summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/dyndns.class2
-rw-r--r--etc/inc/globals.inc2
-rw-r--r--etc/inc/gwlb.inc2
-rw-r--r--etc/inc/interfaces.inc26
-rw-r--r--etc/inc/ipsec.inc51
-rw-r--r--etc/inc/priv.defs.inc4
-rw-r--r--etc/inc/rrd.inc166
-rw-r--r--etc/inc/services.inc4
-rw-r--r--etc/inc/system.inc4
-rw-r--r--etc/inc/upgrade_config.inc13
-rw-r--r--etc/inc/util.inc32
-rw-r--r--etc/inc/voucher.inc23
12 files changed, 204 insertions, 125 deletions
diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class
index 3710efa..58c0db2 100644
--- a/etc/inc/dyndns.class
+++ b/etc/inc/dyndns.class
@@ -1090,7 +1090,7 @@
if (!$g['debug'])
return;
- $string = '\n'.date('m-d-y h:i:s').' - ('.$this->_debugID.') - ['.$this->_dnsService.'] - '.$data.'\n';
+ $string = date('m-d-y h:i:s').' - ('.$this->_debugID.') - ['.$this->_dnsService.'] - '.$data."\n";
conf_mount_rw();
$file = fopen($this->_debugFile, 'a');
fwrite($file, $string);
diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc
index 6315a84..ed84cc0 100644
--- a/etc/inc/globals.inc
+++ b/etc/inc/globals.inc
@@ -77,7 +77,7 @@ $g = array(
"disablecrashreporter" => false,
"crashreporterurl" => "http://crashreporter.pfsense.org/crash_reporter.php",
"debug" => false,
- "latest_config" => "9.2",
+ "latest_config" => "9.3",
"nopkg_platforms" => array("cdrom"),
"minimum_ram_warning" => "101",
"minimum_ram_warning_text" => "128 MB",
diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc
index 663070e..0f5b169 100644
--- a/etc/inc/gwlb.inc
+++ b/etc/inc/gwlb.inc
@@ -781,7 +781,7 @@ function return_gateway_groups_array() {
$msg = gettext("Gateways status could not be determined, considering all as up/active. (Group: {$group['name']})");
log_error($msg);
notify_via_growl($msg);
- notify_via_smtp($msg);
+ //notify_via_smtp($msg);
}
$tiers = $backupplan;
}
diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc
index e1020e1..7698979 100644
--- a/etc/inc/interfaces.inc
+++ b/etc/inc/interfaces.inc
@@ -3835,20 +3835,27 @@ function guess_interface_from_ip($ipaddress) {
* find_ip_interface($ip): return the interface where an ip is defined
* (or if $bits is specified, where an IP within the subnet is defined)
*/
-function find_ip_interface($ip, $bits = null)
-{
+function find_ip_interface($ip, $bits = null) {
+ if (!is_ipaddr($ip))
+ return false;
+
+ $isv6ip = is_ipaddrv6($ip);
+
/* if list */
$ifdescrs = get_configured_interface_list();
foreach ($ifdescrs as $ifdescr => $ifname) {
+ $ifip = ($isv6ip) ? get_interface_ipv6($ifname) : get_interface_ip($ifname);
+ if ($ifip === null)
+ continue;
if ($bits === null) {
- if ($ip == get_interface_ip($ifname)) {
+ if ($ip == $ifip) {
$int = get_real_interface($ifname);
return $int;
}
}
else {
- if (ip_in_subnet(get_interface_ip($ifname), $ip . "/" . $bits)) {
+ if (ip_in_subnet($ifip, $ip . "/" . $bits)) {
$int = get_real_interface($ifname);
return $int;
}
@@ -3863,18 +3870,27 @@ function find_ip_interface($ip, $bits = null)
*/
function find_virtual_ip_alias($ip, $bits = null) {
global $config;
+
if (!is_array($config['virtualip']['vip'])) {
return false;
}
+ if (!is_ipaddr($ip))
+ return false;
+
+ $isv6ip = is_ipaddrv6($ip);
+
foreach ($config['virtualip']['vip'] as $vip) {
if ($vip['mode'] === "ipalias") {
+ if (is_ipaddrv6($vip['subnet']) != $isv6ip)
+ continue;
if ($bits === null) {
if (ip_in_subnet($ip, $vip['subnet'] . "/" . $vip['subnet_bits'])) {
return $vip;
}
}
else {
- if (check_subnets_overlap($ip, $bits, $vip['subnet'], $vip['subnet_bits'])) {
+ if (($isv6ip && check_subnetsv6_overlap($ip, $bits, $vip['subnet'], $vip['subnet_bits']))
+ || (!$isv6ip && check_subnets_overlap($ip, $bits, $vip['subnet'], $vip['subnet_bits']))) {
return $vip;
}
}
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc
index d6242b2..28a882e 100644
--- a/etc/inc/ipsec.inc
+++ b/etc/inc/ipsec.inc
@@ -193,14 +193,14 @@ function ipsec_get_phase1_dst(& $ph1ent) {
/*
* Return phase2 idinfo in cidr format
*/
-function ipsec_idinfo_to_cidr(& $idinfo,$addrbits = false) {
+function ipsec_idinfo_to_cidr(& $idinfo,$addrbits = false,$mode="tunnel") {
global $config;
switch ($idinfo['type'])
{
case "address":
if ($addrbits) {
- if($idinfo['mode'] == "tunnel6") {
+ if($mode == "tunnel6") {
return $idinfo['address']."/128";
} else {
return $idinfo['address']."/32";
@@ -214,7 +214,7 @@ function ipsec_idinfo_to_cidr(& $idinfo,$addrbits = false) {
case "mobile":
return "0.0.0.0/0";
default:
- if($idinfo['mode'] == "tunnel6") {
+ if($mode == "tunnel6") {
$address = get_interface_ipv6($idinfo['type']);
$netbits = get_interface_subnetv6($idinfo['type']);
$address = gen_subnetv6($address,$netbits);
@@ -328,10 +328,10 @@ function ipsec_phase2_status(& $spd,& $sad,& $ph1ent,& $ph2ent) {
$loc_ip = ipsec_get_phase1_src($ph1ent);
$rmt_ip = ipsec_get_phase1_dst($ph1ent);
- $loc_id = ipsec_idinfo_to_cidr($ph2ent['localid'],true);
+ $loc_id = ipsec_idinfo_to_cidr($ph2ent['localid'],true,$ph2ent['mode']);
if (!empty($ph2ent['natlocalid']))
- $natloc_id = ipsec_idinfo_to_cidr($ph2ent['natlocalid'],true);
- $rmt_id = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true);
+ $natloc_id = ipsec_idinfo_to_cidr($ph2ent['natlocalid'],true,$ph2ent['mode']);
+ $rmt_id = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true,$ph2ent['mode']);
/* check for established SA in both directions */
if( ipsec_lookup_ipsec_sa($spd,$sad,"out",$loc_ip,$rmt_ip,$loc_id,$rmt_id)) {
@@ -358,6 +358,10 @@ function ipsec_lookup_isakmp_sa($in_srcip,$in_dstip) {
function ipsec_lookup_ipsec_sa(& $spd,& $sad,$dir,$in_srcip,$in_dstip,$in_srcid,$in_dstid) {
/* match the phase1/2 to an SP */
+ $in_srcip = ipsec_fixup_ip($in_srcip);
+ $in_dstip = ipsec_fixup_ip($in_dstip);
+ $in_srcid = ipsec_fixup_ip($in_srcid);
+ $in_dstid = ipsec_fixup_ip($in_dstid);
foreach($spd as $sp) {
@@ -368,9 +372,9 @@ function ipsec_lookup_ipsec_sa(& $spd,& $sad,$dir,$in_srcip,$in_dstip,$in_srcid,
/* match IPs */
- if($in_srcip != $sp['src'])
+ if($in_srcip != ipsec_fixup_ip($sp['src']))
continue;
- if($in_dstip != $sp['dst'])
+ if($in_dstip != ipsec_fixup_ip($sp['dst']))
continue;
/* add netbits for address IDs */
@@ -378,16 +382,24 @@ function ipsec_lookup_ipsec_sa(& $spd,& $sad,$dir,$in_srcip,$in_dstip,$in_srcid,
$sp_srcid = $sp['srcid'];
$sp_dstid = $sp['dstid'];
- if (!strstr($sp_srcid,"/"))
- $sp_srcid .= '/32';
- if (!strstr($sp_dstid,"/"))
- $sp_dstid .= '/32';
+ if (!strstr($sp_srcid,"/")) {
+ if (ip_ipaddrv4($sp_srcid))
+ $sp_srcid .= '/32';
+ elseif (ip_ipaddrv6($sp_srcid))
+ $sp_srcid .= '/128';
+ }
+ if (!strstr($sp_dstid,"/")) {
+ if (ip_ipaddrv4($sp_srcid))
+ $sp_dstid .= '/32';
+ elseif (ip_ipaddrv6($sp_srcid))
+ $sp_dstid .= '/128';
+ }
/* match IDs */
- if($in_srcid != $sp_srcid)
+ if($in_srcid != ipsec_fixup_ip($sp_srcid))
continue;
- if($in_dstid != $sp_dstid)
+ if($in_dstid != ipsec_fixup_ip($sp_dstid))
continue;
/* match the SP to a unique SA by reqid */
@@ -411,9 +423,9 @@ function ipsec_lookup_ipsec_sa(& $spd,& $sad,$dir,$in_srcip,$in_dstip,$in_srcid,
/* match IPs */
- if($in_srcip != $sa_srcip)
+ if($in_srcip != ipsec_fixup_ip($sa_srcip))
continue;
- if($in_dstip != $sa_dstip)
+ if($in_dstip != ipsec_fixup_ip($sa_dstip))
continue;
return $sa;
@@ -592,4 +604,11 @@ function ipsec_disconnect_mobile($username) {
exec("/usr/local/sbin/racoonctl logout-user " . escapeshellarg($username));
}
+function ipsec_fixup_ip($ipaddr) {
+ if (is_ipaddrv6($ipaddr) || !is_subnetv6($ipaddr))
+ return Net_IPv6::compress(Net_IPv6::uncompress($ipaddr));
+ else
+ return $ipaddr;
+}
+
?>
diff --git a/etc/inc/priv.defs.inc b/etc/inc/priv.defs.inc
index 537971f..2aa9990 100644
--- a/etc/inc/priv.defs.inc
+++ b/etc/inc/priv.defs.inc
@@ -1121,8 +1121,8 @@ $priv_list['page-system-usermanager-passwordmg']['match'] = array();
$priv_list['page-system-usermanager-passwordmg']['match'][] = "system_usermanager_passwordmg.php*";
$priv_list['page-system-usermanager-settings'] = array();
-$priv_list['page-system-usermanager-settings']['name'] = gettext("WebCfg - System: User manager: settings page");
-$priv_list['page-system-usermanager-settings']['descr'] = gettext("Allow access to the 'System: User manager: settings' page.");
+$priv_list['page-system-usermanager-settings']['name'] = gettext("WebCfg - System: User Manager: settings page");
+$priv_list['page-system-usermanager-settings']['descr'] = gettext("Allow access to the 'System: User Manager: settings' page.");
$priv_list['page-system-usermanager-settings']['match'] = array();
$priv_list['page-system-usermanager-settings']['match'][] = "system_usermanager_settings.php*";
diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc
index 841ee45..6f44396 100644
--- a/etc/inc/rrd.inc
+++ b/etc/inc/rrd.inc
@@ -104,7 +104,7 @@ function migrate_rrd_format($rrdoldxml, $rrdnewxml) {
$numrranew = count($rrdnewxml['rra']);
$numdsnew = count($rrdnewxml['ds']);
log_error(sprintf(gettext('Import RRD has %1$s DS values and %2$s RRA databases, new format RRD has %3$s DS values and %4$s RRA databases'), $numdsold, $numrraold, $numdsnew ,$numrranew));
-
+
/* add data sources not found in the old array from the new array */
$i = 0;
foreach($rrdnewxml['ds'] as $ds) {
@@ -194,7 +194,7 @@ function migrate_rrd_format($rrdoldxml, $rrdnewxml) {
function enable_rrd_graphing() {
global $config, $g, $altq_list_queues;
- if($g['booting'])
+ if($g['booting'])
echo gettext("Generating RRD graphs...");
$rrddbpath = "/var/db/rrd/";
@@ -213,7 +213,6 @@ function enable_rrd_graphing() {
$vpnusers = "-vpnusers.rrd";
$captiveportalconcurrent = "-concurrent.rrd";
$captiveportalloggedin = "-loggedin.rrd";
- $captiveportaltotalusers = "-totalusers.rrd";
$rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool";
$netstat = "/usr/bin/netstat";
@@ -324,6 +323,7 @@ function enable_rrd_graphing() {
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
create_new_rrd($rrdcreate);
+ unset($rrdcreate);
}
/* enter UNKNOWN values in the RRD so it knows we rebooted. */
@@ -356,6 +356,7 @@ function enable_rrd_graphing() {
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
create_new_rrd($rrdcreate);
+ unset($rrdcreate);
}
/* enter UNKNOWN values in the RRD so it knows we rebooted. */
@@ -382,8 +383,9 @@ function enable_rrd_graphing() {
$rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
-
+
create_new_rrd($rrdcreate);
+ unset($rrdcreate);
}
/* enter UNKNOWN values in the RRD so it knows we rebooted. */
@@ -406,8 +408,9 @@ function enable_rrd_graphing() {
$rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
-
+
create_new_rrd($rrdcreate);
+ unset($rrdcreate);
}
/* enter UNKNOWN values in the RRD so it knows we rebooted. */
@@ -473,6 +476,7 @@ function enable_rrd_graphing() {
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
create_new_rrd($rrdcreate);
+ unset($rrdcreate);
}
if (!file_exists("$rrddbpath$ifname$queuesdrop")) {
@@ -489,6 +493,7 @@ function enable_rrd_graphing() {
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
create_new_rrd($rrdcreate);
+ unset($rrdcreate);
}
if($g['booting']) {
@@ -555,6 +560,7 @@ function enable_rrd_graphing() {
$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
create_new_rrd($rrdcreate);
+ unset($rrdcreate);
}
/* enter UNKNOWN values in the RRD so it knows we rebooted. */
@@ -588,6 +594,7 @@ function enable_rrd_graphing() {
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
create_new_rrd($rrdcreate);
+ unset($rrdcreate);
}
/* enter UNKNOWN values in the RRD so it knows we rebooted. */
@@ -622,6 +629,7 @@ function enable_rrd_graphing() {
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
create_new_rrd($rrdcreate);
+ unset($rrdcreate);
}
/* enter UNKNOWN values in the RRD so it knows we rebooted. */
@@ -659,6 +667,7 @@ function enable_rrd_graphing() {
$rrdcreate .= "RRA:MAX:0.5:720:3000";
create_new_rrd($rrdcreate);
+ unset($rrdcreate);
}
/* enter UNKNOWN values in the RRD so it knows we rebooted. */
@@ -671,7 +680,7 @@ function enable_rrd_graphing() {
$rrdupdatesh .= " $awk '{getline active;getline inactive;getline free;getline cache;getline wire;printf ";
$rrdupdatesh .= "((active/$0) * 100)\":\"((inactive/$0) * 100)\":\"((free/$0) * 100)\":\"((cache/$0) * 100)\":\"(wire/$0 * 100)}'`\n";
$rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$mem N:\${MEM}\n";
-
+
/* End Memory statistics */
/* SPAMD, set up the spamd rrd file */
@@ -696,6 +705,7 @@ function enable_rrd_graphing() {
$rrdcreate .= "RRA:MAX:0.5:720:3000 ";
create_new_rrd($rrdcreate);
+ unset($rrdcreate);
}
$rrdupdatesh .= "\n";
@@ -707,77 +717,85 @@ function enable_rrd_graphing() {
/* End System statistics */
/* Captive Portal statistics, set up the rrd file */
- if(isset($config['captiveportal']['enable'])) {
- $ifname= "captiveportal";
- if (!file_exists("$rrddbpath$ifname$captiveportalconcurrent")) {
- $rrdcreate = "$rrdtool create $rrddbpath$ifname$captiveportalconcurrent --step $rrdcaptiveportalinterval ";
- $rrdcreate .= "DS:concurrentusers:GAUGE:$captiveportalvalid:0:10000 ";
- $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
- $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
- $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
- $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
- $rrdcreate .= "RRA:MIN:0.5:1:1000 ";
- $rrdcreate .= "RRA:MIN:0.5:5:1000 ";
- $rrdcreate .= "RRA:MIN:0.5:60:1000 ";
- $rrdcreate .= "RRA:MIN:0.5:720:3000 ";
- $rrdcreate .= "RRA:MAX:0.5:1:1000 ";
- $rrdcreate .= "RRA:MAX:0.5:5:1000 ";
- $rrdcreate .= "RRA:MAX:0.5:60:1000 ";
- $rrdcreate .= "RRA:MAX:0.5:720:3000 ";
- $rrdcreate .= "RRA:LAST:0.5:1:1000 ";
- $rrdcreate .= "RRA:LAST:0.5:5:1000 ";
- $rrdcreate .= "RRA:LAST:0.5:60:1000 ";
- $rrdcreate .= "RRA:LAST:0.5:720:3000 ";
+ if(is_array($config['captiveportal'])) {
+ foreach ($config['captiveportal'] as $cpkey => $cp) {
+ if (!isset($cp['enable']))
+ continue;
+
+ $ifname= "captiveportal";
+ $concurrent_filename = $rrddbpath . $ifname . '-' . $cpkey . $captiveportalconcurrent;
+ if (!file_exists("$concurrent_filename")) {
+ $rrdcreate = "$rrdtool create $concurrent_filename --step $rrdcaptiveportalinterval ";
+ $rrdcreate .= "DS:concurrentusers:GAUGE:$captiveportalvalid:0:10000 ";
+ $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
+ $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
+ $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
+ $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
+ $rrdcreate .= "RRA:MIN:0.5:1:1000 ";
+ $rrdcreate .= "RRA:MIN:0.5:5:1000 ";
+ $rrdcreate .= "RRA:MIN:0.5:60:1000 ";
+ $rrdcreate .= "RRA:MIN:0.5:720:3000 ";
+ $rrdcreate .= "RRA:MAX:0.5:1:1000 ";
+ $rrdcreate .= "RRA:MAX:0.5:5:1000 ";
+ $rrdcreate .= "RRA:MAX:0.5:60:1000 ";
+ $rrdcreate .= "RRA:MAX:0.5:720:3000 ";
+ $rrdcreate .= "RRA:LAST:0.5:1:1000 ";
+ $rrdcreate .= "RRA:LAST:0.5:5:1000 ";
+ $rrdcreate .= "RRA:LAST:0.5:60:1000 ";
+ $rrdcreate .= "RRA:LAST:0.5:720:3000 ";
- create_new_rrd($rrdcreate);
- }
+ create_new_rrd($rrdcreate);
+ unset($rrdcreate);
+ }
- /* enter UNKNOWN values in the RRD so it knows we rebooted. */
- if($g['booting']) {
- mwexec("$rrdtool update $rrddbpath$ifname$captiveportalconcurrent N:U");
- }
-
- /* the Captive Portal stats gathering function. */
- $rrdupdatesh .= "\n";
- $rrdupdatesh .= "# polling Captive Portal for number of concurrent users\n";
- $rrdupdatesh .= "CP=`$php -q $captiveportal_gather concurrent`\n";
- $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$captiveportalconcurrent \${CP}\n";
-
- $ifname= "captiveportal";
- if (!file_exists("$rrddbpath$ifname$captiveportalloggedin")) {
- $rrdcreate = "$rrdtool create $rrddbpath$ifname$captiveportalloggedin --step $rrdcaptiveportalinterval ";
- $rrdcreate .= "DS:loggedinusers:GAUGE:$captiveportalvalid:0:10000 ";
- $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
- $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
- $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
- $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
- $rrdcreate .= "RRA:MIN:0.5:1:1000 ";
- $rrdcreate .= "RRA:MIN:0.5:5:1000 ";
- $rrdcreate .= "RRA:MIN:0.5:60:1000 ";
- $rrdcreate .= "RRA:MIN:0.5:720:3000 ";
- $rrdcreate .= "RRA:MAX:0.5:1:1000 ";
- $rrdcreate .= "RRA:MAX:0.5:5:1000 ";
- $rrdcreate .= "RRA:MAX:0.5:60:1000 ";
- $rrdcreate .= "RRA:MAX:0.5:720:3000 ";
- $rrdcreate .= "RRA:LAST:0.5:1:1000 ";
- $rrdcreate .= "RRA:LAST:0.5:5:1000 ";
- $rrdcreate .= "RRA:LAST:0.5:60:1000 ";
- $rrdcreate .= "RRA:LAST:0.5:720:3000 ";
+ /* enter UNKNOWN values in the RRD so it knows we rebooted. */
+ if($g['booting']) {
+ mwexec("$rrdtool update $concurrent_filename N:U");
+ }
- create_new_rrd($rrdcreate);
- }
+ /* the Captive Portal stats gathering function. */
+ $rrdupdatesh .= "\n";
+ $rrdupdatesh .= "# polling Captive Portal for number of concurrent users\n";
+ $rrdupdatesh .= "CP=`$php -q $captiveportal_gather '$cpkey' $concurrent`\n";
+ $rrdupdatesh .= "$rrdtool update $concurrent_filename \${CP}\n";
+
+ $loggedin_filename = $rrddbpath . $ifname . '-' . $cpkey . $captiveportalloggedin;
+ if (!file_exists("$loggedin_filename")) {
+ $rrdcreate = "$rrdtool create $loggedin_filename --step $rrdcaptiveportalinterval ";
+ $rrdcreate .= "DS:loggedinusers:GAUGE:$captiveportalvalid:0:10000 ";
+ $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
+ $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
+ $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
+ $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
+ $rrdcreate .= "RRA:MIN:0.5:1:1000 ";
+ $rrdcreate .= "RRA:MIN:0.5:5:1000 ";
+ $rrdcreate .= "RRA:MIN:0.5:60:1000 ";
+ $rrdcreate .= "RRA:MIN:0.5:720:3000 ";
+ $rrdcreate .= "RRA:MAX:0.5:1:1000 ";
+ $rrdcreate .= "RRA:MAX:0.5:5:1000 ";
+ $rrdcreate .= "RRA:MAX:0.5:60:1000 ";
+ $rrdcreate .= "RRA:MAX:0.5:720:3000 ";
+ $rrdcreate .= "RRA:LAST:0.5:1:1000 ";
+ $rrdcreate .= "RRA:LAST:0.5:5:1000 ";
+ $rrdcreate .= "RRA:LAST:0.5:60:1000 ";
+ $rrdcreate .= "RRA:LAST:0.5:720:3000 ";
- /* enter UNKNOWN values in the RRD so it knows we rebooted. */
- if($g['booting']) {
- mwexec("$rrdtool update $rrddbpath$ifname$captiveportalloggedin N:U");
- }
+ create_new_rrd($rrdcreate);
+ unset($rrdcreate);
+ }
- /* the Captive Portal stats gathering function. */
- $rrdupdatesh .= "\n";
- $rrdupdatesh .= "# polling Captive Portal for number of logged in users\n";
- $rrdupdatesh .= "CP=`$php -q $captiveportal_gather loggedin`\n";
- $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$captiveportalloggedin \${CP}\n";
+ /* enter UNKNOWN values in the RRD so it knows we rebooted. */
+ if($g['booting']) {
+ mwexec("$rrdtool update $loggedin_filename N:U");
+ }
+
+ /* the Captive Portal stats gathering function. */
+ $rrdupdatesh .= "\n";
+ $rrdupdatesh .= "# polling Captive Portal for number of logged in users\n";
+ $rrdupdatesh .= "CP=`$php -q $captiveportal_gather $cpkey loggedin`\n";
+ $rrdupdatesh .= "$rrdtool update $loggedin_filename \${CP}\n";
+ }
}
$rrdupdatesh .= "sleep 60\n";
@@ -789,6 +807,8 @@ function enable_rrd_graphing() {
fwrite($fd, "$rrdupdatesh");
fclose($fd);
+ unset($rrdupdatesh);
+
/* kill off traffic collectors */
kill_traffic_collector();
@@ -805,9 +825,9 @@ function enable_rrd_graphing() {
chown($database, "nobody");
}
- if($g['booting'])
+ if($g['booting'])
echo gettext("done.") . "\n";
-
+
}
function kill_traffic_collector() {
diff --git a/etc/inc/services.inc b/etc/inc/services.inc
index 7ffb555..4016d45 100644
--- a/etc/inc/services.inc
+++ b/etc/inc/services.inc
@@ -1001,10 +1001,10 @@ EOD;
}
if(is_ipaddrv6(ifcfgipv6)) {
- $subnet6 = Net_IPv6::compress(gen_subnetv6($ifcfgipv6, $ifcfgsnv6));
+ $subnet6 = gen_subnetv6($ifcfgipv6, $ifcfgsnv6);
$dhcpdv6conf .= "subnet6 {$subnet6}/{$ifcfgsnv6} {\n";
} else {
- $subnet6 = Net_IPv6::compress(gen_subnetv6($dhcpv6ifconf['range']['from'], "64"));
+ $subnet6 = gen_subnetv6($dhcpv6ifconf['range']['from'], "64");
$dhcpdv6conf .= "subnet6 {$subnet6}/64 {\n";
}
diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index 351ae2c..dfd29bc 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -67,8 +67,8 @@ function activate_sysctls() {
return;
exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x0001");
exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x0001");
- exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x0001");
- exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x0001");
+ exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x0002");
+ exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x0002");
if(is_array($config['sysctl'])) {
foreach($config['sysctl']['item'] as $tunable) {
diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc
index 608ce09..113c311 100644
--- a/etc/inc/upgrade_config.inc
+++ b/etc/inc/upgrade_config.inc
@@ -2979,4 +2979,17 @@ function upgrade_091_to_092() {
}
}
+function upgrade_092_to_093() {
+ global $g;
+
+ $suffixes = array("concurrent", "loggedin");
+
+ foreach ($suffixes as $suffix)
+ if (file_exists("{$g['vardb_path']}/rrd/captiveportal-{$suffix}.rrd"))
+ rename("{$g['vardb_path']}/rrd/captiveportal-{$suffix}.rrd",
+ "{$g['vardb_path']}/rrd/captiveportal-cpZone-{$suffix}.rrd");
+
+ enable_rrd_graphing();
+}
+
?>
diff --git a/etc/inc/util.inc b/etc/inc/util.inc
index edbc4ff..4404815 100644
--- a/etc/inc/util.inc
+++ b/etc/inc/util.inc
@@ -284,6 +284,7 @@ function gen_subnetv6($ipaddr, $bits) {
return "";
$address = Net_IPv6::getNetmask($ipaddr, $bits);
+ $address = Net_IPv6::compress($address);
return $address;
}
@@ -307,7 +308,7 @@ function gen_subnetv6_max($ipaddr, $bits) {
$inet_end = $inet_ip | ~$inet_mask;
- return(Net_IPv6::uncompress(inet_ntop($inet_end)));
+ return (inet_ntop($inet_end));
}
/* returns a subnet mask (long given a bit count) */
@@ -1154,7 +1155,7 @@ function alias_expand_urltable($name) {
return null;
}
-function subnet_size ($subnet) {
+function subnet_size($subnet) {
if (is_subnetv4($subnet)) {
list ($ip, $bits) = explode("/", $subnet);
return round(exp(log(2) * (32 - $bits)));
@@ -1168,7 +1169,7 @@ function subnet_size ($subnet) {
}
}
-function subnet_expand ($subnet) {
+function subnet_expand($subnet) {
if (is_subnetv4($subnet)) {
return subnetv4_expand($subnet);
} else if (is_subnetv6($subnet)) {
@@ -1178,7 +1179,7 @@ function subnet_expand ($subnet) {
}
}
-function subnetv4_expand ($subnet) {
+function subnetv4_expand($subnet) {
$result = array();
list ($ip, $bits) = explode("/", $subnet);
$net = ip2long($ip);
@@ -1210,6 +1211,16 @@ function check_subnets_overlap($subnet1, $bits1, $subnet2, $bits2) {
return ($sn1 == $sn2);
}
+/* find out whether two IPv6 subnets overlap */
+function check_subnetsv6_overlap($subnet1, $bits1, $subnet2, $bits2) {
+ $sub1_min = gen_subnetv6($subnet1, $bits1);
+ $sub1_max = gen_subnetv6_max($subnet1, $bits1);
+ $sub2_min = gen_subnetv6($subnet2, $bits2);
+ $sub2_max = gen_subnetv6_max($subnet2, $bits2);
+
+ return (is_inrange_v6($sub1_min, $sub2_min, $sub2_max) || is_inrange_v6($sub1_max, $sub2_min, $sub2_max) || is_inrange_v6($sub2_min, $sub1_min, $sub1_max));
+}
+
/* compare two IP addresses */
function ipcmp($a, $b) {
if (ip_less_than($a, $b))
@@ -1223,15 +1234,12 @@ function ipcmp($a, $b) {
/* return true if $addr is in $subnet, false if not */
function ip_in_subnet($addr,$subnet) {
if(is_ipaddrv6($addr)) {
- $result = Net_IPv6::IsInNetmask($addr, $subnet);
- if($result)
- return true;
- else
- return false;
+ return (Net_IPv6::isInNetmask($addr, $subnet));
+ } else { /* XXX: Maybe check for IPv4 */
+ list($ip, $mask) = explode('/', $subnet);
+ $mask = (0xffffffff << (32 - $mask)) & 0xffffffff;
+ return ((ip2long($addr) & $mask) == (ip2long($ip) & $mask));
}
- list($ip, $mask) = explode('/', $subnet);
- $mask = (0xffffffff << (32 - $mask)) & 0xffffffff;
- return ((ip2long($addr) & $mask) == (ip2long($ip) & $mask));
}
/* verify (and remove) the digital signature on a file - returns 0 if OK */
diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc
index 32602af..5b392bb 100644
--- a/etc/inc/voucher.inc
+++ b/etc/inc/voucher.inc
@@ -40,9 +40,9 @@ if(!function_exists('captiveportal_syslog'))
function xmlrpc_sync_voucher_expire($vouchers, $syncip, $port, $password, $username) {
global $g, $config, $cpzone;
require_once("xmlrpc.inc");
- if($port == "443")
+ if ($port == "443")
$url = "https://{$syncip}";
- else
+ else
$url = "http://{$syncip}";
/* Construct code that is run on remote machine */
@@ -88,9 +88,9 @@ EOF;
function xmlrpc_sync_voucher_disconnect($dbent, $syncip, $port, $password, $username, $term_cause = 1, $stop_time = null) {
global $g, $config, $cpzone;
require_once("xmlrpc.inc");
- if($port == "443")
+ if ($port == "443")
$url = "https://{$syncip}";
- else
+ else
$url = "http://{$syncip}";
/* Construct code that is run on remote machine */
@@ -140,9 +140,9 @@ EOF;
function xmlrpc_sync_used_voucher($voucher_received, $syncip, $port, $password, $username) {
global $g, $config, $cpzone;
require_once("xmlrpc.inc");
- if($port == "443")
+ if ($port == "443")
$url = "https://{$syncip}";
- else
+ else
$url = "http://{$syncip}";
/* Construct code that is run on remote machine */
@@ -153,6 +153,7 @@ function xmlrpc_sync_used_voucher($voucher_received, $syncip, $port, $password,
\$timeleft = voucher_auth("$voucher_received");
\$toreturn = array();
\$toreturn['timeleft'] = \$timeleft;
+ \$toreturn['voucher'] = array();
\$toreturn['voucher']['roll'] = \$config['voucher'][\$cpzone]['roll'];
EOF;
@@ -182,6 +183,8 @@ EOF;
log_error("CaptivePortalVoucherSync XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
}
$toreturn = XML_RPC_Decode($resp->value());
+ if (!is_array($config['voucher']))
+ $config['voucher'] = array();
if (is_array($toreturn['voucher']) && (count($toreturn['voucher'][$cpzone]['roll']) <> count($config['voucher'][$cpzone]['roll']))) {
$config['voucher'][$cpzone]['roll'] = $toreturn['voucher']['roll'];
write_config("Captive Portal Voucher database synchronized with {$url}");
@@ -194,8 +197,6 @@ EOF;
function voucher_expire($voucher_received) {
global $g, $config, $cpzone;
- $voucherlck = lock("voucher{$cpzone}", LOCK_EX);
-
// XMLRPC Call over to the master Voucher node
if(!empty($config['voucher'][$cpzone]['vouchersyncdbip'])) {
$syncip = $config['voucher'][$cpzone]['vouchersyncdbip'];
@@ -205,6 +206,8 @@ function voucher_expire($voucher_received) {
xmlrpc_sync_voucher_expire($voucher_received, $syncip, $syncport, $syncpass, $vouchersyncusername);
}
+ $voucherlck = lock("voucher{$cpzone}", LOCK_EX);
+
// read rolls into assoc array with rollid as key and minutes as value
$tickets_per_roll = array();
$minutes_per_roll = array();
@@ -307,8 +310,6 @@ function voucher_auth($voucher_received, $test = 0) {
if (!isset($config['voucher'][$cpzone]['enable']))
return 0;
- $voucherlck = lock("voucher{$cpzone}", LOCK_EX);
-
// XMLRPC Call over to the master Voucher node
if(!empty($config['voucher'][$cpzone]['vouchersyncdbip'])) {
$syncip = $config['voucher'][$cpzone]['vouchersyncdbip'];
@@ -318,6 +319,8 @@ function voucher_auth($voucher_received, $test = 0) {
$remote_time_used = xmlrpc_sync_used_voucher($voucher_received, $syncip, $syncport, $syncpass, $vouchersyncusername);
}
+ $voucherlck = lock("voucher{$cpzone}", LOCK_EX);
+
// read rolls into assoc array with rollid as key and minutes as value
$tickets_per_roll = array();
$minutes_per_roll = array();
OpenPOWER on IntegriCloud