['nodnsrebindcheck'])) { /* DNS ReBinding attack prevention. http://redmine.pfsense.org/issues/708 */ $found_host = false; + if(strstr($_SERVER['HTTP_HOST'], ":")) { $http_host_port = explode(":", $_SERVER['HTTP_HOST']); - $http_host = $http_host_port[0]; + /* v6 address has more parts, drop the last part */ + if(count($http_host_port) > 1) { + array_pop($http_host_port); + $http_host = str_replace(array("[", "]"), "", implode(":", $http_host_port)); + } else { + $http_host = $http_host_port[0]; + } } else { $http_host = $_SERVER['HTTP_HOST']; } if(is_ipaddr($http_host) or $_SERVER['SERVER_ADDR'] == "127.0.0.1" or - strcasecmp($http_host, "localhost") == 0) + strcasecmp($http_host, "localhost") == 0 or $_SERVER['SERVER_ADDR'] == "::1") $found_host = true; if(strcasecmp($http_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 or strcasecmp($http_host, $config['system']['hostname']) == 0) diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc index 9655d79..650c7b9 100644 --- a/etc/inc/authgui.inc +++ b/etc/inc/authgui.inc @@ -178,14 +178,20 @@ if (empty($FilterIflist)) { require_once('shaper.inc'); filter_generate_optcfg_array(); } -foreach ($FilterIflist as $iflist) +foreach ($FilterIflist as $iflist) { if($iflist['ip'] == $http_host) $local_ip = true; -if($config['virtualip']) - if($config['virtualip']['vip']) - foreach($config['virtualip']['vip'] as $vip) + if($iflist['ipv6'] == $http_host) + $local_ip = true; +} +if($config['virtualip']) { + if($config['virtualip']['vip']) { + foreach($config['virtualip']['vip'] as $vip) { if($vip['subnet'] == $http_host) $local_ip = true; + } + } +} ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" @@ -261,4 +267,4 @@ if($config['virtualip']) <?php } // end function -?>
\ No newline at end of file +?> diff --git a/etc/inc/config.gui.inc b/etc/inc/config.gui.inc index bfceb5a..0e00d44 100644 --- a/etc/inc/config.gui.inc +++ b/etc/inc/config.gui.inc @@ -54,6 +54,7 @@ else require_once('config.lib.inc'); require_once("notices.inc"); require_once("util.inc"); +require_once("IPv6.inc"); if(file_exists("/cf/conf/use_xmlreader")) require_once("xmlreader.inc"); else diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 8a58d92..1485669 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -67,6 +67,8 @@ require_once('config.lib.inc'); if($g['booting']) echo "."; require_once("util.inc"); if($g['booting']) echo "."; +require_once("IPv6.inc"); +if($g['booting']) echo "."; if(file_exists("/cf/conf/use_xmlreader")) require_once("xmlreader.inc"); else @@ -218,4 +220,4 @@ if($config_parsed == true) { } } -?>
\ No newline at end of file +?> diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc index 7b1c2b1..094bc83 100644 --- a/etc/inc/easyrule.inc +++ b/etc/inc/easyrule.inc @@ -46,7 +46,7 @@ function easyrule_find_rule_interface($int) { if ($config['pptpd']['mode'] == "server") $iflist['pptp'] = "PPTP VPN"; - if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) + if ($config['pppoe']['mode'] == "server") $iflist['pppoe'] = "PPPoE VPN"; if ($config['l2tp']['mode'] == "server") @@ -230,7 +230,7 @@ function easyrule_block_host_add($host, $int = 'wan') { } } -function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport) { +function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport, $ipproto) { global $config; /* No rules, start a new array */ @@ -245,6 +245,7 @@ function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport) { $filterent = array(); $filterent['type'] = 'pass'; $filterent['interface'] = $int; + $filterent['ipprotocol'] = $ipproto; $filterent['descr'] = "Easy Rule: Passed from Firewall Log View"; if ($proto != "any") @@ -272,7 +273,8 @@ function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport) { } } -function easyrule_parse_block($int, $src) { +function easyrule_parse_block($int, $src, $ipproto) { + $filterent['ipprotocol'] = $ipproto; if (!empty($src) && !empty($int)) { if (!is_ipaddr($src)) { return "Tried to block invalid IP: " . htmlspecialchars($src); @@ -291,7 +293,7 @@ function easyrule_parse_block($int, $src) { } return "Unknown block error."; } -function easyrule_parse_pass($int, $proto, $src, $dst, $dstport = 0) { +function easyrule_parse_pass($int, $proto, $src, $dst, $dstport = 0, $ipproto = inet) { /* Check for valid int, srchost, dsthost, dstport, and proto */ global $protocols_with_ports; @@ -320,7 +322,7 @@ function easyrule_parse_pass($int, $proto, $src, $dst, $dstport = 0) { $dstport = 0; } /* Should have valid input... */ - if (easyrule_pass_rule_add($int, $proto, $src, $dst, $dstport)) { + if (easyrule_pass_rule_add($int, $proto, $src, $dst, $dstport, $ipproto)) { return "Successfully added pass rule!"; } else { return "Failed to add pass rule."; @@ -331,4 +333,4 @@ function easyrule_parse_pass($int, $proto, $src, $dst, $dstport = 0) { return "Unknown pass error."; } -?>
\ No newline at end of file +?> diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 90a787c..81dbd9a 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -733,17 +733,21 @@ function filter_generate_optcfg_array() { if (!does_interface_exist($oic['if'])) continue; $oic['ip'] = get_interface_ip($if); + $oic['ipv6'] = get_interface_ipv6($if); if(!is_ipaddr($oc['ipaddr']) && !empty($oc['ipaddr'])) $oic['type'] = $oc['ipaddr']; $oic['sn'] = get_interface_subnet($if); + $oic['snv6'] = get_interface_subnetv6($if); $oic['mtu'] = empty($oc['mtu']) ? 1500 : $oc['mtu']; $oic['mss'] = empty($oc['mss']) ? '' : $oc['mss']; $oic['descr'] = $ifdetail; $oic['sa'] = gen_subnet($oic['ip'], $oic['sn']); + $oic['sav6'] = gen_subnetv6($oic['ipv6'], $oic['snv6']); $oic['nonat'] = $oc['nonat']; $oic['alias-address'] = $oc['alias-address']; $oic['alias-subnet'] = $oc['alias-subnet']; $oic['gateway'] = $oc['gateway']; + $oic['gatewayv6'] = $oc['gatewayv6']; $oic['spoofcheck'] = "yes"; $oic['bridge'] = link_interface_to_bridge($if); $FilterIflist[$if] = $oic; @@ -1239,6 +1243,35 @@ function filter_nat_rules_generate() { $reflection_txt .= filter_generate_reflection_nat($rule, $route_table, $nat_if_list, "", $srcaddr, $srcip, $sn); } } + + /* Add binat rules for Network Prefix translation */ + if(is_array($config['nat']['npt'])) { + foreach ($config['nat']['npt'] as $rule) { + if (isset($rule['disabled'])) + continue; + + if (!$rule['interface']) + $natif = "wan"; + else + $natif = $rule['interface']; + if (!isset($FilterIflist[$natif])) + continue; + + $srcaddr = filter_generate_address($rule, 'source'); + $dstaddr = filter_generate_address($rule, 'destination'); + + $srcaddr = trim($srcaddr); + $dstaddr = trim($dstaddr); + + $natif = $FilterIflist[$natif]['descr']; + + $natrules .= "binat on \${$natif} from {$srcaddr} to any -> {$dstaddr}\n"; + $natrules .= "binat on \${$natif} from any to {$dstaddr} -> {$srcaddr}\n"; + + } + } + + $natrules .= "\n# Outbound NAT rules\n"; /* outbound rules - advanced or standard */ if(isset($config['nat']['advancedoutbound']['enable'])) { @@ -1366,8 +1399,6 @@ function filter_nat_rules_generate() { } if($numberofnathosts > 0): foreach ($FilterIflist as $if => $ifcfg) { - if (substr($ifcfg['if'], 0, 4) == "ovpn") - continue; update_filter_reload_status("Creating outbound rules {$if} - ({$ifcfg['descr']})"); if(interface_has_gateway($if)) { $target = $ifcfg['ip']; @@ -1592,51 +1623,97 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { if(strstr($rule[$target]['network'], "opt")) { $optmatch = ""; $matches = ""; - /* check for opt$NUMip here */ - if (preg_match("/opt([0-9]*)ip/", $rule[$target]['network'], $matches)) { - $src = $FilterIflist["opt{$matches[1]}"]['ip']; - if(!is_ipaddr($src)) - return ""; - } else if (preg_match("/opt([0-9]*)$/", $rule[$target]['network'], $optmatch)) { - $opt_ip = $FilterIflist["opt{$optmatch[1]}"]['ip']; - if(!is_ipaddr($opt_ip)) - return ""; - $src = $opt_ip . "/" . - $FilterIflist["opt{$optmatch[1]}"]['sn']; + if($rule['ipprotocol'] == "inet6") { + if(preg_match("/opt([0-9]*)$/", $rule[$target]['network'], $optmatch)) { + $opt_ip = $FilterIflist["opt{$optmatch[1]}"]['ipv6']; + if(!is_ipaddr($opt_ip)) + return ""; + $src = $opt_ip . "/" . + $FilterIflist["opt{$optmatch[1]}"]['snv6']; + /* check for opt$NUMip here */ + } else if(preg_match("/opt([0-9]*)ip/", $rule[$target]['network'], $matches)) { + $src = $FilterIflist["opt{$matches[1]}"]['ipv6']; + if(!is_ipaddr($src)) + return ""; + } + if(isset($rule[$target]['not'])) + $src = " !{$src}"; + } else { + if(preg_match("/opt([0-9]*)$/", $rule[$target]['network'], $optmatch)) { + $opt_ip = $FilterIflist["opt{$optmatch[1]}"]['ip']; + if(!is_ipaddr($opt_ip)) + return ""; + $src = $opt_ip . "/" . + $FilterIflist["opt{$optmatch[1]}"]['sn']; + /* check for opt$NUMip here */ + } else if(preg_match("/opt([0-9]*)ip/", $rule[$target]['network'], $matches)) { + $src = $FilterIflist["opt{$matches[1]}"]['ip']; + if(!is_ipaddr($src)) + return ""; + } + if(isset($rule[$target]['not'])) + $src = " !{$src}"; } - if(isset($rule[$target]['not'])) - $src = " !{$src}"; } else { - switch ($rule[$target]['network']) { - case 'wan': - $wansa = $FilterIflist['wan']['sa']; - $wansn = $FilterIflist['wan']['sn']; - $src = "{$wansa}/{$wansn}"; - break; - case 'wanip': - $src = $FilterIflist["wan"]['ip']; - break; - case 'lanip': - $src = $FilterIflist["lan"]['ip']; - break; - case 'lan': - $lansa = $FilterIflist['lan']['sa']; - $lansn = $FilterIflist['lan']['sn']; - $src = "{$lansa}/{$lansn}"; - break; - case 'pptp': - $pptpsa = gen_subnet($FilterIflist['pptp']['sa'], $FilterIflist['pptp']['sn']); - $pptpsn = $FilterIflist['pptp']['sn']; - $src = "{$pptpsa}/{$pptpsn}"; - break; - case 'pppoe': - $pppoesa = gen_subnet($FilterIflist['pppoe']['ip'], $FilterIflist['pppoe']['sn']); - $pppoesn = $FilterIflist['pppoe']['sn']; - $src = "{$pppoesa}/{$pppoesn}"; - break; + if($rule['ipprotocol'] == "inet6") { + switch ($rule[$target]['network']) { + case 'wan': + $wansa = $FilterIflist['wan']['sav6']; + $wansn = $FilterIflist['wan']['snv6']; + $src = "{$wansa}/{$wansn}"; + break; + case 'wanip': + $src = $FilterIflist["wan"]['ipv6']; + break; + case 'lanip': + $src = $FilterIflist["lan"]['ipv6']; + break; + case 'lan': + $lansa = $FilterIflist['lan']['sav6']; + $lansn = $FilterIflist['lan']['snv6']; + $src = "{$lansa}/{$lansn}"; + break; + case 'pptp': + $pptpsa = gen_subnetv6($FilterIflist['pptp']['sav6'], $FilterIflist['pptp']['snv6']); + $pptpsn = $FilterIflist['pptp']['snv6']; + $src = "{$pptpsav6}/{$pptpsnv6}"; + break; + case 'pppoe': + $pppoesa = gen_subnetv6($FilterIflist['pppoe']['ipv6'], $FilterIflist['pppoe']['snv6']); + $pppoesn = $FilterIflist['pppoe']['snv6']; + $src = "{$pppoesav6}/{$pppoesnv6}"; + break; + } + } else { + switch ($rule[$target]['network']) { + case 'wan': + $wansa = $FilterIflist['wan']['sa']; + $wansn = $FilterIflist['wan']['sn']; + $src = "{$wansa}/{$wansn}"; + break; + case 'wanip': + $src = $FilterIflist["wan"]['ip']; + break; + case 'lanip': + $src = $FilterIflist["lan"]['ip']; + break; + case 'lan': + $lansa = $FilterIflist['lan']['sa']; + $lansn = $FilterIflist['lan']['sn']; + $src = "{$lansa}/{$lansn}"; + break; + case 'pptp': + $pptpsa = gen_subnet($FilterIflist['pptp']['ip'], $FilterIflist['pptp']['sn']); + $pptpsn = $FilterIflist['pptp']['sn']; + $src = "{$pptpsa}/{$pptpsn}"; + break; + case 'pppoe': + $pppoesa = gen_subnet($FilterIflist['pppoe']['ip'], $FilterIflist['pppoe']['sn']); + $pppoesn = $FilterIflist['pppoe']['sn']; + $src = "{$pppoesa}/{$pppoesn}"; + break; + } } - if(isset($rule[$target]['not'])) - $src = "!{$src}"; } } else if($rule[$target]['address']) { $expsrc = alias_expand($rule[$target]['address']); @@ -1722,6 +1799,17 @@ function filter_generate_user_rule($rule) { return "# source network or destination network == pptp on " . $rule['descr']; } + if(isset($rule['ipprotocol'])) { + switch($rule['ipprotocol']) { + case "inet": + $aline['ipprotocol'] = "inet"; + break; + case "inet6": + $aline['ipprotocol'] = "inet6"; + break; + } + } + /* check for unresolvable aliases */ if($rule['source']['address'] && !alias_expand($rule['source']['address'])) { file_notice("Filter_Reload", "# unresolvable source aliases {$rule['descr']}"); @@ -1758,12 +1846,23 @@ function filter_generate_user_rule($rule) { /* do not process reply-to for gateway'd rules */ if($rule['gateway'] == "" && $aline['direction'] <> "" && interface_has_gateway($rule['interface']) && !isset($config['system']['disablereplyto'])) { - $rg = get_interface_gateway($rule['interface']); - if(is_ipaddr($rg)) { - $aline['reply'] = "reply-to ( {$ifcfg['if']} {$rg} ) "; + if($rule['ipprotocol'] == "inet6") { + $rg = get_interface_gateway_v6($rule['interface']); + if(is_ipaddrv6($rg)) { + $aline['reply'] = "reply-to ( {$ifcfg['if']} {$rg} ) "; + } else { + if($rule['interface'] <> "pptp") { + log_error("Could not find IPv6 gateway for interface({$rule['interface']})."); + } + } } else { - if($rule['interface'] <> "pptp") { - log_error("Could not find gateway for interface({$rule['interface']})."); + $rg = get_interface_gateway($rule['interface']); + if(is_ipaddrv4($rg)) { + $aline['reply'] = "reply-to ( {$ifcfg['if']} {$rg} ) "; + } else { + if($rule['interface'] <> "pptp") { + log_error("Could not find IPv4 gateway for interface({$rule['interface']})."); + } } } } @@ -1779,8 +1878,10 @@ function filter_generate_user_rule($rule) { if (isset($rule['protocol']) && !empty($rule['protocol'])) { if($rule['protocol'] == "tcp/udp") $aline['prot'] = " proto { tcp udp } "; + elseif(($rule['protocol'] == "icmp") && ($rule['ipprotocol'] == "inet6")) + $aline['prot'] = " proto ipv6-icmp "; elseif($rule['protocol'] == "icmp") - $aline['prot'] = " inet proto icmp "; + $aline['prot'] = " proto icmp "; else $aline['prot'] = " proto {$rule['protocol']} "; } else { @@ -1816,8 +1917,10 @@ function filter_generate_user_rule($rule) { $l7_structures = $l7rule->get_unique_structures(); $aline['divert'] = "divert " . $l7rule->GetRPort() . " "; } - if(($rule['protocol'] == "icmp") && $rule['icmptype']) + if(($rule['protocol'] == "icmp") && $rule['icmptype'] && ($rule['ipprotocol'] == "inet")) $aline['icmp-type'] = "icmp-type {$rule['icmptype']} "; + if(($rule['protocol'] == "icmp") && $rule['icmptype'] && ($rule['ipprotocol'] == "inet6")) + $aline['icmp6-type'] = "icmp6-type {$rule['icmptype']} "; if(!empty($rule['tag'])) $aline['tag'] = " tag " .$rule['tag']. " "; if(!empty($rule['tagged'])) @@ -1974,8 +2077,8 @@ function filter_generate_user_rule($rule) { /* negate VPN/PPTP/PPPoE networks for load balancer/gateway rules */ $vpns = " to <vpns> "; $line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . - $aline['interface'] . $aline['prot'] . $aline['src'] . $aline['os'] . - $vpns . $aline['icmp-type'] . $aline['tag'] . $aline['tagged'] . + $aline['interface'] . $aline['ipprotocol'] . $aline['prot'] . $aline['src'] . $aline['os'] . + $vpns . $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['tagged'] . $aline['dscp'] . $aline['allowopts'] . $aline['flags'] . $aline['queue'] . $aline['dnpipe'] . $aline['schedlabel'] . " label \"NEGATE_ROUTE: Negate policy route for vpn(s)\"\n"; @@ -1983,8 +2086,8 @@ function filter_generate_user_rule($rule) { } /* piece together the actual user rule */ $line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . $aline['interface'] . - $aline['reply'] . $aline['route'] . $aline['prot'] . $aline['src'] . $aline['os'] . $aline['dst'] . - $aline['divert'] . $aline['icmp-type'] . $aline['tag'] . $aline['tagged'] . $aline['dscp'] . + $aline['reply'] . $aline['route'] . $aline['ipprotocol'] . $aline['prot'] . $aline['src'] . $aline['os'] . $aline['dst'] . + $aline['divert'] . $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['tagged'] . $aline['dscp'] . $aline['allowopts'] . $aline['flags'] . $aline['queue'] . $aline['dnpipe'] . $aline['schedlabel']; @@ -2018,20 +2121,43 @@ function filter_rules_generate() { #--------------------------------------------------------------------------- # default deny rules #--------------------------------------------------------------------------- -block in $log all label "Default deny rule" -block out $log all label "Default deny rule" +block in $log inet all label "Default deny rule IPv4" +block out $log inet all label "Default deny rule IPv4" +block in $log inet6 all label "Default deny rule IPv6" +block out $log inet6 all label "Default deny rule IPv6" + +# IPv6 ICMP is not auxilary, it is required for operation +# See man icmp6(4) +# 1 unreach Destination unreachable +# 2 toobig Packet too big +# 128 echoreq Echo service request +# 129 echorep Echo service reply +# 133 routersol Router solicitation +# 134 routeradv Router advertisement +# 135 neighbrsol Neighbor solicitation +# 136 neighbradv Neighbor advertisement +pass quick inet6 proto ipv6-icmp from any to any icmp6-type {1,2,135,136} keep state + +# Allow only bare essential icmpv6 packets (NS, NA, and RA, echoreq, echorep) +pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type {128,133,134,135,136} keep state +pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type {128,133,134,135,136} keep state +pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type {129,133,134,135,136} keep state +pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type {129,133,134,135,136} keep state +pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type {129,133,134,135,136} keep state # We use the mighty pf, we cannot be fooled. -block quick proto { tcp, udp } from any port = 0 to any -block quick proto { tcp, udp } from any to any port = 0 +block quick inet proto { tcp, udp } from any port = 0 to any +block quick inet proto { tcp, udp } from any to any port = 0 +block quick inet6 proto { tcp, udp } from any port = 0 to any +block quick inet6 proto { tcp, udp } from any to any port = 0 EOD; if(!isset($config['system']['ipv6allow'])) { $ipfrules .= "# Block all IPv6\n"; - $ipfrules .= "block in quick inet6 all\n"; - $ipfrules .= "block out quick inet6 all\n"; + $ipfrules .= "block in inet6 all label \"Default Deny ipv6 rule\"\n"; + $ipfrules .= "block out inet6 all label \"Default Deny ipv6 rule\"\n"; } $ipfrules .= <<<EOD @@ -2123,10 +2249,13 @@ EOD; if(isset($config['interfaces'][$on]['blockbogons'])) { if($bogontableinstalled == 0) $ipfrules .= "table <bogons> persist file \"/etc/bogons\"\n"; + $ipfrules .= "table <bogonsv6> persist file \"/etc/bogonsv6\"\n"; $ipfrules .= <<<EOD # block bogon networks # http://www.cymru.com/Documents/bogon-bn-nonagg.txt -block in $log quick on \${$oc['descr']} from <bogons> to any label "block bogon networks from {$oc['descr']}" +# http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt +block in $log quick on \${$oc['descr']} from <bogons> to any label "block bogon IPv4 networks from {$oc['descr']}" +block in $log quick on \${$oc['descr']} from <bogonsv6> to any label "block bogon IPv6 networks from {$oc['descr']}" EOD; $bogontableinstalled++; @@ -2148,10 +2277,11 @@ EOD; $ipfrules .= <<<EOD # block anything from private networks on interfaces with the option set antispoof for \${$oc['descr']} -block in $log quick on \${$oc['descr']} from 10.0.0.0/8 to any label "block private networks from wan block 10/8" -block in $log quick on \${$oc['descr']} from 127.0.0.0/8 to any label "block private networks from wan block 127/8" -block in $log quick on \${$oc['descr']} from 172.16.0.0/12 to any label "block private networks from wan block 172.16/12" -block in $log quick on \${$oc['descr']} from 192.168.0.0/16 to any label "block private networks from wan block 192.168/16" +block in $log quick on \${$oc['descr']} from 10.0.0.0/8 to any label "Block private networks from {$oc['descr']} block 10/8" +block in $log quick on \${$oc['descr']} from 127.0.0.0/8 to any label "Block private networks from {$oc['descr']} block 127/8" +block in $log quick on \${$oc['descr']} from 172.16.0.0/12 to any label "Block private networks from {$oc['descr']} block 172.16/12" +block in $log quick on \${$oc['descr']} from 192.168.0.0/16 to any label "Block private networks from {$oc['descr']} block 192.168/16" +block in $log quick on \${$oc['descr']} from fc00::/7 to any label "Block ULA networks from {$oc['descr']} block fc00::/7" EOD; } @@ -2184,6 +2314,7 @@ EOD; /* allow access to DHCP server on interfaces */ if(isset($config['dhcpd'][$on]['enable'])) { $ipfrules .= <<<EOD + # allow access to DHCP server on {$oc['descr']} pass in on \${$oc['descr']} proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server" pass in on \${$oc['descr']} proto udp from any port = 68 to {$oc['ip']} port = 67 label "allow access to DHCP server" @@ -2200,6 +2331,19 @@ EOD; } } + if(isset($config['dhcpdv6'][$on]['enable'])) { + $ipfrules .= <<<EOD + +# allow access to DHCPv6 server on {$oc['descr']} +anchor "dhcpv6server{$oc['descr']}" +# We need inet6 icmp for stateless autoconfig and dhcpv6 +pass in on \${$oc['descr']} inet6 proto udp from fe80::/10 to ff02::/16 port = 546 label "allow access to DHCPv6 server" +pass in on \${$oc['descr']} inet6 proto udp from fe80::/10 to ff02::/16 port = 547 label "allow access to DHCPv6 server" +pass in on \${$oc['descr']} inet6 proto udp from fe80::/10 to {$oc['ipv6']} port = 546 label "allow access to DHCPv6 server" +pass out on \${$oc['descr']} inet6 proto udp from {$oc['ipv6']} port = 547 to fe80::/10 label "allow access to DHCPv6 server" + +EOD; + } break; } } @@ -2211,24 +2355,32 @@ EOD; $ipfrules .= <<<EOD # loopback -pass in on \$loopback all label "pass loopback" -pass out on \$loopback all label "pass loopback" +pass in on \$loopback inet all label "pass IPv4 loopback" +pass out on \$loopback inet all label "pass IPv4 loopback" +pass in on \$loopback inet6 all label "pass IPv6 loopback" +pass out on \$loopback inet6 all label "pass IPv6 loopback" EOD; $ipfrules .= <<<EOD # let out anything from the firewall host itself and decrypted IPsec traffic -pass out all keep state allow-opts label "let out anything from firewall host itself" +pass out inet all keep state allow-opts label "let out anything IPv4 from firewall host itself" +pass out inet6 all keep state allow-opts label "let out anything IPv6 from firewall host itself" EOD; foreach ($FilterIflist as $ifdescr => $ifcfg) { - if(isset($ifcfg['virtual'])) - continue; + if(isset($ifcfg['virtual'])) + continue; + $gw = get_interface_gateway($ifdescr); if (is_ipaddr($gw) && is_ipaddr($ifcfg['ip'])) $ipfrules .= "pass out route-to ( {$ifcfg['if']} {$gw} ) from {$ifcfg['ip']} to !{$ifcfg['sa']}/{$ifcfg['sn']} keep state allow-opts label \"let out anything from firewall host itself\"\n"; - } + $gwv6 = get_interface_gateway_v6($ifdescr); + if (is_ipaddrv6($gwv6) && is_ipaddrv6($ifcfg['ipv6'])) + $ipfrules .= "pass out route-to ( {$ifcfg['if']} {$gwv6} ) inet6 from {$ifcfg['ipv6']} to !{$ifcfg['sav6']}/{$ifcfg['snv6']} keep state allow-opts label \"let out anything from firewall host itself\"\n"; + } + /* add ipsec interfaces */ if(isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) @@ -2346,19 +2498,37 @@ EOD; $friendly = $GatewaysList[$route['gateway']]['friendlyiface']; if(is_array($FilterIflist[$friendly])) { $oc = $FilterIflist[$friendly]; - if($oc['ip']) { - $sa = $oc['sa']; - $sn = $oc['sn']; - $if = $oc['if']; - } - if($sa) { - $ipfrules .= <<<EOD + if(is_ipaddrv4($route['network'])) { + if($oc['ip']) { + $sa = $oc['sa']; + $sn = $oc['sn']; + $if = $oc['if']; + } + if($sa) { + $ipfrules .= <<<EOD pass quick on \${$oc['descr']} proto tcp from {$sa}/{$sn} to {$route['network']} flags any keep state(sloppy) label "pass traffic between statically routed subnets" pass quick on \${$oc['descr']} from {$sa}/{$sn} to {$route['network']} keep state(sloppy) label "pass traffic between statically routed subnets" pass quick on \${$oc['descr']} proto tcp from {$route['network']} to {$sa}/{$sn} flags any keep state(sloppy) label "pass traffic between statically routed subnets" pass quick on \${$oc['descr']} from {$route['network']} to {$sa}/{$sn} keep state(sloppy) label "pass traffic between statically routed subnets" EOD; + } + } + if(is_ipaddrv6($route['network'])) { + if($oc['ipv6']) { + $sa = $oc['sav6']; + $sn = $oc['snv6']; + $if = $oc['if']; + } + if($sa) { + $ipfrules .= <<<EOD +pass quick on \${$oc['descr']} inet6 proto tcp from {$sa}/{$sn} to {$route['network']} flags any keep state(sloppy) label "pass traffic between statically routed subnets" +pass quick on \${$oc['descr']} inet6 from {$sa}/{$sn} to {$route['network']} keep state(sloppy) label "pass traffic between statically routed subnets" +pass quick on \${$oc['descr']} inet6 proto tcp from {$route['network']} to {$sa}/{$sn} flags any keep state(sloppy) label "pass traffic between statically routed subnets" +pass quick on \${$oc['descr']} inet6 from {$route['network']} to {$sa}/{$sn} keep state(sloppy) label "pass traffic between statically routed subnets" + +EOD; + } } } } diff --git a/etc/inc/filter_log.inc b/etc/inc/filter_log.inc index ed4b311..1c0e9ef 100644 --- a/etc/inc/filter_log.inc +++ b/etc/inc/filter_log.inc @@ -135,6 +135,8 @@ function parse_filter_line($line) { * boolean FALSE because it could return a valid answer of 0 upon success. */ if (!(strpos($details, 'proto ') === FALSE)) { preg_match("/.*\sproto\s(.*)\s\(/", $details, $proto); + } elseif (!(strpos($details, 'next-header ') === FALSE)) { + preg_match("/.*\snext-header\s(.*)\s\(/", $details, $proto); } elseif (!(strpos($details, 'proto: ') === FALSE)) { preg_match("/.*\sproto\:(.*)\s\(/", $details, $proto); } elseif (!(strpos($leftovers, 'sum ok] ') === FALSE)) { @@ -279,4 +281,4 @@ function handle_ajax($nentries, $tail = 50) { } } -?>
\ No newline at end of file +?> diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 2168765..6993148 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -91,7 +91,7 @@ $g = array( "disablecrashreporter" => false, "crashreporterurl" => "http://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "7.7", + "latest_config" => "7.9", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index 9bf162c..ce5a328 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -145,7 +145,12 @@ EOD; } /* Interface ip is needed since apinger will bind a socket to it. */ - $gwifip = find_interface_ip($gateway['interface'], true); + if (is_ipaddrv4($gateway['gateway'])) { + $gwifip = find_interface_ip($gateway['interface'], true); + } + if (is_ipaddrv6($gateway['gateway'])) { + $gwifip = find_interface_ipv6($gateway['interface'], true); + } if (!is_ipaddr($gwifip)) continue; //Skip this target @@ -537,35 +542,63 @@ function lookup_gateway_interface_by_name($name) { } function get_interface_gateway($interface, &$dynamic = false) { - global $config, $g; + global $config, $g; - $gw = NULL; + $gw = NULL; - $gwcfg = $config['interfaces'][$interface]; - if (!empty($gwcfg['gateway']) && is_array($config['gateways']['gateway_item'])) { - foreach($config['gateways']['gateway_item'] as $gateway) { - if ($gateway['name'] == $gwcfg['gateway']) { - $gw = $gateway['gateway']; + $gwcfg = $config['interfaces'][$interface]; + if (!empty($gwcfg['gateway']) && is_array($config['gateways']['gateway_item'])) { + foreach($config['gateways']['gateway_item'] as $gateway) { + if(($gateway['name'] == $gwcfg['gateway']) && (is_ipaddrv4($gateway['gateway']))) { + $gw = $gateway['gateway']; break; } - } + } } - // for dynamic interfaces we handle them through the $interface_router file. - if (!is_ipaddr($gw) && !is_ipaddr($gwcfg['ipaddr'])) { - $realif = get_real_interface($interface); - if (file_exists("{$g['tmp_path']}/{$realif}_router")) { - $gw = trim(file_get_contents("{$g['tmp_path']}/{$realif}_router"), " \n"); - $dynamic = true; - } - if (file_exists("{$g['tmp_path']}/{$realif}_defaultgw")) - $dynamic = "default"; + // for dynamic interfaces we handle them through the $interface_router file. + if (!is_ipaddr($gw) && !is_ipaddr($gwcfg['ipaddr'])) { + $realif = get_real_interface($interface); + if (file_exists("{$g['tmp_path']}/{$realif}_router")) { + $gw = trim(file_get_contents("{$g['tmp_path']}/{$realif}_router"), " \n"); + $dynamic = true; + } + if (file_exists("{$g['tmp_path']}/{$realif}_defaultgw")) + $dynamic = "default"; - - } + } - /* return gateway */ - return ($gw); + /* return gateway */ + return ($gw); +} + +function get_interface_gateway_v6($interface, &$dynamic = false) { + global $config, $g; + + $gw = NULL; + $gwcfg = $config['interfaces'][$interface]; + if (!empty($gwcfg['gateway']) && is_array($config['gateways']['gateway_item'])) { + foreach($config['gateways']['gateway_item'] as $gateway) { + if(($gateway['name'] == $gwcfg['gatewayv6']) && (is_ipaddrv6($gateway['gateway']))) { + $gw = $gateway['gateway']; + break; + } + } + } + + // for dynamic interfaces we handle them through the $interface_router file. + if (!is_ipaddrv6($gw) && !is_ipaddr($gwcfg['ipaddrv6'])) { + $realif = get_real_interface($interface); + if (file_exists("{$g['tmp_path']}/{$realif}_routerv6")) { + $gw = trim(file_get_contents("{$g['tmp_path']}/{$realif}_routerv6"), " \n"); + $dynamic = true; + } + if (file_exists("{$g['tmp_path']}/{$realif}_defaultgwv6")) + $dynamic = "default"; + + } + /* return gateway */ + return ($gw); } -?>
\ No newline at end of file +?> diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 7a9ba5a..b312e67 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -744,7 +744,10 @@ function interface_gre_configure(&$gre, $grekey = "") { if (isset($gre['link1']) && $gre['link1']) mwexec("/sbin/route add {$gre['tunnel-remote-addr']}/{$gre['tunnel-remote-net']} {$gre['tunnel-local-addr']}"); - file_put_contents("{$g['tmp_path']}/{$greif}_router", $gre['tunnel-remote-addr']); + if(is_ipaddrv4($gre['tunnel-remote-addr'])) + file_put_contents("{$g['tmp_path']}/{$greif}_router", $gre['tunnel-remote-addr']); + if(is_ipaddrv6($gre['tunnel-remote-addr'])) + file_put_contents("{$g['tmp_path']}/{$greif}_routerv6", $gre['tunnel-remote-addr']); return $greif; } @@ -791,7 +794,11 @@ function interface_gif_configure(&$gif, $gifkey = "") { /* Do not change the order here for more see gif(4) NOTES section. */ mwexec("/sbin/ifconfig {$gifif} tunnel {$realifip} {$gif['remote-addr']}"); - mwexec("/sbin/ifconfig {$gifif} {$gif['tunnel-local-addr']} {$gif['tunnel-remote-addr']} netmask " . gen_subnet_mask($gif['tunnel-remote-net'])); + if((is_ipaddrv6($gif['tunnel-local-addr'])) || (is_ipaddrv6($gif['tunnel-remote-addr']))) { + mwexec("/sbin/ifconfig {$gifif} inet6 {$gif['tunnel-local-addr']} {$gif['tunnel-remote-addr']} prefixlen {$gif['tunnel-remote-net']} "); + } else { + mwexec("/sbin/ifconfig {$gifif} {$gif['tunnel-local-addr']} {$gif['tunnel-remote-addr']} netmask " . gen_subnet_mask($gif['tunnel-remote-net'])); + } if (isset($gif['link0']) && $gif['link0']) pfSense_interface_flags($gifif, IFF_LINK0); if (isset($gif['link1']) && $gif['link1']) @@ -801,9 +808,13 @@ function interface_gif_configure(&$gif, $gifkey = "") { else log_error("could not bring gifif up -- variable not defined"); - /* XXX: Needed?! */ + /* XXX: Needed?! Let them use the defined gateways instead */ //mwexec("/sbin/route add {$gif['tunnel-remote-addr']}/{$gif['tunnel-remote-net']} -iface {$gifif}"); - file_put_contents("{$g['tmp_path']}/{$gifif}_router", $gif['tunnel-remote-addr']); + + if(is_ipaddrv4($gif['tunnel-remote-addr'])) + file_put_contents("{$g['tmp_path']}/{$gifif}_router", $gif['tunnel-remote-addr']); + if(is_ipaddrv6($gif['tunnel-remote-addr'])) + file_put_contents("{$g['tmp_path']}/{$gifif}_routerv6", $gif['tunnel-remote-addr']); return $gifif; } @@ -1331,6 +1342,7 @@ startup: default: {$ppp['type']}client: create bundle static {$interface} + set bundle enable ipv6cp set iface name {$pppif} EOD; @@ -1840,12 +1852,23 @@ function interface_carp_configure(&$vip) { return; } - /* Ensure CARP IP really exists prior to loading up. */ - $ww_subnet_ip = find_interface_ip($realif); - $ww_subnet_bits = find_interface_subnet($realif); - if (!ip_in_subnet($vip['subnet'], gen_subnet($ww_subnet_ip, $ww_subnet_bits) . "/" . $ww_subnet_bits) && !ip_in_interface_alias_subnet($vip['interface'], $vip['subnet'])) { - file_notice("CARP", "Sorry but we could not find a matching real interface subnet for the virtual IP address {$vip['subnet']}.", "Firewall: Virtual IP", ""); - return; + if(is_ipaddrv4($vip['subnet'])) { + /* Ensure CARP IP really exists prior to loading up. */ + $ww_subnet_ip = find_interface_ip($realif); + $ww_subnet_bits = find_interface_subnet($realif); + if (!ip_in_subnet($vip['subnet'], gen_subnet($ww_subnet_ip, $ww_subnet_bits) . "/" . $ww_subnet_bits) && !ip_in_interface_alias_subnet($vip['interface'], $vip['subnet'])) { + file_notice("CARP", "Sorry but we could not find a matching real interface subnet for the virtual IP address {$vip['subnet']}.", "Firewall: Virtual IP", ""); + return; + } + } + if(is_ipaddrv6($vip['subnet'])) { + /* Ensure CARP IP really exists prior to loading up. */ + $ww_subnet_ip = find_interface_ipv6($realif); + $ww_subnet_bits = find_interface_subnetv6($realif); + if (!ip_in_subnet($vip['subnet'], gen_subnetv6($ww_subnet_ip, $ww_subnet_bits) . "/" . $ww_subnet_bits) && !ip_in_interface_alias_subnet($vip['interface'], $vip['subnet'])) { + file_notice("CARP", "Sorry but we could not find a matching real interface subnet for the virtual IPv6 address {$vip['subnet']}.", "Firewall: Virtual IP", ""); + return; + } } /* create the carp interface and setup */ @@ -1860,11 +1883,18 @@ function interface_carp_configure(&$vip) { /* invalidate interface cache */ get_interface_arr(true); - $broadcast_address = gen_subnet_max($vip['subnet'], $vip['subnet_bits']); $advbase = ""; if (!empty($vip['advbase'])) $advbase = "advbase {$vip['advbase']}"; - mwexec("/sbin/ifconfig {$vipif} {$vip['subnet']}/{$vip['subnet_bits']} vhid {$vip['vhid']} advskew {$vip['advskew']} {$advbase} {$password}"); + + if(is_ipaddrv4($vip['subnet'])) { + $broadcast_address = gen_subnet_max($vip['subnet'], $vip['subnet_bits']); + mwexec("/sbin/ifconfig {$vipif} {$vip['subnet']}/{$vip['subnet_bits']} vhid {$vip['vhid']} advskew {$vip['advskew']} {$advbase} {$password}"); + } + if(is_ipaddrv6($vip['subnet'])) { + $broadcast_address = gen_subnet_max($vip['subnet'], $vip['subnet_bits']); + mwexec("/sbin/ifconfig {$vipif} inet6 {$vip['subnet']} prefixlen {$vip['subnet_bits']} vhid {$vip['vhid']} advskew {$vip['advskew']} {$advbase} {$password}"); + } interfaces_bring_up($vipif); @@ -2508,6 +2538,7 @@ function find_dhclient_process($interface) { function interface_configure($interface = "wan", $reloadall = false, $linkupevent = false) { global $config, $g; global $interface_sn_arr_cache, $interface_ip_arr_cache; + global $interface_snv6_arr_cache, $interface_ipv6_arr_cache; $wancfg = $config['interfaces'][$interface]; @@ -2520,6 +2551,7 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven if (!$g['booting'] && !substr($realif, 0, 4) == "ovpn") { /* remove all IPv4 addresses */ while (mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " -alias", true) == 0); + while (mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " inet6 -alias", true) == 0); switch ($wancfg['ipaddr']) { case 'pppoe': @@ -2634,6 +2666,8 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven get_interface_arr(true); unset($interface_ip_arr_cache[$realif]); unset($interface_sn_arr_cache[$realif]); + unset($interface_ipv6_arr_cache[$realif]); + unset($interface_snv6_arr_cache[$realif]); switch ($wancfg['ipaddr']) { case 'carpdev-dhcp': @@ -2669,6 +2703,18 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven break; } + switch ($wancfg['ipaddrv6']) { + case 'dhcpv6': + interface_dhcpv6_configure($interface); + break; + default: + if ($wancfg['ipaddrv6'] <> "" && $wancfg['subnetv6'] <> "") { + pfSense_interface_setaddress($realif, "{$wancfg['ipaddrv6']}/{$wancfg['subnetv6']}"); + mwexec("/sbin/ifconfig {$realif} inet6 {$wancfg['ipaddrv6']} prefixlen {$wancfg['subnetv6']} "); + } + break; + } + if(does_interface_exist($wancfg['if'])) interfaces_bring_up($wancfg['if']); @@ -3124,13 +3170,28 @@ function guess_interface_from_ip($ipaddress) { if(! is_ipaddr($ipaddress)) { return false; } - /* create a route table we can search */ - exec("netstat -rnWf inet", $output, $ret); - foreach($output as $line) { - if(preg_match("/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\/[0-9]+[ ]+link[#]/", $line)) { - $fields = preg_split("/[ ]+/", $line); - if(ip_in_subnet($ipaddress, $fields[0])) { - return $fields[6]; + if(is_ipaddrv4($ipaddress)) { + /* create a route table we can search */ + exec("netstat -rnWf inet", $output, $ret); + foreach($output as $line) { + if(preg_match("/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\/[0-9]+[ ]+link[#]/", $line)) { + $fields = preg_split("/[ ]+/", $line); + if(ip_in_subnet($ipaddress, $fields[0])) { + return $fields[6]; + } + } + } + } + /* FIXME: This works from cursory testing, regexp might need fine tuning */ + if(is_ipaddrv6($ipaddress)) { + /* create a route table we can search */ + exec("netstat -rnWf inet6", $output, $ret); + foreach($output as $line) { + if(preg_match("/[0-9a-f]+[:]+[0-9a-f]+[:]+[\/][0-9]+/", $line)) { + $fields = preg_split("/[ ]+/", $line); + if(ip_in_subnet($ipaddress, $fields[0])) { + return $fields[6]; + } } } } @@ -3179,8 +3240,22 @@ function find_carp_interface($ip) { if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $vip) { if ($vip['mode'] == "carp" || $vip['mode'] == "carpdev") { - $carp_ip = get_interface_ip($vip['interface']); - $if = `ifconfig | grep '$ip ' -B1 | head -n1 | cut -d: -f1`; + if(is_ipaddrv4($ip)) { + $carp_ip = get_interface_ip($vip['interface']); + } + if(is_ipaddrv6($ip)) { + $carp_ip = get_interface_ipv6($vip['interface']); + } + exec("/sbin/ifconfig", $output, $return); + foreach($output as $line) { + $elements = preg_split("/[ ]+/i", $line); + if(strstr($elements[0], "vip")) + $curif = str_replace(":", "", $elements[0]); + if(stristr($line, $ip)) { + $if = $curif; + continue; + } + } if ($if) return $if; } @@ -3364,6 +3439,45 @@ function find_interface_ip($interface, $flush = false) return $interface_ip_arr_cache[$interface]; } +/* + * find_interface_ipv6($interface): return the interface ip (first found) + */ +function find_interface_ipv6($interface, $flush = false) +{ + global $interface_ipv6_arr_cache; + global $interface_snv6_arr_cache; + global $config; + + $interface = str_replace("\n", "", $interface); + + if (!does_interface_exist($interface)) + return; + + /* Setup IP cache */ + if (!isset($interface_ipv6_arr_cache[$interface]) or $flush) { + $ifinfo = pfSense_get_interface_addresses($interface); + exec("/sbin/ifconfig {$interface} inet6", $output); + foreach($output as $line) { + if(preg_match("/inet6/", $line)) { + $parts = explode(" ", $line); + if(! preg_match("/fe80::/", $parts[1])) { + $ifinfo['ipaddrv6'] = $parts[1]; + if($parts[2] == "-->") { + $parts[5] = "126"; + $ifinfo['subnetbitsv6'] = $parts[5]; + } else { + $ifinfo['subnetbitsv6'] = $parts[3]; + } + } + } + } + $interface_ipv6_arr_cache[$interface] = $ifinfo['ipaddrv6']; + $interface_snv6_arr_cache[$interface] = $ifinfo['subnetbitsv6']; + } + + return $interface_ipv6_arr_cache[$interface]; +} + function find_interface_subnet($interface, $flush = false) { global $interface_sn_arr_cache; @@ -3382,6 +3496,39 @@ function find_interface_subnet($interface, $flush = false) return $interface_sn_arr_cache[$interface]; } +function find_interface_subnetv6($interface, $flush = false) +{ + global $interface_snv6_arr_cache; + global $interface_ipv6_arr_cache; + + $interface = str_replace("\n", "", $interface); + if (does_interface_exist($interface) == false) + return; + + if (!isset($interface_snv6_arr_cache[$interface]) or $flush) { + $ifinfo = pfSense_get_interface_addresses($interface); + exec("/sbin/ifconfig {$interface} inet6", $output); + foreach($output as $line) { + if(preg_match("/inet6/", $line)) { + $parts = explode(" ", $line); + if(! preg_match("/fe80::/", $parts[1])) { + $ifinfo['ipaddrv6'] = $parts[1]; + if($parts[2] == "-->") { + $parts[5] = "126"; + $ifinfo['subnetbitsv6'] = $parts[5]; + } else { + $ifinfo['subnetbitsv6'] = $parts[3]; + } + } + } + } + $interface_ipv6_arr_cache[$interface] = $ifinfo['ipaddrv6']; + $interface_snv6_arr_cache[$interface] = $ifinfo['subnetbitsv6']; + } + + return $interface_snv6_arr_cache[$interface]; +} + function ip_in_interface_alias_subnet($interface, $ipalias) { global $config; @@ -3422,6 +3569,25 @@ function get_interface_ip($interface = "wan") return null; } +function get_interface_ipv6($interface = "wan") +{ + $realif = get_real_interface($interface); + if (!$realif) { + if (preg_match("/^carp/i", $interface)) + $realif = $interface; + else if (preg_match("/^vip/i", $interface)) + $realif = $interface; + else + return null; + } + + $curip = find_interface_ipv6($realif); + if ($curip && is_ipaddrv6($curip) && ($curip != "::")) + return $curip; + else + return null; +} + function get_interface_subnet($interface = "wan") { $realif = get_real_interface($interface); @@ -3441,6 +3607,25 @@ function get_interface_subnet($interface = "wan") return null; } +function get_interface_subnetv6($interface = "wan") +{ + $realif = get_real_interface($interface); + if (!$realif) { + if (preg_match("/^carp/i", $interface)) + $realif = $interface; + else if (preg_match("/^vip/i", $interface)) + $realif = $interface; + else + return null; + } + + $cursn = find_interface_subnetv6($realif); + if (!empty($cursn)) + return $cursn; + + return null; +} + /* return outside interfaces with a gateway */ function get_interfaces_with_gateway() { global $config; diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index e15a14c..fad5d6a 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -82,7 +82,8 @@ $p1_authentication_methods = array( 'pre_shared_key' => array( 'name' => 'Mutual PSK', 'mobile' => false ) ); $p2_modes = array( - 'tunnel' => 'Tunnel', + 'tunnel' => 'Tunnel IPv4', + 'tunnel6' => 'Tunnel IPv6', 'transport' => 'Transport'); $p2_protos = array( @@ -126,14 +127,21 @@ function ipsec_get_phase1_src(& $ph1ent) { if ($ph1ent['interface']) { if (!is_ipaddr($ph1ent['interface'])) { $if = $ph1ent['interface']; - $interfaceip = get_interface_ip($if); + if($ph1ent['protocol'] == "inet6") { + $interfaceip = get_interface_ipv6($if); + } else { + $interfaceip = get_interface_ip($if); + } } else { $interfaceip=$ph1ent['interface']; } - } - else { + } else { $if = "wan"; - $interfaceip = get_interface_ip($if); + if($ph1ent['protocol'] == "inet6") { + $interfaceip = get_interface_ipv6($if); + } else { + $interfaceip = get_interface_ip($if); + } } return $interfaceip; @@ -165,21 +173,33 @@ function ipsec_idinfo_to_cidr(& $idinfo,$addrbits = false) { switch ($idinfo['type']) { case "address": - if ($addrbits) - return $idinfo['address']."/32"; - else + if ($addrbits) { + if($idinfo['mode'] == "tunnel6") { + return $idinfo['address']."/128"; + } else { + return $idinfo['address']."/32"; + } + } else { return $idinfo['address']; + } case "network": return $idinfo['address']."/".$idinfo['netbits']; case "none": case "mobile": return "0.0.0.0/0"; default: - $address = get_interface_ip($idinfo['type']); - $netbits = get_interface_subnet($idinfo['type']); - $address = gen_subnet($address,$netbits); - return $address."/".$netbits; - } + if($idinfo['mode'] == "tunnel6") { + $address = get_interface_ipv6($idinfo['type']); + $netbits = get_interface_subnetv6($idinfo['type']); + $address = gen_subnetv6($address,$netbits); + return $address."/".$netbits; + } else { + $address = get_interface_ip($idinfo['type']); + $netbits = get_interface_subnet($idinfo['type']); + $address = gen_subnet($address,$netbits); + return $address."/".$netbits; + } + } } /* @@ -191,22 +211,33 @@ function ipsec_idinfo_to_subnet(& $idinfo,$addrbits = false) { switch ($idinfo['type']) { case "address": - if ($addrbits) - return $idinfo['address']."/255.255.255.255"; - else + if ($addrbits) { + if($idinfo['mode'] == "tunnel6") { + return $idinfo['address']."/128"; + } else { + return $idinfo['address']."/255.255.255.255"; + } + } else { return $idinfo['address']; + } case "none": case "network": return $idinfo['address']."/".gen_subnet_mask($idinfo['netbits']); case "mobile": return "0.0.0.0/0"; default: - $address = get_interface_ip($idinfo['type']); - $netbits = get_interface_subnet($idinfo['type']); - $address = gen_subnet($address,$netbits); - $netbits = gen_subnet_mask($netbits); - return $address."/".netbits; - } + if($idinfo['mode'] == "tunnel6") { + $address = get_interface_ipv6($idinfo['type']); + $netbits = get_interface_subnetv6($idinfo['type']); + $address = gen_subnetv6($address,$netbits); + return $address."/".$netbits; + } else { + $address = get_interface_ip($idinfo['type']); + $netbits = get_interface_subnet($idinfo['type']); + $address = gen_subnet($address,$netbits); + return $address."/".$netbits; + } + } } /* @@ -269,7 +300,7 @@ function ipsec_phase1_status(& $ph1ent) { function ipsec_phase2_status(& $spd,& $sad,& $ph1ent,& $ph2ent) { $loc_ip = ipsec_get_phase1_src($ph1ent); - $rmt_ip = gethostbyname(ipsec_get_phase1_dst($ph1ent)); + $rmt_ip = resolve_retry(ipsec_get_phase1_dst($ph1ent)); $loc_id = ipsec_idinfo_to_cidr($ph2ent['localid'],true); $rmt_id = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true); diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 4115784..acb3d58 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -328,20 +328,31 @@ function openvpn_reconfigure($mode, $settings) { $interface = $settings['interface']; $ipaddr = $settings['ipaddr']; + $ipaddrv6 = $settings['ipaddrv6']; // If a specific ip address (VIP) is requested, use it. // Otherwise, if a specific interface is requested, use it // If "any" interface was selected, local directive will be ommited. - if (!empty($ipaddr)) { + if (is_ipaddrv4($ipaddr)) { $iface_ip=$ipaddr; + } elseif (is_ipaddrv6($ipaddrv6)) { + $iface_ipv6=$ipaddrv6; } else { if ((!empty($interface)) && (strcmp($interface, "any"))) { $iface_ip=get_interface_ip($interface); } + if ((!empty($interface)) && (strcmp($interface, "any"))) { + $iface_ipv6=get_interface_ipv6($interface); + } } $conf = "dev {$devname}\n"; $conf .= "dev-type {$settings['dev_mode']}\n"; + switch($settings['dev_mode']) { + case "tun": + $conf .= "tun-ipv6\n"; + break; + } $conf .= "dev-node /dev/{$tunname}\n"; $conf .= "writepid {$pfile}\n"; $conf .= "#user nobody\n"; @@ -357,9 +368,12 @@ function openvpn_reconfigure($mode, $settings) { $conf .= "up /usr/local/sbin/ovpn-linkup\n"; $conf .= "down /usr/local/sbin/ovpn-linkdown\n"; - if (!empty($iface_ip)) { + if (is_ipaddrv4($iface_ip)) { $conf .= "local {$iface_ip}\n"; } + if (is_ipaddrv6($iface_ipv6)) { + // $conf .= "local {$iface_ipv6}\n"; + } if (openvpn_validate_engine($settings['engine']) && ($settings['engine'] != "none")) $conf .= "engine {$settings['engine']}\n"; @@ -368,6 +382,7 @@ function openvpn_reconfigure($mode, $settings) { if ($mode == 'server') { list($ip, $mask) = explode('/', $settings['tunnel_network']); + list($ipv6, $prefix) = explode('/', $settings['tunnel_networkv6']); $mask = gen_subnet_mask($mask); // configure tls modes @@ -395,6 +410,8 @@ function openvpn_reconfigure($mode, $settings) { case 'server_user': case 'server_tls_user': $conf .= "server {$ip} {$mask}\n"; + if(is_ipaddr($ipv6)) + $conf .= "server-ipv6 {$ipv6}/{$prefix}\n"; $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; break; } @@ -443,6 +460,10 @@ function openvpn_reconfigure($mode, $settings) { $mask = gen_subnet_mask($mask); $conf .= "push \"route $ip $mask\"\n"; } + if ($settings['local_networkv6']) { + list($ipv6, $prefix) = explode('/', $settings['local_networkv6']); + $conf .= "push \"route-ipv6 $ipv6/$prefix\"\n"; + } switch($settings['mode']) { case 'server_tls': diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index be174af..e00c6b9 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1037,15 +1037,26 @@ function is_dhcp_server_enabled() $dhcpdenable = false; - if (!is_array($config['dhcpd'])) + if ((!is_array($config['dhcpd'])) && (!is_array($config['dhcpdv6']))) return false; $Iflist = get_configured_interface_list(); - foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) { - if (isset($dhcpifconf['enable']) && isset($Iflist[$dhcpif])) { - $dhcpdenable = true; - break; + if(is_array($config['dhcpd'])) { + foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) { + if (isset($dhcpifconf['enable']) && isset($Iflist[$dhcpif])) { + $dhcpdenable = true; + break; + } + } + } + + if(is_array($config['dhcpdv6'])) { + foreach ($config['dhcpdv6'] as $dhcpv6if => $dhcpv6ifconf) { + if (isset($dhcpv6ifconf['enable']) && isset($Iflist[$dhcpv6if])) { + $dhcpdenable = true; + break; + } } } @@ -1123,11 +1134,13 @@ function get_interface_info($ifdescr) { $ifinfo['macaddr'] = $ifinfotmp['macaddr']; $ifinfo['ipaddr'] = $ifinfotmp['ipaddr']; $ifinfo['subnet'] = $ifinfotmp['subnet']; + $ifinfo['ipaddrv6'] = get_interface_ipv6($ifdescr); + $ifinfo['subnetv6'] = get_interface_subnetv6($ifdescr); if (isset($ifinfotmp['link0'])) $link0 = "down"; $ifinfotmp = pfSense_get_interface_stats($chkif); - $ifinfo['inpkts'] = $ifinfotmp['inpkts']; - $ifinfo['outpkts'] = $ifinfotmp['outpkts']; + // $ifinfo['inpkts'] = $ifinfotmp['inpkts']; + // $ifinfo['outpkts'] = $ifinfotmp['outpkts']; $ifinfo['inerrs'] = $ifinfotmp['inerrs']; $ifinfo['outerrs'] = $ifinfotmp['outerrs']; $ifinfo['collisions'] = $ifinfotmp['collisions']; @@ -1137,31 +1150,43 @@ function get_interface_info($ifdescr) { exec("/sbin/pfctl -vvsI -i {$chkif}", $pfctlstats); $pf_in4_pass = preg_split("/ +/ ", $pfctlstats[3]); $pf_out4_pass = preg_split("/ +/", $pfctlstats[5]); + $pf_in6_pass = preg_split("/ +/ ", $pfctlstats[7]); + $pf_out6_pass = preg_split("/ +/", $pfctlstats[9]); $in4_pass = $pf_in4_pass[5]; $out4_pass = $pf_out4_pass[5]; $in4_pass_packets = $pf_in4_pass[3]; $out4_pass_packets = $pf_out4_pass[3]; - $ifinfo['inbytespass'] = $in4_pass; - $ifinfo['outbytespass'] = $out4_pass; - $ifinfo['inpktspass'] = $in4_pass_packets; - $ifinfo['outpktspass'] = $out4_pass_packets; + $in6_pass = $pf_in6_pass[5]; + $out6_pass = $pf_out6_pass[5]; + $in6_pass_packets = $pf_in6_pass[3]; + $out6_pass_packets = $pf_out6_pass[3]; + $ifinfo['inbytespass'] = $in4_pass + $in6_pass; + $ifinfo['outbytespass'] = $out4_pass + $out6_pass; + $ifinfo['inpktspass'] = $in4_pass_packets + $in6_pass_packets; + $ifinfo['outpktspass'] = $out4_pass_packets + $in6_pass_packets; /* Block */ $pf_in4_block = preg_split("/ +/", $pfctlstats[4]); $pf_out4_block = preg_split("/ +/", $pfctlstats[6]); + $pf_in6_block = preg_split("/ +/", $pfctlstats[8]); + $pf_out6_block = preg_split("/ +/", $pfctlstats[10]); $in4_block = $pf_in4_block[5]; $out4_block = $pf_out4_block[5]; $in4_block_packets = $pf_in4_block[3]; $out4_block_packets = $pf_out4_block[3]; - $ifinfo['inbytesblock'] = $in4_block; - $ifinfo['outbytesblock'] = $out4_block; - $ifinfo['inpktsblock'] = $in4_block_packets; - $ifinfo['outpktsblock'] = $out4_block_packets; - - $ifinfo['inbytes'] = $in4_pass + $in4_block; - $ifinfo['outbytes'] = $out4_pass + $out4_block; - $ifinfo['inpkts'] = $in4_pass_packets + $in4_block_packets; - $ifinfo['outpkts'] = $in4_pass_packets + $out4_block_packets; + $in6_block = $pf_in6_block[5]; + $out6_block = $pf_out6_block[5]; + $in6_block_packets = $pf_in6_block[3]; + $out6_block_packets = $pf_out6_block[3]; + $ifinfo['inbytesblock'] = $in4_block + $in6_block; + $ifinfo['outbytesblock'] = $out4_block + $out6_block; + $ifinfo['inpktsblock'] = $in4_block_packets + $in6_block_packets; + $ifinfo['outpktsblock'] = $out4_block_packets + $out6_block_packets; + + $ifinfo['inbytes'] = $in4_pass + $in6_pass; + $ifinfo['outbytes'] = $out4_pass + $out6_pass; + $ifinfo['inpkts'] = $in4_pass_packets + $in6_pass_packets; + $ifinfo['outpkts'] = $in4_pass_packets + $out6_pass_packets; $ifconfiginfo = ""; $link_type = $config['interfaces'][$ifdescr]['ipaddr']; @@ -1275,8 +1300,10 @@ function get_interface_info($ifdescr) { } /* lookup the gateway */ - if (interface_has_gateway($ifdescr)) + if (interface_has_gateway($ifdescr)) { $ifinfo['gateway'] = get_interface_gateway($ifdescr); + $ifinfo['gatewayv6'] = get_interface_gateway_v6($ifdescr); + } } $bridge = ""; @@ -2181,4 +2208,38 @@ function filter_rules_compare($a, $b) { return compare_interface_friendly_names($a['interface'], $b['interface']); } +function generate_ipv6_from_mac($mac) { + $elements = explode(":", $mac); + if(count($elements) <> 6) + return false; + + $i = 0; + $ipv6 = ""; + foreach($elements as $byte) { + if($i == 0) { + $hexadecimal = substr($byte, 1, 2); + $bitmap = base_convert($hexadecimal, 16, 2); + $bitmap = str_pad($bitmap, 4, "0", STR_PAD_LEFT); + $bitmap = substr($bitmap, 0, 2) ."1". substr($bitmap, 3,4); + $byte = substr($byte, 0, 1) . base_convert($bitmap, 2, 16); + } + $ipv6 .= $byte; + if($i == 1) { + $ipv6 .= ":"; + } + if($i == 3) { + $ipv6 .= ":"; + } + if($i == 5) { + $ipv6 .= ":"; + } + if($i == 2) { + $ipv6 .= "ff:fe"; + $i++; + } + + $i++; + } + return $ipv6; +} ?> diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc index 2406753..529080c 100644 --- a/etc/inc/rrd.inc +++ b/etc/inc/rrd.inc @@ -253,6 +253,7 @@ function enable_rrd_graphing() { /* db update script */ $rrdupdatesh = "#!/bin/sh\n"; $rrdupdatesh .= "\n"; + $rrdupdatesh .= "export TERM=serial\n"; $rrdupdatesh .= "counter=1\n"; $rrdupdatesh .= "while [ \"\$counter\" -ne 0 ]\n"; $rrdupdatesh .= "do\n"; @@ -284,6 +285,10 @@ function enable_rrd_graphing() { $rrdcreate .= "DS:outpass:COUNTER:$trafficvalid:0:$upstream "; $rrdcreate .= "DS:inblock:COUNTER:$trafficvalid:0:$downstream "; $rrdcreate .= "DS:outblock:COUNTER:$trafficvalid:0:$upstream "; + $rrdcreate .= "DS:inpass6:COUNTER:$trafficvalid:0:$downstream "; + $rrdcreate .= "DS:outpass6:COUNTER:$trafficvalid:0:$upstream "; + $rrdcreate .= "DS:inblock6:COUNTER:$trafficvalid:0:$downstream "; + $rrdcreate .= "DS:outblock6:COUNTER:$trafficvalid:0:$upstream "; $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; @@ -294,17 +299,13 @@ function enable_rrd_graphing() { /* enter UNKNOWN values in the RRD so it knows we rebooted. */ if($g['booting']) { - mwexec("$rrdtool update $rrddbpath$ifname$traffic N:U:U:U:U"); + mwexec("$rrdtool update $rrddbpath$ifname$traffic N:U:U:U:U:U:U:U:U"); } $rrdupdatesh .= "\n"; - $rrdupdatesh .= "# polling traffic for interface $ifname $realif \n"; - $rrdupdatesh .= "TMPFILE=`mktemp -q /tmp/STATS_{$realif}.XXXXXX` \n"; - $rrdupdatesh .= "$pfctl -vvsI -i {$realif} > \$TMPFILE \n"; - $rrdupdatesh .= "unset BYTES \n"; - $rrdupdatesh .= "BYTES=`cat \$TMPFILE | awk '/In4\/Pass|Out4\/Pass/ {printf \$6 \":\"}'`\\\n"; - $rrdupdatesh .= "`cat \$TMPFILE | awk '/In4\/Block|Out4\/Block/ {printf \$6 \":\"}'|sed -e 's/.\$//'`\n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$traffic N:\$BYTES\n"; + $rrdupdatesh .= "# polling traffic for interface $ifname $realif IPv4/IPv6 counters \n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$traffic N:\\\n"; + $rrdupdatesh .= "`$pfctl -vvsI -i {$realif} | awk '/In4\/Pass|Out4\/Pass|In6\/Pass|Out6\/Pass|In4\/Block|Out4\/Block|In6\/Block|Out6\/Block/ {printf \$6 \":\"}'|sed -e 's/.\$//'`\n"; /* PACKETS, set up the rrd file */ if (!file_exists("$rrddbpath$ifname$packets")) { @@ -313,6 +314,10 @@ function enable_rrd_graphing() { $rrdcreate .= "DS:outpass:COUNTER:$packetsvalid:0:$upstream "; $rrdcreate .= "DS:inblock:COUNTER:$packetsvalid:0:$downstream "; $rrdcreate .= "DS:outblock:COUNTER:$packetsvalid:0:$upstream "; + $rrdcreate .= "DS:inpass6:COUNTER:$packetsvalid:0:$downstream "; + $rrdcreate .= "DS:outpass6:COUNTER:$packetsvalid:0:$upstream "; + $rrdcreate .= "DS:inblock6:COUNTER:$packetsvalid:0:$downstream "; + $rrdcreate .= "DS:outblock6:COUNTER:$packetsvalid:0:$upstream "; $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; @@ -323,16 +328,13 @@ function enable_rrd_graphing() { /* enter UNKNOWN values in the RRD so it knows we rebooted. */ if($g['booting']) { - mwexec("$rrdtool update $rrddbpath$ifname$packets N:U:U:U:U"); + mwexec("$rrdtool update $rrddbpath$ifname$packets N:U:U:U:U:U:U:U:U"); } $rrdupdatesh .= "\n"; $rrdupdatesh .= "# polling packets for interface $ifname $realif \n"; - $rrdupdatesh .= "unset PACKETS \n"; - $rrdupdatesh .= "PACKETS=`cat \$TMPFILE | awk '/In4\/Pass|Out4\/Pass/ {printf \$4 \":\"}'`\\\n"; - $rrdupdatesh .= "`cat \$TMPFILE | awk '/In4\/Block|Out4\/Block/ {printf \$4 \":\"}'|sed -e 's/.\$//'`\n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$packets N:\$PACKETS\n"; - $rrdupdatesh .= "rm \$TMPFILE \n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$packets N:\\\n"; + $rrdupdatesh .= "`$pfctl -vvsI -i {$realif} | awk '/In4\/Pass|Out4\/Pass|In6\/Pass|Out6\/Pass|In4\/Block|Out4\/Block|In6\/Block|Out6\/Block/ {printf \$4 \":\"}'|sed -e 's/.\$//'`\n"; /* WIRELESS, set up the rrd file */ if($config['interfaces'][$ifname]['wireless']['mode'] == "bss") { diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 62edc44..266a291 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -35,10 +35,108 @@ pfSense_BUILDER_BINARIES: /usr/bin/killall /bin/pgrep /bin/sh /usr/local/sbin/dhcpd /usr/local/sbin/igmpproxy pfSense_BUILDER_BINARIES: /sbin/ifconfig /usr/sbin/arp /sbin/ifconfig /usr/local/sbin/dnsmasq pfSense_BUILDER_BINARIES: /usr/sbin/bsnmpd /sbin/route /usr/local/sbin/olsrd - pfSense_BUILDER_BINARIES: /usr/local/sbin/miniupnpd + pfSense_BUILDER_BINARIES: /usr/local/sbin/miniupnpd /usr/sbin/rtadvd pfSense_MODULE: utils */ +/* implement ipv6 route advertising deamon */ +function services_rtadvd_configure() { + global $config, $g; + + if(isset($config['system']['developerspew'])) { + $mt = microtime(); + echo "services_rtadvd_configure() being called $mt\n"; + } + + if($g['services_dhcp_server_enable'] == false) + return; + + if(is_process_running("rtadvd")) { + mwexec("killall -9 rtadvd", true); + } + + /* DHCP enabled on any interfaces? */ + if (!is_dhcp_server_enabled()) + return 0; + + if (!is_array($config['dhcpdv6'])) + $config['dhcpdv6'] = array(); + + $dhcpdv6cfg = $config['dhcpdv6']; + $Iflist = get_configured_interface_list(); + + /* write rtadvd.conf */ + $fd = fopen("{$g['varetc_path']}/rtadvd.conf", "w"); + if (!$fd) { + printf("Error: cannot open rtadvd.conf in services_rtadvd_configure().\n"); + return 1; + } + + /* raflags, other o, managed=64 m, stateful=128, both=192 */ + + $rtadvdconf = "# Automatically Generated, do not edit\n"; + $rtadvdconf = <<<EOD + +# +# common definitions. +# +default:\ + :raflags#0:rltime#3600:\ + :pinfoflags#64:vltime#360000:pltime#360000:mtu#1500: +ether:\ + :mtu#1280:tc=default: + +EOD; + + /* Process all links which need the router advertise daemon */ + /* Currently for DHCP interfaces only, openvpn? */ + $rtadvdnum = 0; + foreach ($dhcpdv6cfg as $dhcpv6if => $dhcpv6ifconf) { + $rtadvdnum++; + /* It appears we can not advertise the gateway IP (carp) + * rtadvd[44205]: <sock_open> IPV6_JOIN_GROUP(link) on vip1: Can't assign requested address + if($dhcpv6ifconf['gateway'] <> "") { + $dhcpv6if = find_carp_interface($dhcpv6ifconf['gateway']); + } + */ + $realif = get_real_interface($dhcpv6if); + + $rtadvdifs[] = $realif; + + $ifcfgipv6 = get_interface_ipv6($dhcpv6if); + $ifcfgsnv6 = get_interface_subnetv6($dhcpv6if); + $subnetv6 = gen_subnetv6($ifcfgipv6, $ifcfgsnv6); + $subnetmaskv6 = gen_subnet_mask($ifcfgsnv6); + + $rtadvdconf .= "{$realif}:\\\n"; + $rtadvdconf .= "\t:addr=\"{$subnetv6}\":\\\n"; + $rtadvdconf .= "\t:prefixlen#{$ifcfgsnv6}:\\\n"; + switch($dhcpv6ifconf['mode']) { + case "managed": + $rtadvdconf .= "\t:raflags=\"m\":\\\n"; + break; + case "assist": + $rtadvdconf .= "\t:raflags=\"o\":\\\n"; + break; + default: + $rtadvdconf .= "\t:raflags#0:\\\n"; + break; + + } + $rtadvdconf .= "\t:tc=ether:\n"; + $rtadvdconf .= "\n\n"; + + } + + fwrite($fd, $rtadvdconf); + fclose($fd); + + if(count($rtadvdifs) > 0) { + mwexec("/usr/sbin/rtadvd -c {$g['varetc_path']}/rtadvd.conf " . join(" ", $rtadvdifs)); + } + return 0; +} + function services_dhcpd_configure() { global $config, $g; @@ -51,8 +149,9 @@ function services_dhcpd_configure() { } /* kill any running dhcpd */ - if(is_process_running("dhcpd")) + if(is_process_running("dhcpd")) { mwexec("killall dhcpd", true); + } /* DHCP enabled on any interfaces? */ if (!is_dhcp_server_enabled()) @@ -97,11 +196,25 @@ function services_dhcpd_configure() { log_error("DHCP leases restore failed exited with $dhcpreturn, the error is: $dhcprestore\n"); } } + if (file_exists("{$g['cf_conf_path']}/dhcp6leases.tgz")) { + $dhcprestore = ""; + $dhcpreturn = ""; + exec("cd /;LANG=C /usr/bin/tar -xzf {$g['cf_conf_path']}/dhcp6leases.tgz 2>&1", $dhcprestore, $dhcpreturn); + $dhcprestore = implode(" ", $dhcprestore); + if($dhcpreturn <> 0) { + log_error("DHCP leases v6 restore failed exited with $dhcpreturn, the error is: $dhcprestore\n"); + } + } } } $syscfg = $config['system']; + if (!is_array($config['dhcpd'])) + $config['dhcpd'] = array(); + if (!is_array($config['dhcpdv6'])) + $config['dhcpdv6'] = array(); $dhcpdcfg = $config['dhcpd']; + $dhcpdv6cfg = $config['dhcpdv6']; $Iflist = get_configured_interface_list(); if ($g['booting']) @@ -111,8 +224,9 @@ function services_dhcpd_configure() { /* write dhcpd.conf */ $fd = fopen("{$g['dhcpd_chroot_path']}/etc/dhcpd.conf", "w"); - if (!$fd) { - printf("Error: cannot open dhcpd.conf in services_dhcpd_configure().\n"); + $fdv6 = fopen("{$g['dhcpd_chroot_path']}/etc/dhcpdv6.conf", "w"); + if ((!$fd) || (! $fdv6)) { + printf("Error: cannot open dhcpd.conf or dhcpdv6.conf in services_dhcpd_configure().\n"); return 1; } @@ -128,6 +242,14 @@ function services_dhcpd_configure() { } } } + $custoptionsv6 = ""; + foreach ($dhcpdv6cfg as $dhcpv6if => $dhcpv6ifconf) { + if(is_array($dhcpv6ifconf['numberoptions']) && is_array($dhcpv6ifconf['numberoptions']['item'])) { + foreach($dhcpv6ifconf['numberoptions']['item'] as $itemv6idx => $itemv6) { + $custoptionsv6 .= "option custom-{$dhcpv6if}-{$itemv6idx} code {$itemv6['number']} = text;\n"; + } + } + } $dhcpdconf = <<<EOD @@ -145,13 +267,34 @@ ping-check true; EOD; + $dhcpdv6conf = <<<EOD + +option domain-name "{$syscfg['domain']}"; +option ldap-server code 95 = text; +option domain-search-list code 119 = text; +{$custoptions} +default-lease-time 7200; +max-lease-time 86400; +log-facility local7; +ddns-update-style none; +one-lease-per-client true; +deny duplicates; +ping-check true; + +EOD; + if(!isset($dhcpifconf['disableauthoritative'])) $dhcpdconf .= "authoritative;\n"; + if(!isset($dhcpv6ifconf['disableauthoritative'])) + $dhcpdv6conf .= "authoritative;\n"; if(isset($dhcpifconf['alwaysbroadcast'])) $dhcpdconf .= "always-broadcast on\n"; + if(isset($dhcpv6ifconf['alwaysbroadcast'])) + $dhcpdv6conf .= "always-broadcast on\n"; $dhcpdifs = array(); + $dhcpdv6ifs = array(); /* loop through and determine if we need to setup * failover peer "bleh" entries @@ -214,6 +357,64 @@ EOPP; $dhcpnum++; } } + $dhcpv6num = 0; + foreach ($dhcpdv6cfg as $dhcpv6if => $dhcpv6ifconf) { + + interfaces_staticarp_configure($dhcpv6if); + + if (!isset($dhcpv6ifconf['enable'])) + continue; + + if($dhcpv6ifconf['failover_peerip'] <> "") { + $intv6 = guess_interface_from_ip($dhcpv6ifconf['failover_peerip']); + $intipv6 = find_interface_ipv6($intv6); + $real_dhcpv6if = convert_friendly_interface_to_real_interface_name($dhcpv6if); + /* + * yep, failover peer is defined. + * does it match up to a defined vip? + */ + $skew = 110; + $a_vip = &$config['virtualip']['vip']; + if(is_array($a_vip)) { + foreach ($a_vip as $vipent) { + if($intv6 == $real_dhcpv6if) { + /* this is the interface! */ + if(is_numeric($vipent['advskew']) && ($vipent['advskew'] < "20")) + $skew = 0; + } + } + } else { + log_error("Warning! DHCPv6 Failover setup and no CARP virtual IPv6's defined!"); + } + if($skew > 10) { + $typev6 = "secondary"; + $dhcpdv6conf_pri = "mclt 600;\n"; + $my_portv6 = "520"; + $peer_portv6 = "519"; + } else { + $my_portv6 = "519"; + $peer_portv6 = "520"; + $typev6 = "primary"; + $dhcpdv6conf_pri = "split 128;\n"; + $dhcpdv6conf_pri .= " mclt 600;\n"; + } + $dhcpdv6conf .= <<<EOPP +failover peer "dhcpv6{$dhcpv6num}" { + {$typev6}; + address {$intipv6}; + port {$my_portv6}; + peer address {$dhcpv6ifconf['failover_peerip']}; + peer port {$peer_portv6}; + max-response-delay 10; + max-unacked-updates 10; + {$dhcpdv6conf_pri} + load balance max seconds 3; +} + +EOPP; + $dhcpv6num++; + } + } $dhcpnum = 0; @@ -294,8 +495,7 @@ EOPP; $dnscfg EOD; - - // default-lease-time + // default-lease-time if ($dhcpifconf['defaultleasetime']) $dhcpdconf .= " default-lease-time {$dhcpifconf['defaultleasetime']};\n"; @@ -377,17 +577,199 @@ EOD; $dhcpdifs[] = get_real_interface($dhcpif); } + $dhcpv6num = 0; + foreach ($dhcpdv6cfg as $dhcpv6if => $dhcpv6ifconf) { + + $ifcfgv6 = $config['interfaces'][$dhcpv6if]; + + if (!isset($dhcpv6ifconf['enable']) || !isset($Iflist[$dhcpv6if])) + continue; + $ifcfgipv6 = get_interface_ipv6($dhcpv6if); + $ifcfgsnv6 = get_interface_subnetv6($dhcpv6if); + $subnetv6 = gen_subnetv6($ifcfgipv6, $ifcfgsnv6); + $subnetmaskv6 = gen_subnet_mask($ifcfgsnv6); + + if($is_olsr_enabled == true) + if($dhcpv6ifconf['netmask']) + $subnetmask = gen_subnet_mask($dhcpv6ifconf['netmask']); + + $dnscfgv6 = ""; + + if ($dhcpv6ifconf['domain']) { + $dnscfgv6 .= " option domain-name \"{$dhcpv6ifconf['domain']}\";\n"; + } + + if($dhcpv6ifconf['domainsearchlist'] <> "") { + $dnscfgv6 .= " option domain-search-list \"{$dhcpifconf['domainsearchlist']}\";\n"; + } + + if (isset($dhcpv6ifconf['ddnsupdate'])) { + if($dhcpv6ifconf['ddnsdomain'] <> "") { + $dnscfgv6 .= " ddns-domainname \"{$dhcpv6ifconf['ddnsdomain']}\";\n"; + } + $dnscfgv6 .= " ddns-update-style interim;\n"; + } + + if (is_array($dhcpv6ifconf['dnsserver']) && ($dhcpv6ifconf['dnsserver'][0])) { + $dnscfgv6 .= " option dhcp6.name-servers " . join(",", $dhcpv6ifconf['dnsserver']) . ";"; + } else if (isset($config['dnsmasq']['enable'])) { + $dnscfgv6 .= " option dhcp6.name-servers {$ifcfgipv6};"; + } else if (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) { + $dns_arrv6 = array(); + foreach($syscfg['dnsserver'] as $dnsserver) { + if(is_ipaddrv6($dnsserver)) { + $dns_arrv6[] = $dnsserver; + } + } + if(!empty($dns_arrv6)) + $dnscfgv6 .= " option dhcp6.name-servers " . join(",", $dns_arrv6) . ";"; + } + + $subnet6 = Net_IPv6::compress(gen_subnetv6($ifcfgipv6, $ifcfgsnv6)); + $dhcpdv6conf .= "subnet6 {$subnet6}/{$ifcfgsnv6} {\n"; + + /* is failover dns setup? */ + if (is_array($dhcpv6ifconf['dnsserver']) && $dhcpv6ifconf['dnsserver'][0] <> "") { + $dhcpdv6conf .= " option dhcp6.name-servers {$dhcpv6ifconf['dnsserver'][0]}"; + if($dhcpv6ifconf['dnsserver'][1] <> "") + $dhcpdv6conf .= ",{$dhcpv6ifconf['dnsserver'][1]}"; + $dhcpdv6conf .= ";\n"; + } + + if($dhcpv6ifconf['failover_peerip'] <> "") + $dhcpdv6conf .= " deny dynamic bootp clients;\n"; + + if (isset($dhcpv6ifconf['denyunknown'])) + $dhcpdv6conf .= " deny unknown clients;\n"; + + if ($dhcpv6ifconf['gateway']) + $routersv6 = $dhcpv6ifconf['gateway']; + else + $routersv6 = $ifcfgipv6; + + if($dhcpv6ifconf['failover_peerip'] <> "") { + $dhcpdv6conf .= " failover peer \"dhcpv6{$dhcpv6num}\";\n"; + $dhcpv6num++; + } + + $dhcpdv6conf .= <<<EOD + range6 {$dhcpv6ifconf['range']['from']} {$dhcpv6ifconf['range']['to']}; + # Not supported in IPv6; option dhcp6.routers {$routersv6}; +$dnscfgv6 + +EOD; + // default-lease-time + if ($dhcpv6ifconf['defaultleasetime']) + $dhcpdv6conf .= " default-lease-time {$dhcpv6ifconf['defaultleasetime']};\n"; + + // max-lease-time + if ($dhcpv6ifconf['maxleasetime']) + $dhcpdv6conf .= " max-lease-time {$dhcpv6ifconf['maxleasetime']};\n"; + + // ntp-servers + if (is_array($dhcpv6ifconf['ntpserver']) && $dhcpv6ifconf['ntpserver'][0]) + $dhcpdv6conf .= " option ntp-servers " . join(",", $dhcpv6ifconf['ntpserver']) . ";\n"; + + // tftp-server-name + if ($dhcpv6ifconf['tftp'] <> "") + $dhcpdv6conf .= " option tftp-server-name \"{$dhcpv6ifconf['tftp']}\";\n"; + + // Handle option, number rowhelper values + $dhcpdv6conf .= "\n"; + if($dhcpv6ifconf['numberoptions']['item']) { + foreach($dhcpv6ifconf['numberoptions']['item'] as $itemv6idx => $itemv6) { + $dhcpdv6conf .= " option custom-{$dhcpv6if}-{$itemv6idx} \"{$itemv6['value']}\";\n"; + } + } + + // ldap-server + if ($dhcpv6ifconf['ldap'] <> "") + $dhcpdv6conf .= " option ldap-server \"{$dhcpv6ifconf['ldap']}\";\n"; + + // net boot information + if(isset($dhcpv6ifconf['netboot'])) { + if (($dhcpv6ifconf['next-server'] <> "") && ($dhcpv6ifconf['filename'] <> "")) { + $dhcpdv6conf .= " next-server {$dhcpv6ifconf['next-server']};\n"; + $dhcpdv6conf .= " filename \"{$dhcpv6ifconf['filename']}\";\n"; + } + if ($dhcpv6ifconf['rootpath'] <> "") { + $dhcpdv6conf .= " option root-path \"{$dhcpv6ifconf['rootpath']}\";\n"; + } + } + + $dhcpdv6conf .= <<<EOD +} +EOD; + + /* add static mappings */ + /* Does not work for IPv6 + /* You can not use a hardware parameter for DHCPv6 hosts + /* Needs to be figured out + if (is_array($dhcpv6ifconf['staticmap'])) { + + $i = 0; + foreach ($dhcpv6ifconf['staticmap'] as $sm) { + $dhcpdv6conf .= <<<EOD +host s_{$dhcpv6if}_{$i} { + hardware ethernet {$sm['mac']}; + +EOD; + if ($sm['ipaddr']) + $dhcpdv6conf .= " fixed-address6 {$sm['ipaddr']};\n"; + + if ($sm['hostname']) { + $dhhostname = str_replace(" ", "_", $sm['hostname']); + $dhhostname = str_replace(".", "_", $dhhostname); + $dhcpdv6conf .= " option host-name {$dhhostname};\n"; + } + if ($sm['netbootfile']) + $dhcpdv6conf .= " filename \"{$sm['netbootfile']}\";\n"; + + $dhcpdv6conf .= "}\n"; + $i++; + } + } + */ + + if($config['dhcpdv6'][$dhcpv6if]['mode'] <> "unmanaged") { + $realif = escapeshellcmd(get_real_interface($dhcpv6if)); + $dhcpdv6ifs[] = $realif; + exec("/sbin/ifconfig {$realif} |awk '/ether/ {print $2}'", $mac); + $v6address = generate_ipv6_from_mac($mac[0]); + /* Create link local address for bridges */ + if(stristr("$realif", "bridge")) { + mwexec("/sbin/ifconfig {$realif} inet6 {$v6address}"); + } + } + } + fwrite($fd, $dhcpdconf); fclose($fd); + fwrite($fdv6, $dhcpdv6conf); + fclose($fdv6); /* create an empty leases database */ touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases"); touch("{$g['varrun_path']}/dhcpd.pid"); + /* create an empty leases v6 database */ + touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd6.leases"); + touch("{$g['varrun_path']}/dhcpdv6.pid"); /* fire up dhcpd in a chroot */ - mwexec("/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot {$g['dhcpd_chroot_path']} -cf /etc/dhcpd.conf " . - join(" ", $dhcpdifs)); + if(count($dhcpdifs) > 0) { + mwexec("/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot {$g['dhcpd_chroot_path']} -cf /etc/dhcpd.conf " . + join(" ", $dhcpdifs)); + } + + if(count($dhcpdv6ifs) > 0) { + mwexec("/usr/local/sbin/dhcpd -6 -user dhcpd -group _dhcp -chroot {$g['dhcpd_chroot_path']} -cf /etc/dhcpdv6.conf " . + join(" ", $dhcpdv6ifs)); + mwexec("/usr/sbin/rtadvd " . join(" ", $dhcpdv6ifs)); + } + + /* start ipv6 route advertising if required */ + services_rtadvd_configure(); if ($g['booting']) { print "done.\n"; @@ -615,6 +997,7 @@ function services_dyndns_configure_client($conf) { $dnsWilcard = $conf['wildcard'], $dnsMX = $conf['mx'], $dnsIf = "{$conf['interface']}"); + } function services_dyndns_configure($int = "") { diff --git a/etc/inc/system.inc b/etc/inc/system.inc index e2c02aa..a4acb22 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -317,14 +317,20 @@ function system_routing_configure($interface = "") { echo "system_routing_configure() being called $mt\n"; } + /* configure gif interfaces for ipv6 tunnels */ + interfaces_gif_configure(); + $gatewayip = ""; $interfacegw = ""; $foundgw = false; + $gatewayipv6 = ""; + $interfacegwv6 = ""; + $foundgwv6 = false; /* tack on all the hard defined gateways as well */ if (is_array($config['gateways']['gateway_item'])) { mwexec("/bin/rm {$g['tmp_path']}/*_defaultgw", true); foreach ($config['gateways']['gateway_item'] as $gateway) { - if (isset($gateway['defaultgw'])) { + if (isset($gateway['defaultgw']) && (is_ipaddrv4($gateway['gateway']))) { if(strstr($gateway['gateway'], ":")) break; if ($gateway['gateway'] == "dynamic") @@ -340,6 +346,21 @@ function system_routing_configure($interface = "") { break; } } + foreach ($config['gateways']['gateway_item'] as $gateway) { + if (isset($gateway['defaultgw']) && (is_ipaddrv6($gateway['gateway']))) { + if ($gateway['gateway'] == "dynamic") + $gateway['gateway'] = get_interface_gateway_v6($gateway['interface']); + $gatewayipv6 = $gateway['gateway']; + $interfacegwv6 = $gateway['interface']; + if (!empty($interfacegwv6)) { + $defaultifv6 = get_real_interface($gateway['interface']); + if ($defaultifv6) + @file_put_contents("{$g['tmp_path']}/{$defaultifv6}_defaultgwv6", $gatewayipv6); + } + $foundgwv6 = true; + break; + } + } } if ($foundgw == false) { $defaultif = get_real_interface("wan"); @@ -347,6 +368,12 @@ function system_routing_configure($interface = "") { $gatewayip = get_interface_gateway("wan"); @touch("{$g['tmp_path']}/{$defaultif}_defaultgw"); } + if ($foundgwv6 == false) { + $defaultifv6 = get_real_interface("wan"); + $interfacegwv6 = "wan"; + $gatewayipv6 = get_interface_gateway_v6("wan"); + @touch("{$g['tmp_path']}/{$defaultif}_defaultgwv6"); + } $dont_add_route = false; /* if OLSRD is enabled, allow WAN to house DHCP. */ if($config['installedpackages']['olsrd']) { @@ -357,7 +384,7 @@ function system_routing_configure($interface = "") { } } } - /* Create a array from the existing route table */ + /* Create a array from the existing inet route table */ exec("/usr/bin/netstat -rnf inet", $route_str); array_shift($route_str); array_shift($route_str); @@ -372,7 +399,7 @@ function system_routing_configure($interface = "") { if ($dont_add_route == false ) { if (!empty($interface) && $interface != $interfacegw) ; - else if (($interfacegw <> "bgpd") && (is_ipaddr($gatewayip))) { + else if (($interfacegw <> "bgpd") && (is_ipaddrv4($gatewayip))) { $action = "add"; if(isset($route_arr['default'])) { $action = "change"; @@ -382,6 +409,31 @@ function system_routing_configure($interface = "") { } } + /* Create a array from the existing inet6 route table */ + exec("/usr/bin/netstat -rnf inet6", $routev6_str); + array_shift($routev6_str); + array_shift($routev6_str); + array_shift($routev6_str); + array_shift($routev6_str); + $routev6_arr = array(); + foreach($routev6_str as $routeline) { + $items = preg_split("/[ ]+/i", $routeline); + $routev6_arr[$items[0]] = array($items[0], $items[1], $items[5]); + } + + if ($dont_add_route == false ) { + if (!empty($interface) && $interface != $interfacegwv6) + ; + else if (($interfacegwv6 <> "bgpd") && (is_ipaddrv6($gatewayipv6))) { + $action = "add"; + if(isset($routev6_arr['default'])) { + $action = "change"; + } + log_error("ROUTING: $action IPv6 default route to $gatewayipv6"); + mwexec("/sbin/route {$action} -inet6 default " . escapeshellarg($gatewayipv6)); + } + } + if (is_array($config['staticroutes']['route'])) { $gateways_arr = return_gateways_array(); @@ -394,17 +446,23 @@ function system_routing_configure($interface = "") { $gateway = $gateways_arr[$rtent['gateway']]; if (!empty($interface) && $interface != $gateway['friendlyiface']) continue; + $gatewayip = $gateway['gateway']; $interfacegw = $gateway['interface']; $action = "add"; if (isset($route_arr[$rtent['network']])) $action = "change"; + if(is_ipaddrv6($gatewayip)) { + $inetfamily = "-inet6"; + } else { + $inetfamily = "-inet"; + } if (is_ipaddr($gatewayip)) { - mwexec("/sbin/route {$action} -inet " . escapeshellarg($rtent['network']) . + mwexec("/sbin/route {$action} {$inetfamily} " . escapeshellarg($rtent['network']) . " " . escapeshellarg($gatewayip)); } else if (!empty($interfacegw)) { - mwexec("/sbin/route {$action} -inet " . escapeshellarg($rtent['network']) . + mwexec("/sbin/route {$action} {$inetfamily} " . escapeshellarg($rtent['network']) . " -iface " . escapeshellarg($interfacegw)); } } @@ -420,7 +478,9 @@ function system_routing_enable() { echo "system_routing_enable() being called $mt\n"; } - return mwexec("/sbin/sysctl net.inet.ip.forwarding=1"); + mwexec("/sbin/sysctl net.inet.ip.forwarding=1"); + mwexec("/sbin/sysctl net.inet6.ip6.forwarding=1"); + return; } function system_syslogd_start() { @@ -902,13 +962,14 @@ EOD; ## FreeBSD! server.event-handler = "freebsd-kqueue" server.network-backend = "writev" +#server.use-ipv6 = "enable" ## modules to load server.modules = ( - {$captive_portal_module} - "mod_access", "mod_accesslog", "mod_expire", "mod_compress", "mod_redirect", - {$module}{$captiveportal} - ) + {$captive_portal_module} + "mod_access", "mod_accesslog", "mod_expire", "mod_compress", "mod_redirect", + {$module}{$captiveportal} +) ## Unused modules # "mod_setenv", @@ -1015,7 +1076,41 @@ url.access-deny = ( "~", ".inc" ) ######### Options that are good to be but not neccesary to be changed ####### ## bind to port (default: 80) -server.port = {$lighty_port} + +EOD; + + if($captive_portal == true) { + $lighty_config .= "server.bind = \"127.0.0.1\"\n"; + $lighty_config .= "server.port = {$lighty_port}\n"; + $lighty_config .= "\$SERVER[\"socket\"] == \"127.0.0.1:{$lighty_port}\" { }\n"; + $lighty_config .= "\$SERVER[\"socket\"] == \"[::1]:{$lighty_port}\" { \n"; + if($cert <> "" and $key <> "") { + $lighty_config .= "\n"; + $lighty_config .= "## ssl configuration\n"; + $lighty_config .= "ssl.engine = \"enable\"\n"; + $lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n"; + if($ca <> "") + $lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n"; + } + $lighty_config .= " }\n"; + } else { + $lighty_config .= "server.bind = \"0.0.0.0\"\n"; + $lighty_config .= "server.port = {$lighty_port}\n"; + $lighty_config .= "\$SERVER[\"socket\"] == \"0.0.0.0:{$lighty_port}\" { }\n"; + $lighty_config .= "\$SERVER[\"socket\"] == \"[::]:{$lighty_port}\" { \n"; + if($cert <> "" and $key <> "") { + $lighty_config .= "\n"; + $lighty_config .= "## ssl configuration\n"; + $lighty_config .= "ssl.engine = \"enable\"\n"; + $lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n"; + if($ca <> "") + $lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n"; + } + $lighty_config .= " }\n"; + } + + + $lighty_config .= <<<EOD ## error-handler for status 404 #server.error-handler-404 = "/error-handler.html" diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 3e280d3..77a8682 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -1899,7 +1899,7 @@ function upgrade_054_to_055() { $xmldumpnew = "{$database}.new.xml"; if ($g['booting']) - echo "Migrate RRD database {$database} to new format \n"; + echo "Migrate RRD database {$database} to new format for IPv6 \n"; mwexec("$rrdtool tune {$rrddbpath}{$database} -r roundtrip:delay 2>&1"); dump_rrd_to_xml("{$rrddbpath}/{$database}", "{$g['tmp_path']}/{$xmldump}"); @@ -2450,9 +2450,101 @@ function upgrade_075_to_076() { function upgrade_076_to_077() { global $config; foreach($config['filter']['rule'] as & $rule) { + if (isset($rule['protocol']) && !empty($rule['protocol'])) + $rule['protocol'] = strtolower($rule['protocol']); + } +} + +function upgrade_077_to_078() { + global $config; + global $g; + + /* RRD files changed for quality, traffic and packets graphs */ + /* convert traffic RRD file */ + global $parsedcfg, $listtags; + $listtags = array("ds", "v", "rra", "row"); + + $rrddbpath = "/var/db/rrd/"; + $rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool"; + + $rrdinterval = 60; + $valid = $rrdinterval * 2; + + /* Asume GigE for now */ + $downstream = 125000000; + $upstream = 125000000; + + /* build a list of traffic and packets databases */ + $databases = array(); + exec("cd $rrddbpath;/usr/bin/find *-traffic.rrd *-packets.rrd", $databases); + rsort($databases); + foreach($databases as $database) { + $databasetmp = "{$database}.tmp"; + $xmldump = "{$database}.old.xml"; + $xmldumptmp = "{$database}.tmp.xml"; + $xmldumpnew = "{$database}.new.xml"; + + if ($g['booting']) + echo "Migrate RRD database {$database} to new format for IPv6.\n"; + + /* dump contents to xml and move database out of the way */ + dump_rrd_to_xml("{$rrddbpath}/{$database}", "{$g['tmp_path']}/{$xmldump}"); + + /* create new rrd database file */ + $rrdcreate = "$rrdtool create {$g['tmp_path']}/{$databasetmp} --step $rrdinterval "; + $rrdcreate .= "DS:inpass:COUNTER:$valid:0:$downstream "; + $rrdcreate .= "DS:outpass:COUNTER:$valid:0:$upstream "; + $rrdcreate .= "DS:inblock:COUNTER:$valid:0:$downstream "; + $rrdcreate .= "DS:outblock:COUNTER:$valid:0:$upstream "; + $rrdcreate .= "DS:inpass6:COUNTER:$valid:0:$downstream "; + $rrdcreate .= "DS:outpass6:COUNTER:$valid:0:$upstream "; + $rrdcreate .= "DS:inblock6:COUNTER:$valid:0:$downstream "; + $rrdcreate .= "DS:outblock6:COUNTER:$valid:0:$upstream "; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + + create_new_rrd("$rrdcreate"); + /* create temporary xml from new RRD */ + dump_rrd_to_xml("{$g['tmp_path']}/{$databasetmp}", "{$g['tmp_path']}/{$xmldumptmp}"); + + $rrdoldxml = file_get_contents("{$g['tmp_path']}/{$xmldump}"); + $rrdold = xml2array($rrdoldxml, 1, "tag"); + $rrdold = $rrdold['rrd']; + + $rrdnewxml = file_get_contents("{$g['tmp_path']}/{$xmldumptmp}"); + $rrdnew = xml2array($rrdnewxml, 1, "tag"); + $rrdnew = $rrdnew['rrd']; + + /* remove any MAX RRA's. Not needed for traffic. */ + $i = 0; + foreach ($rrdold['rra'] as $rra) { + if(trim($rra['cf']) == "MAX") { + unset($rrdold['rra'][$i]); + } + $i++; + } + + $rrdxmlarray = migrate_rrd_format($rrdold, $rrdnew); + $rrdxml = dump_xml_config_raw($rrdxmlarray, "rrd"); + file_put_contents("{$g['tmp_path']}/{$xmldumpnew}", $rrdxml); + mwexec("$rrdtool restore -f {$g['tmp_path']}/{$xmldumpnew} {$rrddbpath}/{$database} 2>&1"); + + } + enable_rrd_graphing(); + if ($g['booting']) + echo "Updating configuration..."; + foreach($config['filter']['rule'] as & $rule) { if (isset($rule['protocol']) && !empty($rule['protocol'])) $rule['protocol'] = strtolower($rule['protocol']); } } +function upgrade_078_to_079() { + global $config; + /* enable the allow IPv6 toggle */ + $config['system']['ipv6allow'] = true; +} + ?> diff --git a/etc/inc/util.inc b/etc/inc/util.inc index b7df86b..48b1de1 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -219,10 +219,18 @@ function is_module_loaded($module_name) { function gen_subnet($ipaddr, $bits) { if (!is_ipaddr($ipaddr) || !is_numeric($bits)) return ""; - return long2ip(ip2long($ipaddr) & gen_subnet_mask_long($bits)); } +/* return the subnet address given a host address and a subnet bit count */ +function gen_subnetv6($ipaddr, $bits) { + if (!is_ipaddrv6($ipaddr) || !is_numeric($bits)) + return ""; + + $address = Net_IPv6::getNetmask($ipaddr, $bits); + return $address; +} + /* return the highest (broadcast) address in the subnet given a host address and a subnet bit count */ function gen_subnet_max($ipaddr, $bits) { if (!is_ipaddr($ipaddr) || !is_numeric($bits)) @@ -231,6 +239,49 @@ function gen_subnet_max($ipaddr, $bits) { return long2ip32(ip2long($ipaddr) | ~gen_subnet_mask_long($bits)); } +/* Generate end number for a given ipv6 subnet mask + * no, it does not perform math */ +function gen_subnetv6_max($ipaddr, $bits) { + if(!is_ipaddrv6($ipaddr)) + return false; + + $subnetstart = gen_subnetv6($ipaddr, $bits); + /* we should have a expanded full ipv6 subnet starting at 0. + * Now split those by the semicolon so we can do 16 bit math */ + $parts = explode(":", $subnetstart); + if(count($parts) <> 8) + return false; + + /* reverse the array, we start with the lsb */ + $parts = array_reverse($parts); + /* set the itteration count properly */ + $bitsleft = 128 - $bits; + $i = 0; + foreach($parts as $part) { + /* foreach 16 bits we go to the next part */ + /* no this isn't proper hex math, neither does it overflow properly */ + while($bitsleft > 0) { + if($part == "0") { + $part = "f"; + } else { + $part = $part . "f"; + } + $bitsleft = $bitsleft - 4; + $j++; + if($j == 4) { + $parts[$i] = $part; + $j = 0; + $i++; + continue 2; + } + } + $i++; + } + $parts = array_reverse($parts); + $subnet_end = implode(":", $parts); + return $subnet_end; +} + /* returns a subnet mask (long given a bit count) */ function gen_subnet_mask_long($bits) { $sm = 0; @@ -381,8 +432,26 @@ function is_numericint($arg) { return (preg_match("/[^0-9]/", $arg) ? false : true); } -/* returns true if $ipaddr is a valid dotted IPv4 address */ + +/* returns true if $ipaddr is a valid dotted IPv4 address or a IPv6 */ function is_ipaddr($ipaddr) { + if(is_ipaddrv4($ipaddr)) { + return true; + } + if(is_ipaddrv6($ipaddr)) { + return true; + } + return false; +} + +/* returns true if $ipaddr is a valid IPv6 address */ +function is_ipaddrv6($ipaddr) { + $result = Net_IPv6::checkIPv6($ipaddr); + return $result; +} + +/* returns true if $ipaddr is a valid dotted IPv4 address */ +function is_ipaddrv4($ipaddr) { if (!is_string($ipaddr)) return false; @@ -952,6 +1021,13 @@ function ipcmp($a, $b) { /* return true if $addr is in $subnet, false if not */ function ip_in_subnet($addr,$subnet) { + if(is_ipaddrv6($addr)) { + $result = Net_IPv6::IsInNetmask($addr, $subnet); + if($result) + return true; + else + return false; + } list($ip, $mask) = explode('/', $subnet); $mask = (0xffffffff << (32 - $mask)) & 0xffffffff; return ((ip2long($addr) & $mask) == (ip2long($ip) & $mask)); @@ -1026,6 +1102,7 @@ function resolve_retry($hostname, $retries = 5) { return $hostname; for ($i = 0; $i < $retries; $i++) { + // FIXME: gethostbyname does not work for AAAA hostnames, boo, hiss $ip = gethostbyname($hostname); if ($ip && $ip != $hostname) { diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index e4b8292..d08b60b 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -138,12 +138,13 @@ function vpn_ipsec_configure($ipchg = false) $ipsecpinghosts = ""; /* step through each phase1 entry */ + $ipsecpinghosts = ""; foreach ($a_phase1 as $ph1ent) { if (isset($ph1ent['disabled'])) continue; $ep = ipsec_get_phase1_src($ph1ent); - if (!$ep) + if (!is_ipaddr($ep)) continue; if(!in_array($ep,$ipmap)) @@ -182,27 +183,43 @@ function vpn_ipsec_configure($ipchg = false) if ($ikeid != $ph1ent['ikeid']) continue; + $ph2ent['localid']['mode'] = $ph2ent['mode']; /* add an ipsec pinghosts entry */ if ($ph2ent['pinghost']) { $iflist = get_configured_interface_list(); foreach ($iflist as $ifent => $ifname) { - $interface_ip = get_interface_ip($ifent); - $local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true); - if (ip_in_subnet($interface_ip, $local_subnet)) { - $srcip = $interface_ip; - break; + if(is_ipaddrv6($ph2ent['pinghost'])) { + $interface_ip = get_interface_ipv6($ifent); + if(!is_ipaddrv6($interface_ip)) + continue; + $local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true); + if (ip_in_subnet($interface_ip, $local_subnet)) { + $srcip = $interface_ip; + break; + } + } else { + $interface_ip = get_interface_ip($ifent); + if(!is_ipaddrv4($interface_ip)) + continue; + $local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true); + if (ip_in_subnet($interface_ip, $local_subnet)) { + $srcip = $interface_ip; + break; + } } } $dstip = $ph2ent['pinghost']; + if(is_ipaddrv6($dstip)) { + $family = "inet6"; + } else { + $family = "inet"; + } if (is_ipaddr($srcip)) - $ipsecpinghosts .= "{$srcip}|{$dstip}|3\n"; + $ipsecpinghosts[] = "{$srcip}|{$dstip}|3|||||{$family}|\n"; + } } - $pfd = fopen("{$g['vardb_path']}/ipsecpinghosts", "w"); - if ($pfd) { - fwrite($pfd, $ipsecpinghosts); - fclose($pfd); - } + file_put_contents("{$g['vardb_path']}/ipsecpinghosts", $ipsecpinghosts); } } @@ -436,7 +453,7 @@ function vpn_ipsec_configure($ipchg = false) case "dyn_dns": $myid_type = "address"; - $myid_data = gethostbyname($ph1ent['myid_data']); + $myid_data = resolve_retry($ph1ent['myid_data']); break; case "address"; @@ -636,9 +653,10 @@ EOD; if (isset($ph2ent['mobile']) && !isset($a_client['enable'])) continue; - if ($ph2ent['mode'] == 'tunnel') { + if (($ph2ent['mode'] == 'tunnel') or ($ph2ent['mode'] == 'tunnel6')) { $localid_type = $ph2ent['localid']['type']; + $ph2ent['localid']['mode'] = $ph2ent['mode']; $localid_data = ipsec_idinfo_to_cidr($ph2ent['localid']); /* Do not print localid in some cases, such as a pure-psk or psk/xauth single phase2 mobile tunnel */ if (($localid_type == "none") || @@ -790,11 +808,18 @@ EOD; /* Try to prevent people from locking themselves out of webgui. Just in case. */ if ($config['interfaces']['lan']) { $lanip = get_interface_ip("lan"); - if (!empty($lanip) && is_ipaddr($lanip)) { + if (!empty($lanip) && is_ipaddrv4($lanip)) { $lansn = get_interface_subnet("lan"); $lansa = gen_subnet($lanip, $lansn); - $spdconf .= "spdadd {$lanip}/32 {$lansa}/{$lansn} any -P out none;\n"; - $spdconf .= "spdadd {$lansa}/{$lansn} {$lanip}/32 any -P in none;\n"; + $spdconf .= "spdadd -4 {$lanip}/32 {$lansa}/{$lansn} any -P out none;\n"; + $spdconf .= "spdadd -4 {$lansa}/{$lansn} {$lanip}/32 any -P in none;\n"; + } + $lanipv6 = get_interface_ipv6("lan"); + if (!empty($lanipv6) && is_ipaddrv6($lanipv6)) { + $lansnv6 = get_interface_subnetv6("lan"); + $lansav6 = gen_subnetv6($lanipv6, $lansnv6); + $spdconf .= "spdadd -6 {$lanipv6}/128 {$lansav6}/{$lansnv6} any -P out none;\n"; + $spdconf .= "spdadd -6 {$lansav6}/{$lansnv6} {$lanipv6}/128 any -P in none;\n"; } } @@ -820,15 +845,20 @@ EOD; if(!is_ipaddr($rgip)) continue; + $ph2ent['localid']['mode'] = $ph2ent['mode']; $localid = ipsec_idinfo_to_cidr($ph2ent['localid'],true); $remoteid = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true); - if($ph2ent['mode'] == "tunnel") { + if(($ph2ent['mode'] == "tunnel") or ($ph2ent['mode'] == 'tunnel6')) { + if($ph2ent['mode'] == "tunnel6") + $family = "-6"; + else + $family = "-4"; - $spdconf .= "spdadd {$localid} {$remoteid} any -P out ipsec " . + $spdconf .= "spdadd {$family} {$localid} {$remoteid} any -P out ipsec " . "{$ph2ent['protocol']}/tunnel/{$ep}-{$rgip}/unique;\n"; - $spdconf .= "spdadd {$remoteid} {$localid} any -P in ipsec " . + $spdconf .= "spdadd {$family} {$remoteid} {$localid} any -P in ipsec " . "{$ph2ent['protocol']}/tunnel/{$rgip}-{$ep}/unique;\n"; } else { @@ -1673,6 +1703,8 @@ function reload_tunnel_spd_policy($phase1, $phase2, $old_phase1, $old_phase2) { $sad_arr = ipsec_dump_sad(); $ep = ipsec_get_phase1_src($phase1); + $phase2['localid']['mode'] = $phase2['mode']; + echo "phase2 mode {$phase2['mode']}\n"; $local_subnet = ipsec_idinfo_to_cidr($phase2['localid']); $remote_subnet = ipsec_idinfo_to_cidr($phase2['remoteid']); @@ -1680,6 +1712,8 @@ function reload_tunnel_spd_policy($phase1, $phase2, $old_phase1, $old_phase2) { $old_gw = trim($old_phase1['remote-gateway']); $old_ep = ipsec_get_phase1_src($old_phase1); + $old_phase2['localid']['mode'] = $old_phase2['mode']; + echo "old_phase2 mode {$old_phase2['mode']}\n"; $old_local_subnet = ipsec_idinfo_to_cidr($old_phase2['localid']); $old_remote_subnet = ipsec_idinfo_to_cidr($old_phase2['remoteid']); @@ -1715,11 +1749,16 @@ function reload_tunnel_spd_policy($phase1, $phase2, $old_phase1, $old_phase2) { $spdconf = ""; /* Delete old SPD policies if there are changes between the old and new */ if(($phase1 != $old_phase1) || ($phase2 != $old_phase2)) { - $spdconf .= "spddelete {$old_local_subnet} " . + if($old_phase2['mode'] == "tunnel6") + $family = "-6"; + else + $family = "-4"; + + $spdconf .= "spddelete {$family} {$old_local_subnet} " . "{$old_remote_subnet} any -P out ipsec " . "{$old_phase2['protocol']}/tunnel/{$old_ep}-" . "{$old_gw}/unique;\n"; - $spdconf .= "spddelete {$old_remote_subnet} " . + $spdconf .= "spddelete {$family} {$old_remote_subnet} " . "{$old_local_subnet} any -P in ipsec " . "{$old_phase2['protocol']}/tunnel/{$old_gw}-" . "{$old_ep}/unique;\n"; @@ -1727,30 +1766,35 @@ function reload_tunnel_spd_policy($phase1, $phase2, $old_phase1, $old_phase2) { /* zap any existing SA entries */ foreach($sad_arr as $sad) { if(($sad['dst'] == $old_ep) && ($sad['src'] == $old_gw)) { - $spdconf .= "delete {$old_ep} {$old_gw} {$old_phase2['protocol']} 0x{$sad['spi']};\n"; + $spdconf .= "delete {$family} {$old_ep} {$old_gw} {$old_phase2['protocol']} 0x{$sad['spi']};\n"; } if(($sad['src'] == $oldep) && ($sad['dst'] == $old_gw)) { - $spdconf .= "delete {$old_gw} {$old_ep} {$old_phase2['protocol']} 0x{$sad['spi']};\n"; + $spdconf .= "delete {$family} {$old_gw} {$old_ep} {$old_phase2['protocol']} 0x{$sad['spi']};\n"; } } } + if($phase2['mode'] == "tunnel6") + $family = "-6"; + else + $family = "-4"; + /* Create new SPD entries for the new configuration */ /* zap any existing SA entries beforehand */ foreach($sad_arr as $sad) { if(($sad['dst'] == $ep) && ($sad['src'] == $rgip)) { - $spdconf .= "delete {$rgip} {$ep} {$phase2['protocol']} 0x{$sad['spi']};\n"; + $spdconf .= "delete {$family} {$rgip} {$ep} {$phase2['protocol']} 0x{$sad['spi']};\n"; } if(($sad['src'] == $ep) && ($sad['dst'] == $rgip)) { - $spdconf .= "delete {$ep} {$rgip} {$phase2['protocol']} 0x{$sad['spi']};\n"; + $spdconf .= "delete {$family} {$ep} {$rgip} {$phase2['protocol']} 0x{$sad['spi']};\n"; } } /* add new SPD policies to replace them */ - $spdconf .= "spdadd {$local_subnet} " . + $spdconf .= "spdadd {$family} {$local_subnet} " . "{$remote_subnet} any -P out ipsec " . "{$phase2['protocol']}/tunnel/{$ep}-" . "{$rgip}/unique;\n"; - $spdconf .= "spdadd {$remote_subnet} " . + $spdconf .= "spdadd {$family} {$remote_subnet} " . "{$local_subnet} any -P in ipsec " . "{$phase2['protocol']}/tunnel/{$rgip}-" . "{$ep}/unique;\n"; diff --git a/etc/inc/vslb.inc b/etc/inc/vslb.inc index f984b60..79978c0 100644 --- a/etc/inc/vslb.inc +++ b/etc/inc/vslb.inc @@ -283,7 +283,7 @@ function relayd_configure() { mwexec('pkill relayd'); } } else { - if (! empty($vs_a)) { + if (count($vs_a) > 0) { // not running and there is a config, start it mwexec("/usr/local/sbin/relayd -f {$g['varetc_path']}/relayd.conf"); } diff --git a/etc/inc/xmlrpc_client.inc b/etc/inc/xmlrpc_client.inc index 8b8a9a2..39d6d70 100644 --- a/etc/inc/xmlrpc_client.inc +++ b/etc/inc/xmlrpc_client.inc @@ -10,35 +10,18 @@ * * PHP versions 4 and 5 * - * LICENSE: License is granted to use or modify this software - * ("XML-RPC for PHP") for commercial or non-commercial use provided the - * copyright of the author is preserved in any distributed or derivative work. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESSED OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * * @category Web Services * @package XML_RPC * @author Edd Dumbill <edd@usefulinc.com> * @author Stig Bakken <stig@php.net> * @author Martin Jansen <mj@php.net> * @author Daniel Convissor <danielc@php.net> - * @copyright 1999-2001 Edd Dumbill, 2001-2006 The PHP Group - * @version CVS: $Id$ + * @copyright 1999-2001 Edd Dumbill, 2001-2010 The PHP Group + * @license http://www.php.net/license/3_01.txt PHP License + * @version SVN: $Id: RPC.php 300961 2010-07-03 02:17:34Z danielc $ * @link http://pear.php.net/package/XML_RPC */ -/* - pfSense_MODULE: utils -*/ if (!function_exists('xml_parser_create')) { include_once 'PEAR.inc'; @@ -202,27 +185,6 @@ $GLOBALS['XML_RPC_errxml'] = 100; $GLOBALS['XML_RPC_backslash'] = chr(92) . chr(92); -/**#@+ - * Which functions to use, depending on whether mbstring is enabled or not. - */ -if (function_exists('mb_ereg')) { - /** @global string $GLOBALS['XML_RPC_func_ereg'] */ - $GLOBALS['XML_RPC_func_ereg'] = 'mb_eregi'; - /** @global string $GLOBALS['XML_RPC_func_ereg_replace'] */ - $GLOBALS['XML_RPC_func_ereg_replace'] = 'mb_eregi_replace'; - /** @global string $GLOBALS['XML_RPC_func_split'] */ - $GLOBALS['XML_RPC_func_split'] = 'mb_split'; -} else { - /** @ignore */ - $GLOBALS['XML_RPC_func_ereg'] = 'eregi'; - /** @ignore */ - $GLOBALS['XML_RPC_func_ereg_replace'] = 'eregi_replace'; - /** @ignore */ - $GLOBALS['XML_RPC_func_split'] = 'split'; -} -/**#@-*/ - - /** * Should we automatically base64 encode strings that contain characters * which can cause PHP's SAX-based XML parser to break? @@ -301,7 +263,7 @@ function XML_RPC_se($parser_resource, $name, $attrs) } else { // not top level element: see if parent is OK if (!in_array($XML_RPC_xh[$parser]['stack'][0], $XML_RPC_valid_parents[$name])) { - $name = $GLOBALS['XML_RPC_func_ereg_replace']('[^a-zA-Z0-9._-]', '', $name); + $name = preg_replace('@[^a-zA-Z0-9._-]@', '', $name); $XML_RPC_xh[$parser]['isf'] = 2; $XML_RPC_xh[$parser]['isf_reason'] = "xmlrpc element $name cannot be child of {$XML_RPC_xh[$parser]['stack'][0]}"; return; @@ -465,7 +427,7 @@ function XML_RPC_ee($parser_resource, $name) } else { // we have an I4, INT or a DOUBLE // we must check that only 0123456789-.<space> are characters here - if (!$GLOBALS['XML_RPC_func_ereg']("^[+-]?[0123456789 \t\.]+$", $XML_RPC_xh[$parser]['ac'])) { + if (!preg_match("@^[+-]?[0123456789 \t\.]+$@", $XML_RPC_xh[$parser]['ac'])) { XML_RPC_Base::raiseError('Non-numeric value received in INT or DOUBLE', XML_RPC_ERROR_NON_NUMERIC_FOUND); $XML_RPC_xh[$parser]['value'] = XML_RPC_ERROR_NON_NUMERIC_FOUND; @@ -529,7 +491,7 @@ function XML_RPC_ee($parser_resource, $name) case 'METHODNAME': case 'RPCMETHODNAME': - $XML_RPC_xh[$parser]['method'] = $GLOBALS['XML_RPC_func_ereg_replace']("^[\n\r\t ]+", '', + $XML_RPC_xh[$parser]['method'] = preg_replace("@^[\n\r\t ]+@", '', $XML_RPC_xh[$parser]['ac']); break; } @@ -581,8 +543,9 @@ function XML_RPC_cd($parser_resource, $data) * @author Stig Bakken <stig@php.net> * @author Martin Jansen <mj@php.net> * @author Daniel Convissor <danielc@php.net> - * @copyright 1999-2001 Edd Dumbill, 2001-2006 The PHP Group - * @version Release: 1.5.1 + * @copyright 1999-2001 Edd Dumbill, 2001-2010 The PHP Group + * @license http://www.php.net/license/3_01.txt PHP License + * @version Release: @package_version@ * @link http://pear.php.net/package/XML_RPC */ class XML_RPC_Base { @@ -626,8 +589,9 @@ class XML_RPC_Base { * @author Stig Bakken <stig@php.net> * @author Martin Jansen <mj@php.net> * @author Daniel Convissor <danielc@php.net> - * @copyright 1999-2001 Edd Dumbill, 2001-2006 The PHP Group - * @version Release: 1.5.1 + * @copyright 1999-2001 Edd Dumbill, 2001-2010 The PHP Group + * @license http://www.php.net/license/3_01.txt PHP License + * @version Release: @package_version@ * @link http://pear.php.net/package/XML_RPC */ class XML_RPC_Client extends XML_RPC_Base { @@ -765,7 +729,7 @@ class XML_RPC_Client extends XML_RPC_Base { $this->proxy_user = $proxy_user; $this->proxy_pass = $proxy_pass; - $GLOBALS['XML_RPC_func_ereg']('^(http://|https://|ssl://)?(.*)$', $server, $match); + preg_match('@^(http://|https://|ssl://)?(.*)$@', $server, $match); if ($match[1] == '') { if ($port == 443) { $this->server = $match[2]; @@ -793,7 +757,7 @@ class XML_RPC_Client extends XML_RPC_Base { } if ($proxy) { - $GLOBALS['XML_RPC_func_ereg']('^(http://|https://|ssl://)?(.*)$', $proxy, $match); + preg_match('@^(http://|https://|ssl://)?(.*)$@', $proxy, $match); if ($match[1] == '') { if ($proxy_port == 443) { $this->proxy = $match[2]; @@ -923,6 +887,26 @@ class XML_RPC_Client extends XML_RPC_Base { function sendPayloadHTTP10($msg, $server, $port, $timeout = 0, $username = '', $password = '') { + // Pre-emptive BC hacks for fools calling sendPayloadHTTP10() directly + if ($username != $this->username) { + $this->setCredentials($username, $password); + } + + // Only create the payload if it was not created previously + if (empty($msg->payload)) { + $msg->createPayload(); + } + $this->createHeaders($msg); + + $op = $this->headers . "\r\n\r\n"; + $op .= $msg->payload; + + if ($this->debug) { + print "\n<pre>---SENT---\n"; + print $op; + print "\n---END---</pre>\n"; + } + /* * If we're using a proxy open a socket to the proxy server * instead to the xml-rpc server @@ -981,20 +965,6 @@ class XML_RPC_Client extends XML_RPC_Base { socket_set_timeout($fp, $timeout); } - // Pre-emptive BC hacks for fools calling sendPayloadHTTP10() directly - if ($username != $this->username) { - $this->setCredentials($username, $password); - } - - // Only create the payload if it was not created previously - if (empty($msg->payload)) { - $msg->createPayload(); - } - $this->createHeaders($msg); - - $op = $this->headers . "\r\n\r\n"; - $op .= $msg->payload; - if (!fputs($fp, $op, strlen($op))) { $this->errstr = 'Write error'; return 0; @@ -1068,8 +1038,9 @@ class XML_RPC_Client extends XML_RPC_Base { * @author Stig Bakken <stig@php.net> * @author Martin Jansen <mj@php.net> * @author Daniel Convissor <danielc@php.net> - * @copyright 1999-2001 Edd Dumbill, 2001-2006 The PHP Group - * @version Release: 1.5.1 + * @copyright 1999-2001 Edd Dumbill, 2001-2010 The PHP Group + * @license http://www.php.net/license/3_01.txt PHP License + * @version Release: @package_version@ * @link http://pear.php.net/package/XML_RPC */ class XML_RPC_Response extends XML_RPC_Base @@ -1159,8 +1130,9 @@ class XML_RPC_Response extends XML_RPC_Base * @author Stig Bakken <stig@php.net> * @author Martin Jansen <mj@php.net> * @author Daniel Convissor <danielc@php.net> - * @copyright 1999-2001 Edd Dumbill, 2001-2006 The PHP Group - * @version Release: 1.5.1 + * @copyright 1999-2001 Edd Dumbill, 2001-2010 The PHP Group + * @license http://www.php.net/license/3_01.txt PHP License + * @version Release: @package_version@ * @link http://pear.php.net/package/XML_RPC */ class XML_RPC_Message extends XML_RPC_Base @@ -1297,9 +1269,9 @@ class XML_RPC_Message extends XML_RPC_Base $this->payload .= "</params>\n"; $this->payload .= $this->xml_footer(); if ($this->remove_extra_lines) { - $this->payload = $GLOBALS['XML_RPC_func_ereg_replace']("[\r\n]+", "\r\n", $this->payload); + $this->payload = preg_replace("@[\r\n]+@", "\r\n", $this->payload); } else { - $this->payload = $GLOBALS['XML_RPC_func_ereg_replace']("\r\n|\n|\r|\n\r", "\r\n", $this->payload); + $this->payload = preg_replace("@\r\n|\n|\r|\n\r@", "\r\n", $this->payload); } if ($this->convert_payload_encoding) { $this->payload = mb_convert_encoding($this->payload, $this->send_encoding); @@ -1421,7 +1393,7 @@ class XML_RPC_Message extends XML_RPC_Base { global $XML_RPC_defencoding; - if ($GLOBALS['XML_RPC_func_ereg']('<\?xml[^>]*[:space:]*encoding[:space:]*=[:space:]*[\'"]([^"\']*)[\'"]', + if (preg_match('@<\?xml[^>]*\s*encoding\s*=\s*[\'"]([^"\']*)[\'"]@', $data, $match)) { $match[1] = trim(strtoupper($match[1])); @@ -1486,9 +1458,9 @@ class XML_RPC_Message extends XML_RPC_Base // See if response is a 200 or a 100 then a 200, else raise error. // But only do this if we're using the HTTP protocol. - if ($GLOBALS['XML_RPC_func_ereg']('^HTTP', $data) && - !$GLOBALS['XML_RPC_func_ereg']('^HTTP/[0-9\.]+ 200 ', $data) && - !$GLOBALS['XML_RPC_func_ereg']('^HTTP/[0-9\.]+ 10[0-9]([A-Z ]+)?[\r\n]+HTTP/[0-9\.]+ 200', $data)) + if (preg_match('@^HTTP@', $data) && + !preg_match('@^HTTP/[0-9\.]+ 200 @', $data) && + !preg_match('@^HTTP/[0-9\.]+ 10[0-9]([A-Z ]+)?[\r\n]+HTTP/[0-9\.]+ 200@', $data)) { $errstr = substr($data, 0, strpos($data, "\n") - 1); error_log('HTTP error, got response: ' . $errstr); @@ -1558,7 +1530,7 @@ class XML_RPC_Message extends XML_RPC_Base $r = new XML_RPC_Response($v); } } - $r->hdrs = split("\r?\n", $XML_RPC_xh[$parser]['ha'][1]); + $r->hdrs = preg_split("@\r?\n@", $XML_RPC_xh[$parser]['ha'][1]); return $r; } } @@ -1572,8 +1544,9 @@ class XML_RPC_Message extends XML_RPC_Base * @author Stig Bakken <stig@php.net> * @author Martin Jansen <mj@php.net> * @author Daniel Convissor <danielc@php.net> - * @copyright 1999-2001 Edd Dumbill, 2001-2006 The PHP Group - * @version Release: 1.5.1 + * @copyright 1999-2001 Edd Dumbill, 2001-2010 The PHP Group + * @license http://www.php.net/license/3_01.txt PHP License + * @version Release: @package_version@ * @link http://pear.php.net/package/XML_RPC */ class XML_RPC_Value extends XML_RPC_Base @@ -1731,7 +1704,7 @@ class XML_RPC_Value extends XML_RPC_Base $rs .= "<struct>\n"; reset($val); foreach ($val as $key2 => $val2) { - $rs .= "<member><name>${key2}</name>\n"; + $rs .= "<member><name>" . htmlspecialchars($key2) . "</name>\n"; $rs .= $this->serializeval($val2); $rs .= "</member>\n"; } @@ -1741,8 +1714,8 @@ class XML_RPC_Value extends XML_RPC_Base case 2: // array $rs .= "<array>\n<data>\n"; - for ($i = 0; $i < sizeof($val); $i++) { - $rs .= $this->serializeval($val[$i]); + foreach ($val as $value) { + $rs .= $this->serializeval($value); } $rs .= "</data>\n</array>"; break; @@ -1953,7 +1926,7 @@ function XML_RPC_iso8601_encode($timet, $utc = 0) function XML_RPC_iso8601_decode($idate, $utc = 0) { $t = 0; - if ($GLOBALS['XML_RPC_func_ereg']('([0-9]{4})([0-9]{2})([0-9]{2})T([0-9]{2}):([0-9]{2}):([0-9]{2})', $idate, $regs)) { + if (preg_match('@([0-9]{4})([0-9]{2})([0-9]{2})T([0-9]{2}):([0-9]{2}):([0-9]{2})@', $idate, $regs)) { if ($utc) { $t = gmmktime($regs[4], $regs[5], $regs[6], $regs[2], $regs[3], $regs[1]); } else { @@ -2042,10 +2015,10 @@ function XML_RPC_encode($php_val) case 'string': case 'NULL': - if ($GLOBALS['XML_RPC_func_ereg']('^[0-9]{8}\T{1}[0-9]{2}\:[0-9]{2}\:[0-9]{2}$', $php_val)) { + if (preg_match('@^[0-9]{8}\T{1}[0-9]{2}\:[0-9]{2}\:[0-9]{2}$@', $php_val)) { $XML_RPC_val->addScalar($php_val, $GLOBALS['XML_RPC_DateTime']); } elseif ($GLOBALS['XML_RPC_auto_base64'] - && $GLOBALS['XML_RPC_func_ereg']("[^ -~\t\r\n]", $php_val)) + && preg_match("@[^ -~\t\r\n]@", $php_val)) { // Characters other than alpha-numeric, punctuation, SP, TAB, // LF and CR break the XML parser, encode value via Base 64. diff --git a/etc/inc/xmlrpc_server.inc b/etc/inc/xmlrpc_server.inc index 8887bdf..a8e6ae3 100644 --- a/etc/inc/xmlrpc_server.inc +++ b/etc/inc/xmlrpc_server.inc @@ -10,35 +10,18 @@ * * PHP versions 4 and 5 * - * LICENSE: License is granted to use or modify this software - * ("XML-RPC for PHP") for commercial or non-commercial use provided the - * copyright of the author is preserved in any distributed or derivative work. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESSED OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * * @category Web Services * @package XML_RPC * @author Edd Dumbill <edd@usefulinc.com> * @author Stig Bakken <stig@php.net> * @author Martin Jansen <mj@php.net> * @author Daniel Convissor <danielc@php.net> - * @copyright 1999-2001 Edd Dumbill, 2001-2006 The PHP Group - * @version CVS: $Id$ + * @copyright 1999-2001 Edd Dumbill, 2001-2010 The PHP Group + * @license http://www.php.net/license/3_01.txt PHP License + * @version SVN: $Id: Server.php 300961 2010-07-03 02:17:34Z danielc $ * @link http://pear.php.net/package/XML_RPC */ -/* - pfSense_MODULE: utils -*/ /** * Pull in the XML_RPC class @@ -272,8 +255,9 @@ function XML_RPC_Server_debugmsg($m) * @author Stig Bakken <stig@php.net> * @author Martin Jansen <mj@php.net> * @author Daniel Convissor <danielc@php.net> - * @copyright 1999-2001 Edd Dumbill, 2001-2006 The PHP Group - * @version Release: 1.5.1 + * @copyright 1999-2001 Edd Dumbill, 2001-2010 The PHP Group + * @license http://www.php.net/license/3_01.txt PHP License + * @version Release: @package_version@ * @link http://pear.php.net/package/XML_RPC */ class XML_RPC_Server @@ -377,7 +361,7 @@ class XML_RPC_Server if ($XML_RPC_Server_debuginfo != '') { return "<!-- PEAR XML_RPC SERVER DEBUG INFO:\n\n" - . $GLOBALS['XML_RPC_func_ereg_replace']('--', '- - ', $XML_RPC_Server_debuginfo) + . str_replace('--', '- - ', $XML_RPC_Server_debuginfo) . "-->\n"; } else { return ''; @@ -434,9 +418,9 @@ class XML_RPC_Server * that someone composed a single header with multiple lines, which * the RFCs allow. */ - $this->server_headers = $GLOBALS['XML_RPC_func_ereg_replace']("[\r\n]+[ \t]+", + $this->server_headers = preg_replace("@[\r\n]+[ \t]+@", ' ', trim($this->server_headers)); - $headers = $GLOBALS['XML_RPC_func_split']("[\r\n]+", $this->server_headers); + $headers = preg_split("@[\r\n]+@", $this->server_headers); foreach ($headers as $header) { header($header); @@ -685,4 +669,4 @@ class XML_RPC_Server * End: */ -?>
\ No newline at end of file +?> diff --git a/etc/rc.banner b/etc/rc.banner index 6f81cb9..2e016ce 100755 --- a/etc/rc.banner +++ b/etc/rc.banner @@ -70,15 +70,21 @@ break; } $ipaddr = get_interface_ip($ifname); + $subnet = get_interface_subnet($ifname); + $ipaddr6 = get_interface_ipv6($ifname); + $subnet6 = get_interface_subnetv6($ifname); $realif = get_real_interface($ifname); $tobanner = "{$friendly} ({$ifname})"; - printf("\n %-25s -> %-10s -> %s %s", + printf("\n %-15s -> %-10s -> %s/%s\t%s/%s %s", $tobanner, $realif, $ipaddr ? $ipaddr : "NONE", + $subnet ? $subnet : "NONE", + $ipaddr6 ? $ipaddr6 : "NONE", + $subnet6 ? $subnet6 : "NONE", $class ); } -?>
\ No newline at end of file +?> diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index 7039722..d588e8a 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -295,6 +295,8 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { $port = "443"; } + if(is_ipaddrv6($carp['synchronizetoip'])) + $carp['synchronizetoip'] = "[{$carp['synchronizetoip']}]"; $synchronizetoip .= $carp['synchronizetoip']; if ($carp['synchronizerules'] != "") { if (!is_array($config['filter'])) diff --git a/etc/rc.update_bogons.sh b/etc/rc.update_bogons.sh index 52cfc1a..52ec92f 100755 --- a/etc/rc.update_bogons.sh +++ b/etc/rc.update_bogons.sh @@ -28,6 +28,15 @@ if [ ! -f /tmp/bogons ]; then exit fi +/usr/bin/fetch -q -o /tmp/bogonsv6 "http://files.pfsense.org/mirrors/fullbogons-ipv6.txt" +if [ ! -f /tmp/bogonsv6 ]; then + echo "Could not download http://files.pfsense.org/mirrors/fullbogons-ipv6.txt" | logger + # Relaunch and sleep + sh /etc/rc.update_bogons.sh & + exit +fi + + BOGON_MD5=`/usr/bin/fetch -q -o - "http://files.pfsense.org/mirrors/bogon-bn-nonagg.txt.md5" | awk '{ print $4 }'` ON_DISK_MD5=`md5 /tmp/bogons | awk '{ print $4 }'` if [ "$BOGON_MD5" = "$ON_DISK_MD5" ]; then @@ -42,5 +51,19 @@ else sh /etc/rc.update_bogons.sh & fi +BOGON_MD5=`/usr/bin/fetch -q -o - "http://files.pfsense.org/mirrors/fullbogons-ipv6.txt.md5" | awk '{ print $4 }'` +ON_DISK_MD5=`md5 /tmp/bogonsv6 | awk '{ print $4 }'` +if [ "$BOGON_MD5" = "$ON_DISK_MD5" ]; then + egrep -v "^#" /tmp/bogonsv6 > /etc/bogonsv6 + /etc/rc.conf_mount_ro + RESULT=`/sbin/pfctl -t bogonsv6 -T replace -f /etc/bogonsv6 2>&1` + rm /tmp/bogons + echo "Bogons files downloaded: $RESULT" | logger +else + echo "Could not download http://files.pfsense.org/mirrors/fullbogons-ipv6.txt.md5 (md5 mismatch)" | logger + # Relaunch and sleep + sh /etc/rc.update_bogons.sh & +fi + echo "rc.update_bogons.sh is ending the update cycle." | logger diff --git a/etc/version b/etc/version index 73a14bb..e252e34 100644 --- a/etc/version +++ b/etc/version @@ -1 +1 @@ -2.0-RC1 +2.0-RC1-IPv6 diff --git a/usr/local/bin/ping_hosts.sh b/usr/local/bin/ping_hosts.sh index 97629c4..c0de5a1 100755 --- a/usr/local/bin/ping_hosts.sh +++ b/usr/local/bin/ping_hosts.sh @@ -13,6 +13,7 @@ # Field 5: Script to run once service is restored # Field 6: Ping time threshold # Field 7: Wan ping time threshold +# Field 8: Address family # Read in ipsec ping hosts and check the CARP status if [ -f /var/db/ipsecpinghosts ]; then @@ -66,9 +67,15 @@ for TOPING in $PINGHOSTS ; do SERVICERESTOREDSCRIPT=`echo $TOPING | cut -d"|" -f5` THRESHOLD=`echo $TOPING | cut -d"|" -f6` WANTHRESHOLD=`echo $TOPING | cut -d"|" -f7` + AF=`echo $TOPING | cut -d"|" -f8` + if [ "$AF" == "inet6" ]; then + PINGCMD=ping6 + else + PINGCMD=ping + fi echo Processing $DSTIP # Look for a service being down - ping -c $COUNT -S $SRCIP $DSTIP + $PINGCMD -c $COUNT -S $SRCIP $DSTIP if [ $? -eq 0 ]; then # Host is up # Read in previous status @@ -97,7 +104,7 @@ for TOPING in $PINGHOSTS ; do fi echo "Checking ping time $DSTIP" # Look at ping values themselves - PINGTIME=`ping -c 1 -S $SRCIP $DSTIP | awk '{ print $7 }' | grep time | cut -d "=" -f2` + PINGTIME=`$PINGCMD -c 1 -S $SRCIP $DSTIP | awk '{ print $7 }' | grep time | cut -d "=" -f2` echo "Ping returned $?" echo $PINGTIME > /var/db/pingmsstatus/$DSTIP if [ "$THRESHOLD" != "" ]; then diff --git a/usr/local/www/diag_logs_filter.php b/usr/local/www/diag_logs_filter.php index 5fb94cf..8b1222e 100755 --- a/usr/local/www/diag_logs_filter.php +++ b/usr/local/www/diag_logs_filter.php @@ -150,18 +150,25 @@ include("head.inc"); <?php $int = strtolower($filterent['interface']); $proto = strtolower($filterent['proto']); + if(is_ipaddrv6($filterent['srcip'])) { + $ipproto = "inet6"; + $filterent['srcip'] = "[{$filterent['srcip']}]"; + $filterent['dstip'] = "[{$filterent['dstip']}]"; + } else { + $ipproto = "inet"; + } $srcstr = $filterent['srcip'] . get_port_with_service($filterent['srcport'], $proto); $dststr = $filterent['dstip'] . get_port_with_service($filterent['dstport'], $proto); ?> <td class="listr" nowrap> <a href="diag_dns.php?host=<?php echo $filterent['srcip']; ?>" title="<?=gettext("Reverse Resolve with DNS");?>"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_log.gif"></a> - <a href="easyrule.php?<?php echo "action=block&int={$int}&src={$filterent['srcip']}"; ?>" title="<?=gettext("Easy Rule: Add to Block List");?>" onclick="return confirm('<?=gettext("Do you really want to add this BLOCK rule?")."\n\n".gettext("Easy Rule is still experimental.")."\n".gettext("Continue at risk of your own peril.")."\n".gettext("Backups are also nice.")?>')"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_block_add.gif"></a> + <a href="easyrule.php?<?php echo "action=block&int={$int}&src={$filterent['srcip']}&ipproto={$ipproto}"; ?>" title="<?=gettext("Easy Rule: Add to Block List");?>" onclick="return confirm('<?=gettext("Do you really want to add this BLOCK rule?")."\n\n".gettext("Easy Rule is still experimental.")."\n".gettext("Continue at risk of your own peril.")."\n".gettext("Backups are also nice.")?>')"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_block_add.gif"></a> <?php echo $srcstr;?> </td> <td class="listr" nowrap> <a href="diag_dns.php?host=<?php echo $filterent['dstip']; ?>" title="<?=gettext("Reverse Resolve with DNS");?>"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_log.gif"></a> - <a href="easyrule.php?<?php echo "action=pass&int={$int}&proto={$proto}&src={$filterent['srcip']}&dst={$filterent['dstip']}&dstport={$filterent['dstport']}"; ?>" title="<?=gettext("Easy Rule: Pass this traffic");?>" onclick="return confirm('<?=gettext("Do you really want to add this PASS rule?")."\n\n".gettext("Easy Rule is still experimental.")."\n".gettext("Continue at risk of your own peril.")."\n".gettext("Backups are also nice.");?>')"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_pass_add.gif"></a> + <a href="easyrule.php?<?php echo "action=pass&int={$int}&proto={$proto}&src={$filterent['srcip']}&dst={$filterent['dstip']}&dstport={$filterent['dstport']}&ipproto={$ipproto}"; ?>" title="<?=gettext("Easy Rule: Pass this traffic");?>" onclick="return confirm('<?=gettext("Do you really want to add this PASS rule?")."\n\n".gettext("Easy Rule is still experimental.")."\n".gettext("Continue at risk of your own peril.")."\n".gettext("Backups are also nice.");?>')"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_pass_add.gif"></a> <?php echo $dststr;?> </td> <?php diff --git a/usr/local/www/diag_logs_ipsec.php b/usr/local/www/diag_logs_ipsec.php index 87e1e50..9ed65a5 100755 --- a/usr/local/www/diag_logs_ipsec.php +++ b/usr/local/www/diag_logs_ipsec.php @@ -62,7 +62,7 @@ if(is_array($config['ipsec']['phase1'])) $replace[] = "$1<strong>[{$ph1ent['descr']}]</strong>: $2$3$4"; } /* collect all our own ip addresses */ -exec("/sbin/ifconfig | /usr/bin/awk '/inet / {print $2}'", $ip_address_list); +exec("/sbin/ifconfig | /usr/bin/awk '/inet/ {print $2}'", $ip_address_list); foreach($ip_address_list as $address) { $search[] = "/(racoon: )(INFO[:].*?)({$address}\[[0-9].+\])/i"; $search[] = "/(racoon: )(\[{$address}\]|{$address})(.*)/i"; @@ -79,7 +79,6 @@ $replace[] = "$1 <strong>[Check Phase 1 settings, lifetime, algorithm]</strong>" $replace[] = "$1 <strong>[Check Phase 2 settings, networks]</strong>"; $replace[] = "$1 <strong>[Check Phase 2 settings, algorithm]</strong>"; - $nentries = $config['syslog']['nentries']; if (!$nentries) $nentries = 50; diff --git a/usr/local/www/diag_ndp.php b/usr/local/www/diag_ndp.php new file mode 100755 index 0000000..c99da4e --- /dev/null +++ b/usr/local/www/diag_ndp.php @@ -0,0 +1,163 @@ +<?php +/* + diag_ndp.php + part of the pfSense project (http://www.pfsense.org) + Copyright (C) 2004-2010 Scott Ullrich <sullrich@gmail.com> + Copyright (C) 2011 Seth Mos <seth.mos@dds.nl> + + + originally part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2005 Paul Taylor (paultaylor@winndixie.com) and Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* + pfSense_BUILDER_BINARIES: /bin/cat /usr/sbin/arp + pfSense_MODULE: arp +*/ + +##|+PRIV +##|*IDENT=page-diagnostics-ndptable +##|*NAME=Diagnostics: NDP Table page +##|*DESCR=Allow access to the 'Diagnostics: NDP Table' page. +##|*MATCH=diag_ndp.php* +##|-PRIV + +@ini_set('zlib.output_compression', 0); +@ini_set('implicit_flush', 1); + +require("guiconfig.inc"); + +exec("/usr/sbin/ndp -na", $rawdata); + +$i = 0; + +/* if list */ +$ifdescrs = get_configured_interface_with_descr(); + +foreach ($ifdescrs as $key =>$interface) { + $hwif[$config['interfaces'][$key]['if']] = $interface; +} + +/* Array ( [0] => Neighbor [1] => Linklayer [2] => Address +[3] => Netif [4] => Expire [5] => S +[6] => Flags ) */ +$data = array(); +array_shift($rawdata); +foreach ($rawdata as $line) { + $elements = preg_split('/[ ]+/', $line); + + $ndpent = array(); + $ndpent['ipv6'] = trim($elements[0]); + $ndpent['mac'] = trim($elements[1]); + $ndpent['interface'] = trim($elements[2]); + $data[] = $ndpent; +} + +/* FIXME: Not ipv6 compatible dns resolving. PHP needs fixing */ +function _getHostName($mac,$ip) +{ + if(is_ipaddr($ip)) { + if(gethostbyaddr($ip) <> "" and gethostbyaddr($ip) <> $ip) + return gethostbyaddr($ip); + else + return ""; + } +} + +// Resolve hostnames and replace Z_ with "". The intention +// is to sort the list by hostnames, alpha and then the non +// resolvable addresses will appear last in the list. +foreach ($data as &$entry) { + $dns = trim(_getHostName($entry['mac'], $entry['ipv6'])); + if(trim($dns)) + $entry['dnsresolve'] = "$dns"; + else + $entry['dnsresolve'] = "Z_ "; +} + +// Sort the data alpha first +$data = msort($data, "dnsresolve"); + +$pgtitle = array(gettext("Diagnostics"),gettext("NDP Table")); +include("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php include("fbegin.inc"); ?> + +<div id="loading"> + <img src="/themes/<?=$g['theme'];?>/images/misc/loader.gif"><?= gettext("Loading, please wait..."); ?> + <p/> +</div> + +<?php + +// Flush buffers out to client so that they see Loading, please wait.... +for ($i = 0; $i < ob_get_level(); $i++) { ob_end_flush(); } +ob_implicit_flush(1); + +?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdrr"><?= gettext("IPv6 address"); ?></td> + <td class="listhdrr"><?= gettext("MAC address"); ?></td> + <td class="listhdrr"><?= gettext("Hostname"); ?></td> + <td class="listhdr"><?= gettext("Interface"); ?></td> + <td class="list"></td> + </tr> + <?php foreach ($data as $entry): ?> + <tr> + <td class="listlr"><?=$entry['ipv6'];?></td> + <td class="listr"><?=$entry['mac'];?></td> + <td class="listr"> + <?php + echo " ". str_replace("Z_ ", "", $entry['dnsresolve']); + ?> + </td> + <td class="listr"> + <? + if(isset($hwif[$entry['interface']])) + echo $hwif[$entry['interface']]; + else + echo $entry['interface']; + ?> + </td> + </tr> + <?php endforeach; ?> + </table> + </td> + </tr> +</table> + +<?php include("fend.inc"); ?> + +<script type="text/javascript"> + $('loading').innerHTML = ''; +</script> diff --git a/usr/local/www/diag_ping.php b/usr/local/www/diag_ping.php index 0bbc7d5..155f0f7 100755 --- a/usr/local/www/diag_ping.php +++ b/usr/local/www/diag_ping.php @@ -29,7 +29,7 @@ */ /* - pfSense_BUILDER_BINARIES: /sbin/ping + pfSense_BUILDER_BINARIES: /sbin/ping /sbin/ping6 pfSense_MODULE: routing */ @@ -130,6 +130,12 @@ include("head.inc"); ?> system("/sbin/ping -S$ifaddr -c$count " . escapeshellarg($host)); else system("/sbin/ping -c$count " . escapeshellarg($host)); + $ifaddr = get_interface_ipv6($interface); + if ($ifaddr) + system("/sbin/ping6 -S$ifaddr -c$count " . escapeshellarg($host)); + else + system("/sbin/ping6 -c$count " . escapeshellarg($host)); + echo('</pre>'); } ?> diff --git a/usr/local/www/diag_traceroute.php b/usr/local/www/diag_traceroute.php index 6c9df57..5a94f4c 100755 --- a/usr/local/www/diag_traceroute.php +++ b/usr/local/www/diag_traceroute.php @@ -125,6 +125,7 @@ if (!isset($do_traceroute)) { else $useicmp = ""; system("/usr/sbin/traceroute $useicmp -w 2 -m " . escapeshellarg($ttl) . " " . escapeshellarg($host)); + system("/usr/sbin/traceroute6 $useicmp -w 2 -m " . escapeshellarg($ttl) . " " . escapeshellarg($host)); echo('</pre>'); } ?> diff --git a/usr/local/www/easyrule.php b/usr/local/www/easyrule.php index 5f7a4ec..87c6a64 100644 --- a/usr/local/www/easyrule.php +++ b/usr/local/www/easyrule.php @@ -45,10 +45,10 @@ if ($_GET && isset($_GET['action'])) { switch ($_GET['action']) { case 'block': /* Check that we have a valid host */ - easyrule_parse_block($_GET['int'], $_GET['src']); + easyrule_parse_block($_GET['int'], $_GET['src'], $_GET['ipproto']); break; case 'pass': - easyrule_parse_pass($_GET['int'], $_GET['proto'], $_GET['src'], $_GET['dst'], $_GET['dstport']); + easyrule_parse_pass($_GET['int'], $_GET['proto'], $_GET['src'], $_GET['dst'], $_GET['dstport'], $_GET['ipproto']); break; } } diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index c342913..e2f5d72 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -119,6 +119,7 @@ $services_menu[] = array("DNS Forwarder", "/services_dnsmasq.php"); $services_menu[] = array("DHCP Relay", "/services_dhcp_relay.php"); if($g['services_dhcp_server_enable']) $services_menu[] = array("DHCP Server", "/services_dhcp.php"); + $services_menu[] = array("DHCPv6 Server", "/services_dhcpv6.php"); $services_menu[] = array("Dynamic DNS", "/services_dyndns.php"); $services_menu[] = array("IGMP proxy", "/services_igmpproxy.php"); $services_menu[] = array("Load Balancer", "/load_balancer_pool.php"); @@ -152,6 +153,7 @@ $status_menu[] = array("CARP (failover)", "/carp_status.php"); $status_menu[] = array("Dashboard", "/index.php"); $status_menu[] = array("Gateways", "/status_gateways.php"); $status_menu[] = array("DHCP Leases", "/status_dhcp_leases.php"); +$status_menu[] = array("DHCPv6 Leases", "/status_dhcpv6_leases.php"); $status_menu[] = array("Filter Reload", "/status_filter_reload.php"); $status_menu[] = array("Interfaces", "/status_interfaces.php"); $status_menu[] = array("IPsec", "/diag_ipsec.php"); @@ -187,6 +189,7 @@ $diagnostics_menu[] = array("Edit File", "/edit.php"); $diagnostics_menu[] = array("Factory Defaults", "/diag_defaults.php"); $diagnostics_menu[] = array("Halt System", "/halt.php" ); $diagnostics_menu[] = array("Limiter Info", "/diag_limiter_info.php" ); +$diagnostics_menu[] = array("NDP Table", "/diag_ndp.php" ); $diagnostics_menu[] = array("Tables", "/diag_tables.php"); $diagnostics_menu[] = array("Ping", "/diag_ping.php"); @@ -433,4 +436,4 @@ if(is_subsystem_dirty('packagelock')) { print_info_box(gettext("Packages are currently being reinstalled in the background.<p>Do not make changes in the GUI until this is complete.") . "<p><img src='/themes/{$g['theme']}/images/icons/icon_fw-update.gif'>"); } $pgtitle_output = true; -?>
\ No newline at end of file +?> diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index ce730e1..6b73a8d 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -396,7 +396,7 @@ function typesel_change() { for(i=0; i<newrows; i++) { comd = 'document.iform.address_subnet' + i + '.disabled = 1;'; eval(comd); - comd = 'document.iform.address_subnet' + i + '.value = "32";'; + comd = 'document.iform.address_subnet' + i + '.value = "128";'; eval(comd); } break; @@ -453,7 +453,7 @@ $url_str = gettext("URL"); $urltable_str = gettext("URL Table"); $update_freq_str = gettext("Update Freq."); -$networks_help = gettext("Networks are specified in CIDR format. Select the CIDR mask that pertains to each entry. /32 specifies a single host, /24 specifies 255.255.255.0, etc. Hostnames (FQDNs) may also be specified, using a /32 mask. You may also enter an IP range such as 192.168.1.1-192.168.1.254 and a list of CIDR networks will be derived to fill the range."); +$networks_help = gettext("Networks are specified in CIDR format. Select the CIDR mask that pertains to each entry. /32 specifies a single IPv4 host, /128 specifies a single IPv6 host, /24 specifies 255.255.255.0, /64 specifies a normal IPv6 network, etc. Hostnames (FQDNs) may also be specified, using a /32 mask for IPv4 or /128 for IPv6. You may also enter an IP range such as 192.168.1.1-192.168.1.254 and a list of CIDR networks will be derived to fill the range."); $hosts_help = gettext("Enter as many hosts as you would like. Hosts must be specified by their IP address."); $ports_help = gettext("Enter as many ports as you wish. Port ranges can be expressed by seperating with a colon."); $url_help = sprintf(gettext("Enter as many URLs as you wish. After saving %s will download the URL and import the items into the alias. Use only with small sets of IP addresses (less than 3000)."), $g['product_name']); @@ -643,7 +643,7 @@ EOD; <td> <select name="address_subnet<?php echo $tracker; ?>" class="formselect" id="address_subnet<?php echo $tracker; ?>"> <option></option> - <?php for ($i = 32; $i >= 1; $i--): ?> + <?php for ($i = 128; $i >= 1; $i--): ?> <option value="<?=$i;?>" <?php if (($i == $address_subnet) || ($i == $pconfig['updatefreq'])) echo "selected"; ?>><?=$i;?></option> <?php endfor; ?> </select> diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php index 06da39d..ac67291 100755 --- a/usr/local/www/firewall_nat.php +++ b/usr/local/www/firewall_nat.php @@ -179,6 +179,7 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript $tab_array[] = array(gettext("Port Forward"), true, "firewall_nat.php"); $tab_array[] = array(gettext("1:1"), false, "firewall_nat_1to1.php"); $tab_array[] = array(gettext("Outbound"), false, "firewall_nat_out.php"); + $tab_array[] = array(gettext("NPt"), false, "firewall_nat_npt.php"); display_top_tabs($tab_array); ?> </td></tr> diff --git a/usr/local/www/firewall_nat_1to1.php b/usr/local/www/firewall_nat_1to1.php index 60f1189..d5f42c2 100755 --- a/usr/local/www/firewall_nat_1to1.php +++ b/usr/local/www/firewall_nat_1to1.php @@ -92,6 +92,7 @@ include("head.inc"); $tab_array[] = array(gettext("Port Forward"), false, "firewall_nat.php"); $tab_array[] = array(gettext("1:1"), true, "firewall_nat_1to1.php"); $tab_array[] = array(gettext("Outbound"), false, "firewall_nat_out.php"); + $tab_array[] = array(gettext("NPt"), false, "firewall_nat_npt.php"); display_top_tabs($tab_array); ?> </td></tr> diff --git a/usr/local/www/firewall_nat_npt.php b/usr/local/www/firewall_nat_npt.php new file mode 100644 index 0000000..4534931 --- /dev/null +++ b/usr/local/www/firewall_nat_npt.php @@ -0,0 +1,183 @@ +<?php +/* $Id$ */ +/* + firewall_nat_npt.php + part of pfSense (http://pfsense.org) + + Copyright (C) 2011 Seth Mos <seth.mos@dds.nl>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_MODULE: nat +*/ + +##|+PRIV +##|*IDENT=page-firewall-nat-npt +##|*NAME=Firewall: NAT: NPT page +##|*DESCR=Allow access to the 'Firewall: NAT: NPT' page. +##|*MATCH=firewall_nat_npt.php* +##|-PRIV + +require("guiconfig.inc"); +require_once("functions.inc"); +require_once("filter.inc"); +require_once("shaper.inc"); + +if (!is_array($config['nat']['npt'])) { + $config['nat']['npt'] = array(); +} +$a_npt = &$config['nat']['npt']; + +if ($_POST) { + + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + $retval |= filter_configure(); + $savemsg = get_std_save_message($retval); + + if ($retval == 0) { + clear_subsystem_dirty('natconf'); + clear_subsystem_dirty('filter'); + } + } +} + +if ($_GET['act'] == "del") { + if ($a_npt[$_GET['id']]) { + unset($a_npt[$_GET['id']]); + write_config(); + mark_subsystem_dirty('natconf'); + header("Location: firewall_nat_npt.php"); + exit; + } +} + +$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("NPt")); +include("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<form action="firewall_nat_npt.php" method="post"> +<?php if ($savemsg) print_info_box($savemsg); ?> +<?php if (is_subsystem_dirty('natconf')): ?><p> +<?php print_info_box_np(gettext("The NAT configuration has been changed") . ".<br>" . gettext("You must apply the changes in order for them to take effect."));?><br> +<?php endif; ?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Port Forward"), false, "firewall_nat.php"); + $tab_array[] = array(gettext("1:1"), false, "firewall_nat_1to1.php"); + $tab_array[] = array(gettext("Outbound"), false, "firewall_nat_out.php"); + $tab_array[] = array(gettext("NPt"), true, "firewall_nat_npt.php"); + display_top_tabs($tab_array); +?> + </td></tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="10%" class="listhdrr"><?=gettext("Interface"); ?></td> + <td width="20%" class="listhdrr"><?=gettext("External Prefix"); ?></td> + <td width="15%" class="listhdrr"><?=gettext("Internal prefix"); ?></td> + <td width="30%" class="listhdr"><?=gettext("Description"); ?></td> + <td width="10%" class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td width="17"></td> + <td valign="middle"><a href="firewall_nat_npt_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add rule"); ?>"></a></td> + </tr> + </table> + </td> + </tr> + <?php + $textse = "</span>"; + + $i = 0; foreach ($a_npt as $natent): + + if (isset($natent['disabled'])) + $textss = "<span class=\"gray\">"; + else + $textss = "<span>"; ?> + <tr> + <td class="listlr" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';"> + <?php + echo $textss; + if (!$natent['interface']) + echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan")); + else + echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])); + echo $textse; + ?> + </td> + <?php + $source_net = pprint_address($natent['source']); + $source_cidr = strstr($source_net, '/'); + $destination_net = pprint_address($natent['destination']); + $destination_cidr = strstr($destination_net, '/'); + ?> + <td class="listr" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';"> + <?php echo $textss . $destination_net . $textse; ?> + </td> + <td class="listr" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';"> + <?php echo $textss . $source_net . $textse; ?> + </td> + <td class="listbg" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';"> + <?=$textss;?> + <?=htmlspecialchars($natent['descr']);?> + <?=$textse;?> + </td> + <td class="list" nowrap> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"><a href="firewall_nat_npt_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("edit rule"); ?>"></a></td> + <td valign="middle"><a href="firewall_nat_npt.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete rule"); ?>"></a></td> + </tr> + </table> + </td> + </tr> + <?php $i++; endforeach; ?> + <tr> + <td class="list" colspan="4"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td width="17"></td> + <td valign="middle"><a href="firewall_nat_npt_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add rule"); ?>"></a></td> + </tr> + </table> + </td> + </tr> + </table> + </div> + </td> +</tr> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/usr/local/www/firewall_nat_npt_edit.php b/usr/local/www/firewall_nat_npt_edit.php new file mode 100644 index 0000000..3537186 --- /dev/null +++ b/usr/local/www/firewall_nat_npt_edit.php @@ -0,0 +1,280 @@ +<?php +/* $Id$ */ +/* + firewall_nat_npt_edit.php + part of pfSense (http://pfsense.org) + + Copyright (C) 2011 Seth Mos <seth.mos@dds.nl>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_MODULE: nat +*/ + +##|+PRIV +##|*IDENT=page-firewall-nat-npt-edit +##|*NAME=Firewall: NAT: NPt: Edit page +##|*DESCR=Allow access to the 'Firewall: NAT: NPt: Edit' page. +##|*MATCH=firewall_nat_npt_edit.php* +##|-PRIV + +function natnptcmp($a, $b) { + return ipcmp($a['external'], $b['external']); +} + +function nat_npt_rules_sort() { + global $g, $config; + + if (!is_array($config['nat']['npt'])) + return; + + + usort($config['nat']['npt'], "natnptcmp"); +} + +require("guiconfig.inc"); +require_once("interfaces.inc"); +require("filter.inc"); +require("shaper.inc"); + +$ifdisp = get_configured_interface_with_descr(); +foreach ($ifdisp as $kif => $kdescr) { + $specialsrcdst[] = "{$kif}"; + $specialsrcdst[] = "{$kif}ip"; +} + +if (!is_array($config['nat']['npt'])) { + $config['nat']['npt'] = array(); +} +$a_npt = &$config['nat']['npt']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_npt[$id]) { + $pconfig['disabled'] = isset($a_npt[$id]['disabled']); + + address_to_pconfig($a_npt[$id]['source'], $pconfig['src'], + $pconfig['srcmask'], $pconfig['srcnot'], + $pconfig['srcbeginport'], $pconfig['srcendport']); + + address_to_pconfig($a_npt[$id]['destination'], $pconfig['dst'], + $pconfig['dstmask'], $pconfig['dstnot'], + $pconfig['dstbeginport'], $pconfig['dstendport']); + + $pconfig['interface'] = $a_npt[$id]['interface']; + if (!$pconfig['interface']) + $pconfig['interface'] = "wan"; + + $pconfig['external'] = $a_npt[$id]['external']; + $pconfig['descr'] = $a_npt[$id]['descr']; +} else + $pconfig['interface'] = "wan"; + + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "interface"); + $reqdfieldsn = array(gettext("Interface")); + $reqdfields[] = "src"; + $reqdfieldsn[] = gettext("Source prefix"); + $reqdfields[] = "dst"; + $reqdfieldsn[] = gettext("Destination prefix"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (!$input_errors) { + $natent = array(); + + $natent['disabled'] = isset($_POST['disabled']) ? true:false; + $natent['descr'] = $_POST['descr']; + $natent['interface'] = $_POST['interface']; + + pconfig_to_address($natent['source'], $_POST['src'], + $_POST['srcmask'], $_POST['srcnot']); + + pconfig_to_address($natent['destination'], $_POST['dst'], + $_POST['dstmask'], $_POST['dstnot']); + + if (isset($id) && $a_npt[$id]) + $a_npt[$id] = $natent; + else + $a_npt[] = $natent; + nat_npt_rules_sort(); + + mark_subsystem_dirty('natconf'); + + write_config(); + + header("Location: firewall_nat_npt.php"); + exit; + } +} + +$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("NPt"),gettext("Edit")); +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<script type="text/javascript" src="/javascript/suggestions.js"> +</script> +<script type="text/javascript" src="/javascript/autosuggest.js"> +</script> + +<?php include("fbegin.inc"); ?> +<?php if ($input_errors) print_input_errors($input_errors); ?> + <form action="firewall_nat_npt_edit.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit NAT NPt entry"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td> + <td width="78%" class="vtable"> + <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>> + <strong><?=gettext("Disable this rule"); ?></strong><br /> + <span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list."); ?></span> + </td> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td> + <td width="78%" class="vtable"> + <select name="interface" class="formselect"> + <?php + foreach ($ifdisp as $if => $ifdesc) + if(have_ruleint_access($if)) + $interfaces[$if] = $ifdesc; + + if ($config['l2tp']['mode'] == "server") + if(have_ruleint_access("l2tp")) + $interfaces['l2tp'] = "L2TP VPN"; + + if ($config['pptpd']['mode'] == "server") + if(have_ruleint_access("pptp")) + $interfaces['pptp'] = "PPTP VPN"; + + if ($config['pppoe']['mode'] == "server") + if(have_ruleint_access("pppoe")) + $interfaces['pppoe'] = "PPPoE VPN"; + + /* add ipsec interfaces */ + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) + if(have_ruleint_access("enc0")) + $interfaces["enc0"] = "IPsec"; + + /* add openvpn/tun interfaces */ + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) + $interfaces["openvpn"] = "OpenVPN"; + + foreach ($interfaces as $iface => $ifacename): + ?> + <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename);?> + </option> + <?php endforeach; ?> + </select><br> + <span class="vexpl"><?=gettext("Choose which interface this rule applies to"); ?>.<br> + <?=gettext("Hint: in most cases, you'll want to use WAN here"); ?>.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Internal IPv6 Prefix"); ?></td> + <td width="78%" class="vtable"> + <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>> + <strong><?=gettext("not"); ?></strong> + <br /> + <?=gettext("Use this option to invert the sense of the match."); ?> + <br /> + <br /> + <table border="0" cellspacing="0" cellpadding="0"> + <tr> + <td><?=gettext("Address:"); ?> </td> + <td> + <input name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> / + <select name="srcmask" class="formselect" id="srcmask"> +<?php for ($i = 128; $i > 0; $i--): ?> + <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option> +<?php endfor; ?> + </select> + </td> + </tr> + </table> + <br/> + <span class="vexpl"><?=gettext("Enter the internal (LAN) ULA IPv6 Prefix for the Network Prefix translation. The prefix size specified for the internal IPv6 prefix will be applied to the +external prefix."); +?></span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Destination IPv6 Prefix"); ?></td> + <td width="78%" class="vtable"> + <input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>> + <strong><?=gettext("not"); ?></strong> + <br /> + <?=gettext("Use this option to invert the sense of the match."); ?> + <br /> + <br /> + <table border="0" cellspacing="0" cellpadding="0"> + </tr> + <td><?=gettext("Address:"); ?> </td> + <td> + <input name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> + / + <select name="dstmask" class="formselect" id="dstmask"> +<?php + for ($i = 128; $i > 0; $i--): ?> + <option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option> +<?php endfor; ?> + </select> + </td> + </tr> + </table> + <br/> + <span class="vexpl"><?=gettext("Enter the Global Unicast routable IPv6 prefix here"); ?><br></span> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> + <br/> <span class="vexpl"><?=gettext("You may enter a description here " . + "for your reference (not parsed)."); ?></span></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()"> + <?php if (isset($id) && $a_npt[$id]): ?> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"> + <?php endif; ?> + </td> + </tr> + </table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index 4649795..6535fe8 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -291,6 +291,7 @@ include("head.inc"); $tab_array[] = array(gettext("Port Forward"), false, "firewall_nat.php"); $tab_array[] = array(gettext("1:1"), false, "firewall_nat_1to1.php"); $tab_array[] = array(gettext("Outbound"), true, "firewall_nat_out.php"); + $tab_array[] = array(gettext("NPt"), false, "firewall_nat_npt.php"); display_top_tabs($tab_array); ?> </td></tr> diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index daf577a..81be4d4 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -687,6 +687,18 @@ if($_REQUEST['undodrag']) { </td> <td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> <?=$textss;?><?php + if (isset($filterent['ipprotocol'])) { + switch($filterent['ipprotocol']) { + case "inet": + echo "IPv4 "; + break; + case "inet6": + echo "IPv6 "; + break; + } + } else { + echo "IPv4 "; + } if (isset($filterent['protocol'])) { echo strtoupper($filterent['protocol']); if (strtoupper($filterent['protocol']) == "ICMP" && !empty($filterent['icmptype'])) { diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index c051518..542f832 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -95,6 +95,9 @@ if (isset($id) && $a_filter[$id]) { if (isset($a_filter[$id]['direction'])) $pconfig['direction'] = $a_filter[$id]['direction']; + if (isset($a_filter[$id]['ipprotocol'])) + $pconfig['ipprotocol'] = $a_filter[$id]['ipprotocol']; + if (isset($a_filter[$id]['protocol'])) $pconfig['proto'] = $a_filter[$id]['protocol']; else @@ -408,6 +411,9 @@ if ($_POST) { if (isset($_POST['interface'] )) $filterent['interface'] = $_POST['interface']; + if (isset($_POST['ipprotocol'] )) + $filterent['ipprotocol'] = $_POST['ipprotocol']; + if ($_POST['tcpflags_any']) { $filterent['tcpflags_any'] = true; } else { @@ -539,6 +545,7 @@ if ($_POST) { $filterent['icmptype'] = $a_filter[$id]['icmptype']; else if (isset($filterent['icmptype'])) unset($filterent['icmptype']); + $filterent['source'] = $a_filter[$id]['source']; $filterent['destination'] = $a_filter[$id]['destination']; $filterent['associated-rule-id'] = $a_filter[$id]['associated-rule-id']; @@ -728,6 +735,22 @@ include("head.inc"); <tr> <?php endif; ?> <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("TCP/IP Version");?></td> + <td width="78%" class="vtable"> + <select name="ipprotocol" class="formselect"> + <?php $ipproto = array('inet' => 'IPv4','inet6' => 'IPv6'); + foreach ($ipproto as $proto => $name): ?> + <option value="<?=$proto;?>" + <?php if ($proto == $pconfig['ipprotocol']): ?> + selected="selected" + <?php endif; ?> + ><?=$name;?></option> + <?php endforeach; ?> + </select> + <strong><?=gettext("Select the Internet Protocol version this rule applies to");?></strong><br /> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td> <td width="78%" class="vtable"> <select <?=$edit_disabled;?> name="proto" class="formselect" onchange="proto_change()"> @@ -819,7 +842,7 @@ include("head.inc"); <td> <input <?=$edit_disabled;?> autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> / <select <?=$edit_disabled;?> name="srcmask" class="formselect" id="srcmask"> -<?php for ($i = 31; $i > 0; $i--): ?> +<?php for ($i = 127; $i > 0; $i--): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option> <?php endfor; ?> </select> @@ -914,7 +937,8 @@ include("head.inc"); / <select <?=$edit_disabled;?> name="dstmask" class="formselect" id="dstmask"> <?php - for ($i = 31; $i > 0; $i--): ?> + for ($i = 127; $i > 0; +$i--): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option> <?php endfor; ?> </select> diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index 5825aaf..dd10780 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -112,15 +112,20 @@ if ($_POST) { $natiflist = get_configured_interface_with_descr(); foreach ($natiflist as $natif => $natdescr) { - if ($_POST['interface'] == $natif && empty($config['interfaces'][$natif]['ipaddr'])) - $input_errors[] = gettext("The interface chosen for the VIP has no ip configured so it cannot be used as a parent for the VIP."); + if ($_POST['interface'] == $natif && (empty($config['interfaces'][$natif]['ipaddr']) && empty($config['interfaces'][$natif]['ipaddrv6']))) + $input_errors[] = gettext("The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP."); if ($_POST['subnet'] == get_interface_ip($natif)) $input_errors[] = sprintf(gettext("The %s IP address may not be used in a virtual entry."),$natdescr); } - if($_POST['subnet_bits'] == "32" and $_POST['type'] == "carp") - $input_errors[] = gettext("The /32 subnet mask is invalid for CARP IPs."); - + if(is_ipaddrv4($_POST['subnet'])) { + if($_POST['subnet_bits'] == "32" and $_POST['type'] == "carp") + $input_errors[] = gettext("The /32 subnet mask is invalid for CARP IPs."); + } + if(is_ipaddrv6($_POST['subnet'])) { + if($_POST['subnet_bits'] == "128" and $_POST['type'] == "carp") + $input_errors[] = gettext("The /128 subnet mask is invalid for CARP IPs."); + } /* check for overlaps with other virtual IP */ foreach ($a_vip as $vipent) { if (isset($id) && ($a_vip[$id]) && ($a_vip[$id] === $vipent)) @@ -148,11 +153,22 @@ if ($_POST) { if($_POST['password'] == "") $input_errors[] = gettext("You must specify a CARP password that is shared between the two VHID members."); - $parent_ip = get_interface_ip($_POST['interface']); - $parent_sn = get_interface_subnet($_POST['interface']); - if (!ip_in_subnet($_POST['subnet'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['interface'], $_POST['subnet'])) { - $cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'] ; - $input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."),$cannot_find); + if(is_ipaddrv4($_POST['subnet'])) { + $parent_ip = get_interface_ip($_POST['interface']); + $parent_sn = get_interface_subnet($_POST['interface']); + if (!ip_in_subnet($_POST['subnet'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['interface'], $_POST['subnet'])) { + $cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'] ; + $input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."),$cannot_find); + } + } + if(is_ipaddrv6($_POST['subnet'])) { + $parent_ip = get_interface_ipv6($_POST['interface']); + $parent_sn = get_interface_subnetv6($_POST['interface']); + $subnet = gen_subnetv6($parent_ip, $parent_sn); + if (!ip_in_subnet($_POST['subnet'], gen_subnetv6($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['interface'], $_POST['subnet'])) { + $cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'] ; + $input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."),$cannot_find); + } } if (substr($_POST['interface'], 0, 3) == "vip") $input_errors[] = gettext("For this type of vip a carp parent is not allowed."); @@ -448,9 +464,9 @@ function typesel_change() { </tr> <tr> <td><?=gettext("Address:");?> </td> - <td><input name="subnet" type="text" class="formfld unknown" id="subnet" size="20" value="<?=htmlspecialchars($pconfig['subnet']);?>"> + <td><input name="subnet" type="text" class="formfld unknown" id="subnet" size="28" value="<?=htmlspecialchars($pconfig['subnet']);?>"> /<select name="subnet_bits" class="formselect" id="select"> - <?php for ($i = 32; $i >= 1; $i--): ?> + <?php for ($i = 128; $i >= 1; $i--): ?> <option value="<?=$i;?>" <?php if (($i == $pconfig['subnet_bits']) || (!isset($pconfig['subnet']) && $i == 32)) echo "selected"; ?>> <?=$i;?> </option> @@ -468,9 +484,9 @@ function typesel_change() { /* <tr> <td>Range: </td> - <td><input name="range_from" type="text" class="formfld unknown" id="range_from" size="20" value="<?=htmlspecialchars($pconfig['range']['from']);?>"> + <td><input name="range_from" type="text" class="formfld unknown" id="range_from" size="28" value="<?=htmlspecialchars($pconfig['range']['from']);?>"> - - <input name="range_to" type="text" class="formfld unknown" id="range_to" size="20" value="<?=htmlspecialchars($pconfig['range']['to']);?>"> + <input name="range_to" type="text" class="formfld unknown" id="range_to" size="28" value="<?=htmlspecialchars($pconfig['range']['to']);?>"> </td> </tr> */ diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index ec8d3ee..8c9ebbe 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -85,6 +85,7 @@ if (!is_array($config['gateways']['gateway_item'])) $a_gateways = &$config['gateways']['gateway_item']; $wancfg = &$config['interfaces'][$if]; +$old_wancfg = $wancfg; // Populate page descr if it does not exist. if ($if == "wan" && !$wancfg['descr']) $wancfg['descr'] = "WAN"; @@ -203,15 +204,38 @@ switch($wancfg['ipaddr']) { break; default: if(is_ipaddr($wancfg['ipaddr'])) { - $pconfig['type'] = "static"; + $pconfig['type'] = "staticv4"; $pconfig['ipaddr'] = $wancfg['ipaddr']; $pconfig['subnet'] = $wancfg['subnet']; $pconfig['gateway'] = $wancfg['gateway']; + if((is_ipaddr($wancfg['ipaddrv6'])) && (is_ipaddr($wancfg['ipaddr']))) { + $pconfig['type'] = "staticv4v6"; + } } else $pconfig['type'] = "none"; break; } +switch($wancfg['ipaddrv6']) { + case "dhcpv6": + $pconfig['type'] = "dhcpv6"; + break; + default: + /* if we have dual stack we need a combined type */ + if(is_ipaddrv6($wancfg['ipaddrv6'])) { + $pconfig['type'] = "staticv6"; + $pconfig['ipaddrv6'] = $wancfg['ipaddrv6']; + $pconfig['subnetv6'] = $wancfg['subnetv6']; + $pconfig['gatewayv6'] = $wancfg['gatewayv6']; + if((is_ipaddrv6($wancfg['ipaddrv6'])) && (is_ipaddr($wancfg['ipaddr']))) { + $pconfig['type'] = "staticv4v6"; + } + } + break; +} + +// print_r($pconfig); + $pconfig['blockpriv'] = isset($wancfg['blockpriv']); $pconfig['blockbogons'] = isset($wancfg['blockbogons']); $pconfig['spoofmac'] = $wancfg['spoofmac']; @@ -308,11 +332,18 @@ if ($_POST['apply']) { if (file_exists("{$g['tmp_path']}/.interfaces.apply")) { $toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.interfaces.apply")); - foreach ($toapplylist as $ifapply) { - if (isset($config['interfaces'][$ifapply]['enable'])) + foreach ($toapplylist as $ifapply => $values) { + if (isset($config['interfaces'][$ifapply]['enable'])) { + /* check if any old addresses need purging */ + if(is_ipaddrv6($values['ipaddrv6'])) { + $realif = get_real_interface("$ifapply"); + log_error("removing old v6 address {$values['ipaddrv6']} on {$realif}"); + mwexec("/sbin/ifconfig {$realif} inet6 {$values['ipaddrv6']} -alias"); + } interface_configure($ifapply, true); - else + } else { interface_bring_down($ifapply); + } } } /* restart snmp so that it binds to correct address */ @@ -336,11 +367,16 @@ if ($_POST['apply']) { interface_sync_wireless_clones($wancfg, false); write_config("Interface {$_POST['descr']}({$if}) is now disabled."); mark_subsystem_dirty('interfaces'); - if (file_exists("{$g['tmp_path']}/.interfaces.apply")) + if (file_exists("{$g['tmp_path']}/.interfaces.apply")) { $toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.interfaces.apply")); - else + } else { $toapplylist = array(); - $toapplylist[$if] = $if; + } + $toapplylist[$if] = array(); + /* we need to be able remove IP aliases for IPv6 */ + if(($old_wancfg['ipaddrv6'] != $wancfg['ipaddrv6']) && (is_ipaddrv6($old_wancfg['ipaddrv6']))) { + $toapplylist[$if]['ipaddrv6'] = "{$old_wancfg['ipaddrv6']}"; + } file_put_contents("{$g['tmp_path']}/.interfaces.apply", serialize($toapplylist)); header("Location: interfaces.php?if={$if}"); exit; @@ -374,13 +410,23 @@ if ($_POST['apply']) { } } /* input validation */ - if (isset($config['dhcpd']) && isset($config['dhcpd'][$if]['enable']) && $_POST['type'] != "static") + if (isset($config['dhcpd']) && isset($config['dhcpd'][$if]['enable']) && (! preg_match("/^static/", $_POST['type']))) $input_errors[] = gettext("The DHCP Server is active on this interface and it can be used only with a static IP configuration. Please disable the DHCP Server service on this interface first, then change the interface configuration."); switch(strtolower($_POST['type'])) { - case "static": + case "staticv4": $reqdfields = explode(" ", "ipaddr subnet gateway"); - $reqdfieldsn = array(gettext("IP address"),gettext("Subnet bit count"),gettext("Gateway")); + $reqdfieldsn = array(gettext("IPv4 address"),gettext("Subnet bit count"),gettext("Gateway")); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + break; + case "staticv6": + $reqdfields = explode(" ", "ipaddrv6 subnetv6 gatewayv6"); + $reqdfieldsn = array(gettext("IPv6 address"),gettext("Subnet bit count"),gettext("Gateway")); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + break; + case "staticv4v6": + $reqdfields = explode(" ", "ipaddr subnet gateway ipaddrv6 subnetv6 gatewayv6"); + $reqdfieldsn = array(gettext("IPv4 address"),gettext("Subnet bit count"),gettext("Gateway"),gettext("IPv6 address"),gettext("Subnet bit count"),gettext("Gateway")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); break; case "none": @@ -392,6 +438,10 @@ if ($_POST['apply']) { } case "dhcp": break; + case "dhcpv6": + if (in_array($wancfg['ipaddrv6'], array("ppp", "pppoe", "pptp", "l2tp"))) + $input_errors[] = gettext("You have to reassign the interface to be able to configure as {$_POST['type']}."); + break; case "ppp": $reqdfields = explode(" ", "port phone"); $reqdfieldsn = array(gettext("Modem Port"),gettext("Phone Number")); @@ -432,20 +482,29 @@ if ($_POST['apply']) { /* normalize MAC addresses - lowercase and convert Windows-ized hyphenated MACs to colon delimited */ $_POST['spoofmac'] = strtolower(str_replace("-", ":", $_POST['spoofmac'])); if (($_POST['ipaddr'] && !is_ipaddr($_POST['ipaddr']))) - $input_errors[] = gettext("A valid IP address must be specified."); + $input_errors[] = gettext("A valid IPv4 address must be specified."); + if (($_POST['ipaddrv6'] && !is_ipaddr($_POST['ipaddrv6']))) + $input_errors[] = gettext("A valid IPv6 address must be specified."); if (($_POST['subnet'] && !is_numeric($_POST['subnet']))) $input_errors[] = gettext("A valid subnet bit count must be specified."); + if (($_POST['subnetv6'] && !is_numeric($_POST['subnetv6']))) + $input_errors[] = gettext("A valid subnet bit count must be specified."); if (($_POST['alias-address'] && !is_ipaddr($_POST['alias-address']))) $input_errors[] = gettext("A valid alias IP address must be specified."); if (($_POST['alias-subnet'] && !is_numeric($_POST['alias-subnet']))) $input_errors[] = gettext("A valid alias subnet bit count must be specified."); - if ($_POST['gateway'] != "none") { + if (($_POST['gateway'] != "none") || ($_POST['gatewayv6'] != "none")) { $match = false; foreach($a_gateways as $gateway) { if(in_array($_POST['gateway'], $gateway)) { $match = true; } } + foreach($a_gateways as $gateway) { + if(in_array($_POST['gatewayv6'], $gateway)) { + $match = true; + } + } if(!$match) { $input_errors[] = gettext("A valid gateway must be specified."); } @@ -539,8 +598,12 @@ if ($_POST['apply']) { $ppp = array(); if ($wancfg['ipaddr'] != "ppp") unset($wancfg['ipaddr']); + if ($wancfg['ipaddrv6'] != "ppp") + unset($wancfg['ipaddrv6']); unset($wancfg['subnet']); unset($wancfg['gateway']); + unset($wancfg['subnetv6']); + unset($wancfg['gatewayv6']); unset($wancfg['dhcphostname']); unset($wancfg['pppoe_username']); unset($wancfg['pppoe_password']); @@ -552,7 +615,6 @@ if ($_POST['apply']) { if (isset($wancfg['pppoe']['pppoe-reset-type'])) unset($wancfg['pppoe']['pppoe-reset-type']); unset($wancfg['local']); - unset($wancfg['subnet']); unset($wancfg['remote']); unset($a_ppps[$pppid]['apn']); unset($a_ppps[$pppid]['phone']); @@ -578,7 +640,7 @@ if ($_POST['apply']) { } } if($skip == false) { - $gateway_item['gateway'] = gettext("dynamic"); + $gateway_item['gateway'] = "dynamic"; $gateway_item['descr'] = gettext("Interface") . $if . gettext("dynamic gateway"); $gateway_item['name'] = "GW_" . strtoupper($if); $gateway_item['interface'] = "{$if}"; @@ -588,12 +650,31 @@ if ($_POST['apply']) { } switch($_POST['type']) { - case "static": + case "staticv4": + $wancfg['ipaddr'] = $_POST['ipaddr']; + $wancfg['subnet'] = $_POST['subnet']; + if ($_POST['gateway'] != "none") { + $wancfg['gateway'] = $_POST['gateway']; + } + break; + case "staticv6": + $wancfg['ipaddrv6'] = $_POST['ipaddrv6']; + $wancfg['subnetv6'] = $_POST['subnetv6']; + if ($_POST['gatewayv6'] != "none") { + $wancfg['gatewayv6'] = $_POST['gatewayv6']; + } + break; + case "staticv4v6": $wancfg['ipaddr'] = $_POST['ipaddr']; $wancfg['subnet'] = $_POST['subnet']; if ($_POST['gateway'] != "none") { $wancfg['gateway'] = $_POST['gateway']; } + $wancfg['ipaddrv6'] = $_POST['ipaddrv6']; + $wancfg['subnetv6'] = $_POST['subnetv6']; + if ($_POST['gatewayv6'] != "none") { + $wancfg['gatewayv6'] = $_POST['gatewayv6']; + } break; case "dhcp": $wancfg['ipaddr'] = "dhcp"; @@ -605,6 +686,15 @@ if ($_POST['apply']) { $a_gateways[] = $gateway_item; } break; + case "dhcpv6": + $wancfg['ipaddrv6'] = "dhcpv6"; + $wancfg['dhcphostname'] = $_POST['dhcphostname']; + $wancfg['alias-address'] = $_POST['alias-address']; + $wancfg['alias-subnet'] = $_POST['alias-subnet']; + if($gateway_item) { + $a_gateways[] = $gateway_item; + } + break; case "carpdev-dhcp": $wancfg['ipaddr'] = "carpdev-dhcp"; $wancfg['dhcphostname'] = $_POST['dhcphostname']; @@ -718,11 +808,17 @@ if ($_POST['apply']) { conf_mount_ro(); write_config(); - if (file_exists("{$g['tmp_path']}/.interfaces.apply")) + if (file_exists("{$g['tmp_path']}/.interfaces.apply")) { $toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.interfaces.apply")); - else + } else { $toapplylist = array(); - $toapplylist[$if] = $if; + } + $toapplylist[$if] = array(); + /* we need to be able remove IP aliases for IPv6 */ + if(($old_wancfg['ipaddrv6'] != $wancfg['ipaddrv6']) && (is_ipaddrv6($old_wancfg['ipaddrv6']))) { + $toapplylist[$if]['ipaddrv6'] = $old_wancfg['ipaddrv6']; + } + file_put_contents("{$g['tmp_path']}/.interfaces.apply", serialize($toapplylist)); mark_subsystem_dirty('interfaces'); @@ -902,7 +998,7 @@ $statusurl = "status_interfaces.php"; $closehead = false; include("head.inc"); -$types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" => gettext("DHCP"), "ppp" => gettext("PPP"), "pppoe" => gettext("PPPoE"), "pptp" => gettext("PPTP"), "l2tp" => gettext("L2TP") /* , "carpdev-dhcp" => "CarpDev"*/); +$types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"), "staticv6" => gettext("Static IPv6"), "staticv4v6" => gettext("Static IPv4 + IPv6"), "dhcp" => gettext("DHCP"), "dhcpv6" => gettext("DHCPv6"), "ppp" => gettext("PPP"), "pppoe" => gettext("PPPoE"), "pptp" => gettext("PPTP"), "l2tp" => gettext("L2TP") /* , "carpdev-dhcp" => "CarpDev"*/); ?> @@ -915,29 +1011,43 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" function updateType(t) { switch(t) { case "none": { - $('static','dhcp','pppoe','pptp', 'ppp').invoke('hide'); + $('staticv4','staticv6','dhcp','dhcpv6','pppoe','pptp', 'ppp').invoke('hide'); + break; + } + case "staticv4": { + $('none','staticv6','dhcp','dhcpv6','pppoe','pptp', 'ppp').invoke('hide'); break; } - case "static": { - $('none','dhcp','pppoe','pptp', 'ppp').invoke('hide'); + case "staticv6": { + $('none','staticv4','dhcp','dhcpv6','pppoe','pptp', 'ppp').invoke('hide'); + break; + } + case "staticv4v6": { + $('none','dhcp','dhcpv6','pppoe','pptp', 'ppp').invoke('hide'); + $('staticv4').show(); + $('staticv6').show(); break; } case "dhcp": { - $('none','static','pppoe','pptp', 'ppp').invoke('hide'); + $('none','staticv4','staticv6','dhcpv6','pppoe','pptp', 'ppp').invoke('hide'); + break; + } + case "dhcpv6": { + $('none','staticv4','staticv6','dhcp','pppoe','pptp', 'ppp').invoke('hide'); break; } case "ppp": { - $('none','static','dhcp','pptp', 'pppoe').invoke('hide'); + $('none','staticv4','staticv6','dhcp','dhcpv6','pptp', 'pppoe').invoke('hide'); country_list(); break; } case "pppoe": { - $('none','static','dhcp','pptp', 'ppp').invoke('hide'); + $('none','staticv4','staticv6','dhcp','dhcpv6','pptp', 'ppp').invoke('hide'); break; } case "l2tp": case "pptp": { - $('none','static','dhcp','pppoe', 'ppp').invoke('hide'); + $('none','staticv4','staticv6','dhcp','dhcpv6','pppoe', 'ppp').invoke('hide'); $('pptp').show(); break; } @@ -1158,14 +1268,14 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" </tr> <tr style="display:none;" name="none" id="none"> </tr> - <tr style="display:none;" name="static" id="static"> + <tr style="display:none;" name="staticv4" id="staticv4"> <td colspan="2" style="padding:0px;"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Static IP configuration"); ?></td> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Static IPv4 configuration"); ?></td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("IP address"); ?></td> + <td width="22%" valign="top" class="vncellreq"><?=gettext("IPv4 address"); ?></td> <td width="78%" class="vtable"> <input name="ipaddr" type="text" class="formfld unknown" id="ipaddr" size="20" value="<?=htmlspecialchars($pconfig['ipaddr']);?>"> / @@ -1183,14 +1293,14 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" </td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Gateway"); ?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("Gateway"); ?></td> <td width="78%" class="vtable"> <select name="gateway" class="formselect" id="gateway"> <option value="none" selected><?=gettext("None"); ?></option> <?php if(count($a_gateways) > 0) { foreach ($a_gateways as $gateway) { - if($gateway['interface'] == $if) { + if(($gateway['interface'] == $if) && (is_ipaddrv4($gateway['gateway']))) { ?> <option value="<?=$gateway['name'];?>" <?php if ($gateway['name'] == $pconfig['gateway']) echo "selected"; ?>> <?=htmlspecialchars($gateway['name']) . " - " . htmlspecialchars($gateway['gateway']);?> @@ -1200,7 +1310,8 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" } } ?> - </select> -or- <a OnClick="show_add_gateway();" href="#"><?=gettext("add a new one."); ?></a> + </select> + - or <strong><a OnClick="show_add_gateway();" href="#"><?=gettext("add a new one."); ?></a></strong> <br/> <div id='addgwbox'> <?=gettext("If this interface is an Internet connection, select an existing Gateway from the list or add one using the link above"); ?> @@ -1231,7 +1342,7 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" <td align="right"><font color="white"><?=gettext("Gateway Name:"); ?></td><td><input id="name" name="name" value="<?=$wancfg['descr'] . "GW"?>"></td> </tr> <tr> - <td align="right"><font color="white"><?=gettext("Gateway IP:"); ?></td><td><input id="gatewayip" name="gatewayip"></td> + <td align="right"><font color="white"><?=gettext("Gateway IPv4:"); ?></td><td><input id="gatewayip" name="gatewayip"></td> </tr> <tr> <td align="right"><font color="white"><?=gettext("Description:"); ?></td><td><input id="gatewaydescr" name="gatewaydescr"></td> @@ -1242,7 +1353,6 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" <td> <center> <div id='savebuttondiv'> - <input type="hidden" name="addrtype" id="addrtype" value="IPv4" /> <input id="gwsave" type="Button" value="<?=gettext("Save Gateway"); ?>" onClick='hide_add_gatewaysave();'> <input id="gwcancel" type="Button" value="<?=gettext("Cancel"); ?>" onClick='hide_add_gateway();'> </div> @@ -1261,11 +1371,117 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" </table> </td> </tr> + <tr style="display:none;" name="staticv6" id="staticv6"> + <td colspan="2" style="padding:0px;"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top"> </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Static IPv6 configuration"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("IPv6 address"); ?></td> + <td width="78%" class="vtable"> + <input name="ipaddrv6" type="text" class="formfld unknown" id="ipaddrv6" size="28" value="<?=htmlspecialchars($pconfig['ipaddrv6']);?>"> + / + <select name="subnetv6" class="formselect" id="subnetv6"> + <?php + for ($i = 128; $i > 0; $i--) { + if($i <> 127) { + echo "<option value=\"{$i}\" "; + if ($i == $pconfig['subnetv6']) echo "selected"; + echo ">" . $i . "</option>"; + } + } + ?> + </select> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Gateway IPv6"); ?></td> + <td width="78%" class="vtable"> + <select name="gatewayv6" class="formselect" id="gatewayv6"> + <option value="none" selected><?=gettext("None"); ?></option> + <?php + if(count($a_gateways) > 0) { + foreach ($a_gateways as $gateway) { + if(($gateway['interface'] == $if) && (is_ipaddrv6($gateway['gateway']))) { + ?> + <option value="<?=$gateway['name'];?>" <?php if ($gateway['name'] == $pconfig['gatewayv6']) echo "selected"; ?>> + <?=htmlspecialchars($gateway['name']) . " - " . htmlspecialchars($gateway['gateway']);?> + </option> + <?php + } + } + } + ?> + </select> + - or <strong><a OnClick="show_add_gateway_v6();" href="#"><?=gettext("add a new one."); ?></a></strong> + <br/> + <div id='addgwboxv6'> + <?=gettext("If this interface is an Internet connection, select an existing Gateway from the list or add a new one using the link above"); ?> + </div> + <div id='noteboxv6'> + </div> + <div id="statusv6"> + </div> + <div style="display:none" id="addgatewayv6" name="addgatewayv6"> + <p> + <table border="1" style="background:#990000; border-style: none none none none; width:225px;"> + <tr> + <td> + <table bgcolor="#990000" cellpadding="1" cellspacing="1"> + <tr><td> </td> + <tr> + <td colspan="2"><center><b><font color="white"><?=gettext("Add new v6 gateway:"); ?></font></b></center></td> + </tr> + <tr><td> </td> + <?php + if($if == "wan" || $if == "WAN") + $checked = " CHECKED"; + ?> + <tr> + <td width="45%" align="right"><font color="white"><?=gettext("Default v6 gateway:"); ?></td><td><input type="checkbox" id="defaultgwv6" name="defaultgwv6"<?=$checked?>></td> + </tr> + <tr> + <td align="right"><font color="white"><?=gettext("Gateway Name IPv6:"); ?></td><td><input id="namev6" name="namev6" value="<?=$wancfg['descr'] . "GWv6"?>"></td> + </tr> + <tr> + <td align="right"><font color="white"><?=gettext("Gateway IPv6:"); ?></td><td><input id="gatewayipv6" name="gatewayipv6"></td> + </tr> + <tr> + <td align="right"><font color="white"><?=gettext("Description:"); ?></td><td><input id="gatewaydescrv6" name="gatewaydescrv6"></td> + </tr> + <tr><td> </td> + <tr> + <td> </td> + <td> + <center> + <div id='savebuttondivv6'> + <input id="gwsavev6" type="Button" value="<?=gettext("Save Gateway"); ?>" onClick='hide_add_gatewaysave_v6();'> + <input id="gwcancelv6" type="Button" value="<?=gettext("Cancel"); ?>" onClick='hide_add_gateway_v6();'> + </div> + </center> + </td> + </tr> + <tr><td> </td></tr> + </table> + </td> + </tr> + </table> + <p/> + </div> + </td> + </tr> + </table> + </td> + </tr> <tr style="display:none;" name="dhcp" id="dhcp"> <td colspan="2" style="padding: 0px;"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("DHCP client configuration"); ?></td> + <td colspan="2" valign="top" class="listtopic"><?=gettext("DHCPv4 client configuration"); ?></td> </tr> <!-- Uncomment to expose DHCP+ in GUI <tr> @@ -1311,6 +1527,25 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" </table> </td> </tr> + <tr style="display:none;" name="dhcpv6" id="dhcpv6"> + <td colspan="2" style="padding: 0px;"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("DHCPv6 client configuration"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Hostname"); ?></td> + <td width="78%" class="vtable"> + <input name="dhcphostname" type="text" class="formfld unknown" id="dhcphostname" size="40" value="<?=htmlspecialchars($pconfig['dhcphostname']);?>"> + <br> + <?=gettext("The value in this field is sent as the DHCPv6 client identifier " . + "and hostname when requesting a DHCPv6 lease. Some ISPs may require " . + "this (for client identification)."); ?> + </td> + </tr> + </table> + </td> + </tr> <tr style="display:none;" name="ppp" id="ppp"> <td colspan="2" style="padding: 0px;"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> @@ -2091,6 +2326,8 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" <script type="text/javascript"> var gatewayip; var name; + var gatewayipv6; + var namev6; function show_add_gateway() { document.getElementById("addgateway").style.display = ''; document.getElementById("addgwbox").style.display = 'none'; @@ -2101,6 +2338,16 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" document.getElementById("gwcancel").style.display = ''; $('notebox').innerHTML=""; } + function show_add_gateway_v6() { + document.getElementById("addgatewayv6").style.display = ''; + document.getElementById("addgwboxv6").style.display = 'none'; + document.getElementById("gatewayv6").style.display = 'none'; + document.getElementById("save").style.display = 'none'; + document.getElementById("cancel").style.display = 'none'; + document.getElementById("gwsave").style.display = ''; + document.getElementById("gwcancel").style.display = ''; + $('noteboxv6').innerHTML=""; + } function hide_add_gateway() { document.getElementById("addgateway").style.display = 'none'; document.getElementById("addgwbox").style.display = ''; @@ -2110,6 +2357,15 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" document.getElementById("gwsave").style.display = ''; document.getElementById("gwcancel").style.display = ''; } + function hide_add_gateway_v6() { + document.getElementById("addgatewayv6").style.display = 'none'; + document.getElementById("addgwboxv6").style.display = ''; + document.getElementById("gatewayv6").style.display = ''; + document.getElementById("save").style.display = ''; + document.getElementById("cancel").style.display = ''; + document.getElementById("gwsave").style.display = ''; + document.getElementById("gwcancel").style.display = ''; + } function hide_add_gatewaysave() { document.getElementById("addgateway").style.display = 'none'; $('status').innerHTML = '<img src="/themes/metallic/images/misc/loader.gif"> One moment please...'; @@ -2117,10 +2373,9 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" name = $('name').getValue(); var descr = $('gatewaydescr').getValue(); gatewayip = $('gatewayip').getValue(); - addrtype = $('addrtype').getValue(); var defaultgw = $('defaultgw').getValue(); var url = "system_gateways_edit.php"; - var pars = 'isAjax=true&defaultgw=' + escape(defaultgw) + '&interface=' + escape(iface) + '&name=' + escape(name) + '&descr=' + escape(descr) + '&gateway=' + escape(gatewayip) + '&type=' + escape(addrtype); + var pars = 'isAjax=true&defaultgw=' + escape(defaultgw) + '&interface=' + escape(iface) + '&name=' + escape(name) + '&descr=' + escape(descr) + '&gateway=' + escape(gatewayip); var myAjax = new Ajax.Request( url, { @@ -2130,6 +2385,25 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" onComplete: save_callback }); } + function hide_add_gatewaysave_v6() { + document.getElementById("addgatewayv6").style.display = 'none'; + $('statusv6').innerHTML = '<img src="/themes/metallic/images/misc/loader.gif"> One moment please...'; + var iface = $F('if'); + name = $('namev6').getValue(); + var descr = $('gatewaydescrv6').getValue(); + gatewayip = $('gatewayipv6').getValue(); + var defaultgw = $('defaultgwv6').getValue(); + var url_v6 = "system_gateways_edit.php"; + var pars_v6 = 'isAjax=true&defaultgw=' + escape(defaultgw) + '&interface=' + escape(iface) + '&name=' + escape(name) + '&descr=' + escape(descr) + '&gateway=' + escape(gatewayip); + var myAjax_v6 = new Ajax.Request( + url_v6, + { + method: 'post', + parameters: pars_v6, + onFailure: report_failure_v6, + onComplete: save_callback_v6 + }); + } function addOption(selectbox,text,value) { var optn = document.createElement("OPTION"); @@ -2139,17 +2413,31 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" selectbox.selectedIndex = (selectbox.options.length-1); $('notebox').innerHTML="<p/><strong><?=gettext("NOTE:"); ?></strong> <?=gettext("You can manage Gateways"); ?> <a target='_new' href='system_gateways.php'><?=gettext("here"); ?></a>."; } + function addOption_v6(selectbox,text,value) + { + var optn = document.createElement("OPTION"); + optn.text = text; + optn.value = value; + selectbox.options.add(optn); + selectbox.selectedIndex = (selectbox.options.length-1); + $('noteboxv6').innerHTML="<p/><strong><?=gettext("NOTE:"); ?></strong> <?=gettext("You can manage Gateways"); ?> <a target='_new' href='system_gateways.php'><?=gettext("here"); ?></a>."; + } function report_failure() { - alert("Sorry, we could not create your gateway at this time."); + alert("Sorry, we could not create your IPv4 gateway at this time."); hide_add_gateway(); } + function report_failure_v6() { + alert("Sorry, we could not create your IPv6 gateway at this time."); + hide_add_gateway_v6(); + } function save_callback(transport) { var response = transport.responseText; if(response) { document.getElementById("addgateway").style.display = 'none'; hide_add_gateway(); $('status').innerHTML = ''; - addOption($('gateway'), name, name); + var gwtext = escape(name) + " - " + gatewayip; + addOption($('gateway'), gwtext, name); // Auto submit form? //document.iform.submit(); //$('status').innerHTML = '<img src="/themes/metallic/images/misc/loader.gif">'; @@ -2157,6 +2445,21 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" report_failure(); } } + function save_callback_v6(transport) { + var response_v6 = transport.responseText; + if(response_v6) { + document.getElementById("addgatewayv6").style.display = 'none'; + hide_add_gateway_v6(); + $('statusv6').innerHTML = ''; + var gwtext_v6 = escape(name) + " - " + gatewayip; + addOption_v6($('gatewayv6'), gwtext_v6, name); + // Auto submit form? + //document.iform.submit(); + //$('statusv6').innerHTML = '<img src="/themes/metallic/images/misc/loader.gif">'; + } else { + report_failure_v6(); + } + } <?php echo "show_allcfg(document.iform.enable);"; echo "updateType('{$pconfig['type']}');\n"; diff --git a/usr/local/www/interfaces_gif_edit.php b/usr/local/www/interfaces_gif_edit.php index 74fe8ee..04d22bc 100644 --- a/usr/local/www/interfaces_gif_edit.php +++ b/usr/local/www/interfaces_gif_edit.php @@ -82,8 +82,9 @@ if ($_POST) { if (isset($id) && ($a_gifs[$id]) && ($a_gifs[$id] === $gif)) continue; - if (($gif['if'] == $_POST['if']) && ($gif['tunnel-remote-net'] == $_POST['tunnel-remote-net'])) { - $input_errors[] = sprintf(gettext("A gif with the network %s is already defined."), $gif['remote-network']); + /* FIXME: needs to perform proper subnet checks in the feature */ + if (($gif['if'] == $_POST['if']) && ($gif['tunnel-remote-addr'] == $_POST['tunnel-remote-addr'])) { + $input_errors[] = sprintf(gettext("A gif with the network %s is already defined."), $gif['tunnel-remote-addr']); break; } } @@ -157,24 +158,24 @@ include("head.inc"); <tr> <td valign="top" class="vncellreq"><?=gettext("gif remote address"); ?></td> <td class="vtable"> - <input name="remote-addr" type="text" class="formfld unknown" id="remote-addr" size="16" value="<?=htmlspecialchars($pconfig['remote-addr']);?>"> + <input name="remote-addr" type="text" class="formfld unknown" id="remote-addr" size="24" value="<?=htmlspecialchars($pconfig['remote-addr']);?>"> <br> <span class="vexpl"><?=gettext("Peer address where encapsulated gif packets will be sent. "); ?></span></td> </tr> <tr> <td valign="top" class="vncellreq"><?=gettext("gif tunnel local address"); ?></td> <td class="vtable"> - <input name="tunnel-local-addr" type="text" class="formfld unknown" id="tunnel-local-addr" size="16" value="<?=htmlspecialchars($pconfig['tunnel-local-addr']);?>"> + <input name="tunnel-local-addr" type="text" class="formfld unknown" id="tunnel-local-addr" size="24" value="<?=htmlspecialchars($pconfig['tunnel-local-addr']);?>"> <br> <span class="vexpl"><?=gettext("Local gif tunnel endpoint"); ?></span></td> </tr> <tr> <td valign="top" class="vncellreq"><?=gettext("gif tunnel remote address "); ?></td> <td class="vtable"> - <input name="tunnel-remote-addr" type="text" class="formfld unknown" id="tunnel-remote-addr" size="16" value="<?=htmlspecialchars($pconfig['tunnel-remote-addr']);?>"> + <input name="tunnel-remote-addr" type="text" class="formfld unknown" id="tunnel-remote-addr" size="24" value="<?=htmlspecialchars($pconfig['tunnel-remote-addr']);?>"> <select name="tunnel-remote-net" class="formselect" id="tunnel-remote-net"> <?php - for ($i = 32; $i > 0; $i--) { + for ($i = 128; $i > 0; $i--) { if($i <> 31) { echo "<option value=\"{$i}\" "; if ($i == $pconfig['tunnel-remote-net']) echo "selected"; @@ -184,7 +185,7 @@ include("head.inc"); ?> </select> <br/> - <span class="vexpl"><?=gettext("Remote gif address endpoint. The subnet part is used for the determinig the network that is tunneled."); ?></span></td> + <span class="vexpl"><?=gettext("Remote gif address endpoint. The subnet part is used for determining the network that is tunnelled."); ?></span></td> </tr> <tr> <td valign="top" class="vncell"><?=gettext("Route caching "); ?></td> diff --git a/usr/local/www/services_dhcpv6.php b/usr/local/www/services_dhcpv6.php new file mode 100644 index 0000000..ee03adb --- /dev/null +++ b/usr/local/www/services_dhcpv6.php @@ -0,0 +1,910 @@ +<?php +/* $Id$ */ +/* + services_dhcpv6.php + parts of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + part of pfSense (http://www.pfsense.org) + Copyright (C) 2010 Seth Mos <seth.mos@dds.nl>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_BUILDER_BINARIES: /bin/rm + pfSense_MODULE: interfaces +*/ + +##|+PRIV +##|*IDENT=page-services-dhcpv6server +##|*NAME=Services: DHCPv6 server page +##|*DESCR=Allow access to the 'Services: DHCPv6 server' page. +##|*MATCH=services_dhcpv6.php* +##|-PRIV + +require("guiconfig.inc"); + +if(!$g['services_dhcp_server_enable']) { + Header("Location: /"); + exit; +} + +/* Fix failover DHCP problem + * http://article.gmane.org/gmane.comp.security.firewalls.pfsense.support/18749 + */ +ini_set("memory_limit","64M"); + +/* This function will remove entries from dhcpd.leases that would otherwise + * overlap with static DHCP reservations. If we don't clean these out, + * then DHCP will print a warning in the logs about a duplicate lease + */ +function dhcp_clean_leases() { + global $g, $config; + $leasesfile = "{$g['dhcpd_chroot_path']}/var/db/dhcpdv6.leases"; + if (!file_exists($leasesfile)) + return; + /* Build list of static MACs */ + $staticmacs = array(); + foreach($config['interfaces'] as $ifname => $ifarr) + if (is_array($config['dhcpdv6'][$ifname]['staticmap'])) + foreach($config['dhcpdv6'][$ifname]['staticmap'] as $static) + $staticmacs[] = $static['mac']; + /* Read existing leases */ + $leases_contents = explode("\n", file_get_contents($leasesfile)); + $newleases_contents = array(); + $i=0; + while ($i < count($leases_contents)) { + /* Find a lease definition */ + if (substr($leases_contents[$i], 0, 6) == "lease ") { + $templease = array(); + $thismac = ""; + /* Read to the end of the lease declaration */ + do { + if (substr($leases_contents[$i], 0, 20) == " hardware ethernet ") + $thismac = substr($leases_contents[$i], 20, 17); + $templease[] = $leases_contents[$i]; + $i++; + } while ($leases_contents[$i-1] != "}"); + /* Check for a matching MAC address and if not present, keep it. */ + if (! in_array($thismac, $staticmacs)) + $newleases_contents = array_merge($newleases_contents, $templease); + } else { + /* It's a line we want to keep, copy it over. */ + $newleases_contents[] = $leases_contents[$i]; + $i++; + } + } + /* Write out the new leases file */ + $fd = fopen($leasesfile, 'w'); + fwrite($fd, implode("\n", $newleases_contents)); + fclose($fd); +} + +$if = $_GET['if']; +if ($_POST['if']) + $if = $_POST['if']; + +/* if OLSRD is enabled, allow WAN to house DHCP. */ +if($config['installedpackages']['olsrd']) { + foreach($config['installedpackages']['olsrd']['config'] as $olsrd) { + if($olsrd['enable']) { + $is_olsr_enabled = true; + break; + } + } +} + +if (!$_GET['if']) + $savemsg = "<b>" . gettext("The DHCPv6 Server can only be enabled on interfaces configured with static IP addresses") . ".<p>" . gettext("Only interfaces configured with a static IP will be shown") . ".</p></b>"; + +$iflist = get_configured_interface_with_descr(); + +/* set the starting interface */ +if (!$if || !isset($iflist[$if])) { + foreach ($iflist as $ifent => $ifname) { + $oc = $config['interfaces'][$ifent]; + if ((is_array($config['dhcpdv6'][$ifent]) && !isset($config['dhcpdv6'][$ifent]['enable']) && (!is_ipaddrv6($oc['ipaddrv6']))) || + (!is_array($config['dhcpdv6'][$ifent]) && (!is_ipaddrv6($oc['ipaddrv6'])))) + continue; + $if = $ifent; + break; + } +} + +if (is_array($config['dhcpdv6'][$if])){ + if (is_array($config['dhcpdv6'][$if]['range'])) { + $pconfig['range_from'] = $config['dhcpdv6'][$if]['range']['from']; + $pconfig['range_to'] = $config['dhcpdv6'][$if]['range']['to']; + } + $pconfig['mode'] = $config['dhcpdv6'][$if]['mode']; + $pconfig['deftime'] = $config['dhcpdv6'][$if]['defaultleasetime']; + $pconfig['maxtime'] = $config['dhcpdv6'][$if]['maxleasetime']; + $pconfig['gateway'] = $config['dhcpdv6'][$if]['gateway']; + $pconfig['domain'] = $config['dhcpdv6'][$if]['domain']; + $pconfig['domainsearchlist'] = $config['dhcpdv6'][$if]['domainsearchlist']; + list($pconfig['wins1'],$pconfig['wins2']) = $config['dhcpdv6'][$if]['winsserver']; + list($pconfig['dns1'],$pconfig['dns2']) = $config['dhcpdv6'][$if]['dnsserver']; + $pconfig['enable'] = isset($config['dhcpdv6'][$if]['enable']); + $pconfig['denyunknown'] = isset($config['dhcpdv6'][$if]['denyunknown']); + $pconfig['staticarp'] = isset($config['dhcpdv6'][$if]['staticarp']); + $pconfig['ddnsdomain'] = $config['dhcpdv6'][$if]['ddnsdomain']; + $pconfig['ddnsupdate'] = isset($config['dhcpdv6'][$if]['ddnsupdate']); + list($pconfig['ntp1'],$pconfig['ntp2']) = $config['dhcpdv6'][$if]['ntpserver']; + $pconfig['tftp'] = $config['dhcpdv6'][$if]['tftp']; + $pconfig['ldap'] = $config['dhcpdv6'][$if]['ldap']; + $pconfig['netboot'] = isset($config['dhcpdv6'][$if]['netboot']); + $pconfig['nextserver'] = $config['dhcpdv6'][$if]['next-server']; + $pconfig['filename'] = $config['dhcpdv6'][$if]['filename']; + $pconfig['rootpath'] = $config['dhcpdv6'][$if]['rootpath']; + $pconfig['failover_peerip'] = $config['dhcpdv6'][$if]['failover_peerip']; + $pconfig['netmask'] = $config['dhcpdv6'][$if]['netmask']; + $pconfig['numberoptions'] = $config['dhcpdv6'][$if]['numberoptions']; + if (!is_array($config['dhcpdv6'][$if]['staticmap'])) + $config['dhcpdv6'][$if]['staticmap'] = array(); + $a_maps = &$config['dhcpdv6'][$if]['staticmap']; +} + +$ifcfgip = get_interface_ipv6($if); +$ifcfgsn = get_interface_subnetv6($if); + +/* set the enabled flag which will tell us if DHCP relay is enabled + * on any interface. We will use this to disable DHCP server since + * the two are not compatible with each other. + */ + +$dhcrelay_enabled = false; +$dhcrelaycfg = $config['dhcrelay']; + +if(is_array($dhcrelaycfg)) { + foreach ($dhcrelaycfg as $dhcrelayif => $dhcrelayifconf) { + if (isset($dhcrelayifconf['enable']) && isset($iflist[$dhcrelayif]) && + (!link_interface_to_bridge($dhcrelayif))) + $dhcrelay_enabled = true; + } +} + +/* FIXME needs v6 code, use in subnet v6? */ +function is_inrange($test, $start, $end) { + if ( (ip2ulong($test) < ip2ulong($end)) && (ip2ulong($test) > ip2ulong($start)) ) + return true; + else + return false; +} + +$modes = array("unmanaged" => "Unmanaged", "managed" => "Managed", "assist" => "Assisted"); + +if ($_POST) { + + unset($input_errors); + + $pconfig = $_POST; + + $numberoptions = array(); + for($x=0; $x<99; $x++) { + if(isset($_POST["number{$x}"]) && ctype_digit($_POST["number{$x}"])) { + $numbervalue = array(); + $numbervalue['number'] = htmlspecialchars($_POST["number{$x}"]); + $numbervalue['value'] = htmlspecialchars($_POST["value{$x}"]); + $numberoptions['item'][] = $numbervalue; + } + } + // Reload the new pconfig variable that the forum uses. + $pconfig['numberoptions'] = $numberoptions; + + /* input validation */ + if ($_POST['enable']) { + $reqdfields = explode(" ", "range_from range_to"); + $reqdfieldsn = array(gettext("Range begin"),gettext("Range end")); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['range_from'] && !is_ipaddrv6($_POST['range_from']))) + $input_errors[] = gettext("A valid range must be specified."); + if (($_POST['range_to'] && !is_ipaddrv6($_POST['range_to']))) + $input_errors[] = gettext("A valid range must be specified."); + if (($_POST['gateway'] && !is_ipaddrv6($_POST['gateway']))) + $input_errors[] = gettext("A valid IPv6 address must be specified for the gateway."); + if (($_POST['dns1'] && !is_ipaddrv6($_POST['dns1'])) || ($_POST['dns2'] && !is_ipaddrv6($_POST['dns2']))) + $input_errors[] = gettext("A valid IPv6 address must be specified for the primary/secondary DNS servers."); + + if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || ($_POST['deftime'] < 60))) + $input_errors[] = gettext("The default lease time must be at least 60 seconds."); + if ($_POST['maxtime'] && (!is_numeric($_POST['maxtime']) || ($_POST['maxtime'] < 60) || ($_POST['maxtime'] <= $_POST['deftime']))) + $input_errors[] = gettext("The maximum lease time must be at least 60 seconds and higher than the default lease time."); + if (($_POST['ddnsdomain'] && !is_domain($_POST['ddnsdomain']))) + $input_errors[] = gettext("A valid domain name must be specified for the dynamic DNS registration."); + if (($_POST['ntp1'] && !is_ipaddrv6($_POST['ntp1'])) || ($_POST['ntp2'] && !is_ipaddrv6($_POST['ntp2']))) + $input_errors[] = gettext("A valid IPv6 address must be specified for the primary/secondary NTP servers."); + if (($_POST['domain'] && !is_domain($_POST['domain']))) + $input_errors[] = gettext("A valid domain name must be specified for the DNS domain."); + if ($_POST['tftp'] && !is_ipaddr($_POST['tftp']) && !is_domain($_POST['tftp']) && !is_URL($_POST['tftp'])) + $input_errors[] = gettext("A valid IPv6 address or hostname must be specified for the TFTP server."); + if (($_POST['nextserver'] && !is_ipaddrv6($_POST['nextserver']))) + $input_errors[] = gettext("A valid IPv6 address must be specified for the network boot server."); + + if(gen_subnet($ifcfgip, $ifcfgsn) == $_POST['range_from']) + $input_errors[] = gettext("You cannot use the network address in the starting subnet range."); + if(gen_subnet_max($ifcfgip, $ifcfgsn) == $_POST['range_to']) + $input_errors[] = gettext("You cannot use the broadcast address in the ending subnet range."); + + // Disallow a range that includes the virtualip + if (is_array($config['virtualip']['vip'])) { + foreach($config['virtualip']['vip'] as $vip) { + if($vip['interface'] == $if) + if($vip['subnetv6'] && is_inrange($vip['subnetv6'], $_POST['range_from'], $_POST['range_to'])) + $input_errors[] = sprintf(gettext("The subnet range cannot overlap with virtual IPv6 address %s."),$vip['subnetv6']); + } + } + + $noip = false; + if(is_array($a_maps)) + foreach ($a_maps as $map) + if (empty($map['ipaddrv6'])) + $noip = true; + if ($_POST['staticarp'] && $noip) + $input_errors[] = "Cannot enable static ARP when you have static map entries without IP addresses. Ensure all static maps have IPv6 addresses and try again."; + + if (!$input_errors) { + /* make sure the range lies within the current subnet */ + /* FIXME change for ipv6 subnet */ + $subnet_start = gen_subnetv6($ifcfgip, $ifcfgsn); + $subnet_end = gen_subnetv6_max($ifcfgip, $ifcfgsn); + + if((! ip_in_subnet($_POST['range_from'], $subnet_start)) || (! ip_in_subnet($_POST['range_to'], $subnet_start))) { + $input_errors[] = gettext("The specified range lies outside of the current subnet."); + } + + /* no idea how to do this yet + if (ip2ulong($_POST['range_from']) > ip2ulong($_POST['range_to'])) + $input_errors[] = gettext("The range is invalid (first element higher than second element)."); + */ + + /* make sure that the DHCP Relay isn't enabled on this interface */ + if (isset($config['dhcrelay'][$if]['enable'])) + $input_errors[] = sprintf(gettext("You must disable the DHCP relay on the %s interface before enabling the DHCP server."),$iflist[$if]); + + // $dynsubnet_start = ip2ulong($_POST['range_from']); + // $dynsubnet_end = ip2ulong($_POST['range_to']); + /* FIX later. + if(is_array($a_maps)) { + foreach ($a_maps as $map) { + if (empty($map['ipaddrv6'])) + continue; + if ((ip2ulong($map['ipaddrv6']) > $dynsubnet_start) && + (ip2ulong($map['ipaddr']) < $dynsubnet_end)) { + $input_errors[] = sprintf(gettext("The DHCP range cannot overlap any static DHCP mappings.")); + break; + } + } + } + */ + } + } + + if (!$input_errors) { + if (!is_array($config['dhcpdv6'][$if])) + $config['dhcpdv6'][$if] = array(); + if (!is_array($config['dhcpdv6'][$if]['range'])) + $config['dhcpdv6'][$if]['range'] = array(); + + $config['dhcpdv6'][$if]['mode'] = $_POST['mode']; + $config['dhcpdv6'][$if]['range']['from'] = $_POST['range_from']; + $config['dhcpdv6'][$if]['range']['to'] = $_POST['range_to']; + $config['dhcpdv6'][$if]['defaultleasetime'] = $_POST['deftime']; + $config['dhcpdv6'][$if]['maxleasetime'] = $_POST['maxtime']; + $config['dhcpdv6'][$if]['netmask'] = $_POST['netmask']; + $previous = $config['dhcpdv6'][$if]['failover_peerip']; + if($previous <> $_POST['failover_peerip']) + mwexec("/bin/rm -rf /var/dhcpd/var/db/*"); + + $config['dhcpdv6'][$if]['failover_peerip'] = $_POST['failover_peerip']; + + unset($config['dhcpdv6'][$if]['winsserver']); + + unset($config['dhcpdv6'][$if]['dnsserver']); + if ($_POST['dns1']) + $config['dhcpdv6'][$if]['dnsserver'][] = $_POST['dns1']; + if ($_POST['dns2']) + $config['dhcpdv6'][$if]['dnsserver'][] = $_POST['dns2']; + + $config['dhcpdv6'][$if]['gateway'] = $_POST['gateway']; + $config['dhcpdv6'][$if]['domain'] = $_POST['domain']; + $config['dhcpdv6'][$if]['domainsearchlist'] = $_POST['domainsearchlist']; + $config['dhcpdv6'][$if]['denyunknown'] = ($_POST['denyunknown']) ? true : false; + $config['dhcpdv6'][$if]['enable'] = ($_POST['enable']) ? true : false; + $config['dhcpdv6'][$if]['staticarp'] = ($_POST['staticarp']) ? true : false; + $config['dhcpdv6'][$if]['ddnsdomain'] = $_POST['ddnsdomain']; + $config['dhcpdv6'][$if]['ddnsupdate'] = ($_POST['ddnsupdate']) ? true : false; + + unset($config['dhcpdv6'][$if]['ntpserver']); + if ($_POST['ntp1']) + $config['dhcpdv6'][$if]['ntpserver'][] = $_POST['ntp1']; + if ($_POST['ntp2']) + $config['dhcpdv6'][$if]['ntpserver'][] = $_POST['ntp2']; + + $config['dhcpdv6'][$if]['tftp'] = $_POST['tftp']; + $config['dhcpdv6'][$if]['ldap'] = $_POST['ldap']; + $config['dhcpdv6'][$if]['netboot'] = ($_POST['netboot']) ? true : false; + $config['dhcpdv6'][$if]['next-server'] = $_POST['nextserver']; + $config['dhcpdv6'][$if]['filename'] = $_POST['filename']; + $config['dhcpdv6'][$if]['rootpath'] = $_POST['rootpath']; + + // Handle the custom options rowhelper + if(isset($config['dhcpdv6'][$if]['numberoptions']['item'])) + unset($config['dhcpdv6'][$if]['numberoptions']['item']); + + $config['dhcpdv6'][$if]['numberoptions'] = $numberoptions; + + write_config(); + + $retval = 0; + $retvaldhcp = 0; + $retvaldns = 0; + /* Stop DHCPv6 so we can cleanup leases */ + killbyname("dhcpdv6"); + dhcp_clean_leases(); + /* dnsmasq_configure calls dhcpd_configure */ + /* no need to restart dhcpd twice */ + if (isset($config['dnsmasq']['regdhcpstatic'])) { + $retvaldns = services_dnsmasq_configure(); + if ($retvaldns == 0) { + clear_subsystem_dirty('hosts'); + clear_subsystem_dirty('staticmaps'); + } + } else { + $retvaldhcp = services_dhcpd_configure(); + if ($retvaldhcp == 0) + clear_subsystem_dirty('staticmaps'); + } + if($retvaldhcp == 1 || $retvaldns == 1) + $retval = 1; + $savemsg = get_std_save_message($retval); + } +} + +if ($_GET['act'] == "del") { + if ($a_maps[$_GET['id']]) { + unset($a_maps[$_GET['id']]); + write_config(); + if(isset($config['dhcpdv6'][$if]['enable'])) { + mark_subsystem_dirty('staticmapsv6'); + if (isset($config['dnsmasq']['regdhcpstaticv6'])) + mark_subsystem_dirty('hosts'); + } + header("Location: services_dhcpv6.php?if={$if}"); + exit; + } +} + +$pgtitle = array(gettext("Services"),gettext("DHCPv6 server")); +$statusurl = "status_dhcp_leases.php"; +$logurl = "diag_logs_dhcp.php"; + +include("head.inc"); + +?> + +<script type="text/javascript" src="/javascript/row_helper.js"> +</script> + +<script type="text/javascript"> + rowname[0] = "number"; + rowtype[0] = "textbox"; + rowsize[0] = "10"; + rowname[1] = "value"; + rowtype[1] = "textbox"; + rowsize[1] = "55"; +</script> + +<script type="text/javascript" language="JavaScript"> + function enable_change(disableFields) { + var disableFields = (document.iform.mode.value=='unmanaged' || !document.iform.enable.checked); + document.iform.range_from.disabled = disableFields; + document.iform.range_to.disabled = disableFields; + document.iform.dns1.disabled = disableFields; + document.iform.dns2.disabled = disableFields; + document.iform.deftime.disabled = disableFields; + document.iform.maxtime.disabled = disableFields; + document.iform.gateway.disabled = disableFields; + document.iform.failover_peerip.disabled = disableFields; + document.iform.domain.disabled = disableFields; + document.iform.domainsearchlist.disabled = disableFields; + document.iform.staticarp.disabled = disableFields; + document.iform.ddnsdomain.disabled = disableFields; + document.iform.ddnsupdate.disabled = disableFields; + document.iform.ntp1.disabled = disableFields; + document.iform.ntp2.disabled = disableFields; + document.iform.tftp.disabled = disableFields; + document.iform.ldap.disabled = disableFields; + document.iform.netboot.disabled = disableFields; + document.iform.nextserver.disabled = disableFields; + document.iform.filename.disabled = disableFields; + document.iform.rootpath.disabled = disableFields; + document.iform.denyunknown.disabled = disableFields; + } + + function show_shownumbervalue() { + document.getElementById("shownumbervaluebox").innerHTML=''; + aodiv = document.getElementById('shownumbervalue'); + aodiv.style.display = "block"; + } + + function show_ddns_config() { + document.getElementById("showddnsbox").innerHTML=''; + aodiv = document.getElementById('showddns'); + aodiv.style.display = "block"; + } + + function show_ntp_config() { + document.getElementById("showntpbox").innerHTML=''; + aodiv = document.getElementById('showntp'); + aodiv.style.display = "block"; + } + + function show_tftp_config() { + document.getElementById("showtftpbox").innerHTML=''; + aodiv = document.getElementById('showtftp'); + aodiv.style.display = "block"; + } + + function show_ldap_config() { + document.getElementById("showldapbox").innerHTML=''; + aodiv = document.getElementById('showldap'); + aodiv.style.display = "block"; + } + + function show_netboot_config() { + document.getElementById("shownetbootbox").innerHTML=''; + aodiv = document.getElementById('shownetboot'); + aodiv.style.display = "block"; + } +</script> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<form action="services_dhcpv6.php" method="post" name="iform" id="iform"> +<?php if ($input_errors) print_input_errors($input_errors); ?> +<?php if ($savemsg) print_info_box($savemsg); ?> +<?php + if ($dhcrelay_enabled) { + echo gettext("DHCP Relay is currently enabled. Cannot enable the DHCP Server service while the DHCP Relay is enabled on any interface."); + include("fend.inc"); + echo "</body>"; + echo "</html>"; + exit; + } +?> +<?php if (is_subsystem_dirty('staticmaps')): ?><p> +<?php print_info_box_np(gettext("The static mapping configuration has been changed") . ".<br>" . gettext("You must apply the changes in order for them to take effect."));?><br> +<?php endif; ?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + /* active tabs */ + $tab_array = array(); + $tabscounter = 0; + $i = 0; + foreach ($iflist as $ifent => $ifname) { + $oc = $config['interfaces'][$ifent]; + if ((is_array($config['dhcpdv6'][$ifent]) && !isset($config['dhcpdv6'][$ifent]['enable']) && (!is_ipaddrv6($oc['ipaddrv6']))) || + (!is_array($config['dhcpdv6'][$ifent]) && (!is_ipaddrv6($oc['ipaddrv6'])))) + continue; + if ($ifent == $if) + $active = true; + else + $active = false; + $tab_array[] = array($ifname, $active, "services_dhcpv6.php?if={$ifent}"); + $tabscounter++; + } + if ($tabscounter == 0) { + echo "</td></tr></table></form>"; + include("fend.inc"); + echo "</body>"; + echo "</html>"; + exit; + } + display_top_tabs($tab_array); +?> +</td></tr> +<tr> +<td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width="22%" valign="top" class="vtable"> </td> + <td width="78%" class="vtable"> + <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change();"> + <strong><?php printf(gettext("Enable DHCPv6 server on " . + "%s " . + "interface"),htmlspecialchars($iflist[$if]));?></strong></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Operating Mode");?></td> + <td width="78%" class="vtable"> + <select name="mode" id="mode" onchange="enable_change();"> + <?php foreach($modes as $name => $value) { ?> + <option value="<?=$name ?>" <?php if ($pconfig['mode'] == $name) echo "selected"; ?> > <?=$value ?></option> + <?php } ?> + </select><br /> + <strong><?php printf(gettext("Select the Operating Mode. Use Unmanaged for Router Advertising only, Managed for DHCPv6 only, Assisted for Combined"));?></strong></td> + </tr> + <tr> + <td width="22%" valign="top" class="vtable"> </td> + <td width="78%" class="vtable"> + <input name="denyunknown" id="denyunknown" type="checkbox" value="yes" <?php if ($pconfig['denyunknown']) echo "checked"; ?>> + <strong><?=gettext("Deny unknown clients");?></strong><br> + <?=gettext("If this is checked, only the clients defined below will get DHCP leases from this server. ");?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Subnet");?></td> + <td width="78%" class="vtable"> + <?=gen_subnetv6($ifcfgip, $ifcfgsn);?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Subnet mask");?></td> + <td width="78%" class="vtable"> + <?=$ifcfgsn;?> bits + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Available range");?></td> + <td width="78%" class="vtable"> + <?php + $range_from = gen_subnetv6($ifcfgip, $ifcfgsn); + $range_from++; + echo $range_from; + + ?> + - + <?php + /* FIXME end of subnet calculation here */ + $range_to = gen_subnetv6_max($ifcfgip, $ifcfgsn);; + echo $range_to; + ?> + </td> + </tr> + <?php if($is_olsr_enabled): ?> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Subnet Mask");?></td> + <td width="78%" class="vtable"> + <select name="netmask" class="formselect" id="netmask"> + <?php + for ($i = 128; $i > 0; $i--) { + if($i <> 127) { + echo "<option value=\"{$i}\" "; + if ($i == $pconfig['netmask']) echo "selected"; + echo ">" . $i . "</option>"; + } + } + ?> + </select> + </td> + </tr> + <?php endif; ?> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Range");?></td> + <td width="78%" class="vtable"> + <input name="range_from" type="text" class="formfld unknown" id="range_from" size="28" value="<?=htmlspecialchars($pconfig['range_from']);?>"> + <?=gettext("to"); ?> <input name="range_to" type="text" class="formfld unknown" id="range_to" size="28" value="<?=htmlspecialchars($pconfig['range_to']);?>"> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("DNS servers");?></td> + <td width="78%" class="vtable"> + <input name="dns1" type="text" class="formfld unknown" id="dns1" size="28" value="<?=htmlspecialchars($pconfig['dns1']);?>"><br> + <input name="dns2" type="text" class="formfld unknown" id="dns2" size="28" value="<?=htmlspecialchars($pconfig['dns2']);?>"><br> + <?=gettext("NOTE: leave blank to use the system default DNS servers - this interface's IP if DNS forwarder is enabled, otherwise the servers configured on the General page.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Gateway");?></td> + <td width="78%" class="vtable"> + <input name="gateway" type="text" class="formfld host" id="gateway" size="28" value="<?=htmlspecialchars($pconfig['gateway']);?>"><br> + <?=gettext("The default is to use the IP on this interface of the firewall as the gateway. Specify an alternate gateway here if this is not the correct gateway for your network.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Domain name");?></td> + <td width="78%" class="vtable"> + <input name="domain" type="text" class="formfld unknown" id="domain" size="28" value="<?=htmlspecialchars($pconfig['domain']);?>"><br> + <?=gettext("The default is to use the domain name of this system as the default domain name provided by DHCP. You may specify an alternate domain name here.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Domain search list");?></td> + <td width="78%" class="vtable"> + <input name="domainsearchlist" type="text" class="formfld unknown" id="domainsearchlist" size="28" value="<?=htmlspecialchars($pconfig['domainsearchlist']);?>"><br> + <?=gettext("The DHCP server can optionally provide a domain search list.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Default lease time");?></td> + <td width="78%" class="vtable"> + <input name="deftime" type="text" class="formfld unknown" id="deftime" size="10" value="<?=htmlspecialchars($pconfig['deftime']);?>"> + <?=gettext("seconds");?><br> + <?=gettext("This is used for clients that do not ask for a specific " . + "expiration time."); ?><br> + <?=gettext("The default is 7200 seconds.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Maximum lease time");?></td> + <td width="78%" class="vtable"> + <input name="maxtime" type="text" class="formfld unknown" id="maxtime" size="10" value="<?=htmlspecialchars($pconfig['maxtime']);?>"> + <?=gettext("seconds");?><br> + <?=gettext("This is the maximum lease time for clients that ask". + " for a specific expiration time."); ?><br> + <?=gettext("The default is 86400 seconds.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Failover peer IP:");?></td> + <td width="78%" class="vtable"> + <input name="failover_peerip" type="text" class="formfld host" id="failover_peerip" size="28" value="<?=htmlspecialchars($pconfig['failover_peerip']);?>"><br> + <?=gettext("Leave blank to disable. Enter the interface IP address of the other machine. Machines must be using CARP.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Static ARP");?></td> + <td width="78%" class="vtable"> + <table> + <tr> + <td> + <input valign="middle" type="checkbox" value="yes" name="staticarp" id="staticarp" <?php if($pconfig['staticarp']) echo " checked"; ?>> + </td> + <td><b><?=gettext("Enable Static ARP entries");?></b></td> + </tr> + <tr> + <td> </td> + <td> + <span class="red"><strong><?=gettext("Note:");?></strong></span> <?=gettext("Only the machines listed below will be able to communicate with the firewall on this NIC.");?> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Dynamic DNS");?></td> + <td width="78%" class="vtable"> + <div id="showddnsbox"> + <input type="button" onClick="show_ddns_config()" value="<?=gettext("Advanced");?>"></input> - <?=gettext("Show Dynamic DNS");?></a> + </div> + <div id="showddns" style="display:none"> + <input valign="middle" type="checkbox" value="yes" name="ddnsupdate" id="ddnsupdate" <?php if($pconfig['ddnsupdate']) echo " checked"; ?>> + <b><?=gettext("Enable registration of DHCP client names in DNS.");?></b><br /> + <p> + <input name="ddnsdomain" type="text" class="formfld unknown" id="ddnsdomain" size="28" value="<?=htmlspecialchars($pconfig['ddnsdomain']);?>"><br /> + <?=gettext("Note: Leave blank to disable dynamic DNS registration.");?><br /> + <?=gettext("Enter the dynamic DNS domain which will be used to register client names in the DNS server.");?> + </div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("NTP servers");?></td> + <td width="78%" class="vtable"> + <div id="showntpbox"> + <input type="button" onClick="show_ntp_config()" value="<?=gettext("Advanced");?>"></input> - <?=gettext("Show NTP configuration");?></a> + </div> + <div id="showntp" style="display:none"> + <input name="ntp1" type="text" class="formfld unknown" id="ntp1" size="28" value="<?=htmlspecialchars($pconfig['ntp1']);?>"><br> + <input name="ntp2" type="text" class="formfld unknown" id="ntp2" size="28" value="<?=htmlspecialchars($pconfig['ntp2']);?>"> + </div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("TFTP server");?></td> + <td width="78%" class="vtable"> + <div id="showtftpbox"> + <input type="button" onClick="show_tftp_config()" value="<?=gettext("Advanced");?>"></input> - <?=gettext("Show TFTP configuration");?></a> + </div> + <div id="showtftp" style="display:none"> + <input name="tftp" type="text" class="formfld unknown" id="tftp" size="50" value="<?=htmlspecialchars($pconfig['tftp']);?>"><br> + <?=gettext("Leave blank to disable. Enter a full hostname or IP for the TFTP server.");?> + </div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("LDAP URI");?></td> + <td width="78%" class="vtable"> + <div id="showldapbox"> + <input type="button" onClick="show_ldap_config()" value="<?=gettext("Advanced");?>"></input> - <?=gettext("Show LDAP configuration");?></a> + </div> + <div id="showldap" style="display:none"> + <input name="ldap" type="text" class="formfld unknown" id="ldap" size="80" value="<?=htmlspecialchars($pconfig['ldap']);?>"><br> + <?=gettext("Leave blank to disable. Enter a full URI for the LDAP server in the form ldap://ldap.example.com/dc=example,dc=com");?> + </div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Enable network booting");?></td> + <td width="78%" class="vtable"> + <div id="shownetbootbox"> + <input type="button" onClick="show_netboot_config()" value="<?=gettext("Advanced");?>"></input> - <?=gettext("Show Network booting");?></a> + </div> + <div id="shownetboot" style="display:none"> + <input valign="middle" type="checkbox" value="yes" name="netboot" id="netboot" <?php if($pconfig['netboot']) echo " checked"; ?>> + <b><?=gettext("Enables network booting.");?></b> + <p> + <?=gettext("Enter the IP of the"); ?> <b><?=gettext("next-server"); ?></b> + <input name="nextserver" type="text" class="formfld unknown" id="nextserver" size="28" value="<?=htmlspecialchars($pconfig['nextserver']);?>"> + <?=gettext("and the filename");?> + <input name="filename" type="text" class="formfld unknown" id="filename" size="28" value="<?=htmlspecialchars($pconfig['filename']);?>"><br> + <?=gettext("Note: You need both a filename and a boot server configured for this to work!");?> + <p> + <?=gettext("Enter the"); ?> <b><?=gettext("root-path"); ?></b>-<?=gettext("string");?> + <input name="rootpath" type="text" class="formfld unknown" id="rootpath" size="90" value="<?=htmlspecialchars($pconfig['rootpath']);?>"><br> + <?=gettext("Note: string-format: iscsi:(servername):(protocol):(port):(LUN):targetname");?> + </div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Additional BOOTP/DHCP Options");?></td> + <td width="78%" class="vtable"> + <div id="shownumbervaluebox"> + <input type="button" onClick="show_shownumbervalue()" value="<?=gettext("Advanced");?>"></input> - <?=gettext("Show Additional BOOTP/DHCP Options");?></a> + </div> + <div id="shownumbervalue" style="display:none"> + <table id="maintable"> + <tbody> + <tr> + <td colspan="3"> + <div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #000066; background-color: #ffffff; color: #000000; font-size: 8pt;" id="itemhelp"> + <?=gettext("Enter the DHCP option number and the value for each item you would like to include in the DHCP lease information. For a list of available options please visit this"); ?> <a href="http://www.iana.org/assignments/bootp-dhcp-parameters/" target="_new"><?=gettext("URL"); ?></a> + </div> + </td> + </tr> + <tr> + <td><div id="onecolumn"><?=gettext("Number");?></div></td> + <td><div id="twocolumn"><?=gettext("Value");?></div></td> + </tr> + <?php $counter = 0; ?> + <?php + if($pconfig['numberoptions']) + foreach($pconfig['numberoptions']['item'] as $item): + ?> + <?php + $number = $item['number']; + $value = $item['value']; + ?> + <tr> + <td> + <input autocomplete="off" name="number<?php echo $counter; ?>" type="text" class="formfld" id="number<?php echo $counter; ?>" size="10" value="<?=htmlspecialchars($number);?>" /> + </td> + <td> + <input autocomplete="off" name="value<?php echo $counter; ?>" type="text" class="formfld" id="value<?php echo $counter; ?>" size="55" value="<?=htmlspecialchars($value);?>" /> + </td> + <td> + <input type="image" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" onclick="removeRow(this); return false;" value="<?=gettext("Delete");?>" /> + </td> + </tr> + <?php $counter++; ?> + <?php endforeach; ?> + </tbody> + <tfoot> + </tfoot> + </table> + <a onclick="javascript:addRowTo('maintable', 'formfldalias'); return false;" href="#"> + <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="<?=gettext("add another entry");?>" /> + </a> + <script type="text/javascript"> + field_counter_js = 2; + rows = 1; + totalrows = <?php echo $counter; ?>; + loaded = <?php echo $counter; ?>; + </script> + </div> + + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="if" type="hidden" value="<?=$if;?>"> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" onclick="enable_change()"> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> <p><span class="vexpl"><span class="red"><strong><?=gettext("Note:");?><br> + </strong></span><?=gettext("The DNS servers entered in"); ?> <a href="system.php"><?=gettext("System: " . + "General setup"); ?></a> <?=gettext("(or the"); ?> <a href="services_dnsmasq.php"><?=gettext("DNS " . + "forwarder"); ?></a>, <?=gettext("if enabled)"); ?> </span><span class="vexpl"><?=gettext("will " . + "be assigned to clients by the DHCP server."); ?><br> + <br> + <?=gettext("The DHCP lease table can be viewed on the"); ?> <a href="status_dhcp_leases.php"><?=gettext("Status: " . + "DHCP leases"); ?></a> <?=gettext("page."); ?><br> + </span></p> + </td> + </tr> + </table> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="25%" class="listhdrr"><?=gettext("MAC address");?></td> + <td width="15%" class="listhdrr"><?=gettext("IP address");?></td> + <td width="20%" class="listhdrr"><?=gettext("Hostname");?></td> + <td width="30%" class="listhdr"><?=gettext("Description");?></td> + <td width="10%" class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle" width="17"></td> + <td valign="middle"><a href="services_dhcpv6_edit.php?if=<?=$if;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> + <?php if(is_array($a_maps)): ?> + <?php $i = 0; foreach ($a_maps as $mapent): ?> + <?php if($mapent['mac'] <> "" or $mapent['ipaddr'] <> ""): ?> + <tr> + <td class="listlr" ondblclick="document.location='services_dhcpv6_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> + <?=htmlspecialchars($mapent['mac']);?> + </td> + <td class="listr" ondblclick="document.location='services_dhcpv6_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> + <?=htmlspecialchars($mapent['ipaddrv6']);?> + </td> + <td class="listr" ondblclick="document.location='services_dhcpv6_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> + <?=htmlspecialchars($mapent['hostname']);?> + </td> + <td class="listbg" ondblclick="document.location='services_dhcpv6_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> + <?=htmlspecialchars($mapent['descr']);?> + </td> + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"><a href="services_dhcpv6_edit.php?if=<?=$if;?>&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="services_dhcpv6.php?if=<?=$if;?>&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> + <?php endif; ?> + <?php $i++; endforeach; ?> + <?php endif; ?> + <tr> + <td class="list" colspan="4"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle" width="17"></td> + <td valign="middle"><a href="services_dhcpv6_edit.php?if=<?=$if;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> + </table> + </div> +</td> +</tr> +</table> +</form> +<script language="JavaScript"> +<!-- +enable_change(false); +//--> +</script> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/usr/local/www/services_dhcpv6_edit.php b/usr/local/www/services_dhcpv6_edit.php new file mode 100644 index 0000000..5ff0dcf --- /dev/null +++ b/usr/local/www/services_dhcpv6_edit.php @@ -0,0 +1,254 @@ +<?php +/* $Id$ */ +/* + services_dhcpv6_edit.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2011 Seth Mos <seth.mos@dds.nl>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_BUILDER_BINARIES: /usr/sbin/arp + pfSense_MODULE: dhcpserver +*/ + +##|+PRIV +##|*IDENT=page-services-dhcpserverv6-editstaticmapping +##|*NAME=Services: DHCPv6 Server : Edit static mapping page +##|*DESCR=Allow access to the 'Services: DHCPv6 Server : Edit static mapping' page. +##|*MATCH=services_dhcpv6_edit.php* +##|-PRIV + +function staticmapcmp($a, $b) { + return ipcmp($a['ipaddrv6'], $b['ipaddrv6']); +} + +function staticmaps_sort($ifgui) { + global $g, $config; + + usort($config['dhcpdv6'][$ifgui]['staticmap'], "staticmapcmp"); +} + +require_once('globals.inc'); + +if(!$g['services_dhcp_server_enable']) { + Header("Location: /"); + exit; +} + +require("guiconfig.inc"); + +$if = $_GET['if']; +if ($_POST['if']) + $if = $_POST['if']; + +if (!$if) { + header("Location: services_dhcpv6.php"); + exit; +} + +if (!is_array($config['dhcpdv6'][$if]['staticmap'])) { + $config['dhcpdv6'][$if]['staticmap'] = array(); +} + +$static_arp_enabled=isset($config['dhcpdv6'][$if]['staticarp']); +$netboot_enabled=isset($config['dhcpdv6'][$if]['netboot']); +$a_maps = &$config['dhcpdv6'][$if]['staticmap']; +$ifcfgipv6 = get_interface_ipv6($if); +$ifcfgsnv6 = get_interface_subnetv6($if); +$ifcfgdescr = convert_friendly_interface_to_friendly_descr($if); + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_maps[$id]) { + $pconfig['mac'] = $a_maps[$id]['mac']; + $pconfig['hostname'] = $a_maps[$id]['hostname']; + $pconfig['ipaddrv6'] = $a_maps[$id]['ipaddrv6']; + $pconfig['netbootfile'] = $a_maps[$id]['netbootfile']; + $pconfig['descr'] = $a_maps[$id]['descr']; +} else { + $pconfig['mac'] = $_GET['mac']; + $pconfig['hostname'] = $_GET['hostname']; + $pconfig['netbootfile'] = $_GET['netbootfile']; + $pconfig['descr'] = $_GET['descr']; +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "mac"); + $reqdfieldsn = array(gettext("MAC address")); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + /* normalize MAC addresses - lowercase and convert Windows-ized hyphenated MACs to colon delimited */ + $_POST['mac'] = strtolower(str_replace("-", ":", $_POST['mac'])); + + if ($_POST['hostname']) { + preg_match("/^[0-9]/", $_POST['hostname'], $matches); + if($matches) + $input_errors[] = gettext("The hostname cannot start with a numeric character according to RFC952"); + preg_match("/\-\$/", $_POST['hostname'], $matches); + if($matches) + $input_errors[] = gettext("The hostname cannot end with a hyphen according to RFC952"); + if (!is_hostname($_POST['hostname'])) { + $input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'."); + } else { + if (strpos($_POST['hostname'],'.')) { + $input_errors[] = gettext("A valid hostname is specified, but the domain name part should be omitted"); + } + } + } + if (($_POST['ipaddrv6'] && !is_ipaddrv6($_POST['ipaddrv6']))) { + $input_errors[] = gettext("A valid IPv6 address must be specified."); + } + if (($_POST['mac'] && !is_macaddr($_POST['mac']))) { + $input_errors[] = gettext("A valid MAC address must be specified."); + } + if($static_arp_enabled && !$_POST['ipaddrv6']) { + $input_errors[] = gettext("Static ARP is enabled. You must specify an IPv6 address."); + } + + /* check for overlaps */ + foreach ($a_maps as $mapent) { + if (isset($id) && ($a_maps[$id]) && ($a_maps[$id] === $mapent)) + continue; + + if ((($mapent['hostname'] == $_POST['hostname']) && $mapent['hostname']) || ($mapent['mac'] == $_POST['mac'])) { + $input_errors[] = gettext("This Hostname, IP or MAC address already exists."); + break; + } + } + + /* make sure it's not within the dynamic subnet */ + if ($_POST['ipaddrv6']) { + /* oh boy, we need to be able to somehow do this at some point. skip */ + } + + if (!$input_errors) { + $mapent = array(); + $mapent['mac'] = $_POST['mac']; + $mapent['ipaddrv6'] = $_POST['ipaddrv6']; + $mapent['hostname'] = $_POST['hostname']; + $mapent['descr'] = $_POST['descr']; + $mapent['netbootfile'] = $_POST['netbootfile']; + + if (isset($id) && $a_maps[$id]) + $a_maps[$id] = $mapent; + else + $a_maps[] = $mapent; + staticmaps_sort($if); + + write_config(); + + if(isset($config['dhcpdv6'][$if]['enable'])) { + mark_subsystem_dirty('staticmaps'); + if (isset($config['dnsmasq']['regdhcpstatic'])) + mark_subsystem_dirty('hosts'); + } + + header("Location: services_dhcpv6.php?if={$if}"); + exit; + } +} + +$pgtitle = array(gettext("Services"),gettext("DHCPv6"),gettext("Edit static mapping")); +$statusurl = "status_dhcpv6_leases.php"; +$logurl = "diag_logs_dhcp.php"; + +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<?php if ($input_errors) print_input_errors($input_errors); ?> + <form action="services_dhcpv6_edit.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Static DHCPv6 Mapping");?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("MAC address");?></td> + <td width="78%" class="vtable"> + <input name="mac" type="text" class="formfld unknown" id="mac" size="30" value="<?=htmlspecialchars($pconfig['mac']);?>"> + <?php + $ip = getenv('REMOTE_ADDR'); + $mac = `/usr/sbin/arp -an | grep {$ip} | cut -d" " -f4`; + $mac = str_replace("\n","",$mac); + ?> + <a OnClick="document.forms[0].mac.value='<?=$mac?>';" href="#"><?=gettext("Copy my MAC address");?></a> + <br> + <span class="vexpl"><?=gettext("Enter a MAC address in the following format: ". + "xx:xx:xx:xx:xx:xx");?></span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("IPv6 address");?></td> + <td width="78%" class="vtable"> + <input name="ipaddrv6" type="text" class="formfld unknown" id="ipaddrv6" size="28" value="<?=htmlspecialchars($pconfig['ipaddrv6']);?>"> + <br> + <?=gettext("If no IPv6 address is given, one will be dynamically allocated from the pool.");?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Hostname");?></td> + <td width="78%" class="vtable"> + <input name="hostname" type="text" class="formfld unknown" id="hostname" size="28" value="<?=htmlspecialchars($pconfig['hostname']);?>"> + <br> <span class="vexpl"><?=gettext("Name of the host, without domain part.");?></span></td> + </tr> + <?php if($netboot_enabled) { ?> + <tr> + <td width="22%" valign="top" class="vncell">Netboot filename</td> + <td width="78%" class="vtable"> + <input name="netbootfile" type="text" class="formfld unknown" id="netbootfile" size="28" value="<?=htmlspecialchars($pconfig['netbootfile']);?>"> + <br> <span class="vexpl">Name of the file that should be loaded when this host boots off of the network, overrides setting on main page.</span></td> + </tr> + <?php } ?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td> + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> + <br> <span class="vexpl"><?=gettext("You may enter a description here ". + "for your reference (not parsed).");?></span></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>"> <input class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()"> + <?php if (isset($id) && $a_maps[$id]): ?> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"> + <?php endif; ?> + <input name="if" type="hidden" value="<?=htmlspecialchars($if);?>"> + </td> + </tr> + </table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/usr/local/www/status_dhcpv6_leases.php b/usr/local/www/status_dhcpv6_leases.php new file mode 100644 index 0000000..5a040cb --- /dev/null +++ b/usr/local/www/status_dhcpv6_leases.php @@ -0,0 +1,412 @@ +<?php +/* $Id$ */ +/* + status_dhcpv6_leases.php + Copyright (C) 2004-2009 Scott Ullrich + Copyright (C) 2011 Seth Mos + All rights reserved. + + originially part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* + pfSense_BUILDER_BINARIES: /usr/bin/awk /bin/cat /usr/sbin/arp /usr/bin/wc /usr/bin/grep + pfSense_MODULE: dhcpserver +*/ + +##|+PRIV +##|*IDENT=page-status-dhcpv6leases +##|*NAME=Status: DHCPv6 leases page +##|*DESCR=Allow access to the 'Status: DHCPv6 leases' page. +##|*MATCH=status_dhcpv6_leases.php* +##|-PRIV + +require("guiconfig.inc"); + +$pgtitle = array(gettext("Status"),gettext("DHCPv6 leases")); + +$leasesfile = "{$g['dhcpd_chroot_path']}/var/db/dhcpd6.leases"; + +if (($_GET['deleteip']) && (is_ipaddr($_GET['deleteip']))) { + /* Stop DHCPD */ + killbyname("dhcpd"); + + /* Read existing leases */ + $leases_contents = explode("\n", file_get_contents($leasesfile)); + $newleases_contents = array(); + $i=0; + while ($i < count($leases_contents)) { + /* Find the lease(s) we want to delete */ + if ($leases_contents[$i] == "lease {$_GET['deleteip']} {") { + /* Skip to the end of the lease declaration */ + do { + $i++; + } while ($leases_contents[$i] != "}"); + } else { + /* It's a line we want to keep, copy it over. */ + $newleases_contents[] = $leases_contents[$i]; + } + $i++; + } + + /* Write out the new leases file */ + $fd = fopen($leasesfile, 'w'); + fwrite($fd, implode("\n", $newleases_contents)); + fclose($fd); + + /* Restart DHCP Service */ + services_dhcpd_configure(); + header("Location: status_dhcpv6_leases.php?all={$_GET['all']}"); +} + +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<?php + +function leasecmp($a, $b) { + return strcmp($a[$_GET['order']], $b[$_GET['order']]); +} + +function adjust_gmt($dt) { + $ts = strtotime($dt . " GMT"); + return strftime("%Y/%m/%d %H:%M:%S", $ts); +} + +function remove_duplicate($array, $field) +{ + foreach ($array as $sub) + $cmp[] = $sub[$field]; + $unique = array_unique(array_reverse($cmp,true)); + foreach ($unique as $k => $rien) + $new[] = $array[$k]; + return $new; +} + +$awk = "/usr/bin/awk"; +/* this pattern sticks comments into a single array item */ +$cleanpattern = "'{ gsub(\"#.*\", \"\");} { gsub(\";\", \"\"); print;}'"; +/* We then split the leases file by } */ +$splitpattern = "'BEGIN { RS=\"}\";} {for (i=1; i<=NF; i++) printf \"%s \", \$i; printf \"}\\n\";}'"; + +/* stuff the leases file in a proper format into a array by line */ +exec("/bin/cat {$leasesfile} | {$awk} {$cleanpattern} | {$awk} {$splitpattern}", $leases_content); +$leases_count = count($leases_content); +exec("/usr/sbin/arp -an", $rawdata); +$arpdata = array(); +foreach ($rawdata as $line) { + $elements = explode(' ',$line); + if ($elements[3] != "(incomplete)") { + $arpent = array(); + $arpent['ip'] = trim(str_replace(array('(',')'),'',$elements[1])); + // $arpent['mac'] = trim($elements[3]); + // $arpent['interface'] = trim($elements[5]); + $arpdata[] = $arpent['ip']; + } +} + +$pools = array(); +$leases = array(); +$i = 0; +$l = 0; +$p = 0; + +// Put everything together again +while($i < $leases_count) { + /* split the line by space */ + $data = explode(" ", $leases_content[$i]); + /* walk the fields */ + $f = 0; + $fcount = count($data); + /* with less then 20 fields there is nothing useful */ + if($fcount < 20) { + $i++; + continue; + } + while($f < $fcount) { + switch($data[$f]) { + case "failover": + $pools[$p]['name'] = $data[$f+2]; + $pools[$p]['mystate'] = $data[$f+7]; + $pools[$p]['peerstate'] = $data[$f+14]; + $pools[$p]['mydate'] = $data[$f+10]; + $pools[$p]['mydate'] .= " " . $data[$f+11]; + $pools[$p]['peerdate'] = $data[$f+17]; + $pools[$p]['peerdate'] .= " " . $data[$f+18]; + $p++; + $i++; + continue 3; + case "lease": + $leases[$l]['ip'] = $data[$f+1]; + $leases[$l]['type'] = "dynamic"; + $f = $f+2; + break; + case "starts": + $leases[$l]['start'] = $data[$f+2]; + $leases[$l]['start'] .= " " . $data[$f+3]; + $f = $f+3; + break; + case "ends": + $leases[$l]['end'] = $data[$f+2]; + $leases[$l]['end'] .= " " . $data[$f+3]; + $f = $f+3; + break; + case "tstp": + $f = $f+3; + break; + case "tsfp": + $f = $f+3; + break; + case "atsfp": + $f = $f+3; + break; + case "cltt": + $f = $f+3; + break; + case "binding": + switch($data[$f+2]) { + case "active": + $leases[$l]['act'] = "active"; + break; + case "free": + $leases[$l]['act'] = "expired"; + $leases[$l]['online'] = "offline"; + break; + case "backup": + $leases[$l]['act'] = "reserved"; + $leases[$l]['online'] = "offline"; + break; + } + $f = $f+1; + break; + case "next": + /* skip the next binding statement */ + $f = $f+3; + break; + case "hardware": + $leases[$l]['mac'] = $data[$f+2]; + /* check if it's online and the lease is active */ + if (in_array($leases[$l]['ip'], $arpdata)) { + $leases[$l]['online'] = 'online'; + } else { + $leases[$l]['online'] = 'offline'; + } + $f = $f+2; + break; + case "client-hostname": + if($data[$f+1] <> "") { + $leases[$l]['hostname'] = preg_replace('/"/','',$data[$f+1]); + } else { + $hostname = gethostbyaddr($leases[$l]['ip']); + if($hostname <> "") { + $leases[$l]['hostname'] = $hostname; + } + } + $f = $f+1; + break; + case "uid": + $f = $f+1; + break; + } + $f++; + } + $l++; + $i++; +} + +/* remove duplicate items by mac address */ +if(count($leases) > 0) { + $leases = remove_duplicate($leases,"ip"); +} + +if(count($pools) > 0) { + $pools = remove_duplicate($pools,"name"); + asort($pools); +} + +foreach($config['interfaces'] as $ifname => $ifarr) { + if (is_array($config['dhcpdv6'][$ifname]) && + is_array($config['dhcpdv6'][$ifname]['staticmap'])) { + foreach($config['dhcpdv6'][$ifname]['staticmap'] as $static) { + $slease = array(); + $slease['ipv6'] = $static['ipaddr']; + $slease['type'] = "static"; + $slease['mac'] = $static['mac']; + $slease['start'] = ""; + $slease['end'] = ""; + $slease['hostname'] = htmlentities($static['hostname']); + $slease['act'] = "static"; + $online = exec("/usr/sbin/arp -an |/usr/bin/grep {$slease['mac']}| /usr/bin/wc -l|/usr/bin/awk '{print $1;}'"); + if ($online == 1) { + $slease['online'] = 'online'; + } else { + $slease['online'] = 'offline'; + } + $leases[] = $slease; + } + } +} + +if ($_GET['order']) + usort($leases, "leasecmp"); + +/* only print pool status when we have one */ +if(count($pools) > 0) { +?> +<table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdrr"><?=gettext("Failover Group"); ?></a></td> + <td class="listhdrr"><?=gettext("My State"); ?></a></td> + <td class="listhdrr"><?=gettext("Since"); ?></a></td> + <td class="listhdrr"><?=gettext("Peer State"); ?></a></td> + <td class="listhdrr"><?=gettext("Since"); ?></a></td> + </tr> +<?php +foreach ($pools as $data) { + echo "<tr>\n"; + echo "<td class=\"listlr\">{$fspans}{$data['name']}{$fspane} </td>\n"; + echo "<td class=\"listr\">{$fspans}{$data['mystate']}{$fspane} </td>\n"; + echo "<td class=\"listr\">{$fspans}" . adjust_gmt($data['mydate']) . "{$fspane} </td>\n"; + echo "<td class=\"listr\">{$fspans}{$data['peerstate']}{$fspane} </td>\n"; + echo "<td class=\"listr\">{$fspans}" . adjust_gmt($data['peerdate']) . "{$fspane} </td>\n"; + echo "<td class=\"list\" valign=\"middle\" width=\"17\"> </td>\n"; + echo "<td class=\"list\" valign=\"middle\" width=\"17\"> </td>\n"; + echo "</tr>\n"; +} + +?> +</table> + +<?php +/* only print pool status when we have one */ +} +?> + +<p> + +<table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdrr"><a href="#"><?=gettext("IPv6 address"); ?></a></td> + <td class="listhdrr"><a href="#"><?=gettext("MAC address"); ?></a></td> + <td class="listhdrr"><a href="#"><?=gettext("Hostname"); ?></a></td> + <td class="listhdrr"><a href="#"><?=gettext("Start"); ?></a></td> + <td class="listhdrr"><a href="#"><?=gettext("End"); ?></a></td> + <td class="listhdrr"><a href="#"><?=gettext("Online"); ?></a></td> + <td class="listhdrr"><a href="#"><?=gettext("Lease Type"); ?></a></td> + </tr> +<?php +foreach ($leases as $data) { + if (($data['act'] == "active") || ($data['act'] == "static") || ($_GET['all'] == 1)) { + if ($data['act'] != "active" && $data['act'] != "static") { + $fspans = "<span class=\"gray\">"; + $fspane = "</span>"; + } else { + $fspans = $fspane = ""; + } + // $lip = ip2ulong($data['ip']); + if ($data['act'] == "static") { + foreach ($config['dhcpdv6'] as $dhcpif => $dhcpifconf) { + if(is_array($dhcpifconf['staticmap'])) { + foreach ($dhcpifconf['staticmap'] as $staticent) { + if ($data['ip'] == $staticent['ipaddr']) { + $data['if'] = $dhcpif; + break; + } + } + } + /* exit as soon as we have an interface */ + if ($data['if'] != "") + break; + } + } else { + foreach ($config['dhcpdv6'] as $dhcpif => $dhcpifconf) { + if (($lip >= ip2ulong($dhcpifconf['range']['from'])) && ($lip <= ip2ulong($dhcpifconf['range']['to']))) { + $data['if'] = $dhcpif; + break; + } + } + } + echo "<tr>\n"; + echo "<td class=\"listlr\">{$fspans}{$data['ip']}{$fspane} </td>\n"; + if ($data['online'] != "online") { + echo "<td class=\"listr\">{$fspans}<a href=\"services_wol.php?if={$data['if']}&mac={$data['mac']}\" title=\"" . gettext("send Wake on LAN packet to this MAC address") ."\" onclick=\"return confirm('" . gettext("Send Wake on LAN packet to this MAC address?") . "')\">{$data['mac']}</a>{$fspane} </td>\n"; + } else { + echo "<td class=\"listr\">{$fspans}{$data['mac']}{$fspane} </td>\n"; + } + echo "<td class=\"listr\">{$fspans}" . htmlentities($data['hostname']) . "{$fspane} </td>\n"; + if ($data['type'] != "static") { + echo "<td class=\"listr\">{$fspans}" . adjust_gmt($data['start']) . "{$fspane} </td>\n"; + echo "<td class=\"listr\">{$fspans}" . adjust_gmt($data['end']) . "{$fspane} </td>\n"; + } else { + echo "<td class=\"listr\">{$fspans} n/a {$fspane} </td>\n"; + echo "<td class=\"listr\">{$fspans} n/a {$fspane} </td>\n"; + } + echo "<td class=\"listr\">{$fspans}{$data['online']}{$fspane} </td>\n"; + echo "<td class=\"listr\">{$fspans}{$data['act']}{$fspane} </td>\n"; + + if ($data['type'] == "dynamic") { + echo "<td valign=\"middle\"><a href=\"services_dhcp_edit.php?if={$data['if']}&mac={$data['mac']}&hostname={$data['hostname']}\">"; + echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_plus.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"" . gettext("add a static mapping for this MAC address") ."\"></a></td>\n"; + } else { + echo "<td class=\"list\" valign=\"middle\">"; + echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_plus_mo.gif\" width=\"17\" height=\"17\" border=\"0\"></td>\n"; + } + + echo "<td valign=\"middle\"><a href=\"services_wol_edit.php?if={$data['if']}&mac={$data['mac']}&descr={$data['hostname']}\">"; + echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_wol_all.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"" . gettext("add a Wake on LAN mapping for this MAC address") ."\"></a></td>\n"; + + /* Only show the button for offline dynamic leases */ + if (($data['type'] == "dynamic") && ($data['online'] != "online")) { + echo "<td class=\"list\" valign=\"middle\"><a href=\"status_dhcp_leases.php?deleteip={$data['ip']}&all=" . htmlspecialchars($_GET['all']) . "\">"; + echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"" . gettext("delete this DHCP lease") . "\"></a></td>\n"; + } + echo "</tr>\n"; + } +} + +?> +</table> +<p> +<form action="status_dhcp_leases.php" method="GET"> +<input type="hidden" name="order" value="<?=htmlspecialchars($_GET['order']);?>"> +<?php if ($_GET['all']): ?> +<input type="hidden" name="all" value="0"> +<input type="submit" class="formbtn" value="<?=gettext("Show active and static leases only"); ?>"> +<?php else: ?> +<input type="hidden" name="all" value="1"> +<input type="submit" class="formbtn" value="<?=gettext("Show all configured leases"); ?>"> +<?php endif; ?> +</form> +<?php if($leases == 0): ?> +<p><strong><?=gettext("No leases file found. Is the DHCP server active"); ?>?</strong></p> +<?php endif; ?> + +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/usr/local/www/status_interfaces.php b/usr/local/www/status_interfaces.php index 266d36b..5d7f80b 100755 --- a/usr/local/www/status_interfaces.php +++ b/usr/local/www/status_interfaces.php @@ -182,7 +182,7 @@ include("head.inc"); <?php if ($ifinfo['dhcplink'] != "down" && $ifinfo['pppoelink'] != "down" && $ifinfo['pptplink'] != "down"): ?> <?php if ($ifinfo['ipaddr']): ?> <tr> - <td width="22%" class="vncellt"><?=gettext("IP address");?></td> + <td width="22%" class="vncellt"><?=gettext("IPv4 address");?></td> <td width="78%" class="listr"> <?=htmlspecialchars($ifinfo['ipaddr']);?> @@ -190,19 +190,43 @@ include("head.inc"); </tr> <?php endif; ?><?php if ($ifinfo['subnet']): ?> <tr> - <td width="22%" class="vncellt"><?=gettext("Subnet mask");?></td> + <td width="22%" class="vncellt"><?=gettext("Subnet mask IPv4");?></td> <td width="78%" class="listr"> <?=htmlspecialchars($ifinfo['subnet']);?> </td> </tr> <?php endif; ?><?php if ($ifinfo['gateway']): ?> <tr> - <td width="22%" class="vncellt"><?=gettext("Gateway");?></td> + <td width="22%" class="vncellt"><?=gettext("Gateway IPv4");?></td> <td width="78%" class="listr"> <?=htmlspecialchars($config['interfaces'][$ifdescr]['gateway']);?> <?=htmlspecialchars($ifinfo['gateway']);?> </td> </tr> + <?php endif; ?> + <?php if ($ifinfo['ipaddrv6']): ?> + <tr> + <td width="22%" class="vncellt"><?=gettext("IPv6 address");?></td> + <td width="78%" class="listr"> + <?=htmlspecialchars($ifinfo['ipaddrv6']);?> + + </td> + </tr> + <?php endif; ?><?php if ($ifinfo['subnetv6']): ?> + <tr> + <td width="22%" class="vncellt"><?=gettext("Subnet mask IPv6");?></td> + <td width="78%" class="listr"> + <?=htmlspecialchars($ifinfo['subnetv6']);?> + </td> + </tr> + <?php endif; ?><?php if ($ifinfo['gatewayv6']): ?> + <tr> + <td width="22%" class="vncellt"><?=gettext("Gateway IPv6");?></td> + <td width="78%" class="listr"> + <?=htmlspecialchars($config['interfaces'][$ifdescr]['gatewayv6']);?> + <?=htmlspecialchars($ifinfo['gatewayv6']);?> + </td> + </tr> <?php endif; if ($ifdescr == "wan" && file_exists("{$g['varetc_path']}/resolv.conf")): ?> <tr> <td width="22%" class="vncellt"><?=gettext("ISP DNS servers");?></td> diff --git a/usr/local/www/status_rrd_graph_img.php b/usr/local/www/status_rrd_graph_img.php index d21f91c..d7e828e 100644 --- a/usr/local/www/status_rrd_graph_img.php +++ b/usr/local/www/status_rrd_graph_img.php @@ -188,11 +188,11 @@ $speedlimit = ($upstream + $downstream); /* Set default colors explicity, the theme can then override them below. This prevents missing colors in themes from crashing the graphs. */ -$colortrafficup = array("666666", "CCCCCC"); -$colortrafficdown = array("990000", "CC0000"); +$colortrafficup = array("666666", "CCCCCC", "b36666", "bd9090"); +$colortrafficdown = array("990000", "CC0000", "b36666", "bd9090"); +$colorpacketsup = array("666666", "CCCCCC", "b36666", "bd9090"); +$colorpacketsdown = array("990000", "CC0000", "b36666", "bd9090"); $colortraffic95 = array("660000", "FF0000"); -$colorpacketsup = array("666666", "CCCCCC"); -$colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); $colorprocessor = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); $colormemory = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); @@ -286,37 +286,72 @@ if((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdatabas $graphcmd .= "DEF:$curif-in_bytes_block=$rrddbpath$curdatabase:inblock:AVERAGE "; $graphcmd .= "DEF:$curif-out_bytes_block=$rrddbpath$curdatabase:outblock:AVERAGE "; + $graphcmd .= "DEF:$curif-in6_bytes_pass=$rrddbpath$curdatabase:inpass6:AVERAGE "; + $graphcmd .= "DEF:$curif-out6_bytes_pass=$rrddbpath$curdatabase:outpass6:AVERAGE "; + $graphcmd .= "DEF:$curif-in6_bytes_block=$rrddbpath$curdatabase:inblock6:AVERAGE "; + $graphcmd .= "DEF:$curif-out6_bytes_block=$rrddbpath$curdatabase:outblock6:AVERAGE "; + $graphcmd .= "CDEF:\"$curif-in_bits_pass=$curif-in_bytes_pass,8,*\" "; $graphcmd .= "CDEF:\"$curif-out_bits_pass=$curif-out_bytes_pass,8,*\" "; $graphcmd .= "CDEF:\"$curif-in_bits_block=$curif-in_bytes_block,8,*\" "; $graphcmd .= "CDEF:\"$curif-out_bits_block=$curif-out_bytes_block,8,*\" "; + $graphcmd .= "CDEF:\"$curif-in6_bits_pass=$curif-in6_bytes_pass,8,*\" "; + $graphcmd .= "CDEF:\"$curif-out6_bits_pass=$curif-out6_bytes_pass,8,*\" "; + $graphcmd .= "CDEF:\"$curif-in6_bits_block=$curif-in6_bytes_block,8,*\" "; + $graphcmd .= "CDEF:\"$curif-out6_bits_block=$curif-out6_bytes_block,8,*\" "; + $graphcmd .= "CDEF:\"$curif-in_bytes=$curif-in_bytes_pass,$curif-in_bytes_block,+\" "; $graphcmd .= "CDEF:\"$curif-out_bytes=$curif-out_bytes_pass,$curif-out_bytes_block,+\" "; $graphcmd .= "CDEF:\"$curif-in_bits=$curif-in_bits_pass,$curif-in_bits_block,+\" "; $graphcmd .= "CDEF:\"$curif-out_bits=$curif-out_bits_pass,$curif-out_bits_block,+\" "; + $graphcmd .= "CDEF:\"$curif-in6_bytes=$curif-in6_bytes_pass,$curif-in6_bytes_block,+\" "; + $graphcmd .= "CDEF:\"$curif-out6_bytes=$curif-out6_bytes_pass,$curif-out6_bytes_block,+\" "; + $graphcmd .= "CDEF:\"$curif-in6_bits=$curif-in6_bits_pass,$curif-in6_bits_block,+\" "; + $graphcmd .= "CDEF:\"$curif-out6_bits=$curif-out6_bits_pass,$curif-out6_bits_block,+\" "; + $graphcmd .= "CDEF:\"$curif-bits_io=$curif-in_bits,$curif-out_bits,+\" "; $graphcmd .= "CDEF:\"$curif-out_bits_block_neg=$curif-out_bits_block,$multiplier,*\" "; $graphcmd .= "CDEF:\"$curif-out_bits_pass_neg=$curif-out_bits_pass,$multiplier,*\" "; + $graphcmd .= "CDEF:\"$curif-bits6_io=$curif-in6_bits,$curif-out6_bits,+\" "; + $graphcmd .= "CDEF:\"$curif-out6_bits_block_neg=$curif-out6_bits_block,$multiplier,*\" "; + $graphcmd .= "CDEF:\"$curif-out6_bits_pass_neg=$curif-out6_bits_pass,$multiplier,*\" "; + $graphcmd .= "CDEF:\"$curif-bytes_in_pass=$curif-in_bytes_pass,0,$speedlimit,LIMIT,UN,0,$curif-in_bytes_pass,IF,$average,*\" "; $graphcmd .= "CDEF:\"$curif-bytes_out_pass=$curif-out_bytes_pass,0,$speedlimit,LIMIT,UN,0,$curif-out_bytes_pass,IF,$average,*\" "; $graphcmd .= "CDEF:\"$curif-bytes_in_block=$curif-in_bytes_block,0,$speedlimit,LIMIT,UN,0,$curif-in_bytes_block,IF,$average,*\" "; $graphcmd .= "CDEF:\"$curif-bytes_out_block=$curif-out_bytes_block,0,$speedlimit,LIMIT,UN,0,$curif-out_bytes_block,IF,$average,*\" "; + $graphcmd .= "CDEF:\"$curif-bytes_in6_pass=$curif-in6_bytes_pass,0,$speedlimit,LIMIT,UN,0,$curif-in6_bytes_pass,IF,$average,*\" "; + $graphcmd .= "CDEF:\"$curif-bytes_out6_pass=$curif-out6_bytes_pass,0,$speedlimit,LIMIT,UN,0,$curif-out6_bytes_pass,IF,$average,*\" "; + $graphcmd .= "CDEF:\"$curif-bytes_in6_block=$curif-in6_bytes_block,0,$speedlimit,LIMIT,UN,0,$curif-in6_bytes_block,IF,$average,*\" "; + $graphcmd .= "CDEF:\"$curif-bytes_out6_block=$curif-out6_bytes_block,0,$speedlimit,LIMIT,UN,0,$curif-out6_bytes_block,IF,$average,*\" "; + $graphcmd .= "CDEF:\"$curif-bytes_pass=$curif-bytes_in_pass,$curif-bytes_out_pass,+\" "; $graphcmd .= "CDEF:\"$curif-bytes_block=$curif-bytes_in_block,$curif-bytes_out_block,+\" "; + $graphcmd .= "CDEF:\"$curif-bytes_pass6=$curif-bytes_in6_pass,$curif-bytes_out6_pass,+\" "; + $graphcmd .= "CDEF:\"$curif-bytes_block6=$curif-bytes_in6_block,$curif-bytes_out6_block,+\" "; + $graphcmd .= "CDEF:\"$curif-bytes_in_t_pass=$curif-in_bytes_pass,0,$speedlimit,LIMIT,UN,0,$curif-in_bytes_pass,IF,$seconds,*\" "; $graphcmd .= "CDEF:\"$curif-bytes_out_t_pass=$curif-out_bytes_pass,0,$speedlimit,LIMIT,UN,0,$curif-out_bytes_pass,IF,$seconds,*\" "; $graphcmd .= "CDEF:\"$curif-bytes_in_t_block=$curif-in_bytes_block,0,$speedlimit,LIMIT,UN,0,$curif-in_bytes_block,IF,$seconds,*\" "; $graphcmd .= "CDEF:\"$curif-bytes_out_t_block=$curif-out_bytes_block,0,$speedlimit,LIMIT,UN,0,$curif-out_bytes_block,IF,$seconds,*\" "; + $graphcmd .= "CDEF:\"$curif-bytes_in6_t_pass=$curif-in6_bytes_pass,0,$speedlimit,LIMIT,UN,0,$curif-in6_bytes_pass,IF,$seconds,*\" "; + $graphcmd .= "CDEF:\"$curif-bytes_out6_t_pass=$curif-out6_bytes_pass,0,$speedlimit,LIMIT,UN,0,$curif-out6_bytes_pass,IF,$seconds,*\" "; + $graphcmd .= "CDEF:\"$curif-bytes_in6_t_block=$curif-in6_bytes_block,0,$speedlimit,LIMIT,UN,0,$curif-in6_bytes_block,IF,$seconds,*\" "; + $graphcmd .= "CDEF:\"$curif-bytes_out6_t_block=$curif-out6_bytes_block,0,$speedlimit,LIMIT,UN,0,$curif-out6_bytes_block,IF,$seconds,*\" "; + $graphcmd .= "CDEF:\"$curif-bytes_t_pass=$curif-bytes_in_t_pass,$curif-bytes_out_t_pass,+\" "; $graphcmd .= "CDEF:\"$curif-bytes_t_block=$curif-bytes_in_t_block,$curif-bytes_out_t_block,+\" "; $graphcmd .= "CDEF:\"$curif-bytes_t=$curif-bytes_in_t_pass,$curif-bytes_out_t_block,+\" "; + $graphcmd .= "CDEF:\"$curif-bytes_t_pass6=$curif-bytes_in6_t_pass,$curif-bytes_out6_t_pass,+\" "; + $graphcmd .= "CDEF:\"$curif-bytes_t_block6=$curif-bytes_in6_t_block,$curif-bytes_out6_t_block,+\" "; + $graphcmd .= "CDEF:\"$curif-bytes_t6=$curif-bytes_in6_t_pass,$curif-bytes_out6_t_block,+\" "; $graphcmd .= "VDEF:\"$curif-in_bits_95=$curif-in_bits,95,PERCENT\" "; $graphcmd .= "CDEF:\"$curif-out_bits_mul=$curif-out_bits,$multiplier,*\" "; $perc = $multiplier > 0 ? "95" : "5"; @@ -324,15 +359,19 @@ if((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdatabas $graphcmd .= "AREA:\"$curif-in_bits_block#{$colortrafficdown[1]}:$curif-in-block\" "; $graphcmd .= "AREA:\"$curif-in_bits_pass#{$colortrafficdown[0]}:$curif-in-pass:STACK\" "; + $graphcmd .= "AREA:\"$curif-in6_bits_block#{$colortrafficdown[3]}:$curif-in6-block:STACK\" "; + $graphcmd .= "AREA:\"$curif-in6_bits_pass#{$colortrafficdown[2]}:$curif-in6-pass:STACK\" "; + $graphcmd .= "COMMENT:\"\\n\" "; + $graphcmd .= "{$AREA}:\"$curif-out_bits_block_neg#{$colortrafficup[1]}:$curif-out-block\" "; $graphcmd .= "{$AREA}:\"$curif-out_bits_pass_neg#{$colortrafficup[0]}:$curif-out-pass:STACK\" "; + $graphcmd .= "{$AREA}:\"$curif-out6_bits_block_neg#{$colortrafficup[3]}:$curif-out6-block:STACK\" "; + $graphcmd .= "{$AREA}:\"$curif-out6_bits_pass_neg#{$colortrafficup[2]}:$curif-out6-pass:STACK\" "; $graphcmd .= "HRULE:\"$curif-in_bits_95#{$colortraffic95[1]}:$curif-in (95%)\" "; $graphcmd .= "HRULE:\"$curif-out_bits_95#{$colortraffic95[0]}:$curif-out (95%)\" "; - $graphcmd .= "COMMENT:\"\\n\" "; $graphcmd .= "COMMENT:\"\t\t maximum average current period 95th percentile\\n\" "; - - $graphcmd .= "COMMENT:\"in-pass\t\" "; + $graphcmd .= "COMMENT:\"IPv4 in-pass\t\" "; $graphcmd .= "GPRINT:\"$curif-in_bits_pass:MAX:%7.2lf %sb/s\" "; $graphcmd .= "GPRINT:\"$curif-in_bits_pass:AVERAGE:%7.2lf %Sb/s\" "; $graphcmd .= "GPRINT:\"$curif-in_bits_pass:LAST:%7.2lf %Sb/s\" "; @@ -340,25 +379,50 @@ if((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdatabas $graphcmd .= "GPRINT:\"$curif-in_bits_95:%7.2lf %sb/s\" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"out-pass\t\" "; + $graphcmd .= "COMMENT:\"IPv4 out-pass\t\" "; $graphcmd .= "GPRINT:\"$curif-out_bits_pass:MAX:%7.2lf %sb/s\" "; $graphcmd .= "GPRINT:\"$curif-out_bits_pass:AVERAGE:%7.2lf %Sb/s\" "; $graphcmd .= "GPRINT:\"$curif-out_bits_pass:LAST:%7.2lf %Sb/s\" "; $graphcmd .= "GPRINT:\"$curif-bytes_out_t_pass:AVERAGE:%7.2lf %sB o\" "; $graphcmd .= "GPRINT:\"$curif-out_bits_95:%7.2lf %sb/s\" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"in-block\t\" "; + $graphcmd .= "COMMENT:\"IPv4 in-block\t\" "; $graphcmd .= "GPRINT:\"$curif-in_bits_block:MAX:%7.2lf %sb/s\" "; $graphcmd .= "GPRINT:\"$curif-in_bits_block:AVERAGE:%7.2lf %Sb/s\" "; $graphcmd .= "GPRINT:\"$curif-in_bits_block:LAST:%7.2lf %Sb/s\" "; $graphcmd .= "GPRINT:\"$curif-bytes_in_t_block:AVERAGE:%7.2lf %sB i\" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"out-block\t\" "; + $graphcmd .= "COMMENT:\"IPv4 out-block\t\" "; $graphcmd .= "GPRINT:\"$curif-out_bits_block:MAX:%7.2lf %sb/s\" "; $graphcmd .= "GPRINT:\"$curif-out_bits_block:AVERAGE:%7.2lf %Sb/s\" "; $graphcmd .= "GPRINT:\"$curif-out_bits_block:LAST:%7.2lf %Sb/s\" "; $graphcmd .= "GPRINT:\"$curif-bytes_out_t_block:AVERAGE:%7.2lf %sB o\" "; $graphcmd .= "COMMENT:\"\\n\" "; + $graphcmd .= "COMMENT:\"\\n\" "; + $graphcmd .= "COMMENT:\"IPv6 in-pass\t\" "; + $graphcmd .= "GPRINT:\"$curif-in6_bits_pass:MAX:%7.2lf %sb/s\" "; + $graphcmd .= "GPRINT:\"$curif-in6_bits_pass:AVERAGE:%7.2lf %Sb/s\" "; + $graphcmd .= "GPRINT:\"$curif-in6_bits_pass:LAST:%7.2lf %Sb/s\" "; + $graphcmd .= "GPRINT:\"$curif-bytes_in6_t_pass:AVERAGE:%7.2lf %sB i\" "; + $graphcmd .= "COMMENT:\"\\n\" "; + $graphcmd .= "COMMENT:\"IPv6 out-pass\t\" "; + $graphcmd .= "GPRINT:\"$curif-out6_bits_pass:MAX:%7.2lf %sb/s\" "; + $graphcmd .= "GPRINT:\"$curif-out6_bits_pass:AVERAGE:%7.2lf %Sb/s\" "; + $graphcmd .= "GPRINT:\"$curif-out6_bits_pass:LAST:%7.2lf %Sb/s\" "; + $graphcmd .= "GPRINT:\"$curif-bytes_out6_t_pass:AVERAGE:%7.2lf %sB o\" "; + $graphcmd .= "COMMENT:\"\\n\" "; + $graphcmd .= "COMMENT:\"IPv6 in-block\t\" "; + $graphcmd .= "GPRINT:\"$curif-in6_bits_block:MAX:%7.2lf %sb/s\" "; + $graphcmd .= "GPRINT:\"$curif-in6_bits_block:AVERAGE:%7.2lf %Sb/s\" "; + $graphcmd .= "GPRINT:\"$curif-in6_bits_block:LAST:%7.2lf %Sb/s\" "; + $graphcmd .= "GPRINT:\"$curif-bytes_in6_t_block:AVERAGE:%7.2lf %sB i\" "; + $graphcmd .= "COMMENT:\"\\n\" "; + $graphcmd .= "COMMENT:\"IPv6 out-block\t\" "; + $graphcmd .= "GPRINT:\"$curif-out6_bits_block:MAX:%7.2lf %sb/s\" "; + $graphcmd .= "GPRINT:\"$curif-out6_bits_block:AVERAGE:%7.2lf %Sb/s\" "; + $graphcmd .= "GPRINT:\"$curif-out6_bits_block:LAST:%7.2lf %Sb/s\" "; + $graphcmd .= "GPRINT:\"$curif-bytes_out6_t_block:AVERAGE:%7.2lf %sB o\" "; + $graphcmd .= "COMMENT:\"\\n\" "; $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; } elseif(strstr($curdatabase, "-throughput.rrd")) { @@ -502,33 +566,64 @@ elseif((strstr($curdatabase, "-packets.rrd")) && (file_exists("$rrddbpath$curdat $graphcmd .= "DEF:\"$curif-in_pps_block=$rrddbpath$curdatabase:inblock:AVERAGE\" "; $graphcmd .= "DEF:\"$curif-out_pps_block=$rrddbpath$curdatabase:outblock:AVERAGE\" "; + $graphcmd .= "DEF:\"$curif-in6_pps_pass=$rrddbpath$curdatabase:inpass6:AVERAGE\" "; + $graphcmd .= "DEF:\"$curif-out6_pps_pass=$rrddbpath$curdatabase:outpass6:AVERAGE\" "; + $graphcmd .= "DEF:\"$curif-in6_pps_block=$rrddbpath$curdatabase:inblock6:AVERAGE\" "; + $graphcmd .= "DEF:\"$curif-out6_pps_block=$rrddbpath$curdatabase:outblock6:AVERAGE\" "; + $graphcmd .= "CDEF:\"$curif-in_pps=$curif-in_pps_pass,$curif-in_pps_block,+\" "; $graphcmd .= "CDEF:\"$curif-out_pps=$curif-out_pps_pass,$curif-out_pps_block,+\" "; $graphcmd .= "CDEF:\"$curif-out_pps_pass_neg=$curif-out_pps_pass,$multiplier,*\" "; $graphcmd .= "CDEF:\"$curif-out_pps_block_neg=$curif-out_pps_block,$multiplier,*\" "; + $graphcmd .= "CDEF:\"$curif-in6_pps=$curif-in6_pps_pass,$curif-in6_pps_block,+\" "; + $graphcmd .= "CDEF:\"$curif-out6_pps=$curif-out6_pps_pass,$curif-out6_pps_block,+\" "; + $graphcmd .= "CDEF:\"$curif-out6_pps_pass_neg=$curif-out6_pps_pass,$multiplier,*\" "; + $graphcmd .= "CDEF:\"$curif-out6_pps_block_neg=$curif-out6_pps_block,$multiplier,*\" "; + $graphcmd .= "CDEF:\"$curif-pps_in_pass=$curif-in_pps_pass,0,12500000,LIMIT,UN,0,$curif-in_pps_pass,IF,$average,*\" "; $graphcmd .= "CDEF:\"$curif-pps_out_pass=$curif-out_pps_pass,0,12500000,LIMIT,UN,0,$curif-out_pps_pass,IF,$average,*\" "; $graphcmd .= "CDEF:\"$curif-pps_in_block=$curif-in_pps_block,0,12500000,LIMIT,UN,0,$curif-in_pps_block,IF,$average,*\" "; $graphcmd .= "CDEF:\"$curif-pps_out_block=$curif-out_pps_block,0,12500000,LIMIT,UN,0,$curif-out_pps_block,IF,$average,*\" "; + $graphcmd .= "CDEF:\"$curif-pps_in6_pass=$curif-in6_pps_pass,0,12500000,LIMIT,UN,0,$curif-in6_pps_pass,IF,$average,*\" "; + $graphcmd .= "CDEF:\"$curif-pps_out6_pass=$curif-out6_pps_pass,0,12500000,LIMIT,UN,0,$curif-out6_pps_pass,IF,$average,*\" "; + $graphcmd .= "CDEF:\"$curif-pps_in6_block=$curif-in6_pps_block,0,12500000,LIMIT,UN,0,$curif-in6_pps_block,IF,$average,*\" "; + $graphcmd .= "CDEF:\"$curif-pps_out6_block=$curif-out6_pps_block,0,12500000,LIMIT,UN,0,$curif-out6_pps_block,IF,$average,*\" "; + $graphcmd .= "CDEF:\"$curif-pps_io=$curif-in_pps,$curif-out_pps,+\" "; $graphcmd .= "CDEF:\"$curif-pps_pass=$curif-pps_in_pass,$curif-pps_out_pass,+\" "; $graphcmd .= "CDEF:\"$curif-pps_block=$curif-pps_in_block,$curif-pps_out_block,+\" "; + $graphcmd .= "CDEF:\"$curif-pps_io6=$curif-in6_pps,$curif-out6_pps,+\" "; + $graphcmd .= "CDEF:\"$curif-pps_pass6=$curif-pps_in6_pass,$curif-pps_out6_pass,+\" "; + $graphcmd .= "CDEF:\"$curif-pps_block6=$curif-pps_in6_block,$curif-pps_out6_block,+\" "; + $graphcmd .= "CDEF:\"$curif-pps_in_t_pass=$curif-in_pps_pass,0,12500000,LIMIT,UN,0,$curif-in_pps_pass,IF,$seconds,*\" "; $graphcmd .= "CDEF:\"$curif-pps_out_t_pass=$curif-out_pps_pass,0,12500000,LIMIT,UN,0,$curif-out_pps_pass,IF,$seconds,*\" "; $graphcmd .= "CDEF:\"$curif-pps_in_t_block=$curif-in_pps_block,0,12500000,LIMIT,UN,0,$curif-in_pps_block,IF,$seconds,*\" "; $graphcmd .= "CDEF:\"$curif-pps_out_t_block=$curif-out_pps_block,0,12500000,LIMIT,UN,0,$curif-out_pps_block,IF,$seconds,*\" "; + $graphcmd .= "CDEF:\"$curif-pps_in6_t_pass=$curif-in6_pps_pass,0,12500000,LIMIT,UN,0,$curif-in6_pps_pass,IF,$seconds,*\" "; + $graphcmd .= "CDEF:\"$curif-pps_out6_t_pass=$curif-out6_pps_pass,0,12500000,LIMIT,UN,0,$curif-out6_pps_pass,IF,$seconds,*\" "; + $graphcmd .= "CDEF:\"$curif-pps_in6_t_block=$curif-in6_pps_block,0,12500000,LIMIT,UN,0,$curif-in6_pps_block,IF,$seconds,*\" "; + $graphcmd .= "CDEF:\"$curif-pps_out6_t_block=$curif-out6_pps_block,0,12500000,LIMIT,UN,0,$curif-out6_pps_block,IF,$seconds,*\" "; + $graphcmd .= "CDEF:\"$curif-pps_t_pass=$curif-pps_in_t_pass,$curif-pps_out_t_pass,+\" "; $graphcmd .= "CDEF:\"$curif-pps_t_block=$curif-pps_in_t_block,$curif-pps_out_t_block,+\" "; + $graphcmd .= "CDEF:\"$curif-pps_t_pass6=$curif-pps_in6_t_pass,$curif-pps_out6_t_pass,+\" "; + $graphcmd .= "CDEF:\"$curif-pps_t_block6=$curif-pps_in6_t_block,$curif-pps_out6_t_block,+\" "; + $graphcmd .= "AREA:\"$curif-in_pps_block#{$colorpacketsdown[1]}:$curif-in-block\" "; $graphcmd .= "AREA:\"$curif-in_pps_pass#{$colorpacketsdown[0]}:$curif-in-pass:STACK\" "; - + $graphcmd .= "AREA:\"$curif-in6_pps_block#{$colorpacketsdown[3]}:$curif-in6-block:STACK\" "; + $graphcmd .= "AREA:\"$curif-in6_pps_pass#{$colorpacketsdown[2]}:$curif-in6-pass:STACK\" "; + $graphcmd .= "COMMENT:\"\\n\" "; $graphcmd .= "$AREA:\"$curif-out_pps_block_neg#{$colorpacketsup[1]}:$curif-out-block\" "; $graphcmd .= "$AREA:\"$curif-out_pps_pass_neg#{$colorpacketsup[0]}:$curif-out-pass:STACK\" "; + $graphcmd .= "$AREA:\"$curif-out6_pps_block_neg#{$colorpacketsup[3]}:$curif-out6-block:STACK\" "; + $graphcmd .= "$AREA:\"$curif-out6_pps_pass_neg#{$colorpacketsup[2]}:$curif-out6-pass:STACK\" "; $graphcmd .= "COMMENT:\"\\n\" "; $graphcmd .= "COMMENT:\"\t\t maximum average current period\\n\" "; @@ -556,6 +651,32 @@ elseif((strstr($curdatabase, "-packets.rrd")) && (file_exists("$rrddbpath$curdat $graphcmd .= "GPRINT:\"$curif-out_pps_block:LAST:%7.2lf %S pps\" "; $graphcmd .= "GPRINT:\"$curif-pps_out_t_block:AVERAGE:%7.2lf %s pkts\" "; $graphcmd .= "COMMENT:\"\\n\" "; + + $graphcmd .= "COMMENT:\"\\n\" "; + $graphcmd .= "COMMENT:\"in-pass6\t\" "; + $graphcmd .= "GPRINT:\"$curif-in6_pps_pass:MAX:%7.2lf %s pps\" "; + $graphcmd .= "GPRINT:\"$curif-in6_pps_pass:AVERAGE:%7.2lf %S pps\" "; + $graphcmd .= "GPRINT:\"$curif-in6_pps_pass:LAST:%7.2lf %S pps\" "; + $graphcmd .= "GPRINT:\"$curif-pps_in6_t_pass:AVERAGE:%7.2lf %s pkts\" "; + $graphcmd .= "COMMENT:\"\\n\" "; + $graphcmd .= "COMMENT:\"out-pass6\t\" "; + $graphcmd .= "GPRINT:\"$curif-out6_pps_pass:MAX:%7.2lf %s pps\" "; + $graphcmd .= "GPRINT:\"$curif-out6_pps_pass:AVERAGE:%7.2lf %S pps\" "; + $graphcmd .= "GPRINT:\"$curif-out6_pps_pass:LAST:%7.2lf %S pps\" "; + $graphcmd .= "GPRINT:\"$curif-pps_out6_t_pass:AVERAGE:%7.2lf %s pkts\" "; + $graphcmd .= "COMMENT:\"\\n\" "; + $graphcmd .= "COMMENT:\"in-block6\t\" "; + $graphcmd .= "GPRINT:\"$curif-in6_pps_block:MAX:%7.2lf %s pps\" "; + $graphcmd .= "GPRINT:\"$curif-in6_pps_block:AVERAGE:%7.2lf %S pps\" "; + $graphcmd .= "GPRINT:\"$curif-in6_pps_block:LAST:%7.2lf %S pps\" "; + $graphcmd .= "GPRINT:\"$curif-pps_in6_t_block:AVERAGE:%7.2lf %s pkts\" "; + $graphcmd .= "COMMENT:\"\\n\" "; + $graphcmd .= "COMMENT:\"out-pass6\t\" "; + $graphcmd .= "GPRINT:\"$curif-out6_pps_block:MAX:%7.2lf %s pps\" "; + $graphcmd .= "GPRINT:\"$curif-out6_pps_block:AVERAGE:%7.2lf %S pps\" "; + $graphcmd .= "GPRINT:\"$curif-out6_pps_block:LAST:%7.2lf %S pps\" "; + $graphcmd .= "GPRINT:\"$curif-pps_out6_t_block:AVERAGE:%7.2lf %s pkts\" "; + $graphcmd .= "COMMENT:\"\\n\" "; $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; } elseif((strstr($curdatabase, "-wireless.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { diff --git a/usr/local/www/system.php b/usr/local/www/system.php index 0074548..caf8e78 100755 --- a/usr/local/www/system.php +++ b/usr/local/www/system.php @@ -284,7 +284,7 @@ include("head.inc"); ?> <tr> <td> - <input name="dns<?php echo $dnscounter;?>" type="text" class="formfld unknown" id="dns<?php echo $dnscounter;?>" size="20" value="<?php echo $pconfig['dns'.$dnscounter];?>"> + <input name="dns<?php echo $dnscounter;?>" type="text" class="formfld unknown" id="dns<?php echo $dnscounter;?>" size="28" value="<?php echo $pconfig['dns'.$dnscounter];?>"> </td> <td> <?php if ($multiwan): ?> diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index 7ded7ae..02fac7c 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -113,11 +113,23 @@ if ($_POST) { if (is_ipaddr($config['interfaces'][$_POST['interface']]['ipaddr']) && (empty($_POST['gateway']) || $_POST['gateway'] == "dynamic")) $input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static ip configuration."); } - $parent_ip = get_interface_ip($_POST['interface']); - if (is_ipaddr($parent_ip)) { + if(is_ipaddrv6($_POST['gateway'])) { + $parent_ip = get_interface_ipv6($_POST['interface']); + } else { + $parent_ip = get_interface_ip($_POST['interface']); + } + if (is_ipaddrv4($parent_ip)) { $parent_sn = get_interface_subnet($_POST['interface']); - if(!ip_in_subnet($_POST['gateway'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['interface'], $_POST['gateway'])) { - $input_errors[] = sprintf(gettext("The gateway address %s does not lie within the chosen interface's subnet."), $_POST['gateway']); + $subnet = gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn; + if(!ip_in_subnet($_POST['gateway'], $subnet) && !ip_in_interface_alias_subnet($_POST['interface'], $_POST['gateway'])) { + $input_errors[] = sprintf(gettext("The gateway address %s does not lie within the chosen interface's subnet '{$subnet}'."), $_POST['gateway']); + } + } + if (is_ipaddrv6($parent_ip)) { + $parent_sn = get_interface_subnetv6($_POST['interface']); + $subnet = gen_subnetv6($parent_ip, $parent_sn) . "/" . $parent_sn; + if(!ip_in_subnet($_POST['gateway'], $subnet)) { + $input_errors[] = sprintf(gettext("The gateway address %s does not lie within the chosen interface's subnet '{$subnet}'."), $_POST['gateway']); } } } @@ -226,10 +238,18 @@ if ($_POST) { if ($_POST['defaultgw'] == "yes" || $_POST['defaultgw'] == "on") { $i = 0; + /* remove the default gateway bits for all gateways with the same address family */ foreach($a_gateway_item as $gw) { - unset($config['gateways']['gateway_item'][$i]['defaultgw']); - if ($gw['interface'] != $_POST['interface'] && $gw['defaultgw']) - $reloadif = $gw['interface']; + if(is_ipaddrv4($gateway['gateway']) && is_ipaddrv4($gw['gateway'])) { + unset($config['gateways']['gateway_item'][$i]['defaultgw']); + if ($gw['interface'] != $_POST['interface'] && $gw['defaultgw']) + $reloadif = $gw['interface']; + } + if(is_ipaddrv6($gateway['gateway']) && is_ipaddrv6($gw['gateway'])) { + unset($config['gateways']['gateway_item'][$i]['defaultgw']); + if ($gw['interface'] != $_POST['interface'] && $gw['defaultgw']) + $reloadif = $gw['interface']; + } $i++; } $gateway['defaultgw'] = true; @@ -334,7 +354,7 @@ function show_advanced_gateway() { <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Gateway"); ?></td> <td width="78%" class="vtable"> - <input name="gateway" type="text" class="formfld host" id="gateway" size="40" value="<?php if ($pconfig['dynamic']) echo "dynamic"; else echo $pconfig['gateway']; ?>"> + <input name="gateway" type="text" class="formfld host" id="gateway" size="28" value="<?php if ($pconfig['dynamic']) echo "dynamic"; else echo $pconfig['gateway']; ?>"> <br> <span class="vexpl"><?=gettext("Gateway IP address"); ?></span></td> </tr> <tr> @@ -354,7 +374,7 @@ function show_advanced_gateway() { else $monitor = htmlspecialchars($pconfig['monitor']); ?> - <input name="monitor" type="text" id="monitor" value="<?php echo $monitor; ?>" /> + <input name="monitor" type="text" id="monitor" value="<?php echo $monitor; ?>" size="28" /> <strong><?=gettext("Alternative monitor IP"); ?></strong> <br /> <?=gettext("Enter an alternative address here to be used to monitor the link. This is used for the " . "quality RRD graphs as well as the load balancer entries. Use this if the gateway does not respond " . diff --git a/usr/local/www/system_routes_edit.php b/usr/local/www/system_routes_edit.php index 3ca0de9..5847011 100755 --- a/usr/local/www/system_routes_edit.php +++ b/usr/local/www/system_routes_edit.php @@ -104,7 +104,12 @@ if ($_POST) { } /* check for overlaps */ - $osn = gen_subnet($_POST['network'], $_POST['network_subnet']) . "/" . $_POST['network_subnet']; + if(is_ipaddrv6($_POST['network'])) { + $osn = Net_IPv6::compress(gen_subnetv6($_POST['network'], $_POST['network_subnet'])) . "/" . $_POST['network_subnet']; + } + if(is_ipaddrv4($_POST['network'])) { + $osn = gen_subnet($_POST['network'], $_POST['network_subnet']) . "/" . $_POST['network_subnet']; + } foreach ($a_routes as $route) { if (isset($id) && ($a_routes[$id]) && ($a_routes[$id] === $route)) continue; @@ -168,7 +173,7 @@ include("head.inc"); <input name="network" type="text" class="formfld unknown" id="network" size="20" value="<?=htmlspecialchars($pconfig['network']);?>"> / <select name="network_subnet" class="formselect" id="network_subnet"> - <?php for ($i = 32; $i >= 1; $i--): ?> + <?php for ($i = 128; $i >= 1; $i--): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['network_subnet']) echo "selected"; ?>> <?=$i;?> </option> diff --git a/usr/local/www/themes/code-red/rrdcolors.inc.php b/usr/local/www/themes/code-red/rrdcolors.inc.php index 869727f..529377b 100755 --- a/usr/local/www/themes/code-red/rrdcolors.inc.php +++ b/usr/local/www/themes/code-red/rrdcolors.inc.php @@ -30,11 +30,11 @@ /* This file is included by the RRD graphing page and sets the colors */ -$colortrafficup = array("666666", "CCCCCC"); -$colortrafficdown = array("990000", "CC0000"); +$colortrafficup = array("666666", "CCCCCC", "b36666", "bd9090"); +$colortrafficdown = array("990000", "CC0000", "b36666", "bd9090"); +$colorpacketsup = array("666666", "CCCCCC", "b36666", "bd9090"); +$colorpacketsdown = array("990000", "CC0000", "b36666", "bd9090"); $colortraffic95 = array("660000", "FF0000"); -$colorpacketsup = array("666666", "CCCCCC"); -$colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); $colorprocessor = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); $colormemory = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); diff --git a/usr/local/www/themes/metallic/rrdcolors.inc.php b/usr/local/www/themes/metallic/rrdcolors.inc.php index 09956cc..1ed3027 100644 --- a/usr/local/www/themes/metallic/rrdcolors.inc.php +++ b/usr/local/www/themes/metallic/rrdcolors.inc.php @@ -30,11 +30,11 @@ /* This file is included by the RRD graphing page and sets the colors */ -$colortrafficup = array("666666", "CCCCCC"); -$colortrafficdown = array("990000", "CC0000"); +$colortrafficup = array("666666", "CCCCCC", "b36666", "bd9090"); +$colortrafficdown = array("990000", "CC0000", "b36666", "bd9090"); +$colorpacketsup = array("666666", "CCCCCC", "b36666", "bd9090"); +$colorpacketsdown = array("990000", "CC0000", "b36666", "bd9090"); $colortraffic95 = array("660000", "FF0000"); -$colorpacketsup = array("666666", "CCCCCC"); -$colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); $colorprocessor = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); $colormemory = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); diff --git a/usr/local/www/themes/nervecenter/rrdcolors.inc.php b/usr/local/www/themes/nervecenter/rrdcolors.inc.php index 09956cc..1ed3027 100644 --- a/usr/local/www/themes/nervecenter/rrdcolors.inc.php +++ b/usr/local/www/themes/nervecenter/rrdcolors.inc.php @@ -30,11 +30,11 @@ /* This file is included by the RRD graphing page and sets the colors */ -$colortrafficup = array("666666", "CCCCCC"); -$colortrafficdown = array("990000", "CC0000"); +$colortrafficup = array("666666", "CCCCCC", "b36666", "bd9090"); +$colortrafficdown = array("990000", "CC0000", "b36666", "bd9090"); +$colorpacketsup = array("666666", "CCCCCC", "b36666", "bd9090"); +$colorpacketsdown = array("990000", "CC0000", "b36666", "bd9090"); $colortraffic95 = array("660000", "FF0000"); -$colorpacketsup = array("666666", "CCCCCC"); -$colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); $colorprocessor = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); $colormemory = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); diff --git a/usr/local/www/themes/pfsense-dropdown/rrdcolors.inc.php b/usr/local/www/themes/pfsense-dropdown/rrdcolors.inc.php index 09956cc..1ed3027 100644 --- a/usr/local/www/themes/pfsense-dropdown/rrdcolors.inc.php +++ b/usr/local/www/themes/pfsense-dropdown/rrdcolors.inc.php @@ -30,11 +30,11 @@ /* This file is included by the RRD graphing page and sets the colors */ -$colortrafficup = array("666666", "CCCCCC"); -$colortrafficdown = array("990000", "CC0000"); +$colortrafficup = array("666666", "CCCCCC", "b36666", "bd9090"); +$colortrafficdown = array("990000", "CC0000", "b36666", "bd9090"); +$colorpacketsup = array("666666", "CCCCCC", "b36666", "bd9090"); +$colorpacketsdown = array("990000", "CC0000", "b36666", "bd9090"); $colortraffic95 = array("660000", "FF0000"); -$colorpacketsup = array("666666", "CCCCCC"); -$colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); $colorprocessor = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); $colormemory = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); diff --git a/usr/local/www/themes/pfsense/rrdcolors.inc.php b/usr/local/www/themes/pfsense/rrdcolors.inc.php index 09956cc..1ed3027 100644 --- a/usr/local/www/themes/pfsense/rrdcolors.inc.php +++ b/usr/local/www/themes/pfsense/rrdcolors.inc.php @@ -30,11 +30,11 @@ /* This file is included by the RRD graphing page and sets the colors */ -$colortrafficup = array("666666", "CCCCCC"); -$colortrafficdown = array("990000", "CC0000"); +$colortrafficup = array("666666", "CCCCCC", "b36666", "bd9090"); +$colortrafficdown = array("990000", "CC0000", "b36666", "bd9090"); +$colorpacketsup = array("666666", "CCCCCC", "b36666", "bd9090"); +$colorpacketsdown = array("990000", "CC0000", "b36666", "bd9090"); $colortraffic95 = array("660000", "FF0000"); -$colorpacketsup = array("666666", "CCCCCC"); -$colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); $colorprocessor = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); $colormemory = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); diff --git a/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php b/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php index 09956cc..1ed3027 100644 --- a/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php +++ b/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php @@ -30,11 +30,11 @@ /* This file is included by the RRD graphing page and sets the colors */ -$colortrafficup = array("666666", "CCCCCC"); -$colortrafficdown = array("990000", "CC0000"); +$colortrafficup = array("666666", "CCCCCC", "b36666", "bd9090"); +$colortrafficdown = array("990000", "CC0000", "b36666", "bd9090"); +$colorpacketsup = array("666666", "CCCCCC", "b36666", "bd9090"); +$colorpacketsdown = array("990000", "CC0000", "b36666", "bd9090"); $colortraffic95 = array("660000", "FF0000"); -$colorpacketsup = array("666666", "CCCCCC"); -$colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); $colorprocessor = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); $colormemory = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); diff --git a/usr/local/www/themes/the_wall/rrdcolors.inc.php b/usr/local/www/themes/the_wall/rrdcolors.inc.php index 09956cc..1ed3027 100644 --- a/usr/local/www/themes/the_wall/rrdcolors.inc.php +++ b/usr/local/www/themes/the_wall/rrdcolors.inc.php @@ -30,11 +30,11 @@ /* This file is included by the RRD graphing page and sets the colors */ -$colortrafficup = array("666666", "CCCCCC"); -$colortrafficdown = array("990000", "CC0000"); +$colortrafficup = array("666666", "CCCCCC", "b36666", "bd9090"); +$colortrafficdown = array("990000", "CC0000", "b36666", "bd9090"); +$colorpacketsup = array("666666", "CCCCCC", "b36666", "bd9090"); +$colorpacketsdown = array("990000", "CC0000", "b36666", "bd9090"); $colortraffic95 = array("660000", "FF0000"); -$colorpacketsup = array("666666", "CCCCCC"); -$colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); $colorprocessor = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); $colormemory = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index 465c607..7e5122a 100755 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -281,7 +281,7 @@ include("head.inc"); <table class="tabcont" width="100%" height="100%" border="0" cellspacing="0" cellpadding="0" id="tdph2-<?=$i?>" style="display:none"> <tr> <td class="listhdrr"><?=gettext("Mode"); ?></td> - <?php if($ph2ent['mode'] == "tunnel"): ?> + <?php if(($ph2ent['mode'] == "tunnel") or ($ph2ent['mode'] == "tunnel6")): ?> <td class="listhdrr"><?=gettext("Local Subnet"); ?></td> <td class="listhdrr"><?=gettext("Remote Subnet"); ?></td> <?php endif; ?> @@ -317,11 +317,11 @@ include("head.inc"); <?=$spane;?> </td> <?php - if($ph2ent['mode'] <> "tunnel") { + if(($ph2ent['mode'] <> "tunnel") and ($ph2ent['mode'] <> "tunnel6")) { echo "<td nowrap class=\"listr\"> </td><td nowrap class=\"listr\"> </td>"; } ?> - <?php if($ph2ent['mode'] == "tunnel"): ?> + <?php if(($ph2ent['mode'] == "tunnel") or ($ph2ent['mode'] == "tunnel6")): ?> <td nowrap class="listr"> <?=$spans;?> <?=ipsec_idinfo_to_text($ph2ent['localid']); ?> diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 12bb235..edfc36b 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -80,6 +80,7 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['remotegw'] = $a_phase1[$p1index]['remote-gateway']; $pconfig['mode'] = $a_phase1[$p1index]['mode']; + $pconfig['protocol'] = $a_phase1[$p1index]['protocol']; $pconfig['myid_type'] = $a_phase1[$p1index]['myid_type']; $pconfig['myid_data'] = $a_phase1[$p1index]['myid_data']; $pconfig['peerid_type'] = $a_phase1[$p1index]['peerid_type']; @@ -113,6 +114,7 @@ if (isset($p1index) && $a_phase1[$p1index]) { if($config['interfaces']['lan']) $pconfig['localnet'] = "lan"; $pconfig['mode'] = "aggressive"; + $pconfig['protocol'] = "inet"; $pconfig['myid_type'] = "myaddress"; $pconfig['peerid_type'] = "peeraddress"; $pconfig['authentication_method'] = "pre_shared_key"; @@ -292,6 +294,7 @@ if ($_POST) { $ph1ent['remote-gateway'] = $pconfig['remotegw']; $ph1ent['mode'] = $pconfig['mode']; + $ph1ent['protocol'] = $pconfig['protocol']; $ph1ent['myid_type'] = $pconfig['myid_type']; $ph1ent['myid_data'] = $pconfig['myid_data']; @@ -510,6 +513,21 @@ function dpdchkbox_change() { </td> </tr> <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Internet Protocol"); ?></td> + <td width="78%" class="vtable"> + <select name="protocol" class="formselect"> + <?php + $protocols = array("inet" => "IPv4", "inet6" => "IPv6"); + foreach ($protocols as $protocol => $name): + ?> + <option value="<?=$protocol;?>" <?php if ($protocol == $pconfig['protocol']) echo "selected"; ?>> + <?=htmlspecialchars($name);?> + </option> + <?php endforeach; ?> + </select> <br> <span class="vexpl"><?=gettext("Select the Internet Protocol family from this dropdown"); ?>.</span> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td> <td width="78%" class="vtable"> <select name="interface" class="formselect"> @@ -538,7 +556,7 @@ function dpdchkbox_change() { <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Remote gateway"); ?></td> <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld unknown" id="remotegw" size="20" value="<?=htmlspecialchars($pconfig['remotegw']);?>"> + <?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld unknown" id="remotegw" size="28" value="<?=htmlspecialchars($pconfig['remotegw']);?>"> <br> <?=gettext("Enter the public IP address or host name of the remote gateway"); ?> </td> diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index d45b0d6..5957c9e 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -118,7 +118,7 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - if($pconfig['mode'] == "tunnel") + if(($pconfig['mode'] == "tunnel") || ($pconfig['mode'] == "tunnel6")) { switch ($pconfig['localid_type']) { case "network": @@ -158,7 +158,7 @@ if ($_POST) { $ph2ent['mode'] = $pconfig['mode']; $ph2ent['disabled'] = $pconfig['disabled'] ? true : false; - if($ph2ent['mode'] == "tunnel") { + if(($ph2ent['mode'] == "tunnel") || ($ph2ent['mode'] == "tunnel6")){ $ph2ent['localid'] = pconfig_to_idinfo("local",$pconfig); $ph2ent['remoteid'] = pconfig_to_idinfo("remote",$pconfig); } @@ -216,7 +216,7 @@ include("head.inc"); function change_mode() { index = document.iform.mode.selectedIndex; value = document.iform.mode.options[index].value; - if (value == 'tunnel') { + if ((value == 'tunnel') || (value == 'tunnel6')) { document.getElementById('opt_localid').style.display = ''; <?php if (!isset($pconfig['mobile'])): ?> document.getElementById('opt_remoteid').style.display = ''; @@ -231,8 +231,14 @@ function change_mode() { function typesel_change_local(bits) { - if (typeof(bits)=="undefined") - bits = 24; + if (typeof(bits)=="undefined") { + if (value == 'tunnel') { + bits = 24; + } + if (value == 'tunnel6') { + bits = 64; + } + } switch (document.iform.localid_type.selectedIndex) { case 0: /* single */ @@ -262,8 +268,14 @@ function typesel_change_local(bits) { function typesel_change_remote(bits) { - if (typeof(bits)=="undefined") - bits = 24; + if (typeof(bits)=="undefined") { + if (value == 'tunnel') { + bits = 24; + } + if (value == 'tunnel6') { + bits = 64; + } + } switch (document.iform.remoteid_type.selectedIndex) { case 0: /* single */ @@ -373,10 +385,10 @@ function change_protocol() { <td><?=gettext("Address:");?> </td> <td><?=$mandfldhtmlspc;?></td> <td> - <input name="localid_address" type="text" class="formfld unknown" id="localid_address" size="20" value="<?=htmlspecialchars($pconfig['localid_address']);?>"> + <input name="localid_address" type="text" class="formfld unknown" id="localid_address" size="28" value="<?=htmlspecialchars($pconfig['localid_address']);?>"> / <select name="localid_netbits" class="formselect" id="localid_netbits"> - <?php for ($i = 32; $i >= 0; $i--): ?> + <?php for ($i = 128; $i >= 0; $i--): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['localid_netbits']) echo "selected"; ?>> <?=$i;?> </option> @@ -408,10 +420,10 @@ function change_protocol() { <td><?=gettext("Address"); ?>: </td> <td><?=$mandfldhtmlspc;?></td> <td> - <input name="remoteid_address" type="text" class="formfld unknown" id="remoteid_address" size="20" value="<?=htmlspecialchars($pconfig['remoteid_address']);?>"> + <input name="remoteid_address" type="text" class="formfld unknown" id="remoteid_address" size="28" value="<?=htmlspecialchars($pconfig['remoteid_address']);?>"> / <select name="remoteid_netbits" class="formselect" id="remoteid_netbits"> - <?php for ($i = 32; $i >= 0; $i--) { + <?php for ($i = 128; $i >= 0; $i--) { echo "<option value=\"{$i}\""; if ($i == $pconfig['remoteid_netbits']) echo " selected"; @@ -564,7 +576,7 @@ function change_protocol() { <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Automatically ping host"); ?></td> <td width="78%" class="vtable"> - <input name="pinghost" type="text" class="formfld unknown" id="pinghost" size="20" value="<?=htmlspecialchars($pconfig['pinghost']);?>"> + <input name="pinghost" type="text" class="formfld unknown" id="pinghost" size="28" value="<?=htmlspecialchars($pconfig['pinghost']);?>"> <?=gettext("IP address"); ?> </td> </tr> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 4577673..cfe51cf 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -131,9 +131,11 @@ if($_GET['act']=="edit"){ $pconfig['engine'] = $a_server[$id]['engine']; $pconfig['tunnel_network'] = $a_server[$id]['tunnel_network']; + $pconfig['tunnel_networkv6'] = $a_server[$id]['tunnel_networkv6']; $pconfig['remote_network'] = $a_server[$id]['remote_network']; $pconfig['gwredir'] = $a_server[$id]['gwredir']; $pconfig['local_network'] = $a_server[$id]['local_network']; + $pconfig['local_networkv6'] = $a_server[$id]['local_networkv6']; $pconfig['maxclients'] = $a_server[$id]['maxclients']; $pconfig['compression'] = $a_server[$id]['compression']; $pconfig['passtos'] = $a_server[$id]['passtos']; @@ -324,9 +326,11 @@ if ($_POST) { $server['engine'] = $pconfig['engine']; $server['tunnel_network'] = $pconfig['tunnel_network']; + $server['tunnel_networkv6'] = $pconfig['tunnel_networkv6']; $server['remote_network'] = $pconfig['remote_network']; $server['gwredir'] = $pconfig['gwredir']; $server['local_network'] = $pconfig['local_network']; + $server['local_networkv6'] = $pconfig['local_networkv6']; $server['maxclients'] = $pconfig['maxclients']; $server['compression'] = $pconfig['compression']; $server['passtos'] = $pconfig['passtos']; @@ -931,11 +935,11 @@ if ($savemsg) <td colspan="2" valign="top" class="listtopic"><?=gettext("Tunnel Settings"); ?></td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Tunnel Network"); ?></td> + <td width="22%" valign="top" class="vncellreq"><?=gettext("IPv4 Tunnel Network"); ?></td> <td width="78%" class="vtable"> <input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>"> <br> - <?=gettext("This is the virtual network used for private " . + <?=gettext("This is the IPv4 virtual network used for private " . "communications between this server and client " . "hosts expressed using CIDR (eg. 10.0.8.0/24). " . "The first network address will be assigned to " . @@ -944,6 +948,20 @@ if ($savemsg) "to connecting clients. (see Address Pool)"); ?> </td> </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("IPv6 Tunnel Network"); ?></td> + <td width="78%" class="vtable"> + <input name="tunnel_networkv6" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_networkv6']);?>"> + <br> + <?=gettext("This is the IPv6 virtual network used for private " . + "communications between this server and client " . + "hosts expressed using CIDR (eg. fe80::/64). " . + "The first network address will be assigned to " . + "the server virtual interface. The remaining " . + "network addresses can optionally be assigned " . + "to connecting clients. (see Address Pool)"); ?> + </td> + </tr> <tr id="gwredir_opts"> <td width="22%" valign="top" class="vncell"><?=gettext("Redirect Gateway"); ?></td> <td width="78%" class="vtable"> @@ -963,7 +981,7 @@ if ($savemsg) </td> </tr> <tr id="local_opts"> - <td width="22%" valign="top" class="vncell"><?=gettext("Local Network"); ?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Local Network"); ?></td> <td width="78%" class="vtable"> <input name="local_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['local_network']);?>"> <br> @@ -975,6 +993,19 @@ if ($savemsg) "This is generally set to your LAN network"); ?>. </td> </tr> + <tr id="local_opts"> + <td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Local Network"); ?></td> + <td width="78%" class="vtable"> + <input name="local_networkv6" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['local_networkv6']);?>"> + <br> + <?=gettext("This is the IPv6 network that will be accessible " . + "from the remote endpoint. Expressed as a CIDR " . + "range. You may leave this blank if you don't " . + "want to add a route to the local network " . + "through this tunnel on the remote machine. " . + "This is generally set to your LAN network"); ?>. + </td> + </tr> <tr id="remote_opts"> <td width="22%" valign="top" class="vncell"><?=gettext("Remote Network"); ?></td> <td width="78%" class="vtable"> @@ -1392,7 +1423,8 @@ if ($savemsg) <?=htmlspecialchars($server['protocol']);?> / <?=htmlspecialchars($server['local_port']);?> </td> <td class="listr" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'"> - <?=htmlspecialchars($server['tunnel_network']);?> + <?=htmlspecialchars($server['tunnel_network']);?><br/> + <?=htmlspecialchars($server['tunnel_networkv6']);?><br/> </td> <td class="listbg" ondblclick="document.location='vpn_openvpn_server.php?act=edit&id=<?=$i;?>'"> <?=htmlspecialchars($server['description']);?> diff --git a/usr/local/www/widgets/widgets/interfaces.widget.php b/usr/local/www/widgets/widgets/interfaces.widget.php index 626e067..d2db3b1 100644 --- a/usr/local/www/widgets/widgets/interfaces.widget.php +++ b/usr/local/www/widgets/widgets/interfaces.widget.php @@ -71,52 +71,54 @@ require_once("/usr/local/www/widgets/include/interfaces.inc"); ?> </td> <td width="60%" class="listr"> - <?php if($ifinfo['status'] == "up" || $ifinfo['status'] == "associated") { ?> - <table> - <tr> - <td> - <div id="<?php echo $ifname;?>-up" style="display:inline" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_interface_up.gif" title="<?=$ifname;?> is up" /></div> - </td> - <td> - <div id="<?php echo $ifname;?>-down" style="display:none" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_interface_down.gif" title="<?=$ifname;?> is down" /></div> - </td> - <td> - <div id="<?php echo $ifname;?>-block" style="display:none" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" title="<?=$ifname;?> is disabled" /></div> - </td> + <table width="100%" border="0" cellspacing="0" cellpadding="0"> + <tr> + <?php if($ifinfo['status'] == "up" || $ifinfo['status'] == "associated") { ?> + <td> + <div id="<?php echo $ifname;?>-up" style="display:inline" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_interface_up.gif" title="<?=$ifname;?> is up" /></div> + </td> + <td> + <div id="<?php echo $ifname;?>-down" style="display:none" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_interface_down.gif" title="<?=$ifname;?> is down" /></div> + </td> + <td> + <div id="<?php echo $ifname;?>-block" style="display:none" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" title="<?=$ifname;?> is disabled" /></div> + </td> <? } else if ($ifinfo['status'] == "no carrier") { ?> - <table> - <tr> - <td> - <div id="<?php echo $ifname;?>-down" style="display:inline" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_interface_down.gif" title="<?=$ifname;?> is down" /></div> - </td> - <td> - <div id="<?php echo $ifname;?>-block" style="display:none" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" title="<?=$ifname;?> is disabled" /></div> - </td> - <td> - <div id="<?php echo $ifname;?>-up" style="display:none" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_interface_up.gif" title="<?=$ifname;?> is up" /></div> - </td> - <? } else if ($ifinfo['status'] == "down") { ?> - <table> - <tr> - <td> - <div id="<?php echo $ifname;?>-block" style="display:inline" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" title="<?=$ifname;?> is disabled" /></div> - </td> - <td> - <div id="<?php echo $ifname;?>-up" style="display:none" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_interface_up.gif" title="<?=$ifname;?> is up" /></div> - </td> - <td> - <div id="<?php echo $ifname;?>-down" style="display:none" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_interface_down.gif" title="<?=$ifname;?> is down" /></div> - </td> + <td> + <div id="<?php echo $ifname;?>-down" style="display:inline" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_interface_down.gif" title="<?=$ifname;?> is down" /></div> + </td> + <td> + <div id="<?php echo $ifname;?>-block" style="display:none" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" title="<?=$ifname;?> is disabled" /></div> + </td> + <td> + <div id="<?php echo $ifname;?>-up" style="display:none" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_interface_up.gif" title="<?=$ifname;?> is up" /></div> + </td> + <? } else if ($ifinfo['status'] == "down") { ?> + <td> + <div id="<?php echo $ifname;?>-block" style="display:inline" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" title="<?=$ifname;?> is disabled" /></div> + </td> + <td> + <div id="<?php echo $ifname;?>-up" style="display:none" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_interface_up.gif" title="<?=$ifname;?> is up" /></div> + </td> + <td> + <div id="<?php echo $ifname;?>-down" style="display:none" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_interface_down.gif" title="<?=$ifname;?> is down" /></div> + </td> <? } else { ?><?=htmlspecialchars($ifinfo['status']); }?> - <td> - <div id="<?php echo $ifname;?>-ip" style="display:inline"><?=htmlspecialchars($ifinfo['ipaddr']);?> </div> - </td> - <td> - <div id="<?php echo $ifname;?>-media" style="display:inline"><?=htmlspecialchars($ifinfo['media']);?></div> - </td> - </tr> - </table> - </td></tr><?php - }//end for each - ?> + <td> + <div id="<?php echo $ifname;?>-media" style="display:inline"><?=htmlspecialchars($ifinfo['media']);?></div> + </td> + </tr> + </table> + <table width="100%" border="0" cellspacing="0" cellpadding="0"> + <tr> + <td class="vncellt" width="45%"> + <div id="<?php echo $ifname;?>-ip" style="display:inline"><?=htmlspecialchars($ifinfo['ipaddr']);?> </div> + </td> + <td class="vncellt" > + <div id="<?php echo $ifname;?>-ipv6" style="display:inline"><?=htmlspecialchars($ifinfo['ipaddrv6']);?> </div> + </td> + </tr> + </table> + <?php }//end for each ?> + </td></tr> </table> |
