summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--etc/inc/filter.inc36
-rw-r--r--etc/inc/globals.inc2
-rw-r--r--etc/inc/shaper.inc81
-rw-r--r--etc/inc/upgrade_config.inc40
-rwxr-xr-xusr/local/www/firewall_rules_edit.php26
-rw-r--r--usr/local/www/firewall_shaper_vinterface.php174
6 files changed, 232 insertions, 127 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 0e27f29..c417db1 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -39,9 +39,6 @@
*/
/* DISABLE_PHP_LINT_CHECKING */
-// vim: ts=4 sw=4 noexpandtab
-
-/* include all configuration functions */
/* holds the items that will be executed *AFTER* the filter is fully loaded */
$after_filter_configure_run = array();
@@ -187,7 +184,7 @@ function filter_delete_states_for_down_gateways() {
/* reload filter sync */
function filter_configure_sync($delete_states_if_needed = true) {
global $config, $g, $after_filter_configure_run, $FilterIflist;
- global $time_based_rules, $filterdns, $aliases;
+ global $time_based_rules, $filterdns, $aliases, $dummynet_name_list;
/* Use filter lock to not allow concurrent filter reloads during this run. */
$filterlck = lock('filter', LOCK_EX);
@@ -216,6 +213,9 @@ function filter_configure_sync($delete_states_if_needed = true) {
$gateways = filter_generate_gateways();
if($g['booting'] == true)
echo ".";
+ update_filter_reload_status(gettext("Generating Limiter rules"));
+ $dummynet_rules = filter_generate_dummynet_rules();
+ $dummynet_name_list = get_unique_dnqueue_list();
update_filter_reload_status(gettext("Generating NAT rules"));
/* generate nat rules */
$natrules = filter_nat_rules_generate();
@@ -229,8 +229,6 @@ function filter_configure_sync($delete_states_if_needed = true) {
echo ".";
update_filter_reload_status(gettext("Generating ALTQ queues"));
$altq_queues = filter_generate_altq_queues();
- update_filter_reload_status(gettext("Generating Limiter rules"));
- $dummynet_rules = filter_generate_dummynet_rules();
update_filter_reload_status(gettext("Generating Layer7 rules"));
generate_layer7_files();
if($g['booting'] == true)
@@ -296,8 +294,6 @@ function filter_configure_sync($delete_states_if_needed = true) {
update_filter_reload_status(gettext("Setting up SCRUB information"));
$rules .= filter_generate_scrubing();
$rules .= "\n";
- /* NOTE: Disabled until we catch up with dummynet changes. */
- //$rules .= "{$dummynet_rules}\n";
$rules .= "{$altq_queues}\n";
$rules .= "{$natrules}\n";
$rules .= "{$pfrules}\n";
@@ -2002,7 +1998,7 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) {
function filter_generate_user_rule($rule) {
global $config, $g, $FilterIflist, $GatewaysList;
- global $layer7_rules_list;
+ global $layer7_rules_list, $dummynet_name_list;
if(isset($config['system']['developerspew'])) {
$mt = microtime();
@@ -2296,17 +2292,19 @@ function filter_generate_user_rule($rule) {
$aline['queue'] .= ") ";
}
if($rule['dnpipe'] <> "") {
- if($rule['dnpipe'][0] == "?") {
- $aline['dnpipe'] = " dnqueue( ";
- $aline['dnpipe'] .= substr($rule['dnpipe'],1);
- if($rule['pdnpipe'] <> "")
- $aline['dnpipe'] .= ",".substr($rule['pdnpipe'], 1);
- } else {
- $aline['dnpipe'] = " dnpipe ( " . $rule['dnpipe'];
- if($rule['pdnpipe'] <> "")
- $aline['dnpipe'] .= ", " . $rule['pdnpipe'];
+ if (!empty($dummynet_name_list[$rule['dnpipe']])) {
+ if($dummynet_name_list[$rule['dnpipe']][0] == "?") {
+ $aline['dnpipe'] = " dnqueue( ";
+ $aline['dnpipe'] .= substr($dummynet_name_list[$rule['dnpipe']],1);
+ if($rule['pdnpipe'] <> "")
+ $aline['dnpipe'] .= ",".substr($dummynet_name_list[$rule['pdnpipe']], 1);
+ } else {
+ $aline['dnpipe'] = " dnpipe ( " . $dummynet_name_list[$rule['dnpipe']];
+ if($rule['pdnpipe'] <> "")
+ $aline['dnpipe'] .= "," . $dummynet_name_list[$rule['pdnpipe']];
+ }
+ $aline['dnpipe'] .= ") ";
}
- $aline['dnpipe'] .= ") ";
}
/* is a time based rule schedule attached? */
diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc
index 1d85e1e..711d1f5 100644
--- a/etc/inc/globals.inc
+++ b/etc/inc/globals.inc
@@ -77,7 +77,7 @@ $g = array(
"disablecrashreporter" => false,
"crashreporterurl" => "http://crashreporter.pfsense.org/crash_reporter.php",
"debug" => false,
- "latest_config" => "8.6",
+ "latest_config" => "8.7",
"nopkg_platforms" => array("cdrom"),
"minimum_ram_warning" => "101",
"minimum_ram_warning_text" => "128 MB",
diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc
index 7b52ccc..26459fd 100644
--- a/etc/inc/shaper.inc
+++ b/etc/inc/shaper.inc
@@ -2862,6 +2862,8 @@ class dnpipe_class extends dummynet_class {
log_error("SHAPER: could not create queue " . $q->GetQname() . " on interface {$interface} because: " . print_r($input_errors, true));
return $q;
}
+ $number = dnqueue_find_nextnumber();
+ $q->SetNumber($number);
$this->subqueues[$q->GetQname()] = &$q;
return $q;
@@ -3021,6 +3023,10 @@ class dnpipe_class extends dummynet_class {
$form .= $this->GetQname()."\">";
$form .= "<input type=\"hidden\" id=\"name\" name=\"name\" value=\"";
$form .= $this->GetQname()."\">";
+ if ($this->GetNumber() > 0) {
+ $form .= "<input type=\"hidden\" id=\"number\" name=\"number\" value=\"";
+ $form .= $this->GetNumber()."\">";
+ }
$form .= "</td></tr>";
$form .= "<tr><td valign=\"center\" class=\"vncellreq\">" . gettext("Bandwidth");
$form .= "</td><td class=\"vncellreq\">";
@@ -3281,6 +3287,10 @@ class dnqueue_class extends dummynet_class {
$form .= $this->GetQname()."\">";
$form .= "<input type=\"hidden\" id=\"name\" name=\"name\" value=\"";
$form .= $this->GetQname()."\">";
+ if ($this->GetNumber() > 0) {
+ $form .= "<input type=\"hidden\" id=\"number\" name=\"number\" value=\"";
+ $form .= $this->GetNumber()."\">";
+ }
$form .= "</td></tr>";
$form .= "<tr><td valign=\"center\" class=\"vncellreq\">" . gettext("Mask") . "</td>";
$form .= "<td class=\"vncellreq\">";
@@ -3938,8 +3948,6 @@ function read_altq_config() {
function read_dummynet_config() {
global $dummynet_pipe_list, $config;
$path = array();
- $dnqueuenumber = 1;
- $dnpipenumber = 1;
if (!is_array($config['dnshaper']))
$config['dnshaper'] = array();
@@ -3958,28 +3966,21 @@ function read_dummynet_config() {
continue; /* XXX: grrrrrr at php */
$root =& new dnpipe_class();
$root->ReadConfig($conf);
- $root->SetNumber($dnpipenumber);
$dummynet_pipe_list[$root->GetQname()] = &$root;
array_push($path, $key);
$root->SetLink($path);
if (is_array($conf['queue'])) {
foreach ($conf['queue'] as $key1 => $q) {
array_push($path, $key1);
- /* XXX: We cheat a little here till a better way is found. */
- $q['number'] = $dnqueuenumber;
/*
* XXX: we compeletely ignore errors here but anyway we must have
* checked them before so no harm should be come from this.
*/
$root->add_queue($root->GetQname(), $q, &$path, $input_errors);
array_pop($path);
-
- $dnqueuenumber++;
}
}
array_pop($path);
-
- $dnpipenumber++;
}
}
@@ -4013,6 +4014,65 @@ function filter_generate_altq_queues() {
return $altq_rules;
}
+function dnqueue_find_nextnumber() {
+ global $dummynet_pipe_list;
+
+ $dnused = array();
+ if (is_array($dummynet_pipe_list)) {
+ foreach ($dummynet_pipe_list as $dn) {
+ $tmplist =& $dn->get_queue_list();
+ foreach ($tmplist as $qname => $link) {
+ if ($link[0] == "?")
+ $dnused[$qname] = substr($link, 1);
+ }
+ }
+ }
+
+ sort($dnused, SORT_NUMERIC);
+ $dnnumber = 0;
+ $found = false;
+ foreach ($dnused as $dnnum) {
+ if (($dnnum - $dnnumber) > 1) {
+ $dnnumber = $dnnum + 1;
+ $found = true;
+ break;
+ } else
+ $dnnumber = $dnnum;
+ }
+
+ if ($found == false)
+ $dnnumber++;
+
+ unset($dnused, $dnnum, $found);
+ return $dnnumber;
+}
+
+function dnpipe_find_nextnumber() {
+ global $dummynet_pipe_list;
+
+ $dnused = array();
+ foreach ($dummynet_pipe_list as $dn)
+ $dnused[] = $dn->GetNumber();
+
+ sort($dnused, SORT_NUMERIC);
+ $dnnumber = 0;
+ $found = false;
+ foreach ($dnused as $dnnum) {
+ if (($dnnum - $dnnumber) > 1) {
+ $dnnumber = $dnnum + 1;
+ $found = true;
+ break;
+ } else
+ $dnnumber = $dnnum;
+ }
+
+ if ($found == false)
+ $dnnumber++;
+
+ unset($dnused, $dnnum, $found);
+ return $dnnumber;
+}
+
function filter_generate_dummynet_rules() {
global $g, $dummynet_pipe_list;
@@ -4021,8 +4081,6 @@ function filter_generate_dummynet_rules() {
if (!empty($dummynet_pipe_list)) {
if (!is_module_loaded("dummynet.ko"))
mwexec("/sbin/kldload dummynet");
- /* XXX: Needs to be added code elsewhere to clear pipes/queues from kernel when not needed! */
- //mwexec("pfctl -F dummynet");
}
$dn_rules = "";
@@ -4033,7 +4091,6 @@ function filter_generate_dummynet_rules() {
file_put_contents("{$g['tmp_path']}/rules.limiter", $dn_rules);
mwexec("/sbin/ipfw {$g['tmp_path']}/rules.limiter");
}
- //return $dn_rules;
}
function build_iface_without_this_queue($iface, $qname) {
diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc
index b42b837..45d6330 100644
--- a/etc/inc/upgrade_config.inc
+++ b/etc/inc/upgrade_config.inc
@@ -2818,4 +2818,44 @@ function upgrade_085_to_086() {
}
}
+function upgrade_086_to_087() {
+ global $config, $dummynet_pipe_list;
+
+ if (!is_array($config['filter']) || !is_array($config['filter']['rule']))
+ return;
+ if (!is_array($config['dnshaper']) || !is_array($config['dnshaper']['queue']))
+ return;
+
+ $dnqueue_number = 1;
+ $dnpipe_number = 1;
+
+ foreach ($config['dnshaper']['queue'] as $idx => $dnpipe) {
+ $config['dnshaper']['queue'][$idx]['number'] = $dnpipe_number;
+ $dnpipe_number++;
+ if (is_array($dnpipe['queue'])) {
+ foreach ($dnpipe['queue'] as $qidx => $dnqueue) {
+ $config['dnshaper']['queue'][$idx]['queue'][$qidx]['number'] = $dnqueue_number;
+ $dnqueue_number++;
+ }
+ }
+ }
+
+ unset($dnqueue_number, $dnpipe_number, $qidx, $idx, $dnpipe, $dnqueue);
+
+ require_once("shaper.inc");
+ read_dummynet_config();
+
+ $dummynet_pipe_list = array_flip($dummynet_pipe_list);
+ foreach ($config['filter']['rule'] as $idx => $rule) {
+ if (!empty($rule['dnpipe'])) {
+ if (!empty($dummynet_pipe_list[$rule['dnpipe']]))
+ $config['filter']['rule'][$idx]['dnpipe'] = $dummynet_pipe_list[$rule['dnpipe']];
+ }
+ if (!empty($rule['pdnpipe'])) {
+ if (!empty($dummynet_pipe_list[$rule['pdnpipe']]))
+ $config['filter']['rule'][$idx]['pdnpipe'] = $dummynet_pipe_list[$rule['pdnpipe']];
+ }
+ }
+}
+
?>
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index 13f4287..cfae019 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -190,6 +190,13 @@ $if = $pconfig['interface'];
if (isset($_GET['dup']))
unset($id);
+read_altq_config(); /* XXX: */
+$qlist =& get_unique_queue_list();
+read_dummynet_config(); /* XXX: */
+$dnqlist =& get_unique_dnqueue_list();
+read_layer7_config();
+$l7clist =& get_l7_unique_list();
+
if ($_POST) {
unset($input_errors);
@@ -441,9 +448,9 @@ if ($_POST) {
$input_errors[] = gettext("You must select a queue for the In direction before selecting one for Out too.");
else if ($_POST['pdnpipe'] == $_POST['dnpipe'])
$input_errors[] = gettext("In and Out Queue cannot be the same.");
- else if ($pdnpipe[0] == "?" && $dnpipe[0] <> "?")
+ else if ($dnqlist[$_POST['pdnpipe']][0] == "?" && $dnqlist[$_POST['dnpipe']][0] <> "?")
$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type.");
- else if ($dnpipe[0] == "?" && $pdnpipe[0] <> "?")
+ else if ($dnqlist[$_POST['dnpipe']][0] == "?" && $dnqlist[$_POST['pdnpipe']][0] <> "?")
$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type.");
}
if( !empty($_POST['ruleid']) && !ctype_digit($_POST['ruleid']))
@@ -650,13 +657,6 @@ if ($_POST) {
}
}
-read_altq_config(); /* XXX: */
-$qlist =& get_unique_queue_list();
-read_dummynet_config(); /* XXX: */
-$dnqlist =& get_unique_dnqueue_list();
-read_layer7_config();
-$l7clist =& get_l7_unique_list();
-
$pgtitle = array(gettext("Firewall"),gettext("Rules"),gettext("Edit"));
$statusurl = "status_filter_reload.php";
$logurl = "diag_logs_filter.php";
@@ -1423,8 +1423,8 @@ $i--): ?>
foreach ($dnqlist as $dnq => $dnqkey) {
if($dnq == "")
continue;
- echo "<option value=\"$dnqkey\"";
- if ($dnqkey == $pconfig['dnpipe']) {
+ echo "<option value=\"$dnq\"";
+ if ($dnq == $pconfig['dnpipe']) {
$dnqselected = 1;
echo " SELECTED";
}
@@ -1441,8 +1441,8 @@ $i--): ?>
foreach ($dnqlist as $dnq => $dnqkey) {
if($dnq == "")
continue;
- echo "<option value=\"$dnqkey\"";
- if ($dnqkey == $pconfig['pdnpipe']) {
+ echo "<option value=\"$dnq\"";
+ if ($dnq == $pconfig['pdnpipe']) {
$dnqselected = 1;
echo " SELECTED";
}
diff --git a/usr/local/www/firewall_shaper_vinterface.php b/usr/local/www/firewall_shaper_vinterface.php
index b325a30..ded2d04 100644
--- a/usr/local/www/firewall_shaper_vinterface.php
+++ b/usr/local/www/firewall_shaper_vinterface.php
@@ -95,56 +95,56 @@ $output_form = "";
if ($_GET) {
switch ($action) {
case "delete":
- if ($queue) {
- if (is_array($config['filter']['rule'])) {
- foreach ($config['filter']['rule'] as $rule) {
- if ($rule['dnpipe'] == $queue->GetNumber() || $rule['pdnpipe'] == $queue->GetNumber())
- $input_errors[] = gettext("This pipe/queue is referenced in filter rules, please remove references from there before deleteing.");
- }
- }
- if (!$input_errors) {
- $queue->delete_queue();
- write_config();
- mark_subsystem_dirty('shaper');
- header("Location: firewall_shaper_vinterface.php");
- exit;
+ if ($queue) {
+ if (is_array($config['filter']['rule'])) {
+ foreach ($config['filter']['rule'] as $rule) {
+ if ($rule['dnpipe'] == $queue->GetName() || $rule['pdnpipe'] == $queue->GetName())
+ $input_errors[] = gettext("This pipe/queue is referenced in filter rules, please remove references from there before deleteing.");
}
- $output_form .= $queue->build_form();
- } else {
- $input_errors[] = sprintf(gettext("No queue with name %s was found!"),$qname);
- $output_form .= "<p class=\"pgtitle\">" . $dn_default_shaper_msg."</p>";
- $dontshow = true;
}
+ if (!$input_errors) {
+ $queue->delete_queue();
+ write_config();
+ mark_subsystem_dirty('shaper');
+ header("Location: firewall_shaper_vinterface.php");
+ exit;
+ }
+ $output_form .= $queue->build_form();
+ } else {
+ $input_errors[] = sprintf(gettext("No queue with name %s was found!"),$qname);
+ $output_form .= "<p class=\"pgtitle\">" . $dn_default_shaper_msg."</p>";
+ $dontshow = true;
+ }
break;
case "resetall":
- foreach ($dummynet_pipe_list as $dn)
- $dn->delete_queue();
- unset($dummynet_pipe_list);
- $dummynet_pipe_list = array();
- unset($config['dnshaper']['queue']);
- unset($queue);
- unset($pipe);
- $can_add = false;
- $can_enable = false;
- $dontshow = true;
- foreach ($config['filter']['rule'] as $key => $rule) {
- if (isset($rule['dnpipe']))
- unset($config['filter']['rule'][$key]['dnpipe']);
- if (isset($rule['pdnpipe']))
- unset($config['filter']['rule'][$key]['pdnpipe']);
- }
- write_config();
-
- $retval = 0;
- $retval = filter_configure();
- $savemsg = get_std_save_message($retval);
+ foreach ($dummynet_pipe_list as $dn)
+ $dn->delete_queue();
+ unset($dummynet_pipe_list);
+ $dummynet_pipe_list = array();
+ unset($config['dnshaper']['queue']);
+ unset($queue);
+ unset($pipe);
+ $can_add = false;
+ $can_enable = false;
+ $dontshow = true;
+ foreach ($config['filter']['rule'] as $key => $rule) {
+ if (isset($rule['dnpipe']))
+ unset($config['filter']['rule'][$key]['dnpipe']);
+ if (isset($rule['pdnpipe']))
+ unset($config['filter']['rule'][$key]['pdnpipe']);
+ }
+ write_config();
+
+ $retval = 0;
+ $retval = filter_configure();
+ $savemsg = get_std_save_message($retval);
- if (stristr($retval, "error") <> true)
- $savemsg = get_std_save_message($retval);
- else
- $savemsg = $retval;
-
- $output_form = $dn_default_shaper_message;
+ if (stristr($retval, "error") <> true)
+ $savemsg = get_std_save_message($retval);
+ else
+ $savemsg = $retval;
+
+ $output_form = $dn_default_shaper_message;
break;
case "add":
@@ -159,11 +159,11 @@ if ($_GET) {
} else
$input_errors[] = gettext("Could not create new queue/discipline!");
- if ($q) {
- $output_form .= $q->build_form();
- unset($q);
- $newqueue = true;
- }
+ if ($q) {
+ $output_form .= $q->build_form();
+ unset($q);
+ $newqueue = true;
+ }
break;
case "show":
if ($queue)
@@ -173,21 +173,23 @@ if ($_GET) {
break;
case "enable":
if ($queue) {
- $queue->SetEnabled("on");
- $output_form .= $queue->build_form();
- write_config();
- mark_subsystem_dirty('shaper');
+ $queue->SetEnabled("on");
+ $output_form .= $queue->build_form();
+ $queue->wconfig();
+ write_config();
+ mark_subsystem_dirty('shaper');
} else
- $input_errors[] = gettext("Queue not found!");
+ $input_errors[] = gettext("Queue not found!");
break;
case "disable":
if ($queue) {
- $queue->SetEnabled("");
- $output_form .= $queue->build_form();
- write_config();
- mark_subsystem_dirty('shaper');
+ $queue->SetEnabled("");
+ $output_form .= $queue->build_form();
+ $queue->wconfig();
+ write_config();
+ mark_subsystem_dirty('shaper');
} else
- $input_errors[] = gettext("Queue not found!");
+ $input_errors[] = gettext("Queue not found!");
break;
default:
$output_form .= "<p class=\"pgtitle\">" . $dn_default_shaper_msg."</p>";
@@ -198,25 +200,33 @@ if ($_GET) {
unset($input_errors);
if ($addnewpipe) {
- $dnpipe =& new dnpipe_class();
-
- $dnpipe->ReadConfig($_POST);
- $dnpipe->validate_input($_POST, &$input_errors);
- if (!$input_errors) {
- unset($tmppath);
- $tmppath[] = $dnpipe->GetQname();
- $dnpipe->SetLink(&$tmppath);
- $dnpipe->wconfig();
- write_config();
- mark_subsystem_dirty('shaper');
- $can_enable = true;
- $can_add = true;
+ if (!empty($dummynet_pipe_list[$qname]))
+ $input_errors[] = gettext("You cannot name a child queue with the same name as a parent limiter");
+ else {
+ $dnpipe =& new dnpipe_class();
+
+ $dnpipe->ReadConfig($_POST);
+ $dnpipe->validate_input($_POST, &$input_errors);
+ if (!$input_errors) {
+ $number = dnpipe_find_nextnumber();
+ $dnpipe->SetNumber($number);
+ unset($tmppath);
+ $tmppath[] = $dnpipe->GetQname();
+ $dnpipe->SetLink(&$tmppath);
+ $dnpipe->wconfig();
+ write_config();
+ mark_subsystem_dirty('shaper');
+ $can_enable = true;
+ $can_add = true;
+ }
+
+ read_dummynet_config();
+ $output_form .= $dnpipe->build_form();
}
- read_dummynet_config();
- $output_form .= $dnpipe->build_form();
-
} else if ($parentqueue) { /* Add a new queue */
- if ($dnpipe) {
+ if (!empty($dummynet_pipe_list[$qname]))
+ $input_errors[] = gettext("You cannot name a child queue with the same name as a parent limiter");
+ else if ($dnpipe) {
$tmppath =& $dnpipe->GetLink();
array_push($tmppath, $qname);
$tmp =& $dnpipe->add_queue($pipe, $_POST, $tmppath, &$input_errors);
@@ -262,11 +272,11 @@ if ($_GET) {
} else if ($queue) {
$queue->validate_input($_POST, &$input_errors);
if (!$input_errors) {
- $queue->update_dn_data($_POST);
- $queue->wconfig();
- write_config();
- mark_subsystem_dirty('shaper');
- $dontshow = false;
+ $queue->update_dn_data($_POST);
+ $queue->wconfig();
+ write_config();
+ mark_subsystem_dirty('shaper');
+ $dontshow = false;
}
read_dummynet_config();
$output_form .= $queue->build_form();
OpenPOWER on IntegriCloud