diff options
64 files changed, 1083 insertions, 667 deletions
diff --git a/conf.default/config.xml b/conf.default/config.xml index e8fd2b2..a0cabd5 100644 --- a/conf.default/config.xml +++ b/conf.default/config.xml @@ -200,6 +200,7 @@ <ipv6allow/> <powerd_ac_mode>hadp</powerd_ac_mode> <powerd_battery_mode>hadp</powerd_battery_mode> + <powerd_normal_mode>hadp</powerd_normal_mode> <bogons> <interval>monthly</interval> </bogons> diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 000db23..a5029a5 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -937,7 +937,7 @@ function captiveportal_radius_stop_all() { } } -function captiveportal_passthrumac_configure_entry($macent) { +function captiveportal_passthrumac_configure_entry($macent, $pipeinrule = false) { global $config, $g, $cpzone; $bwUp = 0; @@ -954,14 +954,22 @@ function captiveportal_passthrumac_configure_entry($macent) { $ruleno = captiveportal_get_next_ipfw_ruleno(); if ($macent['action'] == 'pass') { + $rules = ""; $pipeno = captiveportal_get_next_dn_ruleno(); $pipeup = $pipeno; - $_gb = @pfSense_pipe_action("pipe {$pipeno} config bw {$bwUp}Kbit/s queue 100 buckets 16"); + if ($pipeinrule == true) + $_gb = @pfSense_pipe_action("pipe {$pipeno} config bw {$bwUp}Kbit/s queue 100 buckets 16"); + else + $rules .= "pipe {$pipeno} config bw {$bwUp}Kbit/s queue 100 buckets 16\n"; + $pipedown = $pipeno + 1; - $_gb = @pfSense_pipe_action("pipe {$pipedown} config bw {$bwDown}Kbit/s queue 100 buckets 16"); + if ($pipeinrule == true) + $_gb = @pfSense_pipe_action("pipe {$pipedown} config bw {$bwDown}Kbit/s queue 100 buckets 16"); + else + $rules .= "pipe {$pipedown} config bw {$bwDown}Kbit/s queue 100 buckets 16\n"; - $rules = "add {$ruleno} pipe {$pipeup} ip from any to any MAC any {$macent['mac']}\n"; + $rules .= "add {$ruleno} pipe {$pipeup} ip from any to any MAC any {$macent['mac']}\n"; $ruleno++; $rules .= "add {$ruleno} pipe {$pipedown} ip from any to any MAC {$macent['mac']} any\n"; } @@ -1000,9 +1008,15 @@ function captiveportal_passthrumac_configure($lock = false) { $rules = ""; - if (is_array($config['captiveportal'][$cpzone]['passthrumac'])) - foreach ($config['captiveportal'][$cpzone]['passthrumac'] as $macent) - $rules .= captiveportal_passthrumac_configure_entry($macent); + if (is_array($config['captiveportal'][$cpzone]['passthrumac'])) { + $nentries = count($config['captiveportal'][$cpzone]['passthrumac']); + foreach ($config['captiveportal'][$cpzone]['passthrumac'] as $macent) { + if ($nentries > 100) + $rules .= captiveportal_passthrumac_configure_entry($macent, true); + else + $rules .= captiveportal_passthrumac_configure_entry($macent); + } + } return $rules; } diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 8df3e5d..bf9f899 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -270,22 +270,28 @@ function cert_import(& $cert, $crt_str, $key_str) { function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user", $digest_alg = "sha256") { - $ca =& lookup_ca($caref); - if (!$ca) - return false; + $cert['type'] = $type; - $ca_str_crt = base64_decode($ca['crt']); - $ca_str_key = base64_decode($ca['prv']); - $ca_res_crt = openssl_x509_read($ca_str_crt); - $ca_res_key = openssl_pkey_get_private(array(0 => $ca_str_key, 1 => "")); - if(!$ca_res_key) return false; - $ca_serial = ++$ca['serial']; + if ($type != "self-signed") { + $cert['caref'] = $caref; + $ca =& lookup_ca($caref); + if (!$ca) + return false; + + $ca_str_crt = base64_decode($ca['crt']); + $ca_str_key = base64_decode($ca['prv']); + $ca_res_crt = openssl_x509_read($ca_str_crt); + $ca_res_key = openssl_pkey_get_private(array(0 => $ca_str_key, 1 => "")); + if(!$ca_res_key) return false; + $ca_serial = ++$ca['serial']; + } switch ($type) { case "ca": $cert_type = "v3_ca"; break; case "server": + case "self-signed": $cert_type = "server"; break; default: @@ -312,11 +318,20 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user", $di $res_key = openssl_pkey_new($args); if(!$res_key) return false; + // If this is a self-signed cert, blank out the CA and sign with the cert's key + if ($type == "self-signed") { + $ca = null; + $ca_res_crt = null; + $ca_res_key = $res_key; + $ca_serial = 0; + $cert['type'] = "server"; + } + // generate a certificate signing request $res_csr = openssl_csr_new($dn, $res_key, $args); if(!$res_csr) return false; - // self sign the certificate + // sign the certificate using an internal CA $res_crt = openssl_csr_sign($res_csr, $ca_res_crt, $ca_res_key, $lifetime, $args, $ca_serial); if(!$res_crt) return false; @@ -327,10 +342,8 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user", $di return false; // return our certificate information - $cert['caref'] = $caref; $cert['crt'] = base64_encode($str_crt); $cert['prv'] = base64_encode($str_key); - $cert['type'] = $type; return true; } diff --git a/etc/inc/config.console.inc b/etc/inc/config.console.inc index 2d15dc2..6c956fb 100644 --- a/etc/inc/config.console.inc +++ b/etc/inc/config.console.inc @@ -191,13 +191,6 @@ EOD; echo <<<EOD -*NOTE* {$g['product_name']} requires {$g['minimum_nic_count_text']} assigned interface(s) to function. - If you do not have {$g['minimum_nic_count_text']} interfaces you CANNOT continue. - - If you do not have at least {$g['minimum_nic_count']} *REAL* network interface card(s) - or one interface with multiple VLANs then {$g['product_name']} - *WILL NOT* function correctly. - If you do not know the names of your interfaces, you may choose to use auto-detection. In that case, disconnect all interfaces now before hitting 'a' to initiate auto detection. @@ -231,12 +224,8 @@ EOD; } if($lanif == "") { - if($g['minimum_nic_count'] < 2) { - break; - } else { - fclose($fp); - return; - } + /* It is OK to have just a WAN, without a LAN so break if the user does not want LAN. */ + break; } if ($lanif === "a") diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 38680f7..79fb652 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2091,14 +2091,14 @@ function filter_generate_port(& $rule, $target = "source", $isnat = false) { function filter_address_add_vips_subnets(&$subnets, $if, $not) { global $FilterIflist; - if (!isset($FilterIflist[$if]['vips']) || !is_array($FilterIflist[$if]['vips'])) - return; - $if_subnets = array($subnets); if ($not == true) $subnets = "!{$subnets}"; + if (!isset($FilterIflist[$if]['vips']) || !is_array($FilterIflist[$if]['vips'])) + return; + foreach ($FilterIflist[$if]['vips'] as $vip) { foreach ($if_subnets as $subnet) if (ip_in_subnet($vip['ip'], $subnet)) @@ -2141,8 +2141,7 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { $opt_ip = $FilterIflist["opt{$optmatch[1]}"]['ipv6']; if(!is_ipaddrv6($opt_ip)) return ""; - $src = $opt_ip . "/" . - $FilterIflist["opt{$optmatch[1]}"]['snv6']; + $src = $opt_ip . "/" . $FilterIflist["opt{$optmatch[1]}"]['snv6']; /* check for opt$NUMip here */ } else if(preg_match("/opt([0-9]*)ip/", $rule[$target]['network'], $matches)) { $src = $FilterIflist["opt{$matches[1]}"]['ipv6']; @@ -2156,8 +2155,7 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { $opt_ip = $FilterIflist["opt{$optmatch[1]}"]['ip']; if(!is_ipaddrv4($opt_ip)) return ""; - $src = $opt_ip . "/" . - $FilterIflist["opt{$optmatch[1]}"]['sn']; + $src = $opt_ip . "/" . $FilterIflist["opt{$optmatch[1]}"]['sn']; /* check for opt$NUMip here */ } else if(preg_match("/opt([0-9]*)ip/", $rule[$target]['network'], $matches)) { $src = $FilterIflist["opt{$matches[1]}"]['ip']; @@ -2262,10 +2260,9 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { (strpos($src, '{') === false)) $src = " !{$src}"; } - if (is_subnet($src)) - filter_address_add_vips_subnets($src, $rule[$target]['network'], - isset($rule[$target]['not'])); } + if (is_subnet($src)) + filter_address_add_vips_subnets($src, $rule[$target]['network'], isset($rule[$target]['not'])); } else if($rule[$target]['address']) { $expsrc = alias_expand($rule[$target]['address']); if(isset($rule[$target]['not'])) @@ -2445,7 +2442,7 @@ function filter_generate_user_rule($rule) { $l7_present = true; $l7rule =& $layer7_rules_list[$rule['l7container']]; $l7_structures = $l7rule->get_unique_structures(); - $aline['divert'] = "divert " . $l7rule->GetRPort() . " "; + $aline['divert'] = "divert-to " . $l7rule->GetRPort() . " "; } if (($rule['protocol'] == "icmp") && $rule['icmptype'] && ($rule['ipprotocol'] == "inet")) $aline['icmp-type'] = "icmp-type {$rule['icmptype']} "; @@ -2684,7 +2681,7 @@ function filter_rules_generate() { $ipfrules .= "anchor \"relayd/*\"\n"; /* OpenVPN user rules from radius */ $ipfrules .= "anchor \"openvpn/*\"\n"; - /* IPSec user rules from radius */ + /* IPsec user rules from radius */ $ipfrules .= "anchor \"ipsec/*\"\n"; # BEGIN OF firewall rules /* default block logging? */ @@ -2706,6 +2703,11 @@ function filter_rules_generate() { $tracker = $saved_tracker; $ipfrules .= <<<EOD +# block IPv4 link-local. Per RFC 3927, link local "MUST NOT" be forwarded by a routing device, +# and clients "MUST NOT" send such packets to a router. FreeBSD won't route 169.254./16, but +# route-to can override that, causing problems such as in redmine #2073 +block in {$log['block']} quick from 169.254.0.0/16 to any +block in {$log['block']} quick from any to 169.254.0.0/16 #--------------------------------------------------------------------------- # default deny rules #--------------------------------------------------------------------------- @@ -3563,7 +3565,7 @@ function filter_process_carp_rules($log) { return $lines; } -/* Generate IPSEC Filter Items */ +/* Generate IPsec Filter Items */ function filter_generate_ipsec_rules($log = array()) { global $config, $g, $FilterIflist, $tracker; diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 4bb1410..de37f8b 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -77,8 +77,6 @@ $g = array( "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", - "minimum_nic_count" => "1", - "minimum_nic_count_text" => "*AT LEAST* 1", "wan_interface_name" => "wan", "nopccard_platforms" => array("wrap", "net48xx"), "xmlrpcbaseurl" => "https://packages.pfsense.org", @@ -104,7 +102,7 @@ if(file_exists("/etc/platform")) { //$arch = ($arch == "i386") ? "" : '/' . $arch; /* Full installs and NanoBSD use the same update directory and manifest in 2.x */ - $g['update_url']="https://snapshots.pfsense.org/FreeBSD_stable/10/{$arch}/pfSense_HEAD/.updaters/"; + $g['update_url']="https://snapshots.pfsense.org/FreeBSD_releng/10.1/{$arch}/pfSense_HEAD/.updaters/"; $g['update_manifest']="https://updates.pfSense.org/manifest"; $g['platform'] = trim(file_get_contents("/etc/platform")); @@ -154,7 +152,8 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024", "net.route.netisr_maxqlen" => 1024, "net.inet.udp.checksum" => 1, "net.bpf.zerocopy_enable" => 1, - "net.inet.icmp.reply_from_interface" => 1 + "net.inet.icmp.reply_from_interface" => 1, + "vfs.forcesync" => "0" ); /* Include override values for the above if needed. If the file doesn't exist, don't try to load it. */ diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index c5121fe..e32bea0 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -822,15 +822,15 @@ function return_gateway_groups_array() { $status = $gateways_status[$gwname]; $gwdown = false; if (stristr($status['status'], "down")) { - $msg = sprintf(gettext("MONITOR: %s is down, removing from routing group {$group['name']}"), $gwname); + $msg = sprintf(gettext("MONITOR: %s is down, omitting from routing group {$group['name']}"), $gwname); $gwdown = true; } else if (stristr($status['status'], "loss") && strstr($group['trigger'], "loss")) { /* packet loss */ - $msg = sprintf(gettext("MONITOR: %s has packet loss, removing from routing group {$group['name']}"), $gwname); + $msg = sprintf(gettext("MONITOR: %s has packet loss, omitting from routing group {$group['name']}"), $gwname); $gwdown = true; } else if (stristr($status['status'], "delay") && strstr($group['trigger'] , "latency")) { /* high latency */ - $msg = sprintf(gettext("MONITOR: %s has high latency, removing from routing group {$group['name']}"), $gwname); + $msg = sprintf(gettext("MONITOR: %s has high latency, omitting from routing group {$group['name']}"), $gwname); $gwdown = true; } if ($gwdown == true) { diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index a51d8be..684babd 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -730,7 +730,7 @@ function interfaces_lagg_configure($realif = "") { echo gettext("done.") . "\n"; } -function interface_lagg_configure(&$lagg) { +function interface_lagg_configure($lagg) { global $config, $g; if (!is_array($lagg)) @@ -747,30 +747,47 @@ function interface_lagg_configure(&$lagg) { } else $laggif = pfSense_interface_create("lagg"); - /* Calculate smaller mtu and enforce it */ - $smallermtu = 0; - foreach ($members as $member) { - $opts = pfSense_get_interface_addresses($member); - $mtu = $opts['mtu']; - if (!isset($opts['caps']['txcsum'])) - $commontx = false; - if (!isset($opts['caps']['rxcsum'])) - $commonrx = false; - if (!isset($opts['caps']['tso4'])) - $commontso4 = false; - if (!isset($opts['caps']['tso6'])) - $commontso6 = false; - if (!isset($opts['caps']['lro'])) - $commonlro = false; - if ($smallermtu == 0 && !empty($mtu)) - $smallermtu = $mtu; - else if (!empty($mtu) && $mtu < $smallermtu) - $smallermtu = $mtu; + /* Check if MTU was defined for this lagg interface */ + $lagg_mtu = 0; + if (is_array($config['interfaces'])) { + foreach ($config['interfaces'] as $ifname => $ifdata) { + if ($ifdata['if'] != $laggif) + continue; + + if (isset($ifdata['mtu']) && !empty($ifdata['mtu'])) { + $lagg_mtu = $ifdata['mtu']; + break; + } + } + } + + if ($lagg_mtu == 0) { + /* Calculate smaller mtu and enforce it */ + $smallermtu = 0; + foreach ($members as $member) { + $opts = pfSense_get_interface_addresses($member); + $mtu = $opts['mtu']; + if (!isset($opts['caps']['txcsum'])) + $commontx = false; + if (!isset($opts['caps']['rxcsum'])) + $commonrx = false; + if (!isset($opts['caps']['tso4'])) + $commontso4 = false; + if (!isset($opts['caps']['tso6'])) + $commontso6 = false; + if (!isset($opts['caps']['lro'])) + $commonlro = false; + if ($smallermtu == 0 && !empty($mtu)) + $smallermtu = $mtu; + else if (!empty($mtu) && $mtu < $smallermtu) + $smallermtu = $mtu; + } + $lagg_mtu = $smallermtu; } /* Just in case anything is not working well */ - if ($smallermtu == 0) - $smallermtu = 1500; + if ($lagg_mtu == 0) + $lagg_mtu = 1500; $flags_on = 0; $flags_off = 0; @@ -801,7 +818,7 @@ function interface_lagg_configure(&$lagg) { if (!array_key_exists($member, $checklist)) continue; /* make sure the parent interface is up */ - pfSense_interface_mtu($member, $smallermtu); + pfSense_interface_mtu($member, $lagg_mtu); pfSense_interface_capabilities($member, -$flags_off); pfSense_interface_capabilities($member, $flags_on); interfaces_bring_up($member); @@ -1925,12 +1942,12 @@ EOD; return 1; } -function interfaces_carp_setup() { +function interfaces_sync_setup() { global $g, $config; if (isset($config['system']['developerspew'])) { $mt = microtime(); - echo "interfaces_carp_setup() being called $mt\n"; + echo "interfaces_sync_setup() being called $mt\n"; } if ($g['booting']) { @@ -1959,7 +1976,7 @@ function interfaces_carp_setup() { unset($carp_sync_int); /* setup pfsync interface */ - if ($carp_sync_int and $pfsyncenabled) { + if (isset($carp_sync_int) and isset($pfsyncenabled)) { if (is_ipaddr($pfsyncpeerip)) $syncpeer = "syncpeer {$pfsyncpeerip}"; else @@ -2112,7 +2129,7 @@ function interfaces_vips_configure($interface = "") { } } if ($carp_setuped == true) - interfaces_carp_setup(); + interfaces_sync_setup(); if ($anyproxyarp == true) interface_proxyarp_configure(); } @@ -2184,19 +2201,17 @@ function interface_carp_configure(&$vip) { } if (is_ipaddrv4($vip['subnet'])) { - /* Ensure CARP IP really exists prior to loading up. */ + /* Ensure a IP on this interface exists prior to configuring CARP. */ $ww_subnet_ip = find_interface_ip($realif); - $ww_subnet_bits = find_interface_subnet($realif); - if (!ip_in_subnet($vip['subnet'], gen_subnet($ww_subnet_ip, $ww_subnet_bits) . "/" . $ww_subnet_bits) && !ip_in_interface_alias_subnet($vip['interface'], $vip['subnet'])) { - file_notice("CARP", sprintf(gettext("Sorry but we could not find a matching real interface subnet for the virtual IP address %s."), $vip['subnet']), "Firewall: Virtual IP", ""); + if (!is_ipaddrv4($ww_subnet_ip)) { + file_notice("CARP", sprintf(gettext("Sorry but we could not find a required assigned ip address on the interface for the virtual IP address %s."), $vip['subnet']), "Firewall: Virtual IP", ""); return; } } else if (is_ipaddrv6($vip['subnet'])) { - /* Ensure CARP IP really exists prior to loading up. */ + /* Ensure a IP on this interface exists prior to configuring CARP. */ $ww_subnet_ip = find_interface_ipv6($realif); - $ww_subnet_bits = find_interface_subnetv6($realif); - if (!ip_in_subnet($vip['subnet'], gen_subnetv6($ww_subnet_ip, $ww_subnet_bits) . "/" . $ww_subnet_bits) && !ip_in_interface_alias_subnet($vip['interface'], $vip['subnet'])) { - file_notice("CARP", sprintf(gettext("Sorry but we could not find a matching real interface subnet for the virtual IPv6 address %s."), $vip['subnet']), "Firewall: Virtual IP", ""); + if (!is_ipaddrv6($ww_subnet_ip)) { + file_notice("CARP", sprintf(gettext("Sorry but we could not find a required assigned ip address on the interface for the virtual IPv6 address %s."), $vip['subnet']), "Firewall: Virtual IP", ""); return; } } @@ -2221,7 +2236,7 @@ function interface_carp_configure(&$vip) { if (is_ipaddrv4($vip['subnet'])) mwexec("/sbin/ifconfig {$realif} " . escapeshellarg($vip['subnet']) . "/" . escapeshellarg($vip['subnet_bits']) . " alias vhid " . escapeshellarg($vip['vhid'])); else if (is_ipaddrv6($vip['subnet'])) - mwexec("/sbin/ifconfig {$realif} inet6 " . escapeshellarg($vip['subnet']) . " prefixlen " . escapeshellarg($vip['subnet_bits']) . " vhid " . escapeshellarg($vip['vhid'])); + mwexec("/sbin/ifconfig {$realif} inet6 " . escapeshellarg($vip['subnet']) . " prefixlen " . escapeshellarg($vip['subnet_bits']) . " alias vhid " . escapeshellarg($vip['vhid'])); return $realif; } @@ -3125,6 +3140,18 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven interface_vlan_adapt_mtu(link_interface_to_vlans($realhwif), $wancfg['mtu']); } else pfSense_interface_mtu($realif, $wancfg['mtu']); + } else if (substr($realif, 0, 4) == 'lagg') { + /* LAGG interface must be destroyed and re-created to change MTU */ + if ($wancfg['mtu'] != get_interface_mtu($realif)) { + if (isset($config['laggs']['lagg']) && is_array($config['laggs']['lagg'])) { + foreach ($config['laggs']['lagg'] as $lagg) { + if ($lagg['laggif'] == $realif) { + interface_lagg_configure($lagg); + break; + } + } + } + } } else { if ($wancfg['mtu'] != get_interface_mtu($realif)) pfSense_interface_mtu($realif, $wancfg['mtu']); @@ -3132,7 +3159,7 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven /* This case is needed when the parent of vlans is being configured */ interface_vlan_adapt_mtu(link_interface_to_vlans($realif), $wancfg['mtu']); } - /* XXX: What about gre/gif/lagg/.. ? */ + /* XXX: What about gre/gif/.. ? */ } if (does_interface_exist($wancfg['if'])) @@ -4493,12 +4520,6 @@ function find_number_of_created_carp_interfaces() { return `/sbin/ifconfig | grep "carp:" | wc -l`; } -function get_all_carp_interfaces() { - $ints = str_replace("\n", " ", `ifconfig | grep "carp:" -B2 | grep ": flag" | cut -d: -f1`); - $ints = explode(" ", $ints); - return $ints; -} - /* * find_carp_interface($ip): return the carp interface where an ip is defined */ diff --git a/etc/inc/ipsec.auth-user.php b/etc/inc/ipsec.auth-user.php index 1171735..8142b99 100755 --- a/etc/inc/ipsec.auth-user.php +++ b/etc/inc/ipsec.auth-user.php @@ -132,7 +132,7 @@ foreach ($authmodes as $authmode) { $user = getUserEntry($username); if (!is_array($user) || !userHasPrivilege($user, "user-ipsec-xauth-dialin")) { $authenticated = false; - syslog(LOG_WARNING, "user '{$username}' cannot authenticate through IPSec since the required privileges are missing.\n"); + syslog(LOG_WARNING, "user '{$username}' cannot authenticate through IPsec since the required privileges are missing.\n"); continue; } } diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 77f948c..c8833c1 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -39,7 +39,7 @@ $ipsec_loglevels = array("dmn" => "Daemon", "mgr" => "SA Manager", "ike" => "IKE "job" => "Job Processing", "cfg" => "Configuration backend", "knl" => "Kernel Interface", "net" => "Networking", "asn" => "ASN encoding", "enc" => "Message encoding", "imc" => "Integrity checker", "imv" => "Integrity Verifier", "pts" => "Platform Trust Service", - "tls" => "TLS handler", "esp" => "IPSec traffic", "lib" => "StrongSWAN Lib"); + "tls" => "TLS handler", "esp" => "IPsec traffic", "lib" => "StrongSWAN Lib"); $my_identifier_list = array( 'myaddress' => array( 'desc' => gettext('My IP address'), 'mobile' => true ), @@ -463,7 +463,7 @@ function ipsec_smp_dump_status() { global $config, $g, $custom_listtags; if (!file_exists("{$g['varrun_path']}/charon.xml")) { - log_error("IPSec daemon seems to have issues or not running!"); + log_error("IPsec daemon seems to have issues or not running!"); return; } @@ -607,7 +607,7 @@ function ipsec_dump_mobile() { $_gb = exec("/usr/local/sbin/ipsec stroke leases > {$g['tmp_path']}/strongswan_leases.xml"); if (!file_exists("{$g['tmp_path']}/strongswan_leases.xml")) { - log_error(gettext("IPSec daemon seems to have issues or not running! Could not display mobile user stats!")); + log_error(gettext("IPsec daemon seems to have issues or not running! Could not display mobile user stats!")); return array(); } diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 3892ba6..acca2df 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -2510,6 +2510,7 @@ function load_mac_manufacturer_table() { * is_ipaddr_configured * INPUTS * IP Address to check. + * If ignore_if is a VIP (not carp), vip array index is passed after string _virtualip * RESULT * returns true if the IP Address is * configured and present on this device. @@ -2517,6 +2518,15 @@ function load_mac_manufacturer_table() { function is_ipaddr_configured($ipaddr, $ignore_if = "", $check_localip = false, $check_subnets = false) { global $config; + $pos = strpos($ignore_if, '_virtualip'); + if ($pos !== false) { + $ignore_vip_id = substr($ignore_if, $pos+10); + $ignore_vip_if = substr($ignore_if, 0, $pos); + } else { + $ignore_vip_id = -1; + $ignore_vip_if = $ignore_if; + } + $isipv6 = is_ipaddrv6($ipaddr); if ($check_subnets) { @@ -2543,8 +2553,7 @@ function is_ipaddr_configured($ipaddr, $ignore_if = "", $check_localip = false, $interface_list_ips = get_configured_ip_addresses(); foreach($interface_list_ips as $if => $ilips) { - /* Also ignore CARP interfaces, it'll be checked below */ - if ($ignore_if == $if || strstr($ignore_if, "_vip")) + if ($ignore_if == $if) continue; if (strcasecmp($ipaddr, $ilips) == 0) return true; @@ -2553,7 +2562,8 @@ function is_ipaddr_configured($ipaddr, $ignore_if = "", $check_localip = false, $interface_list_vips = get_configured_vips_list(true); foreach ($interface_list_vips as $id => $vip) { - if ($ignore_if == $vip['if']) + /* Skip CARP interfaces here since they were already checked above */ + if ($id == $ignore_vip_id || (strstr($ignore_if, '_vip') && $ignore_vip_if == $vip['if'])) continue; if (strcasecmp($ipaddr, $vip['ipaddr']) == 0) return true; diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 2f2fc83..2c41ab6 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -358,10 +358,14 @@ function services_dhcpdv4_configure() { return 0; /* if OLSRD is enabled, allow WAN to house DHCP. */ - if($config['installedpackages']['olsrd']) + if (!function_exists('is_package_installed')) + require_once('pkg-utils.inc'); + if (is_package_installed('olsrd') && isset($config['installedpackages']['olsrd'])) foreach($config['installedpackages']['olsrd']['config'] as $olsrd) - if($olsrd['enable']) - $is_olsr_enabled = true; + if (isset($olsrd['enable']) && $olsrd['enable'] == "on") { + $is_olsr_enabled = true; + break; + } if ($g['booting']) { /* restore the leases, if we have them */ @@ -612,6 +616,10 @@ EOPP; $dhcpdconf .= " option domain-name-servers {$poolconf['dnsserver'][0]}"; if($poolconf['dnsserver'][1] <> "") $dhcpdconf .= ",{$poolconf['dnsserver'][1]}"; + if($poolconf['dnsserver'][2] <> "") + $dhcpdconf .= ",{$poolconf['dnsserver'][2]}"; + if($poolconf['dnsserver'][3] <> "") + $dhcpdconf .= ",{$poolconf['dnsserver'][3]}"; $dhcpdconf .= ";\n"; } diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index fddff92..cd52390 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -3044,7 +3044,8 @@ class dnpipe_class extends dummynet_class { $schedule = 0; $schedulenone = 0; $entries = 0; - for ($i = 0; $i < 30; $i++) { + /* XXX: Really no better way? */ + for ($i = 0; $i < 2900; $i++) { if (!empty($data["bwsched{$i}"])) { if ($data["bwsched{$i}"] != "none") $schedule++; @@ -3082,7 +3083,8 @@ class dnpipe_class extends dummynet_class { if (!empty($_POST)) { $bandwidth = array(); - for ($i = 0; $i < 30; $i++) { + /* XXX: Really no better way? */ + for ($i = 0; $i < 2900; $i++) { if (isset($q["bandwidth{$i}"]) && $q["bandwidth{$i}"] <> "") { $bw = array(); $bw['bw'] = $q["bandwidth{$i}"]; diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 9bb32ee..eb5de40 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -57,7 +57,11 @@ function activate_powerd() { if (!empty($config['system']['powerd_battery_mode'])) $battery_mode = $config['system']['powerd_battery_mode']; - mwexec("/usr/sbin/powerd -b $battery_mode -a $ac_mode"); + $normal_mode = "hadp"; + if (!empty($config['system']['powerd_normal_mode'])) + $normal_mode = $config['system']['powerd_normal_mode']; + + mwexec("/usr/sbin/powerd -b $battery_mode -a $ac_mode -n $normal_mode"); } } @@ -105,10 +109,6 @@ function system_resolvconf_generate($dynupdate = false) { $syscfg = $config['system']; - // Do not create blank domain lines, it breaks tools like dig. - if($syscfg['domain']) - $resolvconf = "domain {$syscfg['domain']}\n"; - if (((isset($config['dnsmasq']['enable']) && (empty($config['dnsmasq']['interface']) || in_array("lo0", explode(",", $config['dnsmasq']['interface'])))) || (isset($config['unbound']['enable'])) && (empty($config['unbound']['active_interface']) || in_array("lo0", explode(",", $config['unbound']['active_interface'])))) && !isset($config['system']['dnslocalhost'])) @@ -126,6 +126,10 @@ function system_resolvconf_generate($dynupdate = false) { if($nameserver) $resolvconf .= "nameserver $nameserver\n"; } + } else { + // Do not create blank search/domain lines, it can break tools like dig. + if($syscfg['domain']) + $resolvconf = "search {$syscfg['domain']}\n"; } if (is_array($syscfg['dnsserver'])) { foreach ($syscfg['dnsserver'] as $ns) { @@ -540,7 +544,7 @@ function system_staticroutes_configure($interface = "", $update_dns = false) { } if (isset($rtent['disabled'])) { - /* XXX: This is a bit dangerous in case of routing daemons!? */ + /* XXX: This can break things by deleting routes that shouldn't be deleted - OpenVPN, dynamic routing scenarios, etc. redmine #3709 */ foreach ($ips as $ip) mwexec("/sbin/route delete " . escapeshellarg($ip), true); continue; @@ -826,6 +830,44 @@ EOD; return $retval; } +function system_webgui_create_certificate() { + global $config, $g; + + if (!is_array($config['ca'])) + $config['ca'] = array(); + $a_ca =& $config['ca']; + if (!is_array($config['cert'])) + $config['cert'] = array(); + $a_cert =& $config['cert']; + log_error("Creating SSL Certificate for this host"); + + $cert = array(); + $cert['refid'] = uniqid(); + $cert['descr'] = gettext("webConfigurator default ({$cert['refid']})"); + + $dn = array( + 'countryName' => "US", + 'stateOrProvinceName' => "State", + 'localityName' => "Locality", + 'organizationName' => "{$g['product_name']} webConfigurator Self-Signed Certificate", + 'emailAddress' => "admin@{$config['system']['hostname']}.{$config['system']['domain']}", + 'commonName' => "{$config['system']['hostname']}-{$cert['refid']}"); + $old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */ + if (!cert_create($cert, null, 2048, 2000, $dn, "self-signed", "sha256")){ + while($ssl_err = openssl_error_string()){ + log_error("Error creating WebGUI Certificate: openssl library returns: " . $ssl_err); + } + error_reporting($old_err_level); + return null; + } + error_reporting($old_err_level); + + $a_cert[] = $cert; + $config['system']['webgui']['ssl-certref'] = $cert['refid']; + write_config(gettext("Generated new self-signed HTTPS certificate ({$cert['refid']})")); + return $cert; +} + function system_webgui_start() { global $config, $g; @@ -847,37 +889,14 @@ function system_webgui_start() { if ($config['system']['webgui']['protocol'] == "https") { // Ensure that we have a webConfigurator CERT $cert =& lookup_cert($config['system']['webgui']['ssl-certref']); - if(!is_array($cert) && !$cert['crt'] && !$cert['prv']) { - if (!is_array($config['ca'])) - $config['ca'] = array(); - $a_ca =& $config['ca']; - if (!is_array($config['cert'])) - $config['cert'] = array(); - $a_cert =& $config['cert']; - log_error("Creating SSL Certificate for this host"); - $cert = array(); - $cert['refid'] = uniqid(); - $cert['descr'] = gettext("webConfigurator default"); - mwexec("/usr/bin/openssl genrsa 1024 > {$g['tmp_path']}/ssl.key"); - mwexec("/usr/bin/openssl req -new -x509 -nodes -sha256 -days 2000 -key {$g['tmp_path']}/ssl.key > {$g['tmp_path']}/ssl.crt"); - $crt = file_get_contents("{$g['tmp_path']}/ssl.crt"); - $key = file_get_contents("{$g['tmp_path']}/ssl.key"); - unlink("{$g['tmp_path']}/ssl.key"); - unlink("{$g['tmp_path']}/ssl.crt"); - cert_import($cert, $crt, $key); - $a_cert[] = $cert; - $config['system']['webgui']['ssl-certref'] = $cert['refid']; - write_config(gettext("Importing HTTPS certificate")); - if(!$config['system']['webgui']['port']) - $portarg = "443"; - $ca = ca_chain($cert); - } else { - $crt = base64_decode($cert['crt']); - $key = base64_decode($cert['prv']); - if(!$config['system']['webgui']['port']) - $portarg = "443"; - $ca = ca_chain($cert); - } + if(!is_array($cert) || !$cert['crt'] || !$cert['prv']) + $cert = system_webgui_create_certificate(); + $crt = base64_decode($cert['crt']); + $key = base64_decode($cert['prv']); + + if(!$config['system']['webgui']['port']) + $portarg = "443"; + $ca = ca_chain($cert); } /* generate lighttpd configuration */ @@ -1224,6 +1243,7 @@ EOD; // Harden SSL a bit for PCI conformance testing $lighty_config .= "ssl.use-sslv2 = \"disable\"\n"; + $lighty_config .= "ssl.use-sslv3 = \"disable\"\n"; /* Hifn accelerators do NOT work with the BEAST mitigation code. Do not allow it to be enabled if a Hifn card has been detected. */ $fd = @fopen("{$g['varlog_path']}/dmesg.boot", "r"); diff --git a/etc/inc/util.inc b/etc/inc/util.inc index bf77e95..683061c 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -384,8 +384,8 @@ function ip2ulong($ip) { /* Find out how many IPs are contained within a given IP range * e.g. 192.168.0.0 to 192.168.0.255 returns 256 */ -function ip_range_size($startip, $endip) { - if (is_ipaddr($startip) && is_ipaddr($endip)) { +function ip_range_size_v4($startip, $endip) { + if (is_ipaddrv4($startip) && is_ipaddrv4($endip)) { // Operate as unsigned long because otherwise it wouldn't work // when crossing over from 127.255.255.255 / 128.0.0.0 barrier return abs(ip2ulong($startip) - ip2ulong($endip)) + 1; @@ -396,7 +396,7 @@ function ip_range_size($startip, $endip) { /* Find the smallest possible subnet mask which can contain a given number of IPs * e.g. 512 IPs can fit in a /23, but 513 IPs need a /22 */ -function find_smallest_cidr($number) { +function find_smallest_cidr_v4($number) { $smallest = 1; for ($b=32; $b > 0; $b--) { $smallest = ($number <= pow(2,$b)) ? $b : $smallest; @@ -428,17 +428,52 @@ function ip_greater_than($ip1, $ip2) { return ip2ulong($ip1) > ip2ulong($ip2); } -/* Convert a range of IPs to an array of subnets which can contain the range. */ +/* Convert a range of IPv4 addresses to an array of individual addresses. */ +/* Note: IPv6 ranges are not yet supported here. */ +function ip_range_to_address_array($startip, $endip, $max_size = 5000) { + if (!is_ipaddrv4($startip) || !is_ipaddrv4($endip)) { + return false; + } + + if (ip_greater_than($startip, $endip)) { + // Swap start and end so we can process sensibly. + $temp = $startip; + $startip = $endip; + $endip = $temp; + } + + if (ip_range_size_v4($startip, $endip) > $max_size) + return false; + + // Container for IP addresses within this range. + $rangeaddresses = array(); + $end_int = ip2ulong($endip); + for ($ip_int = ip2ulong($startip); $ip_int <= $end_int; $ip_int++) { + $rangeaddresses[] = long2ip($ip_int); + } + + return $rangeaddresses; +} + +/* Convert a range of IPv4 addresses to an array of subnets which can contain the range. */ +/* Note: IPv6 ranges are not yet supported here. */ function ip_range_to_subnet_array($startip, $endip) { - if (!is_ipaddr($startip) || !is_ipaddr($endip)) { + if (!is_ipaddrv4($startip) || !is_ipaddrv4($endip)) { return array(); } + if (ip_greater_than($startip, $endip)) { + // Swap start and end so we can process sensibly. + $temp = $startip; + $startip = $endip; + $endip = $temp; + } + // Container for subnets within this range. $rangesubnets = array(); // Figure out what the smallest subnet is that holds the number of IPs in the given range. - $cidr = find_smallest_cidr(ip_range_size($startip, $endip)); + $cidr = find_smallest_cidr_v4(ip_range_size_v4($startip, $endip)); // Loop here to reduce subnet size and retest as needed. We need to make sure // that the target subnet is wholly contained between $startip and $endip. @@ -473,7 +508,7 @@ function ip_range_to_subnet_array($startip, $endip) { } } - // Some logic that will recursivly search from $startip to the first IP before the start of the subnet we just found. + // Some logic that will recursively search from $startip to the first IP before the start of the subnet we just found. // NOTE: This may never be hit, the way the above algo turned out, but is left for completeness. if ($startip != $targetsub_min) { $rangesubnets = array_merge($rangesubnets, ip_range_to_subnet_array($startip, ip_before($targetsub_min))); @@ -489,12 +524,19 @@ function ip_range_to_subnet_array($startip, $endip) { return $rangesubnets; } +/* returns true if $range is a valid pair of IPv4 or IPv6 addresses separated by a "-" + false - if not a valid pair + true (numeric 4 or 6) - if valid, gives type of addresses */ function is_iprange($range) { if (substr_count($range, '-') != 1) { return false; } list($ip1, $ip2) = explode ('-', $range); - return (is_ipaddr($ip1) && is_ipaddr($ip2)); + if (is_ipaddrv4($ip1) && is_ipaddrv4($ip2)) + return 4; + if (is_ipaddrv6($ip1) && is_ipaddrv6($ip2)) + return 6; + return false; } /* returns true if $ipaddr is a valid dotted IPv4 address or a IPv6 */ @@ -644,7 +686,7 @@ function is_domain($domain) { if (!is_string($domain)) return false; - if (preg_match('/^(?:(?:[a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*(?:[a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])$/i', $domain)) + if (preg_match('/^(?:(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\-]*[a-z_0-9])\.)*(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\-]*[a-z_0-9\.])$/i', $domain)) return true; else return false; @@ -1710,9 +1752,7 @@ function is_interface_mismatch() { } } - if ($g['minimum_nic_count'] > $i) { - $do_assign = true; - } else if (file_exists("{$g['tmp_path']}/assign_complete")) + if (file_exists("{$g['tmp_path']}/assign_complete")) $do_assign = false; if (!empty($missing_interfaces) && $do_assign) diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index e92f308..8344a20 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -290,6 +290,8 @@ charon { # XXX: There is not much choice here really users win their security! i_dont_care_about_security_and_use_aggressive_mode_psk=yes + cisco_unity = yes + # And two loggers using syslog. The subsections define the facility to log # to, currently one of: daemon, auth. syslog { @@ -308,9 +310,6 @@ charon { EOD; - if (is_array($a_client) && isset($a_client['enable']) && isset($a_client['net_list'])) - $strongswan .= "\tcisco_unity = yes\n"; - $strongswan .= "\tplugins {\n"; if (is_array($a_client) && isset($a_client['enable'])) { diff --git a/etc/inc/zeromq.inc b/etc/inc/zeromq.inc index db40ce9..65589d0 100644 --- a/etc/inc/zeromq.inc +++ b/etc/inc/zeromq.inc @@ -273,7 +273,7 @@ function interfaces_carp_configure_zeromq($raw_params) { $params = $raw_params; if(zeromq_auth($raw_params) == false) return ZEROMQ_AUTH_FAIL; - interfaces_carp_setup(); + interfaces_sync_setup(); interfaces_vips_configure(); return ZEROMQ_FASLE; } diff --git a/etc/phpshellsessions/enablecarp b/etc/phpshellsessions/enablecarp index d486c04..b1c4a43 100644 --- a/etc/phpshellsessions/enablecarp +++ b/etc/phpshellsessions/enablecarp @@ -14,5 +14,5 @@ if(is_array($config['virtualip']['vip'])) { } } } -interfaces_carp_setup(); +interfaces_sync_setup(); set_single_sysctl("net.inet.carp.allow", "1"); diff --git a/etc/phpshellsessions/generateguicert b/etc/phpshellsessions/generateguicert new file mode 100644 index 0000000..925ab60 --- /dev/null +++ b/etc/phpshellsessions/generateguicert @@ -0,0 +1,8 @@ +require_once("system.inc"); + +echo gettext("Generating a new self-signed SSL certificate for the GUI..."); +$cert = system_webgui_create_certificate(); +echo gettext("Done.\n"); +echo gettext("Restarting webConfigurator..."); +send_event("service restart webgui"); +echo gettext("Done.\n");
\ No newline at end of file diff --git a/etc/rc.bootup b/etc/rc.bootup index 69eb486..1b150e3 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -265,6 +265,7 @@ echo "done.\n"; if(!$debugging) mute_kernel_msgs(); interfaces_configure(); +interfaces_sync_setup(); if(!$debugging) unmute_kernel_msgs(); diff --git a/etc/rc.initial b/etc/rc.initial index 2277280..6a666fb 100755 --- a/etc/rc.initial +++ b/etc/rc.initial @@ -81,16 +81,16 @@ fi # display a cheap menu echo "" -echo "" -echo " 0) Logout (SSH only) 8) Shell" -echo " 1) Assign Interfaces 9) pfTop" -echo " 2) Set interface(s) IP address 10) Filter Logs" -echo " 3) Reset webConfigurator password 11) Restart webConfigurator" -echo " 4) Reset to factory defaults 12) ${product} Developer Shell" -echo " 5) Reboot system 13) Upgrade from console" -echo " 6) Halt system ${sshd_option}" -echo " 7) Ping host 15) Restore recent configuration" -echo " ${option98}" +echo " 0) Logout (SSH only) 9) pfTop" +echo " 1) Assign Interfaces 10) Filter Logs" +echo " 2) Set interface(s) IP address 11) Restart webConfigurator" +echo " 3) Reset webConfigurator password 12) ${product} Developer Shell" +echo " 4) Reset to factory defaults 13) Upgrade from console" +echo " 5) Reboot system ${sshd_option}" +echo " 6) Halt system 15) Restore recent configuration" +echo " 7) Ping host 16) Restart PHP-FPM" +echo " 8) Shell" +echo " ${option98} " if [ "${option99}" != "" ]; then /bin/echo "${option99}" @@ -151,7 +151,7 @@ case ${opmode} in /etc/rc.restore_config_backup ;; 16) - /etc/rc.banner + /etc/rc.php-fpm_restart ;; 98) if [ ! -f /tmp/config_moved ]; then diff --git a/etc/rc.initial.firmware_update b/etc/rc.initial.firmware_update index 1deff88..4ae9adb 100755 --- a/etc/rc.initial.firmware_update +++ b/etc/rc.initial.firmware_update @@ -87,7 +87,14 @@ switch ($command) { } else { echo "\n\nWARNING.\n"; echo "\nCould not locate a sha256 file. We cannot verify the download once completed.\n\n"; - sleep(15); + echo "Do you still want to proceed with the upgrade [n]? "; + $answer = strtoupper(chop(fgets($fp))); + if ($answer == "Y" or $answer == "YES") { + echo "\nContinuing upgrade..."; + } else { + echo "\nUpgrade cancelled.\n\n"; + die; + } } if(file_exists("/root/firmware.tgz.sha256")) { $source_sha256 = trim(`cat /root/firmware.tgz.sha256 | awk '{ print \$4 }'`,"\r"); diff --git a/etc/rc.php-fpm_restart b/etc/rc.php-fpm_restart new file mode 100755 index 0000000..422b951 --- /dev/null +++ b/etc/rc.php-fpm_restart @@ -0,0 +1,11 @@ +#!/bin/sh + +/bin/pkill -F /var/run/php-fpm.pid +sleep 2 + +# Run the php.ini setup file and populate +# /usr/local/etc/php.ini and /usr/local/lib/php.ini +/etc/rc.php_ini_setup 2>/tmp/php_errors.txt +echo ">>> Restarting php-fpm" | /usr/bin/logger -p daemon.info -i -t rc.php-fpm_restart +/usr/local/sbin/php-fpm -c /usr/local/lib/php.ini -y /usr/local/lib/php-fpm.conf -RD 2>&1 >/dev/null + diff --git a/etc/rc.update_bogons.sh b/etc/rc.update_bogons.sh index d0aac9b..178d60e 100755 --- a/etc/rc.update_bogons.sh +++ b/etc/rc.update_bogons.sh @@ -84,6 +84,14 @@ if [ "$proc_error" != "" ]; then exit fi +HTTP_PROXY=`/usr/local/bin/xmllint --xpath 'string(//pfsense/system/proxyurl)' /conf/config.xml` +if [ "${HTTP_PROXY}" != "" ]; then + HTTP_PROXY_PORT=`/usr/local/bin/xmllint --xpath 'string(//pfsense/system/proxyport)' /conf/config.xml` + if [ "${HTTP_PROXY_PORT}" != "" ]; then + HTTP_PROXY="${HTTP_PROXY}:${HTTP_PROXY_PORT}" + fi + export HTTP_PROXY +fi BOGON_V4_CKSUM=`/usr/bin/fetch -T 30 -q -o - "${v4urlcksum}" | awk '{ print $4 }'` ON_DISK_V4_CKSUM=`md5 /tmp/bogons | awk '{ print $4 }'` BOGON_V6_CKSUM=`/usr/bin/fetch -T 30 -q -o - "${v6urlcksum}" | awk '{ print $4 }'` diff --git a/etc/skel/dot.tcshrc b/etc/skel/dot.tcshrc index cd20f2d..e03cc94 100644 --- a/etc/skel/dot.tcshrc +++ b/etc/skel/dot.tcshrc @@ -1,4 +1,4 @@ -set prompt="%{\033[0;1;33m%}[%{\033[0;1;37m%}`cat /etc/version`%{\033[0;1;33m%}]%{\033[0;1;33m%}%B[%{\033[0;1;37m%}%n%{\033[0;1;31m%}@%{\033[0;1;37m%}%M%{\033[0;1;33m%}]%{\033[0;1;32m%}%b%/%{\033[0;1;33m%}(%{\033[0;1;37m%}%h%{\033[0;1;33m%})%{\033[0;1;36m%}%{\033[0;1;31m%}:%{\033[0;0;0m%} " +set prompt="%{\033[0;1;33m%}[%{\033[0;1;37m%}`cat /etc/version`%{\033[0;1;33m%}]%{\033[0;1;33m%}%B[%{\033[0;1;37m%}%n%{\033[0;1;31m%}@%{\033[0;1;37m%}%M%{\033[0;1;33m%}]%{\033[0;1;32m%}%b%/%{\033[0;1;33m%}%{\033[0;1;36m%}%{\033[0;1;31m%}:%{\033[0;0;0m%} " set autologout="0" set autolist set color set colorcat setenv CLICOLOR "true" diff --git a/root/.tcshrc b/root/.tcshrc index cd20f2d..e03cc94 100644 --- a/root/.tcshrc +++ b/root/.tcshrc @@ -1,4 +1,4 @@ -set prompt="%{\033[0;1;33m%}[%{\033[0;1;37m%}`cat /etc/version`%{\033[0;1;33m%}]%{\033[0;1;33m%}%B[%{\033[0;1;37m%}%n%{\033[0;1;31m%}@%{\033[0;1;37m%}%M%{\033[0;1;33m%}]%{\033[0;1;32m%}%b%/%{\033[0;1;33m%}(%{\033[0;1;37m%}%h%{\033[0;1;33m%})%{\033[0;1;36m%}%{\033[0;1;31m%}:%{\033[0;0;0m%} " +set prompt="%{\033[0;1;33m%}[%{\033[0;1;37m%}`cat /etc/version`%{\033[0;1;33m%}]%{\033[0;1;33m%}%B[%{\033[0;1;37m%}%n%{\033[0;1;31m%}@%{\033[0;1;37m%}%M%{\033[0;1;33m%}]%{\033[0;1;32m%}%b%/%{\033[0;1;33m%}%{\033[0;1;36m%}%{\033[0;1;31m%}:%{\033[0;0;0m%} " set autologout="0" set autolist set color set colorcat setenv CLICOLOR "true" diff --git a/usr/local/bin/ping_hosts.sh b/usr/local/bin/ping_hosts.sh index 7126c99..d584dd1 100755 --- a/usr/local/bin/ping_hosts.sh +++ b/usr/local/bin/ping_hosts.sh @@ -40,7 +40,7 @@ if [ -f /var/db/pkgpinghosts ]; then PKGHOSTS="/var/db/pkgpinghosts" fi -cat $PKGHOSTS $HOSTS $IPSECHOSTS >/tmp/tmpHOSTS +cat $PKGHOSTS $HOSTS $CURRENTIPSECHOSTS >/tmp/tmpHOSTS if [ ! -d /var/db/pingstatus ]; then /bin/mkdir -p /var/db/pingstatus diff --git a/usr/local/share/locale/en/LC_MESSAGES/pfSense.pot b/usr/local/share/locale/en/LC_MESSAGES/pfSense.pot index 6c078b4..c955c64 100644 --- a/usr/local/share/locale/en/LC_MESSAGES/pfSense.pot +++ b/usr/local/share/locale/en/LC_MESSAGES/pfSense.pot @@ -4053,17 +4053,17 @@ msgstr "" #: etc/inc/gwlb.inc:501 etc/inc/gwlb.inc:727 etc/inc/gwlb.inc:750 #, php-format -msgid "MONITOR: %s is down, removing from routing group" +msgid "MONITOR: %s is down, omitting from routing group" msgstr "" #: etc/inc/gwlb.inc:505 etc/inc/gwlb.inc:731 etc/inc/gwlb.inc:754 #, php-format -msgid "MONITOR: %s has packet loss, removing from routing group" +msgid "MONITOR: %s has packet loss, omitting from routing group" msgstr "" #: etc/inc/gwlb.inc:509 etc/inc/gwlb.inc:735 etc/inc/gwlb.inc:758 #, php-format -msgid "MONITOR: %s has high latency, removing from routing group" +msgid "MONITOR: %s has high latency, omitting from routing group" msgstr "" #: etc/inc/gwlb.inc:526 etc/inc/gwlb.inc:752 etc/inc/gwlb.inc:775 @@ -15735,8 +15735,7 @@ msgstr "" #: usr/local/www/firewall_aliases_edit.php:139 #: usr/local/www/firewall_aliases_edit.php:139 msgid "" -"The alias name must be less than 32 characters long and may only consist of " -"the characters" +"The alias name must be less than 32 characters long, may not consist of only numbers, and may only contain the following characters " msgstr "" #: usr/local/www/firewall_aliases_edit.php:187 diff --git a/usr/local/share/locale/ja/LC_MESSAGES/pfSense.po b/usr/local/share/locale/ja/LC_MESSAGES/pfSense.po index 2160422..62ce250 100644 --- a/usr/local/share/locale/ja/LC_MESSAGES/pfSense.po +++ b/usr/local/share/locale/ja/LC_MESSAGES/pfSense.po @@ -4063,17 +4063,17 @@ msgstr "「モニターã¯%1$sã®ã‚¹ã‚¿ãƒ†ã‚£ãƒƒã‚¯ãƒ«ãƒ¼ãƒˆã®å–り外ã—ã¨%2 #: etc/inc/gwlb.inc:501 etc/inc/gwlb.inc:727 etc/inc/gwlb.inc:750 #, php-format -msgid "MONITOR: %s is down, removing from routing group" +msgid "MONITOR: %s is down, omitting from routing group" msgstr "モニタ: %s ã€ã‚°ãƒ«ãƒ¼ãƒ—をルーティングã‹ã‚‰å–り出ã—ã€ãƒ€ã‚¦ãƒ³ã—ã¦ã„ã‚‹" #: etc/inc/gwlb.inc:505 etc/inc/gwlb.inc:731 etc/inc/gwlb.inc:754 #, php-format -msgid "MONITOR: %s has packet loss, removing from routing group" +msgid "MONITOR: %s has packet loss, omitting from routing group" msgstr "MONITOR : %sã¯ã€ãƒ«ãƒ¼ãƒ†ã‚£ãƒ³ã‚°ã‚°ãƒ«ãƒ¼ãƒ—ã‹ã‚‰é™¤åŽ»ã—ã€ãƒ‘ケットæ失を有ã™ã‚‹" #: etc/inc/gwlb.inc:509 etc/inc/gwlb.inc:735 etc/inc/gwlb.inc:758 #, php-format -msgid "MONITOR: %s has high latency, removing from routing group" +msgid "MONITOR: %s has high latency, omitting from routing group" msgstr "モニタ: %s ã€ã‚°ãƒ«ãƒ¼ãƒ—をルーティングã‹ã‚‰å–り出ã—ã€å¤§ããªé…延ãŒã‚ã‚‹" #: etc/inc/gwlb.inc:526 etc/inc/gwlb.inc:752 etc/inc/gwlb.inc:775 @@ -4497,7 +4497,7 @@ msgstr "ページ:'ã¯ã‚‚ã¯ã‚„å«ã¾ã‚Œã¦éš ã•ã‚ŒãŸ'ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’è #: etc/inc/priv.defs.inc:166 etc/inc/priv.defs.inc:148 #: etc/inc/priv.defs.inc:166 msgid "WebCfg - Status: System logs: IPsec VPN page" -msgstr "WebCfg - ステータス:システムãƒã‚°ï¼š IPSec VPNã®ãƒšãƒ¼ã‚¸" +msgstr "WebCfg - ステータス:システムãƒã‚°ï¼š IPsec VPNã®ãƒšãƒ¼ã‚¸" #: etc/inc/priv.defs.inc:125 etc/inc/priv.defs.inc:143 #: etc/inc/priv.defs.inc:161 etc/inc/priv.defs.inc:149 @@ -6378,7 +6378,7 @@ msgstr "WebCfg - VPN : IPsecã®ãƒšãƒ¼ã‚¸" #: etc/inc/priv.defs.inc:1153 etc/inc/priv.defs.inc:1161 #: etc/inc/priv.defs.inc:1161 msgid "Allow access to the 'VPN: IPsec' page." -msgstr "ページ:'ã®IPSec VPN ã€ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’許å¯ã—ã¾ã™ã€‚" +msgstr "ページ:'ã®IPsec VPN ã€ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’許å¯ã—ã¾ã™ã€‚" #: etc/inc/priv.defs.inc:1134 etc/inc/priv.defs.inc:1152 #: etc/inc/priv.defs.inc:1158 etc/inc/priv.defs.inc:1166 @@ -12076,7 +12076,7 @@ msgstr "TCPフラグ" #: etc/inc/service-utils.inc:336 usr/local/www/diag_logs_ipsec.php:91 #: etc/inc/service-utils.inc:336 msgid "IPsec VPN" -msgstr "IPSec VPNã®" +msgstr "IPsec VPNã®" #: usr/local/www/diag_logs_ipsec.php:123 usr/local/www/diag_logs_ipsec.php:122 #: usr/local/www/diag_logs_ipsec.php:123 @@ -15745,8 +15745,7 @@ msgstr "エイリアスåã«ä½¿ç”¨ã™ã‚‹äºˆç´„語。" #: usr/local/www/firewall_aliases_edit.php:139 #: usr/local/www/firewall_aliases_edit.php:139 msgid "" -"The alias name must be less than 32 characters long and may only consist of " -"the characters" +"The alias name must be less than 32 characters long, may not consist of only numbers, and may only contain the following characters " msgstr "「エイリアスåã¯ã€é•·ã„32æ–‡å—未満ã§ãªã‘ã‚Œã°ãªã‚‰ãšã€å”¯ä¸€ã§æ§‹æˆã™ã‚‹ã“ã¨ãŒã§ãã‚‹ã€ã®æ–‡å—" #: usr/local/www/firewall_aliases_edit.php:187 @@ -36875,7 +36874,7 @@ msgid "" "cryptographic acceleration card, as this will take precedence and the Hifn " "card will not be used. Acceleration should be automatic for IPsec when using " "Rijndael (AES). OpenVPN should be set for AES-128-CBC." -msgstr "ãƒãƒƒãƒ—ã‚’æŒã¤ã‚·ã‚¹ãƒ†ãƒ ã§ã¯ã€ŒAMDã®Geode LXã‚»ã‚ュリティブãƒãƒƒã‚¯ã¯ã€ã„ãã¤ã‹ã®æš—å·æ©Ÿèƒ½ã‚’åŠ é€Ÿã—ã¦ã„ãã¾ã™ã€ 。ã‚ãªãŸã¯Hifnã®ã‚ã‚‹å ´åˆã¯ã€ã€Œæš—å·åŒ–アクセラレータカードをã€ã“ã‚ŒãŒå„ªå…ˆã•ã‚Œã¾ã™ã—〠Hifnã®ã‚ˆã†ã«ã€ 「カードãŒä½¿ç”¨ã•ã‚Œãªã„å ´åˆã¯ã€ã“ã®ã‚ªãƒ—ションを有効ã«ã—ãªã„ã§ãã ã•ã„。 「ラインダール( AES)を使用ã—ãŸå ´åˆã€åŠ 速ãŒIPSecã®è‡ªå‹•ã«ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚ OpenVPNã®ã¯ã€AES - 128 -CBCã®ãŸã‚ã«è¨å®šã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚" +msgstr "ãƒãƒƒãƒ—ã‚’æŒã¤ã‚·ã‚¹ãƒ†ãƒ ã§ã¯ã€ŒAMDã®Geode LXã‚»ã‚ュリティブãƒãƒƒã‚¯ã¯ã€ã„ãã¤ã‹ã®æš—å·æ©Ÿèƒ½ã‚’åŠ é€Ÿã—ã¦ã„ãã¾ã™ã€ 。ã‚ãªãŸã¯Hifnã®ã‚ã‚‹å ´åˆã¯ã€ã€Œæš—å·åŒ–アクセラレータカードをã€ã“ã‚ŒãŒå„ªå…ˆã•ã‚Œã¾ã™ã—〠Hifnã®ã‚ˆã†ã«ã€ 「カードãŒä½¿ç”¨ã•ã‚Œãªã„å ´åˆã¯ã€ã“ã®ã‚ªãƒ—ションを有効ã«ã—ãªã„ã§ãã ã•ã„。 「ラインダール( AES)を使用ã—ãŸå ´åˆã€åŠ 速ãŒIPsecã®è‡ªå‹•ã«ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚ OpenVPNã®ã¯ã€AES - 128 -CBCã®ãŸã‚ã«è¨å®šã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚" #: usr/local/www/system_advanced_misc.php:332 #: usr/local/www/system_advanced_misc.php:375 @@ -36988,7 +36987,7 @@ msgstr "MSSã¯ã€VPNトラフィックã«ã‚¯ãƒ©ãƒ³ãƒ—å¯èƒ½ã«ã™ã‚‹" msgid "" "Enable MSS clamping on TCP flows over VPN. This helps overcome problems with " "PMTUD on IPsec VPN links. If left blank, the default value is 1400 bytes. " -msgstr "IPSec VPNã®ãƒªãƒ³ã‚¯ä¸Šã§PMTUD 「VPN上をæµã‚Œã‚‹TCP上ã§ã‚¯ãƒ©ãƒ³ãƒ—ã™ã‚‹MSSを有効ã«ã—ã¾ã™ã€‚ã“ã‚Œã¯ã®å•é¡Œã‚’å…‹æœã™ã‚‹ã®ã«å½¹ç«‹ã¡ã¾ã™ã€ 。空白ã®å ´åˆã€ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆå€¤ã¯1400ãƒã‚¤ãƒˆã§ã™ã€‚" +msgstr "IPsec VPNã®ãƒªãƒ³ã‚¯ä¸Šã§PMTUD 「VPN上をæµã‚Œã‚‹TCP上ã§ã‚¯ãƒ©ãƒ³ãƒ—ã™ã‚‹MSSを有効ã«ã—ã¾ã™ã€‚ã“ã‚Œã¯ã®å•é¡Œã‚’å…‹æœã™ã‚‹ã®ã«å½¹ç«‹ã¡ã¾ã™ã€ 。空白ã®å ´åˆã€ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆå€¤ã¯1400ãƒã‚¤ãƒˆã§ã™ã€‚" #: usr/local/www/system_advanced_misc.php:383 #: usr/local/www/system_advanced_misc.php:426 @@ -40055,7 +40054,7 @@ msgstr "ã€Œè¿½åŠ ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¯ã€ã“ã“ã§è¿½åŠ ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ msgid "" "Accounts created here are also used for other parts of the system such as " "OpenVPN, IPsec, and Captive Portal." -msgstr "OpenVPNã¯ã€ IPSecã€ãŠã‚ˆã³ã‚ャプティブãƒãƒ¼ã‚¿ãƒ«ã€Œã“ã“ã§ä½œæˆã—ãŸã‚¢ã‚«ã‚¦ãƒ³ãƒˆã¯ã¾ãŸã€ãªã©ã®ã‚·ã‚¹ãƒ†ãƒ ã®ä»–ã®éƒ¨åˆ†ã«ä½¿ç”¨ã•ã‚Œã¾ã™ã€ 。" +msgstr "OpenVPNã¯ã€ IPsecã€ãŠã‚ˆã³ã‚ャプティブãƒãƒ¼ã‚¿ãƒ«ã€Œã“ã“ã§ä½œæˆã—ãŸã‚¢ã‚«ã‚¦ãƒ³ãƒˆã¯ã¾ãŸã€ãªã©ã®ã‚·ã‚¹ãƒ†ãƒ ã®ä»–ã®éƒ¨åˆ†ã«ä½¿ç”¨ã•ã‚Œã¾ã™ã€ 。" #: usr/local/www/system_usermanager_passwordmg.php:43 #: usr/local/www/system_usermanager_passwordmg.php:43 diff --git a/usr/local/share/locale/pt_BR.ISO8859-1/LC_MESSAGES/pfSense.mo b/usr/local/share/locale/pt_BR.ISO8859-1/LC_MESSAGES/pfSense.mo Binary files differindex 1b78823..6972af2 100644 --- a/usr/local/share/locale/pt_BR.ISO8859-1/LC_MESSAGES/pfSense.mo +++ b/usr/local/share/locale/pt_BR.ISO8859-1/LC_MESSAGES/pfSense.mo diff --git a/usr/local/share/locale/pt_BR.ISO8859-1/LC_MESSAGES/pfSense.po b/usr/local/share/locale/pt_BR.ISO8859-1/LC_MESSAGES/pfSense.po index 0fbea14..1a1289f 100644 --- a/usr/local/share/locale/pt_BR.ISO8859-1/LC_MESSAGES/pfSense.po +++ b/usr/local/share/locale/pt_BR.ISO8859-1/LC_MESSAGES/pfSense.po @@ -3681,17 +3681,17 @@ msgstr "Removendo regras estáticas para monitor %1$s e adicionando nova rota atr #: etc/inc/gwlb.inc:501 etc/inc/gwlb.inc:727 etc/inc/gwlb.inc:750 #, php-format -msgid "MONITOR: %s is down, removing from routing group" +msgid "MONITOR: %s is down, omitting from routing group" msgstr "MONITOR: %s não responde, removendo do grupo de roteamento" #: etc/inc/gwlb.inc:505 etc/inc/gwlb.inc:731 etc/inc/gwlb.inc:754 #, php-format -msgid "MONITOR: %s has packet loss, removing from routing group" +msgid "MONITOR: %s has packet loss, omitting from routing group" msgstr "MONITOR: %s tem perda de pacote, removendo de grupo de roteamento" #: etc/inc/gwlb.inc:509 etc/inc/gwlb.inc:735 etc/inc/gwlb.inc:758 #, php-format -msgid "MONITOR: %s has high latency, removing from routing group" +msgid "MONITOR: %s has high latency, omitting from routing group" msgstr "MONITOR: %s tem alta latência, removendo de grupo de roteamento" #: etc/inc/gwlb.inc:526 etc/inc/gwlb.inc:752 etc/inc/gwlb.inc:775 @@ -13223,7 +13223,7 @@ msgstr "Palavra reservada usada para nome de alias." #: usr/local/www/firewall_aliases_edit.php:145 #: usr/local/www/firewall_aliases_edit.php:139 -msgid "The alias name must be less than 32 characters long and may only consist of the characters" +msgid "The alias name must be less than 32 characters long, may not consist of only numbers, and may only contain the following characters" msgstr "O nome de alias deve conter menos de 32 caracteres e deve consistir apenas de caracteres" #: usr/local/www/firewall_aliases_edit.php:187 @@ -13656,7 +13656,7 @@ msgstr "IP virtual." #: usr/local/www/firewall_nat_1to1.php:181 msgid "If you add a 1:1 NAT entry for any of the interface IPs on this system, it will make this system inaccessible on that IP address. i.e. if you use your WAN IP address, any services on this system (IPsec, OpenVPN server, etc.) using the WAN IP address will no longer function." -msgstr "Se você adicionar uma entrada NAT 1:1 para qualquer uma das interfaces IP no sistema, isto irá tornar o sistema inacessível naquele endereço IP. Ex.: se você usar seu endereço IP WAN, qualquer serviço neste sistema (IPSec, servidor OpenVPN, etc) utilizando o endereço IP WAN deixará de funcionar." +msgstr "Se você adicionar uma entrada NAT 1:1 para qualquer uma das interfaces IP no sistema, isto irá tornar o sistema inacessível naquele endereço IP. Ex.: se você usar seu endereço IP WAN, qualquer serviço neste sistema (IPsec, servidor OpenVPN, etc) utilizando o endereço IP WAN deixará de funcionar." #: usr/local/www/firewall_nat_1to1_edit.php:109 #: usr/local/www/firewall_nat_out_edit.php:125 diff --git a/usr/local/share/locale/tr/LC_MESSAGES/pfSense.mo b/usr/local/share/locale/tr/LC_MESSAGES/pfSense.mo Binary files differindex fe81cbe..6804066 100644 --- a/usr/local/share/locale/tr/LC_MESSAGES/pfSense.mo +++ b/usr/local/share/locale/tr/LC_MESSAGES/pfSense.mo diff --git a/usr/local/share/locale/tr/LC_MESSAGES/pfSense.po b/usr/local/share/locale/tr/LC_MESSAGES/pfSense.po index 8c70885..9673e12 100644 --- a/usr/local/share/locale/tr/LC_MESSAGES/pfSense.po +++ b/usr/local/share/locale/tr/LC_MESSAGES/pfSense.po @@ -3671,17 +3671,17 @@ msgstr "" #: etc/inc/gwlb.inc:501 etc/inc/gwlb.inc:727 etc/inc/gwlb.inc:750 #, php-format -msgid "MONITOR: %s is down, removing from routing group" +msgid "MONITOR: %s is down, omitting from routing group" msgstr "Ä°ZLEME: %s kapalı, yönlendirme grubundan kaldırılıyor." #: etc/inc/gwlb.inc:505 etc/inc/gwlb.inc:731 etc/inc/gwlb.inc:754 #, php-format -msgid "MONITOR: %s has packet loss, removing from routing group" +msgid "MONITOR: %s has packet loss, omitting from routing group" msgstr "Ä°ZLEME: %s paket kaybı var, yönlendirme grubundan kaldırılıyor." #: etc/inc/gwlb.inc:509 etc/inc/gwlb.inc:735 etc/inc/gwlb.inc:758 #, php-format -msgid "MONITOR: %s has high latency, removing from routing group" +msgid "MONITOR: %s has high latency, omitting from routing group" msgstr "Ä°ZLEME: %s gecikme oranı yüksek, yönlendirme grubundan kaldırılıyor." #: etc/inc/gwlb.inc:526 etc/inc/gwlb.inc:752 etc/inc/gwlb.inc:775 @@ -10599,7 +10599,7 @@ msgstr "IPsec VPN" #: usr/local/www/diag_logs_ipsec.php:123 #, php-format msgid "Last %s IPsec log entries" -msgstr "IPSec son %s günlük girdisi" +msgstr "IPsec son %s günlük girdisi" #: usr/local/www/diag_logs_ipsec.php:135 usr/local/www/diag_logs_ppp.php:99 #: usr/local/www/diag_logs_ipsec.php:134 usr/local/www/diag_logs_ppp.php:98 @@ -13906,8 +13906,7 @@ msgstr "Grup için bu isim kullanılamaz." #: usr/local/www/firewall_aliases_edit.php:145 #: usr/local/www/firewall_aliases_edit.php:145 msgid "" -"The alias name must be less than 32 characters long and may only consist of " -"the characters" +"The alias name must be less than 32 characters long, may not consist of only numbers, and may only contain the following characters " msgstr "Grup adı sadece karakterlerden oluÅŸmalıdır ve 32 karakteri geçmemelidir" #: usr/local/www/firewall_aliases_edit.php:187 @@ -22302,7 +22301,7 @@ msgstr "HATA: Geçersiz yapılandırma alındı." #: usr/local/www/vpn_ipsec.php:139 usr/local/www/vpn_ipsec_mobile.php:330 #: usr/local/www/vpn_ipsec_keys.php:85 msgid "The IPsec tunnel configuration has been changed" -msgstr "IPSec tünel yapılandırması deÄŸiÅŸtirildi" +msgstr "IPsec tünel yapılandırması deÄŸiÅŸtirildi" #: usr/local/www/vpn_ipsec.php:141 usr/local/www/vpn_ipsec_keys.php:93 #: usr/local/www/vpn_ipsec_mobile.php:318 @@ -42914,7 +42913,7 @@ msgstr "" #: usr/local/www/vpn_ipsec_phase2.php:192 msgid "Mobile IPsec only supports Tunnel mode." -msgstr "Mobil IPSec yalnızca tünel modu destekler." +msgstr "Mobil IPsec yalnızca tünel modu destekler." #: usr/local/www/vpn_ipsec_phase2.php:287 msgid "Phase 1 is using IPv4. You cannot use Tunnel IPv6 on Phase 2." diff --git a/usr/local/www/carp_status.php b/usr/local/www/carp_status.php index 192875e..869cc1b 100644 --- a/usr/local/www/carp_status.php +++ b/usr/local/www/carp_status.php @@ -50,11 +50,12 @@ unset($carp_interface_count_cache); unset($interface_ip_arr_cache); $status = get_carp_status(); +$status = intval($status); if($_POST['carp_maintenancemode'] <> "") { interfaces_carp_set_maintenancemode(!isset($config["virtualip_carp_maintenancemode"])); } if($_POST['disablecarp'] <> "") { - if($status == true) { + if($status > 0) { set_single_sysctl('net.inet.carp.allow', '0'); if(is_array($config['virtualip']['vip'])) { $viparr = &$config['virtualip']['vip']; @@ -68,6 +69,7 @@ if($_POST['disablecarp'] <> "") { } } $savemsg = sprintf(gettext("%s IPs have been disabled. Please note that disabling does not survive a reboot."), $carp_counter); + $status = 0; } else { $savemsg = gettext("CARP has been enabled."); if(is_array($config['virtualip']['vip'])) { @@ -81,14 +83,13 @@ if($_POST['disablecarp'] <> "") { } } } - interfaces_carp_setup(); + interfaces_sync_setup(); set_single_sysctl('net.inet.carp.allow', '1'); + $status = 1; } } -$status = get_carp_status(); - -$carp_detected_problems = (array_pop(get_sysctl("net.inet.carp.demotion")) > 0); +$carp_detected_problems = ((get_single_sysctl("net.inet.carp.demotion")) > 0); $pgtitle = array(gettext("Status"),gettext("CARP")); $shortcut_section = "carp"; @@ -119,12 +120,12 @@ include("head.inc"); } } if($carpcount > 0) { - if($status == false) { - $carp_enabled = false; - echo "<input type=\"submit\" name=\"disablecarp\" id=\"disablecarp\" value=\"" . gettext("Enable CARP") . "\" />"; - } else { + if($status > 0) { $carp_enabled = true; echo "<input type=\"submit\" name=\"disablecarp\" id=\"disablecarp\" value=\"" . gettext("Temporarily Disable CARP") . "\" />"; + } else { + $carp_enabled = false; + echo "<input type=\"submit\" name=\"disablecarp\" id=\"disablecarp\" value=\"" . gettext("Enable CARP") . "\" />"; } if(isset($config["virtualip_carp_maintenancemode"])) { echo "<input type=\"submit\" name=\"carp_maintenancemode\" id=\"carp_maintenancemode\" value=\"" . gettext("Leave Persistent CARP Maintenance Mode") . "\" />"; diff --git a/usr/local/www/diag_ipsec.php b/usr/local/www/diag_ipsec.php index 9c77b18..0f4e2ef 100644 --- a/usr/local/www/diag_ipsec.php +++ b/usr/local/www/diag_ipsec.php @@ -86,20 +86,20 @@ $status = ipsec_smp_dump_status(); <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="status ipsec"> <tr> <td> - <?php - $tab_array = array(); - $tab_array[0] = array(gettext("Overview"), true, "diag_ipsec.php"); - $tab_array[1] = array(gettext("Leases"), false, "diag_ipsec_leases.php"); - $tab_array[2] = array(gettext("SAD"), false, "diag_ipsec_sad.php"); - $tab_array[3] = array(gettext("SPD"), false, "diag_ipsec_spd.php"); - $tab_array[4] = array(gettext("Logs"), false, "diag_logs_ipsec.php"); - display_top_tabs($tab_array); - ?> +<?php + $tab_array = array(); + $tab_array[0] = array(gettext("Overview"), true, "diag_ipsec.php"); + $tab_array[1] = array(gettext("Leases"), false, "diag_ipsec_leases.php"); + $tab_array[2] = array(gettext("SAD"), false, "diag_ipsec_sad.php"); + $tab_array[3] = array(gettext("SPD"), false, "diag_ipsec_spd.php"); + $tab_array[4] = array(gettext("Logs"), false, "diag_logs_ipsec.php"); + display_top_tabs($tab_array); +?> </td> </tr> <tr> - <td> - <div id="mainarea"> + <td> + <div id="mainarea"> <table width="100%" border="0" cellpadding="6" cellspacing="0" class="tabcont sortable" summary="status"> <thead> <tr> @@ -112,59 +112,64 @@ $status = ipsec_smp_dump_status(); <th class="listhdrr nowrap"><?php echo gettext("Reauth");?></th> <th class="listhdrr nowrap"><?php echo gettext("Algo");?></th> <th class="listhdrr nowrap"><?php echo gettext("Status");?></th> - <td class="list nowrap"></td> - </tr> + <th class="list nowrap"></th> + </tr> </thead> <tbody> <?php $ipsecconnected = array(); - if (is_array($status['query']) && is_array($status['query']['ikesalist']) && is_array($status['query']['ikesalist']['ikesa'])) { - foreach ($status['query']['ikesalist']['ikesa'] as $ikeid => $ikesa) { + if (is_array($status['query']) && is_array($status['query']['ikesalist']) && is_array($status['query']['ikesalist']['ikesa'])): + foreach ($status['query']['ikesalist']['ikesa'] as $ikeid => $ikesa): $con_id = substr($ikesa['peerconfig'], 3); $ipsecconnected[$con_id] = $con_id; - if (ipsec_phase1_status($status['query']['ikesalist']['ikesa'], $ikesa['id'])) { + if (ipsec_phase1_status($status['query']['ikesalist']['ikesa'], $ikesa['id'])) $icon = "pass"; - } elseif(!isset($config['ipsec']['enable'])) { + elseif (!isset($config['ipsec']['enable'])) $icon = "block"; - } else { + else $icon = "reject"; - } ?> <tr> <td class="listlr"> - <?php echo htmlspecialchars(ipsec_get_descr($con_id));?> +<?php + echo htmlspecialchars(ipsec_get_descr($con_id)); +?> </td> <td class="listr"> - <?php if (!is_array($ikesa['local'])) - echo "Unknown"; +<?php + if (!is_array($ikesa['local'])) + echo gettext("Unknown"); else { if (!empty($ikesa['local']['identification'])) { if ($ikesa['local']['identification'] == '%any') - echo 'Any identifier'; + echo gettext('Any identifier'); else echo htmlspecialchars($ikesa['local']['identification']); } else - echo 'Unknown'; + echo gettext("Unknown"); } - ?> +?> </td> <td class="listr"> - <?php if (!is_array($ikesa['local'])) - echo "Unknown"; +<?php + if (!is_array($ikesa['local'])) + echo gettext("Unknown"); else { if (!empty($ikesa['local']['address'])) - echo htmlspecialchars($ikesa['local']['address']) . '<br/>Port:' . htmlspecialchars($ikesa['local']['port']); + echo htmlspecialchars($ikesa['local']['address']) . '<br/>' . + gettext('Port: ') . htmlspecialchars($ikesa['local']['port']); else - echo 'Unknown'; + echo gettext("Unknown"); if ($ikesa['local']['nat'] != 'false') echo " NAT-T"; } - ?> +?> </td> <td class="listr"> - <?php if (!is_array($ikesa['remote'])) - echo "Unknown"; +<?php + if (!is_array($ikesa['remote'])) + echo gettext("Unknown"); else { $identity = ""; if (!empty($ikesa['remote']['identification'])) { @@ -179,45 +184,50 @@ $status = ipsec_smp_dump_status(); echo "<br/>{$identity}"; } else { if (empty($identity)) - echo "Unknown"; + echo gettext("Unknown"); else echo $identity; } } - ?> +?> </td> <td class="listr"> - <?php if (!is_array($ikesa['remote'])) - echo "Unknown"; +<?php + if (!is_array($ikesa['remote'])) + echo gettext("Unknown"); else { if (!empty($ikesa['remote']['address'])) - echo htmlspecialchars($ikesa['remote']['address']) . '<br/>Port:' . htmlspecialchars($ikesa['remote']['port']); + echo htmlspecialchars($ikesa['remote']['address']) . '<br/>' . + gettext('Port: ') . htmlspecialchars($ikesa['remote']['port']); else - echo 'Unknown'; + echo gettext("Unknown"); if ($ikesa['remote']['nat'] != 'false') echo " NAT-T"; } - ?> +?> </td> <td class="listr"> IKEv<?php echo htmlspecialchars($ikesa['version']);?> <br/> - <?php echo htmlspecialchars($ikesa['role']);?> - +<?php + echo htmlspecialchars($ikesa['role']); +?> </td> <td class="listr"> - <?php echo htmlspecialchars($ikesa['reauth']);?> +<?php + echo htmlspecialchars($ikesa['reauth']); +?> </td> <td class="listr"> - <?php - echo htmlspecialchars($ikesa['encalg']); - echo "<br/>"; - echo htmlspecialchars($ikesa['intalg']); - echo "<br/>"; - echo htmlspecialchars($ikesa['prfalg']); - echo "<br/>"; - echo htmlspecialchars($ikesa['dhgroup']); - ?> +<?php + echo htmlspecialchars($ikesa['encalg']); + echo "<br/>"; + echo htmlspecialchars($ikesa['intalg']); + echo "<br/>"; + echo htmlspecialchars($ikesa['prfalg']); + echo "<br/>"; + echo htmlspecialchars($ikesa['dhgroup']); +?> </td> <td class="listr"> <center> @@ -227,135 +237,155 @@ $status = ipsec_smp_dump_status(); </center> </td> <td > - <?php if ($icon != "pass"): ?> +<?php + if ($icon != "pass"): +?> <center> <a href="diag_ipsec.php?act=connect&ikeid=<?php echo $con_id; ?>"> - <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_start.gif" alt="Connect VPN" title="Connect VPN" border="0"/> + <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_start.gif" alt=<?php echo gettext("Connect VPN");?> title=<?php echo gettext("Connect VPN");?> border="0"/> </a> </center> - <?php else: ?> +<?php + else: +?> <center> <a href="diag_ipsec.php?act=ikedisconnect&ikeid=<?php echo $con_id; ?>"> - <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_stop.gif" alt="Disconnect VPN" title="Disconnect VPN" border="0"/> + <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_stop.gif" alt=<?php echo gettext("Disconnect VPN");?> title=<?php echo gettext("Disconnect VPN");?> border="0"/> </a> <a href="diag_ipsec.php?act=ikedisconnect&ikeid=<?php echo $con_id; ?>&ikesaid=<?php echo $ikesa['id']; ?>"> - <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif" alt="Disconnect VPN Connection" title="Disconnect VPN Connection" border="0"/> + <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif" alt=<?php echo gettext("Disconnect VPN Connection");?> title=<?php echo gettext("Disconnect VPN Connection");?> border="0"/> </a> </center> - <?php endif; ?> +<?php + endif; +?> </td> <td valign="middle" class="list nowrap"> <table border="0" cellspacing="0" cellpadding="1" summary=""> </table> </td> </tr> - <?php if (is_array($ikesa['childsalist'])): ?> +<?php + if (is_array($ikesa['childsalist'])): +?> <tr> <td class="listrborder" colspan="9"> <div id="btnchildsa-<?=$ikeid;?>"> <input type="button" onclick="show_childsa('childsa-<?=$ikeid;?>','btnchildsa-<?=$ikeid;?>');" value="+" /> - Show child SA entries </div> <table class="tabcont" width="100%" height="100%" border="0" cellspacing="0" cellpadding="0" id="childsa-<?=$ikeid;?>" style="display:none" summary=""> - <thead> - <tr> - <th class="listhdrr nowrap"><?php echo gettext("Local subnets");?></th> - <th class="listhdrr nowrap"><?php echo gettext("Local SPI(s)");?></th> - <th class="listhdrr nowrap"><?php echo gettext("Remote subnets");?></th> - <th class="listhdrr nowrap"><?php echo gettext("Times");?></th> - <th class="listhdrr nowrap"><?php echo gettext("Algo");?></th> - <th class="listhdrr nowrap"><?php echo gettext("Stats");?></th> - </tr> - </thead> - <tbody> - <?php - if (is_array($ikesa['childsalist']['childsa'])) { - foreach ($ikesa['childsalist']['childsa'] as $childsa) { - ?> - <tr valign="top"> - <td class="listlr nowrap"> - <?php if (is_array($childsa['local']) && is_array($childsa['local']['networks']) && is_array($childsa['local']['networks']['network'])) { - foreach ($childsa['local']['networks']['network'] as $lnets) { - echo htmlspecialchars(ipsec_fixup_network($lnets)) . "<br />"; - } - } else - echo "Unknown"; - ?> - </td> - <td class="listr nowrap"> - <?php if (is_array($childsa['local'])) - echo "Local: " . htmlspecialchars($childsa['local']['spi']); - ?> - <?php if (is_array($childsa['remote'])) - echo "<br/>Remote: " . htmlspecialchars($childsa['remote']['spi']); - ?> - </td> - <td class="listr nowrap"> - <?php if (is_array($childsa['remote']) && is_array($childsa['remote']['networks']) && is_array($childsa['remote']['networks']['network'])) { - foreach ($childsa['remote']['networks']['network'] as $rnets) { - echo htmlspecialchars(ipsec_fixup_network($rnets)) . "<br />"; - } - } else - echo "Unknown"; - ?> - </td> - <td class="listr nowrap"> - <?php - echo "Rekey: " . htmlspecialchars($childsa['rekey']); - echo "<br/>Life: " . htmlspecialchars($childsa['lifetime']); - echo "<br/>Install: " .htmlspecialchars($childsa['installtime']); + <thead> + <tr> + <th class="listhdrr nowrap"><?php echo gettext("Local subnets");?></th> + <th class="listhdrr nowrap"><?php echo gettext("Local SPI(s)");?></th> + <th class="listhdrr nowrap"><?php echo gettext("Remote subnets");?></th> + <th class="listhdrr nowrap"><?php echo gettext("Times");?></th> + <th class="listhdrr nowrap"><?php echo gettext("Algo");?></th> + <th class="listhdrr nowrap"><?php echo gettext("Stats");?></th> + </tr> + </thead> + <tbody> +<?php + if (is_array($ikesa['childsalist']['childsa'])): + foreach ($ikesa['childsalist']['childsa'] as $childsa): +?> + <tr valign="top"> + <td class="listlr nowrap"> +<?php + if (is_array($childsa['local']) && + is_array($childsa['local']['networks']) && + is_array($childsa['local']['networks']['network'])) + foreach ($childsa['local']['networks']['network'] as $lnets) + echo htmlspecialchars(ipsec_fixup_network($lnets)) . "<br />"; + else + echo gettext("Unknown"); +?> + </td> + <td class="listr nowrap"> +<?php + if (is_array($childsa['local'])) + echo gettext("Local: ") . htmlspecialchars($childsa['local']['spi']); + if (is_array($childsa['remote'])) + echo "<br/>" . gettext("Remote: ") . htmlspecialchars($childsa['remote']['spi']); +?> + </td> + <td class="listr nowrap"> +<?php + if (is_array($childsa['remote']) && + is_array($childsa['remote']['networks']) && + is_array($childsa['remote']['networks']['network'])) + foreach ($childsa['remote']['networks']['network'] as $rnets) + echo htmlspecialchars(ipsec_fixup_network($rnets)) . "<br />"; + else + echo gettext("Unknown"); +?> + </td> + <td class="listr nowrap"> +<?php + echo gettext("Rekey: ") . htmlspecialchars($childsa['rekey']); + echo "<br/>" . gettext("Life: ") . htmlspecialchars($childsa['lifetime']); + echo "<br/>" . gettext("Install: ") .htmlspecialchars($childsa['installtime']); - ?> - </td> - <td class="listr nowrap"> - <?php - echo htmlspecialchars($childsa['encalg']); - echo "<br/>"; - echo htmlspecialchars($childsa['intalg']); - echo "<br/>"; - if (!empty($childsa['prfalg'])) { - echo htmlspecialchars($childsa['prfalg']); +?> + </td> + <td class="listr nowrap"> +<?php + echo htmlspecialchars($childsa['encalg']); + echo "<br/>"; + echo htmlspecialchars($childsa['intalg']); echo "<br/>"; - } - if (!empty($childsa['dhgroup'])) { - echo htmlspecialchars($childsa['dhgroup']); + if (!empty($childsa['prfalg'])) { + echo htmlspecialchars($childsa['prfalg']); + echo "<br/>"; + } + if (!empty($childsa['dhgroup'])) { + echo htmlspecialchars($childsa['dhgroup']); + echo "<br/>"; + } + if (!empty($childsa['esn'])) { + echo htmlspecialchars($childsa['esn']); + echo "<br/>"; + } + echo gettext("IPComp: ") . htmlspecialchars($childsa['ipcomp']); +?> + </td> + <td class="listr nowrap"> +<?php + echo gettext("Bytes-In: ") . htmlspecialchars($childsa['bytesin']); echo "<br/>"; - } - if (!empty($childsa['esn'])) { - echo htmlspecialchars($childsa['esn']); + echo gettext("Packets-In: ") . htmlspecialchars($childsa['packetsin']); echo "<br/>"; - } - echo "IPComp: " . htmlspecialchars($childsa['ipcomp']); - ?> - </td> - <td class="listr nowrap"> - <?php - echo "Bytes-In: " . htmlspecialchars($childsa['bytesin']) . "<br/>Packets-In: " . htmlspecialchars($childsa['packetsin']);; - echo "<br/>"; - echo "Bytes-Out: " . htmlspecialchars($childsa['bytesout']) . "<br/>Packets-Out: " . htmlspecialchars($childsa['packetsout']);; - ?> - </td> - <td> - <center> - <a href="diag_ipsec.php?act=childdisconnect&ikeid=<?php echo $con_id; ?>&ikesaid=<?php echo $childsa['reqid']; ?>"> - <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif" alt="Disconnect Child SA" title="Disconnect Child SA" border="0"/> - </a> - </center> - </td> - <td class="list nowrap"> - - </td> - </tr> - <?php } } ?> - <tr style="display:none;"><td></td></tr> - </tbody> + echo gettext("Bytes-Out: ") . htmlspecialchars($childsa['bytesout']); + echo "<br/>"; + echo gettext("Packets-Out: ") . htmlspecialchars($childsa['packetsout']); +?> + </td> + <td> + <center> + <a href="diag_ipsec.php?act=childdisconnect&ikeid=<?php echo $con_id; ?>&ikesaid=<?php echo $childsa['reqid']; ?>"> + <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif" alt=<?php echo gettext("Disconnect Child SA");?> title=<?php echo gettext("Disconnect Child SA");?> border="0"/> + </a> + </center> + </td> + <td class="list nowrap"> + + </td> + </tr> +<?php + endforeach; + endif; +?> + <tr style="display:none;"><td></td></tr> + </tbody> </table> </td> </tr> - <?php endif; +<?php + endif; unset($con_id); - } - } + endforeach; + endif; $rgmap = array(); foreach ($a_phase1 as $ph1ent): @@ -363,70 +393,91 @@ $status = ipsec_smp_dump_status(); if ($ipsecconnected[$ph1ent['ikeid']]) continue; ?> - <tr> - <td class="listlr"> - <?php echo htmlspecialchars($ph1ent['descr']);?> - </td> - <td class="listr"> - <?php - list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local"); - if (empty($myid_data)) - echo "Unknown"; - else - echo htmlspecialchars($myid_data); - ?> - </td> - <td class="listr"> - <?php - $ph1src = ipsec_get_phase1_src($ph1ent); - if (empty($ph1src)) - echo "Unknown"; - else - echo htmlspecialchars($ph1src); - ?> - </td> - <td class="listr"> - <?php - list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap); - if (empty($peerid_data)) - echo "Unknown"; - else - echo htmlspecialchars($peerid_data); - ?> - </td> - <td class="listr"> - <?php - $ph1src = ipsec_get_phase1_dst($ph1ent); - if (empty($ph1src)) - echo "Unknown"; - else - echo htmlspecialchars($ph1src); - ?> - </td> - <td class="listr" > - </td> - <td class="listr" > - </td> - <td class="listr" > - </td> - <td class="listr"> - <center> - <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_reject.gif" title="Disconnected" alt=""/> - <br/>Disconnected - </center> - </td> - <td > - <center> - <a href="diag_ipsec.php?act=connect&ikeid=<?php echo $ph1ent['ikeid']; ?>"> - <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_start.gif" alt="Connect VPN" title="Connect VPN" border="0"/> - </a> - </center> - </td> - <td valign="middle" class="list nowrap"> - <table border="0" cellspacing="0" cellpadding="1" summary=""> - </table> - </td> - </tr> + <tr> + <td class="listlr"> +<?php + echo htmlspecialchars($ph1ent['descr']); +?> + </td> + <td class="listr"> +<?php + list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, "local"); + if (empty($myid_data)) + echo gettext("Unknown"); + else + echo htmlspecialchars($myid_data); +?> + </td> + <td class="listr"> +<?php + $ph1src = ipsec_get_phase1_src($ph1ent); + if (empty($ph1src)) + echo gettext("Unknown"); + else + echo htmlspecialchars($ph1src); +?> + </td> + <td class="listr"> +<?php + list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, "peer", $rgmap); + if (empty($peerid_data)) + echo gettext("Unknown"); + else + echo htmlspecialchars($peerid_data); +?> + </td> + <td class="listr"> +<?php + $ph1src = ipsec_get_phase1_dst($ph1ent); + if (empty($ph1src)) + echo gettext("Unknown"); + else + echo htmlspecialchars($ph1src); +?> + </td> + <td class="listr" > + </td> + <td class="listr" > + </td> + <td class="listr" > + </td> +<?php + if (isset($ph1ent['mobile'])): +?> + <td class="listr"> + <center> + <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_pass.gif" title=<?php echo gettext("Waiting connections");?> alt=""/> + <br/><?php echo gettext("Waiting connections");?> + </center> + </td> + <td valign="middle" class="list nowrap"> + <table border="0" cellspacing="0" cellpadding="1" summary=""> + </table> + </td> +<?php + else: +?> + <td class="listr"> + <center> + <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_reject.gif" title=<?php echo gettext("Disconnected");?> alt=""/> + <br/><?php echo gettext("Disconnected");?> + </center> + </td> + <td > + <center> + <a href="diag_ipsec.php?act=connect&ikeid=<?php echo $ph1ent['ikeid']; ?>"> + <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_start.gif" alt=<?php echo gettext("Connect VPN");?> title=<?php echo gettext("Connect VPN");?> border="0"/> + </a> + </center> + </td> +<?php + endif; +?> + <td valign="middle" class="list nowrap"> + <table border="0" cellspacing="0" cellpadding="1" summary=""> + </table> + </td> + </tr> <?php endforeach; unset($ipsecconnected, $phase1, $rgmap); diff --git a/usr/local/www/exec.php b/usr/local/www/exec.php index 1963508..f3849b9 100644 --- a/usr/local/www/exec.php +++ b/usr/local/www/exec.php @@ -318,7 +318,7 @@ if (!isBlank($_POST['txtPHPCommand'])) { <td valign="top" class="label"> <input type="submit" class="button" value="<?=gettext("Execute"); ?>" /> <p> - <strong><?=gettext("Example"); ?>:</strong> interfaces_carp_setup(); + <strong><?=gettext("Example"); ?>:</strong> interfaces_sync_setup(); </p> </td> </tr> diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index aa59497..01d19b1 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -63,6 +63,7 @@ if (is_array($config['load_balancer']['lbpool'])) $reserved_ifs = get_configured_interface_list(false, true); $reserved_keywords = array_merge($reserved_keywords, $reserved_ifs, $reserved_table_names); +$max_alias_addresses = 5000; if (!is_array($config['aliases']['alias'])) $config['aliases']['alias'] = array(); @@ -137,7 +138,7 @@ if ($_POST) { $input_errors[] = gettext("Reserved word used for alias name."); } else { if (is_validaliasname($_POST['name']) == false) - $input_errors[] = gettext("The alias name must be less than 32 characters long and may only consist of the characters") . " a-z, A-Z, 0-9, _."; + $input_errors[] = gettext("The alias name must be less than 32 characters long, may not consist of only numbers, and may only contain the following characters") . " a-z, A-Z, 0-9, _."; } /* check for name conflicts */ if (empty($a_aliases[$id])) { @@ -202,7 +203,7 @@ if ($_POST) { $desc_fmt_err_found = false; /* item is a url type */ - for($x=0; $x<4999; $x++) { + for($x=0; $x<$max_alias_addresses-1; $x++) { $_POST['address' . $x] = trim($_POST['address' . $x]); if($_POST['address' . $x]) { /* fetch down and add in */ @@ -280,53 +281,152 @@ if ($_POST) { /* item is a normal alias type */ $wrongaliases = ""; $desc_fmt_err_found = false; - for($x=0; $x<4999; $x++) { + $alias_address_count = 0; + + // First trim and expand the input data. + // Users can paste strings like "10.1.2.0/24 10.3.0.0/16 9.10.11.0/24" into an address box. + // They can also put an IP range. + // This loop expands out that stuff so it can easily be validated. + for($x=0; $x<($max_alias_addresses-1); $x++) { if($_POST["address{$x}"] <> "") { - $_POST["address{$x}"] = trim($_POST["address{$x}"]); - if (is_alias($_POST["address{$x}"])) { - if (!alias_same_type($_POST["address{$x}"], $_POST['type'])) - // But alias type network can include alias type urltable. Feature#1603. - if (!($_POST['type'] == 'network' && - preg_match("/urltable/i", alias_get_type($_POST["address{$x}"])))) - $wrongaliases .= " " . $_POST["address{$x}"]; - } else if ($_POST['type'] == "port") { - if (!is_port($_POST["address{$x}"]) && !is_portrange($_POST["address{$x}"])) - $input_errors[] = $_POST["address{$x}"] . " " . gettext("is not a valid port or alias."); - } else if ($_POST['type'] == "host" || $_POST['type'] == "network") { - if (is_subnet($_POST["address{$x}"]) || (!is_ipaddr($_POST["address{$x}"]) - && !is_hostname($_POST["address{$x}"]) - && !is_iprange($_POST["address{$x}"]))) - $input_errors[] = sprintf(gettext('%1$s is not a valid %2$s alias.'), $_POST["address{$x}"], $_POST['type']); - } - if (is_iprange($_POST["address{$x}"])) { - list($startip, $endip) = explode('-', $_POST["address{$x}"]); - $rangesubnets = ip_range_to_subnet_array($startip, $endip); - $address = array_merge($address, $rangesubnets); - } else { - $tmpaddress = $_POST["address{$x}"]; - if($_POST['type'] != "host" && is_ipaddr($_POST["address{$x}"]) && $_POST["address_subnet{$x}"] <> "") { - if (!is_subnet($_POST["address{$x}"] . "/" . $_POST["address_subnet{$x}"])) - $input_errors[] = sprintf(gettext('%s/%s is not a valid subnet.'), $_POST["address{$x}"], $_POST["address_subnet{$x}"]); - else - $tmpaddress .= "/" . $_POST["address_subnet{$x}"]; - } - $address[] = $tmpaddress; - } if ($_POST["detail{$x}"] <> "") { if ((strpos($_POST["detail{$x}"], "||") === false) && (substr($_POST["detail{$x}"], 0, 1) != "|") && (substr($_POST["detail{$x}"], -1, 1) != "|")) { - $final_address_details[] = $_POST["detail{$x}"]; + $detail_text = $_POST["detail{$x}"]; } else { /* Remove leading and trailing vertical bars and replace multiple vertical bars with single, */ /* and put in the output array so the text is at least redisplayed for the user. */ - $final_address_details[] = preg_replace('/\|\|+/', '|', trim($_POST["detail{$x}"], "|")); + $detail_text = preg_replace('/\|\|+/', '|', trim($_POST["detail{$x}"], "|")); if (!$desc_fmt_err_found) { $input_errors[] = $vertical_bar_err_text; $desc_fmt_err_found = true; } } - } else - $final_address_details[] = sprintf(gettext("Entry added %s"), date('r')); + } else { + $detail_text = sprintf(gettext("Entry added %s"), date('r')); + } + $address_items = explode(" ", trim($_POST["address{$x}"])); + foreach ($address_items as $address_item) { + $iprange_type = is_iprange($address_item); + if ($iprange_type == 4) { + list($startip, $endip) = explode('-', $address_item); + if ($_POST['type'] == "network") { + // For network type aliases, expand an IPv4 range into an array of subnets. + $rangesubnets = ip_range_to_subnet_array($startip, $endip); + foreach ($rangesubnets as $rangesubnet) { + if ($alias_address_count > $max_alias_addresses) { + break; + } + list($address_part, $subnet_part) = explode("/", $rangesubnet); + $input_addresses[] = $address_part; + $input_address_subnet[] = $subnet_part; + $final_address_details[] = $detail_text; + $alias_address_count++; + } + } else { + // For host type aliases, expand an IPv4 range into a list of individual IPv4 addresses. + $rangeaddresses = ip_range_to_address_array($startip, $endip, $max_alias_addresses - $alias_address_count); + if (is_array($rangeaddresses)) { + foreach ($rangeaddresses as $rangeaddress) { + $input_addresses[] = $rangeaddress; + $input_address_subnet[] = ""; + $final_address_details[] = $detail_text; + $alias_address_count++; + } + } else { + $input_errors[] = sprintf(gettext('Range is too large to expand into individual host IP addresses (%s)'), $address_item); + $input_errors[] = sprintf(gettext('The maximum number of entries in an alias is %s'), $max_alias_addresses); + // Put the user-entered data in the output anyway, so it will be re-displayed for correction. + $input_addresses[] = $address_item; + $input_address_subnet[] = ""; + $final_address_details[] = $detail_text; + } + } + } else if ($iprange_type == 6) { + $input_errors[] = sprintf(gettext('IPv6 address ranges are not supported (%s)'), $address_item); + // Put the user-entered data in the output anyway, so it will be re-displayed for correction. + $input_addresses[] = $address_item; + $input_address_subnet[] = ""; + $final_address_details[] = $detail_text; + } else { + $subnet_type = is_subnet($address_item); + if (($_POST['type'] == "host") && $subnet_type) { + if ($subnet_type == 4) { + // For host type aliases, if the user enters an IPv4 subnet, expand it into a list of individual IPv4 addresses. + if (subnet_size($address_item) <= ($max_alias_addresses - $alias_address_count)) { + $rangeaddresses = subnetv4_expand($address_item); + foreach ($rangeaddresses as $rangeaddress) { + $input_addresses[] = $rangeaddress; + $input_address_subnet[] = ""; + $final_address_details[] = $detail_text; + $alias_address_count++; + } + } else { + $input_errors[] = sprintf(gettext('Subnet is too large to expand into individual host IP addresses (%s)'), $address_item); + $input_errors[] = sprintf(gettext('The maximum number of entries in an alias is %s'), $max_alias_addresses); + // Put the user-entered data in the output anyway, so it will be re-displayed for correction. + $input_addresses[] = $address_item; + $input_address_subnet[] = ""; + $final_address_details[] = $detail_text; + } + } else { + $input_errors[] = sprintf(gettext('IPv6 subnets are not supported in host aliases (%s)'), $address_item); + // Put the user-entered data in the output anyway, so it will be re-displayed for correction. + $input_addresses[] = $address_item; + $input_address_subnet[] = ""; + $final_address_details[] = $detail_text; + } + } else { + list($address_part, $subnet_part) = explode("/", $address_item); + if (!empty($subnet_part)) { + if (is_subnet($address_item)) { + $input_addresses[] = $address_part; + $input_address_subnet[] = $subnet_part; + } else { + // The user typed something like "1.2.3.444/24" or "1.2.3.0/36" or similar rubbish. + // Feed it through without splitting it apart, then it will be caught by the validation loop below. + $input_addresses[] = $address_item; + $input_address_subnet[] = ""; + } + } else { + $input_addresses[] = $address_part; + $input_address_subnet[] = $_POST["address_subnet{$x}"]; + } + $final_address_details[] = $detail_text; + $alias_address_count++; + } + } + if ($alias_address_count > $max_alias_addresses) { + $input_errors[] = sprintf(gettext('The maximum number of entries in an alias has been exceeded (%s)'), $max_alias_addresses); + break; + } + } + } + } + + // Validate the input data expanded above. + foreach($input_addresses as $idx => $input_address) { + if (is_alias($input_address)) { + if (!alias_same_type($input_address, $_POST['type'])) + // But alias type network can include alias type urltable. Feature#1603. + if (!($_POST['type'] == 'network' && + preg_match("/urltable/i", alias_get_type($input_address)))) + $wrongaliases .= " " . $input_address; + } else if ($_POST['type'] == "port") { + if (!is_port($input_address) && !is_portrange($input_address)) + $input_errors[] = $input_address . " " . gettext("is not a valid port or alias."); + } else if ($_POST['type'] == "host" || $_POST['type'] == "network") { + if (is_subnet($input_address) || + (!is_ipaddr($input_address) && !is_hostname($input_address))) + $input_errors[] = sprintf(gettext('%1$s is not a valid %2$s address, FQDN or alias.'), $input_address, $_POST['type']); + } + $tmpaddress = $input_address; + if ($_POST['type'] != "host" && is_ipaddr($input_address) && $input_address_subnet[$idx] <> "") { + if (!is_subnet($input_address . "/" . $input_address_subnet[$idx])) + $input_errors[] = sprintf(gettext('%s/%s is not a valid subnet.'), $input_address, $input_address_subnet[$idx]); + else + $tmpaddress .= "/" . $input_address_subnet[$idx]; } + $address[] = $tmpaddress; } unset($desc_fmt_err_found); if ($wrongaliases <> "") @@ -491,7 +591,7 @@ $urltable_ports_str = gettext("URL Table (Ports)"); $update_freq_str = gettext("Update Freq. (days)"); $networks_help = gettext("Networks are specified in CIDR format. Select the CIDR mask that pertains to each entry. /32 specifies a single IPv4 host, /128 specifies a single IPv6 host, /24 specifies 255.255.255.0, /64 specifies a normal IPv6 network, etc. Hostnames (FQDNs) may also be specified, using a /32 mask for IPv4 or /128 for IPv6. You may also enter an IP range such as 192.168.1.1-192.168.1.254 and a list of CIDR networks will be derived to fill the range."); -$hosts_help = gettext("Enter as many hosts as you would like. Hosts must be specified by their IP address or fully qualified domain name (FQDN). FQDN hostnames are periodically re-resolved and updated. If multiple IPs are returned by a DNS query, all are used."); +$hosts_help = gettext("Enter as many hosts as you would like. Hosts must be specified by their IP address or fully qualified domain name (FQDN). FQDN hostnames are periodically re-resolved and updated. If multiple IPs are returned by a DNS query, all are used. You may also enter an IP range such as 192.168.1.1-192.168.1.10 or a small subnet such as 192.168.1.16/28 and a list of individual IP addresses will be generated."); $ports_help = gettext("Enter as many ports as you wish. Port ranges can be expressed by separating with a colon."); $url_help = sprintf(gettext("Enter as many URLs as you wish. After saving %s will download the URL and import the items into the alias. Use only with small sets of IP addresses (less than 3000)."), $g['product_name']); $url_ports_help = sprintf(gettext("Enter as many URLs as you wish. After saving %s will download the URL and import the items into the alias. Use only with small sets of Ports (less than 3000)."), $g['product_name']); @@ -703,7 +803,7 @@ if (empty($tab)) { $addresses = explode(" ", $pconfig['address']); $details = explode("||", $pconfig['detail']); while ($counter < count($addresses)): - if (is_subnet($addresses[$counter])) { + if (($pconfig['type'] != "host") && is_subnet($addresses[$counter])) { list($address, $address_subnet) = explode("/", $addresses[$counter]); } else { $address = $addresses[$counter]; diff --git a/usr/local/www/firewall_aliases_import.php b/usr/local/www/firewall_aliases_import.php index f744441..f7c259e 100755 --- a/usr/local/www/firewall_aliases_import.php +++ b/usr/local/www/firewall_aliases_import.php @@ -101,12 +101,15 @@ if($_POST['aliasimport'] <> "") { $impdesc = trim($implinea[1]); if (strlen($impdesc) < 200) { if ((strpos($impdesc, "||") === false) && (substr($impdesc, 0, 1) != "|") && (substr($impdesc, -1, 1) != "|")) { - if (is_iprange($impip)) { + $iprange_type = is_iprange($impip); + if ($iprange_type == 4) { list($startip, $endip) = explode('-', $impip); $rangesubnets = ip_range_to_subnet_array($startip, $endip); $imported_ips = array_merge($imported_ips, $rangesubnets); $rangedescs = array_fill(0, count($rangesubnets), $impdesc); $imported_descs = array_merge($imported_descs, $rangedescs); + } else if ($iprange_type == 6) { + $input_errors[] = sprintf(gettext('IPv6 address ranges are not supported (%s)'), $impip); } else if (!is_ipaddr($impip) && !is_subnet($impip) && !is_hostname($impip) && !empty($impip)) { $input_errors[] = sprintf(gettext("%s is not an IP address. Please correct the error to continue"), $impip); } elseif (!empty($impip)) { diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index af1b362..f4aa0d3 100644 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -227,7 +227,7 @@ include("head.inc"); <tr> <td> <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area"> + <table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area"> <tr> <td width="30%" class="listhdrr"><?=gettext("Virtual IP address");?></td> <td width="10%" class="listhdrr"><?=gettext("Interface");?></td> @@ -279,29 +279,31 @@ include("head.inc"); </tr> <?php endif; ?> <?php $i++; endforeach; ?> - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="edit"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="firewall_virtual_ip_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="edit" /></a></td> - </tr> - </table> - </td> - </tr> - <tr> - <td colspan="5"> - <p><span class="vexpl"><span class="red"><strong><?=gettext("Note:");?><br /> - </strong></span><?=gettext("The virtual IP addresses defined on this page may be used in");?><a href="firewall_nat.php"> <?=gettext("NAT"); ?> </a><?=gettext("mappings.");?><br /> - <?=gettext("You can check the status of your CARP Virtual IPs and interfaces ");?><a href="carp_status.php"><?=gettext("here");?></a>.</span></p> - </td> - </tr> - </table> + <tfoot> + <tr> + <td class="list" colspan="4"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="edit"> + <tr> + <td width="17"></td> + <td valign="middle"><a href="firewall_virtual_ip_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="edit" /></a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td colspan="5"> + <p><span class="vexpl"><span class="red"><strong><?=gettext("Note:");?><br /> + </strong></span><?=gettext("The virtual IP addresses defined on this page may be used in");?><a href="firewall_nat.php"> <?=gettext("NAT"); ?> </a><?=gettext("mappings.");?><br /> + <?=gettext("You can check the status of your CARP Virtual IPs and interfaces ");?><a href="carp_status.php"><?=gettext("here");?></a>.</span></p> + </td> + </tr> + </tfoot> + </table> </div><!-- div:mainarea --> </td></tr> </table> - </form> + </form> <?php include("fend.inc"); ?> </body> </html> diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index 049b99f..d03c39f 100644 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -119,13 +119,20 @@ if ($_POST) { if (isset($id) && isset($a_vip[$id])) { $ignore_if = $a_vip[$id]['interface']; $ignore_mode = $a_vip[$id]['mode']; + if (isset($a_vip[$id]['vhid'])) + $ignore_vhid = $a_vip[$id]['vhid']; } else { $ignore_if = $_POST['interface']; $ignore_mode = $_POST['mode']; } + if (!isset($ignore_vhid)) + $ignore_vhid = $_POST['vhid']; + if ($ignore_mode == 'carp') - $ignore_if .= "_vip{$id}"; + $ignore_if .= "_vip{$ignore_vhid}"; + else + $ignore_if .= "_virtualip{$id}"; if (is_ipaddr_configured($_POST['subnet'], $ignore_if)) $input_errors[] = gettext("This IP address is being used by another interface or VIP."); @@ -180,11 +187,6 @@ if ($_POST) { $subnet = gen_subnetv6($parent_ip, $parent_sn); } - if (isset($parent_ip) && !ip_in_subnet($_POST['subnet'], "{$subnet}/{$parent_sn}") && !ip_in_interface_alias_subnet($_POST['interface'], $_POST['subnet'])) { - $cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'] ; - $input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."),$cannot_find); - } - if ($_POST['interface'] == "lo0") $input_errors[] = gettext("For this type of vip localhost is not allowed."); } else if ($_POST['mode'] != 'ipalias' && $_POST['interface'] == "lo0") diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index d4f8994..62de607 100644 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -179,7 +179,7 @@ $netbios_nodetypes = array( '1' => "b-node", '2' => "p-node", '4' => "m-node", - '5' => "h-node"); + '8' => "h-node"); /* some well knows ports */ $wkports = array( diff --git a/usr/local/www/ifstats.php b/usr/local/www/ifstats.php index a1a6f67..7be2ace 100644 --- a/usr/local/www/ifstats.php +++ b/usr/local/www/ifstats.php @@ -47,7 +47,7 @@ $realif = get_real_interface($if); if(!$realif) - $realif = $if; // Need for IPSec case interface. + $realif = $if; // Need for IPsec case interface. $ifinfo = pfSense_get_interface_stats($realif); diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 55f02a4..a84e772 100644 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -710,8 +710,18 @@ if ($_POST['apply']) { if (($_POST['spoofmac'] && !is_macaddr($_POST['spoofmac']))) $input_errors[] = gettext("A valid MAC address must be specified."); if ($_POST['mtu']) { - if ($_POST['mtu'] < 576 || $_POST['mtu'] > 9000) - $input_errors[] = gettext("The MTU must be greater than 576 bytes and less than 9000."); + if (substr($wancfg['if'], 0, 3) == 'gif') { + $min_mtu = 1280; + $max_mtu = 8192; + } else { + $min_mtu = 576; + $max_mtu = 9000; + } + + if ($_POST['mtu'] < $min_mtu || $_POST['mtu'] > $max_mtu) + $input_errors[] = sprintf(gettext("The MTU must be from %d to %d bytes."), $min_mtu, $max_mtu); + + unset($min_mtu, $max_mtu); if (stristr($wancfg['if'], "_vlan")) { $realhwif_array = get_parent_interface($wancfg['if']); @@ -886,7 +896,8 @@ if ($_POST['apply']) { unset($wancfg['pptp_username']); unset($wancfg['pptp_password']); unset($wancfg['provider']); - unset($wancfg['ondemand']); + if ($wancfg['ipaddr'] != "ppp") + unset($wancfg['ondemand']); unset($wancfg['timeout']); if (empty($wancfg['pppoe']['pppoe-reset-type'])) unset($wancfg['pppoe']['pppoe-reset-type']); diff --git a/usr/local/www/interfaces_gre_edit.php b/usr/local/www/interfaces_gre_edit.php index b5e5c41..8cc80e4 100644 --- a/usr/local/www/interfaces_gre_edit.php +++ b/usr/local/www/interfaces_gre_edit.php @@ -165,21 +165,21 @@ include("head.inc"); <span class="vexpl"><?=gettext("The interface here serves as the local address to be used for the GRE tunnel.");?></span></td> </tr> <tr> - <td valign="top" class="vncellreq"><?=gettext("GRE remote address");?></td> + <td valign="top" class="vncellreq"><?=gettext("Remote tunnel endpoint IP address");?></td> <td class="vtable"> <input name="remote-addr" type="text" class="formfld unknown" id="remote-addr" size="16" value="<?=htmlspecialchars($pconfig['remote-addr']);?>" /> <br /> <span class="vexpl"><?=gettext("Peer address where encapsulated GRE packets will be sent ");?></span></td> </tr> <tr> - <td valign="top" class="vncellreq"><?=gettext("GRE tunnel local address ");?></td> + <td valign="top" class="vncellreq"><?=gettext("Local tunnel IP address ");?></td> <td class="vtable"> <input name="tunnel-local-addr" type="text" class="formfld unknown" id="tunnel-local-addr" size="16" value="<?=htmlspecialchars($pconfig['tunnel-local-addr']);?>" /> <br /> - <span class="vexpl"><?=gettext("Local GRE tunnel endpoint");?></span></td> + <span class="vexpl"><?=gettext("Local IP address assigned inside this tunnel");?></span></td> </tr> <tr> - <td valign="top" class="vncellreq"><?=gettext("GRE tunnel remote address ");?></td> + <td valign="top" class="vncellreq"><?=gettext("Remote tunnel IP address ");?></td> <td class="vtable"> <input name="tunnel-remote-addr" type="text" class="formfld unknown ipv4v6" id="tunnel-remote-addr" size="16" value="<?=htmlspecialchars($pconfig['tunnel-remote-addr']);?>" /> <select name="tunnel-remote-net" class="formselect ipv4v6" id="tunnel-remote-net"> @@ -193,14 +193,14 @@ include("head.inc"); ?> </select> <br /> - <span class="vexpl"><?=gettext("Remote GRE address endpoint. The subnet part is used for the determining the network that is tunneled.");?></span></td> + <span class="vexpl"><?=gettext("IP address inside this tunnel on the remote end. The subnet part is used for the determining the network that is tunneled.");?></span></td> </tr> <tr> - <td valign="top" class="vncell"><?=gettext("Mobile tunnel");?></td> + <td valign="top" class="vncell"><?=gettext("Mobile encapsulation");?></td> <td class="vtable"> <input name="link0" type="checkbox" id="link0" <?if ($pconfig['link0']) echo "checked=\"checked\"";?> /> <br /> - <span class="vexpl"><?=gettext("Specify which encapsulation method the tunnel should use. ");?></span></td> + <span class="vexpl"><?=gettext("Check this box to use mobile encapsulation (IP protocol 55, RFC 2004). When unchecked, uses GRE encapsulation (IP protocol 47, RFCs 1701, 1702).");?></span></td> </tr> <tr> <td valign="top" class="vncell"><?=gettext("Route search type");?></td> diff --git a/usr/local/www/load_balancer_monitor_edit.php b/usr/local/www/load_balancer_monitor_edit.php index 13e8f1c..d9ef175 100644 --- a/usr/local/www/load_balancer_monitor_edit.php +++ b/usr/local/www/load_balancer_monitor_edit.php @@ -355,7 +355,7 @@ function updateType(t){ <td width="22%" valign="top"> </td> <td width="78%"> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> -i <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> + <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> <?php if (isset($id) && $a_monitor[$id]): ?> <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif; ?> diff --git a/usr/local/www/pkg_mgr_settings.php b/usr/local/www/pkg_mgr_settings.php index d483984..be2f167 100644 --- a/usr/local/www/pkg_mgr_settings.php +++ b/usr/local/www/pkg_mgr_settings.php @@ -127,7 +127,7 @@ function enable_altpkgrepourl(enable_over) { <tr><td><?=gettext("Base URL:");?></td><td><input name="pkgrepourl" type="text" class="formfld url" id="pkgrepourl" size="64" value="<?php if($curcfg['xmlrpcbaseurl']) echo $curcfg['xmlrpcbaseurl']; else echo $g['']; ?>" /></td></tr> </table> <span class="vexpl"> - <?php printf(gettext("This is where %s will check for packages when the"),$g['product_name']);?>, <a href="pkg_mgr.php"><?=gettext("System: Packages");?></a> <?=gettext("page is viewed.");?> + <?php printf(gettext("This is where %s will check for packages when the"),$g['product_name']);?> <a href="pkg_mgr.php"><?=gettext("System: Packages");?></a> <?=gettext("page is viewed.");?> </span> </td> </tr> diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php index 6de13c2..22efccf 100644 --- a/usr/local/www/services_dhcp.php +++ b/usr/local/www/services_dhcp.php @@ -161,7 +161,17 @@ if (is_array($dhcpdconf)) { // No reason to specify this per-pool, per the dhcpd.conf man page it needs to be in every // pool and should be specified in every pool both nodes share, so we'll treat it as global $pconfig['failover_peerip'] = $dhcpdconf['failover_peerip']; - $pconfig['dhcpleaseinlocaltime'] = $dhcpdconf['dhcpleaseinlocaltime']; + + // dhcpleaseinlocaltime is global to all interfaces. So if it is selected on any interface, + // then show it true/checked. + foreach ($config['dhcpd'] as $dhcpdifitem) { + $dhcpleaseinlocaltime = $dhcpdifitem['dhcpleaseinlocaltime']; + if ($dhcpleaseinlocaltime) + break; + } + + $pconfig['dhcpleaseinlocaltime'] = $dhcpleaseinlocaltime; + if (!is_array($dhcpdconf['staticmap'])) $dhcpdconf['staticmap'] = array(); $a_maps = &$dhcpdconf['staticmap']; @@ -181,7 +191,7 @@ if (is_array($dhcpdconf)) { $pconfig['domain'] = $dhcpdconf['domain']; $pconfig['domainsearchlist'] = $dhcpdconf['domainsearchlist']; list($pconfig['wins1'],$pconfig['wins2']) = $dhcpdconf['winsserver']; - list($pconfig['dns1'],$pconfig['dns2']) = $dhcpdconf['dnsserver']; + list($pconfig['dns1'],$pconfig['dns2'],$pconfig['dns3'],$pconfig['dns4']) = $dhcpdconf['dnsserver']; $pconfig['denyunknown'] = isset($dhcpdconf['denyunknown']); $pconfig['ddnsdomain'] = $dhcpdconf['ddnsdomain']; $pconfig['ddnsdomainprimary'] = $dhcpdconf['ddnsdomainprimary']; @@ -232,7 +242,7 @@ if (isset($_POST['submit'])) { $numberoptions['item'][] = $numbervalue; } } - // Reload the new pconfig variable that the forum uses. + // Reload the new pconfig variable that the form uses. $pconfig['numberoptions'] = $numberoptions; /* input validation */ @@ -256,8 +266,8 @@ if (isset($_POST['submit'])) { if(!ip_in_subnet($_POST['gateway'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['if'], $_POST['gateway'])) $input_errors[] = sprintf(gettext("The gateway address %s does not lie within the chosen interface's subnet."), $_POST['gateway']); } - if (($_POST['dns1'] && !is_ipaddrv4($_POST['dns1'])) || ($_POST['dns2'] && !is_ipaddrv4($_POST['dns2']))) - $input_errors[] = gettext("A valid IP address must be specified for the primary/secondary DNS servers."); + if (($_POST['dns1'] && !is_ipaddrv4($_POST['dns1'])) || ($_POST['dns2'] && !is_ipaddrv4($_POST['dns2'])) || ($_POST['dns3'] && !is_ipaddrv4($_POST['dns3'])) || ($_POST['dns4'] && !is_ipaddrv4($_POST['dns4']))) + $input_errors[] = gettext("A valid IP address must be specified for each of the DNS servers."); if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || ($_POST['deftime'] < 60))) $input_errors[] = gettext("The default lease time must be at least 60 seconds."); @@ -451,7 +461,10 @@ if (isset($_POST['submit'])) { if($previous <> $_POST['failover_peerip']) mwexec("/bin/rm -rf /var/dhcpd/var/db/*"); $dhcpdconf['failover_peerip'] = $_POST['failover_peerip']; - $dhcpdconf['dhcpleaseinlocaltime'] = $_POST['dhcpleaseinlocaltime']; + // dhcpleaseinlocaltime is global to all interfaces. So update the setting on all interfaces. + foreach ($config['dhcpd'] as &$dhcpdifitem) { + $dhcpdifitem['dhcpleaseinlocaltime'] = $_POST['dhcpleaseinlocaltime']; + } } else { // Options that exist only in pools $dhcpdconf['descr'] = $_POST['descr']; @@ -475,6 +488,10 @@ if (isset($_POST['submit'])) { $dhcpdconf['dnsserver'][] = $_POST['dns1']; if ($_POST['dns2']) $dhcpdconf['dnsserver'][] = $_POST['dns2']; + if ($_POST['dns3']) + $dhcpdconf['dnsserver'][] = $_POST['dns3']; + if ($_POST['dns4']) + $dhcpdconf['dnsserver'][] = $_POST['dns4']; $dhcpdconf['gateway'] = $_POST['gateway']; $dhcpdconf['domain'] = $_POST['domain']; @@ -628,6 +645,8 @@ include("head.inc"); document.iform.wins2.disabled = endis; document.iform.dns1.disabled = endis; document.iform.dns2.disabled = endis; + document.iform.dns3.disabled = endis; + document.iform.dns4.disabled = endis; document.iform.deftime.disabled = endis; document.iform.maxtime.disabled = endis; document.iform.gateway.disabled = endis; @@ -915,6 +934,8 @@ include("head.inc"); <td width="78%" class="vtable"> <input name="dns1" type="text" class="formfld unknown" id="dns1" size="20" value="<?=htmlspecialchars($pconfig['dns1']);?>" /><br /> <input name="dns2" type="text" class="formfld unknown" id="dns2" size="20" value="<?=htmlspecialchars($pconfig['dns2']);?>" /><br /> + <input name="dns3" type="text" class="formfld unknown" id="dns3" size="20" value="<?=htmlspecialchars($pconfig['dns3']);?>" /><br /> + <input name="dns4" type="text" class="formfld unknown" id="dns4" size="20" value="<?=htmlspecialchars($pconfig['dns4']);?>" /><br /> <?=gettext("NOTE: leave blank to use the system default DNS servers - this interface's IP if DNS forwarder is enabled, otherwise the servers configured on the General page.");?> </td> </tr> diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php index bbc52ca..29c2a72 100644 --- a/usr/local/www/services_dhcp_edit.php +++ b/usr/local/www/services_dhcp_edit.php @@ -108,7 +108,7 @@ if (isset($id) && $a_maps[$id]) { $pconfig['domain'] = $a_maps[$id]['domain']; $pconfig['domainsearchlist'] = $a_maps[$id]['domainsearchlist']; list($pconfig['wins1'],$pconfig['wins2']) = $a_maps[$id]['winsserver']; - list($pconfig['dns1'],$pconfig['dns2']) = $a_maps[$id]['dnsserver']; + list($pconfig['dns1'],$pconfig['dns2'],$pconfig['dns3'],$pconfig['dns4']) = $a_maps[$id]['dnsserver']; $pconfig['ddnsdomain'] = $a_maps[$id]['ddnsdomain']; $pconfig['ddnsdomainprimary'] = $a_maps[$id]['ddnsdomainprimary']; $pconfig['ddnsdomainkeyname'] = $a_maps[$id]['ddnsdomainkeyname']; @@ -133,6 +133,8 @@ if (isset($id) && $a_maps[$id]) { $pconfig['wins2'] = $_GET['wins2']; $pconfig['dns1'] = $_GET['dns1']; $pconfig['dns2'] = $_GET['dns2']; + $pconfig['dns3'] = $_GET['dns3']; + $pconfig['dns4'] = $_GET['dns4']; $pconfig['ddnsdomain'] = $_GET['ddnsdomain']; $pconfig['ddnsdomainprimary'] = $_GET['ddnsdomainprimary']; $pconfig['ddnsdomainkeyname'] = $_GET['ddnsdomainkeyname']; @@ -229,8 +231,8 @@ if ($_POST) { if(!ip_in_subnet($_POST['gateway'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['if'], $_POST['gateway'])) $input_errors[] = sprintf(gettext("The gateway address %s does not lie within the chosen interface's subnet."), $_POST['gateway']); } - if (($_POST['dns1'] && !is_ipaddrv4($_POST['dns1'])) || ($_POST['dns2'] && !is_ipaddrv4($_POST['dns2']))) - $input_errors[] = gettext("A valid IP address must be specified for the primary/secondary DNS servers."); + if (($_POST['dns1'] && !is_ipaddrv4($_POST['dns1'])) || ($_POST['dns2'] && !is_ipaddrv4($_POST['dns2'])) || ($_POST['dns3'] && !is_ipaddrv4($_POST['dns3'])) || ($_POST['dns4'] && !is_ipaddrv4($_POST['dns4']))) + $input_errors[] = gettext("A valid IP address must be specified for each of the DNS servers."); if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || ($_POST['deftime'] < 60))) $input_errors[] = gettext("The default lease time must be at least 60 seconds."); @@ -284,6 +286,10 @@ if ($_POST) { $mapent['dnsserver'][] = $_POST['dns1']; if ($_POST['dns2']) $mapent['dnsserver'][] = $_POST['dns2']; + if ($_POST['dns3']) + $mapent['dnsserver'][] = $_POST['dns3']; + if ($_POST['dns4']) + $mapent['dnsserver'][] = $_POST['dns4']; $mapent['gateway'] = $_POST['gateway']; $mapent['domain'] = $_POST['domain']; @@ -439,6 +445,8 @@ include("head.inc"); <td width="78%" class="vtable"> <input name="dns1" type="text" class="formfld unknown" id="dns1" size="20" value="<?=htmlspecialchars($pconfig['dns1']);?>" /><br /> <input name="dns2" type="text" class="formfld unknown" id="dns2" size="20" value="<?=htmlspecialchars($pconfig['dns2']);?>" /><br /> + <input name="dns3" type="text" class="formfld unknown" id="dns3" size="20" value="<?=htmlspecialchars($pconfig['dns3']);?>" /><br /> + <input name="dns4" type="text" class="formfld unknown" id="dns4" size="20" value="<?=htmlspecialchars($pconfig['dns4']);?>" /><br /> <?=gettext("NOTE: leave blank to use the system default DNS servers - this interface's IP if DNS forwarder is enabled, otherwise the servers configured on the General page.");?> </td> </tr> diff --git a/usr/local/www/services_dhcpv6.php b/usr/local/www/services_dhcpv6.php index 7f56a6c..dfe6c25 100644 --- a/usr/local/www/services_dhcpv6.php +++ b/usr/local/www/services_dhcpv6.php @@ -106,7 +106,7 @@ if (is_array($config['dhcpdv6'][$if])){ $pconfig['domain'] = $config['dhcpdv6'][$if]['domain']; $pconfig['domainsearchlist'] = $config['dhcpdv6'][$if]['domainsearchlist']; list($pconfig['wins1'],$pconfig['wins2']) = $config['dhcpdv6'][$if]['winsserver']; - list($pconfig['dns1'],$pconfig['dns2']) = $config['dhcpdv6'][$if]['dnsserver']; + list($pconfig['dns1'],$pconfig['dns2'],$pconfig['dns3'],$pconfig['dns4']) = $config['dhcpdv6'][$if]['dnsserver']; $pconfig['enable'] = isset($config['dhcpdv6'][$if]['enable']); $pconfig['ddnsdomain'] = $config['dhcpdv6'][$if]['ddnsdomain']; $pconfig['ddnsdomainprimary'] = $config['dhcpdv6'][$if]['ddnsdomainprimary']; @@ -184,8 +184,8 @@ if ($_POST) { $input_errors[] = gettext("A valid range must be specified."); if (($_POST['gateway'] && !is_ipaddrv6($_POST['gateway']))) $input_errors[] = gettext("A valid IPv6 address must be specified for the gateway."); - if (($_POST['dns1'] && !is_ipaddrv6($_POST['dns1'])) || ($_POST['dns2'] && !is_ipaddrv6($_POST['dns2']))) - $input_errors[] = gettext("A valid IPv6 address must be specified for the primary/secondary DNS servers."); + if (($_POST['dns1'] && !is_ipaddrv6($_POST['dns1'])) || ($_POST['dns2'] && !is_ipaddrv6($_POST['dns2'])) || ($_POST['dns3'] && !is_ipaddrv6($_POST['dns3'])) || ($_POST['dns4'] && !is_ipaddrv6($_POST['dns4']))) + $input_errors[] = gettext("A valid IPv6 address must be specified for each of the DNS servers."); if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || ($_POST['deftime'] < 60))) $input_errors[] = gettext("The default lease time must be at least 60 seconds."); @@ -295,6 +295,10 @@ if ($_POST) { $config['dhcpdv6'][$if]['dnsserver'][] = $_POST['dns1']; if ($_POST['dns2']) $config['dhcpdv6'][$if]['dnsserver'][] = $_POST['dns2']; + if ($_POST['dns3']) + $config['dhcpdv6'][$if]['dnsserver'][] = $_POST['dns3']; + if ($_POST['dns4']) + $config['dhcpdv6'][$if]['dnsserver'][] = $_POST['dns4']; $config['dhcpdv6'][$if]['domain'] = $_POST['domain']; $config['dhcpdv6'][$if]['domainsearchlist'] = $_POST['domainsearchlist']; @@ -404,6 +408,8 @@ include("head.inc"); document.iform.prefixrange_length.disabled = endis; document.iform.dns1.disabled = endis; document.iform.dns2.disabled = endis; + document.iform.dns3.disabled = endis; + document.iform.dns4.disabled = endis; document.iform.deftime.disabled = endis; document.iform.maxtime.disabled = endis; //document.iform.gateway.disabled = endis; @@ -625,6 +631,8 @@ display_top_tabs($tab_array); <td width="78%" class="vtable"> <input name="dns1" type="text" class="formfld unknown" id="dns1" size="28" value="<?=htmlspecialchars($pconfig['dns1']);?>" /><br /> <input name="dns2" type="text" class="formfld unknown" id="dns2" size="28" value="<?=htmlspecialchars($pconfig['dns2']);?>" /><br /> + <input name="dns3" type="text" class="formfld unknown" id="dns3" size="28" value="<?=htmlspecialchars($pconfig['dns3']);?>" /><br /> + <input name="dns4" type="text" class="formfld unknown" id="dns4" size="28" value="<?=htmlspecialchars($pconfig['dns4']);?>" /><br /> <?=gettext("NOTE: leave blank to use the system default DNS servers - this interface's IP if DNS forwarder is enabled, otherwise the servers configured on the General page.");?> </td> </tr> diff --git a/usr/local/www/services_dyndns_edit.php b/usr/local/www/services_dyndns_edit.php index 620e06b..d6f4391 100644 --- a/usr/local/www/services_dyndns_edit.php +++ b/usr/local/www/services_dyndns_edit.php @@ -42,7 +42,7 @@ function is_dyndns_username($uname) { if (!is_string($uname)) return false; - if (preg_match("/[^a-z0-9\-.@_:]/i", $uname)) + if (preg_match("/[^a-z0-9\-\+.@_:]/i", $uname)) return false; else return true; diff --git a/usr/local/www/services_router_advertisements.php b/usr/local/www/services_router_advertisements.php index 6686052..370fa2f 100644 --- a/usr/local/www/services_router_advertisements.php +++ b/usr/local/www/services_router_advertisements.php @@ -96,7 +96,7 @@ if (is_array($config['dhcpdv6'][$if])) { $pconfig['rapriority'] = "medium"; $pconfig['rainterface'] = $config['dhcpdv6'][$if]['rainterface']; $pconfig['radomainsearchlist'] = $config['dhcpdv6'][$if]['radomainsearchlist']; - list($pconfig['radns1'],$pconfig['radns2']) = $config['dhcpdv6'][$if]['radnsserver']; + list($pconfig['radns1'],$pconfig['radns2'],$pconfig['radns3'],$pconfig['radns4']) = $config['dhcpdv6'][$if]['radnsserver']; $pconfig['rasamednsasdhcp6'] = isset($config['dhcpdv6'][$if]['rasamednsasdhcp6']); $pconfig['subnets'] = $config['dhcpdv6'][$if]['subnets']['item']; @@ -145,8 +145,8 @@ if ($_POST) { } } - if (($_POST['radns1'] && !is_ipaddrv6($_POST['radns1'])) || ($_POST['radns2'] && !is_ipaddrv6($_POST['radns2']))) - $input_errors[] = gettext("A valid IPv6 address must be specified for the primary/secondary DNS servers."); + if (($_POST['radns1'] && !is_ipaddrv6($_POST['radns1'])) || ($_POST['radns2'] && !is_ipaddrv6($_POST['radns2'])) || ($_POST['radns3'] && !is_ipaddrv6($_POST['radns3'])) || ($_POST['radns4'] && !is_ipaddrv6($_POST['radns4']))) + $input_errors[] = gettext("A valid IPv6 address must be specified for each of the DNS servers."); if ($_POST['radomainsearchlist']) { $domain_array=preg_split("/[ ;]+/",$_POST['radomainsearchlist']); foreach ($domain_array as $curdomain) { @@ -171,6 +171,10 @@ if ($_POST) { $config['dhcpdv6'][$if]['radnsserver'][] = $_POST['radns1']; if ($_POST['radns2']) $config['dhcpdv6'][$if]['radnsserver'][] = $_POST['radns2']; + if ($_POST['radns3']) + $config['dhcpdv6'][$if]['radnsserver'][] = $_POST['radns3']; + if ($_POST['radns4']) + $config['dhcpdv6'][$if]['radnsserver'][] = $_POST['radns4']; $config['dhcpdv6'][$if]['rasamednsasdhcp6'] = ($_POST['rasamednsasdhcp6']) ? true : false; @@ -373,6 +377,8 @@ display_top_tabs($tab_array); <td width="78%" class="vtable"> <input name="radns1" type="text" class="formfld unknown" id="radns1" size="28" value="<?=htmlspecialchars($pconfig['radns1']);?>" /><br /> <input name="radns2" type="text" class="formfld unknown" id="radns2" size="28" value="<?=htmlspecialchars($pconfig['radns2']);?>" /><br /> + <input name="radns3" type="text" class="formfld unknown" id="radns3" size="28" value="<?=htmlspecialchars($pconfig['radns3']);?>" /><br /> + <input name="radns4" type="text" class="formfld unknown" id="radns4" size="28" value="<?=htmlspecialchars($pconfig['radns4']);?>" /><br /> <?=gettext("NOTE: leave blank to use the system default DNS servers - this interface's IP if DNS forwarder is enabled, otherwise the servers configured on the General page.");?> </td> </tr> @@ -411,7 +417,7 @@ display_top_tabs($tab_array); //<![CDATA[ jQuery(function ($) { var $rasamednsasdhcp6 = $("#rasamednsasdhcp6"); - var $triggered_checkboxes = $("#radns1, #radns2, #radomainsearchlist"); + var $triggered_checkboxes = $("#radns1, #radns2, #radns3, #radns4, #radomainsearchlist"); if ($rasamednsasdhcp6.length !== 1) { return; } var onchange = function () { var checked = $rasamednsasdhcp6.is(":checked"); @@ -433,6 +439,8 @@ display_top_tabs($tab_array); <?php } ?> new AutoSuggestControl(document.getElementById('radns1'), new StateSuggestions(addressarray)); new AutoSuggestControl(document.getElementById('radns2'), new StateSuggestions(addressarray)); + new AutoSuggestControl(document.getElementById('radns3'), new StateSuggestions(addressarray)); + new AutoSuggestControl(document.getElementById('radns4'), new StateSuggestions(addressarray)); } setTimeout(createAutoSuggest, 500); //]]> diff --git a/usr/local/www/status_dhcp_leases.php b/usr/local/www/status_dhcp_leases.php index ed1a8c3..debca57 100644 --- a/usr/local/www/status_dhcp_leases.php +++ b/usr/local/www/status_dhcp_leases.php @@ -93,15 +93,15 @@ include("head.inc"); <?php function leasecmp($a, $b) { - return strcmp($a[$_GET['order']], $b[$_GET['order']]); + return strcmp($a[$_GET['order']], $b[$_GET['order']]); } function adjust_gmt($dt) { - global $config; + global $config; $dhcpd = $config['dhcpd']; foreach ($dhcpd as $dhcpditem) { $dhcpleaseinlocaltime = $dhcpditem['dhcpleaseinlocaltime']; - if ($dhcpleaseinlocaltime == "yes") + if ($dhcpleaseinlocaltime == "yes") break; } if ($dhcpleaseinlocaltime == "yes") { @@ -113,12 +113,12 @@ function adjust_gmt($dt) { function remove_duplicate($array, $field) { - foreach ($array as $sub) - $cmp[] = $sub[$field]; - $unique = array_unique(array_reverse($cmp,true)); - foreach ($unique as $k => $rien) - $new[] = $array[$k]; - return $new; + foreach ($array as $sub) + $cmp[] = $sub[$field]; + $unique = array_unique(array_reverse($cmp,true)); + foreach ($unique as $k => $rien) + $new[] = $array[$k]; + return $new; } $awk = "/usr/bin/awk"; @@ -155,7 +155,7 @@ foreach($leases_content as $lease) { /* walk the fields */ $f = 0; $fcount = count($data); - /* with less then 20 fields there is nothing useful */ + /* with less than 20 fields there is nothing useful */ if($fcount < 20) { $i++; continue; @@ -271,7 +271,7 @@ if(count($pools) > 0) { } foreach($config['interfaces'] as $ifname => $ifarr) { - if (is_array($config['dhcpd'][$ifname]) && + if (is_array($config['dhcpd'][$ifname]) && is_array($config['dhcpd'][$ifname]['staticmap'])) { foreach($config['dhcpd'][$ifname]['staticmap'] as $static) { $slease = array(); @@ -347,15 +347,17 @@ foreach ($leases as $data) { $fspans = ""; $fspane = " "; } - $lip = ip2ulong($data['ip']); + $lip = ip2ulong($data['ip']); if ($data['act'] == "static") { foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) { if(is_array($dhcpifconf['staticmap'])) { + $staticmap_array_index = 0; foreach ($dhcpifconf['staticmap'] as $staticent) { if ($data['ip'] == $staticent['ipaddr']) { $data['if'] = $dhcpif; break; } + $staticmap_array_index++; } } /* exit as soon as we have an interface */ @@ -366,48 +368,49 @@ foreach ($leases as $data) { foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) { if (!is_array($dhcpifconf['range'])) continue; - if (($lip >= ip2ulong($dhcpifconf['range']['from'])) && ($lip <= ip2ulong($dhcpifconf['range']['to']))) { - $data['if'] = $dhcpif; - break; - } + if (($lip >= ip2ulong($dhcpifconf['range']['from'])) && ($lip <= ip2ulong($dhcpifconf['range']['to']))) { + $data['if'] = $dhcpif; + break; + } } - } + } echo "<tr>\n"; - echo "<td class=\"listlr\">{$fspans}{$data['ip']}{$fspane}</td>\n"; - $mac=$data['mac']; + echo "<td class=\"listlr\">{$fspans}{$data['ip']}{$fspane}</td>\n"; + $mac=$data['mac']; $mac_hi = strtoupper($mac[0] . $mac[1] . $mac[3] . $mac[4] . $mac[6] . $mac[7]); - if ($data['online'] != "online") { + if ($data['online'] != "online") { if(isset($mac_man[$mac_hi])){ // Manufacturer for this MAC is defined - echo "<td class=\"listr\">{$fspans}<a href=\"services_wol.php?if={$data['if']}&mac=$mac\" title=\"" . gettext("$mac - send Wake on LAN packet to this MAC address") ."\">{$mac}</a><br /><font size=\"-2\"><i>{$mac_man[$mac_hi]}</i></font>{$fspane}</td>\n"; - }else{ - echo "<td class=\"listr\">{$fspans}<a href=\"services_wol.php?if={$data['if']}&mac={$data['mac']}\" title=\"" . gettext("send Wake on LAN packet to this MAC address") ."\">{$data['mac']}</a>{$fspane}</td>\n"; + echo "<td class=\"listr\">{$fspans}<a href=\"services_wol.php?if={$data['if']}&mac=$mac\" title=\"" . gettext("$mac - send Wake on LAN packet to this MAC address") ."\">{$mac}</a><br /><font size=\"-2\"><i>{$mac_man[$mac_hi]}</i></font>{$fspane}</td>\n"; + } else { + echo "<td class=\"listr\">{$fspans}<a href=\"services_wol.php?if={$data['if']}&mac={$data['mac']}\" title=\"" . gettext("send Wake on LAN packet to this MAC address") ."\">{$data['mac']}</a>{$fspane}</td>\n"; } - }else{ + } else { if(isset($mac_man[$mac_hi])){ // Manufacturer for this MAC is defined echo "<td class=\"listr\">{$fspans}{$mac}<br /><font size=\"-2\"><i>{$mac_man[$mac_hi]}</i></font>{$fspane}</td>\n"; - }else{ - echo "<td class=\"listr\">{$fspans}{$data['mac']}{$fspane}</td>\n"; + } else { + echo "<td class=\"listr\">{$fspans}{$data['mac']}{$fspane}</td>\n"; } - } - echo "<td class=\"listr\">{$fspans}" . htmlentities($data['hostname']) . "{$fspane}</td>\n"; - if ($data['type'] != "static") { - echo "<td class=\"listr\">{$fspans}" . adjust_gmt($data['start']) . "{$fspane}</td>\n"; - echo "<td class=\"listr\">{$fspans}" . adjust_gmt($data['end']) . "{$fspane}</td>\n"; - } else { - echo "<td class=\"listr\">{$fspans} n/a {$fspane}</td>\n"; - echo "<td class=\"listr\">{$fspans} n/a {$fspane}</td>\n"; - } - echo "<td class=\"listr\">{$fspans}{$data['online']}{$fspane}</td>\n"; - echo "<td class=\"listr\">{$fspans}{$data['act']}{$fspane}</td>\n"; - echo "<td valign=\"middle\"> "; + } + echo "<td class=\"listr\">{$fspans}" . htmlentities($data['hostname']) . "{$fspane}</td>\n"; + if ($data['type'] != "static") { + echo "<td class=\"listr\">{$fspans}" . adjust_gmt($data['start']) . "{$fspane}</td>\n"; + echo "<td class=\"listr\">{$fspans}" . adjust_gmt($data['end']) . "{$fspane}</td>\n"; + } else { + echo "<td class=\"listr\">{$fspans} n/a {$fspane}</td>\n"; + echo "<td class=\"listr\">{$fspans} n/a {$fspane}</td>\n"; + } + echo "<td class=\"listr\">{$fspans}{$data['online']}{$fspane}</td>\n"; + echo "<td class=\"listr\">{$fspans}{$data['act']}{$fspane}</td>\n"; + echo "<td valign=\"middle\"> "; if ($data['type'] == "dynamic") { echo "<a href=\"services_dhcp_edit.php?if={$data['if']}&mac={$data['mac']}&hostname={$data['hostname']}\">"; echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_plus.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"" . gettext("add a static mapping for this MAC address") ."\" alt=\"add\" /></a> \n"; } else { - echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_plus_mo.gif\" width=\"17\" height=\"17\" border=\"0\" alt=\"add\" /> \n"; + echo "<a href=\"services_dhcp_edit.php?if={$data['if']}&id={$staticmap_array_index}\">"; + echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_e.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"" . gettext("edit the static mapping for this entry") ."\" alt=\"add\" /> \n"; } - echo "<a href=\"services_wol_edit.php?if={$data['if']}&mac={$data['mac']}&descr={$data['hostname']}\">"; + echo "<a href=\"services_wol_edit.php?if={$data['if']}&mac={$data['mac']}&descr={$data['hostname']}\">"; echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_wol_all.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"" . gettext("add a Wake on LAN mapping for this MAC address") ."\" alt=\"add\" /></a> \n"; /* Only show the button for offline dynamic leases */ @@ -415,7 +418,7 @@ foreach ($leases as $data) { echo "<a href=\"status_dhcp_leases.php?deleteip={$data['ip']}&all=" . htmlspecialchars($_GET['all']) . "\">"; echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"" . gettext("delete this DHCP lease") . "\" alt=\"delete\" /></a> \n"; } - echo "</td></tr>\n"; + echo "</td></tr>\n"; } } diff --git a/usr/local/www/status_ntpd.php b/usr/local/www/status_ntpd.php index c3e850f..1bda7a4 100644 --- a/usr/local/www/status_ntpd.php +++ b/usr/local/www/status_ntpd.php @@ -248,13 +248,15 @@ include("head.inc"); <td class="listlr" align="center"><?php echo sprintf("%.5f", $gps_lat); ?> (<?php echo sprintf("%d", $gps_lat_deg); ?>° <?php echo sprintf("%.5f", $gps_lat_min*60); ?><?php echo $gps_vars[4]; ?>)</td> <td class="listlr" align="center"><?php echo sprintf("%.5f", $gps_lon); ?> (<?php echo sprintf("%d", $gps_lon_deg); ?>° <?php echo sprintf("%.5f", $gps_lon_min*60); ?><?php echo $gps_vars[6]; ?>)</td> <?php if (isset($gps_alt)) { echo '<td class="listlr" align="center">' . $gps_alt . ' ' . $gps_alt_unit . '</td>';}?> - <td class="listr" align="center"> <?php - if (isset($gps_satview)) {echo 'in view ' . intval($gps_satview);} - if (isset($gps_sat) && isset($gps_satview)) {echo ', ';} - if (isset($gps_sat)) {echo 'in use ' . $gps_sat;} + if (isset($gps_sat) || isset($gps_satview)) { + echo '<td class="listr" align="center">'; + if (isset($gps_satview)) {echo 'in view ' . intval($gps_satview);} + if (isset($gps_sat) && isset($gps_satview)) {echo ', ';} + if (isset($gps_sat)) {echo 'in use ' . $gps_sat;} + echo '</td>'; + } ?> - </td> </tr> <tr> <td class="listlr" colspan="<?php echo $gps_goo_lnk; ?>" align="center"><a target="_gmaps" href="http://maps.google.com/?q=<?php echo $gps_lat; ?>,<?php echo $gps_lon; ?>">Google Maps Link</a></td> diff --git a/usr/local/www/system_advanced_misc.php b/usr/local/www/system_advanced_misc.php index a224ffb..6a25692 100644 --- a/usr/local/www/system_advanced_misc.php +++ b/usr/local/www/system_advanced_misc.php @@ -78,6 +78,10 @@ $pconfig['powerd_battery_mode'] = "hadp"; if (!empty($config['system']['powerd_battery_mode'])) $pconfig['powerd_battery_mode'] = $config['system']['powerd_battery_mode']; +$pconfig['powerd_normal_mode'] = "hadp"; +if (!empty($config['system']['powerd_normal_mode'])) + $pconfig['powerd_normal_mode'] = $config['system']['powerd_normal_mode']; + $crypto_modules = array('glxsb' => gettext("AMD Geode LX Security Block"), 'aesni' => gettext("AES-NI CPU-based Acceleration")); @@ -163,6 +167,7 @@ if ($_POST) { $config['system']['powerd_ac_mode'] = $_POST['powerd_ac_mode']; $config['system']['powerd_battery_mode'] = $_POST['powerd_battery_mode']; + $config['system']['powerd_normal_mode'] = $_POST['powerd_normal_mode']; if($_POST['crypto_hardware']) $config['system']['crypto_hardware'] = $_POST['crypto_hardware']; @@ -309,7 +314,7 @@ function tmpvar_checked(obj) { <td width="78%" class="vtable"> <input name="proxyurl" id="proxyurl" value="<?php if ($pconfig['proxyurl'] <> "") echo $pconfig['proxyurl']; ?>" class="formfld unknown" /> <br /> - <?php printf(gettext("Proxy url for allowing %s to use this proxy to connect outside."),$g['product']); ?> + <?php printf(gettext("Hostname or IP address of proxy server this system will use for its outbound Internet access.")); ?> </td> </tr> <tr> @@ -317,7 +322,7 @@ function tmpvar_checked(obj) { <td width="78%" class="vtable"> <input name="proxyport" id="proxyport" value="<?php if ($pconfig['proxyport'] <> "") echo $pconfig['proxyport']; ?>" class="formfld unknown" /> <br /> - <?php printf(gettext("Proxy port to use when %s connects to the proxy URL configured above. Default is 8080 for http protocol or 443 for ssl."),$g['product']); ?> + <?php printf(gettext("Port where proxy server is listening.")); ?> </td> </tr> <tr> @@ -325,15 +330,15 @@ function tmpvar_checked(obj) { <td width="78%" class="vtable"> <input name="proxyuser" id="proxyuser" value="<?php if ($pconfig['proxyuser'] <> "") echo $pconfig['proxyuser']; ?>" class="formfld unknown" /> <br /> - <?php printf(gettext("Proxy username for allowing %s to use this proxy to connect outside"),$g['product']); ?> + <?php printf(gettext("Username for authentication to proxy server. Optional, leave blank to not use authentication.")); ?> </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Proxy Pass"); ?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("Proxy Password"); ?></td> <td width="78%" class="vtable"> <input type="password" name="proxypass" id="proxypass" value="<?php if ($pconfig['proxypass'] <> "") echo $pconfig['proxypass']; ?>" class="formfld unknown" /> <br /> - <?php printf(gettext("Proxy password for allowing %s to use this proxy to connect outside"),$g['product']); ?> + <?php printf(gettext("Password for authentication to proxy server.")); ?> </td> </tr> <tr> @@ -364,9 +369,9 @@ function tmpvar_checked(obj) { <td width="22%" valign="top" class="vncell"><?=gettext("Load Balancing"); ?></td> <td width="78%" class="vtable"> <input name="gw_switch_default" type="checkbox" id="gw_switch_default" value="yes" <?php if ($pconfig['gw_switch_default']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Allow default gateway switching"); ?></strong><br /> - <?=gettext("If the link where the default gateway resides fails " . - "switch the default gateway to another available one."); ?> + <strong><?=gettext("Enable default gateway switching"); ?></strong><br /> + <?=gettext("If the default gateway goes down, " . + "switch the default gateway to another available one. This is not enabled by default, as it's unnecessary in most all scenarios, which instead use gateway groups."); ?> </td> </tr> <tr> @@ -396,6 +401,14 @@ function tmpvar_checked(obj) { <option value="min"<?php if($pconfig['powerd_battery_mode']=="min") echo " selected=\"selected\""; ?>><?=gettext("Minimum");?></option> <option value="max"<?php if($pconfig['powerd_battery_mode']=="max") echo " selected=\"selected\""; ?>><?=gettext("Maximum");?></option> </select> + <br /> + <?=gettext("On Unknown Power Mode"); ?> : + <select name="powerd_normal_mode" id="powerd_normal_mode"> + <option value="hadp"<?php if($pconfig['powerd_normal_mode']=="hadp") echo " selected=\"selected\""; ?>><?=gettext("Hiadaptive");?></option> + <option value="adp"<?php if($pconfig['powerd_normal_mode']=="adp") echo " selected=\"selected\""; ?>><?=gettext("Adaptive");?></option> + <option value="min"<?php if($pconfig['powerd_normal_mode']=="min") echo " selected=\"selected\""; ?>><?=gettext("Minimum");?></option> + <option value="max"<?php if($pconfig['powerd_normal_mode']=="max") echo " selected=\"selected\""; ?>><?=gettext("Maximum");?></option> + </select> <br /><br /> <?=gettext("The powerd utility monitors the system state and sets various power control " . "options accordingly. It offers four modes (maximum, minimum, adaptive " . @@ -487,7 +500,7 @@ function tmpvar_checked(obj) { <td width="78%" class="vtable"> <input name="schedule_states" type="checkbox" id="schedule_states" value="yes" <?php if ($pconfig['schedule_states']) echo "checked=\"checked\""; ?> /> <br /> - <?=gettext("By default schedules clear the states of existing connections when the expiration time has come. ". + <?=gettext("By default, when a schedule expires, connections permitted by that schedule are killed. ". "This option overrides that behavior by not clearing states for existing connections."); ?> </td> </tr> @@ -510,18 +523,17 @@ function tmpvar_checked(obj) { <td width="78%" class="vtable"> <input name="skip_rules_gw_down" type="checkbox" id="skip_rules_gw_down" value="yes" <?php if ($pconfig['skip_rules_gw_down']) echo "checked=\"checked\""; ?> /> <br /> - <?=gettext("By default, when a rule has a specific gateway set, and this gateway is down, ". - "rule is created and traffic is sent to default gateway.This option overrides that behavior ". - "and the rule is not created when gateway is down"); ?> + <?=gettext("By default, when a rule has a gateway specified and this gateway is down, ". + "the rule is created omitting the gateway. This option overrides that behavior by omitting ". + "the entire rule instead."); ?> </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Enable debugging messages of gateway monitoring daemon"); ?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("Enable gateway monitoring debug logging"); ?></td> <td width="78%" class="vtable"> <input name="apinger_debug" type="checkbox" id="apinger_debug" value="yes" <?php if ($pconfig['apinger_debug']) echo "checked=\"checked\""; ?> /> <br /> - <?=gettext("By default, gateway monitoring does not log its error messages, ". - "by toggling this setting the daemon would enable logging its messages to syslog."); ?> + <?=gettext("Enable this setting to log debug information from the gateway monitoring process to the system logs."); ?> </td> </tr> <tr> diff --git a/usr/local/www/system_advanced_notifications.php b/usr/local/www/system_advanced_notifications.php index 2ead28d..20ad171 100644 --- a/usr/local/www/system_advanced_notifications.php +++ b/usr/local/www/system_advanced_notifications.php @@ -209,28 +209,28 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Registration Name"); ?></td> <td width="78%" class="vtable"> - <input name='name' value='<?php echo $pconfig['name']; ?>' /><br /> + <input name='name' value='<?php echo htmlspecialchars($pconfig['name']); ?>' /><br /> <?=gettext("Enter the name to register with the Growl server (default: PHP-Growl)."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Notification Name"); ?></td> <td width="78%" class="vtable"> - <input name='notification_name' value='<?php echo $pconfig['notification_name']; ?>' /><br /> + <input name='notification_name' value='<?php echo htmlspecialchars($pconfig['notification_name']); ?>' /><br /> <?=sprintf(gettext("Enter a name for the Growl notifications (default: %s growl alert)."), $g['product_name']); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("IP Address"); ?></td> <td width="78%" class="vtable"> - <input name='ipaddress' value='<?php echo $pconfig['ipaddress']; ?>' /><br /> + <input name='ipaddress' value='<?php echo htmlspecialchars($pconfig['ipaddress']); ?>' /><br /> <?=gettext("This is the IP address that you would like to send growl notifications to."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Password"); ?></td> <td width="78%" class="vtable"> - <input name='password' type='password' value='<?php echo $pconfig['password']; ?>' /><br /> + <input name='password' type='password' value='<?php echo htmlspecialchars($pconfig['password']); ?>' /><br /> <?=gettext("Enter the password of the remote growl notification device."); ?> </td> </tr> @@ -260,14 +260,14 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?=gettext("E-Mail server"); ?></td> <td width="78%" class="vtable"> - <input name='smtpipaddress' value='<?php echo $pconfig['smtpipaddress']; ?>' /><br /> + <input name='smtpipaddress' value='<?php echo htmlspecialchars($pconfig['smtpipaddress']); ?>' /><br /> <?=gettext("This is the FQDN or IP address of the SMTP E-Mail server to which notifications will be sent."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("SMTP Port of E-Mail server"); ?></td> <td width="78%" class="vtable"> - <input name='smtpport' value='<?php echo $pconfig['smtpport']; ?>' /><br /> + <input name='smtpport' value='<?php echo htmlspecialchars($pconfig['smtpport']); ?>' /><br /> <?=gettext("This is the port of the SMTP E-Mail server, typically 25, 587 (submission) or 465 (smtps)"); ?> </td> </tr> @@ -281,28 +281,28 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?=gettext("From e-mail address"); ?></td> <td width="78%" class="vtable"> - <input name='smtpfromaddress' type='text' value='<?php echo $pconfig['smtpfromaddress']; ?>' /><br /> + <input name='smtpfromaddress' type='text' value='<?php echo htmlspecialchars($pconfig['smtpfromaddress']); ?>' /><br /> <?=gettext("This is the e-mail address that will appear in the from field."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Notification E-Mail address"); ?></td> <td width="78%" class="vtable"> - <input name='smtpnotifyemailaddress' type='text' value='<?php echo $pconfig['smtpnotifyemailaddress']; ?>' /><br /> + <input name='smtpnotifyemailaddress' type='text' value='<?php echo htmlspecialchars($pconfig['smtpnotifyemailaddress']); ?>' /><br /> <?=gettext("Enter the e-mail address that you would like email notifications sent to."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Notification E-Mail auth username (optional)"); ?></td> <td width="78%" class="vtable"> - <input name='smtpusername' type='text' value='<?php echo $pconfig['smtpusername']; ?>' /><br /> + <input name='smtpusername' type='text' value='<?php echo htmlspecialchars($pconfig['smtpusername']); ?>' /><br /> <?=gettext("Enter the e-mail address username for SMTP authentication."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Notification E-Mail auth password"); ?></td> <td width="78%" class="vtable"> - <input name='smtppassword' type='password' value='<?php echo $pconfig['smtppassword']; ?>' /><br /> + <input name='smtppassword' type='password' value='<?php echo htmlspecialchars($pconfig['smtppassword']); ?>' /><br /> <?=gettext("Enter the e-mail address password for SMTP authentication."); ?> </td> </tr> diff --git a/usr/local/www/system_hasync.php b/usr/local/www/system_hasync.php index 17eff62..6a7f4ac 100755 --- a/usr/local/www/system_hasync.php +++ b/usr/local/www/system_hasync.php @@ -80,7 +80,7 @@ if ($_POST) { $a_hasync['username'] = $pconfig['username']; $a_hasync['password'] = $pconfig['password']; write_config("Updated High Availability Sync configuration"); - interfaces_carp_setup(); + interfaces_sync_setup(); header("Location: system_hasync.php"); exit(); } diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index 9dfd814..a7fd722 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -210,6 +210,9 @@ if ($_POST['save']) { if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) $input_errors[] = gettext("The passwords do not match."); + if (isset($_POST['ipsecpsk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['ipsecpsk'])) + $input_errors[] = gettext("IPsec Pre-Shared Key contains invalid characters."); + if (isset($id) && $a_user[$id]) $oldusername = $a_user[$id]['name']; else diff --git a/usr/local/www/vpn_ipsec_keys.php b/usr/local/www/vpn_ipsec_keys.php index c9dbc56..defc280 100644 --- a/usr/local/www/vpn_ipsec_keys.php +++ b/usr/local/www/vpn_ipsec_keys.php @@ -90,6 +90,7 @@ if (is_subsystem_dirty('ipsec')) print_info_box_np(gettext("The IPsec tunnel configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect.")); ?> +</form> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn ipsec keys"> <tr><td class="tabnavtbl"> <?php @@ -182,7 +183,6 @@ if (is_subsystem_dirty('ipsec')) </td> </tr> </table> -</form> <?php include("fend.inc"); ?> </body> </html> diff --git a/usr/local/www/vpn_ipsec_keys_edit.php b/usr/local/www/vpn_ipsec_keys_edit.php index b1c24aa..c445a6e 100644 --- a/usr/local/www/vpn_ipsec_keys_edit.php +++ b/usr/local/www/vpn_ipsec_keys_edit.php @@ -78,6 +78,9 @@ if ($_POST) { $input_errors[] = gettext("A user with this name already exists. Add the key to the user instead."); unset($userids); + if (isset($_POST['psk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['psk'])) + $input_errors[] = gettext("Pre-Shared Key contains invalid characters."); + if (!$input_errors && !(isset($id) && $a_secret[$id])) { /* make sure there are no dupes */ foreach ($a_secret as $secretent) { diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 4d61715..6c22f71 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -171,6 +171,7 @@ if ($_POST) { case "xauth_psk_server": $reqdfields = explode(" ", "pskey"); $reqdfieldsn = array(gettext("Pre-Shared Key")); + $validate_pskey = true; break; case "hybrid_rsa_server": case "xauth_rsa_server": @@ -186,6 +187,11 @@ if ($_POST) { do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); + if (isset($validate_pskey) && isset($pconfig['pskey']) && !preg_match('/^[[:ascii:]]*$/', $pconfig['pskey'])) { + unset($validate_pskey); + $input_errors[] = gettext("Pre-Shared Key contains invalid characters."); + } + if (($pconfig['lifetime'] && !is_numeric($pconfig['lifetime']))) $input_errors[] = gettext("The P1 lifetime must be an integer."); diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php index aacce92..ba68596 100644 --- a/usr/local/www/vpn_ipsec_settings.php +++ b/usr/local/www/vpn_ipsec_settings.php @@ -161,15 +161,15 @@ function maxmss_checked(obj) { <div class="tabcont"> <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("IPSec Advanced Settings"); ?></td> + <td colspan="2" valign="top" class="listtopic"><?=gettext("IPsec Advanced Settings"); ?></td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("LAN security associsations"); ?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("LAN security associations"); ?></td> <td width="78%" class="vtable"> <input name="noinstalllanspd" type="checkbox" id="noinstalllanspd" value="yes" <?php if ($pconfig['noinstalllanspd']) echo "checked=\"checked\""; ?> /> <strong><?=gettext("Do not install LAN SPD"); ?></strong> <br /> - <?=gettext("By default, if IPSec is enabled negating SPD are inserted to provide protection. " . + <?=gettext("By default, if IPsec is enabled negating SPD are inserted to provide protection. " . "This behaviour can be changed by enabling this setting which will prevent installing these SPDs."); ?> </td> </tr> @@ -187,7 +187,7 @@ function maxmss_checked(obj) { <tr> <td width="22%" valign="top" class="vncell"><?=gettext("IPsec Debug"); ?></td> <td width="78%" class="vtable"> - <strong><?=gettext("Start IPSec in debug mode based on sections selected"); ?></strong> + <strong><?=gettext("Start IPsec in debug mode based on sections selected"); ?></strong> <br /> <table summary="ipsec debug"> <?php foreach ($ipsec_loglevels as $lkey => $ldescr): ?> @@ -208,7 +208,7 @@ function maxmss_checked(obj) { <?php endforeach; ?> <tr style="display:none;"><td></td></tr> </table> - <br /><?=gettext("Launches IPSec in debug mode so that more verbose logs " . + <br /><?=gettext("Launches IPsec in debug mode so that more verbose logs " . "will be generated to aid in troubleshooting."); ?> </td> </tr> diff --git a/usr/local/www/widgets/widgets/interfaces.widget.php b/usr/local/www/widgets/widgets/interfaces.widget.php index 009ef0e..115af4e 100644 --- a/usr/local/www/widgets/widgets/interfaces.widget.php +++ b/usr/local/www/widgets/widgets/interfaces.widget.php @@ -38,65 +38,87 @@ require_once("pfsense-utils.inc"); require_once("functions.inc"); require_once("/usr/local/www/widgets/include/interfaces.inc"); - $i = 0; - $ifdescrs = get_configured_interface_with_descr(); +$ifdescrs = get_configured_interface_with_descr(); ?> - <table bgcolor="#990000" width="100%" border="0" cellspacing="0" cellpadding="0" summary="interfaces"> - <?php - foreach ($ifdescrs as $ifdescr => $ifname) { - $ifinfo = get_interface_info($ifdescr); - $iswireless = is_interface_wireless($ifdescr); - ?> - <tr> - <td class="vncellt" rowspan="2"> - <?php - if($ifinfo['ppplink']) { - echo "<img src='./themes/{$g['theme']}/images/icons/icon_3g.gif' alt='3g' />"; - } else if($iswireless) { - if($ifinfo['status'] == "associated") { ?> - <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_wlan.gif" alt="wlan" /> - <?php } else { ?> - <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_wlan_d.gif" alt="wlan_d" /> - <?php } ?> - <?php } else { ?> - <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_cablenic.gif" alt="cablenic" /> - <?php } ?> - <strong><u> - <span onclick="location.href='/interfaces.php?if=<?=$ifdescr; ?>'" style="cursor:pointer"> - <?=htmlspecialchars($ifname);?></span></u></strong> - <?php - if ($ifinfo['dhcplink']) - echo " (DHCP)"; - ?> - </td> - <?php if($ifinfo['status'] == "up" || $ifinfo['status'] == "associated") { ?> - <td rowspan="2" class="listr" align="center"> - <div id="<?php echo $ifname;?>-up" style="display:inline" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_interface_up.gif" title="<?=$ifname;?> is up" alt="up" /></div> - </td> - <?php } else if ($ifinfo['status'] == "no carrier") { ?> - <td rowspan="2" class="listr" align="center"> - <div id="<?php echo $ifname;?>-down" style="display:inline" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_interface_down.gif" title="<?=$ifname;?> is down" alt="down" /></div> - </td> - <?php } else if ($ifinfo['status'] == "down") { ?> - <td rowspan="2" class="listr" align="center"> - <div id="<?php echo $ifname;?>-block" style="display:inline" ><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" title="<?=$ifname;?> is disabled" alt="disabled" /></div> - </td> - <?php } else { ?><?=htmlspecialchars($ifinfo['status']); }?> - <td class="listr"> - <div id="<?php echo $ifname;?>-media" style="display:inline"><?=htmlspecialchars($ifinfo['media']);?></div> - </td> - </tr> - <tr> - <td class="vncellt" style="border-right:1px solid #999999;"> - <?php if($ifinfo['ipaddr'] != "") { ?> - <div id="<?php echo $ifname;?>-ip" style="display:inline"><?=htmlspecialchars($ifinfo['ipaddr']);?> </div> - <br /> - <?php } - if ($ifinfo['ipaddrv6'] != "") { ?> - <div id="<?php echo $ifname;?>-ipv6" style="display:inline"><?=htmlspecialchars($ifinfo['ipaddrv6']);?> </div> - <?php } ?> - </td> - </tr> - <?php }//end for each ?> - </table> +<table bgcolor="#990000" width="100%" border="0" cellspacing="0" cellpadding="0" summary="interfaces"> +<?php +foreach ($ifdescrs as $ifdescr => $ifname): + $ifinfo = get_interface_info($ifdescr); + + if ($ifinfo['ppplink']) { + $icon = '3g'; + } else if (is_interface_wireless($ifdescr)) { + if($ifinfo['status'] == "associated") + $icon = 'wlan'; + else + $icon = 'wlan_d'; + } else + $icon = 'cablenic'; + + if ($ifinfo['status'] == "up" || $ifinfo['status'] == "associated") { + $status = '-up'; + $status_text = 'up'; + $status_icon = 'icon_interface_up.gif'; + } elseif ($ifinfo['status'] == "no carrier") { + $status = '-down'; + $status_text = 'down'; + $status_icon = 'icon_interface_down.gif'; + } elseif ($ifinfo['status'] == "down") { + $status = '-block'; + $status_text = 'disabled'; + $status_icon = 'icon_block.gif'; + } else + $status = ''; +?> + <tr> + <td class="vncellt" rowspan="2"> + <span onclick="location.href='/interfaces.php?if=<?=$ifdescr; ?>'" style="cursor:pointer; white-space:nowrap"> + <img src="./themes/<?=$g['theme'];?>/images/icons/icon_<?=$icon;?>.gif" alt="<?=$icon;?>" /> + <u><?=htmlspecialchars($ifname);?></u> + </span> +<?php + if ($ifinfo['dhcplink']) + echo "<br />(DHCP)"; +?> + </td> +<?php + if ($status === ''): + echo htmlspecialchars($ifinfo['status']); + else: +?> + <td rowspan="2" class="listr" align="center"> + <div id="<?php echo $ifname . $status;?>" style="display:inline" > + <img src="./themes/<?= $g['theme']; ?>/images/icons/<?=$status_icon;?>" title="<?=$ifname;?> is <?=$status_text;?>" alt="<?=$status;?>" /> + </div> + </td> +<?php + endif; +?> + <td class="listr"> + <div id="<?php echo $ifname;?>-media" style="display:inline"><?=htmlspecialchars($ifinfo['media']);?></div> + </td> + </tr> + <tr> + <td class="listr"> + <strong> +<?php + if($ifinfo['ipaddr'] != ""): +?> + <div id="<?php echo $ifname;?>-ip" style="display:inline"><?=htmlspecialchars($ifinfo['ipaddr']);?> </div> + <br /> +<?php + endif; + if ($ifinfo['ipaddrv6'] != ""): +?> + <div id="<?php echo $ifname;?>-ipv6" style="display:inline"><?=htmlspecialchars($ifinfo['ipaddrv6']);?> </div> +<?php + endif; +?> + </strong> + </td> + </tr> +<?php +endforeach; +?> +</table> diff --git a/usr/local/www/widgets/widgets/log.widget.php b/usr/local/www/widgets/widgets/log.widget.php index f3065a3..651f08f 100644 --- a/usr/local/www/widgets/widgets/log.widget.php +++ b/usr/local/www/widgets/widgets/log.widget.php @@ -196,10 +196,10 @@ function format_log_line(row) { <td class="listMRr ellipsis nowrap" title="<?php echo htmlspecialchars($filterent['time']);?>"><?php echo substr(htmlspecialchars($filterent['time']),0,-3);?></td> <td class="listMRr ellipsis nowrap" title="<?php echo htmlspecialchars($filterent['interface']);?>"><?php echo htmlspecialchars($filterent['interface']);?></td> <td class="listMRr ellipsis nowrap" title="<?php echo htmlspecialchars($filterent['src']);?>"> - <a href="#" onclick="javascript:getURL('diag_dns.php?host=<?php echo "{$filterent['srcip']}"; ?>&dialog_output=true', outputrule);" title="<?=gettext("Reverse Resolve with DNS");?>"> + <a href="diag_dns.php?host=<?php echo "{$filterent['srcip']}"; ?>" title="<?=gettext("Reverse Resolve with DNS");?>"> <?php echo htmlspecialchars($filterent['srcip']);?></a></td> <td class="listMRr ellipsis nowrap" title="<?php echo htmlspecialchars($filterent['dst']);?>"> - <a href="#" onclick="javascript:getURL('diag_dns.php?host=<?php echo "{$filterent['dstip']}"; ?>&dialog_output=true', outputrule);" title="<?=gettext("Reverse Resolve with DNS");?>"> + <a href="diag_dns.php?host=<?php echo "{$filterent['dstip']}"; ?>" title="<?=gettext("Reverse Resolve with DNS");?>"> <?php echo htmlspecialchars($filterent['dstip']);?></a><?php echo ":" . htmlspecialchars($filterent['dstport']);?></td> <?php if ($filterent['proto'] == "TCP") diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index 93733cc..51bf1db 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -274,7 +274,7 @@ function restore_config_section_xmlrpc($raw_params) { pfSense_interface_deladdress($oldvipif, $oldvipar['subnet']); } if ($carp_setuped == true) - interfaces_carp_setup(); + interfaces_sync_setup(); if ($anyproxyarp == true) interface_proxyarp_configure(); } |
