diff options
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/captiveportal.inc | 42 | ||||
| -rw-r--r-- | etc/inc/filter.inc | 16 | ||||
| -rw-r--r-- | etc/inc/interfaces.inc | 15 | ||||
| -rw-r--r-- | etc/inc/rrd.inc | 459 | ||||
| -rw-r--r-- | etc/inc/services.inc | 2 | ||||
| -rw-r--r-- | etc/inc/shaper.inc | 123 | ||||
| -rw-r--r-- | etc/inc/system.inc | 18 | ||||
| -rw-r--r-- | etc/inc/upgrade_config.inc | 4 | ||||
| -rw-r--r-- | etc/inc/vpn.inc | 14 | ||||
| -rwxr-xr-x | etc/rc | 5 | ||||
| -rwxr-xr-x | etc/rc.linkup | 6 | ||||
| -rwxr-xr-x | etc/rc.newipsecdns | 2 |
12 files changed, 364 insertions, 342 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 1e96b41..0d3853b 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -425,45 +425,14 @@ EOD; foreach ($cpips as $cpip) $ips .= "or {$cpip} "; $ips = "{ {$ips} }"; - //# allow access to our DHCP server (which needs to be able to ping clients as well) - $cprules .= "add {$rulenum} set 1 pass udp from any 68 to {$ips} 67 in \n"; + $cprules .= "add {$rulenum} set 1 pass ip from any to {$ips} in\n"; $rulenum++; - $cprules .= "add {$rulenum} set 1 pass udp from any 68 to {$ips} 67 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass udp from {$ips} 67 to any 68 out \n"; + $cprules .= "add {$rulenum} set 1 pass ip from {$ips} to any out\n"; $rulenum++; $cprules .= "add {$rulenum} set 1 pass icmp from {$ips} to any out icmptype 0\n"; $rulenum++; $cprules .= "add {$rulenum} set 1 pass icmp from any to {$ips} in icmptype 8 \n"; $rulenum++; - //# allow access to our DNS forwarder - $cprules .= "add {$rulenum} set 1 pass udp from any to {$ips} 53 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass udp from {$ips} 53 to any out \n"; - $rulenum++; - # allow access to our web server - $cprules .= "add {$rulenum} set 1 pass tcp from any to {$ips} 8000 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from {$ips} 8000 to any out \n"; - - if (isset($config['captiveportal']['httpslogin'])) { - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from any to {$ips} 8001 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from {$ips} 8001 to any out \n"; - } - if (!empty($config['system']['webgui']['port'])) - $port = $config['system']['webgui']['port']; - else if ($config['system']['webgui']['proto'] == "http") - $port = 80; - else - $port = 443; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from any to {$ips} {$port} in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from {$ips} {$port} to any out \n"; - $rulenum++; - /* Allowed ips */ $cprules .= "add {$rulenum} allow ip from table(3) to any in\n"; $rulenum++; @@ -917,14 +886,17 @@ function captiveportal_allowedip_configure_entry($ipent) { $bw_up = $ruleno + 20000; $rules .= "pipe {$bw_up} config bw {$ipent['bw_up']}Kbit/s queue 100\n"; } + $subnet = ""; + if (!empty($ipent['sn'])) + $subnet = "/{$ipent['sn']}"; foreach ($tablein as $table) - $rules .= "table {$table} add {$ipent['ip']} {$bw_up}\n"; + $rules .= "table {$table} add {$ipent['ip']}{$subnet} {$bw_up}\n"; if ($enBwdown) { $bw_down = $ruleno + 20001; $rules .= "pipe {$bw_down} config bw {$ipent['bw_down']}Kbit/s queue 100\n"; } foreach ($tableout as $table) - $rules .= "table {$table} add {$ipent['ip']} {$bw_down}\n"; + $rules .= "table {$table} add {$ipent['ip']}{$subnet} {$bw_down}\n"; return $rules; } diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index af4619d..c480381 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1396,18 +1396,10 @@ function filter_nat_rules_generate() { else sigkillbypid("/var/run/inetd.pid", "HUP"); - if($pptpdcfg['mode'] && $pptpdcfg['mode'] != "off") { - if($pptpdcfg['mode'] == "server") - $pptpdtarget = "127.0.0.1"; - else if($pptpdcfg['mode'] == "redir") - $pptpdtarget = $pptpdcfg['redir']; - if($pptpdcfg['mode'] == "redir" && is_array($FilterIflist['wan'])) { - /* - * NB: ermal -- the rdr rule below is commented out now that we have a solution - * for PPTP passthrough. This unbreaks other GRE traffic passing - * through pfSense. - * After some more testing this will be removed compeletely. - */ + $pptpdcfg = $config['pptpd']; + if($pptpdcfg['mode'] && $pptpdcfg['mode'] == "redir") { + $pptpdtarget = $pptpdcfg['redir']; + if(is_ipaddr($pptpdtarget) && is_array($FilterIflist['wan'])) { $natrules .= <<<EOD # PPTP diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index dc4cbdf..73e5554 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -819,10 +819,11 @@ function interface_bring_down($interface = "wan", $destroy = false) { if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { foreach ($config['ppps']['ppp'] as $pppid => $ppp) { if ($realif == $ppp['if']) { - if (!isset($ppp['ondemand'])) { - killbypid("{$g['varrun_path']}/{$ifcfg['ipaddr']}_{$interface}.pid"); - sleep(2); - unlink_if_exists("{$g['varetc_path']}/mpd_{$interface}.conf"); + killbypid("{$g['varrun_path']}/{$ifcfg['ipaddr']}_{$interface}.pid"); + sleep(2); + unlink_if_exists("{$g['varetc_path']}/mpd_{$interface}.conf"); + if (isset($ppp['ondemand']) && !$destroy) { + interface_configure("wan"); } break; } @@ -2227,7 +2228,7 @@ function interface_configure($interface = "wan", $reloadall = false) { if (!$g['booting']) { /* remove all IPv4 addresses */ while (mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " -alias", true) == 0); - interface_bring_down($interface); + interface_bring_down($interface, true); } /* wireless configuration? */ @@ -2764,7 +2765,7 @@ function find_carp_interface($ip) { foreach ($config['virtualip']['vip'] as $vip) { if ($vip['mode'] == "carp" || $vip['mode'] == "carpdev") { $carp_ip = get_interface_ip($vip['interface']); - $if = `ifconfig | grep '$ip' -B1 | head -n1 | cut -d: -f1`; + $if = `ifconfig | grep '$ip ' -B1 | head -n1 | cut -d: -f1`; if ($if) return $if; } @@ -3209,4 +3210,4 @@ function setup_pppoe_reset_file($pppif, $iface="") { unlink_if_exists($cron_file); } -?> +?>
\ No newline at end of file diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc index 98766e3..356037e 100644 --- a/etc/inc/rrd.inc +++ b/etc/inc/rrd.inc @@ -1,7 +1,7 @@ <?php /* $Id$ */ /* - Copyright (C) 2008 Seth Mos + Copyright (C) 2010 Seth Mos <seth.mos@dds.nl> All rights reserved. Redistribution and use in source and binary forms, with or without @@ -174,6 +174,7 @@ function enable_rrd_graphing() { $proc = "-processor.rrd"; $mem = "-memory.rrd"; $cellular = "-cellular.rrd"; + $vpnusers = "-vpnusers.rrd"; $rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool"; $netstat = "/usr/bin/netstat"; @@ -197,6 +198,7 @@ function enable_rrd_graphing() { $rrdprocinterval = 60; $rrdmeminterval = 60; $rrdcellularinterval = 60; + $rrdvpninterval = 60; $trafficvalid = $rrdtrafficinterval * 2; $wirelessvalid = $rrdwirelessinterval * 2; @@ -209,6 +211,7 @@ function enable_rrd_graphing() { $procvalid = $rrdlbpoolinterval * 2; $memvalid = $rrdmeminterval * 2; $cellularvalid = $rrdcellularinterval * 2; + $vpnvalid = $rrdvpninterval * 2; /* Asume GigE for now */ $downstream = 125000000; @@ -250,8 +253,17 @@ function enable_rrd_graphing() { $i = 0; $ifdescrs = get_configured_interface_with_descr(); + /* IPsec counters */ $ifdescrs['ipsec'] = "IPsec"; + /* OpenVPN server counters */ + if(is_array($config['openvpn']['openvpn-server'])) { + foreach($config['openvpn']['openvpn-server'] as $server) { + $serverid = "ovpns" . $server['vpnid']; + $ifdescrs[$serverid] = "{$server['description']}"; + } + } + /* process all real and pseudo interfaces */ foreach ($ifdescrs as $ifname => $ifdescr) { $temp = get_real_interface($ifname); if($temp <> "") { @@ -336,190 +348,264 @@ function enable_rrd_graphing() { $rrdupdatesh .= "`$ifconfig {$realif} list sta| $awk 'gsub(\"M\", \"\") {getline 2;print substr(\$5, 0, length(\$5)-2) \":\" $4 \":\" $3}'`\n"; } - /* QUEUES, set up the queues databases */ - if ($altq_list_queues[$ifname]) { - $altq =& $altq_list_queues[$ifname]; - /* NOTE: Is it worth as its own function?! */ - switch ($altq->GetBwscale()) { - case "Gb": - $factor = 1024 * 1024 * 1024; - break; - case "Mb": - $factor = 1024 * 1024; - break; - case "Kb": - $factor = 1024; - break; - case "b": - default: - $factor = 1; - break; - } - $qbandwidth = $altq->GetBandwidth() * $factor; - if ($qbandwidth <=0) - $qbandwidth = 100 * 1000 * 1000; /* 100Mbit */ - $qlist =& $altq->get_queue_list($notused); - if (!file_exists("$rrddbpath$ifname$queues")) { - $rrdcreate = "$rrdtool create $rrddbpath$ifname$queues --step $rrdqueuesinterval "; - /* loop list of shaper queues */ - $q = 0; - foreach ($qlist as $qname => $q) { - $rrdcreate .= "DS:$qname:COUNTER:$queuesvalid:0:$qbandwidth "; - } + /* OpenVPN, set up the rrd file */ + if(stristr($ifname, "ovpns")) { + if (!file_exists("$rrddbpath$ifname$vpnusers")) { + $rrdcreate = "$rrdtool create $rrddbpath$ifname$vpnusers --step $rrdvpninterval "; + $rrdcreate .= "DS:users:GAUGE:$vpnvalid:0:10000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + + create_new_rrd($rrdcreate); + } - $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + /* enter UNKNOWN values in the RRD so it knows we rebooted. */ + if($g['booting']) { + mwexec("$rrdtool update $rrddbpath$ifname$vpnusers N:U"); + } - create_new_rrd($rrdcreate); + if(is_array($config['openvpn']['openvpn-server'])) { + foreach($config['openvpn']['openvpn-server'] as $server) { + if("ovpns{$server['vpnid']}" == $ifname) { + $port = $server['local_port']; + } } + } + $rrdupdatesh .= "\n"; + $rrdupdatesh .= "# polling vpn users for interface $ifname $realif port $port\n"; + $rrdupdatesh .= "list_current_users() {\n"; + $rrdupdatesh .= " sleep 0.2\n"; + $rrdupdatesh .= " echo \"status 2\"\n"; + $rrdupdatesh .= " sleep 0.2\n"; + $rrdupdatesh .= " echo \"quit\"\n"; + $rrdupdatesh .= "}\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$vpnusers N:\\\n"; + $rrdupdatesh .= "`list_current_users | nc localhost {$port} | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'`\n"; + } - if (!file_exists("$rrddbpath$ifname$queuesdrop")) { - $rrdcreate = "$rrdtool create $rrddbpath$ifname$queuesdrop --step $rrdqueuesdropinterval "; - /* loop list of shaper queues */ - $q = 0; - foreach ($qlist as $qname => $q) { - $rrdcreate .= "DS:$qname:COUNTER:$queuesdropvalid:0:$qbandwidth "; - } + /* QUEUES, set up the queues databases */ + if ($altq_list_queues[$ifname]) { + $altq =& $altq_list_queues[$ifname]; + /* NOTE: Is it worth as its own function?! */ + switch ($altq->GetBwscale()) { + case "Gb": + $factor = 1024 * 1024 * 1024; + break; + case "Mb": + $factor = 1024 * 1024; + break; + case "Kb": + $factor = 1024; + break; + case "b": + default: + $factor = 1; + break; + } + $qbandwidth = $altq->GetBandwidth() * $factor; + if ($qbandwidth <=0) { + $qbandwidth = 100 * 1000 * 1000; /* 100Mbit */ + } + $qlist =& $altq->get_queue_list($notused); + if (!file_exists("$rrddbpath$ifname$queues")) { + $rrdcreate = "$rrdtool create $rrddbpath$ifname$queues --step $rrdqueuesinterval "; + /* loop list of shaper queues */ + $q = 0; + foreach ($qlist as $qname => $q) { + $rrdcreate .= "DS:$qname:COUNTER:$queuesvalid:0:$qbandwidth "; + } - $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + + create_new_rrd($rrdcreate); + } - create_new_rrd($rrdcreate); + if (!file_exists("$rrddbpath$ifname$queuesdrop")) { + $rrdcreate = "$rrdtool create $rrddbpath$ifname$queuesdrop --step $rrdqueuesdropinterval "; + /* loop list of shaper queues */ + $q = 0; + foreach ($qlist as $qname => $q) { + $rrdcreate .= "DS:$qname:COUNTER:$queuesdropvalid:0:$qbandwidth "; } - if($g['booting']) { - $rrdqcommand = "-t "; - $rrducommand = "N"; - $q = 0; - foreach ($qlist as $qname => $q) { - if($q == 0) { - $rrdqcommand .= "{$qname}"; - } else { - $rrdqcommand .= ":{$qname}"; - } - $q++; - $rrducommand .= ":U"; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + + create_new_rrd($rrdcreate); + } + + if($g['booting']) { + $rrdqcommand = "-t "; + $rrducommand = "N"; + $q = 0; + foreach ($qlist as $qname => $q) { + if($q == 0) { + $rrdqcommand .= "{$qname}"; + } else { + $rrdqcommand .= ":{$qname}"; } - mwexec("$rrdtool update $rrddbpath$ifname$queues $rrdqcommand $rrducommand"); - mwexec("$rrdtool update $rrddbpath$ifname$queuesdrop $rrdqcommand $rrducommand"); + $q++; + $rrducommand .= ":U"; } - - /* awk function to gather shaper data */ - /* yes, it's special */ - $rrdupdatesh .= "` pfctl -vsq -i {$realif} | awk 'BEGIN {printf \"$rrdtool update $rrddbpath$ifname$queues \" } "; - $rrdupdatesh .= "{ "; - $rrdupdatesh .= "if ((\$1 == \"queue\") && ( \$2 ~ /^q/ )) { "; - $rrdupdatesh .= "dsname = dsname \":\" \$2 ; "; - $rrdupdatesh .= "q=1; "; - $rrdupdatesh .= "} "; - $rrdupdatesh .= "else if ((\$4 == \"bytes:\") && ( q == 1 ) ) { "; - $rrdupdatesh .= "dsdata = dsdata \":\" \$5 ; "; - $rrdupdatesh .= "q=0; "; - $rrdupdatesh .= "} "; - $rrdupdatesh .= "} END { "; - $rrdupdatesh .= "dsname = substr(dsname,2); "; - $rrdupdatesh .= "dsdata = substr(dsdata,2); "; - $rrdupdatesh .= "printf \"-t \" dsname \" N:\" dsdata }' "; - $rrdupdatesh .= "dsname=\"\" dsdata=\"\"`\n\n"; - - $rrdupdatesh .= "` pfctl -vsq -i {$realif} | awk 'BEGIN {printf \"$rrdtool update $rrddbpath$ifname$queuesdrop \" } "; - $rrdupdatesh .= "{ "; - $rrdupdatesh .= "if ((\$1 == \"queue\") && ( \$2 ~ /^q/ )) { "; - $rrdupdatesh .= "dsname = dsname \":\" \$2 ; "; - $rrdupdatesh .= "q=1; "; - $rrdupdatesh .= "} "; - $rrdupdatesh .= "else if ((\$4 == \"bytes:\") && ( q == 1 ) ) { "; - $rrdupdatesh .= "dsdata = dsdata \":\" \$8 ; "; - $rrdupdatesh .= "q=0; "; - $rrdupdatesh .= "} "; - $rrdupdatesh .= "} END { "; - $rrdupdatesh .= "dsname = substr(dsname,2); "; - $rrdupdatesh .= "dsdata = substr(dsdata,2); "; - $rrdupdatesh .= "printf \"-t \" dsname \" N:\" dsdata }' "; - $rrdupdatesh .= "dsname=\"\" dsdata=\"\"`\n\n"; + mwexec("$rrdtool update $rrddbpath$ifname$queues $rrdqcommand $rrducommand"); + mwexec("$rrdtool update $rrddbpath$ifname$queuesdrop $rrdqcommand $rrducommand"); } + + /* awk function to gather shaper data */ + /* yes, it's special */ + $rrdupdatesh .= "` pfctl -vsq -i {$realif} | awk 'BEGIN {printf \"$rrdtool update $rrddbpath$ifname$queues \" } "; + $rrdupdatesh .= "{ "; + $rrdupdatesh .= "if ((\$1 == \"queue\") && ( \$2 ~ /^q/ )) { "; + $rrdupdatesh .= " dsname = dsname \":\" \$2 ; "; + $rrdupdatesh .= " q=1; "; + $rrdupdatesh .= "} "; + $rrdupdatesh .= " else if ((\$4 == \"bytes:\") && ( q == 1 ) ) { "; + $rrdupdatesh .= " dsdata = dsdata \":\" \$5 ; "; + $rrdupdatesh .= " q=0; "; + $rrdupdatesh .= "} "; + $rrdupdatesh .= "} END { "; + $rrdupdatesh .= " dsname = substr(dsname,2); "; + $rrdupdatesh .= " dsdata = substr(dsdata,2); "; + $rrdupdatesh .= " printf \"-t \" dsname \" N:\" dsdata }' "; + $rrdupdatesh .= " dsname=\"\" dsdata=\"\"`\n\n"; + + $rrdupdatesh .= "` pfctl -vsq -i {$realif} | awk 'BEGIN {printf \"$rrdtool update $rrddbpath$ifname$queuesdrop \" } "; + $rrdupdatesh .= "{ "; + $rrdupdatesh .= "if ((\$1 == \"queue\") && ( \$2 ~ /^q/ )) { "; + $rrdupdatesh .= " dsname = dsname \":\" \$2 ; "; + $rrdupdatesh .= " q=1; "; + $rrdupdatesh .= "} "; + $rrdupdatesh .= " else if ((\$4 == \"bytes:\") && ( q == 1 ) ) { "; + $rrdupdatesh .= " dsdata = dsdata \":\" \$8 ; "; + $rrdupdatesh .= " q=0; "; + $rrdupdatesh .= "} "; + $rrdupdatesh .= "} END { "; + $rrdupdatesh .= " dsname = substr(dsname,2); "; + $rrdupdatesh .= " dsdata = substr(dsdata,2); "; + $rrdupdatesh .= " printf \"-t \" dsname \" N:\" dsdata }' "; + $rrdupdatesh .= " dsname=\"\" dsdata=\"\"`\n\n"; + } } $i++; /* System only statistics */ $ifname = "system"; - /* STATES, create pf states database */ - if(! file_exists("$rrddbpath$ifname$states")) { - $rrdcreate = "$rrdtool create $rrddbpath$ifname$states --step $rrdstatesinterval "; - $rrdcreate .= "DS:pfrate:GAUGE:$statesvalid:0:10000000 "; - $rrdcreate .= "DS:pfstates:GAUGE:$statesvalid:0:10000000 "; - $rrdcreate .= "DS:pfnat:GAUGE:$statesvalid:0:10000000 "; - $rrdcreate .= "DS:srcip:GAUGE:$statesvalid:0:10000000 "; - $rrdcreate .= "DS:dstip:GAUGE:$statesvalid:0:10000000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + /* STATES, create pf states database */ + if(! file_exists("$rrddbpath$ifname$states")) { + $rrdcreate = "$rrdtool create $rrddbpath$ifname$states --step $rrdstatesinterval "; + $rrdcreate .= "DS:pfrate:GAUGE:$statesvalid:0:10000000 "; + $rrdcreate .= "DS:pfstates:GAUGE:$statesvalid:0:10000000 "; + $rrdcreate .= "DS:pfnat:GAUGE:$statesvalid:0:10000000 "; + $rrdcreate .= "DS:srcip:GAUGE:$statesvalid:0:10000000 "; + $rrdcreate .= "DS:dstip:GAUGE:$statesvalid:0:10000000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + + create_new_rrd($rrdcreate); + } - create_new_rrd($rrdcreate); - } + /* enter UNKNOWN values in the RRD so it knows we rebooted. */ + if($g['booting']) { + mwexec("$rrdtool update $rrddbpath$ifname$states N:U:U:U:U:U"); + } - /* enter UNKNOWN values in the RRD so it knows we rebooted. */ - if($g['booting']) { - mwexec("$rrdtool update $rrddbpath$ifname$states N:U:U:U:U:U"); - } + /* the pf states gathering function. */ + $rrdupdatesh .= "\n"; + $rrdupdatesh .= "pfctl_si_out=\"` $pfctl -si > /tmp/pfctl_si_out `\"\n"; + $rrdupdatesh .= "pfctl_ss_out=\"` $pfctl -ss > /tmp/pfctl_ss_out`\"\n"; + $rrdupdatesh .= "pfrate=\"` cat /tmp/pfctl_si_out | egrep \"inserts|removals\" | awk '{ pfrate = \$3 + pfrate } {print pfrate}'|tail -1 `\"\n"; + $rrdupdatesh .= "pfstates=\"` cat /tmp/pfctl_ss_out | egrep -v \"<\\-.*?<\\-|\\->.*?\\->\" | wc -l|sed 's/ //g'`\"\n"; + $rrdupdatesh .= "pfnat=\"` cat /tmp/pfctl_ss_out | egrep '<\\-.*?<\\-|\\->.*?\\->' | wc -l|sed 's/ //g' `\"\n"; + $rrdupdatesh .= "srcip=\"` cat /tmp/pfctl_ss_out | egrep -v '<\\-.*?<\\-|\\->.*?\\->' | grep '\\->' | awk '{print \$3}' | awk -F: '{print \$1}' | sort -u|wc -l|sed 's/ //g' `\"\n"; + $rrdupdatesh .= "dstip=\"` cat /tmp/pfctl_ss_out | egrep -v '<\\-.*?<\\-|\\->.*?\\->' | grep '<\\-' | awk '{print \$3}' | awk -F: '{print \$1}' | sort -u|wc -l|sed 's/ //g' `\"\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$states N:\$pfrate:\$pfstates:\$pfnat:\$srcip:\$dstip\n\n"; + + /* End pf states statistics */ + + /* CPU, create CPU statistics database */ + if(! file_exists("$rrddbpath$ifname$proc")) { + $rrdcreate = "$rrdtool create $rrddbpath$ifname$proc --step $rrdprocinterval "; + $rrdcreate .= "DS:user:GAUGE:$procvalid:0:10000000 "; + $rrdcreate .= "DS:nice:GAUGE:$procvalid:0:10000000 "; + $rrdcreate .= "DS:system:GAUGE:$procvalid:0:10000000 "; + $rrdcreate .= "DS:interrupt:GAUGE:$procvalid:0:10000000 "; + $rrdcreate .= "DS:processes:GAUGE:$procvalid:0:10000000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + + create_new_rrd($rrdcreate); + } - /* the pf states gathering function. */ - $rrdupdatesh .= "\n"; - $rrdupdatesh .= "pfctl_si_out=\"` $pfctl -si > /tmp/pfctl_si_out `\"\n"; - $rrdupdatesh .= "pfctl_ss_out=\"` $pfctl -ss > /tmp/pfctl_ss_out`\"\n"; - $rrdupdatesh .= "pfrate=\"` cat /tmp/pfctl_si_out | egrep \"inserts|removals\" | awk '{ pfrate = \$3 + pfrate } {print pfrate}'|tail -1 `\"\n"; - $rrdupdatesh .= "pfstates=\"` cat /tmp/pfctl_ss_out | egrep -v \"<\\-.*?<\\-|\\->.*?\\->\" | wc -l|sed 's/ //g'`\"\n"; - $rrdupdatesh .= "pfnat=\"` cat /tmp/pfctl_ss_out | egrep '<\\-.*?<\\-|\\->.*?\\->' | wc -l|sed 's/ //g' `\"\n"; - $rrdupdatesh .= "srcip=\"` cat /tmp/pfctl_ss_out | egrep -v '<\\-.*?<\\-|\\->.*?\\->' | grep '\\->' | awk '{print \$3}' | awk -F: '{print \$1}' | sort -u|wc -l|sed 's/ //g' `\"\n"; - $rrdupdatesh .= "dstip=\"` cat /tmp/pfctl_ss_out | egrep -v '<\\-.*?<\\-|\\->.*?\\->' | grep '<\\-' | awk '{print \$3}' | awk -F: '{print \$1}' | sort -u|wc -l|sed 's/ //g' `\"\n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$states N:\$pfrate:\$pfstates:\$pfnat:\$srcip:\$dstip\n\n"; - - /* End pf states statistics */ - - /* CPU, create CPU statistics database */ - if(! file_exists("$rrddbpath$ifname$proc")) { - $rrdcreate = "$rrdtool create $rrddbpath$ifname$proc --step $rrdprocinterval "; - $rrdcreate .= "DS:user:GAUGE:$procvalid:0:10000000 "; - $rrdcreate .= "DS:nice:GAUGE:$procvalid:0:10000000 "; - $rrdcreate .= "DS:system:GAUGE:$procvalid:0:10000000 "; - $rrdcreate .= "DS:interrupt:GAUGE:$procvalid:0:10000000 "; - $rrdcreate .= "DS:processes:GAUGE:$procvalid:0:10000000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + /* enter UNKNOWN values in the RRD so it knows we rebooted. */ + if($g['booting']) { + mwexec("$rrdtool update $rrddbpath$ifname$proc N:U:U:U:U:U"); + } - create_new_rrd($rrdcreate); - } + /* the CPU stats gathering function. */ + $rrdupdatesh .= "`$top -d 2 -s 1 0 | $awk '{gsub(/%/, \"\")} BEGIN { \\\n"; + $rrdupdatesh .= "printf \"$rrdtool update $rrddbpath$ifname$proc \" } \\\n"; + $rrdupdatesh .= "{ if ( \$2 == \"processes:\" ) { processes = \$1; } \\\n"; + $rrdupdatesh .= "else if ( \$1 == \"CPU:\" ) { user = \$2; nice = \$4; sys = \$6; interrupt = \$8; } \\\n"; + $rrdupdatesh .= "} END { printf \"N:\"user\":\"nice\":\"sys\":\"interrupt\":\"processes }'`\n\n"; + + /* End CPU statistics */ + + /* Memory, create Memory statistics database */ + if(! file_exists("$rrddbpath$ifname$mem")) { + $rrdcreate = "$rrdtool create $rrddbpath$ifname$mem --step $rrdmeminterval "; + $rrdcreate .= "DS:active:GAUGE:$memvalid:0:10000000 "; + $rrdcreate .= "DS:inactive:GAUGE:$memvalid:0:10000000 "; + $rrdcreate .= "DS:free:GAUGE:$memvalid:0:10000000 "; + $rrdcreate .= "DS:cache:GAUGE:$memvalid:0:10000000 "; + $rrdcreate .= "DS:wire:GAUGE:$memvalid:0:10000000 "; + $rrdcreate .= "RRA:MIN:0.5:1:1000 "; + $rrdcreate .= "RRA:MIN:0.5:5:1000 "; + $rrdcreate .= "RRA:MIN:0.5:60:1000 "; + $rrdcreate .= "RRA:MIN:0.5:720:3000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + $rrdcreate .= "RRA:MAX:0.5:1:1000 "; + $rrdcreate .= "RRA:MAX:0.5:5:1000 "; + $rrdcreate .= "RRA:MAX:0.5:60:1000 "; + $rrdcreate .= "RRA:MAX:0.5:720:3000"; + + create_new_rrd($rrdcreate); + } - /* enter UNKNOWN values in the RRD so it knows we rebooted. */ - if($g['booting']) { - mwexec("$rrdtool update $rrddbpath$ifname$proc N:U:U:U:U:U"); - } + /* enter UNKNOWN values in the RRD so it knows we rebooted. */ + if($g['booting']) { + mwexec("$rrdtool update $rrddbpath$ifname$mem N:U:U:U:U:U"); + } - /* the CPU stats gathering function. */ - $rrdupdatesh .= "`$top -d 2 -s 1 0 | $awk '{gsub(/%/, \"\")} BEGIN { \\\n"; - $rrdupdatesh .= "printf \"$rrdtool update $rrddbpath$ifname$proc \" } \\\n"; - $rrdupdatesh .= "{ if ( \$2 == \"processes:\" ) { processes = \$1; } \\\n"; - $rrdupdatesh .= "else if ( \$1 == \"CPU:\" ) { user = \$2; nice = \$4; sys = \$6; interrupt = \$8; } \\\n"; - $rrdupdatesh .= "} END { printf \"N:\"user\":\"nice\":\"sys\":\"interrupt\":\"processes }'`\n\n"; - - /* End CPU statistics */ - - /* Memory, create Memory statistics database */ - if(! file_exists("$rrddbpath$ifname$mem")) { - $rrdcreate = "$rrdtool create $rrddbpath$ifname$mem --step $rrdmeminterval "; - $rrdcreate .= "DS:active:GAUGE:$memvalid:0:10000000 "; - $rrdcreate .= "DS:inactive:GAUGE:$memvalid:0:10000000 "; - $rrdcreate .= "DS:free:GAUGE:$memvalid:0:10000000 "; - $rrdcreate .= "DS:cache:GAUGE:$memvalid:0:10000000 "; - $rrdcreate .= "DS:wire:GAUGE:$memvalid:0:10000000 "; + /* the Memory stats gathering function. */ + $rrdupdatesh .= "`$sysctl -n vm.stats.vm.v_page_count vm.stats.vm.v_active_count vm.stats.vm.v_inactive_count vm.stats.vm.v_free_count vm.stats.vm.v_cache_count vm.stats.vm.v_wire_count | "; + $rrdupdatesh .= " $awk '{getline active;getline inactive;getline free;getline cache;getline wire;printf \"$rrdtool update $rrddbpath$ifname$mem N:\""; + $rrdupdatesh .= "((active/$0) * 100)\":\"((inactive/$0) * 100)\":\"((free/$0) * 100)\":\"((cache/$0) * 100)\":\"(wire/$0 * 100)}'`\n\n"; + + /* End Memory statistics */ + + /* SPAMD, set up the spamd rrd file */ + if (isset($config['installedpackages']['spamdsettings']) && + isset ($config['installedpackages']['spamdsettings']['config'][0]['enablerrd'])) { + /* set up the spamd rrd file */ + if (!file_exists("$rrddbpath$ifname$spamd")) { + $rrdcreate = "$rrdtool create $rrddbpath$ifname$spamd --step $rrdspamdinterval "; + $rrdcreate .= "DS:conn:GAUGE:$spamdvalid:0:10000 "; + $rrdcreate .= "DS:time:GAUGE:$spamdvalid:0:86400 "; $rrdcreate .= "RRA:MIN:0.5:1:1000 "; $rrdcreate .= "RRA:MIN:0.5:5:1000 "; $rrdcreate .= "RRA:MIN:0.5:60:1000 "; @@ -531,56 +617,21 @@ function enable_rrd_graphing() { $rrdcreate .= "RRA:MAX:0.5:1:1000 "; $rrdcreate .= "RRA:MAX:0.5:5:1000 "; $rrdcreate .= "RRA:MAX:0.5:60:1000 "; - $rrdcreate .= "RRA:MAX:0.5:720:3000"; + $rrdcreate .= "RRA:MAX:0.5:720:3000 "; create_new_rrd($rrdcreate); } - /* enter UNKNOWN values in the RRD so it knows we rebooted. */ - if($g['booting']) { - mwexec("$rrdtool update $rrddbpath$ifname$mem N:U:U:U:U:U"); - } - - /* the Memory stats gathering function. */ - $rrdupdatesh .= "`$sysctl -n vm.stats.vm.v_page_count vm.stats.vm.v_active_count vm.stats.vm.v_inactive_count vm.stats.vm.v_free_count vm.stats.vm.v_cache_count vm.stats.vm.v_wire_count | "; - $rrdupdatesh .= " $awk '{getline active;getline inactive;getline free;getline cache;getline wire;printf \"$rrdtool update $rrddbpath$ifname$mem N:\""; - $rrdupdatesh .= "((active/$0) * 100)\":\"((inactive/$0) * 100)\":\"((free/$0) * 100)\":\"((cache/$0) * 100)\":\"(wire/$0 * 100)}'`\n\n"; - - /* End Memory statistics */ - - /* SPAMD, set up the spamd rrd file */ - if (isset($config['installedpackages']['spamdsettings']) && - isset ($config['installedpackages']['spamdsettings']['config'][0]['enablerrd'])) { - /* set up the spamd rrd file */ - if (!file_exists("$rrddbpath$ifname$spamd")) { - $rrdcreate = "$rrdtool create $rrddbpath$ifname$spamd --step $rrdspamdinterval "; - $rrdcreate .= "DS:conn:GAUGE:$spamdvalid:0:10000 "; - $rrdcreate .= "DS:time:GAUGE:$spamdvalid:0:86400 "; - $rrdcreate .= "RRA:MIN:0.5:1:1000 "; - $rrdcreate .= "RRA:MIN:0.5:5:1000 "; - $rrdcreate .= "RRA:MIN:0.5:60:1000 "; - $rrdcreate .= "RRA:MIN:0.5:720:3000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:5:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:60:1000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; - $rrdcreate .= "RRA:MAX:0.5:1:1000 "; - $rrdcreate .= "RRA:MAX:0.5:5:1000 "; - $rrdcreate .= "RRA:MAX:0.5:60:1000 "; - $rrdcreate .= "RRA:MAX:0.5:720:3000 "; - - create_new_rrd($rrdcreate); - } - - $rrdupdatesh .= "\n"; - $rrdupdatesh .= "# polling spamd for connections and tarpitness \n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$spamd \\\n"; - $rrdupdatesh .= "`$php -q $spamd_gather`\n"; + $rrdupdatesh .= "\n"; + $rrdupdatesh .= "# polling spamd for connections and tarpitness \n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$spamd \\\n"; + $rrdupdatesh .= "`$php -q $spamd_gather`\n"; - } + } /* End System statistics */ /* 3G WIRELESS, set up the rrd file */ + /* XXX: Are multiple 3G interfaces not possible? smos@ */ if(isset($config['ppps']['ppp'])) { $ifname = "ppp"; if (!file_exists("$rrddbpath$ifname$cellular")) { diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 8d591ad..5efd274 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -884,7 +884,7 @@ EOD; fclose($fd); /* invoke nsupdate */ - $cmd = "/usr/sbin/nsupdate -k {$g['varetc_path']}/K{$i}{$keyname}+157+00000.key"; + $cmd = "/usr/bin/nsupdate -k {$g['varetc_path']}/K{$i}{$keyname}+157+00000.key"; if (isset($dnsupdate['usetcp'])) $cmd .= " -v"; $cmd .= " {$g['varetc_path']}/nsupdatecmds{$i}"; diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 4961a85..a9b9815 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -333,11 +333,9 @@ class altq_root_queue { function ReadConfig(&$conf) { if (isset($conf['tbrconfig'])) $this->SetTbrConfig($conf['tbrconfig']); - if ($conf['bandwidth'] <> "") { - $this->SetBandwidth($conf['bandwidth']); - if ($conf['bandwidthtype'] <> "") - $this->SetBwscale($conf['bandwidthtype']); - } + $this->SetBandwidth($conf['bandwidth']); + if ($conf['bandwidthtype'] <> "") + $this->SetBwscale($conf['bandwidthtype']); if (isset($conf['scheduler'])) { if ($this->GetScheduler() != $conf['scheduler']) { foreach ($this->queues as $q) { @@ -517,10 +515,11 @@ class altq_root_queue { $rules = " altq on " . get_real_interface($this->GetInterface()); if ($this->GetScheduler()) $rules .= " ".strtolower($this->GetScheduler()); - if ($this->GetBandwidth()) + if ($this->GetBandwidth()) { $rules .= " bandwidth ".trim($this->GetBandwidth()); - if ($this->GetBwscale()) - $rules .= $this->GetBwscale(); + if ($this->GetBwscale()) + $rules .= $this->GetBwscale(); + } if ($this->GetTbrConfig()) $rules .= " tbrsize ".$this->GetTbrConfig(); if (count($this->queues)) { @@ -593,19 +592,19 @@ class altq_root_queue { * to the user like the traffic wizard does. */ function build_form() { - $form = "<tr><td valign=\"top\" class=\"vncellreq\"><br>"; + $form = "<tr><td valign=\"center\" class=\"vncellreq\"><br>"; $form .= "Enable/Disable"; - $form .= "</td><td class=\"vncellreq\">"; + $form .= "<br/></td><td class=\"vncellreq\">"; $form .= " <input type=\"checkbox\" id=\"enabled\" name=\"enabled\" value=\"on\""; if ($this->GetEnabled() == "on") $form .= " CHECKED"; $form .= " ><span class=\"vexpl\"> Enable/disable discipline and its children</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\"><br><span class=\"vexpl\">Name</span></td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\"><br><span class=\"vexpl\">Name</span></td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<strong>".$this->GetQname()."</strong>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">Scheduler Type "; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Scheduler Type "; $form .= "</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<select id=\"scheduler\" name=\"scheduler\" class=\"formselect\">"; @@ -631,7 +630,7 @@ class altq_root_queue { $form .= " Beware you can lose information."; $form .= "</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">Bandwidth"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Bandwidth"; $form .= "</td><td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"bandwidth\" name=\"bandwidth\" value=\""; $form .= $this->GetBandwidth() . "\">"; @@ -654,15 +653,15 @@ class altq_root_queue { $form .= ">Bit/s</option>"; $form .= "</select>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">Queue Limit</td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Queue Limit</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"qlimit\" name=\"qlimit\" value=\""; $form .= $this->GetQlimit(); $form .= "\">"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">TBR Size</td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">TBR Size</td>"; $form .= "<td class=\"vncellreq\">"; - $form .= "<input type=\"text\" id=\"tbrconfig\" name=\"tbrconfig\" value=\""; + $form .= "<br /><input type=\"text\" id=\"tbrconfig\" name=\"tbrconfig\" value=\""; $form .= $this->GetTbrConfig(); $form .= "\">"; $form .= "<br> <span class=\"vexpl\">"; @@ -956,11 +955,9 @@ class priq_queue { $this->SetQname($q['name']); if (isset($q['interface'])) $this->SetInterface($q['interface']); - if ($q['bandwidth'] <> "") { - $this->SetBandwidth($q['bandwidth']); - if ($q['bandwidthtype'] <> "") - $this->SetBwscale($q['bandwidthtype']); - } + $this->SetBandwidth($q['bandwidth']); + if ($q['bandwidthtype'] <> "") + $this->SetBwscale($q['bandwidthtype']); if (!empty($q['qlimit'])) $this->SetQlimit($q['qlimit']); else @@ -1075,38 +1072,38 @@ class priq_queue { * need to update it. */ function build_form() { - $form = "<tr><td valign=\"top\" class=\"vncellreq\"><br>"; + $form = "<tr><td valign=\"center\" class=\"vncellreq\"><br>"; $form .= "Enable/Disable"; - $form .= "</td><td class=\"vncellreq\">"; + $form .= "<br/></td><td class=\"vncellreq\">"; $form .= " <input type=\"checkbox\" id=\"enabled\" name=\"enabled\" value=\"on\""; if ($this->GetEnabled() == "on") $form .= " CHECKED"; $form .= " ><span class=\"vexpl\"> Enable/Disable queue and its children</span>"; $form .= "</td></tr>"; $form .= "<tr>"; - $form .= "<td width=\"22%\" valign=\"top\" class=\"vncellreq\">"; + $form .= "<td width=\"22%\" valign=\"center\" class=\"vncellreq\">"; $form .= "Queue Name</td><td width=\"78%\" class=\"vtable\">"; $form .= "<input name=\"name\" type=\"text\" id=\"name\" class=\"formfld unknown\" size=\"15\" maxlength=\"15\" value=\""; $form .= htmlspecialchars($this->GetQname()); $form .= "\">"; - $form .= "<br> <span class=\"vexpl\">Enter the name of the queue here. Do not use spaces and limit the size to 15 characters."; - $form .= "</span></td>"; + $form .= "<br /> <span class=\"vexpl\">Enter the name of the queue here. Do not use spaces and limit the size to 15 characters."; + $form .= "</span><br /></td>"; $form .= "</tr><tr>"; - $form .= "<td width=\"22%\" valign=\"top\" class=\"vncellreq\">Priority</td>"; + $form .= "<td width=\"22%\" valign=\"center\" class=\"vncellreq\">Priority</td>"; $form .= "<td width=\"78%\" class=\"vtable\"> <input name=\"priority\" type=\"text\" id=\"priority\" size=\"5\" value=\""; $form .= htmlspecialchars($this->GetQpriority()); $form .= "\">"; $form .= "<br> <span class=\"vexpl\">For hfsc, the range is 0 to 7. The default is 1. Hfsc queues with a higher priority are preferred in the case of overload.</span></td>"; $form .= "</tr>"; - $form .= "</tr>"; - $form .= "<td width=\"22%\" valign=\"top\" class=\"vncellreq\">Queue limit</td>"; - $form .= "<td width=\"78%\" class=\"vtable\"> <input name=\"qlimit\" type=\"text\" id=\"qlimit\" size=\"5\" value=\""; + $form .= "<tr>"; + $form .= "<td width=\"22%\" valign=\"center\" class=\"vncellreq\">Queue limit</td>"; + $form .= "<td width=\"78%\" class=\"vtable\"> <input name=\"qlimit\" type=\"text\" id=\"qlimit\" size=\"8\" value=\""; $form .= htmlspecialchars($this->GetQlimit()); $form .= "\">"; $form .= "<br> <span class=\"vexpl\">Queue limit in packets per second."; $form .= "</span></td>"; $form .= "<tr>"; - $form .= "<td width=\"22%\" valign=\"top\" class=\"vncell\">Scheduler options</td>"; + $form .= "<td width=\"22%\" valign=\"center\" class=\"vncell\">Scheduler options</td>"; $form .= "<td width=\"78%\" class=\"vtable\">"; $tmpvalue = $this->GetDefault(); if (!empty($tmpvalue)) { @@ -1793,7 +1790,7 @@ class hfsc_queue extends priq_queue { function build_form() { $form = parent::build_form(); $form .= "<tr>"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Bandwidth</td>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Bandwidth</td>"; $form .= "<td class=\"vtable\"> <input name=\"bandwidth\" id=\"bandwidth\" class=\"formfld unknown\" value=\""; $form .= htmlspecialchars($this->GetBandwidth()); $form .= "\">"; @@ -1822,7 +1819,7 @@ class hfsc_queue extends priq_queue { $form .= "<span class=\"vexpl\">Choose the amount of bandwidth for this queue"; $form .= "</span></td></tr>"; $form .= "<tr>"; - $form .= "<td width=\"22%\" valign=\"top\" class=\"vncellreq\">Service Curve (sc)</td>"; + $form .= "<td width=\"22%\" valign=\"center\" class=\"vncellreq\">Service Curve (sc)</td>"; $form .= "<td width=\"78%\" class=\"vtable\">"; $form .= "<table>"; $form .= "<tr><td> </td><td><center>m1</center></td><td><center>d</center></td><td><center><b>m2</b></center></td></tr>"; @@ -2265,8 +2262,9 @@ class cbq_queue extends priq_queue { } function build_form() { - $form = "<tr>"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Bandwidth</td>"; + $form = parent::build_form(); + $form .= "<tr>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Bandwidth</td>"; $form .= "<td class=\"vtable\"> <input name=\"bandwidth\" id=\"bandwidth\" class=\"formfld unknown\" value=\""; if ($this->GetBandwidth() > 0) $form .= htmlspecialchars($this->GetBandwidth()); @@ -2295,7 +2293,6 @@ class cbq_queue extends priq_queue { $form .= "</select> <br>"; $form .= "<span class=\"vexpl\">Choose the amount of bandwidth for this queue"; $form .= "</span></td></tr>"; - $form .= parent::build_form(); $form .= "<tr><td class=\"vncellreq\">Scheduler specific options</td>"; $form .= "<td class=\"vtable\"><input type=\"checkbox\" id=\"borrow\" name=\"borrow\""; if($this->GetBorrow() == "on") @@ -2528,8 +2525,9 @@ class fairq_queue extends priq_queue { } function build_form() { - $form = "<tr>"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Bandwidth</td>"; + $form = parent::build_form(); + $form .= "<tr>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Bandwidth</td>"; $form .= "<td class=\"vtable\"> <input name=\"bandwidth\" id=\"bandwidth\" class=\"formfld unknown\" value=\""; if ($this->GetBandwidth() > 0) $form .= htmlspecialchars($this->GetBandwidth()); @@ -2558,7 +2556,6 @@ class fairq_queue extends priq_queue { $form .= "</select> <br>"; $form .= "<span class=\"vexpl\">Choose the amount of bandwidth for this queue"; $form .= "</span></td></tr>"; - $form .= parent::build_form(); $form .= "<tr><td class=\"vncellreq\">Scheduler specific options</td>"; $form .= "<td class=\"vtable\"><table><tr><td>"; $form .= "<input id=\"buckets\" name=\"buckets\" value=\""; @@ -2923,7 +2920,7 @@ class dnpipe_class extends dummynet_class { } function build_form() { - $form = "<tr><td valign=\"top\" class=\"vncellreq\"><br>"; + $form = "<tr><td valign=\"center\" class=\"vncellreq\"><br>"; $form .= "Enable/Disable"; $form .= "</td><td class=\"vncellreq\">"; $form .= " <input type=\"checkbox\" id=\"enabled\" name=\"enabled\" value=\"on\""; @@ -2931,12 +2928,12 @@ class dnpipe_class extends dummynet_class { $form .= " CHECKED"; $form .= " ><span class=\"vexpl\"> Enable/Disable limiter and its children</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\"><br><span class=\"vexpl\">Name</span></td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\"><br><span class=\"vexpl\">Name</span></td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"name\" name=\"name\" value=\""; $form .= $this->GetQname()."\">"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">Bandwidth"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Bandwidth"; $form .= "</td><td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"bandwidth\" name=\"bandwidth\" value=\""; $form .= $this->GetBandwidth() . "\">"; @@ -2959,7 +2956,7 @@ class dnpipe_class extends dummynet_class { $form .= ">Bit/s</option>"; $form .= "</select>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">Mask</td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Mask</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<select name=\"mask\" class=\"formselect\">"; $form .= "<option value=\"none\""; @@ -2982,7 +2979,7 @@ class dnpipe_class extends dummynet_class { $form .= "respectively. This makes it possible to easily specify bandwidth \n"; $form .= "limits per host.</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">Description</td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Description</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" class=\"formfld unknown\" size=\"50%\" id=\"description\" name=\"description\" value=\""; $form .= $this->GetDescription(); @@ -2999,16 +2996,16 @@ class dnpipe_class extends dummynet_class { $form .= "</div></td></tr>"; $form .= "<tr style=\"display:none\" id=\"sprtable\" name=\"sprtable\">"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Delay</td>"; - $form .= "<td valign=\"top\" class=\"vncellreq\">"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Delay</td>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">"; $form .= "<input name=\"delay\" type=\"text\" id=\"delay\" size=\"5\" value=\""; $form .= $this->GetDelay() . "\">"; $form .= " ms<br> <span class=\"vexpl\">Hint: in most cases, you "; $form .= "should specify 0 here (or leave the field empty)</span>"; $form .= "</td></tr><br/>"; $form .= "<tr style=\"display:none\" id=\"sprtable1\" name=\"sprtable1\">"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Packet loss rate</td>"; - $form .= "<td valign=\"top\" class=\"vncellreq\">"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Packet loss rate</td>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">"; $form .= "<input name=\"plr\" type=\"text\" id=\"plr\" size=\"5\" value=\""; $form .= $this->GetPlr() . "\">"; $form .= " <br> <span class=\"vexpl\">Hint: in most cases, you "; @@ -3016,7 +3013,7 @@ class dnpipe_class extends dummynet_class { $form .= "A value of 0.001 means one packet in 1000 gets dropped</span>"; $form .= "</td></tr>"; $form .= "<tr style=\"display:none\" id=\"sprtable2\" name=\"sprtable2\">"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Queue Size</td>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Queue Size</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"qlimit\" name=\"qlimit\" value=\""; $form .= $this->GetQlimit() . "\">"; @@ -3027,7 +3024,7 @@ class dnpipe_class extends dummynet_class { $form .= "are delivered to their destination.</span>"; $form .= "</td></tr>"; $form .= "<tr style=\"display:none\" id=\"sprtable5\" name=\"sprtable5\">"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Bucket Size</td>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Bucket Size</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"buckets\" name=\"buckets\" value=\""; $form .= $this->GetBuckets() . "\">"; @@ -3166,7 +3163,7 @@ class dnqueue_class extends dummynet_class { } function build_form() { - $form = "<tr><td valign=\"top\" class=\"vncellreq\"><br>"; + $form = "<tr><td valign=\"center\" class=\"vncellreq\"><br>"; $form .= "Enable/Disable"; $form .= "</td><td class=\"vncellreq\">"; $form .= " <input type=\"checkbox\" id=\"enabled\" name=\"enabled\" value=\"on\""; @@ -3174,12 +3171,12 @@ class dnqueue_class extends dummynet_class { $form .= " CHECKED"; $form .= " ><span class=\"vexpl\"> Enable/Disable queue and its children</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\"><br><span class=\"vexpl\">Name</span></td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\"><br><span class=\"vexpl\">Name</span></td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"name\" name=\"name\" value=\""; $form .= $this->GetQname()."\">"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">Mask</td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Mask</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<select name=\"mask\" class=\"formselect\">"; $form .= "<option value=\"none\""; @@ -3202,7 +3199,7 @@ class dnqueue_class extends dummynet_class { $form .= "respectively. This makes it possible to easily specify bandwidth \n"; $form .= "limits per host.</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">Description</td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Description</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"description\" class=\"formfld unknown\" size=\"50%\" name=\"description\" value=\""; $form .= $this->GetDescription(); @@ -3218,16 +3215,16 @@ class dnqueue_class extends dummynet_class { $form .= " value=\"Show advanced options\"></input></a>"; $form .= "</div></td></tr>"; $form .= "<tr style=\"display:none\" id=\"sprtable\" name=\"sprtable\">"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Weight</td>"; - $form .= "<td valign=\"top\" class=\"vncellreq\">"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Weight</td>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">"; $form .= "<input name=\"weight\" type=\"text\" id=\"weight\" size=\"5\" value=\""; $form .= $this->GetWeight() . "\">"; $form .= " ms<br> <span class=\"vexpl\">Hint: For queues under the same parent "; $form .= "this specifies the share that a queue gets(values range from 1 to 100, you can leave it blank otherwise)</span>"; $form .= "</td></tr>"; $form .= "<tr style=\"display:none\" id=\"sprtable1\" name=\"sprtable1\">"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Packet loss rate</td>"; - $form .= "<td valign=\"top\" class=\"vncellreq\">"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Packet loss rate</td>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">"; $form .= "<input name=\"plr\" type=\"text\" id=\"plr\" size=\"5\" value=\""; $form .= $this->GetPlr() . "\">"; $form .= " <br> <span class=\"vexpl\">Hint: in most cases, you "; @@ -3235,7 +3232,7 @@ class dnqueue_class extends dummynet_class { $form .= "A value of 0.001 means one packet in 1000 gets dropped</span>"; $form .= "</td></tr>"; $form .= "<tr style=\"display:none\" id=\"sprtable2\" name=\"sprtable2\">"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Queue Size</td>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Queue Size</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"qlimit\" name=\"qlimit\" value=\""; $form .= $this->GetQlimit() . "\">"; @@ -3246,7 +3243,7 @@ class dnqueue_class extends dummynet_class { $form .= "are delivered to their destination.</span>"; $form .= "</td></tr>"; $form .= "<tr style=\"display:none\" id=\"sprtable5\" name=\"sprtable5\">"; - $form .= "<td valign=\"top\" class=\"vncellreq\">Bucket Size</td>"; + $form .= "<td valign=\"center\" class=\"vncellreq\">Bucket Size</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"buckets\" name=\"buckets\" value=\""; $form .= $this->GetBuckets() . "\">"; @@ -3384,7 +3381,7 @@ class layer7 { } function build_form() { - $form = "<tr><td valign=\"top\" class=\"vncellreq\"><br>"; + $form = "<tr><td valign=\"center\" class=\"vncellreq\"><br>"; $form .= "Enable/Disable"; $form .= "</td><td class=\"vncellreq\">"; $form .= " <input type=\"checkbox\" id=\"enabled\" name=\"enabled\" value=\"on\" "; @@ -3393,12 +3390,12 @@ class layer7 { } $form .= " ><span class=\"vexpl\"> Enable/Disable layer7 Container</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\"><br><span class=\"vexpl\">Name</span></td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\"><br><span class=\"vexpl\">Name</span></td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"container\" name=\"container\" value=\""; $form .= $this->GetRName()."\">"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"top\" class=\"vncellreq\">Description</td>"; + $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Description</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" class=\"formfld unknown\" size=\"50%\" id=\"description\" name=\"description\" value=\""; $form .= $this->GetRDescription(); diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 41f3123..e7fc684 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -276,10 +276,10 @@ function system_routing_configure($interface = "") { $gatewayip = ""; $interfacegw = ""; + $foundgw = false; /* tack on all the hard defined gateways as well */ if (is_array($config['gateways']['gateway_item'])) { mwexec("/bin/rm {$g['tmp_path']}/*_defaultgw", true); - $foundgw = false; foreach ($config['gateways']['gateway_item'] as $gateway) { if (isset($gateway['defaultgw'])) { if ($gateway['gateway'] == "dynamic") @@ -295,13 +295,13 @@ function system_routing_configure($interface = "") { break; } } - if ($foundgw == false) { - $defaultif = get_real_interface("wan"); - $interfacegw = "wan"; - $gatewayip = get_interface_gateway("wan"); - @touch("{$g['tmp_path']}/{$defaultif}_defaultgw"); - } } + if ($foundgw == false) { + $defaultif = get_real_interface("wan"); + $interfacegw = "wan"; + $gatewayip = get_interface_gateway("wan"); + @touch("{$g['tmp_path']}/{$defaultif}_defaultgw"); + } $dont_add_route = false; /* if OLSRD is enabled, allow WAN to house DHCP. */ if($config['installedpackages']['olsrd']) { @@ -727,7 +727,7 @@ function system_generate_lighty_config($filename, $cert_location = "cert.pem", $ca_location = "ca.pem", $max_procs = 1, - $max_requests = "1", + $max_requests = "2", $fast_cgi_enable = true, $captive_portal = false) { @@ -1451,4 +1451,4 @@ function system_get_dmesg_boot() { return file_get_contents("{$g['varlog_path']}/dmesg.boot"); } -?>
\ No newline at end of file +?> diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index fd4ad12..8f07a71 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -1696,8 +1696,8 @@ function upgrade_054_to_055() { } /* the roundtrip times need to be divided by 1000 to get seconds, really */ $databases = array(); - exec("cd $rrddbpath;/usr/bin/find *-quality.rrd", $databases); - echo "done.\n"; + chdir($rrddbpath); + $databases = glob("*-quality.rrd"); rsort($databases); foreach($databases as $database) { $xmldump = "{$database}.old.xml"; diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 8a2bb85..68e1064 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -103,21 +103,21 @@ function vpn_ipsec_configure($ipchg = false) if (!isset($ipseccfg['enable'])) { mwexec("/sbin/ifconfig enc0 down"); + /* send a SIGKILL to be sure */ + sigkillbypid("{$g['varrun_path']}/racoon.pid", "KILL"); + /* kill racoon */ if(is_process_running("racoon")) mwexec("/usr/bin/killall racoon", true); killbypid("{$g['varrun_path']}/dnswatch-ipsec.pid"); - + /* wait for racoon process to die */ sleep(2); - /* send a SIGKILL to be sure */ - sigkillbypid("{$g['varrun_path']}/racoon.pid", "KILL"); - /* flush SPD and SAD */ - mwexec("/usr/local/sbin/setkey -FP"); mwexec("/usr/local/sbin/setkey -F"); - + mwexec("/usr/local/sbin/setkey -FP"); + /* disallow IPSEC, it is off */ // exec("/sbin/sysctl net.inet.ip.ipsec_in_use=0"); @@ -162,7 +162,7 @@ function vpn_ipsec_configure($ipchg = false) $rg = $ph1ent['remote-gateway']; if (!is_ipaddr($rg)) { - $dnswatch_list[] = $rg; + $dnswatch_list[] = "{$rg} = value"; add_hostname_to_watch($rg); $rg = resolve_retry($rg); if (!$rg) @@ -245,6 +245,7 @@ if [ "$DISABLESYSLOGCLOG" -gt "0" ]; then touch /var/log/relayd.log touch /var/log/lighttpd.log touch /var/log/ntpd.log + touch /var/log/apinger.log else ENABLEFIFOLOG=`cat /cf/conf/config.xml | grep usefifolog | wc -l | awk '{ print $1 }'` if [ "$ENABLEFIFOLOG" -gt "0" ]; then @@ -263,6 +264,7 @@ else /usr/sbin/fifolog_create -s 50688 /var/log/relayd.log /usr/sbin/fifolog_create -s 50688 /var/log/lighttpd.log /usr/sbin/fifolog_create -s 50688 /var/log/ntpd.log + /usr/sbin/fifolog_create -s 50688 /var/log/apinger.log else /usr/sbin/clog -i -s 512144 /var/log/system.log /usr/sbin/clog -i -s 512144 /var/log/filter.log @@ -278,7 +280,8 @@ else /usr/sbin/clog -i -s 65535 /var/log/slbd.log /usr/sbin/clog -i -s 65535 /var/log/lighttpd.log /usr/sbin/clog -i -s 65535 /var/log/ntpd.log - /usr/sbin/clog -i -s 65535 /var/log/relayd.log + /usr/sbin/clog -i -s 65535 /var/log/relayd.log + /usr/sbin/clog -i -s 65535 /var/log/apinger.log fi fi # change permissions on newly created fifolog files. diff --git a/etc/rc.linkup b/etc/rc.linkup index 59c604e..682adb1 100755 --- a/etc/rc.linkup +++ b/etc/rc.linkup @@ -52,6 +52,12 @@ function handle_argument_group($iface, $argument2) { interface_bring_down($iface); break; case "start": + log_error("DEVD Ethernet attached event for {$iface}"); + $riface = get_real_interface($iface); + exec("/usr/sbin/arp -d -i {$riface} -a"); + log_error("HOTPLUG: Configuring interface {$iface}"); + interface_configure($iface); + break; case "up": log_error("DEVD Ethernet attached event for {$iface}"); $riface = get_real_interface($iface); diff --git a/etc/rc.newipsecdns b/etc/rc.newipsecdns index 18b3b5b..4bb247c 100755 --- a/etc/rc.newipsecdns +++ b/etc/rc.newipsecdns @@ -5,7 +5,7 @@ part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2007 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2009 Seth Mos <seth.mos@xs4all.nl>. + Copyright (C) 2009 Seth Mos <seth.mos@dds.nl>. All rights reserved. Redistribution and use in source and binary forms, with or without |
