diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/dyndns.class | 2 | ||||
-rw-r--r-- | etc/inc/globals.inc | 2 | ||||
-rw-r--r-- | etc/inc/gwlb.inc | 2 | ||||
-rw-r--r-- | etc/inc/interfaces.inc | 26 | ||||
-rw-r--r-- | etc/inc/ipsec.inc | 51 | ||||
-rw-r--r-- | etc/inc/priv.defs.inc | 4 | ||||
-rw-r--r-- | etc/inc/rrd.inc | 166 | ||||
-rw-r--r-- | etc/inc/services.inc | 4 | ||||
-rw-r--r-- | etc/inc/system.inc | 4 | ||||
-rw-r--r-- | etc/inc/upgrade_config.inc | 13 | ||||
-rw-r--r-- | etc/inc/util.inc | 32 | ||||
-rw-r--r-- | etc/inc/voucher.inc | 23 |
12 files changed, 204 insertions, 125 deletions
diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class index 3710efa..58c0db2 100644 --- a/etc/inc/dyndns.class +++ b/etc/inc/dyndns.class @@ -1090,7 +1090,7 @@ if (!$g['debug']) return; - $string = '\n'.date('m-d-y h:i:s').' - ('.$this->_debugID.') - ['.$this->_dnsService.'] - '.$data.'\n'; + $string = date('m-d-y h:i:s').' - ('.$this->_debugID.') - ['.$this->_dnsService.'] - '.$data."\n"; conf_mount_rw(); $file = fopen($this->_debugFile, 'a'); fwrite($file, $string); diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 6315a84..ed84cc0 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -77,7 +77,7 @@ $g = array( "disablecrashreporter" => false, "crashreporterurl" => "http://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "9.2", + "latest_config" => "9.3", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index 663070e..0f5b169 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -781,7 +781,7 @@ function return_gateway_groups_array() { $msg = gettext("Gateways status could not be determined, considering all as up/active. (Group: {$group['name']})"); log_error($msg); notify_via_growl($msg); - notify_via_smtp($msg); + //notify_via_smtp($msg); } $tiers = $backupplan; } diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index e1020e1..7698979 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -3835,20 +3835,27 @@ function guess_interface_from_ip($ipaddress) { * find_ip_interface($ip): return the interface where an ip is defined * (or if $bits is specified, where an IP within the subnet is defined) */ -function find_ip_interface($ip, $bits = null) -{ +function find_ip_interface($ip, $bits = null) { + if (!is_ipaddr($ip)) + return false; + + $isv6ip = is_ipaddrv6($ip); + /* if list */ $ifdescrs = get_configured_interface_list(); foreach ($ifdescrs as $ifdescr => $ifname) { + $ifip = ($isv6ip) ? get_interface_ipv6($ifname) : get_interface_ip($ifname); + if ($ifip === null) + continue; if ($bits === null) { - if ($ip == get_interface_ip($ifname)) { + if ($ip == $ifip) { $int = get_real_interface($ifname); return $int; } } else { - if (ip_in_subnet(get_interface_ip($ifname), $ip . "/" . $bits)) { + if (ip_in_subnet($ifip, $ip . "/" . $bits)) { $int = get_real_interface($ifname); return $int; } @@ -3863,18 +3870,27 @@ function find_ip_interface($ip, $bits = null) */ function find_virtual_ip_alias($ip, $bits = null) { global $config; + if (!is_array($config['virtualip']['vip'])) { return false; } + if (!is_ipaddr($ip)) + return false; + + $isv6ip = is_ipaddrv6($ip); + foreach ($config['virtualip']['vip'] as $vip) { if ($vip['mode'] === "ipalias") { + if (is_ipaddrv6($vip['subnet']) != $isv6ip) + continue; if ($bits === null) { if (ip_in_subnet($ip, $vip['subnet'] . "/" . $vip['subnet_bits'])) { return $vip; } } else { - if (check_subnets_overlap($ip, $bits, $vip['subnet'], $vip['subnet_bits'])) { + if (($isv6ip && check_subnetsv6_overlap($ip, $bits, $vip['subnet'], $vip['subnet_bits'])) + || (!$isv6ip && check_subnets_overlap($ip, $bits, $vip['subnet'], $vip['subnet_bits']))) { return $vip; } } diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index d6242b2..28a882e 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -193,14 +193,14 @@ function ipsec_get_phase1_dst(& $ph1ent) { /* * Return phase2 idinfo in cidr format */ -function ipsec_idinfo_to_cidr(& $idinfo,$addrbits = false) { +function ipsec_idinfo_to_cidr(& $idinfo,$addrbits = false,$mode="tunnel") { global $config; switch ($idinfo['type']) { case "address": if ($addrbits) { - if($idinfo['mode'] == "tunnel6") { + if($mode == "tunnel6") { return $idinfo['address']."/128"; } else { return $idinfo['address']."/32"; @@ -214,7 +214,7 @@ function ipsec_idinfo_to_cidr(& $idinfo,$addrbits = false) { case "mobile": return "0.0.0.0/0"; default: - if($idinfo['mode'] == "tunnel6") { + if($mode == "tunnel6") { $address = get_interface_ipv6($idinfo['type']); $netbits = get_interface_subnetv6($idinfo['type']); $address = gen_subnetv6($address,$netbits); @@ -328,10 +328,10 @@ function ipsec_phase2_status(& $spd,& $sad,& $ph1ent,& $ph2ent) { $loc_ip = ipsec_get_phase1_src($ph1ent); $rmt_ip = ipsec_get_phase1_dst($ph1ent); - $loc_id = ipsec_idinfo_to_cidr($ph2ent['localid'],true); + $loc_id = ipsec_idinfo_to_cidr($ph2ent['localid'],true,$ph2ent['mode']); if (!empty($ph2ent['natlocalid'])) - $natloc_id = ipsec_idinfo_to_cidr($ph2ent['natlocalid'],true); - $rmt_id = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true); + $natloc_id = ipsec_idinfo_to_cidr($ph2ent['natlocalid'],true,$ph2ent['mode']); + $rmt_id = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true,$ph2ent['mode']); /* check for established SA in both directions */ if( ipsec_lookup_ipsec_sa($spd,$sad,"out",$loc_ip,$rmt_ip,$loc_id,$rmt_id)) { @@ -358,6 +358,10 @@ function ipsec_lookup_isakmp_sa($in_srcip,$in_dstip) { function ipsec_lookup_ipsec_sa(& $spd,& $sad,$dir,$in_srcip,$in_dstip,$in_srcid,$in_dstid) { /* match the phase1/2 to an SP */ + $in_srcip = ipsec_fixup_ip($in_srcip); + $in_dstip = ipsec_fixup_ip($in_dstip); + $in_srcid = ipsec_fixup_ip($in_srcid); + $in_dstid = ipsec_fixup_ip($in_dstid); foreach($spd as $sp) { @@ -368,9 +372,9 @@ function ipsec_lookup_ipsec_sa(& $spd,& $sad,$dir,$in_srcip,$in_dstip,$in_srcid, /* match IPs */ - if($in_srcip != $sp['src']) + if($in_srcip != ipsec_fixup_ip($sp['src'])) continue; - if($in_dstip != $sp['dst']) + if($in_dstip != ipsec_fixup_ip($sp['dst'])) continue; /* add netbits for address IDs */ @@ -378,16 +382,24 @@ function ipsec_lookup_ipsec_sa(& $spd,& $sad,$dir,$in_srcip,$in_dstip,$in_srcid, $sp_srcid = $sp['srcid']; $sp_dstid = $sp['dstid']; - if (!strstr($sp_srcid,"/")) - $sp_srcid .= '/32'; - if (!strstr($sp_dstid,"/")) - $sp_dstid .= '/32'; + if (!strstr($sp_srcid,"/")) { + if (ip_ipaddrv4($sp_srcid)) + $sp_srcid .= '/32'; + elseif (ip_ipaddrv6($sp_srcid)) + $sp_srcid .= '/128'; + } + if (!strstr($sp_dstid,"/")) { + if (ip_ipaddrv4($sp_srcid)) + $sp_dstid .= '/32'; + elseif (ip_ipaddrv6($sp_srcid)) + $sp_dstid .= '/128'; + } /* match IDs */ - if($in_srcid != $sp_srcid) + if($in_srcid != ipsec_fixup_ip($sp_srcid)) continue; - if($in_dstid != $sp_dstid) + if($in_dstid != ipsec_fixup_ip($sp_dstid)) continue; /* match the SP to a unique SA by reqid */ @@ -411,9 +423,9 @@ function ipsec_lookup_ipsec_sa(& $spd,& $sad,$dir,$in_srcip,$in_dstip,$in_srcid, /* match IPs */ - if($in_srcip != $sa_srcip) + if($in_srcip != ipsec_fixup_ip($sa_srcip)) continue; - if($in_dstip != $sa_dstip) + if($in_dstip != ipsec_fixup_ip($sa_dstip)) continue; return $sa; @@ -592,4 +604,11 @@ function ipsec_disconnect_mobile($username) { exec("/usr/local/sbin/racoonctl logout-user " . escapeshellarg($username)); } +function ipsec_fixup_ip($ipaddr) { + if (is_ipaddrv6($ipaddr) || !is_subnetv6($ipaddr)) + return Net_IPv6::compress(Net_IPv6::uncompress($ipaddr)); + else + return $ipaddr; +} + ?> diff --git a/etc/inc/priv.defs.inc b/etc/inc/priv.defs.inc index 537971f..2aa9990 100644 --- a/etc/inc/priv.defs.inc +++ b/etc/inc/priv.defs.inc @@ -1121,8 +1121,8 @@ $priv_list['page-system-usermanager-passwordmg']['match'] = array(); $priv_list['page-system-usermanager-passwordmg']['match'][] = "system_usermanager_passwordmg.php*"; $priv_list['page-system-usermanager-settings'] = array(); -$priv_list['page-system-usermanager-settings']['name'] = gettext("WebCfg - System: User manager: settings page"); -$priv_list['page-system-usermanager-settings']['descr'] = gettext("Allow access to the 'System: User manager: settings' page."); +$priv_list['page-system-usermanager-settings']['name'] = gettext("WebCfg - System: User Manager: settings page"); +$priv_list['page-system-usermanager-settings']['descr'] = gettext("Allow access to the 'System: User Manager: settings' page."); $priv_list['page-system-usermanager-settings']['match'] = array(); $priv_list['page-system-usermanager-settings']['match'][] = "system_usermanager_settings.php*"; diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc index 841ee45..6f44396 100644 --- a/etc/inc/rrd.inc +++ b/etc/inc/rrd.inc @@ -104,7 +104,7 @@ function migrate_rrd_format($rrdoldxml, $rrdnewxml) { $numrranew = count($rrdnewxml['rra']); $numdsnew = count($rrdnewxml['ds']); log_error(sprintf(gettext('Import RRD has %1$s DS values and %2$s RRA databases, new format RRD has %3$s DS values and %4$s RRA databases'), $numdsold, $numrraold, $numdsnew ,$numrranew)); - + /* add data sources not found in the old array from the new array */ $i = 0; foreach($rrdnewxml['ds'] as $ds) { @@ -194,7 +194,7 @@ function migrate_rrd_format($rrdoldxml, $rrdnewxml) { function enable_rrd_graphing() { global $config, $g, $altq_list_queues; - if($g['booting']) + if($g['booting']) echo gettext("Generating RRD graphs..."); $rrddbpath = "/var/db/rrd/"; @@ -213,7 +213,6 @@ function enable_rrd_graphing() { $vpnusers = "-vpnusers.rrd"; $captiveportalconcurrent = "-concurrent.rrd"; $captiveportalloggedin = "-loggedin.rrd"; - $captiveportaltotalusers = "-totalusers.rrd"; $rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool"; $netstat = "/usr/bin/netstat"; @@ -324,6 +323,7 @@ function enable_rrd_graphing() { $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; create_new_rrd($rrdcreate); + unset($rrdcreate); } /* enter UNKNOWN values in the RRD so it knows we rebooted. */ @@ -356,6 +356,7 @@ function enable_rrd_graphing() { $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; create_new_rrd($rrdcreate); + unset($rrdcreate); } /* enter UNKNOWN values in the RRD so it knows we rebooted. */ @@ -382,8 +383,9 @@ function enable_rrd_graphing() { $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; - + create_new_rrd($rrdcreate); + unset($rrdcreate); } /* enter UNKNOWN values in the RRD so it knows we rebooted. */ @@ -406,8 +408,9 @@ function enable_rrd_graphing() { $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; - + create_new_rrd($rrdcreate); + unset($rrdcreate); } /* enter UNKNOWN values in the RRD so it knows we rebooted. */ @@ -473,6 +476,7 @@ function enable_rrd_graphing() { $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; create_new_rrd($rrdcreate); + unset($rrdcreate); } if (!file_exists("$rrddbpath$ifname$queuesdrop")) { @@ -489,6 +493,7 @@ function enable_rrd_graphing() { $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; create_new_rrd($rrdcreate); + unset($rrdcreate); } if($g['booting']) { @@ -555,6 +560,7 @@ function enable_rrd_graphing() { $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; create_new_rrd($rrdcreate); + unset($rrdcreate); } /* enter UNKNOWN values in the RRD so it knows we rebooted. */ @@ -588,6 +594,7 @@ function enable_rrd_graphing() { $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; create_new_rrd($rrdcreate); + unset($rrdcreate); } /* enter UNKNOWN values in the RRD so it knows we rebooted. */ @@ -622,6 +629,7 @@ function enable_rrd_graphing() { $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; create_new_rrd($rrdcreate); + unset($rrdcreate); } /* enter UNKNOWN values in the RRD so it knows we rebooted. */ @@ -659,6 +667,7 @@ function enable_rrd_graphing() { $rrdcreate .= "RRA:MAX:0.5:720:3000"; create_new_rrd($rrdcreate); + unset($rrdcreate); } /* enter UNKNOWN values in the RRD so it knows we rebooted. */ @@ -671,7 +680,7 @@ function enable_rrd_graphing() { $rrdupdatesh .= " $awk '{getline active;getline inactive;getline free;getline cache;getline wire;printf "; $rrdupdatesh .= "((active/$0) * 100)\":\"((inactive/$0) * 100)\":\"((free/$0) * 100)\":\"((cache/$0) * 100)\":\"(wire/$0 * 100)}'`\n"; $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$mem N:\${MEM}\n"; - + /* End Memory statistics */ /* SPAMD, set up the spamd rrd file */ @@ -696,6 +705,7 @@ function enable_rrd_graphing() { $rrdcreate .= "RRA:MAX:0.5:720:3000 "; create_new_rrd($rrdcreate); + unset($rrdcreate); } $rrdupdatesh .= "\n"; @@ -707,77 +717,85 @@ function enable_rrd_graphing() { /* End System statistics */ /* Captive Portal statistics, set up the rrd file */ - if(isset($config['captiveportal']['enable'])) { - $ifname= "captiveportal"; - if (!file_exists("$rrddbpath$ifname$captiveportalconcurrent")) { - $rrdcreate = "$rrdtool create $rrddbpath$ifname$captiveportalconcurrent --step $rrdcaptiveportalinterval "; - $rrdcreate .= "DS:concurrentusers:GAUGE:$captiveportalvalid:0:10000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; - $rrdcreate .= "RRA:MIN:0.5:1:1000 "; - $rrdcreate .= "RRA:MIN:0.5:5:1000 "; - $rrdcreate .= "RRA:MIN:0.5:60:1000 "; - $rrdcreate .= "RRA:MIN:0.5:720:3000 "; - $rrdcreate .= "RRA:MAX:0.5:1:1000 "; - $rrdcreate .= "RRA:MAX:0.5:5:1000 "; - $rrdcreate .= "RRA:MAX:0.5:60:1000 "; - $rrdcreate .= "RRA:MAX:0.5:720:3000 "; - $rrdcreate .= "RRA:LAST:0.5:1:1000 "; - $rrdcreate .= "RRA:LAST:0.5:5:1000 "; - $rrdcreate .= "RRA:LAST:0.5:60:1000 "; - $rrdcreate .= "RRA:LAST:0.5:720:3000 "; + if(is_array($config['captiveportal'])) { + foreach ($config['captiveportal'] as $cpkey => $cp) { + if (!isset($cp['enable'])) + continue; + + $ifname= "captiveportal"; + $concurrent_filename = $rrddbpath . $ifname . '-' . $cpkey . $captiveportalconcurrent; + if (!file_exists("$concurrent_filename")) { + $rrdcreate = "$rrdtool create $concurrent_filename --step $rrdcaptiveportalinterval "; + $rrdcreate .= "DS:concurrentusers:GAUGE:$captiveportalvalid:0:10000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + $rrdcreate .= "RRA:MIN:0.5:1:1000 "; + $rrdcreate .= "RRA:MIN:0.5:5:1000 "; + $rrdcreate .= "RRA:MIN:0.5:60:1000 "; + $rrdcreate .= "RRA:MIN:0.5:720:3000 "; + $rrdcreate .= "RRA:MAX:0.5:1:1000 "; + $rrdcreate .= "RRA:MAX:0.5:5:1000 "; + $rrdcreate .= "RRA:MAX:0.5:60:1000 "; + $rrdcreate .= "RRA:MAX:0.5:720:3000 "; + $rrdcreate .= "RRA:LAST:0.5:1:1000 "; + $rrdcreate .= "RRA:LAST:0.5:5:1000 "; + $rrdcreate .= "RRA:LAST:0.5:60:1000 "; + $rrdcreate .= "RRA:LAST:0.5:720:3000 "; - create_new_rrd($rrdcreate); - } + create_new_rrd($rrdcreate); + unset($rrdcreate); + } - /* enter UNKNOWN values in the RRD so it knows we rebooted. */ - if($g['booting']) { - mwexec("$rrdtool update $rrddbpath$ifname$captiveportalconcurrent N:U"); - } - - /* the Captive Portal stats gathering function. */ - $rrdupdatesh .= "\n"; - $rrdupdatesh .= "# polling Captive Portal for number of concurrent users\n"; - $rrdupdatesh .= "CP=`$php -q $captiveportal_gather concurrent`\n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$captiveportalconcurrent \${CP}\n"; - - $ifname= "captiveportal"; - if (!file_exists("$rrddbpath$ifname$captiveportalloggedin")) { - $rrdcreate = "$rrdtool create $rrddbpath$ifname$captiveportalloggedin --step $rrdcaptiveportalinterval "; - $rrdcreate .= "DS:loggedinusers:GAUGE:$captiveportalvalid:0:10000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; - $rrdcreate .= "RRA:MIN:0.5:1:1000 "; - $rrdcreate .= "RRA:MIN:0.5:5:1000 "; - $rrdcreate .= "RRA:MIN:0.5:60:1000 "; - $rrdcreate .= "RRA:MIN:0.5:720:3000 "; - $rrdcreate .= "RRA:MAX:0.5:1:1000 "; - $rrdcreate .= "RRA:MAX:0.5:5:1000 "; - $rrdcreate .= "RRA:MAX:0.5:60:1000 "; - $rrdcreate .= "RRA:MAX:0.5:720:3000 "; - $rrdcreate .= "RRA:LAST:0.5:1:1000 "; - $rrdcreate .= "RRA:LAST:0.5:5:1000 "; - $rrdcreate .= "RRA:LAST:0.5:60:1000 "; - $rrdcreate .= "RRA:LAST:0.5:720:3000 "; + /* enter UNKNOWN values in the RRD so it knows we rebooted. */ + if($g['booting']) { + mwexec("$rrdtool update $concurrent_filename N:U"); + } - create_new_rrd($rrdcreate); - } + /* the Captive Portal stats gathering function. */ + $rrdupdatesh .= "\n"; + $rrdupdatesh .= "# polling Captive Portal for number of concurrent users\n"; + $rrdupdatesh .= "CP=`$php -q $captiveportal_gather '$cpkey' $concurrent`\n"; + $rrdupdatesh .= "$rrdtool update $concurrent_filename \${CP}\n"; + + $loggedin_filename = $rrddbpath . $ifname . '-' . $cpkey . $captiveportalloggedin; + if (!file_exists("$loggedin_filename")) { + $rrdcreate = "$rrdtool create $loggedin_filename --step $rrdcaptiveportalinterval "; + $rrdcreate .= "DS:loggedinusers:GAUGE:$captiveportalvalid:0:10000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + $rrdcreate .= "RRA:MIN:0.5:1:1000 "; + $rrdcreate .= "RRA:MIN:0.5:5:1000 "; + $rrdcreate .= "RRA:MIN:0.5:60:1000 "; + $rrdcreate .= "RRA:MIN:0.5:720:3000 "; + $rrdcreate .= "RRA:MAX:0.5:1:1000 "; + $rrdcreate .= "RRA:MAX:0.5:5:1000 "; + $rrdcreate .= "RRA:MAX:0.5:60:1000 "; + $rrdcreate .= "RRA:MAX:0.5:720:3000 "; + $rrdcreate .= "RRA:LAST:0.5:1:1000 "; + $rrdcreate .= "RRA:LAST:0.5:5:1000 "; + $rrdcreate .= "RRA:LAST:0.5:60:1000 "; + $rrdcreate .= "RRA:LAST:0.5:720:3000 "; - /* enter UNKNOWN values in the RRD so it knows we rebooted. */ - if($g['booting']) { - mwexec("$rrdtool update $rrddbpath$ifname$captiveportalloggedin N:U"); - } + create_new_rrd($rrdcreate); + unset($rrdcreate); + } - /* the Captive Portal stats gathering function. */ - $rrdupdatesh .= "\n"; - $rrdupdatesh .= "# polling Captive Portal for number of logged in users\n"; - $rrdupdatesh .= "CP=`$php -q $captiveportal_gather loggedin`\n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$captiveportalloggedin \${CP}\n"; + /* enter UNKNOWN values in the RRD so it knows we rebooted. */ + if($g['booting']) { + mwexec("$rrdtool update $loggedin_filename N:U"); + } + + /* the Captive Portal stats gathering function. */ + $rrdupdatesh .= "\n"; + $rrdupdatesh .= "# polling Captive Portal for number of logged in users\n"; + $rrdupdatesh .= "CP=`$php -q $captiveportal_gather $cpkey loggedin`\n"; + $rrdupdatesh .= "$rrdtool update $loggedin_filename \${CP}\n"; + } } $rrdupdatesh .= "sleep 60\n"; @@ -789,6 +807,8 @@ function enable_rrd_graphing() { fwrite($fd, "$rrdupdatesh"); fclose($fd); + unset($rrdupdatesh); + /* kill off traffic collectors */ kill_traffic_collector(); @@ -805,9 +825,9 @@ function enable_rrd_graphing() { chown($database, "nobody"); } - if($g['booting']) + if($g['booting']) echo gettext("done.") . "\n"; - + } function kill_traffic_collector() { diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 7ffb555..4016d45 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -1001,10 +1001,10 @@ EOD; } if(is_ipaddrv6(ifcfgipv6)) { - $subnet6 = Net_IPv6::compress(gen_subnetv6($ifcfgipv6, $ifcfgsnv6)); + $subnet6 = gen_subnetv6($ifcfgipv6, $ifcfgsnv6); $dhcpdv6conf .= "subnet6 {$subnet6}/{$ifcfgsnv6} {\n"; } else { - $subnet6 = Net_IPv6::compress(gen_subnetv6($dhcpv6ifconf['range']['from'], "64")); + $subnet6 = gen_subnetv6($dhcpv6ifconf['range']['from'], "64"); $dhcpdv6conf .= "subnet6 {$subnet6}/64 {\n"; } diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 351ae2c..dfd29bc 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -67,8 +67,8 @@ function activate_sysctls() { return; exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x0001"); exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x0001"); - exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x0001"); - exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x0001"); + exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x0002"); + exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x0002"); if(is_array($config['sysctl'])) { foreach($config['sysctl']['item'] as $tunable) { diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 608ce09..113c311 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -2979,4 +2979,17 @@ function upgrade_091_to_092() { } } +function upgrade_092_to_093() { + global $g; + + $suffixes = array("concurrent", "loggedin"); + + foreach ($suffixes as $suffix) + if (file_exists("{$g['vardb_path']}/rrd/captiveportal-{$suffix}.rrd")) + rename("{$g['vardb_path']}/rrd/captiveportal-{$suffix}.rrd", + "{$g['vardb_path']}/rrd/captiveportal-cpZone-{$suffix}.rrd"); + + enable_rrd_graphing(); +} + ?> diff --git a/etc/inc/util.inc b/etc/inc/util.inc index edbc4ff..4404815 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -284,6 +284,7 @@ function gen_subnetv6($ipaddr, $bits) { return ""; $address = Net_IPv6::getNetmask($ipaddr, $bits); + $address = Net_IPv6::compress($address); return $address; } @@ -307,7 +308,7 @@ function gen_subnetv6_max($ipaddr, $bits) { $inet_end = $inet_ip | ~$inet_mask; - return(Net_IPv6::uncompress(inet_ntop($inet_end))); + return (inet_ntop($inet_end)); } /* returns a subnet mask (long given a bit count) */ @@ -1154,7 +1155,7 @@ function alias_expand_urltable($name) { return null; } -function subnet_size ($subnet) { +function subnet_size($subnet) { if (is_subnetv4($subnet)) { list ($ip, $bits) = explode("/", $subnet); return round(exp(log(2) * (32 - $bits))); @@ -1168,7 +1169,7 @@ function subnet_size ($subnet) { } } -function subnet_expand ($subnet) { +function subnet_expand($subnet) { if (is_subnetv4($subnet)) { return subnetv4_expand($subnet); } else if (is_subnetv6($subnet)) { @@ -1178,7 +1179,7 @@ function subnet_expand ($subnet) { } } -function subnetv4_expand ($subnet) { +function subnetv4_expand($subnet) { $result = array(); list ($ip, $bits) = explode("/", $subnet); $net = ip2long($ip); @@ -1210,6 +1211,16 @@ function check_subnets_overlap($subnet1, $bits1, $subnet2, $bits2) { return ($sn1 == $sn2); } +/* find out whether two IPv6 subnets overlap */ +function check_subnetsv6_overlap($subnet1, $bits1, $subnet2, $bits2) { + $sub1_min = gen_subnetv6($subnet1, $bits1); + $sub1_max = gen_subnetv6_max($subnet1, $bits1); + $sub2_min = gen_subnetv6($subnet2, $bits2); + $sub2_max = gen_subnetv6_max($subnet2, $bits2); + + return (is_inrange_v6($sub1_min, $sub2_min, $sub2_max) || is_inrange_v6($sub1_max, $sub2_min, $sub2_max) || is_inrange_v6($sub2_min, $sub1_min, $sub1_max)); +} + /* compare two IP addresses */ function ipcmp($a, $b) { if (ip_less_than($a, $b)) @@ -1223,15 +1234,12 @@ function ipcmp($a, $b) { /* return true if $addr is in $subnet, false if not */ function ip_in_subnet($addr,$subnet) { if(is_ipaddrv6($addr)) { - $result = Net_IPv6::IsInNetmask($addr, $subnet); - if($result) - return true; - else - return false; + return (Net_IPv6::isInNetmask($addr, $subnet)); + } else { /* XXX: Maybe check for IPv4 */ + list($ip, $mask) = explode('/', $subnet); + $mask = (0xffffffff << (32 - $mask)) & 0xffffffff; + return ((ip2long($addr) & $mask) == (ip2long($ip) & $mask)); } - list($ip, $mask) = explode('/', $subnet); - $mask = (0xffffffff << (32 - $mask)) & 0xffffffff; - return ((ip2long($addr) & $mask) == (ip2long($ip) & $mask)); } /* verify (and remove) the digital signature on a file - returns 0 if OK */ diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index 32602af..5b392bb 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -40,9 +40,9 @@ if(!function_exists('captiveportal_syslog')) function xmlrpc_sync_voucher_expire($vouchers, $syncip, $port, $password, $username) { global $g, $config, $cpzone; require_once("xmlrpc.inc"); - if($port == "443") + if ($port == "443") $url = "https://{$syncip}"; - else + else $url = "http://{$syncip}"; /* Construct code that is run on remote machine */ @@ -88,9 +88,9 @@ EOF; function xmlrpc_sync_voucher_disconnect($dbent, $syncip, $port, $password, $username, $term_cause = 1, $stop_time = null) { global $g, $config, $cpzone; require_once("xmlrpc.inc"); - if($port == "443") + if ($port == "443") $url = "https://{$syncip}"; - else + else $url = "http://{$syncip}"; /* Construct code that is run on remote machine */ @@ -140,9 +140,9 @@ EOF; function xmlrpc_sync_used_voucher($voucher_received, $syncip, $port, $password, $username) { global $g, $config, $cpzone; require_once("xmlrpc.inc"); - if($port == "443") + if ($port == "443") $url = "https://{$syncip}"; - else + else $url = "http://{$syncip}"; /* Construct code that is run on remote machine */ @@ -153,6 +153,7 @@ function xmlrpc_sync_used_voucher($voucher_received, $syncip, $port, $password, \$timeleft = voucher_auth("$voucher_received"); \$toreturn = array(); \$toreturn['timeleft'] = \$timeleft; + \$toreturn['voucher'] = array(); \$toreturn['voucher']['roll'] = \$config['voucher'][\$cpzone]['roll']; EOF; @@ -182,6 +183,8 @@ EOF; log_error("CaptivePortalVoucherSync XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } $toreturn = XML_RPC_Decode($resp->value()); + if (!is_array($config['voucher'])) + $config['voucher'] = array(); if (is_array($toreturn['voucher']) && (count($toreturn['voucher'][$cpzone]['roll']) <> count($config['voucher'][$cpzone]['roll']))) { $config['voucher'][$cpzone]['roll'] = $toreturn['voucher']['roll']; write_config("Captive Portal Voucher database synchronized with {$url}"); @@ -194,8 +197,6 @@ EOF; function voucher_expire($voucher_received) { global $g, $config, $cpzone; - $voucherlck = lock("voucher{$cpzone}", LOCK_EX); - // XMLRPC Call over to the master Voucher node if(!empty($config['voucher'][$cpzone]['vouchersyncdbip'])) { $syncip = $config['voucher'][$cpzone]['vouchersyncdbip']; @@ -205,6 +206,8 @@ function voucher_expire($voucher_received) { xmlrpc_sync_voucher_expire($voucher_received, $syncip, $syncport, $syncpass, $vouchersyncusername); } + $voucherlck = lock("voucher{$cpzone}", LOCK_EX); + // read rolls into assoc array with rollid as key and minutes as value $tickets_per_roll = array(); $minutes_per_roll = array(); @@ -307,8 +310,6 @@ function voucher_auth($voucher_received, $test = 0) { if (!isset($config['voucher'][$cpzone]['enable'])) return 0; - $voucherlck = lock("voucher{$cpzone}", LOCK_EX); - // XMLRPC Call over to the master Voucher node if(!empty($config['voucher'][$cpzone]['vouchersyncdbip'])) { $syncip = $config['voucher'][$cpzone]['vouchersyncdbip']; @@ -318,6 +319,8 @@ function voucher_auth($voucher_received, $test = 0) { $remote_time_used = xmlrpc_sync_used_voucher($voucher_received, $syncip, $syncport, $syncpass, $vouchersyncusername); } + $voucherlck = lock("voucher{$cpzone}", LOCK_EX); + // read rolls into assoc array with rollid as key and minutes as value $tickets_per_roll = array(); $minutes_per_roll = array(); |