diff options
-rw-r--r-- | etc/inc/filter.inc | 36 | ||||
-rw-r--r-- | etc/inc/globals.inc | 2 | ||||
-rw-r--r-- | etc/inc/shaper.inc | 81 | ||||
-rw-r--r-- | etc/inc/upgrade_config.inc | 40 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 26 | ||||
-rw-r--r-- | usr/local/www/firewall_shaper_vinterface.php | 174 |
6 files changed, 232 insertions, 127 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 0e27f29..c417db1 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -39,9 +39,6 @@ */ /* DISABLE_PHP_LINT_CHECKING */ -// vim: ts=4 sw=4 noexpandtab - -/* include all configuration functions */ /* holds the items that will be executed *AFTER* the filter is fully loaded */ $after_filter_configure_run = array(); @@ -187,7 +184,7 @@ function filter_delete_states_for_down_gateways() { /* reload filter sync */ function filter_configure_sync($delete_states_if_needed = true) { global $config, $g, $after_filter_configure_run, $FilterIflist; - global $time_based_rules, $filterdns, $aliases; + global $time_based_rules, $filterdns, $aliases, $dummynet_name_list; /* Use filter lock to not allow concurrent filter reloads during this run. */ $filterlck = lock('filter', LOCK_EX); @@ -216,6 +213,9 @@ function filter_configure_sync($delete_states_if_needed = true) { $gateways = filter_generate_gateways(); if($g['booting'] == true) echo "."; + update_filter_reload_status(gettext("Generating Limiter rules")); + $dummynet_rules = filter_generate_dummynet_rules(); + $dummynet_name_list = get_unique_dnqueue_list(); update_filter_reload_status(gettext("Generating NAT rules")); /* generate nat rules */ $natrules = filter_nat_rules_generate(); @@ -229,8 +229,6 @@ function filter_configure_sync($delete_states_if_needed = true) { echo "."; update_filter_reload_status(gettext("Generating ALTQ queues")); $altq_queues = filter_generate_altq_queues(); - update_filter_reload_status(gettext("Generating Limiter rules")); - $dummynet_rules = filter_generate_dummynet_rules(); update_filter_reload_status(gettext("Generating Layer7 rules")); generate_layer7_files(); if($g['booting'] == true) @@ -296,8 +294,6 @@ function filter_configure_sync($delete_states_if_needed = true) { update_filter_reload_status(gettext("Setting up SCRUB information")); $rules .= filter_generate_scrubing(); $rules .= "\n"; - /* NOTE: Disabled until we catch up with dummynet changes. */ - //$rules .= "{$dummynet_rules}\n"; $rules .= "{$altq_queues}\n"; $rules .= "{$natrules}\n"; $rules .= "{$pfrules}\n"; @@ -2002,7 +1998,7 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { function filter_generate_user_rule($rule) { global $config, $g, $FilterIflist, $GatewaysList; - global $layer7_rules_list; + global $layer7_rules_list, $dummynet_name_list; if(isset($config['system']['developerspew'])) { $mt = microtime(); @@ -2296,17 +2292,19 @@ function filter_generate_user_rule($rule) { $aline['queue'] .= ") "; } if($rule['dnpipe'] <> "") { - if($rule['dnpipe'][0] == "?") { - $aline['dnpipe'] = " dnqueue( "; - $aline['dnpipe'] .= substr($rule['dnpipe'],1); - if($rule['pdnpipe'] <> "") - $aline['dnpipe'] .= ",".substr($rule['pdnpipe'], 1); - } else { - $aline['dnpipe'] = " dnpipe ( " . $rule['dnpipe']; - if($rule['pdnpipe'] <> "") - $aline['dnpipe'] .= ", " . $rule['pdnpipe']; + if (!empty($dummynet_name_list[$rule['dnpipe']])) { + if($dummynet_name_list[$rule['dnpipe']][0] == "?") { + $aline['dnpipe'] = " dnqueue( "; + $aline['dnpipe'] .= substr($dummynet_name_list[$rule['dnpipe']],1); + if($rule['pdnpipe'] <> "") + $aline['dnpipe'] .= ",".substr($dummynet_name_list[$rule['pdnpipe']], 1); + } else { + $aline['dnpipe'] = " dnpipe ( " . $dummynet_name_list[$rule['dnpipe']]; + if($rule['pdnpipe'] <> "") + $aline['dnpipe'] .= "," . $dummynet_name_list[$rule['pdnpipe']]; + } + $aline['dnpipe'] .= ") "; } - $aline['dnpipe'] .= ") "; } /* is a time based rule schedule attached? */ diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 1d85e1e..711d1f5 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -77,7 +77,7 @@ $g = array( "disablecrashreporter" => false, "crashreporterurl" => "http://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "8.6", + "latest_config" => "8.7", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 7b52ccc..26459fd 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -2862,6 +2862,8 @@ class dnpipe_class extends dummynet_class { log_error("SHAPER: could not create queue " . $q->GetQname() . " on interface {$interface} because: " . print_r($input_errors, true)); return $q; } + $number = dnqueue_find_nextnumber(); + $q->SetNumber($number); $this->subqueues[$q->GetQname()] = &$q; return $q; @@ -3021,6 +3023,10 @@ class dnpipe_class extends dummynet_class { $form .= $this->GetQname()."\">"; $form .= "<input type=\"hidden\" id=\"name\" name=\"name\" value=\""; $form .= $this->GetQname()."\">"; + if ($this->GetNumber() > 0) { + $form .= "<input type=\"hidden\" id=\"number\" name=\"number\" value=\""; + $form .= $this->GetNumber()."\">"; + } $form .= "</td></tr>"; $form .= "<tr><td valign=\"center\" class=\"vncellreq\">" . gettext("Bandwidth"); $form .= "</td><td class=\"vncellreq\">"; @@ -3281,6 +3287,10 @@ class dnqueue_class extends dummynet_class { $form .= $this->GetQname()."\">"; $form .= "<input type=\"hidden\" id=\"name\" name=\"name\" value=\""; $form .= $this->GetQname()."\">"; + if ($this->GetNumber() > 0) { + $form .= "<input type=\"hidden\" id=\"number\" name=\"number\" value=\""; + $form .= $this->GetNumber()."\">"; + } $form .= "</td></tr>"; $form .= "<tr><td valign=\"center\" class=\"vncellreq\">" . gettext("Mask") . "</td>"; $form .= "<td class=\"vncellreq\">"; @@ -3938,8 +3948,6 @@ function read_altq_config() { function read_dummynet_config() { global $dummynet_pipe_list, $config; $path = array(); - $dnqueuenumber = 1; - $dnpipenumber = 1; if (!is_array($config['dnshaper'])) $config['dnshaper'] = array(); @@ -3958,28 +3966,21 @@ function read_dummynet_config() { continue; /* XXX: grrrrrr at php */ $root =& new dnpipe_class(); $root->ReadConfig($conf); - $root->SetNumber($dnpipenumber); $dummynet_pipe_list[$root->GetQname()] = &$root; array_push($path, $key); $root->SetLink($path); if (is_array($conf['queue'])) { foreach ($conf['queue'] as $key1 => $q) { array_push($path, $key1); - /* XXX: We cheat a little here till a better way is found. */ - $q['number'] = $dnqueuenumber; /* * XXX: we compeletely ignore errors here but anyway we must have * checked them before so no harm should be come from this. */ $root->add_queue($root->GetQname(), $q, &$path, $input_errors); array_pop($path); - - $dnqueuenumber++; } } array_pop($path); - - $dnpipenumber++; } } @@ -4013,6 +4014,65 @@ function filter_generate_altq_queues() { return $altq_rules; } +function dnqueue_find_nextnumber() { + global $dummynet_pipe_list; + + $dnused = array(); + if (is_array($dummynet_pipe_list)) { + foreach ($dummynet_pipe_list as $dn) { + $tmplist =& $dn->get_queue_list(); + foreach ($tmplist as $qname => $link) { + if ($link[0] == "?") + $dnused[$qname] = substr($link, 1); + } + } + } + + sort($dnused, SORT_NUMERIC); + $dnnumber = 0; + $found = false; + foreach ($dnused as $dnnum) { + if (($dnnum - $dnnumber) > 1) { + $dnnumber = $dnnum + 1; + $found = true; + break; + } else + $dnnumber = $dnnum; + } + + if ($found == false) + $dnnumber++; + + unset($dnused, $dnnum, $found); + return $dnnumber; +} + +function dnpipe_find_nextnumber() { + global $dummynet_pipe_list; + + $dnused = array(); + foreach ($dummynet_pipe_list as $dn) + $dnused[] = $dn->GetNumber(); + + sort($dnused, SORT_NUMERIC); + $dnnumber = 0; + $found = false; + foreach ($dnused as $dnnum) { + if (($dnnum - $dnnumber) > 1) { + $dnnumber = $dnnum + 1; + $found = true; + break; + } else + $dnnumber = $dnnum; + } + + if ($found == false) + $dnnumber++; + + unset($dnused, $dnnum, $found); + return $dnnumber; +} + function filter_generate_dummynet_rules() { global $g, $dummynet_pipe_list; @@ -4021,8 +4081,6 @@ function filter_generate_dummynet_rules() { if (!empty($dummynet_pipe_list)) { if (!is_module_loaded("dummynet.ko")) mwexec("/sbin/kldload dummynet"); - /* XXX: Needs to be added code elsewhere to clear pipes/queues from kernel when not needed! */ - //mwexec("pfctl -F dummynet"); } $dn_rules = ""; @@ -4033,7 +4091,6 @@ function filter_generate_dummynet_rules() { file_put_contents("{$g['tmp_path']}/rules.limiter", $dn_rules); mwexec("/sbin/ipfw {$g['tmp_path']}/rules.limiter"); } - //return $dn_rules; } function build_iface_without_this_queue($iface, $qname) { diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index b42b837..45d6330 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -2818,4 +2818,44 @@ function upgrade_085_to_086() { } } +function upgrade_086_to_087() { + global $config, $dummynet_pipe_list; + + if (!is_array($config['filter']) || !is_array($config['filter']['rule'])) + return; + if (!is_array($config['dnshaper']) || !is_array($config['dnshaper']['queue'])) + return; + + $dnqueue_number = 1; + $dnpipe_number = 1; + + foreach ($config['dnshaper']['queue'] as $idx => $dnpipe) { + $config['dnshaper']['queue'][$idx]['number'] = $dnpipe_number; + $dnpipe_number++; + if (is_array($dnpipe['queue'])) { + foreach ($dnpipe['queue'] as $qidx => $dnqueue) { + $config['dnshaper']['queue'][$idx]['queue'][$qidx]['number'] = $dnqueue_number; + $dnqueue_number++; + } + } + } + + unset($dnqueue_number, $dnpipe_number, $qidx, $idx, $dnpipe, $dnqueue); + + require_once("shaper.inc"); + read_dummynet_config(); + + $dummynet_pipe_list = array_flip($dummynet_pipe_list); + foreach ($config['filter']['rule'] as $idx => $rule) { + if (!empty($rule['dnpipe'])) { + if (!empty($dummynet_pipe_list[$rule['dnpipe']])) + $config['filter']['rule'][$idx]['dnpipe'] = $dummynet_pipe_list[$rule['dnpipe']]; + } + if (!empty($rule['pdnpipe'])) { + if (!empty($dummynet_pipe_list[$rule['pdnpipe']])) + $config['filter']['rule'][$idx]['pdnpipe'] = $dummynet_pipe_list[$rule['pdnpipe']]; + } + } +} + ?> diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 13f4287..cfae019 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -190,6 +190,13 @@ $if = $pconfig['interface']; if (isset($_GET['dup'])) unset($id); +read_altq_config(); /* XXX: */ +$qlist =& get_unique_queue_list(); +read_dummynet_config(); /* XXX: */ +$dnqlist =& get_unique_dnqueue_list(); +read_layer7_config(); +$l7clist =& get_l7_unique_list(); + if ($_POST) { unset($input_errors); @@ -441,9 +448,9 @@ if ($_POST) { $input_errors[] = gettext("You must select a queue for the In direction before selecting one for Out too."); else if ($_POST['pdnpipe'] == $_POST['dnpipe']) $input_errors[] = gettext("In and Out Queue cannot be the same."); - else if ($pdnpipe[0] == "?" && $dnpipe[0] <> "?") + else if ($dnqlist[$_POST['pdnpipe']][0] == "?" && $dnqlist[$_POST['dnpipe']][0] <> "?") $input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type."); - else if ($dnpipe[0] == "?" && $pdnpipe[0] <> "?") + else if ($dnqlist[$_POST['dnpipe']][0] == "?" && $dnqlist[$_POST['pdnpipe']][0] <> "?") $input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type."); } if( !empty($_POST['ruleid']) && !ctype_digit($_POST['ruleid'])) @@ -650,13 +657,6 @@ if ($_POST) { } } -read_altq_config(); /* XXX: */ -$qlist =& get_unique_queue_list(); -read_dummynet_config(); /* XXX: */ -$dnqlist =& get_unique_dnqueue_list(); -read_layer7_config(); -$l7clist =& get_l7_unique_list(); - $pgtitle = array(gettext("Firewall"),gettext("Rules"),gettext("Edit")); $statusurl = "status_filter_reload.php"; $logurl = "diag_logs_filter.php"; @@ -1423,8 +1423,8 @@ $i--): ?> foreach ($dnqlist as $dnq => $dnqkey) { if($dnq == "") continue; - echo "<option value=\"$dnqkey\""; - if ($dnqkey == $pconfig['dnpipe']) { + echo "<option value=\"$dnq\""; + if ($dnq == $pconfig['dnpipe']) { $dnqselected = 1; echo " SELECTED"; } @@ -1441,8 +1441,8 @@ $i--): ?> foreach ($dnqlist as $dnq => $dnqkey) { if($dnq == "") continue; - echo "<option value=\"$dnqkey\""; - if ($dnqkey == $pconfig['pdnpipe']) { + echo "<option value=\"$dnq\""; + if ($dnq == $pconfig['pdnpipe']) { $dnqselected = 1; echo " SELECTED"; } diff --git a/usr/local/www/firewall_shaper_vinterface.php b/usr/local/www/firewall_shaper_vinterface.php index b325a30..ded2d04 100644 --- a/usr/local/www/firewall_shaper_vinterface.php +++ b/usr/local/www/firewall_shaper_vinterface.php @@ -95,56 +95,56 @@ $output_form = ""; if ($_GET) { switch ($action) { case "delete": - if ($queue) { - if (is_array($config['filter']['rule'])) { - foreach ($config['filter']['rule'] as $rule) { - if ($rule['dnpipe'] == $queue->GetNumber() || $rule['pdnpipe'] == $queue->GetNumber()) - $input_errors[] = gettext("This pipe/queue is referenced in filter rules, please remove references from there before deleteing."); - } - } - if (!$input_errors) { - $queue->delete_queue(); - write_config(); - mark_subsystem_dirty('shaper'); - header("Location: firewall_shaper_vinterface.php"); - exit; + if ($queue) { + if (is_array($config['filter']['rule'])) { + foreach ($config['filter']['rule'] as $rule) { + if ($rule['dnpipe'] == $queue->GetName() || $rule['pdnpipe'] == $queue->GetName()) + $input_errors[] = gettext("This pipe/queue is referenced in filter rules, please remove references from there before deleteing."); } - $output_form .= $queue->build_form(); - } else { - $input_errors[] = sprintf(gettext("No queue with name %s was found!"),$qname); - $output_form .= "<p class=\"pgtitle\">" . $dn_default_shaper_msg."</p>"; - $dontshow = true; } + if (!$input_errors) { + $queue->delete_queue(); + write_config(); + mark_subsystem_dirty('shaper'); + header("Location: firewall_shaper_vinterface.php"); + exit; + } + $output_form .= $queue->build_form(); + } else { + $input_errors[] = sprintf(gettext("No queue with name %s was found!"),$qname); + $output_form .= "<p class=\"pgtitle\">" . $dn_default_shaper_msg."</p>"; + $dontshow = true; + } break; case "resetall": - foreach ($dummynet_pipe_list as $dn) - $dn->delete_queue(); - unset($dummynet_pipe_list); - $dummynet_pipe_list = array(); - unset($config['dnshaper']['queue']); - unset($queue); - unset($pipe); - $can_add = false; - $can_enable = false; - $dontshow = true; - foreach ($config['filter']['rule'] as $key => $rule) { - if (isset($rule['dnpipe'])) - unset($config['filter']['rule'][$key]['dnpipe']); - if (isset($rule['pdnpipe'])) - unset($config['filter']['rule'][$key]['pdnpipe']); - } - write_config(); - - $retval = 0; - $retval = filter_configure(); - $savemsg = get_std_save_message($retval); + foreach ($dummynet_pipe_list as $dn) + $dn->delete_queue(); + unset($dummynet_pipe_list); + $dummynet_pipe_list = array(); + unset($config['dnshaper']['queue']); + unset($queue); + unset($pipe); + $can_add = false; + $can_enable = false; + $dontshow = true; + foreach ($config['filter']['rule'] as $key => $rule) { + if (isset($rule['dnpipe'])) + unset($config['filter']['rule'][$key]['dnpipe']); + if (isset($rule['pdnpipe'])) + unset($config['filter']['rule'][$key]['pdnpipe']); + } + write_config(); + + $retval = 0; + $retval = filter_configure(); + $savemsg = get_std_save_message($retval); - if (stristr($retval, "error") <> true) - $savemsg = get_std_save_message($retval); - else - $savemsg = $retval; - - $output_form = $dn_default_shaper_message; + if (stristr($retval, "error") <> true) + $savemsg = get_std_save_message($retval); + else + $savemsg = $retval; + + $output_form = $dn_default_shaper_message; break; case "add": @@ -159,11 +159,11 @@ if ($_GET) { } else $input_errors[] = gettext("Could not create new queue/discipline!"); - if ($q) { - $output_form .= $q->build_form(); - unset($q); - $newqueue = true; - } + if ($q) { + $output_form .= $q->build_form(); + unset($q); + $newqueue = true; + } break; case "show": if ($queue) @@ -173,21 +173,23 @@ if ($_GET) { break; case "enable": if ($queue) { - $queue->SetEnabled("on"); - $output_form .= $queue->build_form(); - write_config(); - mark_subsystem_dirty('shaper'); + $queue->SetEnabled("on"); + $output_form .= $queue->build_form(); + $queue->wconfig(); + write_config(); + mark_subsystem_dirty('shaper'); } else - $input_errors[] = gettext("Queue not found!"); + $input_errors[] = gettext("Queue not found!"); break; case "disable": if ($queue) { - $queue->SetEnabled(""); - $output_form .= $queue->build_form(); - write_config(); - mark_subsystem_dirty('shaper'); + $queue->SetEnabled(""); + $output_form .= $queue->build_form(); + $queue->wconfig(); + write_config(); + mark_subsystem_dirty('shaper'); } else - $input_errors[] = gettext("Queue not found!"); + $input_errors[] = gettext("Queue not found!"); break; default: $output_form .= "<p class=\"pgtitle\">" . $dn_default_shaper_msg."</p>"; @@ -198,25 +200,33 @@ if ($_GET) { unset($input_errors); if ($addnewpipe) { - $dnpipe =& new dnpipe_class(); - - $dnpipe->ReadConfig($_POST); - $dnpipe->validate_input($_POST, &$input_errors); - if (!$input_errors) { - unset($tmppath); - $tmppath[] = $dnpipe->GetQname(); - $dnpipe->SetLink(&$tmppath); - $dnpipe->wconfig(); - write_config(); - mark_subsystem_dirty('shaper'); - $can_enable = true; - $can_add = true; + if (!empty($dummynet_pipe_list[$qname])) + $input_errors[] = gettext("You cannot name a child queue with the same name as a parent limiter"); + else { + $dnpipe =& new dnpipe_class(); + + $dnpipe->ReadConfig($_POST); + $dnpipe->validate_input($_POST, &$input_errors); + if (!$input_errors) { + $number = dnpipe_find_nextnumber(); + $dnpipe->SetNumber($number); + unset($tmppath); + $tmppath[] = $dnpipe->GetQname(); + $dnpipe->SetLink(&$tmppath); + $dnpipe->wconfig(); + write_config(); + mark_subsystem_dirty('shaper'); + $can_enable = true; + $can_add = true; + } + + read_dummynet_config(); + $output_form .= $dnpipe->build_form(); } - read_dummynet_config(); - $output_form .= $dnpipe->build_form(); - } else if ($parentqueue) { /* Add a new queue */ - if ($dnpipe) { + if (!empty($dummynet_pipe_list[$qname])) + $input_errors[] = gettext("You cannot name a child queue with the same name as a parent limiter"); + else if ($dnpipe) { $tmppath =& $dnpipe->GetLink(); array_push($tmppath, $qname); $tmp =& $dnpipe->add_queue($pipe, $_POST, $tmppath, &$input_errors); @@ -262,11 +272,11 @@ if ($_GET) { } else if ($queue) { $queue->validate_input($_POST, &$input_errors); if (!$input_errors) { - $queue->update_dn_data($_POST); - $queue->wconfig(); - write_config(); - mark_subsystem_dirty('shaper'); - $dontshow = false; + $queue->update_dn_data($_POST); + $queue->wconfig(); + write_config(); + mark_subsystem_dirty('shaper'); + $dontshow = false; } read_dummynet_config(); $output_form .= $queue->build_form(); |