diff options
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/captiveportal.inc | 1 | ||||
-rw-r--r-- | etc/inc/config.inc | 4 | ||||
-rw-r--r-- | etc/inc/config.lib.inc | 123 | ||||
-rw-r--r-- | etc/inc/filter.inc | 7 | ||||
-rw-r--r-- | etc/inc/gwlb.inc | 101 | ||||
-rw-r--r-- | etc/inc/openvpn.inc | 18 | ||||
-rw-r--r-- | etc/inc/pfsense-utils.inc | 2 | ||||
-rw-r--r-- | etc/inc/system.inc | 81 | ||||
-rw-r--r-- | etc/inc/util.inc | 26 | ||||
-rw-r--r-- | etc/inc/vpn.inc | 10 | ||||
-rw-r--r-- | etc/inc/xmlparse.inc | 13 |
11 files changed, 242 insertions, 144 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 31cc680..28dab57 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -43,6 +43,7 @@ /* include all configuration functions */ require_once("config.inc"); require_once("functions.inc"); +require_once("filter.inc"); require_once("radius.inc"); require_once("voucher.inc"); diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 1dd0d9a..5ec98be 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -54,10 +54,10 @@ if($g['booting']) echo "."; ini_set("memory_limit","128M"); /* include globals from notices.inc /utility/XML parser files */ -require_once('config.lib.inc'); -if($g['booting']) echo "."; require_once("notices.inc"); if($g['booting']) echo "."; +require_once('config.lib.inc'); +if($g['booting']) echo "."; require_once("util.inc"); if($g['booting']) echo "."; if(file_exists("/cf/conf/use_xmlreader")) diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 0fa2315..435949f 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -191,8 +191,8 @@ function restore_backup($file) { if (file_exists($file)) { conf_mount_rw(); - copy("$file","/cf/conf/config.xml"); unlink_if_exists("{$g['tmp_path']}/config.cache"); + copy("$file","/cf/conf/config.xml"); log_error("{$g['product_name']} is restoring the configuration $file"); file_notice("config.xml", "{$g['product_name']} is restoring the configuration $file", "pfSenseConfigurator", ""); conf_mount_ro(); @@ -496,13 +496,14 @@ function write_config($desc="Unknown", $backup = true) { /* re-read configuration */ /* NOTE: We assume that the file can be parsed since we wrote it. */ $config = parse_xml_config("{$g['conf_path']}/config.xml", $g['xml_rootobj']); - - /* write config cache */ - $fd = @fopen("{$g['tmp_path']}/config.cache", "wb"); - if ($fd) { - fwrite($fd, serialize($config)); - fclose($fd); - } + if ($config == -1) { + $last_backup = discover_last_backup(); + if ($last_backup) + restore_backup("/cf/conf/backup/{$last_backup}"); + else + log_error(gettext("Could not restore config.xml.")); + } else + generate_config_cache($config); unlock($lockkey); @@ -571,8 +572,8 @@ function config_restore($conffile) { $lockkey = lock('config', LOCK_EX); - copy($conffile, "{$g['cf_conf_path']}/config.xml"); unlink_if_exists("{$g['tmp_path']}/config.cache"); + copy($conffile, "{$g['cf_conf_path']}/config.xml"); unlock($lockkey); @@ -1136,63 +1137,69 @@ function cleanup_backupcache($revisions = 30, $lock = false) { if (!$lock) $lockkey = lock('config'); - if(file_exists($g['cf_conf_path'] . '/backup/backup.cache')) { - conf_mount_rw(); - $backups = get_backups(); - $newbaks = array(); - $bakfiles = glob($g['cf_conf_path'] . "/backup/config-*"); + + conf_mount_rw(); + + $backups = get_backups(); + if ($backups) { $baktimes = $backups['versions']; - $tocache = array(); unset($backups['versions']); - foreach($bakfiles as $backup) { // Check for backups in the directory not represented in the cache. - if(filesize($backup) == 0) { - unlink($backup); - continue; - } - $tocheck = array_shift(explode('.', array_pop(explode('-', $backup)))); - if(!in_array($tocheck, $baktimes)) { - $i = true; - if($g['booting']) - echo "."; - $newxml = parse_xml_config($backup, $g['xml_rootobj']); - if($newxml == "-1") { - log_error("The backup cache file $backup is corrupted. Unlinking."); - unlink($backup); - log_error("The backup cache file $backup is corrupted. Unlinking."); - continue; - } - if($newxml['revision']['description'] == "") - $newxml['revision']['description'] = "Unknown"; - $tocache[$tocheck] = array('description' => $newxml['revision']['description']); - } - } - foreach($backups as $checkbak) { + } else { + $backups = array(); + $baktimes = array(); + } + $newbaks = array(); + $bakfiles = glob($g['cf_conf_path'] . "/backup/config-*"); + $tocache = array(); - if(count(preg_grep('/' . $checkbak['time'] . '/i', $bakfiles)) != 0) { - $newbaks[] = $checkbak; - } else { - $i = true; - if($g['booting']) print " " . $tocheck . "r"; + foreach($bakfiles as $backup) { // Check for backups in the directory not represented in the cache. + if(filesize($backup) == 0) { + unlink($backup); + continue; + } + $tocheck = array_shift(explode('.', array_pop(explode('-', $backup)))); + if(!in_array($tocheck, $baktimes)) { + $i = true; + if($g['booting']) + echo "."; + $newxml = parse_xml_config($backup, $g['xml_rootobj']); + if($newxml == "-1") { + log_error("The backup cache file $backup is corrupted. Unlinking."); + unlink($backup); + log_error("The backup cache file $backup is corrupted. Unlinking."); + continue; } + if($newxml['revision']['description'] == "") + $newxml['revision']['description'] = "Unknown"; + $tocache[$tocheck] = array('description' => $newxml['revision']['description']); } - foreach($newbaks as $todo) $tocache[$todo['time']] = array('description' => $todo['description']); - if(is_int($revisions) and (count($tocache) > $revisions)) { - $toslice = array_slice(array_keys($tocache), 0, $revisions); - foreach($toslice as $sliced) - $newcache[$sliced] = $tocache[$sliced]; - foreach($tocache as $version => $versioninfo) { - if(!in_array($version, array_keys($newcache))) { - unlink_if_exists($g['conf_path'] . '/backup/config-' . $version . '.xml'); - if($g['booting']) print " " . $tocheck . "d"; - } + } + foreach($backups as $checkbak) { + if(count(preg_grep('/' . $checkbak['time'] . '/i', $bakfiles)) != 0) { + $newbaks[] = $checkbak; + } else { + $i = true; + if($g['booting']) print " " . $tocheck . "r"; + } + } + foreach($newbaks as $todo) $tocache[$todo['time']] = array('description' => $todo['description']); + if(is_int($revisions) and (count($tocache) > $revisions)) { + $toslice = array_slice(array_keys($tocache), 0, $revisions); + foreach($toslice as $sliced) + $newcache[$sliced] = $tocache[$sliced]; + foreach($tocache as $version => $versioninfo) { + if(!in_array($version, array_keys($newcache))) { + unlink_if_exists($g['conf_path'] . '/backup/config-' . $version . '.xml'); + if($g['booting']) print " " . $tocheck . "d"; } - $tocache = $newcache; } - $bakout = fopen($g['cf_conf_path'] . '/backup/backup.cache', "w"); - fwrite($bakout, serialize($tocache)); - fclose($bakout); - conf_mount_ro(); + $tocache = $newcache; } + $bakout = fopen($g['cf_conf_path'] . '/backup/backup.cache', "w"); + fwrite($bakout, serialize($tocache)); + fclose($bakout); + conf_mount_ro(); + if($g['booting'] && $i) print "done.\n"; if (!$lock) diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 77a06d2..f01faee 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -69,7 +69,8 @@ function flowtable_configure() { // nmbflows cpu count * ($maxstates * 2) $cpus = trim(`/sbin/sysctl kern.smp.cpus | /usr/bin/cut -d' ' -f2`); $nmbflows = ($cpus*($maxstates*2)); - // Is flowtable enabled? + // flowtable is not enabled + /* if($config['system']['flowtable']) $flowtable_enable = 1; else @@ -82,6 +83,7 @@ function flowtable_configure() { } mwexec("/sbin/sysctl net.inet.flowtable.enable={$flowtable_enable}"); } + */ } function filter_load_ipfw() { @@ -690,7 +692,7 @@ function filter_generate_optcfg_array() { if(!is_ipaddr($oc['ipaddr']) && !empty($oc['ipaddr'])) $oic['type'] = $oc['ipaddr']; $oic['sn'] = get_interface_subnet($if); - $oic['mtu'] = $oc['mtu']; + $oic['mtu'] = empty($oc['mtu']) ? 1500 : $oc['mtu']; $oic['descr'] = $ifdetail; $oic['sa'] = gen_subnet($oic['ip'], $oic['sn']); $oic['nonat'] = $oc['nonat']; @@ -2498,6 +2500,7 @@ function filter_process_carp_rules() { if(isset($config['installedpackages']['carp']['config']) && $config['installedpackages']['carpsettings']['config'] <> "" or $config['virtualip']['vip'] <> "") { + $lines .= "block in log quick proto carp from (self) to any\n"; $lines .= "pass quick proto carp\n"; $lines .= "pass quick proto pfsync\n"; } diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index 0dbf329..2411892 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -1,13 +1,13 @@ <?php -/* $Id$ */ /* Copyright (C) 2008 Bill Marquette, Seth Mos + Copyright (C) 2010 Ermal Luçi All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: -1. Redistributions of source code must retain the above copyright notice, + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright @@ -28,7 +28,7 @@ pfSense_BUILDER_BINARIES: /usr/bin/killall /sbin/route /usr/local/sbin/apinger pfSense_MODULE: routing - */ + */ /* add static routes for monitor IP addresse * creates monitoring configuration file @@ -151,15 +151,14 @@ EOD; if((is_numeric($gateway['attribute'])) && is_ipaddr($gwref['monitor'])) { $gateway['monitor'] = $gwref['monitor']; } else { - if(($gateway['gateway'] == "dynamic") && ($gateway['monitor'])) { + if ($gateway['gateway'] == "dynamic") { $gateway['monitor'] = "127.0.0.{$i}"; $i++; } - if(!is_ipaddr($gateway['monitor'])) { + if (!is_ipaddr($gateway['monitor'])) $gateway['monitor'] = $gateway['gateway']; - } } - + $apingercfg .= "target \"{$gateway['monitor']}\" {\n"; $apingercfg .= " description \"{$gateway['name']}\"\n"; $alarms = ""; @@ -249,7 +248,7 @@ function return_gateways_status() { $gateways_arr = return_gateways_array(); $apingerstatus = array(); - if(is_readable("{$g['tmp_path']}/apinger.status")) { + if (file_exists("{$g['tmp_path']}/apinger.status")) { $apingerstatus = file("{$g['tmp_path']}/apinger.status"); } @@ -383,7 +382,7 @@ function return_gateway_groups_array() { $gwname = $itemsplit[0]; /* check if the gateway is available before adding it to the array */ foreach($gateways_status as $status) { - if(($status['name'] != $gwname)) { + if ($status['name'] != $gwname) { continue; } if (stristr($status['status'], "down")) { @@ -421,20 +420,18 @@ function return_gateway_groups_array() { log_error($msg); notify_via_growl($msg); foreach($group['item'] as $item) { - foreach($group['item'] as $item) { - $itemsplit = explode("|", $item); - $tier = $itemsplit[1]; - $gwname = $itemsplit[0]; - $tiers[$tier][] = $gwname; - } + $itemsplit = explode("|", $item); + $tier = $itemsplit[1]; + $gwname = $itemsplit[0]; + $tiers[$tier][] = $gwname; } } /* sort the tiers array by the tier key */ ksort($tiers); /* we do not really foreach the tiers as we stop after the first tier */ - foreach($tiers as $tiernr => $tier) { + foreach($tiers as $tier) { /* process all gateways in this tier */ - foreach($tier as $tiernr => $member) { + foreach($tier as $member) { /* determine interface gateway */ if (isset($gateways_arr[$member])) { $gateway = $gateways_arr[$member]; @@ -446,9 +443,11 @@ function return_gateway_groups_array() { $gatewayip = get_interface_gateway($gateway['friendlyiface']); } if (($int <> "") && is_ipaddr($gatewayip)) { - $gateway_groups_array[$group['name']][$tiernr]['int'] = "$int"; - $gateway_groups_array[$group['name']][$tiernr]['gwip'] = "$gatewayip"; - $gateway_groups_array[$group['name']][$tiernr]['weight'] = isset($gateway['weight']) ? $gateway['weight'] : 1; + $groupmember = array(); + $groupmember['int'] = "$int"; + $groupmember['gwip'] = "$gatewayip"; + $groupmember['weight'] = isset($gateway['weight']) ? $gateway['weight'] : 1; + $gateway_groups_array[$group['name']][] = $groupmember; } } /* we should have the 1st available tier now, exit stage left */ @@ -456,7 +455,7 @@ function return_gateway_groups_array() { } } } - return($gateway_groups_array); + return ($gateway_groups_array); } /* Update DHCP WAN Interface ip address in gateway group item */ @@ -477,52 +476,46 @@ function dhclient_update_gateway_groups_defaultroute($interface = "wan") { function lookup_gateway_ip_by_name($name) { global $config; - if(is_array($config['gateways']['gateway_item'])) { - foreach($config['gateways']['gateway_item'] as $gateway) { - if($gateway['name'] == $name) { - $gatewayip = $gateway['gateway']; - //$interfacegw = $gateway['interface']; - return($gatewayip); - } - } - } else { - return(false); - } + + $gateways_arr = return_gateways_array(); + if (!empty($gateways_arr[$name])) { + $gatewayip = $gateway['gateway']; + //$interfacegw = $gateway['interface']; + return ($gatewayip); + } else + return (false); } function lookup_gateway_monitor_ip_by_name($name) { global $config; + $gateways_arr = return_gateways_array(); + if (!empty($gateways_arr[$name])) { + $gateway = $gateways_arr[$name]; + if ($gateway['gateway'] == "dynamic") + $gateway['monitor'] = "127.0.0.2"; - $i = 2; - foreach($gateways_arr as $gateway) { - if($gateway['gateway'] == "dynamic") { - $gateway['monitor'] = "127.0.0.{$i}"; - $i++; - } - if($gateway['name'] == "$name") { - $monitorip = $gateway['monitor']; - if($monitorip == "") - $monitorip = $gateway['gateway']; + $monitorip = $gateway['monitor']; + if($monitorip == "") + $monitorip = $gateway['gateway']; - return($monitorip); - } + return ($monitorip); } - return(false); + + return (false); } function lookup_gateway_interface_by_name($name) { global $config; - $gateways_arr = return_gateways_array(); - foreach($gateways_arr as $gateway) { - if($gateway['name'] == "$name") { - $gatewayip = $gateway['gateway']; - $interfacegw = $gateway['interface']; - return($interfacegw); - } + $gateways_arr = return_gateways_array(); + if (!empty($gateways_arr[$name])) { + //$gatewayip = $gateway['gateway']; + $interfacegw = $gateway['interface']; + return ($interfacegw); } - return(false); + + return (false); } function get_interface_gateway($interface, &$dynamic = false) { @@ -547,7 +540,7 @@ function get_interface_gateway($interface, &$dynamic = false) { } /* return gateway */ - return $gw; + return ($gw); } ?> diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 72630e7..3fe4574 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -363,9 +363,9 @@ function openvpn_reconfigure($mode,& $settings) { switch($settings['mode']) { case 'p2p_tls': case 'p2p_shared_key': - $baselong = ip2long($ip) & ip2long($mask); - $ip1 = long2ip($baselong + 1); - $ip2 = long2ip($baselong + 2); + $baselong = ip2long32($ip) & ip2long($mask); + $ip1 = long2ip32($baselong + 1); + $ip2 = long2ip32($baselong + 2); $conf .= "ifconfig $ip1 $ip2\n"; break; case 'server_tls': @@ -463,9 +463,9 @@ function openvpn_reconfigure($mode,& $settings) { if (!empty($settings['tunnel_network'])) { list($ip, $mask) = explode('/', $settings['tunnel_network']); $mask = gen_subnet_mask($mask); - $baselong = ip2long($ip) & ip2long($mask); - $ip1 = long2ip($baselong + 1); - $ip2 = long2ip($baselong + 2); + $baselong = ip2long32($ip) & ip2long($mask); + $ip1 = long2ip32($baselong + 1); + $ip2 = long2ip32($baselong + 2); $conf .= "ifconfig $ip2 $ip1\n"; } @@ -626,9 +626,9 @@ function openvpn_resync_csc(& $settings) { if (!empty($settings['tunnel_network'])) { list($ip, $mask) = explode('/', $settings['tunnel_network']); - $baselong = ip2long($ip) & gen_subnet_mask_long($mask); - $ip1 = long2ip($baselong + 1); - $ip2 = long2ip($baselong + 2); + $baselong = ip2long32($ip) & gen_subnet_mask_long($mask); + $ip1 = long2ip32($baselong + 1); + $ip2 = long2ip32($baselong + 2); $conf .= "ifconfig-push {$ip1} {$ip2}\n"; } diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 14beba4..b653010 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1314,7 +1314,7 @@ function get_interface_info($ifdescr) { } } $dev = $ppp['ports']; - if (empty($dev)) + if ($config['interfaces'][$if]['ptpid'] != $ppp['ptpid'] || empty($dev)) break; if (file_exists($dev)) { if (file_exists("{$g['varrun_path']}/ppp_{$if}.pid")) { diff --git a/etc/inc/system.inc b/etc/inc/system.inc index c3502c8..6281a14 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -1339,4 +1339,83 @@ function enable_watchdog() { exec("/usr/sbin/watchdogd"); } } -?> + +function system_check_reset_button() { + global $g; + if($g['platform'] != "nanobsd") + return 0; + + $specplatform = system_identify_specific_platform(); + + if ($specplatform['name'] != "wrap" && $specplatform['name'] != "alix") + return 0; + + $retval = mwexec("/usr/local/sbin/" . $specplatform['name'] . "resetbtn"); + + if ($retval == 99) { + /* user has pressed reset button for 2 seconds - + reset to factory defaults */ + echo <<<EOD + +*********************************************************************** +* Reset button pressed - resetting configuration to factory defaults. * +* The system will reboot after this completes. * +*********************************************************************** + + +EOD; + + reset_factory_defaults(); + system_reboot_sync(); + exit(0); + } + + return 0; +} + +/* attempt to identify the specific platform (for embedded systems) + Returns an array with two elements: + name => platform string (e.g. 'wrap', 'alix' etc.) + descr => human-readable description (e.g. "PC Engines WRAP") +*/ +function system_identify_specific_platform() { + global $g; + + if ($g['platform'] == 'generic-pc') + return array('name' => 'generic-pc', 'descr' => "Generic PC"); + + if ($g['platform'] == 'generic-pc-cdrom') + return array('name' => 'generic-pc-cdrom', 'descr' => "Generic PC (CD-ROM)"); + + /* the rest of the code only deals with 'embedded' platforms */ + if ($g['platform'] != 'nanobsd') + return array('name' => $g['platform'], 'descr' => $g['platform']); + + $dmesg = system_get_dmesg_boot(); + + if (strpos($dmesg, "PC Engines WRAP") !== false) + return array('name' => 'wrap', 'descr' => 'PC Engines WRAP'); + + if (strpos($dmesg, "PC Engines ALIX") !== false) + return array('name' => 'alix', 'descr' => 'PC Engines ALIX'); + + if (preg_match("/Soekris net45../", $dmesg, $matches)) + return array('name' => 'net45xx', 'descr' => $matches[0]); + + if (preg_match("/Soekris net48../", $dmesg, $matches)) + return array('name' => 'net48xx', 'descr' => $matches[0]); + + if (preg_match("/Soekris net55../", $dmesg, $matches)) + return array('name' => 'net55xx', 'descr' => $matches[0]); + + /* unknown embedded platform */ + return array('name' => 'embedded', 'descr' => 'embedded (unknown)'); +} + +function system_get_dmesg_boot() { + global $g; + + return file_get_contents("{$g['varlog_path']}/dmesg.boot"); +} + +?>
\ No newline at end of file diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 930f9ac..0828bbf 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -198,7 +198,7 @@ function gen_subnet_max($ipaddr, $bits) { if (!is_ipaddr($ipaddr) || !is_numeric($bits)) return ""; - return long2ip(ip2long($ipaddr) | ~gen_subnet_mask_long($bits)); + return long2ip32(ip2long($ipaddr) | ~gen_subnet_mask_long($bits)); } /* returns a subnet mask (long given a bit count) */ @@ -216,9 +216,19 @@ function gen_subnet_mask($bits) { return long2ip(gen_subnet_mask_long($bits)); } +/* Convert long int to IP address, truncating to 32-bits. */ +function long2ip32($ip) { + return long2ip($ip & 0xFFFFFFFF); +} + +/* Convert IP address to long int, truncated to 32-bits to avoid sign extension on 64-bit platforms. */ +function ip2long32($ip) { + return ( ip2long($ip) & 0xFFFFFFFF ); +} + /* Convert IP address to unsigned long int. */ function ip2ulong($ip) { - return sprintf("%u", ip2long($ip)); + return sprintf("%u", ip2long32($ip)); } /* Find out how many IPs are contained within a given IP range @@ -246,12 +256,12 @@ function find_smallest_cidr($number) { /* Return the previous IP address before the given address */ function ip_before($ip) { - return long2ip(ip2long($ip)-1); + return long2ip32(ip2long($ip)-1); } /* Return the next IP address after the given address */ function ip_after($ip) { - return long2ip(ip2long($ip)+1); + return long2ip32(ip2long($ip)+1); } /* Return true if the first IP is 'before' the second */ @@ -347,7 +357,7 @@ function is_ipaddr($ipaddr) { return false; $ip_long = ip2long($ipaddr); - $ip_reverse = long2ip($ip_long); + $ip_reverse = long2ip32($ip_long); if ($ipaddr == $ip_reverse) return true; @@ -891,9 +901,9 @@ function check_subnets_overlap($subnet1, $bits1, $subnet2, $bits2) { /* compare two IP addresses */ function ipcmp($a, $b) { - if (ip2long($a) < ip2long($b)) + if (ip_less_than($a, $b)) return -1; - else if (ip2long($a) > ip2long($b)) + else if (ip_greater_than($a, $b)) return 1; else return 0; @@ -902,7 +912,7 @@ function ipcmp($a, $b) { /* return true if $addr is in $subnet, false if not */ function ip_in_subnet($addr,$subnet) { list($ip, $mask) = explode('/', $subnet); - $mask = 0xffffffff << (32 - $mask); + $mask = (0xffffffff << (32 - $mask)) & 0xffffffff; return ((ip2long($addr) & $mask) == (ip2long($ip) & $mask)); } diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index f2343e1..c874a83 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -343,8 +343,8 @@ function vpn_ipsec_configure($ipchg = false) $pool_address = $a_client['pool_address']; $pool_netmask = gen_subnet_mask($a_client['pool_netbits']); - $pool_address = long2ip(ip2long($pool_address)+1); - $pool_size = ~ip2long($pool_netmask) - 2; + $pool_address = long2ip32(ip2long($pool_address)+1); + $pool_size = (~ip2long($pool_netmask) & 0xFFFFFFFF) - 2; $racoonconf .= "\tpool_size {$pool_size};\n"; $racoonconf .= "\tnetwork4 {$pool_address};\n"; @@ -1012,7 +1012,7 @@ EOD; for ($i = 0; $i < $pptpdcfg['n_pptp_units']; $i++) { - $clientip = long2ip(ip2long($pptpdcfg['remoteip']) + $i); + $clientip = long2ip32(ip2long($pptpdcfg['remoteip']) + $i); $mpdconf .= <<<EOD @@ -1219,7 +1219,7 @@ EOD; for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) { - $clientip = long2ip(ip2long($pppoecfg['remoteip']) + $i); + $clientip = long2ip32(ip2long($pppoecfg['remoteip']) + $i); if (isset ($pppoecfg['radius']['radiusissueips']) && isset ($pppoecfg['radius']['enable'])) { $isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 0.0.0.0/0"; @@ -1409,7 +1409,7 @@ EOD; for ($i = 0; $i < $l2tpcfg['n_l2tp_units']; $i++) { - $clientip = long2ip(ip2long($l2tpcfg['remoteip']) + $i); + $clientip = long2ip32(ip2long($l2tpcfg['remoteip']) + $i); if (isset ($l2tpcfg['radius']['radiusissueips']) && isset ($l2tpcfg['radius']['enable'])) { $isssue_ip_type = "set ipcp ranges {$l2tpcfg['localip']}/32 0.0.0.0/0"; diff --git a/etc/inc/xmlparse.inc b/etc/inc/xmlparse.inc index 22cb5d6..c19a3ae 100644 --- a/etc/inc/xmlparse.inc +++ b/etc/inc/xmlparse.inc @@ -144,10 +144,10 @@ function cData($parser, $data) { } if (is_string($ptr)) { - $ptr .= $data; + $ptr .= html_entity_decode($data); } else { if (trim($data, " ") != "") { - $ptr = $data; + $ptr = html_entity_decode($data); $havedata++; } } @@ -256,8 +256,10 @@ function dump_xml_config_sub($arr, $indent) { if($cval === false) continue; if(($cval === true) || ($cval === "")) { $xmlconfig .= "<$ent/>\n"; + } else if (substr($ent, 0, 5) == "descr") { + $xmlconfig .= "<$ent><![CDATA[" . htmlentities($cval) . "]]></$ent>\n"; } else { - $xmlconfig .= "<$ent>" . htmlspecialchars($cval) . "</$ent>\n"; + $xmlconfig .= "<$ent>" . htmlentities($cval) . "</$ent>\n"; } } } @@ -279,7 +281,10 @@ function dump_xml_config_sub($arr, $indent) { $xmlconfig .= "<$ent/>\n"; } else if (!is_bool($val)) { $xmlconfig .= str_repeat("\t", $indent); - $xmlconfig .= "<$ent>" . htmlspecialchars($val) . "</$ent>\n"; + if (substr($ent, 0, 5) == "descr") + $xmlconfig .= "<$ent><![CDATA[" . htmlentities($val) . "]]></$ent>\n"; + else + $xmlconfig .= "<$ent>" . htmlentities($val) . "</$ent>\n"; } } } |