diff options
Diffstat (limited to 'etc')
33 files changed, 1619 insertions, 971 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index d59ee70..afddc5b 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -739,6 +739,7 @@ function ldap_test_bind($authcfg) { } ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver); if ($ldapanon == true) { @@ -809,6 +810,7 @@ function ldap_get_user_ous($show_complete_ou=true, $authcfg) { $ldapfilter = "(|(ou=*)(cn=Users))"; ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver); if ($ldapanon == true) { @@ -919,6 +921,7 @@ function ldap_get_groups($username, $authcfg) { } ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver); /* bind as user that has rights to read group attributes */ @@ -1042,6 +1045,7 @@ function ldap_backed($username, $passwd, $authcfg) { ldap_setup_caenv($authcfg); ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver); /* Make sure we can connect to LDAP */ @@ -1120,7 +1124,7 @@ function ldap_backed($username, $passwd, $authcfg) { /* Now lets bind as the user we found */ if (!($res = @ldap_bind($ldap, $userdn, $passwd))) { - log_error(sprintf(gettext('ERROR! Could not login to server %1$s as user %2$s.'), $ldapname, $username)); + log_error(sprintf(gettext('ERROR! Could not login to server %1$s as user %2$s: %3$s'), $ldapname, $username, ldap_error($ldap))); @ldap_unbind($ldap); return false; } diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index f876a5a..38202e9 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -527,9 +527,11 @@ EOD; $rulenum++; /* Allowed ips */ $cprules .= "add {$rulenum} pipe tablearg ip from table(3) to any in\n"; - $cprules .= "add {$rulenum} pipe tablearg ip from any to table(3) in\n"; $rulenum++; - $cprules .= "add {$rulenum} pipe tablearg ip from table(4) to any out\n"; + $cprules .= "add {$rulenum} pipe tablearg ip from any to table(4) in\n"; + $rulenum++; + $cprules .= "add {$rulenum} pipe tablearg ip from table(3) to any out\n"; + $rulenum++; $cprules .= "add {$rulenum} pipe tablearg ip from any to table(4) out\n"; $rulenum++; diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index d6e48e5..bbd6fec 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -509,35 +509,13 @@ function write_config($desc="Unknown", $backup = true) { } } - if (empty($_SESSION["Username"])) { - if (empty($_ENV['USER']) || $_ENV['USER'] == "root") - $username = "(system)"; - else - $username = $_ENV['USER']; - } else - $username = $_SESSION["Username"]; - - if (!empty($_SERVER['REMOTE_ADDR'])) - $username .= '@' . $_SERVER['REMOTE_ADDR']; - if (!isset($argc)) session_commit(); if($backup) backup_config(); - if (!is_array($config['revision'])) - $config['revision'] = array(); - - if (time() > mktime(0, 0, 0, 9, 1, 2004)) /* make sure the clock settings are plausible */ - $config['revision']['time'] = time(); - - /* Log the running script so it's not entirely unlogged what changed */ - if ($desc == "Unknown") - $desc = sprintf(gettext("%s made unknown change"), $_SERVER['SCRIPT_NAME']); - - $config['revision']['description'] = "{$username}: " . $desc; - $config['revision']['username'] = $username; + $config['revision'] = make_config_revision_entry($desc); conf_mount_rw(); $lockkey = lock('config', LOCK_EX); @@ -894,4 +872,39 @@ function set_device_perms() { } } +function get_config_user() { + if (empty($_SESSION["Username"])) { + if (empty($_ENV['USER']) || $_ENV['USER'] == "root") + $username = "(system)"; + else + $username = $_ENV['USER']; + } else + $username = $_SESSION["Username"]; + + if (!empty($_SERVER['REMOTE_ADDR'])) + $username .= '@' . $_SERVER['REMOTE_ADDR']; + + return $username; +} + +function make_config_revision_entry($desc = null, $override_user = null) { + if (empty($override_user)) + $username = get_config_user(); + else + $username = $override_user; + + $revision = array(); + + if (time() > mktime(0, 0, 0, 9, 1, 2004)) /* make sure the clock settings are plausible */ + $revision['time'] = time(); + + /* Log the running script so it's not entirely unlogged what changed */ + if ($desc == "Unknown") + $desc = sprintf(gettext("%s made unknown change"), $_SERVER['SCRIPT_NAME']); + if (!empty($desc)) + $revision['description'] = "{$username}: " . $desc; + $revision['username'] = $username; + return $revision; +} + ?> diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class index 82a0e9b..1b7196d 100644 --- a/etc/inc/dyndns.class +++ b/etc/inc/dyndns.class @@ -96,6 +96,7 @@ var $_dnsResultMatch; var $_dnsRequestIf; var $_dnsRequestIfIP; + var $_dnsVerboseLog; var $_dnsMaxCacheAgeDays; var $_dnsDummyUpdateDone; var $_forceUpdateNeeded; @@ -113,14 +114,16 @@ $dnsWildcard = 'OFF', $dnsMX = '', $dnsIf = '', $dnsBackMX = '', $dnsServer = '', $dnsPort = '', $dnsUpdateURL = '', $forceUpdate = false, $dnsZoneID ='', $dnsTTL='', $dnsResultMatch = '', $dnsRequestIf = '', - $dnsID = '') { + $dnsID = '', $dnsVerboseLog = false) { global $config, $g; $this->_cacheFile = "{$g['conf_path']}/dyndns_{$dnsIf}{$dnsService}" . escapeshellarg($dnsHost) . "{$dnsID}.cache"; $this->_debugFile = "{$g['varetc_path']}/dyndns_{$dnsIf}{$dnsService}" . escapeshellarg($dnsHost) . "{$dnsID}.debug"; - log_error("DynDns: updatedns() starting"); + $this->_dnsVerboseLog = $dnsVerboseLog; + if ($this->_dnsVerboseLog) + log_error("DynDns: updatedns() starting"); $dyndnslck = lock("DDNS".$dnsID, LOCK_EX); @@ -161,7 +164,8 @@ $this->_dnsUpdateURL = $dnsUpdateURL; $this->_dnsResultMatch = $dnsResultMatch; $this->_dnsRequestIf = get_failover_interface($dnsRequestIf); - log_error("DynDNS ({$this->_dnsHost}): running get_failover_interface for {$dnsRequestIf}. found {$this->_dnsRequestIf}"); + if ($this->_dnsVerboseLog) + log_error("DynDNS ({$this->_dnsHost}): running get_failover_interface for {$dnsRequestIf}. found {$this->_dnsRequestIf}"); $this->_dnsRequestIfIP = get_interface_ip($dnsRequestIf); $this->_dnsMaxCacheAgeDays = 25; $this->_dnsDummyUpdateDone = false; @@ -228,7 +232,8 @@ */ function _update() { - log_error("DynDNS ({$this->_dnsHost}): DynDns _update() starting."); + if ($this->_dnsVerboseLog) + log_error("DynDNS ({$this->_dnsHost}): DynDns _update() starting."); if ($this->_dnsService != 'ods' and $this->_dnsService != 'route53 ') { $ch = curl_init(); @@ -244,7 +249,8 @@ case 'dyndns-static': case 'dyndns-custom': $needsIP = FALSE; - //log_error("DynDNS ({$this->_dnsHost}) DynDns _update() starting. Dynamic"); + if ($this->_dnsVerboseLog) + log_error("DynDNS: ({$this->_dnsHost}) DNS update() starting."); if (isset($this->_dnsWildcard) && $this->_dnsWildcard != "OFF") $this->_dnsWildcard = "ON"; curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass); @@ -428,7 +434,8 @@ https://username:password@updates.dnsomatic.com/nic/update?hostname=yourhostname&myip=ipaddress&wildcard=NOCHG&mx=NOCHG&backmx=NOCHG */ $needsIP = FALSE; - log_error("DNS-O-Matic: DNS update() starting."); + if ($this->_dnsVerboseLog) + log_error("DNS-O-Matic: DNS update() starting."); if (isset($this->_dnsWildcard) && $this->_dnsWildcard != "OFF") $this->_dnsWildcard = "ON"; curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass); @@ -444,7 +451,8 @@ https://dynamicdns.park-your-domain.com/update?host=[host_name]&domain=[domain.com]&password=[domain_password]&ip=[your_ip] */ $needsIP = FALSE; - log_error("Namecheap ({$this->_dnsHost}): DNS update() starting."); + if ($this->_dnsVerboseLog) + log_error("Namecheap ({$this->_dnsHost}): DNS update() starting."); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); $dparts = explode(".", trim($this->_dnsHost)); $domain_part_count = ($dparts[count($dparts)-1] == "uk") ? 3 : 2; @@ -457,7 +465,8 @@ break; case 'he-net': $needsIP = FALSE; - log_error("HE.net ({$this->_dnsHost}): DNS update() starting."); + if ($this->_dnsVerboseLog) + log_error("HE.net ({$this->_dnsHost}): DNS update() starting."); $server = "https://dyn.dns.he.net/nic/update?"; curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); @@ -465,7 +474,8 @@ break; case 'he-net-tunnelbroker': $needsIP = FALSE; - log_error("HE.net Tunnelbroker: DNS update() starting."); + if ($this->_dnsVerboseLog) + log_error("HE.net Tunnelbroker: DNS update() starting."); $server = "https://ipv4.tunnelbroker.net/ipv4_end.php?"; curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser . ':' . $this->_dnsPass); @@ -473,7 +483,8 @@ break; case 'selfhost': $needsIP = FALSE; - //log_error("SelfHost: DNS update() starting."); + if ($this->_dnsVerboseLog) + log_error("SelfHost: DNS update() starting."); if (isset($this->_dnsWildcard) && $this->_dnsWildcard != "OFF") $this->_dnsWildcard = "ON"; curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass); @@ -486,7 +497,8 @@ curl_setopt($ch, CURLOPT_URL, $server .$port . '?system=dyndns&hostname=' . $this->_dnsHost . '&myip=' . $this->_dnsIP . '&wildcard='.$this->_dnsWildcard . '&mx=' . $this->_dnsMX . '&backmx=NO'); break; case 'route53': - log_error("Route53 ({$this->_dnsHost}): DNS update() starting."); + if ($this->_dnsVerboseLog) + log_error("Route53 ({$this->_dnsHost}): DNS update() starting."); /* Setting Variables */ $hostname = "{$this->_dnsHost}."; @@ -542,14 +554,16 @@ $this->_checkStatus(0, $result); break; case 'custom': - log_error("Custom DDNS ({$this->_dnsHost}): DNS update() starting."); + if ($this->_dnsVerboseLog) + log_error("Custom DDNS ({$this->_dnsHost}): DNS update() starting."); if (strstr($this->dnsUpdateURL, "%IP%")) {$needsIP = TRUE;} else {$needsIP = FALSE;} if ($this->_dnsUser != '') { curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY); curl_setopt($ch, CURLOPT_USERPWD, "{$this->_dnsUser}:{$this->_dnsPass}"); } $server = str_replace("%IP%", $this->_dnsIP, $this->_dnsUpdateURL); - log_error("Sending request to: ".$server); + if ($this->_dnsVerboseLog) + log_error("Sending request to: ".$server); curl_setopt($ch, CURLOPT_URL, $server); break; default: @@ -567,8 +581,10 @@ * Retrieve Update Status */ function _checkStatus($ch, $data) { - log_error("DynDNS ({$this->_dnsHost}): DynDns _checkStatus() starting."); - log_error("DynDNS ({$this->_dnsHost}): Current Service: {$this->_dnsService}"); + if ($this->_dnsVerboseLog) { + log_error("DynDNS ({$this->_dnsHost}): DynDns _checkStatus() starting."); + log_error("DynDNS ({$this->_dnsHost}): Current Service: {$this->_dnsService}"); + } $successful_update = false; if ($this->_dnsService != 'ods' and $this->_dnsService != 'route53' && @curl_error($ch)) { $status = "Curl error occurred: " . curl_error($ch); @@ -805,8 +821,8 @@ $successful_update = true; } else { $status = "phpDynDNS ({$this->_dnsHost}): (Unknown Response)"; - log_error("phpDynDNS ({$this->_dnsHost}): PAYLOAD: {$data}"); - $this->_debug($data); + log_error("phpDynDNS ({$this->_dnsHost}): PAYLOAD: {$data}"); + $this->_debug($data); } break; case 'loopia': @@ -1024,7 +1040,7 @@ $status = "Route 53: (Error) Invalid TTL"; break; case 10: - $error = 'phpDynDNS: No change in my IP address and/or ' . $this->_dnsMaxCacheAgeDays . ' days has not passed. Not updating dynamic DNS entry.'; + $error = "phpDynDNS ({$this->_dnsHost}): No change in my IP address and/or " . $this->_dnsMaxCacheAgeDays . " days has not passed. Not updating dynamic DNS entry."; break; default: $error = "phpDynDNS: (ERROR!) Unknown Response."; @@ -1072,7 +1088,8 @@ $initial = true; $log_error .= "No Cached IP found."; } - log_error($log_error); + if ($this->_dnsVerboseLog) + log_error($log_error); // Convert seconds = days * hr/day * min/hr * sec/min $maxCacheAgeSecs = $this->_dnsMaxCacheAgeDays * 24 * 60 * 60; @@ -1099,7 +1116,8 @@ * new cache value and return true */ if ($needs_updating == true) { - log_error("DynDns debug information ({$this->_dnsHost}): {$update_reason}"); + if ($this->_dnsVerboseLog) + log_error("DynDns ({$this->_dnsHost}): {$update_reason}"); return true; } @@ -1157,15 +1175,17 @@ $ip_result_decoded = urldecode($ip_result_page); preg_match('/Current IP Address: (.*)<\/body>/', $ip_result_decoded, $matches); $ip_address = trim($matches[1]); - if (is_ipaddr($ip_address)) - log_error("DynDns debug information ({$this->_dnsHost}): {$ip_address} extracted from {$hosttocheck}"); - else { - log_error("DynDns debug information ({$this->_dnsHost}): IP address could not be extracted from {$hosttocheck}"); + if (is_ipaddr($ip_address)) { + if ($this->_dnsVerboseLog) + log_error("DynDns ({$this->_dnsHost}): {$ip_address} extracted from {$hosttocheck}"); + } else { + log_error("DynDns ({$this->_dnsHost}): IP address could not be extracted from {$hosttocheck}"); return 0; } - } else - log_error("DynDns debug information ({$this->_dnsHost}): {$ip_address} extracted from local system."); - + } else { + if ($this->_dnsVerboseLog) + log_error("DynDns ({$this->_dnsHost}): {$ip_address} extracted from local system."); + } $this->_dnsIP = $ip_address; return $ip_address; diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc index d7bbcf9..86e2294 100644 --- a/etc/inc/easyrule.inc +++ b/etc/inc/easyrule.inc @@ -115,6 +115,7 @@ function easyrule_block_rule_create($int = 'wan', $ipproto = "inet") { $filterent['source']['address'] = $blockaliasname . strtoupper($int); $filterent['destination']['any'] = ''; $filterent['descr'] = gettext("Easy Rule: Blocked from Firewall Log View"); + $filterent['created'] = make_config_revision_entry(null, gettext("Easy Rule")); array_splice($a_filter, 0, 0, array($filterent)); @@ -271,6 +272,9 @@ function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport, $ipp if ($proto == "icmp") $filterent['icmptype'] = 'echoreq'; + if (strtolower($proto) == "icmp6") + $filterent['protocol'] = "icmp"; + if (is_subnet($srchost)) { list($srchost, $srcmask) = explode("/", $srchost); } elseif (is_specialnet($srchost)) { @@ -294,6 +298,7 @@ function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport, $ipp pconfig_to_address($filterent['source'], $srchost, $srcmask); pconfig_to_address($filterent['destination'], $dsthost, $dstmask, '', $dstport, $dstport); + $filterent['created'] = make_config_revision_entry(null, gettext("Easy Rule")); $a_filter[] = $filterent; write_config($filterent['descr']); diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 25b9d6b..4b3aabc 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -326,6 +326,10 @@ function filter_configure_sync($delete_states_if_needed = true) { } } + # If allow IPv6 has been unchecked then we can remove any bogonsv6 table (if the table is not there, the kill is still fine). + if (!isset($config['system']['ipv6allow'])) + $_grbg = exec("/sbin/pfctl -t bogonsv6 -T kill"); + update_filter_reload_status(gettext("Starting up layer7 daemon")); layer7_start_l7daemon(); @@ -469,7 +473,7 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr else if(!isset($aliasnesting[$address])) $tmpline = filter_generate_nested_alias($name, $aliastable[$address], $aliasnesting, $aliasaddrnesting); } else if(!isset($aliasaddrnesting[$address])) { - if (!is_ipaddr($address) && !is_subnet($address) && !is_port($address)) { + if (!is_ipaddr($address) && !is_subnet($address) && !is_port($address) && is_hostname($address)) { $filterdns .= "pf {$address} {$name}\n"; /* Guarantee unique dns names on filterdns config */ $aliasaddrnesting[$address] = $address; @@ -552,6 +556,13 @@ function filter_generate_aliases() { $aliases .= "#Snort tables\n"; $aliases .= "table <snort2c>\n"; $aliases .= "table <virusprot>\n"; + if (!file_exists("/etc/bogons")) + @file_put_contents("/etc/bogons", ""); + if (!file_exists("/etc/bogonsv6")) + @file_put_contents("/etc/bogonsv6", ""); + $aliases .= "table <bogons> persist file \"/etc/bogons\"\n"; + if (isset($config['system']['ipv6allow'])) + $aliases .= "table <bogonsv6> persist file \"/etc/bogonsv6\"\n"; $vpns_list = filter_get_vpns_list(); if($vpns_list) @@ -653,7 +664,10 @@ function filter_generate_gateways() { $gwip = get_interface_gateway($gateway['friendlyiface']); if (is_ipaddr($gwip) && !empty($int)) $route = "route-to ( {$int} {$gwip} )"; - $rules .= "GW{$gwname} = \" {$route} \"\n"; + if (($route === "") && isset($config['system']['skip_rules_gw_down'])) + unset($GatewaysList[$gwname]); + else + $rules .= "GW{$gwname} = \" {$route} \"\n"; } } @@ -689,7 +703,10 @@ function filter_generate_gateways() { } } } - $rules .= "GW{$gateway} = \" {$route} \"\n"; + if (($route === "") && isset($config['system']['skip_rules_gw_down'])) + unset($GatewayGroupsList[$gateway]); + else + $rules .= "GW{$gateway} = \" {$route} \"\n"; } } @@ -838,6 +855,7 @@ function filter_generate_optcfg_array() { $oic['if'] = get_real_interface($if); if (!does_interface_exist($oic['if'])) continue; + $oic['ifv6'] = get_real_interface($if, "inet6"); $oic['ip'] = get_interface_ip($if); $oic['ipv6'] = get_interface_ipv6($if); if(!is_ipaddrv4($oc['ipaddr']) && !empty($oc['ipaddr'])) @@ -1905,14 +1923,14 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { if($rule['ipprotocol'] == "inet6") { if(preg_match("/opt([0-9]*)$/", $rule[$target]['network'], $optmatch)) { $opt_ip = $FilterIflist["opt{$optmatch[1]}"]['ipv6']; - if(!is_ipaddr($opt_ip)) + if(!is_ipaddrv6($opt_ip)) return ""; $src = $opt_ip . "/" . $FilterIflist["opt{$optmatch[1]}"]['snv6']; /* check for opt$NUMip here */ } else if(preg_match("/opt([0-9]*)ip/", $rule[$target]['network'], $matches)) { $src = $FilterIflist["opt{$matches[1]}"]['ipv6']; - if(!is_ipaddr($src)) + if(!is_ipaddrv6($src)) return ""; } if(isset($rule[$target]['not'])) @@ -1920,14 +1938,14 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { } else { if(preg_match("/opt([0-9]*)$/", $rule[$target]['network'], $optmatch)) { $opt_ip = $FilterIflist["opt{$optmatch[1]}"]['ip']; - if(!is_ipaddr($opt_ip)) + if(!is_ipaddrv4($opt_ip)) return ""; $src = $opt_ip . "/" . $FilterIflist["opt{$optmatch[1]}"]['sn']; /* check for opt$NUMip here */ } else if(preg_match("/opt([0-9]*)ip/", $rule[$target]['network'], $matches)) { $src = $FilterIflist["opt{$matches[1]}"]['ip']; - if(!is_ipaddr($src)) + if(!is_ipaddrv4($src)) return ""; } if(isset($rule[$target]['not'])) @@ -1938,17 +1956,25 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { switch ($rule[$target]['network']) { case 'wan': $wansa = $FilterIflist['wan']['sav6']; + if (!is_ipaddrv6($wansa)) + return ""; $wansn = $FilterIflist['wan']['snv6']; $src = "{$wansa}/{$wansn}"; break; case 'wanip': $src = $FilterIflist["wan"]['ipv6']; + if (!is_ipaddrv6($src)) + return ""; break; case 'lanip': $src = $FilterIflist["lan"]['ipv6']; + if (!is_ipaddrv6($src)) + return ""; break; case 'lan': $lansa = $FilterIflist['lan']['sav6']; + if (!is_ipaddrv6($lansa)) + return ""; $lansn = $FilterIflist['lan']['snv6']; $src = "{$lansa}/{$lansn}"; break; @@ -1970,6 +1996,8 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { switch ($rule[$target]['network']) { case 'wan': $wansa = $FilterIflist['wan']['sa']; + if (!is_ipaddrv4($wansa)) + return ""; $wansn = $FilterIflist['wan']['sn']; $src = "{$wansa}/{$wansn}"; break; @@ -1981,6 +2009,8 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { break; case 'lan': $lansa = $FilterIflist['lan']['sa']; + if (!is_ipaddrv4($lansa)) + return ""; $lansn = $FilterIflist['lan']['sn']; $src = "{$lansa}/{$lansn}"; break; @@ -2146,7 +2176,7 @@ function filter_generate_user_rule($rule) { if ($rule['ipprotocol'] == "inet6") { $rg = get_interface_gateway_v6($rule['interface']); if (is_ipaddrv6($rg)) - $aline['reply'] = "reply-to ( {$ifcfg['if']} {$rg} ) "; + $aline['reply'] = "reply-to ( {$ifcfg['ifv6']} {$rg} ) "; else if ($rule['interface'] <> "pptp") log_error("Could not find IPv6 gateway for interface({$rule['interface']})."); } else { @@ -2162,6 +2192,8 @@ function filter_generate_user_rule($rule) { if (isset($GatewaysList[$rule['gateway']])) /* Add the load balanced gateways */ $aline['route'] = " \$GW{$rule['gateway']} "; + else if (isset($config['system']['skip_rules_gw_down'])) + return "# rule " . $rule['descr'] . " disabled because gateway " . $rule['gateway'] . " is down "; else log_error("The gateway: {$rule['gateway']} is invalid or unknown, not using it."); } @@ -2182,8 +2214,8 @@ function filter_generate_user_rule($rule) { update_filter_reload_status(sprintf(gettext("Creating rule %s"), $rule['descr'])); /* source address */ - $src = filter_generate_address($rule, "source"); - if(empty($src) || ($src == "/")) { + $src = trim(filter_generate_address($rule, "source")); + if (empty($src) || ($src == "/")) { return "# at the break!"; } $aline['src'] = " from $src "; @@ -2193,8 +2225,8 @@ function filter_generate_user_rule($rule) { $aline['os'] = " os {$rule['os']} "; /* destination address */ - $dst = filter_generate_address($rule, "destination"); - if(empty($dst) || ($dst == "/")) { + $dst = trim(filter_generate_address($rule, "destination")); + if (empty($dst) || ($dst == "/")) { return "# returning at dst $dst == \"/\""; } $aline['dst'] = "to $dst "; @@ -2427,6 +2459,13 @@ function filter_rules_generate() { $log = "log"; else $log = ""; + + if(!isset($config['system']['ipv6allow'])) { + $ipfrules .= "# Block all IPv6\n"; + $ipfrules .= "block in {$log} quick inet6 all label \"Block all IPv6\"\n"; + $ipfrules .= "block out {$log} quick inet6 all label \"Block all IPv6\"\n"; + } + $ipfrules .= <<<EOD #--------------------------------------------------------------------------- # default deny rules @@ -2464,12 +2503,6 @@ block quick inet6 proto { tcp, udp } from any to any port = 0 EOD; - if(!isset($config['system']['ipv6allow'])) { - $ipfrules .= "# Block all IPv6\n"; - $ipfrules .= "block in inet6 all label \"Default Deny ipv6 rule\"\n"; - $ipfrules .= "block out inet6 all label \"Default Deny ipv6 rule\"\n"; - } - $ipfrules .= <<<EOD # Snort package @@ -2562,19 +2595,19 @@ EOD; /* http://www.cymru.com/Documents/bogon-bn-nonagg.txt */ /* file is automatically in cron every 3000 minutes */ if(isset($config['interfaces'][$on]['blockbogons'])) { - if($bogontableinstalled == 0) { - $ipfrules .= "table <bogons> persist file \"/etc/bogons\"\n"; - $ipfrules .= "table <bogonsv6> persist file \"/etc/bogonsv6\"\n"; - } $ipfrules .= <<<EOD # block bogon networks # http://www.cymru.com/Documents/bogon-bn-nonagg.txt # http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt block in $log quick on \${$oc['descr']} from <bogons> to any label "block bogon IPv4 networks from {$oc['descr']}" + +EOD; + if(isset($config['system']['ipv6allow'])) { + $ipfrules .= <<<EOD block in $log quick on \${$oc['descr']} from <bogonsv6> to any label "block bogon IPv6 networks from {$oc['descr']}" EOD; - $bogontableinstalled++; + } } $isbridged = false; if(is_array($config['bridges']['bridged'])) { @@ -2754,17 +2787,8 @@ EOD; } $gwv6 = get_interface_gateway_v6($ifdescr); - switch($ifcfg['type6']) { - case "6rd": - case "6to4": - $stf = "{$ifdescr}_stf"; - $pdlen = 64 - calculate_ipv6_delegation_length($ifdescr); - break; - default: - $stf = $ifcfg['if']; - $pdlen = 64 - calculate_ipv6_delegation_length($ifdescr); - break; - } + $stf = get_real_interface($ifdescr, "inet6"); + $pdlen = 64 - calculate_ipv6_delegation_length($ifdescr); if (is_ipaddrv6($gwv6) && is_ipaddrv6($ifcfg['ipv6'])) { $ipfrules .= "pass out route-to ( {$stf} {$gwv6} ) inet6 from {$ifcfg['ipv6']} to !{$ifcfg['ipv6']}/{$pdlen} keep state allow-opts label \"let out anything from firewall host itself\"\n"; if (is_array($ifcfg['vips6'])) { diff --git a/etc/inc/filter_log.inc b/etc/inc/filter_log.inc index 974dcdf..db0131c 100644 --- a/etc/inc/filter_log.inc +++ b/etc/inc/filter_log.inc @@ -92,7 +92,17 @@ function match_filter_line($flent, $filtertext = "") { function match_filter_field($flent, $fields) { foreach ($fields as $field) { if ($fields[$field] == "All") continue; - if ( !(in_arrayi($flent[$field], explode(",", str_replace(" ", ",", $fields[$field]))) ) ) return false; + if ((strpos($fields[$field], '!') === 0)) { + $fields[$field] = substr($fields[$field], 1); + if (preg_match("/act/i", $field)) { + if ( (in_arrayi($flent[$field], explode(",", str_replace(" ", ",", $fields[$field]))) ) ) return false; + } else if ( (preg_match("/{$fields[$field]}/i", $flent[$field])) ) return false; + } + else { + if (preg_match("/act/i", $field)) { + if ( !(in_arrayi($flent[$field], explode(",", str_replace(" ", ",", $fields[$field]))) ) ) return false; + } else if ( !(preg_match("/{$fields[$field]}/i", $flent[$field])) ) return false; + } } return true; } @@ -126,9 +136,9 @@ function collapse_filter_lines($logarr) { function parse_filter_line($line) { global $config, $g; $log_split = ""; - preg_match("/(.*)\s(.*)\spf:\s.*\srule\s(.*)\(match\)\:\s(.*)\s\w+\son\s(\w+)\:\s\((.*)\)\s(.*)\s>\s(.*)\:\s(.*)/", $line, $log_split); + preg_match("/(.*)\s(.*)\spf:\s.*\srule\s(.*)\(match\)\:\s(.*)\s(\w+)\son\s(\w+)\:\s\((.*)\)\s(.*)\s>\s(.*)\:\s(.*)/", $line, $log_split); - list($all, $flent['time'], $host, $rule, $flent['act'], $flent['realint'], $details, $src, $dst, $leftovers) = $log_split; + list($all, $flent['time'], $host, $rule, $flent['act'], $flent['direction'], $flent['realint'], $details, $src, $dst, $leftovers) = $log_split; list($flent['srcip'], $flent['srcport']) = parse_ipport($src); list($flent['dstip'], $flent['dstport']) = parse_ipport($dst); diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 0aa58cc..bcfc80f 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -144,7 +144,11 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024", "kern.ipc.maxsockbuf" => "4262144", "debug.pfftpproxy" => "0", "net.inet.ip.process_options" => 0, - "vfs.forcesync" => 0 + "vfs.forcesync" => 0, + "kern.random.sys.harvest.interrupt" => 0, + "kern.random.sys.harvest.point_to_point" => 0, + "kern.random.sys.harvest.ethernet" => 0, + "net.route.netisr_maxqlen" => 1024 ); $config_parsed = false; diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index a8373a8..813cf40 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -53,7 +53,7 @@ function setup_gateways_monitor() { if (!is_array($gateways_arr)) { log_error("No gateways to monitor. Apinger will not be run."); killbypid("{$g['varrun_path']}/apinger.pid"); - @unlink("{$g['tmp_path']}/apinger.status"); + @unlink("{$g['varrun_path']}/apinger.status"); return; } @@ -78,7 +78,7 @@ pid_file "{$g['varrun_path']}/apinger.pid" status { ## File where the status information should be written to - file "{$g['tmp_path']}/apinger.status" + file "{$g['varrun_path']}/apinger.status" ## Interval between file updates ## when 0 or not set, file is written only when SIGUSR1 is received interval 5s @@ -161,8 +161,9 @@ EOD; /* Interface ip is needed since apinger will bind a socket to it. */ if (is_ipaddrv4($gateway['gateway'])) { $gwifip = find_interface_ip($gateway['interface'], true); - } - if (is_ipaddrv6($gateway['gateway'])) { + if (!is_ipaddrv4($gwifip)) + continue; //Skip this target + } else if (is_ipaddrv6($gateway['gateway'])) { /* link locals really need a different src ip */ if(preg_match("/fe80::/i", $gateway['gateway'])) { $linklocal = explode("%", find_interface_ipv6_ll($gateway['interface'], true)); @@ -171,9 +172,10 @@ EOD; } else { $gwifip = find_interface_ipv6($gateway['interface'], true); } - } - if (!is_ipaddr($gwifip)) - continue; //Skip this target + if (!is_ipaddrv6($gwifip)) + continue; //Skip this target + } else + continue; $monitor_ips[] = monitor_ips; $apingercfg = "target \"{$gateway['monitor']}\" {\n"; @@ -265,7 +267,7 @@ EOD; @chown("{$g['vardb_path']}/rrd", "nobody"); /* start a new apinger process */ - @unlink("{$g['tmp_path']}/apinger.status"); + @unlink("{$g['varrun_path']}/apinger.status"); sleep(1); mwexec_bg("/usr/local/sbin/apinger -c {$g['varetc_path']}/apinger.conf"); @@ -277,8 +279,8 @@ function return_gateways_status($byname = false) { global $config, $g; $apingerstatus = array(); - if (file_exists("{$g['tmp_path']}/apinger.status")) { - $apingerstatus = file("{$g['tmp_path']}/apinger.status"); + if (file_exists("{$g['varrun_path']}/apinger.status")) { + $apingerstatus = file("{$g['varrun_path']}/apinger.status"); } $status = array(); @@ -289,6 +291,7 @@ function return_gateways_status($byname = false) { else $target = $info[2]; + $status[$target] = array(); $status[$target]['monitorip'] = $info[0]; $status[$target]['srcip'] = $info[1]; $status[$target]['name'] = $info[2]; @@ -302,37 +305,39 @@ function return_gateways_status($byname = false) { * or are down, which could cause gateway groups to fail */ $gateways_arr = return_gateways_array(); foreach($gateways_arr as $gwitem) { - if(isset($gwitem['monitor_disable'])) { - if(!is_ipaddr($gwitem['monitorip'])) { - $realif = $gwitem['interface']; - $tgtip = get_interface_gateway($realif); - $srcip = find_interface_ip($realif); - } else { - $tgtip = $gwitem['monitorip']; - $srcip = find_interface_ip($realif); - } - if($byname == true) - $target = $gwitem['name']; - else - $target = $tgtip; - - /* failsafe for down interfaces */ - if($target == "") { - $target = $gwitem['name']; - $status[$target]['name'] = $gwitem['name']; - $status[$target]['lastcheck'] = date('r'); - $status[$target]['delay'] = "0.0ms"; - $status[$target]['loss'] = "100.0%"; - $status[$target]['status'] = "down"; - } else { - $status[$target]['monitorip'] = $tgtip; - $status[$target]['srcip'] = $srcip; - $status[$target]['name'] = $gwitem['name']; - $status[$target]['lastcheck'] = date('r'); - $status[$target]['delay'] = "0.0ms"; - $status[$target]['loss'] = "0.0%"; - $status[$target]['status'] = "none"; - } + if(!isset($gwitem['monitor_disable'])) + continue; + if(!is_ipaddr($gwitem['monitorip'])) { + $realif = $gwitem['interface']; + $tgtip = get_interface_gateway($realif); + if (!is_ipaddr($tgtip)) + $tgtip = "none"; + $srcip = find_interface_ip($realif); + } else { + $tgtip = $gwitem['monitorip']; + $srcip = find_interface_ip($realif); + } + if($byname == true) + $target = $gwitem['name']; + else + $target = $tgtip; + + /* failsafe for down interfaces */ + if($target == "none") { + $target = $gwitem['name']; + $status[$target]['name'] = $gwitem['name']; + $status[$target]['lastcheck'] = date('r'); + $status[$target]['delay'] = "0.0ms"; + $status[$target]['loss'] = "100.0%"; + $status[$target]['status'] = "down"; + } else { + $status[$target]['monitorip'] = $tgtip; + $status[$target]['srcip'] = $srcip; + $status[$target]['name'] = $gwitem['name']; + $status[$target]['lastcheck'] = date('r'); + $status[$target]['delay'] = "0.0ms"; + $status[$target]['loss'] = "0.0%"; + $status[$target]['status'] = "none"; } } return($status); @@ -353,72 +358,60 @@ function return_gateways_array($disabled = false, $localhost = false) { $i = 0; /* Process/add all the configured gateways. */ if (is_array($config['gateways']['gateway_item'])) { - foreach($config['gateways']['gateway_item'] as $gateway) { - /* skip disabled interfaces */ - if(!isset($config['interfaces'][$gateway['interface']]['enable'])) + foreach ($config['gateways']['gateway_item'] as $gateway) { + if (empty($config['interfaces'][$gateway['interface']])) continue; - $wancfg = $config['interfaces'][$gateway['interface']]; - /* getting this detection right is hard at this point because we still don't - * store the address family in the gateway item */ - if(is_ipaddrv4($gateway['gateway'])) - $gateway['ipprotocol'] = "inet"; - if(is_ipaddrv6($gateway['gateway'])) - $gateway['ipprotocol'] = "inet6"; - if((preg_match("/dynamic/i", $gateway['gateway'])) && (!isset($gateway['ipprotocol']))) { - if(is_ipaddrv4($gateway['gateway'])) - $gateway['ipprotocol'] = "inet"; - if(is_ipaddrv6($gateway['gateway'])) - $gateway['ipprotocol'] = "inet6"; - } - if((preg_match("/dynamic/i", $gateway['monitor'])) && (!isset($gateway['ipprotocol']))) { - if(is_ipaddrv4($gateway['monitor'])) - $gateway['ipprotocol'] = "inet"; - if(is_ipaddrv6($gateway['monitor'])) - $gateway['ipprotocol'] = "inet6"; - } + + /* skip disabled interfaces */ + if (!isset($wancfg['enable'])) + continue; /* if the gateway is dynamic and we can find the IPv4, Great! */ - if((empty($gateway['gateway']) || ($gateway['gateway'] == "dynamic")) && ($gateway['ipprotocol'] == "inet")) { - /* we know which interfaces is dynamic, this should be made a function */ - switch($wancfg['ipaddr']) { - case "dhcp": - case "pppoe": - case "pptp": - case "ppp": - $gateway['ipprotocol'] = "inet"; - $gateway['gateway'] = get_interface_gateway($gateway['interface']); - if($gateway['gateway'] == "dynamic") { - $dynstr = $gateway['gateway']; - } - /* no IP address found, set to dynamic */ - if(! is_ipaddrv4($gateway['gateway'])) { - $gateway['gateway'] = "{$dynstr}"; - } - $gateway['dynamic'] = true; - break; + if (empty($gateway['gateway']) || $gateway['gateway'] == "dynamic") { + if ($gateway['ipprotocol'] == "inet") { + /* we know which interfaces is dynamic, this should be made a function */ + switch($wancfg['ipaddr']) { + case "dhcp": + case "pppoe": + case "pptp": + case "ppp": + $gateway['ipprotocol'] = "inet"; + $gateway['gateway'] = get_interface_gateway($gateway['interface']); + /* no IP address found, set to dynamic */ + if (!is_ipaddrv4($gateway['gateway'])) + $gateway['gateway'] = "dynamic"; + $gateway['dynamic'] = true; + break; + } } - } - /* if the gateway is dynamic6 and we can find the IPv6, Great! */ - if((empty($gateway['gateway']) || ($gateway['gateway'] == "dynamic")) && ($gateway['ipprotocol'] == "inet6")) { - /* we know which interfaces is dynamic, this should be made a function, and for v6 too */ - switch($wancfg['ipaddrv6']) { - case "6rd": - case "6to4": - case "dhcp6": - $gateway['ipprotocol'] = "inet6"; - $gateway['gateway'] = get_interface_gateway_v6($gateway['interface']); - if($gateway['gateway'] == "dynamic6") { - $dynstr = $gateway['gateway']; - } - /* no IPv6 address found, set to dynamic6 */ - if(! is_ipaddrv6($gateway['gateway'])) { - $gateway['gateway'] = "{$dynstr}"; - } - $gateway['dynamic'] = true; - break; + /* if the gateway is dynamic6 and we can find the IPv6, Great! */ + if ($gateway['ipprotocol'] == "inet6") { + /* we know which interfaces is dynamic, this should be made a function, and for v6 too */ + switch($wancfg['ipaddrv6']) { + case "6rd": + case "6to4": + case "dhcp6": + case "pppoe": + case "pptp": + case "ppp": + $gateway['ipprotocol'] = "inet6"; + $gateway['gateway'] = get_interface_gateway_v6($gateway['interface']); + /* no IPv6 address found, set to dynamic6 */ + if (!is_ipaddrv6($gateway['gateway'])) + $gateway['gateway'] = "dynamic6"; + $gateway['dynamic'] = true; + break; + } } + } else { + /* getting this detection right is hard at this point because we still don't + * store the address family in the gateway item */ + if (is_ipaddrv4($gateway['gateway'])) + $gateway['ipprotocol'] = "inet"; + else if(is_ipaddrv6($gateway['gateway'])) + $gateway['ipprotocol'] = "inet6"; } if (isset($gateway['monitor_disable'])) @@ -429,28 +422,20 @@ function return_gateways_array($disabled = false, $localhost = false) { $gateway['friendlyiface'] = $gateway['interface']; /* special treatment for tunnel interfaces */ - if($gateway['ipprotocol'] == "inet6") { - switch($wancfg['ipaddrv6']) { - case "6rd": - case "6to4": - $gateway['interface'] = "{$gateway['interface']}_stf"; - break; - default: - $gateway['interface'] = get_real_interface($gateway['interface']); - break; - } - } - if($gateway['ipprotocol'] == "inet") { + if ($gateway['ipprotocol'] == "inet6") { + $gateway['interface'] = get_real_interface($gateway['interface'], "inet6"); + $interfaces_v6[$gateway['friendlyiface']] = $gateway['friendlyiface']; + } else { $gateway['interface'] = get_real_interface($gateway['interface']); + $interfaces_v4[$gateway['friendlyiface']] = $gateway['friendlyiface']; } /* entry has a default flag, use it */ if (isset($gateway['defaultgw'])) { - if($gateway['ipprotocol'] == "inet") { + if ($gateway['ipprotocol'] == "inet") { $gateway['defaultgw'] = true; $found_defaultv4 = 1; - } - if($gateway['ipprotocol'] == "inet6") { + } else if ($gateway['ipprotocol'] == "inet6") { $gateway['defaultgw'] = true; $found_defaultv6 = 1; } @@ -458,18 +443,11 @@ function return_gateways_array($disabled = false, $localhost = false) { /* include the gateway index as the attribute */ $gateway['attribute'] = $i; - /* tack a item on the array to keep track of dynamic interfaces */ - if($gateway['ipprotocol'] == "inet") - $interfaces_v4[] = $gateway['friendlyiface']; - - if($gateway['ipprotocol'] == "inet6") - $interfaces_v6[] = $gateway['friendlyiface']; - $gateways_arr[$gateway['name']] = $gateway; - unset($gateway); $i++; } } + unset($gateway); /* Loop through all interfaces with a gateway and add it to a array */ if ($disabled == false) @@ -486,13 +464,13 @@ function return_gateways_array($disabled = false, $localhost = false) { continue; $ifcfg = &$config['interfaces'][$ifname]; - if(!empty($ifcfg['ipaddr']) && is_ipaddrv4($ifcfg['ipaddr'])) + if(!isset($ifcfg['enable'])) continue; - if(!isset($ifcfg['enable'])) + if(!empty($ifcfg['ipaddr']) && is_ipaddrv4($ifcfg['ipaddr'])) continue; - if(in_array($ifname, $interfaces_v4)) + if (isset($interfaces_v4[$ifname])) continue; $ctype = ""; @@ -540,8 +518,8 @@ function return_gateways_array($disabled = false, $localhost = false) { $gateway['descr'] = "Interface {$friendly}{$ctype} Gateway"; $gateways_arr[$gateway['name']] = $gateway; - unset($gateway); } + unset($gateway); /* Process/add dynamic v6 gateways. */ foreach($iflist as $ifname => $friendly ) { @@ -556,13 +534,13 @@ function return_gateways_array($disabled = false, $localhost = false) { continue; $ifcfg = &$config['interfaces'][$ifname]; - if(!empty($ifcfg['ipaddrv6']) && is_ipaddrv6($ifcfg['ipaddrv6'])) - continue; - if(!isset($ifcfg['enable'])) continue; - if(in_array($ifname, $interfaces_v6)) + if(!empty($ifcfg['ipaddrv6']) && is_ipaddrv6($ifcfg['ipaddrv6'])) + continue; + + if(isset($interfaces_v6[$ifname])) continue; $ctype = ""; @@ -584,18 +562,12 @@ function return_gateways_array($disabled = false, $localhost = false) { $gateway['dynamic'] = false; $gateway['ipprotocol'] = "inet6"; $gateway['gateway'] = get_interface_gateway_v6($ifname, $gateway['dynamic']); + $gateway['interface'] = get_real_interface($ifname, "inet6"); switch($ifcfg['ipaddrv6']) { - case "6to4": - $gateway['interface'] = "{$ifname}_stf"; - $gateway['dynamic'] = "default"; - break; case "6rd": - $gateway['interface'] = "{$ifname}_stf"; + case "6to4": $gateway['dynamic'] = "default"; break; - default: - $gateway['interface'] = get_real_interface($ifname); - break; } $gateway['friendlyiface'] = $ifname; $gateway['name'] = "{$friendly}{$ctype}"; @@ -623,8 +595,8 @@ function return_gateways_array($disabled = false, $localhost = false) { $gateway['descr'] = "Interface {$friendly}{$ctype} Gateway"; $gateways_arr[$gateway['name']] = $gateway; - unset($gateway); } + unset($gateway); /* FIXME: Should this be enabled. * Some interface like wan might be default but have no info recorded @@ -728,26 +700,30 @@ function return_gateway_groups_array() { $gateways_status = return_gateways_status(true); $gateways_arr = return_gateways_array(); $gateway_groups_array = array(); - $carplist = get_configured_carp_interface_list(); if (isset($config['system']['gw_switch_default'])) { fixup_default_gateway("inet", $gateways_status, $gateways_arr); fixup_default_gateway("inet6", $gateways_status, $gateways_arr); } if (is_array($config['gateways']['gateway_group'])) { - foreach($config['gateways']['gateway_group'] as $group) { + $carplist = get_configured_carp_interface_list(); + foreach ($config['gateways']['gateway_group'] as $group) { /* create array with group gateways members seperated by tier */ $tiers = array(); $backupplan = array(); - foreach($group['item'] as $item) { - $itemsplit = explode("|", $item); - $tier = $itemsplit[1]; - $gwname = $itemsplit[0]; - $vipname = $itemsplit[2]; - if(is_ipaddr($carplist[$vipname])) + $gwvip_arr = array(); + foreach ($group['item'] as $item) { + list($gwname, $tier, $vipname) = explode("|", $item); + + if (is_ipaddr($carplist[$vipname])) { + if (!is_array($group['name'])) + $gwvip_arr[$group['name']] = array(); $gwvip_arr[$group['name']][$gwname] = $vipname; + } /* Do it here rather than reiterating again the group in case no member is up. */ + if (!is_array($backupplan[$tier])) + $backupplan[$tier] = array(); $backupplan[$tier][] = $gwname; /* check if the gateway is available before adding it to the array */ @@ -772,13 +748,15 @@ function return_gateway_groups_array() { notify_via_smtp($msg); } else { /* Online add member */ + if (!is_array($tiers[$tier])) + $tiers[$tier] = array(); $tiers[$tier][] = $gwname; } } else if (isset($gateways_arr[$gwname]['monitor_disable'])) $tiers[$tier][] = $gwname; } $tiers_count = count($tiers); - if($tiers_count == 0) { + if ($tiers_count == 0) { /* Oh dear, we have no members! Engage Plan B */ if (!$g['booting']) { $msg = gettext("Gateways status could not be determined, considering all as up/active. (Group: {$group['name']})"); @@ -792,9 +770,9 @@ function return_gateway_groups_array() { ksort($tiers); /* we do not really foreach the tiers as we stop after the first tier */ - foreach($tiers as $tier) { + foreach ($tiers as $tieridx => $tier) { /* process all gateways in this tier */ - foreach($tier as $member) { + foreach ($tier as $member) { /* determine interface gateway */ if (isset($gateways_arr[$member])) { $gateway = $gateways_arr[$member]; @@ -802,15 +780,15 @@ function return_gateway_groups_array() { $gatewayip = ""; if(is_ipaddr($gateway['gateway'])) $gatewayip = $gateway['gateway']; - else if ($int <> "") + else if (!empty($int)) $gatewayip = get_interface_gateway($gateway['friendlyiface']); - if (($int <> "") && is_ipaddr($gatewayip)) { + if (!empty($int) && is_ipaddr($gatewayip)) { $groupmember = array(); $groupmember['int'] = $int; $groupmember['gwip'] = $gatewayip; $groupmember['weight'] = isset($gateway['weight']) ? $gateway['weight'] : 1; - if($gwvip_arr[$group['name']][$gwname] <> "") + if (is_array($gwvip_arr[$group['name']])&& !empty($gwvip_arr[$group['name']][$gwname])) $groupmember['vip'] = $gwvip_arr[$group['name']][$gwname]; $gateway_groups_array[$group['name']]['ipprotocol'] = $gateway['ipprotocol']; $gateway_groups_array[$group['name']][] = $groupmember; @@ -818,13 +796,14 @@ function return_gateway_groups_array() { } } /* we should have the 1st available tier now, exit stage left */ - if(is_array($gateway_groups_array[$group['name']])) + if (count($gateway_groups_array[$group['name']]) > 0) break; else - log_error("GATEWAYS: We did not find the first tier of the gateway group {$group['name']}! That's odd."); + log_error("GATEWAYS: Group {$group['name']} did not have any gateways up on tier {$tieridx}!"); } } } + return ($gateway_groups_array); } diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index c32758f..2c10f1d 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -323,7 +323,7 @@ function interface_qinq_configure(&$vlan, $fd = NULL) { /* invalidate interface cache */ get_interface_arr(true); - if (!stristr($qinqif, "vlan")) + if (!stristr($qinqif, "_vlan")) mwexec("/sbin/ifconfig {$qinqif} promisc\n"); $macaddr = get_interface_mac($qinqif); @@ -436,7 +436,7 @@ function interfaces_bridge_configure($checkmember = 0) { foreach ($members as $member) { if (strstr($bridge['if'], "_vip")) continue 2; - if (!empty($config['interfaces'][$bridge['if']]) && $config['interfaces'][$bridge['if']]['ipaddrv6'] == "track6") + if (!empty($config['interfaces'][$bridge['if']]) && $config['interfaces'][$bridge['if']]['ipaddrv6'] == "track6") continue 2; } } @@ -445,7 +445,7 @@ function interfaces_bridge_configure($checkmember = 0) { foreach ($members as $member) { if (!strstr($bridge['if'], "_vip")) continue 2; - if (empty($config['interfaces'][$bridge['if']]) || $config['interfaces'][$bridge['if']]['ipaddrv6'] != "track6") + if (empty($config['interfaces'][$bridge['if']]) || $config['interfaces'][$bridge['if']]['ipaddrv6'] != "track6") continue 2; } } @@ -780,13 +780,13 @@ function interfaces_gre_configure($checkparent = 0) { if ($checkparent == 1) { if (strstr($gre['if'], "_vip")) continue; - if (!empty($config['interfaces'][$gre['if']]) && $config['interfaces'][$gre['if']]['ipaddrv6'] == "track6") + if (!empty($config['interfaces'][$gre['if']]) && $config['interfaces'][$gre['if']]['ipaddrv6'] == "track6") continue; } else if ($checkparent == 2) { if (!strstr($gre['if'], "_vip")) continue; - if (empty($config['interfaces'][$gre['if']]) || $config['interfaces'][$gre['if']]['ipaddrv6'] != "track6") + if (empty($config['interfaces'][$gre['if']]) || $config['interfaces'][$gre['if']]['ipaddrv6'] != "track6") continue; } /* XXX: Maybe we should report any errors?! */ @@ -854,13 +854,13 @@ function interfaces_gif_configure($checkparent = 0) { if ($checkparent == 1) { if (strstr($gif['if'], "_vip")) continue; - if (!empty($config['interfaces'][$gif['if']]) && $config['interfaces'][$gif['if']]['ipaddrv6'] == "track6") + if (!empty($config['interfaces'][$gif['if']]) && $config['interfaces'][$gif['if']]['ipaddrv6'] == "track6") continue; } else if ($checkparent == 2) { if (!strstr($gre['if'], "_vip")) continue; - if (empty($config['interfaces'][$gif['if']]) || $config['interfaces'][$gif['if']]['ipaddrv6'] != "track6") + if (empty($config['interfaces'][$gif['if']]) || $config['interfaces'][$gif['if']]['ipaddrv6'] != "track6") continue; } /* XXX: Maybe we should report any errors?! */ @@ -1173,7 +1173,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg = case "dhcp": $pid = find_dhclient_process($realif); if($pid) - mwexec("/bin/kill {$pid}"); + posix_kill($pid, SIGTERM); sleep(1); unlink_if_exists("{$g['varetc_path']}/dhclient_{$interface}.conf"); if(does_interface_exist("$realif")) { @@ -1240,7 +1240,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg = // log_error("Checking for old router states: {$g['tmp_path']}/{$realif}_router = {$old_router}"); if (!empty($old_router)) { log_error("Clearing states to old gateway {$old_router}."); - mwexec("/sbin/pfctl -i {$realif} -Fs; /sbin/pfctl -i {$realif} -Fs -G {$old_router}"); + mwexec("/sbin/pfctl -i {$realif} -Fs -G {$old_router}"); } /* remove interface up file if it exists */ @@ -1346,7 +1346,7 @@ function handle_pppoe_reset($post_array) { $item['month'] = "*"; $item['wday'] = "*"; break; - case "weekly": + case "weekly": $item['minute'] = "0"; $item['hour'] = "0"; $item['mday'] = "*"; @@ -2131,15 +2131,15 @@ function interface_wireless_clone($realif, $wlcfg) { else $wlcfg_mode = $wlcfg['mode']; switch($wlcfg_mode) { - case "hostap": - $mode = "wlanmode hostap"; - break; - case "adhoc": - $mode = "wlanmode adhoc"; - break; - default: - $mode = ""; - break; + case "hostap": + $mode = "wlanmode hostap"; + break; + case "adhoc": + $mode = "wlanmode adhoc"; + break; + default: + $mode = ""; + break; } $baseif = interface_get_wireless_base($wlcfg['if']); if(does_interface_exist($realif)) { @@ -2188,8 +2188,8 @@ function interface_sync_wireless_clones(&$ifcfg, $sync_changes = false) { global $config, $g; $shared_settings = array('standard', 'turbo', 'protmode', 'txpower', 'channel', - 'diversity', 'txantenna', 'rxantenna', 'distance', - 'regdomain', 'regcountry', 'reglocation'); + 'diversity', 'txantenna', 'rxantenna', 'distance', + 'regdomain', 'regcountry', 'reglocation'); if(!is_interface_wireless($ifcfg['if'])) return; @@ -2691,15 +2691,33 @@ function find_dhclient_process($interface) { function find_dhcp6c_process($interface) { global $g; - if ($interface) - if (isvalidpid("{$g['varrun_path']}/dhcp6c_{$interface}.pid")) - $pid = trim(file_get_contents("{$g['varrun_path']}/dhcp6c_{$interface}.pid"), " \n"); + if ($interface && isvalidpid("{$g['varrun_path']}/dhcp6c_{$interface}.pid")) + $pid = trim(file_get_contents("{$g['varrun_path']}/dhcp6c_{$interface}.pid"), " \n"); else return(false); return intval($pid); } +function interface_vlan_mtu_configured($realhwif, $mtu) { + global $config; + + if (is_array($config['vlans']['vlan'])) { + foreach ($config['vlans']['vlan'] as $vlan) { + if ($vlan['if'] != $realhwif) + continue; + $assignedport = convert_real_interface_to_friendly_interface_name($vlan['vlanif']); + if (!empty($assignedport)) { + $portmtu = $config['interfaces'][$assignedport]['mtu']; + if (!empty($portmtu) && $portmtu > $mtu) + $mtu = $portmtu; + } + } + } + + return $mtu; +} + function interface_configure($interface = "wan", $reloadall = false, $linkupevent = false) { global $config, $g; global $interface_sn_arr_cache, $interface_ip_arr_cache; @@ -2791,7 +2809,7 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven } /* skip vlans for checksumming and polling */ - if (!stristr($realif, "vlan") && is_array($options)) { + if (!stristr($realif, "_vlan") && is_array($options)) { $flags = 0; if(isset($config['system']['disablechecksumoffloading'])) { if (isset($options['encaps']['txcsum'])) @@ -2894,29 +2912,112 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven } $mtu = get_interface_default_mtu(remove_ifindex($realhwif)); + $assignedparent = convert_real_interface_to_friendly_interface_name($realhwif); + if (!empty($assignedparent) && !empty($config['interfaces'][$assignedparent]['mtu'])) + $mtu = $config['interfaces'][$assignedparent]['mtu']; + + $vlanifs = link_interface_to_vlans($realhwif); + if (empty($vlanifs)) + $vlanifs = array(); + + if (!empty($wancfg['mtu'])) { + if (stristr($realif, "_vlan")) { + if (!empty($assignedparent)) { + $parentmtu = $config['interfaces'][$assignedparent]['mtu']; + if (empty($parentmtu)) + $parentmtu = interface_vlan_mtu_configured($realhwif, $wancfg['mtu']); + if ($wancfg['mtu'] > $parentmtu) { + if (get_interface_mtu($realhwif) != $wancfg['mtu']) + pfSense_interface_mtu($realhwif, $wancfg['mtu']); + + /* All vlans need to use the same mtu value as their parent. */ + foreach ($vlanifs as $vlan) { + if ($vlan['vlanif'] == $realif) + continue; + $assignedport = convert_real_interface_to_friendly_interface_name($vlan['vlanif']); + if (!empty($assignedport)) { + $portmtu = $config['interfaces'][$assignedport]['mtu']; + if (empty($portmtu) && (get_interface_mtu($vlan['vlanif']) != $wancfg['mtu'])) + pfSense_interface_mtu($vlan['vlanif'], $wancfg['mtu']); + } else if (get_interface_mtu($vlan['vlanif']) != $wancfg['mtu']) + pfSense_interface_mtu($vlan['vlanif'], $wancfg['mtu']); + } + } + } else { + /* Parent is not assigned, back to default */ + if (get_interface_mtu($realhwif) != $mtu) + pfSense_interface_mtu($realhwif, $mtu); + + /* All vlans need to use the same mtu value as their parent. */ + foreach ($vlanifs as $vlan) { + if ($vlan['vlanif'] == $realif) + continue; + $assignedport = convert_real_interface_to_friendly_interface_name($vlan['vlanif']); + if (!empty($assignedport)) { + $portmtu = $config['interfaces'][$assignedport]['mtu']; + if (empty($portmtu) && (get_interface_mtu($vlan['vlanif']) != $mtu)) + pfSense_interface_mtu($vlan['vlanif'], $mtu); + } else if (get_interface_mtu($vlan['vlanif']) != $mtu) + pfSense_interface_mtu($vlan['vlanif'], $mtu); + } - if (preg_match('/_vlan[0-9]/', $wancfg['if'])) { - foreach ($config['interfaces'] as $ifdescr => $ifdata) { - if ($ifdata['if'] == $realhwif) { - if (!empty($ifdata['mtu'])) - $mtu = $ifdata['mtu']; - break; + if (get_interface_mtu($realif) != $wancfg['mtu']) + pfSense_interface_mtu($realif, $wancfg['mtu']); + } + } else { + foreach ($vlanifs as $vlan) { + $assignedport = convert_real_interface_to_friendly_interface_name($vlan['vlanif']); + if (empty($assignedport)) { + if (get_interface_mtu($vlan['vlanif']) != $wancfg['mtu']) + pfSense_interface_mtu($vlan['vlanif'], $wancfg['mtu']); + } else { + $vlanmtu = $config['interfaces'][$assignedport]['mtu']; + if ((empty($vlanmtu) || ($vlanmtu >= $wancfg['mtu'])) && (get_interface_mtu($vlan['vlanif']) != $wancfg['mtu'])) + pfSense_interface_mtu($vlan['vlanif'], $wancfg['mtu']); + } } } - } else if (!empty($wancfg['mtu'])) { - $mtu = $wancfg['mtu']; + if ($wancfg['mtu'] != get_interface_mtu($realif)) + pfSense_interface_mtu($realif, $wancfg['mtu']); + } else if (stristr($realif, "_vlan")) { + /* XXX: This is really dangerous for example with vlans changing their parent mtu! */ + $bigmtu = interface_vlan_mtu_configured($realhwif, $mtu); + if ($mtu < $bigmtu) + $mtu = $bigmtu; + + if (get_interface_mtu($realhwif) != $mtu) + pfSense_interface_mtu($realhwif, $mtu); + + /* All vlans need to use the same mtu value as their parent. */ + foreach ($vlanifs as $vlan) { + if ($vlan['vlanif'] == $realif) + continue; + $assignedport = convert_real_interface_to_friendly_interface_name($vlan['vlanif']); + if (!empty($assignedport)) { + $portmtu = $config['interfaces'][$assignedport]['mtu']; + if (empty($portmtu) && (get_interface_mtu($vlan['vlanif']) != $mtu)) + pfSense_interface_mtu($vlan['vlanif'], $mtu); + } else if (get_interface_mtu($vlan['vlanif']) != $mtu) + pfSense_interface_mtu($vlan['vlanif'], $mtu); + } + if (get_interface_mtu($realif) != $mtu) + pfSense_interface_mtu($realif, $mtu); + } else { + /* All vlans need to use the same mtu value as their parent. */ + foreach ($vlanifs as $vlan) { + $assignedport = convert_real_interface_to_friendly_interface_name($vlan['vlanif']); + if (!empty($assignedport)) { + $portmtu = $config['interfaces'][$assignedport]['mtu']; + if (empty($portmtu) && (get_interface_mtu($vlan['vlanif']) != $mtu)) + pfSense_interface_mtu($vlan['vlanif'], $mtu); + } else if (get_interface_mtu($vlan['vlanif']) != $mtu) + pfSense_interface_mtu($vlan['vlanif'], $mtu); + } + if ($mtu != get_interface_mtu($realhwif)) + pfSense_interface_mtu($realhwif, $mtu); } - if ($mtu != get_interface_mtu($realhwif)) - pfSense_interface_mtu($realhwif, $mtu); - - /* - * All vlans need to use the same mtu value as their parent. - */ - if (is_array($config['vlans']['vlan'])) - foreach ($config['vlans']['vlan'] as $vlan) - if (($vlan['if'] == $realhwif) && (get_interface_mtu($vlan['vlanif']) != $mtu)) - pfSense_interface_mtu($vlan['vlanif'], $mtu); + unset($vlanifs); if(does_interface_exist($wancfg['if'])) interfaces_bring_up($wancfg['if']); @@ -2988,6 +3089,9 @@ function interface_track6_configure($interface = "lan", $wancfg) { /* always configure a link-local of fe80::1:1 on the track6 interfaces */ $realif = get_real_interface($interface); + $linklocal = find_interface_ipv6_ll($realif); + if (!empty($linklocal)) + mwexec("/sbin/ifconfig {$realif} inet6 {$linklocal} delete"); mwexec("/sbin/ifconfig {$realif} inet6 fe80::1:1%{$realif}"); $trackcfg = $config['interfaces'][$wancfg['track6-interface']]; @@ -2997,34 +3101,37 @@ function interface_track6_configure($interface = "lan", $wancfg) { } switch($trackcfg['ipaddrv6']) { - case "6to4": - if ($g['debug']) - log_error("Interface {$interface} configured via {$wancfg['track6-interface']} type {$type}"); - interface_track6_6to4_configure($interface, $wancfg); - break; - case "6rd": - if ($g['debug']) - log_error("Interface {$interface} configured via {$wancfg['track6-interface']} type {$type}"); - interface_track6_6rd_configure($interface, $wancfg); - break; - case "dhcp6": - if ($g['debug']) - log_error("Interface {$interface} configured via {$wancfg['track6-interface']} type {$type}"); - interface_track6_dhcp6_configure($interface, $wancfg); - break; + case "6to4": + if ($g['debug']) + log_error("Interface {$interface} configured via {$wancfg['track6-interface']} type {$type}"); + interface_track6_6to4_configure($interface, $wancfg); + break; + case "6rd": + if ($g['debug']) + log_error("Interface {$interface} configured via {$wancfg['track6-interface']} type {$type}"); + interface_track6_6rd_configure($interface, $wancfg); + break; + case "dhcp6": + if ($g['debug']) + log_error("Interface {$interface} configured via {$wancfg['track6-interface']} type {$type}"); + interface_track6_dhcp6_configure($interface, $wancfg); + break; } - if (!function_exists('services_dhcpd_configure')) - require_once("services.inc"); + if (!$g['booting']) { + if (!function_exists('services_dhcpd_configure')) + require_once("services.inc"); - services_dhcpd_configure("inet6"); + services_dhcpd_configure("inet6"); + } return 0; } - function interface_track6_6rd_configure($interface = "lan", $lancfg) { global $config, $g; + global $interface_ipv6_arr_cache; + global $interface_snv6_arr_cache; if (!is_array($lancfg)) return; @@ -3042,10 +3149,9 @@ function interface_track6_6rd_configure($interface = "lan", $lancfg) { return; } - $wanif = get_real_interface($lancfg['track6-interface']); - $ip4address = find_interface_ip($wanif); + $ip4address = get_interface_ip($lancfg['track6-interface']); if (!is_ipaddrv4($ip4address)) { /* XXX: This should not be needed by 6rd || (is_private_ip($ip4address))) { */ - log_error("The interface IPv4 '{$ip4address}' address on interface '{$wanif}' is not public, not configuring 6RD tunnel"); + log_error("The interface IPv4 '{$ip4address}' address on interface '{$lancfg['track6-interface']}' is not public, not configuring 6RD tunnel"); return; } $hexwanv4 = return_hex_ipv4($ip4address); @@ -3078,6 +3184,8 @@ function interface_track6_6rd_configure($interface = "lan", $lancfg) { $oip = find_interface_ipv6($lanif); if (is_ipaddrv6($oip)) mwexec("/sbin/ifconfig {$lanif} inet6 {$oip} delete"); + unset($interface_ipv6_arr_cache[$lanif]); + unset($interface_snv6_arr_cache[$lanif]); log_error("rd6 {$interface} with ipv6 address {$rd6lan} based on {$lancfg['track6-interface']} ipv4 {$ip4address}"); mwexec("/sbin/ifconfig {$lanif} inet6 {$rd6lan} prefixlen 64"); @@ -3086,6 +3194,8 @@ function interface_track6_6rd_configure($interface = "lan", $lancfg) { function interface_track6_6to4_configure($interface = "lan", $lancfg) { global $config, $g; + global $interface_ipv6_arr_cache; + global $interface_snv6_arr_cache; if (!is_array($lancfg)) return; @@ -3103,10 +3213,9 @@ function interface_track6_6to4_configure($interface = "lan", $lancfg) { if (!is_numeric($lancfg['track6-prefix-id'])) $lancfg['track6-prefix-id'] = 0; - $wanif = get_real_interface($lancfg['track6-interface']); - $ip4address = find_interface_ip($wanif); + $ip4address = get_interface_ip($lancfg['track6-interface']); if (!is_ipaddrv4($ip4address) || is_private_ip($ip4address)) { - log_error("The interface IPv4 '{$ip4address}' address on interface '{$wanif}' is not public, not configuring 6RD tunnel"); + log_error("The interface IPv4 '{$ip4address}' address on interface '{$lancfg['track6-interface']}' is not public, not configuring 6RD tunnel"); return; } $hexwanv4 = return_hex_ipv4($ip4address); @@ -3135,6 +3244,8 @@ function interface_track6_6to4_configure($interface = "lan", $lancfg) { $oip = find_interface_ipv6($lanif); if (is_ipaddrv6($oip)) mwexec("/sbin/ifconfig {$lanif} inet6 {$oip} delete"); + unset($interface_ipv6_arr_cache[$lanif]); + unset($interface_snv6_arr_cache[$lanif]); log_error("sixto4 {$interface} with ipv6 address {$sixto4lan} based on {$lancfg['track6-interface']} ipv4 {$ip4address}"); mwexec("/sbin/ifconfig {$lanif} inet6 {$sixto4lan} prefixlen 64"); @@ -3143,6 +3254,8 @@ function interface_track6_6to4_configure($interface = "lan", $lancfg) { function interface_track6_dhcp6_configure($interface = "lan", $lancfg) { global $config, $g; + global $interface_ipv6_arr_cache; + global $interface_snv6_arr_cache; if (!is_array($lancfg)) return; @@ -3160,9 +3273,15 @@ function interface_track6_dhcp6_configure($interface = "lan", $lancfg) { return; } + $lanif = get_real_interface($interface); + $oip = find_interface_ipv6($lanif); + if (is_ipaddrv6($oip)) + mwexec("/sbin/ifconfig {$lanif} inet6 {$oip} delete"); + unset($interface_ipv6_arr_cache[$lanif]); + unset($interface_snv6_arr_cache[$lanif]); + if ($wancfg['ipaddrv6'] == "slaac") { - $wanif = get_real_interface($lancfg['track6-interface']); - $ifcfgipv6 = find_interface_ipv6($wanif); + $ifcfgipv6 = get_interface_ipv6($lancfg['track6-interface']); if (is_ipaddrv6($ifcfgipv6)) { $dhcp6lanarr = explode(":", Net_IPv6::uncompress($ifcfgipv6)); $dhcp6lanarr[4] = 0; @@ -3170,10 +3289,6 @@ function interface_track6_dhcp6_configure($interface = "lan", $lancfg) { $dhcp6lanarr[6] = 0; $dhcp6lanarr[7] = 1; $dhcp6lan = Net_IPv6::compress(implode(":", $dhcp6lanarr)); - $lanif = get_real_interface($interface); - $oip = find_interface_ipv6($lanif); - if (is_ipaddrv6($oip)) - mwexec("/sbin/ifconfig {$lanif} inet6 {$oip} delete"); log_error("dhcp6 {$interface} with ipv6 address {$dhcp6lan} based on {$lancfg['track6-interface']}"); mwexec("/sbin/ifconfig {$lanif} inet6 {$dhcp6lan} prefixlen 64"); } @@ -3207,23 +3322,10 @@ function interface_6rd_configure($interface = "wan", $wancfg) { $rd6prefixlen = $rd6prefix[1]; $rd6prefix = Net_IPv6::uncompress($rd6prefix[0]); - /* we need the hex form of the broker IPv4 address */ - $hexbrv4 = return_hex_ipv4($wancfg['gateway-6rd']); - /* binary presentation of the prefix for all 128 bits. */ $rd6prefixbin = convert_ipv6_to_128bit($rd6prefix); /* just save the left prefix length bits */ - $rd6brprefixbin = substr($rd6prefixbin, 0, $rd6prefixlen); - /* if the prefix length is not 32 bits we need to shave bits off from the left of the v4 address. */ - $rd6brprefixbin .= substr(sprintf("%032b", hexdec($hexbrv4)), $wancfg['prefix-6rd-v4plen'], 32); - /* fill out the rest with 0's */ - $rd6brprefixbin = str_pad($rd6brprefixbin, 128, "0", STR_PAD_RIGHT);; - - /* convert the 128 bits for the broker address back into a valid IPv6 address */ - $rd6brgw = convert_128bit_to_ipv6($rd6brprefixbin); - - /* just save the left prefix length bits */ $rd6prefixbin = substr($rd6prefixbin, 0, $rd6prefixlen); /* if the prefix length is not 32 bits we need to shave bits off from the left of the v4 address. */ $rd6prefixbin .= substr(sprintf("%032b", hexdec($hexwanv4)), $wancfg['prefix-6rd-v4plen'], 32); @@ -3233,6 +3335,8 @@ function interface_6rd_configure($interface = "wan", $wancfg) { /* convert the 128 bits for the broker address back into a valid IPv6 address */ $rd6prefix = convert_128bit_to_ipv6($rd6prefixbin); + $rd6brgw = "{$rd6prefix}{$wancfg['gateway-6rd']}"; + /* XXX: need to extend to support variable prefix size for v4 */ if (!is_module_loaded("if_stf")) mwexec("/sbin/kldload if_stf.ko"); @@ -3243,6 +3347,8 @@ function interface_6rd_configure($interface = "wan", $wancfg) { pfSense_interface_rename($tmpstfiface, $stfiface); pfSense_interface_flags($stfiface, IFF_LINK2); mwexec("/sbin/ifconfig {$stfiface} inet6 {$rd6prefix}/{$rd6prefixlen}"); + if ($wancfg['prefix-6rd-v4plen'] > 0 && $wancfg['prefix-6rd-v4plen'] < 32) + mwexec("/sbin/ifconfig {$stfiface} stfv4net {$ip4address}/{$wancfg['prefix-6rd-v4plen']}"); if ($g['debug']) log_error("Created 6rd interface {$stfiface} {$rd6prefix}/{$rd6prefixlen}"); @@ -3252,7 +3358,7 @@ function interface_6rd_configure($interface = "wan", $wancfg) { $ip4gateway = get_interface_gateway($interface); if (is_ipaddrv4($ip4gateway)) - mwexec("/sbin/route change -host " . $wancfg['gateway-6rd'] . " {$ip4gateway}"); + mwexec("/sbin/route change -host " . escapeshellarg($wancfg['gateway-6rd']) . " {$ip4gateway}"); /* configure dependent interfaces */ if (!$g['booting']) @@ -3424,39 +3530,38 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { unset($dhcp6cscript); @chmod("{$g['varetc_path']}/dhcp6c_{$interface}_script.sh", 0755); + $rtsoldscript = "#!/bin/sh\n"; + $rtsoldscript .= "# This shell script launches dhcp6c and configured gateways for this interface.\n"; + $rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_routerv6\n"; + $rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_defaultgwv6\n"; + $rtsoldscript .= "if [ -f {$g['varrun_path']}/dhcp6c_{$wanif}.pid ]; then\n"; + $rtsoldscript .= "\t/bin/pkill -F {$g['varrun_path']}/dhcp6c_{$wanif}.pid\n"; + $rtsoldscript .= "fi\n"; + $rtsoldscript .= "/usr/local/sbin/dhcp6c -d -c {$g['varetc_path']}/dhcp6c_{$interface}.conf -p {$g['varrun_path']}/dhcp6c_{$wanif}.pid {$wanif}\n"; + /* Add wide-dhcp6c shell script here. Because we can not pass a argument to it. */ + if (!@file_put_contents("{$g['varetc_path']}/rtsold_{$wanif}_script.sh", $rtsoldscript)) { + printf("Error: cannot open rtsold_{$interface}_script.sh in interface_dhcpv6_configure() for writing.\n"); + unset($rtsoldscript); + return 1; + } + unset($rtsoldscript); + @chmod("{$g['varetc_path']}/rtsold_{$wanif}_script.sh", 0755); /* accept router advertisements for this interface */ mwexec("/sbin/sysctl -w net.inet6.ip6.accept_rtadv=1"); log_error("Accept router advertisements on interface {$wanif} "); mwexec("/sbin/ifconfig {$wanif} inet6 accept_rtadv"); - /* run a filter configure sync so that the filter rules allow traffic before we launch the client */ - /* there reallyt is no good way around this i'm 'fraid */ - if (!$g['booting']) - filter_configure_sync(); - - /* fire up dhcp6c for IPv6 first, this backgrounds immediately */ - mwexec("/usr/local/sbin/dhcp6c -d -c {$g['varetc_path']}/dhcp6c_{$interface}.conf -p {$g['varrun_path']}/dhcp6c_{$interface}.pid {$wanif}"); - sleep(1); - unset($out); - exec("/sbin/rtsol -d {$wanif} 2>&1", $out, $ret); - if (!empty($out)) { - foreach($out as $line) { - if((stristr($line, "received")) && (!stristr($line, "unexpected"))) { - $parts = explode(" ", $line); - if(is_ipaddrv6($parts[3])) { - log_error("Found IPv6 default gateway '{$parts[3]}' by RA."); - file_put_contents("{$g['tmp_path']}/{$wanif}_routerv6", "{$parts[3]}\n"); - file_put_contents("{$g['tmp_path']}/{$wanif}_defaultgwv6", "{$parts[3]}\n"); - break; - } - } - } - unset($out); + /* fire up rtsold for IPv6 RAs first, this backgrounds immediately. It will call dhcp6c */ + if (isvalidpid("{$g['varrun_path']}/rtsold_{$wanif}.pid")) { + killbypid("{$g['varrun_path']}/rtsold_{$wanif}.pid"); + sleep(2); } - /* worst case is that the rc.newwanipv6 handles setting up the track6 interface */ - if (!$g['booting'] && $wancfg['ipaddrv6'] != "slaac") - link_interface_to_track6($interface, "update"); + mwexec("/usr/sbin/rtsold -1 -p {$g['varrun_path']}/rtsold_{$wanif}.pid -O {$g['varetc_path']}/rtsold_{$wanif}_script.sh {$wanif}"); + + /* NOTE: will be called from rtsold invoked script + * link_interface_to_track6($interface, "update"); + */ return 0; } @@ -3606,6 +3711,9 @@ function convert_real_interface_to_friendly_interface_name($interface = "wan") { $ifdescrs = &$config['interfaces']; //$ifdescrs = get_configured_interface_list(false, true); + if (strstr($interface, "_stf")) + $interface = str_replace("_stf", "", $interface); + foreach ($ifdescrs as $if => $ifname) { if ($if == $interface || $config['interfaces'][$if]['if'] == $interface) return $if; @@ -3619,8 +3727,9 @@ function convert_real_interface_to_friendly_interface_name($interface = "wan") { $int = get_parent_interface($if); if ($int[0] == $interface) return $ifname; - */ + */ } + return NULL; } @@ -3731,7 +3840,7 @@ function get_parent_interface($interface) { case "static": default: // Handle _vlans - if (strstr($realif,"_vlan")) + if (stristr($realif,"_vlan")) if (is_array($config['vlans']['vlan'])) foreach ($config['vlans']['vlan'] as $vlanidx => $vlan) if ($ifcfg['if'] == $vlan['vlanif']){ @@ -3772,7 +3881,7 @@ function interface_get_wireless_clone($wlif) { } } -function get_real_interface($interface = "wan") { +function get_real_interface($interface = "wan", $family = "all") { global $config, $g; $wanif = NULL; @@ -3812,13 +3921,28 @@ function get_real_interface($interface = "wan") { $cfg = &$config['interfaces'][$interface]; - // Wireless cloned NIC support (FreeBSD 8+) - // interface name format: $parentnic_wlanparentnic# - // example: ath0_wlan0 - if( is_array($cfg['wireless']) || preg_match($g['wireless_regex'], $cfg['if'])) - $wanif = interface_get_wireless_clone($cfg['if']); - else - $wanif = $cfg['if']; + if ($family == "inet6") { + switch ($cfg['ipaddrv6']) { + case "6rd": + case "6to4": + $wanif = "{$interface}_stf"; + break; + default: + if( is_array($cfg['wireless']) || preg_match($g['wireless_regex'], $cfg['if'])) + $wanif = interface_get_wireless_clone($cfg['if']); + else + $wanif = $cfg['if']; + break; + } + } else { + // Wireless cloned NIC support (FreeBSD 8+) + // interface name format: $parentnic_wlanparentnic# + // example: ath0_wlan0 + if( is_array($cfg['wireless']) || preg_match($g['wireless_regex'], $cfg['if'])) + $wanif = interface_get_wireless_clone($cfg['if']); + else + $wanif = $cfg['if']; + } break; } @@ -3869,9 +3993,9 @@ function guess_interface_from_ip($ipaddress) { function find_ip_interface($ip, $bits = null) { if (!is_ipaddr($ip)) return false; - + $isv6ip = is_ipaddrv6($ip); - + /* if list */ $ifdescrs = get_configured_interface_list(); @@ -3902,15 +4026,15 @@ function find_ip_interface($ip, $bits = null) { */ function find_virtual_ip_alias($ip, $bits = null) { global $config; - + if (!is_array($config['virtualip']['vip'])) { return false; } if (!is_ipaddr($ip)) return false; - + $isv6ip = is_ipaddrv6($ip); - + foreach ($config['virtualip']['vip'] as $vip) { if ($vip['mode'] === "ipalias") { if (is_ipaddrv6($vip['subnet']) != $isv6ip) @@ -4075,14 +4199,17 @@ function link_interface_to_vlans($int, $action = "") { return; if (is_array($config['vlans']['vlan'])) { + $ifaces = array(); foreach ($config['vlans']['vlan'] as $vlan) { if ($int == $vlan['if']) { if ($action == "update") { interfaces_bring_up($int); } else if ($action == "") - return $vlan; + $ifaces[$vlan['tag']] = $vlan; } } + if (!empty($ifaces)) + return $ifaces; } } @@ -4168,8 +4295,7 @@ function link_interface_to_gif($interface) { /* * find_interface_ip($interface): return the interface ip (first found) */ -function find_interface_ip($interface, $flush = false) -{ +function find_interface_ip($interface, $flush = false) { global $interface_ip_arr_cache; global $interface_sn_arr_cache; @@ -4191,8 +4317,7 @@ function find_interface_ip($interface, $flush = false) /* * find_interface_ipv6($interface): return the interface ip (first found) */ -function find_interface_ipv6($interface, $flush = false) -{ +function find_interface_ipv6($interface, $flush = false) { global $interface_ipv6_arr_cache; global $interface_snv6_arr_cache; global $config; @@ -4205,8 +4330,8 @@ function find_interface_ipv6($interface, $flush = false) /* Setup IP cache */ if (!isset($interface_ipv6_arr_cache[$interface]) or $flush) { - $ifinfo = pfSense_get_interface_addresses($interface); // FIXME: Add IPv6 support to the pfSense module + $ifinfo = array(); exec("/sbin/ifconfig {$interface} inet6", $output); foreach($output as $line) { if(preg_match("/inet6/", $line)) { @@ -4233,8 +4358,7 @@ function find_interface_ipv6($interface, $flush = false) /* * find_interface_ipv6_ll($interface): return the interface ipv6 link local (first found) */ -function find_interface_ipv6_ll($interface, $flush = false) -{ +function find_interface_ipv6_ll($interface, $flush = false) { global $interface_llv6_arr_cache; global $config; @@ -4262,8 +4386,7 @@ function find_interface_ipv6_ll($interface, $flush = false) return $interface_llv6_arr_cache[$interface]; } -function find_interface_subnet($interface, $flush = false) -{ +function find_interface_subnet($interface, $flush = false) { global $interface_sn_arr_cache; global $interface_ip_arr_cache; @@ -4280,8 +4403,7 @@ function find_interface_subnet($interface, $flush = false) return $interface_sn_arr_cache[$interface]; } -function find_interface_subnetv6($interface, $flush = false) -{ +function find_interface_subnetv6($interface, $flush = false) { global $interface_snv6_arr_cache; global $interface_ipv6_arr_cache; @@ -4291,7 +4413,7 @@ function find_interface_subnetv6($interface, $flush = false) $foundv6 = false; if (!isset($interface_snv6_arr_cache[$interface]) or $flush) { - $ifinfo = pfSense_get_interface_addresses($interface); + $ifinfo = array(); // FIXME: Add IPv6 support to the pfSense module unset($output); exec("/sbin/ifconfig {$interface} inet6", $output); @@ -4343,8 +4465,7 @@ function ip_in_interface_alias_subnet($interface, $ipalias) { return false; } -function get_interface_ip($interface = "wan") -{ +function get_interface_ip($interface = "wan") { $realif = get_failover_interface($interface); if (!$realif) { if (preg_match("/^carp/i", $interface)) @@ -4362,19 +4483,10 @@ function get_interface_ip($interface = "wan") return null; } -function get_interface_ipv6($interface = "wan") -{ +function get_interface_ipv6($interface = "wan", $flush = false) { global $config; - $realif = get_failover_interface($interface); - if (is_array($config['interfaces'][$interface])) { - switch($config['interfaces'][$interface]['ipaddrv6']) { - case "6rd": - case "6to4": - $realif = "{$interface}_stf"; - break; - } - } + $realif = get_failover_interface($interface, "inet6"); if (!$realif) { if (preg_match("/^[a-z0-9]+_vip/i", $interface)) $realif = $interface; @@ -4382,15 +4494,14 @@ function get_interface_ipv6($interface = "wan") return null; } - $curip = find_interface_ipv6($realif); + $curip = find_interface_ipv6($realif, $flush); if ($curip && is_ipaddrv6($curip) && ($curip != "::")) return $curip; else return null; } -function get_interface_linklocal($interface = "wan") -{ +function get_interface_linklocal($interface = "wan") { $realif = get_failover_interface($interface); if (!$realif) { if (preg_match("/^carp/i", $interface)) @@ -4408,8 +4519,7 @@ function get_interface_linklocal($interface = "wan") return null; } -function get_interface_subnet($interface = "wan") -{ +function get_interface_subnet($interface = "wan") { $realif = get_real_interface($interface); if (!$realif) { if (preg_match("/^carp/i", $interface)) @@ -4427,21 +4537,10 @@ function get_interface_subnet($interface = "wan") return null; } -function get_interface_subnetv6($interface = "wan") -{ +function get_interface_subnetv6($interface = "wan") { global $config; - if (is_array($config['interfaces'][$interface])) { - switch($config['interfaces'][$interface]['ipaddrv6']) { - case "6rd": - case "6to4": - $realif = "{$interface}_stf"; - break; - default: - $realif = get_real_interface($interface); - break; - } - } + $realif = get_real_interface($interface, "inet6"); if (!$realif) { if (preg_match("/^[a-z0-9]+_vip/i", $interface)) $realif = $interface; @@ -4518,11 +4617,7 @@ function interface_has_gatewayv6($friendly) { switch ($ifname['ipaddrv6']) { case "slaac": case "dhcp6": - return true; - break; case "6to4": - return true; - break; case "6rd": return true; break; @@ -4566,7 +4661,7 @@ function is_altq_capable($int) { return true; else if (stristr($int, "l2tp")) /* VLANs are name $parent_$vlan now */ return true; - else if (stristr($int, "vlan")) /* VLANs are name $parent_$vlan now */ + else if (stristr($int, "_vlan")) /* VLANs are name $parent_$vlan now */ return true; else if (stristr($int, "_wlan")) /* WLANs are name $parent_$wlan now */ return true; @@ -4611,8 +4706,7 @@ function get_wireless_modes($interface) { $interface_channel_count = count($interface_channels); $c = 0; - while ($c < $interface_channel_count) - { + while ($c < $interface_channel_count) { $channel_line = explode(",", $interface_channels["$c"]); $wireless_mode = trim($channel_line[0]); $wireless_channel = trim($channel_line[1]); @@ -4804,11 +4898,11 @@ function interfaces_staticarp_configure($if) { return 0; } -function get_failover_interface($interface) { +function get_failover_interface($interface, $family = "all") { global $config; /* shortcut to get_real_interface if we find it in the config */ if(is_array($config['interfaces'][$interface])) { - $wanif = get_real_interface($interface); + $wanif = get_real_interface($interface, $family); return $wanif; } @@ -4824,7 +4918,7 @@ function get_failover_interface($interface) { return $wanif; } /* fall through to get_real_interface */ - $wanif = get_real_interface($interface); + $wanif = get_real_interface($interface, $family); return $wanif; } diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 6a00244..8b8f1b9 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -151,10 +151,11 @@ function ipsec_get_phase1_src(& $ph1ent) { if ($ph1ent['interface']) { if (!is_ipaddr($ph1ent['interface'])) { - $if = get_failover_interface($ph1ent['interface']); - if($ph1ent['protocol'] == "inet6") { + if ($ph1ent['protocol'] == "inet6") { + $if = get_failover_interface($ph1ent['interface'], "inet6"); $interfaceip = get_interface_ipv6($if); } else { + $if = get_failover_interface($ph1ent['interface']); $interfaceip = get_interface_ip($if); } } else { @@ -162,11 +163,10 @@ function ipsec_get_phase1_src(& $ph1ent) { } } else { $if = "wan"; - if($ph1ent['protocol'] == "inet6") { + if ($ph1ent['protocol'] == "inet6") $interfaceip = get_interface_ipv6($if); - } else { + else $interfaceip = get_interface_ip($if); - } } return $interfaceip; @@ -354,7 +354,7 @@ function ipsec_phase2_status(& $spd,& $sad,& $ph1ent,& $ph2ent) { if( ipsec_lookup_ipsec_sa($spd,$sad,"out",$loc_ip,$rmt_ip,$loc_id,$rmt_id)) { if (empty($ph2ent['natlocalid']) && ipsec_lookup_ipsec_sa($spd,$sad,"in",$rmt_ip,$loc_ip,$rmt_id,$loc_id)) return true; - else if (!empty($ph2ent['natlocalid']) && ipsec_lookup_ipsec_sa($spd,$sad,"in",$rmt_ip,$natloc_id,$rmt_id,$natloc_id)) + else if (!empty($ph2ent['natlocalid']) && ipsec_lookup_ipsec_sa($spd,$sad,"out",$loc_ip,$rmt_ip,$loc_id,$rmt_id)) return true; } @@ -406,9 +406,9 @@ function ipsec_lookup_ipsec_sa(& $spd,& $sad,$dir,$in_srcip,$in_dstip,$in_srcid, $sp_srcid .= '/128'; } if (!strstr($sp_dstid,"/")) { - if (is_ipaddrv4($sp_srcid)) + if (is_ipaddrv4($sp_dstid)) $sp_dstid .= '/32'; - elseif (is_ipaddrv6($sp_srcid)) + elseif (is_ipaddrv6($sp_dstid)) $sp_dstid .= '/128'; } @@ -622,7 +622,7 @@ function ipsec_disconnect_mobile($username) { } function ipsec_fixup_ip($ipaddr) { - if (is_ipaddrv6($ipaddr) || !is_subnetv6($ipaddr)) + if (is_ipaddrv6($ipaddr) || is_subnetv6($ipaddr)) return Net_IPv6::compress(Net_IPv6::uncompress($ipaddr)); else return $ipaddr; diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 18267d5..a5244fd 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -938,6 +938,35 @@ function openvpn_resync_all($interface = "") { } +// Resync and restart all VPNs using a gateway group. +function openvpn_resync_gwgroup($gwgroupname = "") { + global $g, $config; + + if ($gwgroupname <> "") { + if (is_array($config['openvpn']['openvpn-server'])) { + foreach ($config['openvpn']['openvpn-server'] as & $settings) { + if ($gwgroupname == $settings['interface']) { + log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " server " . $settings["description"] . "."); + openvpn_resync('server', $settings); + } + } + } + + if (is_array($config['openvpn']['openvpn-client'])) { + foreach ($config['openvpn']['openvpn-client'] as & $settings) { + if ($gwgroupname == $settings['interface']) { + log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " client " . $settings["description"] . "."); + openvpn_resync('client', $settings); + } + } + } + + // Note: no need to resysnc Client Specific (csc) here, as changes to the OpenVPN real interface do not effect these. + + } else + log_error("openvpn_resync_gwgroup called with null gwgroup parameter."); +} + function openvpn_get_active_servers($type="multipoint") { global $config, $g; @@ -958,11 +987,9 @@ function openvpn_get_active_servers($type="multipoint") { else $server['name'] = "Server {$prot}:{$port}"; $server['conns'] = array(); - - $vpnid = $settings['vpnid']; - $mode_id = "server{$vpnid}"; - $server['mgmt'] = $mode_id; - $socket = "unix://{$g['varetc_path']}/openvpn/{$mode_id}.sock"; + $server['vpnid'] = $settings['vpnid']; + $server['mgmt'] = "server{$server['vpnid']}"; + $socket = "unix://{$g['varetc_path']}/openvpn/{$server['mgmt']}.sock"; list($tn, $sm) = explode('/', $settings['tunnel_network']); if ((($server['mode'] == "p2p_shared_key") || ($sm >= 30) ) && ($type == "p2p")) @@ -1032,8 +1059,8 @@ function openvpn_get_server_status($server, $socket) { } else { $conn = array(); $conn['common_name'] = "[error]"; - $conn['remote_host'] = "Management Daemon Unreachable"; - $conn['virtual_addr'] = ""; + $conn['remote_host'] = "Unable to contact daemon"; + $conn['virtual_addr'] = "Service not running?"; $conn['bytes_recv'] = 0; $conn['bytes_sent'] = 0; $conn['connect_time'] = 0; @@ -1062,10 +1089,9 @@ function openvpn_get_active_clients() { else $client['name'] = "Client {$prot}{$port}"; - $vpnid = $settings['vpnid']; - $mode_id = "client{$vpnid}"; - $client['mgmt'] = $mode_id; - $socket = "unix://{$g['varetc_path']}/openvpn/{$mode_id}.sock"; + $client['vpnid'] = $settings['vpnid']; + $client['mgmt'] = "client{$client['vpnid']}"; + $socket = "unix://{$g['varetc_path']}/openvpn/{$client['mgmt']}.sock"; $client['status']="down"; $clients[] = openvpn_get_client_status($client, $socket); @@ -1155,8 +1181,8 @@ function openvpn_get_client_status($client, $socket) { } else { $DisplayNote=true; - $client['remote_host'] = "No Management Daemon"; - $client['virtual_addr'] = "See Note Below"; + $client['remote_host'] = "Unable to contact daemon"; + $client['virtual_addr'] = "Service not running?"; $client['bytes_recv'] = 0; $client['bytes_sent'] = 0; $client['connect_time'] = 0; diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index b759987..7c53885 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1566,8 +1566,7 @@ function load_crypto() { if (!in_array($config['system']['crypto_hardware'], $crypto_modules)) return false; - $is_loaded = `/sbin/kldstat | /usr/bin/grep -c {$config['system']['crypto_hardware']}`; - if (!empty($config['system']['crypto_hardware']) && ($is_loaded == 0)) { + if (!empty($config['system']['crypto_hardware']) && !is_module_loaded($config['system']['crypto_hardware'])) { log_error("Loading {$config['system']['crypto_hardware']} cryptographic accelerator module."); mwexec("/sbin/kldload {$config['system']['crypto_hardware']}"); } @@ -1583,8 +1582,7 @@ function load_thermal_hardware() { if (!in_array($config['system']['thermal_hardware'], $thermal_hardware_modules)) return false; - $is_loaded = `/sbin/kldstat | /usr/bin/grep -c {$config['system']['thermal_hardware']}`; - if (!empty($config['system']['thermal_hardware']) && ($is_loaded == 0)) { + if (!empty($config['system']['thermal_hardware']) && !is_module_loaded($config['system']['thermal_hardware'])) { log_error("Loading {$config['system']['thermal_hardware']} thermal monitor module."); mwexec("/sbin/kldload {$config['system']['thermal_hardware']}"); } @@ -1723,9 +1721,12 @@ function update_output_window($text) { global $pkg_interface; $log = preg_replace("/\n/", "\\n", $text); if($pkg_interface != "console") { - echo "\n<script language=\"JavaScript\">\nthis.document.forms[0].output.value = \"" . $log . "\";\n"; - echo "this.document.forms[0].output.scrollTop = this.document.forms[0].output.scrollHeight;\n"; - echo "</script>"; + echo "\n<script type=\"text/javascript\">"; + echo "\n//<![CDATA["; + echo "\nthis.document.forms[0].output.value = \"" . $log . "\";"; + echo "\nthis.document.forms[0].output.scrollTop = this.document.forms[0].output.scrollHeight;"; + echo "\n//]]>"; + echo "\n</script>"; } /* ensure that contents are written out */ ob_flush(); @@ -1739,7 +1740,11 @@ function update_status($status) { if($pkg_interface == "console") { echo "\r{$status}"; } else { - echo "\n<script type=\"text/javascript\">this.document.forms[0].status.value=\"" . $status . "\";</script>"; + echo "\n<script type=\"text/javascript\">"; + echo "\n//<![CDATA["; + echo "\nthis.document.forms[0].status.value=\"" . $status . "\";"; + echo "\n//]]>"; + echo "\n</script>"; } /* ensure that contents are written out */ ob_flush(); @@ -1752,8 +1757,10 @@ function update_progress_bar($percent, $first_time) { global $pkg_interface; if($percent > 100) $percent = 1; if($pkg_interface <> "console") { - echo "\n<script type=\"text/javascript\" language=\"javascript\">"; + echo "\n<script type=\"text/javascript\">"; + echo "\n//<![CDATA["; echo "\ndocument.progressbar.style.width='" . $percent . "%';"; + echo "\n//]]>"; echo "\n</script>"; } else { if(!($first_time)) @@ -2537,11 +2544,7 @@ function return_hex_ipv4($ipv4) { /* we need the hex form of the interface IPv4 address */ $ip4arr = explode(".", $ipv4); - $hexwanv4 = ""; - foreach($ip4arr as $octet) - $hexwanv4 .= sprintf("%02x", $octet); - - return($hexwanv4); + return (sprintf("%02x%02x%02x%02x", $ip4arr[0], $ip4arr[1], $ip4arr[2], $ip4arr[3])); } function convert_ipv6_to_128bit($ipv6) { @@ -2607,13 +2610,13 @@ function calculate_ipv6_delegation_length($if) { function huawei_rssi_to_string($rssi) { $dbm = array(); $i = 0; - $dbstart = -51; - while($i < 31) { - $dbm[$i] = $dbstart - ($i * 2); + $dbstart = -113; + while($i < 32) { + $dbm[$i] = $dbstart + ($i * 2); $i++; } $percent = round(($rssi / 31) * 100); - $string = "rssi:8 level:{$dbm[$rssi]}dBm percent:{$percent}%"; + $string = "rssi:{$rssi} level:{$dbm[$rssi]}dBm percent:{$percent}%"; return $string; } diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc index 6f44396..2566b8d 100644 --- a/etc/inc/rrd.inc +++ b/etc/inc/rrd.inc @@ -78,6 +78,10 @@ function restore_rrd() { } unlink($xml_file); } + /* If this backup is still there on a full install, but we aren't going to use ram disks, remove the archive since this is a transition. */ + if (($g['platform'] == "pfSense") && !isset($config['system']['use_mfs_tmpvar'])) { + unlink_if_exists("{$g['cf_conf_path']}/rrd.tgz"); + } return true; } return false; @@ -270,9 +274,7 @@ function enable_rrd_graphing() { chown($rrddbpath, "nobody"); if ($g['booting']) { - if ($g['platform'] != "pfSense") { - restore_rrd(); - } + restore_rrd(); } /* db update script */ diff --git a/etc/inc/service-utils.inc b/etc/inc/service-utils.inc index f62952c..f920252 100644 --- a/etc/inc/service-utils.inc +++ b/etc/inc/service-utils.inc @@ -37,6 +37,12 @@ pfSense_BUILDER_BINARIES: /bin/pgrep /bin/sh /usr/bin/killall pfSense_MODULE: utils */ +require_once("globals.inc"); +require_once("captiveportal.inc"); +require_once("openvpn.inc"); +require_once("ipsec.inc"); +require_once("vpn.inc"); +require_once("vslb.inc"); define("RCFILEPREFIX", "/usr/local/etc/rc.d/"); function write_rcfile($params) { @@ -191,6 +197,17 @@ function restart_service_if_running($service) { return; } +function is_service_enabled($service_name) { + global $config; + if ($service_name == "") + return false; + if (isset($config['installedpackages'][$service_name]['config'][0]['enable']) && + ((empty($config['installedpackages'][$service_name]['config'][0]['enable'])) || + ($config['installedpackages'][$service_name]['config'][0]['enable'] === 'off'))) + return false; + return true; +} + function is_service_running($service, $ps = "") { global $config; @@ -408,19 +425,20 @@ function get_service_status_icon($service, $withtext = true, $smallicon = false) $output = ""; if(get_service_status($service)) { $statustext = gettext("Running"); - $output .= '<td class="listr"><center>' . "\n"; + $output .= '<td class="listr" align="center">' . "\n"; $output .= "<img style=\"vertical-align:middle\" title=\"" . sprintf(gettext("%s Service is"),$service["name"]) . " {$statustext}\" src=\"/themes/" . $g["theme"] . "/images/icons/"; $output .= ($smallicon) ? "icon_pass.gif" : "icon_service_running.gif"; - $output .= "\">"; + $output .= "\" alt=\"status\" />"; if ($withtext) $output .= " " . $statustext; $output .= "</td>\n"; } else { - $statustext = gettext("Stopped"); - $output .= '<td class="listbg"><center>' . "\n"; + $service_enabled = is_service_enabled($service['name']); + $statustext = ($service_enabled) ? gettext("Stopped") : gettext("Disabled"); + $output .= '<td class="listbg" align="center">' . "\n"; $output .= "<img style=\"vertical-align:middle\" title=\"" . sprintf(gettext("%s Service is"),$service["name"]) . " {$statustext}\" src=\"/themes/" . $g["theme"] . "/images/icons/"; $output .= ($smallicon) ? "icon_block.gif" : "icon_service_stopped.gif"; - $output .= "\">"; + $output .= "\" alt=\"status\" />"; if ($withtext) $output .= " " . "<font color=\"white\">{$statustext}</font>"; $output .= "</td>\n"; @@ -435,40 +453,208 @@ function get_service_control_links($service, $addname = false) { if(get_service_status($service)) { switch ($service['name']) { case "openvpn": - $output .= "<a href='status_services.php?mode=restartservice&service={$service['name']}&vpnmode={$service['mode']}&id={$service['vpnid']}'>"; + $output .= "<a href='status_services.php?mode=restartservice&service={$service['name']}&vpnmode={$service['mode']}&id={$service['vpnid']}'>"; break; case "captiveportal": - $output .= "<a href='status_services.php?mode=restartservice&service={$service['name']}&zone={$service['zone']}'>"; + $output .= "<a href='status_services.php?mode=restartservice&service={$service['name']}&zone={$service['zone']}'>"; break; default: - $output .= "<a href='status_services.php?mode=restartservice&service={$service['name']}'>"; + $output .= "<a href='status_services.php?mode=restartservice&service={$service['name']}'>"; } - $output .= "<img style=\"vertical-align:middle\" title='" . sprintf(gettext("Restart %sService"),$stitle) . "' border='0' src='./themes/".$g['theme']."/images/icons/icon_service_restart.gif'></a>\n"; + $output .= "<img style=\"vertical-align:middle\" title='" . sprintf(gettext("Restart %sService"),$stitle) . "' border='0' src='./themes/".$g['theme']."/images/icons/icon_service_restart.gif' alt='restart' /></a>\n"; switch ($service['name']) { case "openvpn": - $output .= "<a href='status_services.php?mode=stopservice&service={$service['name']}&vpnmode={$service['mode']}&id={$service['vpnid']}'>"; + $output .= "<a href='status_services.php?mode=stopservice&service={$service['name']}&vpnmode={$service['mode']}&id={$service['vpnid']}'>"; break; case "captiveportal": - $output .= "<a href='status_services.php?mode=stopservice&service={$service['name']}&zone={$service['zone']}'>"; + $output .= "<a href='status_services.php?mode=stopservice&service={$service['name']}&zone={$service['zone']}'>"; break; default: - $output .= "<a href='status_services.php?mode=stopservice&service={$service['name']}'>"; + $output .= "<a href='status_services.php?mode=stopservice&service={$service['name']}'>"; } - $output .= "<img style=\"vertical-align:middle\" title='" . sprintf(gettext("Stop %sService"),$stitle) . "' border='0' src='./themes/".$g['theme']."/images/icons/icon_service_stop.gif'>"; + $output .= "<img style=\"vertical-align:middle\" title='" . sprintf(gettext("Stop %sService"),$stitle) . "' border='0' src='./themes/".$g['theme']."/images/icons/icon_service_stop.gif' alt='stop' />"; $output .= "</a>"; } else { + $service_enabled = is_service_enabled($service['name']); switch ($service['name']) { case "openvpn": - $output .= "<a href='status_services.php?mode=startservice&service={$service['name']}&vpnmode={$service['mode']}&id={$service['vpnid']}'>"; + $output .= "<a href='status_services.php?mode=startservice&service={$service['name']}&vpnmode={$service['mode']}&id={$service['vpnid']}'>"; break; case "captiveportal": - $output .= "<a href='status_services.php?mode=startservice&service={$service['name']}&zone={$service['zone']}'>"; + $output .= "<a href='status_services.php?mode=startservice&service={$service['name']}&zone={$service['zone']}'>"; break; default: - $output .= "<a href='status_services.php?mode=startservice&service={$service['name']}'>"; + if ($service_enabled) + $output .= "<a href='status_services.php?mode=startservice&service={$service['name']}'>"; } - $output .= "<img style=\"vertical-align:middle\" title='" . sprintf(gettext("Start %sService"),$stitle) . "' border='0' src='./themes/".$g['theme']."/images/icons/icon_service_start.gif'></a>\n"; + if ($service_enabled) + $output .= "<img style=\"vertical-align:middle\" title='" . sprintf(gettext("Start %sService"),$stitle) . "' border='0' src='./themes/".$g['theme']."/images/icons/icon_service_start.gif' alt='start' /></a>\n"; } return $output; } + +function service_control_start($name, $extras) { + global $g; + switch($name) { + case 'radvd': + services_radvd_configure(); + break; + case 'captiveportal': + $zone = $extras['zone']; + captiveportal_init_webgui_zonename($zone); + break; + case 'ntpd': + case 'openntpd': + system_ntp_configure(); + break; + case 'bsnmpd': + services_snmpd_configure(); + break; + case 'dnsmasq': + services_dnsmasq_configure(); + break; + case 'dhcpd': + services_dhcpd_configure(); + break; + case 'igmpproxy': + services_igmpproxy_configure(); + break; + case 'miniupnpd': + upnp_action('start'); + break; + case 'racoon': + vpn_ipsec_force_reload(); + break; + case 'openvpn': + $vpnmode = $extras['vpnmode']; + if (($vpnmode == "server") || ($vpnmode == "client")) { + $id = $extras['id']; + $configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf"; + if (file_exists($configfile)) + openvpn_restart_by_vpnid($vpnmode, $id); + } + break; + case 'relayd': + relayd_configure(); + break; + default: + start_service($name); + break; + } + return sprintf(gettext("%s has been started."),htmlspecialchars($name)); +} +function service_control_stop($name, $extras) { + global $g; + switch($name) { + case 'radvd': + killbypid("{$g['varrun_path']}/radvd.pid"); + break; + case 'captiveportal': + $zone = $extras['zone']; + killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal.pid"); + killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal-SSL.pid"); + break; + case 'ntpd': + killbyname("ntpd"); + break; + case 'openntpd': + killbyname("openntpd"); + break; + case 'bsnmpd': + killbypid("{$g['varrun_path']}/snmpd.pid"); + break; + case 'choparp': + killbyname("choparp"); + break; + case 'dhcpd': + killbyname("dhcpd"); + break; + case 'dhcrelay': + killbypid("{$g['varrun_path']}/dhcrelay.pid"); + break; + case 'dnsmasq': + killbypid("{$g['varrun_path']}/dnsmasq.pid"); + break; + case 'igmpproxy': + killbyname("igmpproxy"); + break; + case 'miniupnpd': + upnp_action('stop'); + break; + case 'sshd': + killbyname("sshd"); + break; + case 'racoon': + exec("killall -9 racoon"); + break; + case 'openvpn': + $vpnmode = $extras['vpnmode']; + if (($vpnmode == "server") or ($vpnmode == "client")) { + $id = $extras['id']; + $pidfile = "{$g['varrun_path']}/openvpn_{$vpnmode}{$id}.pid"; + killbypid($pidfile); + } + break; + case 'relayd': + mwexec('pkill relayd'); + break; + default: + stop_service($name); + break; + } + return sprintf(gettext("%s has been stopped."), htmlspecialchars($name)); +} +function service_control_restart($name, $extras) { + global $g; + switch($name) { + case 'radvd': + services_radvd_configure(); + break; + case 'captiveportal': + $zone = $extras['zone']; + killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal.pid"); + killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal-SSL.pid"); + captiveportal_init_webgui_zonename($zone); + break; + case 'ntpd': + case 'openntpd': + system_ntp_configure(); + break; + case 'bsnmpd': + services_snmpd_configure(); + break; + case 'dnsmasq': + services_dnsmasq_configure(); + break; + case 'dhcpd': + services_dhcpd_configure(); + break; + case 'igmpproxy': + services_igmpproxy_configure(); + break; + case 'miniupnpd': + upnp_action('restart'); + break; + case 'racoon': + vpn_ipsec_force_reload(); + break; + case 'openvpn': + $vpnmode = $extras['vpnmode']; + if ($vpnmode == "server" || $vpnmode == "client") { + $id = $extras['id']; + $configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf"; + if (file_exists($configfile)) + openvpn_restart_by_vpnid($vpnmode, $id); + } + break; + case 'relayd': + relayd_configure(true); + break; + default: + restart_service($name); + break; + } + return sprintf(gettext("%s has been restarted."),htmlspecialchars($name)); +} + ?> diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 8c69cb0..8b8a6ff 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -177,11 +177,14 @@ function services_radvd_configure() { /* add DNS servers */ $dnslist = array(); - if (is_array($dhcpv6ifconf['dnsserver']) && !empty($dhcpv6ifconf['dnsserver'])) { - foreach($dhcpv6ifconf['dnsserver'] as $server) { - if(is_ipaddrv6($server)) + if (isset($dhcpv6ifconf['rasamednsasdhcp6']) && is_array($dhcpv6ifconf['dnsserver']) && !empty($dhcpv6ifconf['dnsserver'])) { + foreach($dhcpv6ifconf['dnsserver'] as $server) + if (is_ipaddrv6($server)) + $dnslist[] = $server; + } elseif (!isset($dhcpv6ifconf['rasamednsasdhcp6']) && isset($dhcpv6ifconf['radnsserver']) && is_array($dhcpv6ifconf['radnsserver'])) { + foreach($dhcpv6ifconf['radnsserver'] as $server) + if (is_ipaddrv6($server)) $dnslist[] = $server; - } } elseif (isset($config['dnsmasq']['enable'])) { $dnslist[] = get_interface_ipv6($realif); } elseif (is_array($config['system']['dnsserver']) && !empty($config['system']['dnsserver'])) { @@ -232,7 +235,7 @@ function services_radvd_configure() { log_error("configuring RA on {$if} for type {$autotype} radvd subnet {$subnetv6}/{$ifcfgsnv6}"); $dnslist = array(); - if(is_ipaddrv6($subnetv6)) { + if(is_ipaddrv6($ifcfgipv6)) { $radvdconf .= "# Generated config for {$autotype} delegation from {$trackif} on {$if}\n"; $radvdconf .= "interface {$realif} {\n"; $radvdconf .= "\tAdvSendAdvert on;\n"; @@ -358,18 +361,20 @@ function services_dhcpdv4_configure() { $is_olsr_enabled = true; if ($g['booting']) { - if ($g['platform'] != "pfSense") { - /* restore the leases, if we have them */ - if (file_exists("{$g['cf_conf_path']}/dhcpleases.tgz")) { - $dhcprestore = ""; - $dhcpreturn = ""; - exec("cd /;LANG=C /usr/bin/tar -xzf {$g['cf_conf_path']}/dhcpleases.tgz 2>&1", $dhcprestore, $dhcpreturn); - $dhcprestore = implode(" ", $dhcprestore); - if($dhcpreturn <> 0) { - log_error(sprintf(gettext('DHCP leases restore failed exited with %1$s, the error is: %2$s%3$s'), $dhcpreturn, $dhcprestore, "\n")); - } + /* restore the leases, if we have them */ + if (file_exists("{$g['cf_conf_path']}/dhcpleases.tgz")) { + $dhcprestore = ""; + $dhcpreturn = ""; + exec("cd /;LANG=C /usr/bin/tar -xzf {$g['cf_conf_path']}/dhcpleases.tgz 2>&1", $dhcprestore, $dhcpreturn); + $dhcprestore = implode(" ", $dhcprestore); + if($dhcpreturn <> 0) { + log_error(sprintf(gettext('DHCP leases restore failed exited with %1$s, the error is: %2$s%3$s'), $dhcpreturn, $dhcprestore, "\n")); } } + /* If this backup is still there on a full install, but we aren't going to use ram disks, remove the archive since this is a transition. */ + if (($g['platform'] == "pfSense") && !isset($config['system']['use_mfs_tmpvar'])) { + unlink_if_exists("{$g['cf_conf_path']}/dhcpleases.tgz"); + } } $syscfg = $config['system']; @@ -890,12 +895,12 @@ function services_dhcpdv6_configure() { /* we add a fake entry for interfaces that are set to track6 another WAN */ foreach ($Iflist as $ifname) { - $realif = get_real_interface($ifname); - $ifcfgipv6 = find_interface_ipv6($realif); - if(!is_ipaddrv6($ifcfgipv6)) - continue; - $ifcfgipv6 = Net_IPv6::getNetmask($ifcfgipv6, 64); if (!empty($config['interfaces'][$ifname]['track6-interface'])) { + $realif = get_real_interface($ifname); + $ifcfgipv6 = get_interface_ipv6($ifname); + if(!is_ipaddrv6($ifcfgipv6)) + continue; + $ifcfgipv6 = Net_IPv6::getNetmask($ifcfgipv6, 64); $trackifname = $config['interfaces'][$ifname]['track6-interface']; $trackcfg = $config['interfaces'][$trackifname]; $pdlen = calculate_ipv6_delegation_length($trackifname); @@ -904,6 +909,7 @@ function services_dhcpdv6_configure() { $dhcpdv6cfg[$ifname]['enable'] = true; /* range */ $ifcfgipv6arr[7] = "1000"; + $dhcpdv6cfg[$ifname]['range'] = array(); $dhcpdv6cfg[$ifname]['range']['from'] = Net_IPv6::compress(implode(":", $ifcfgipv6arr)); $ifcfgipv6arr[7] = "2000"; $dhcpdv6cfg[$ifname]['range']['to'] = Net_IPv6::compress(implode(":", $ifcfgipv6arr));; @@ -912,6 +918,7 @@ function services_dhcpdv6_configure() { $pdlenmax = $pdlen; $pdlenhalf = $pdlenmax -1; $pdlenmin = (64 - ceil($pdlenhalf / 4)); + $dhcpdv6cfg[$ifname]['prefixrange'] = array(); $dhcpdv6cfg[$ifname]['prefixrange']['prefixlength'] = $pdlenmin; /* set the delegation start to half the current address block */ @@ -1008,9 +1015,8 @@ EOD; $dnscfgv6 .= " option dhcp6.name-servers " . join(",", $dns_arrv6) . ";"; } - if(is_ipaddrv6(ifcfgipv6)) { - $subnet6 = gen_subnetv6($ifcfgipv6, $ifcfgsnv6); - $dhcpdv6conf .= "subnet6 {$subnet6}/{$ifcfgsnv6} {\n"; + if(is_ipaddrv6($ifcfgipv6)) { + $dhcpdv6conf .= "subnet6 {$subnetv6}/{$ifcfgsnv6} {\n"; } else { $subnet6 = gen_subnetv6($dhcpv6ifconf['range']['from'], "64"); $dhcpdv6conf .= "subnet6 {$subnet6}/64 {\n"; @@ -1207,7 +1213,8 @@ EOD; fclose($igmpfl); unset($igmpconf); - mwexec("/usr/local/sbin/igmpproxy -c {$g['tmp_path']}/igmpproxy.conf"); + /* NOTE: -d 4 means everything LOG_WARNING and smaller */ + mwexec("/usr/local/sbin/igmpproxy -d 4 -c {$g['tmp_path']}/igmpproxy.conf"); log_error(gettext("Started IGMP proxy service.")); return 0; @@ -1284,12 +1291,20 @@ function services_dhcrelay_configure() { array_shift($route_str); $route_arr = array(); foreach($route_str as $routeline) { - $items = preg_split("/[ ]+/i", $routeline); - if (ip_in_subnet($srvip, $items[0])) { + $items = preg_split("/[ ]+/i", $routeline); + if (is_subnetv4($items[0])) { + $subnet = $items[0]; + } elseif (is_ipaddrv4($items[0])) { + $subnet = "{$items[0]}/32"; + } else { + // Not a subnet or IP address, skip to the next line. + continue; + } + if (ip_in_subnet($srvip, $subnet)) { $destif = trim($items[6]); break; } - } + } } if (!isset($destif)) { @@ -1468,11 +1483,12 @@ function services_dyndns_configure_client($conf) { $dnsPort = NULL, $dnsUpdateURL = "{$conf['updateurl']}", $forceUpdate = $conf['force'], - $dnsZoneID=$conf['zoneid'], - $dnsTTL=$conf['ttl'], + $dnsZoneID=$conf['zoneid'], + $dnsTTL=$conf['ttl'], $dnsResultMatch = "{$conf['resultmatch']}", $dnsRequestIf = "{$conf['requestif']}", - $dnsID = "{$conf['id']}"); + $dnsID = "{$conf['id']}", + $dnsVerboseLog = $conf['verboselog']); } function services_dyndns_configure($int = "") { @@ -1490,6 +1506,7 @@ function services_dyndns_configure($int = "") { foreach ($dyndnscfg as $dyndns) { if ((empty($int)) || ($int == $dyndns['interface']) || (is_array($gwgroups[$dyndns['interface']]))) { + $dyndns['verboselog'] = isset($dyndns['verboselog']); services_dyndns_configure_client($dyndns); sleep(1); } @@ -1565,6 +1582,19 @@ function services_dnsmasq_configure() { } } + /* If selected, then forward reverse lookups for private IPv4 addresses to nowhere. */ + if (isset($config['dnsmasq']['no_private_reverse'])) { + /* Note: Carrier Grade NAT (CGN) addresses 100.64.0.0/10 are intentionally not here. */ + /* End-users should not be aware of CGN addresses, so reverse lookups for these should not happen. */ + /* Just the pfSense WAN might get a CGN address from an ISP. */ + $args .= " --server=/10.in-addr.arpa/ "; + $args .= " --server=/168.192.in-addr.arpa/ "; + /* Unfortunately the 172.16.0.0/12 range does not map nicely to the in-addr.arpa scheme. */ + for ($subnet_num = 16; $subnet_num < 32; $subnet_num++) { + $args .= " --server=/" . $subnet_num . ".172.in-addr.arpa/ "; + } + } + /* Allow DNS Rebind for forwarded domains */ if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) { if(!isset($config['system']['webgui']['nodnsrebindcheck'])) { @@ -1661,10 +1691,18 @@ trap := "{$config['snmpd']['trapstring']}" EOD; } + $version = trim(file_get_contents('/etc/version')); + $platform = trim(file_get_contents('/etc/platform')); + if (($platform == "pfSense") && ($g['product_name'] != "pfSense")) + $platform = $g['product_name']; + $sysDescr = "{$g['product_name']} " . php_uname("n") . + " {$version} {$platform} " . php_uname("s") . + " " . php_uname("r") . " " . php_uname("m"); $snmpdconf .= <<<EOD system := 1 # pfSense %snmpd +sysDescr = "{$sysDescr}" begemotSnmpdDebugDumpPdus = 2 begemotSnmpdDebugSyslogPri = 7 begemotSnmpdCommunityString.0.1 = $(read) diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index e2b1317..20550e0 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -1,6 +1,6 @@ <?php /* - Copyright (C) 2008 Ermal Lu�i + Copyright (C) 2008 Ermal Luçi All rights reserved. Redistribution and use in source and binary forms, with or without @@ -313,14 +313,14 @@ class altq_root_queue { } function validate_input($data, &$input_errors) { - + $reqdfields[] = "bandwidth"; $reqdfieldsn[] = gettext("Bandwidth"); $reqdfields[] = "bandwidthtype"; $reqdfieldsn[] = gettext("Bandwidthtype"); - + shaper_do_input_validation($data, $reqdfields, $reqdfieldsn, $input_errors); - + if ($data['bandwidth'] && (!is_numeric($data['bandwidth']))) $input_errors[] = gettext("Bandwidth must be an integer."); if ($data['bandwidth'] < 0) @@ -482,7 +482,7 @@ class altq_root_queue { function build_tree() { global $shaperIFlist; - $tree = " <li><a href=\"firewall_shaper.php?interface=".$this->GetInterface()."&queue=". $this->GetInterface()."&action=show"; + $tree = " <li><a href=\"firewall_shaper.php?interface=".$this->GetInterface()."&queue=". $this->GetInterface()."&action=show"; $tree .= "\">" . $shaperIFlist[$this->GetInterface()] . "</a>"; if (is_array($this->queues)) { $tree .= "<ul>"; @@ -494,7 +494,7 @@ class altq_root_queue { $tree .= "</li>"; return $tree; } - + function delete_queue() { foreach ($this->queues as $q) { $this->SetAvailableBandwidth($this->GetAvailableBandwidth() + $q->GetAvailableBandwidth()); @@ -563,6 +563,7 @@ class altq_root_queue { function build_javascript() { $javascript = "<script type=\"text/javascript\">"; + $javascript .= "//<![CDATA[\n"; $javascript .= "function mySuspend() {"; $javascript .= "if (document.layers && document.layers['shaperarea'] != null) "; $javascript .= "document.layers['shaperarea'].visibility = 'hidden'; "; @@ -576,11 +577,12 @@ class altq_root_queue { $javascript .= "else if (document.all) "; $javascript .= "document.all['shaperarea'].style.visibility = 'visible';"; $javascript .= "}"; + $javascript .= "//]]>"; $javascript .= "</script>"; return $javascript; } - + function build_shortform() { global $g; @@ -588,7 +590,7 @@ class altq_root_queue { if ($altq) $scheduler = ": " . $altq->GetScheduler(); $form = "<tr><td width=\"20%\" class=\"vtable\">"; - $form .= "<a href=\"firewall_shaper.php?interface=" . $this->GetInterface() . "&queue=". $this->GetInterface()."&action=show\">". $shaperIFlist[$this->GetInterface()] .": ".$scheduler."</a>"; + $form .= "<a href=\"firewall_shaper.php?interface=" . $this->GetInterface() . "&queue=". $this->GetInterface()."&action=show\">". $shaperIFlist[$this->GetInterface()] .": ".$scheduler."</a>"; $form .= "</td></tr>"; $form .= "<tr>"; $form .= "<td width=\"50%\" class=\"vncellreq\">"; @@ -596,101 +598,101 @@ class altq_root_queue { $form .= "</td><td width=\"50%\"></td></tr>"; $form .= "<tr><td width=\"20%\" class=\"vncellreq\">"; $form .= "<a href=\"firewall_shaper_queues.php?interface="; - $form .= $this->GetInterface() . "&queue="; - $form .= $this->GetQname() . "&action=delete\">"; + $form .= $this->GetInterface() . "&queue="; + $form .= $this->GetQname() . "&action=delete\">"; $form .= "<img src=\""; $form .= "./themes/".$g['theme']."/images/icons/icon_x.gif\""; - $form .= " width=\"17\" height=\"17\" border=\"0\" title=\"Disable shaper on interface\">"; + $form .= " width=\"17\" height=\"17\" border=\"0\" title=\"Disable shaper on interface\" alt=\"disable\" />"; $form .= "<span>Disable shaper on interface</span></a></td></tr>"; return $form; } /* - * For requesting the parameters of the root queue + * For requesting the parameters of the root queues * to the user like the traffic wizard does. */ function build_form() { - $form = "<tr><td valign=\"center\" class=\"vncellreq\"><br>"; + $form = "<tr><td valign=\"middle\" class=\"vncellreq\"><br/>"; $form .= gettext("Enable/Disable"); $form .= "<br/></td><td class=\"vncellreq\">"; $form .= " <input type=\"checkbox\" id=\"enabled\" name=\"enabled\" value=\"on\""; if ($this->GetEnabled() == "on") - $form .= " CHECKED"; - $form .= " ><span class=\"vexpl\"> " . gettext("Enable/disable discipline and its children") . "</span>"; + $form .= " checked=\"checked\""; + $form .= " /><span class=\"vexpl\"> " . gettext("Enable/disable discipline and its children") . "</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"center\" class=\"vncellreq\"><br><span class=\"vexpl\">" . gettext("Name") . "</span></td>"; + $form .= "<tr><td valign=\"middle\" class=\"vncellreq\"><br/><span class=\"vexpl\">" . gettext("Name") . "</span></td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<strong>".$this->GetQname()."</strong>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"center\" class=\"vncellreq\">" . gettext("Scheduler Type "); + $form .= "<tr><td valign=\"middle\" class=\"vncellreq\">" . gettext("Scheduler Type "); $form .= "</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<select id=\"scheduler\" name=\"scheduler\" class=\"formselect\">"; $form .= "<option value=\"HFSC\""; if ($this->GetScheduler() == "HFSC") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">HFSC</option>"; $form .= "<option value=\"CBQ\""; if ($this->GetScheduler() == "CBQ") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">CBQ</option>"; $form .= "<option value=\"FAIRQ\""; if ($this->GetScheduler() == "FAIRQ") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">FAIRQ</option>"; $form .= "<option value=\"PRIQ\""; if ($this->GetScheduler() == "PRIQ") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">PRIQ</option>"; $form .= "</select>"; - $form .= "<br> <span class=\"vexpl\">"; + $form .= "<br/> <span class=\"vexpl\">"; $form .= gettext("NOTE: Changing this changes all child queues!"); $form .= gettext(" Beware you can lose information."); $form .= "</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"center\" class=\"vncellreq\">" . gettext("Bandwidth"); + $form .= "<tr><td valign=\"middle\" class=\"vncellreq\">" . gettext("Bandwidth"); $form .= "</td><td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"bandwidth\" name=\"bandwidth\" value=\""; - $form .= $this->GetBandwidth() . "\">"; + $form .= $this->GetBandwidth() . "\" />"; $form .= "<select id=\"bandwidthtype\" name=\"bandwidthtype\" class=\"formselect\">"; $form .= "<option value=\"Kb\""; if ($this->GetBwscale() == "Kb") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">Kbit/s</option>"; $form .= "<option value=\"Mb\""; if ($this->GetBwscale() == "Mb") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">Mbit/s</option>"; $form .= "<option value=\"Gb\""; if ($this->GetBwscale() == "Gb") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">Gbit/s</option>"; $form .= "<option value=\"b\""; if ($this->GetBwscale() == "b") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">Bit/s</option>"; $form .= "</select>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Queue Limit</td>"; + $form .= "<tr><td valign=\"middle\" class=\"vncellreq\">Queue Limit</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"qlimit\" name=\"qlimit\" value=\""; $form .= $this->GetQlimit(); - $form .= "\">"; + $form .= "\" />"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"center\" class=\"vncellreq\">TBR Size</td>"; + $form .= "<tr><td valign=\"middle\" class=\"vncellreq\">TBR Size</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<br /><input type=\"text\" id=\"tbrconfig\" name=\"tbrconfig\" value=\""; $form .= $this->GetTbrConfig(); - $form .= "\">"; - $form .= "<br> <span class=\"vexpl\">"; + $form .= "\" />"; + $form .= "<br/> <span class=\"vexpl\">"; $form .= gettext("Adjusts the size, in bytes, of the token bucket regulator. " . "If not specified, heuristics based on the interface " . "bandwidth are used to determine the size."); $form .= "</span></td></tr>"; $form .= "<input type=\"hidden\" id=\"interface\" name=\"interface\""; - $form .= " value=\"" . $this->GetInterface() . "\">"; - $form .= "<input type=\"hidden\" id=\"name\" name=\"name\" value=\"".$this->GetQname()."\" >"; + $form .= " value=\"" . $this->GetInterface() . "\" />"; + $form .= "<input type=\"hidden\" id=\"name\" name=\"name\" value=\"".$this->GetQname()."\" />"; return $form; @@ -699,7 +701,7 @@ class altq_root_queue { function update_altq_queue_data(&$data) { $this->ReadConfig($data); } - + /* * Should call on each of it queues and subqueues * the same function much like build_rules(); @@ -872,6 +874,7 @@ class priq_queue { function build_javascript() { $javascript = "<script type=\"text/javascript\">"; + $javascript .= "//<![CDATA[\n"; $javascript .= "function mySuspend() { \n"; $javascript .= "if (document.layers && document.layers['shaperarea'] != null)\n"; $javascript .= "document.layers['shaperarea'].visibility = 'hidden';\n"; @@ -885,11 +888,12 @@ class priq_queue { $javascript .= "else if (document.all)\n"; $javascript .= "document.all['shaperarea'].style.visibility = 'visible';\n"; $javascript .= "}\n"; + $javascript .= "//]]>"; $javascript .= "</script>"; - + return $javascript; } - + function &add_queue($interface, &$qname, &$path, &$input_errors) { return; } /* @@ -928,7 +932,7 @@ class priq_queue { } function &get_queue_list(&$qlist) { - + $qlist[$this->GetQname()] = & $this; if (is_array($this->subqueues)) { foreach ($this->subqueues as $queue) @@ -941,7 +945,7 @@ class priq_queue { cleanup_queue_from_rules($this->GetQname()); unset_object_by_reference($this->GetLink()); } - + function delete_all() { if (count($this->subqueues)) { foreach ($this->subqueues as $q) { @@ -957,11 +961,11 @@ class priq_queue { if ($qname == $this->GetQname()) return $this; } - + function find_parentqueue($interface, $qname) { return; } - + function validate_input($data, &$input_errors) { - + $reqdfields[] = "name"; $reqdfieldsn[] = gettext("Name"); shaper_do_input_validation($data, $reqdfields, $reqdfieldsn, $input_errors); @@ -1039,7 +1043,7 @@ class priq_queue { } function build_tree() { - $tree = " <li><a href=\"firewall_shaper.php?interface=". $this->GetInterface()."&queue=". $this->GetQname()."&action=show"; + $tree = " <li><a href=\"firewall_shaper.php?interface=". $this->GetInterface()."&queue=". $this->GetQname()."&action=show"; $tree .= "\" "; $tmpvalue = $this->GetDefault(); if (!empty($tmpvalue)) @@ -1060,7 +1064,7 @@ class priq_queue { return $tree; } - + /* Should return something like: * queue $qname on $qinterface bandwidth .... */ @@ -1118,74 +1122,74 @@ class priq_queue { * need to update it. */ function build_form() { - $form = "<tr><td valign=\"center\" class=\"vncellreq\"><br>"; + $form = "<tr><td valign=\"middle\" class=\"vncellreq\"><br/>"; $form .= gettext("Enable/Disable"); $form .= "<br/></td><td class=\"vncellreq\">"; $form .= " <input type=\"checkbox\" id=\"enabled\" name=\"enabled\" value=\"on\""; if ($this->GetEnabled() == "on") - $form .= " CHECKED"; - $form .= " ><span class=\"vexpl\"> " . gettext("Enable/Disable queue and its children") . "</span>"; + $form .= " checked=\"checked\""; + $form .= " /><span class=\"vexpl\"> " . gettext("Enable/Disable queue and its children") . "</span>"; $form .= "</td></tr>"; $form .= "<tr>"; - $form .= "<td width=\"22%\" valign=\"center\" class=\"vncellreq\">"; + $form .= "<td width=\"22%\" valign=\"middle\" class=\"vncellreq\">"; $form .= gettext("Queue Name") . "</td><td width=\"78%\" class=\"vtable\">"; $form .= "<input name=\"newname\" type=\"text\" id=\"newname\" class=\"formfld unknown\" size=\"15\" maxlength=\"15\" value=\""; $form .= htmlspecialchars($this->GetQname()); - $form .= "\">"; + $form .= "\" />"; $form .= "<input name=\"name\" type=\"hidden\" id=\"name\" class=\"formfld unknown\" size=\"15\" maxlength=\"15\" value=\""; $form .= htmlspecialchars($this->GetQname()); - $form .= "\">"; + $form .= "\" />"; $form .= "<br /> <span class=\"vexpl\">" . gettext("Enter the name of the queue here. Do not use spaces and limit the size to 15 characters."); $form .= "</span><br /></td>"; $form .= "</tr><tr>"; - $form .= "<td width=\"22%\" valign=\"center\" class=\"vncellreq\">" . gettext("Priority") . "</td>"; + $form .= "<td width=\"22%\" valign=\"middle\" class=\"vncellreq\">" . gettext("Priority") . "</td>"; $form .= "<td width=\"78%\" class=\"vtable\"> <input name=\"priority\" type=\"text\" id=\"priority\" size=\"5\" value=\""; $form .= htmlspecialchars($this->GetQpriority()); - $form .= "\">"; - $form .= "<br> <span class=\"vexpl\">" . gettext("For hfsc, the range is 0 to 7. The default is 1. Hfsc queues with a higher priority are preferred in the case of overload.") . "</span></td>"; + $form .= "\" />"; + $form .= "<br/> <span class=\"vexpl\">" . gettext("For hfsc, the range is 0 to 7. The default is 1. Hfsc queues with a higher priority are preferred in the case of overload.") . "</span></td>"; $form .= "</tr>"; $form .= "<tr>"; - $form .= "<td width=\"22%\" valign=\"center\" class=\"vncellreq\">" . gettext("Queue limit") . "</td>"; + $form .= "<td width=\"22%\" valign=\"middle\" class=\"vncellreq\">" . gettext("Queue limit") . "</td>"; $form .= "<td width=\"78%\" class=\"vtable\"> <input name=\"qlimit\" type=\"text\" id=\"qlimit\" size=\"8\" value=\""; $form .= htmlspecialchars($this->GetQlimit()); - $form .= "\">"; - $form .= "<br> <span class=\"vexpl\">" . gettext("Queue limit in packets per second."); - $form .= "</span></td>"; + $form .= "\" />"; + $form .= "<br/> <span class=\"vexpl\">" . gettext("Queue limit in packets per second."); + $form .= "</span></td></tr>"; $form .= "<tr>"; - $form .= "<td width=\"22%\" valign=\"center\" class=\"vncell\">" . gettext("Scheduler options") . "</td>"; + $form .= "<td width=\"22%\" valign=\"middle\" class=\"vncell\">" . gettext("Scheduler options") . "</td>"; $form .= "<td width=\"78%\" class=\"vtable\">"; if (empty($this->subqueues)) { if ($this->GetDefault()) { - $form .= "<input type=\"checkbox\" id=\"default\" CHECKED name=\"default\" value=\"default\""; - $form .= "> " . gettext("Default queue") . "<br>"; + $form .= "<input type=\"checkbox\" id=\"default\" checked=\"checked\" name=\"default\" value=\"default\""; + $form .= " /> " . gettext("Default queue") . "<br/>"; } else { $form .= "<input type=\"checkbox\" id=\"default\" name=\"default\" value=\"default\""; - $form .= "> " . gettext("Default queue") . "<br>"; + $form .= " /> " . gettext("Default queue") . "<br/>"; } } $form .= "<input type=\"checkbox\" id=\"red\" name=\"red\" value=\"red\" "; $tmpvalue = $this->GetRed(); if(!empty($tmpvalue)) - $form .= " CHECKED"; - $form .= "> <a target=\"_new\" href=\"http://www.openbsd.org/faq/pf/queueing.html#red\">" . gettext("Random Early Detection") . "</a><br>"; + $form .= " checked=\"checked\""; + $form .= " /> <a target=\"_new\" href=\"http://www.openbsd.org/faq/pf/queueing.html#red\">" . gettext("Random Early Detection") . "</a><br/>"; $form .= "<input type=\"checkbox\" id=\"rio\" name=\"rio\" value=\"rio\""; $tmpvalue = $this->GetRio(); if(!empty($tmpvalue)) - $form .= " CHECKED"; - $form .= "> <a target=\"_new\" href=\"http://www.openbsd.org/faq/pf/queueing.html#rio\">" . gettext("Random Early Detection In and Out") . "</a><br>"; + $form .= " checked=\"checked\""; + $form .= " /> <a target=\"_new\" href=\"http://www.openbsd.org/faq/pf/queueing.html#rio\">" . gettext("Random Early Detection In and Out") . "</a><br/>"; $form .= "<input type=\"checkbox\" id=\"ecn\" name=\"ecn\" value=\"ecn\""; $tmpvalue = $this->GetEcn(); if(!empty($tmpvalue)) - $form .= " CHECKED"; - $form .= "> <a target=\"_new\" href=\"http://www.openbsd.org/faq/pf/queueing.html#ecn\">" . gettext("Explicit Congestion Notification") . "</a><br>"; - $form .= "<span class=\"vexpl\"><br>" . gettext("Select options for this queue"); - $form .= "</tr><tr>"; + $form .= " checked=\"checked\""; + $form .= " /> <a target=\"_new\" href=\"http://www.openbsd.org/faq/pf/queueing.html#ecn\">" . gettext("Explicit Congestion Notification") . "</a><br/>"; + $form .= "<span class=\"vexpl\"><br/>" . gettext("Select options for this queue"); + $form .= "</span></td></tr><tr>"; $form .= "<td width=\"22%\" class=\"vncellreq\">" . gettext("Description") . "</td>"; $form .= "<td width=\"78%\" class=\"vtable\">"; - $form .= "<input type=\"text\" name=\"description\" size=\"50%\" class=\"formfld unknown\" value=\"" . $this->GetDescription() . "\" >"; + $form .= "<input type=\"text\" name=\"description\" size=\"40\" class=\"formfld unknown\" value=\"" . $this->GetDescription() . "\" />"; $form .= "</td></tr>"; $form .= "<input type=\"hidden\" name=\"interface\" id=\"interface\""; - $form .= " value=\"".$this->GetInterface()."\">"; + $form .= " value=\"".$this->GetInterface()."\" />"; return $form; } @@ -1194,12 +1198,12 @@ class priq_queue { /* XXX: Hacks in site. Mostly layer violations! */ global $g, $altq_list_queues; global $shaperIFlist; - + $altq =& $altq_list_queues[$this->GetInterface()]; if ($altq) $scheduler = ": " . $altq->GetScheduler(); $form = "<tr><td width=\"20%\" class=\"vtable\">"; - $form .= "<a href=\"firewall_shaper.php?interface=" . $this->GetInterface() . "&queue=" . $this->GetQname()."&action=show\">". $shaperIFlist[$this->GetInterface()] .$scheduler."</a>"; + $form .= "<a href=\"firewall_shaper.php?interface=" . $this->GetInterface() . "&queue=" . $this->GetQname()."&action=show\">". $shaperIFlist[$this->GetInterface()] .$scheduler."</a>"; $form .= "</td></tr>"; /* * XXX: Hack in sight maybe fix with a class that wraps all @@ -1209,22 +1213,21 @@ class priq_queue { $form .= "<td width=\"50%\" class=\"vncellreq\">"; $form .= gettext("Bandwidth:") . " " . $this->GetBandwidth().$this->GetBwscale(); $form .= "</td><td width=\"50%\"></td></tr>"; - $form .= "<tr><td width=\"20%\" class=\"vncellreq\">"; $tmpvalue = $this->GetQpriority(); if (!empty($tmpvalue)) - $form .= gettext("Priority: on") . " </td></tr>"; + $form .= "<tr><td width=\"20%\" class=\"vncellreq\">" .gettext("Priority: on") . " </td></tr>"; $tmpvalue = $this->GetDefault(); if (!empty($tmpvalue)) $form .= "<tr><td class=\"vncellreq\">" . gettext("Default: on") . " </td></tr>"; $form .= "<tr><td width=\"20%\" class=\"vncellreq\">"; $form .= "<a href=\"firewall_shaper_queues.php?interface="; - $form .= $this->GetInterface() . "&queue="; - $form .= $this->GetQname() . "&action=delete\">"; + $form .= $this->GetInterface() . "&queue="; + $form .= $this->GetQname() . "&action=delete\">"; $form .= "<img src=\""; $form .= "./themes/".$g['theme']."/images/icons/icon_x.gif\""; - $form .= " width=\"17\" height=\"17\" border=\"0\" title=\"" . gettext("Delete queue from interface") . "\">"; + $form .= " width=\"17\" height=\"17\" border=\"0\" title=\"" . gettext("Delete queue from interface") . "\" alt=\"delete\" />"; $form .= "<span>" . gettext("Delete queue from interface") . "</span></a></td></tr>"; - + return $form; } @@ -1407,7 +1410,7 @@ class hfsc_queue extends priq_queue { array_pop($path); } } - + return $q; } @@ -1539,17 +1542,17 @@ class hfsc_queue extends priq_queue { return $result; } } - + function validate_input($data, &$input_errors) { parent::validate_input($data, $input_errors); - + $reqdfields[] = "bandwidth"; $reqdfieldsn[] = gettext("Bandwidth"); $reqdfields[] = "bandwidthtype"; $reqdfieldsn[] = gettext("Bandwidthtype"); shaper_do_input_validation($data, $reqdfields, $reqdfieldsn, $input_errors); - + if (isset($data['linkshare3']) && $data['linkshare3'] <> "") { if ($data['bandwidth'] && (!is_numeric($data['bandwidth']))) $input_errors[] = gettext("Bandwidth must be an integer."); @@ -1697,7 +1700,7 @@ class hfsc_queue extends priq_queue { } function build_tree() { - $tree = " <li><a href=\"firewall_shaper.php?interface=" . $this->GetInterface() ."&queue=" . $this->GetQname()."&action=show"; + $tree = " <li><a href=\"firewall_shaper.php?interface=" . $this->GetInterface() ."&queue=" . $this->GetQname()."&action=show"; $tree .= "\" "; $tmpvalue = $this->GetDefault(); if (!empty($tmpvalue)) @@ -1722,7 +1725,7 @@ class hfsc_queue extends priq_queue { $pfq_rule .= " on ".get_real_interface($this->GetInterface()); if ($this->GetBandwidth() && $this->GetBwscale()) $pfq_rule .= " bandwidth ".trim($this->GetBandwidth()).$this->GetBwscale(); - + $tmpvalue = $this->GetQlimit(); if (!empty($tmpvalue)) $pfq_rule .= " qlimit " . $this->GetQlimit(); @@ -1733,7 +1736,7 @@ class hfsc_queue extends priq_queue { $comma = 1; $pfq_rule .= " red "; } - + $tmpvalue = $this->GetRio(); if (!empty($tmpvalue)) { if ($comma) @@ -1801,13 +1804,14 @@ class hfsc_queue extends priq_queue { } $pfq_rule .= " \n"; - + return $pfq_rule; } function build_javascript() { $javascript = parent::build_javascript(); $javascript .= "<script type=\"text/javascript\">"; + $javascript .= "//<![CDATA[\n"; $javascript .= "function enable_realtime(enable_over) { \n"; $javascript .= "if (document.iform.realtime.checked || enable_over) { \n"; $javascript .= "document.iform.realtime1.disabled = 0;\n"; @@ -1840,8 +1844,9 @@ class hfsc_queue extends priq_queue { $javascript .= "document.iform.upperlimit2.disabled = 1;\n"; $javascript .= "document.iform.upperlimit3.disabled = 1;\n"; $javascript .= " } \n"; - + $javascript .= "} \n"; + $javascript .= "//]]>"; $javascript .= "</script>"; return $javascript; @@ -1850,102 +1855,102 @@ class hfsc_queue extends priq_queue { function build_form() { $form = parent::build_form(); $form .= "<tr>"; - $form .= "<td valign=\"center\" class=\"vncellreq\">" . gettext("Bandwidth") . "</td>"; + $form .= "<td valign=\"middle\" class=\"vncellreq\">" . gettext("Bandwidth") . "</td>"; $form .= "<td class=\"vtable\"> <input name=\"bandwidth\" id=\"bandwidth\" class=\"formfld unknown\" value=\""; $form .= htmlspecialchars($this->GetBandwidth()); - $form .= "\">"; + $form .= "\" />"; $form .= "<select name=\"bandwidthtype\" id=\"bandwidthtype\" class=\"formselect\">"; $form .= "<option value=\"Gb\""; if ($this->GetBwscale() == "Gb") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">" . gettext("Gbit/s") . "</option>"; $form .= "<option value=\"Mb\""; if ($this->GetBwscale() == "Mb") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">" . gettext("Mbit/s") . "</option>"; $form .= "<option value=\"Kb\""; if ($this->GetBwscale() == "Kb") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">" . gettext("Kbit/s") . "</option>"; $form .= "<option value=\"b\""; if ($this->GetBwscale() == "b") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">" . gettext("Bit/s") . "</option>"; $form .= "<option value=\"%\""; if ($this->GetBwscale() == "%") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">%</option>"; - $form .= "</select> <br>"; + $form .= "</select> <br/>"; $form .= "<span class=\"vexpl\">" . gettext("Choose the amount of bandwidth for this queue"); $form .= "</span></td></tr>"; $form .= "<tr>"; - $form .= "<td width=\"22%\" valign=\"center\" class=\"vncellreq\">" . gettext("Service Curve (sc)") . "</td>"; + $form .= "<td width=\"22%\" valign=\"middle\" class=\"vncellreq\">" . gettext("Service Curve (sc)") . "</td>"; $form .= "<td width=\"78%\" class=\"vtable\">"; $form .= "<table>"; $form .= "<tr><td> </td><td><center>m1</center></td><td><center>d</center></td><td><center><b>m2</b></center></td></tr>"; $form .= "<tr><td><input type=\"checkbox\" id=\"upperlimit\" name=\"upperlimit\""; if($this->GetUpperlimit()<> "") - $form .= " CHECKED "; - $form .= "onChange=\"enable_upperlimit()\"> " . gettext("Upperlimit:") . "</td><td><input size=\"6\" value=\""; + $form .= " checked=\"checked\" "; + $form .= "onchange=\"enable_upperlimit()\" /> " . gettext("Upperlimit:") . "</td><td><input size=\"6\" value=\""; $form .= htmlspecialchars($this->GetU_m1()); $form .= "\" id=\"upperlimit1\" name=\"upperlimit1\" "; if ($this->GetUpperlimit() == "") - $form .= " disabled"; - $form .= "></td><td><input size=\"6\" value=\""; + $form .= " disabled=\"disabled\""; + $form .= " /></td><td><input size=\"6\" value=\""; $form .= htmlspecialchars($this->GetU_d()); $form .= "\" id=\"upperlimi2\" name=\"upperlimit2\" "; if ($this->GetUpperlimit() == "") - $form .= " disabled"; - $form .= "></td><td><input size=\"6\" value=\""; + $form .= " disabled=\"disabled\""; + $form .= " /></td><td><input size=\"6\" value=\""; $form .= htmlspecialchars($this->GetU_m2()); $form .= "\" id=\"upperlimit3\" name=\"upperlimit3\" "; if ($this->GetUpperlimit() == "") - $form .= " disabled"; - $form .= "></td><td>" . gettext("The maximum allowed bandwidth for the queue.") . "</td></tr>"; + $form .= " disabled=\"disabled\""; + $form .= " /></td><td>" . gettext("The maximum allowed bandwidth for the queue.") . "</td></tr>"; $form .= "<tr><td><input type=\"checkbox\" id=\"realtime\" name=\"realtime\""; if($this->GetRealtime() <> "") - $form .= " CHECKED "; - $form .= "onChange=\"enable_realtime()\"> " . gettext("Real time:") . "</td><td><input size=\"6\" value=\""; + $form .= " checked=\"checked\" "; + $form .= "onchange=\"enable_realtime()\" /> " . gettext("Real time:") . "</td><td><input size=\"6\" value=\""; $form .= htmlspecialchars($this->GetR_m1()); $form .= "\" id=\"realtime1\" name=\"realtime1\" "; if ($this->GetRealtime() == "") - $form .= " disabled"; - $form .= "></td><td><input size=\"6\" value=\""; + $form .= " disabled=\"disabled\""; + $form .= " /></td><td><input size=\"6\" value=\""; $form .= htmlspecialchars($this->GetR_d()); $form .= "\" id=\"realtime2\" name=\"realtime2\" "; if ($this->GetRealtime() == "") - $form .= " disabled"; - $form .= "></td><td><input size=\"6\" value=\""; + $form .= " disabled=\"disabled\""; + $form .= " /></td><td><input size=\"6\" value=\""; $form .= htmlspecialchars($this->GetR_m2()); $form .= "\" id=\"realtime3\" name=\"realtime3\" "; if ($this->GetRealtime() == "") - $form .= " disabled"; - $form .= "></td><td>" . gettext("The minimum required bandwidth for the queue.") . "</td></tr>"; - $form .= "<tr><td><input type=\"checkbox\" id=\"linkshare\" id=\"linkshare\" name=\"linkshare\""; + $form .= " disabled=\"disabled\""; + $form .= " /></td><td>" . gettext("The minimum required bandwidth for the queue.") . "</td></tr>"; + $form .= "<tr><td><input type=\"checkbox\" id=\"linkshare\" name=\"linkshare\""; if($this->GetLinkshare() <> "") - $form .= " CHECKED "; - $form .= "onChange=\"enable_linkshare()\"> " . gettext("Link share:") . "</td><td><input size=\"6\" value=\""; + $form .= " checked=\"checked\" "; + $form .= "onchange=\"enable_linkshare()\" /> " . gettext("Link share:") . "</td><td><input size=\"6\" value=\""; $form .= htmlspecialchars($this->GetL_m1()); $form .= "\" id=\"linkshare1\" name=\"linkshare1\" "; if ($this->GetLinkshare() == "") - $form .= " disabled"; - $form .= "></td><td><input size=\"6\" value=\""; + $form .= " disabled=\"disabled\""; + $form .= " /></td><td><input size=\"6\" value=\""; $form .= htmlspecialchars($this->GetL_d()); $form .= "\" id=\"linkshare2\" name=\"linkshare2\" "; if ($this->GetLinkshare() == "") - $form .= " disabled"; - $form .= "></td><td><input size=\"6\" value=\""; + $form .= " disabled=\"disabled\""; + $form .= " /></td><td><input size=\"6\" value=\""; $form .= htmlspecialchars($this->GetL_m2()); $form .= "\" id=\"linkshare3\" name=\"linkshare3\" "; if ($this->GetLinkshare() == "") - $form .= " disabled"; - $form .= "></td><td>" . gettext("The bandwidth share of a backlogged queue - this overrides priority.") . "</td></tr>"; - $form .= "</table><br>"; + $form .= " disabled=\"disabled\""; + $form .= " /></td><td>" . gettext("The bandwidth share of a backlogged queue - this overrides priority.") . "</td></tr>"; + $form .= "</table><br/>"; $form .= gettext("The format for service curve specifications is (m1, d, m2). m2 controls " . "the bandwidth assigned to the queue. m1 and d are optional and can be " . "used to control the initial bandwidth assignment. For the first d milliseconds the queue gets the bandwidth given as m1, afterwards the value " . "given in m2."); - $form .= "</span></td>"; + $form .= "</td>"; $form .= "</tr>"; return $form; @@ -2152,7 +2157,7 @@ class cbq_queue extends priq_queue { } } } - + /* * Should search even its children */ @@ -2185,10 +2190,10 @@ class cbq_queue extends priq_queue { } unset_object_by_reference($this->GetLink()); } - + function validate_input($data, &$input_errors) { parent::validate_input($data, $input_errors); - + if ($data['priority'] > 7) $input_errors[] = gettext("Priority must be an integer between 1 and 7."); $reqdfields[] = "bandwidth"; @@ -2197,7 +2202,7 @@ class cbq_queue extends priq_queue { $reqdfieldsn[] = gettext("Bandwidthtype"); shaper_do_input_validation($data, $reqdfields, $reqdfieldsn, $input_errors); - + if ($data['bandwidth'] && !is_numeric($data['bandwidth'])) $input_errors[] = gettext("Bandwidth must be an integer."); @@ -2232,13 +2237,13 @@ class cbq_queue extends priq_queue { else $this->SetBorrow(""); } - + function build_javascript() { return parent::build_javascript(); } function build_tree() { - $tree = " <li><a href=\"firewall_shaper.php?interface=" . $this->GetInterface()."&queue=" . $this->GetQname()."&action=show"; + $tree = " <li><a href=\"firewall_shaper.php?interface=" . $this->GetInterface()."&queue=" . $this->GetQname()."&action=show"; $tree .= "\" "; $tmpvalue = trim($this->GetDefault()); if (!empty($tmpvalue)) @@ -2254,7 +2259,7 @@ class cbq_queue extends priq_queue { $tree .= "</li>"; return $tree; } - + /* Even this should take children into consideration */ function build_rules(&$default = false) { $pfq_rule = "queue ". $this->qname; @@ -2327,40 +2332,40 @@ class cbq_queue extends priq_queue { function build_form() { $form = parent::build_form(); $form .= "<tr>"; - $form .= "<td valign=\"center\" class=\"vncellreq\">" . gettext("Bandwidth") . "</td>"; + $form .= "<td valign=\"middle\" class=\"vncellreq\">" . gettext("Bandwidth") . "</td>"; $form .= "<td class=\"vtable\"> <input name=\"bandwidth\" id=\"bandwidth\" class=\"formfld unknown\" value=\""; if ($this->GetBandwidth() > 0) $form .= htmlspecialchars($this->GetBandwidth()); - $form .= "\">"; + $form .= "\" />"; $form .= "<select name=\"bandwidthtype\" id=\"bandwidthtype\" class=\"formselect\">"; $form .= "<option value=\"Gb\""; if ($this->GetBwscale() == "Gb") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">" . gettext("Gbit/s") . "</option>"; $form .= "<option value=\"Mb\""; if ($this->GetBwscale() == "Mb") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">" . gettext("Mbit/s") . "</option>"; $form .= "<option value=\"Kb\""; if ($this->GetBwscale() == "Kb") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">" . gettext("Kbit/s") . "</option>"; $form .= "<option value=\"b\""; if ($this->GetBwscale() == "b") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">" . gettext("Bit/s") . "</option>"; $form .= "<option value=\"%\""; if ($this->GetBwscale() == "%") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">%</option>"; - $form .= "</select> <br>"; + $form .= "</select> <br/>"; $form .= "<span class=\"vexpl\">" . gettext("Choose the amount of bandwidth for this queue"); $form .= "</span></td></tr>"; $form .= "<tr><td class=\"vncellreq\">" . gettext("Scheduler specific options") . "</td>"; $form .= "<td class=\"vtable\"><input type=\"checkbox\" id=\"borrow\" name=\"borrow\""; if($this->GetBorrow() == "on") - $form .= " CHECKED "; - $form .= "> " . gettext("Borrow from other queues when available") . "<br></td></tr>"; + $form .= " checked=\"checked\" "; + $form .= " /> " . gettext("Borrow from other queues when available") . "<br/></td></tr>"; return $form; } @@ -2444,7 +2449,7 @@ class fairq_queue extends priq_queue { $cflink['buckets'] = $this->GetBuckets(); $cflink['hogs'] = $this->GetHogs(); } - + /* * Should search even its children */ @@ -2460,10 +2465,10 @@ class fairq_queue extends priq_queue { cleanup_queue_from_rules($this->GetQname()); unset_object_by_reference($this->GetLink()); } - + function validate_input($data, &$input_errors) { parent::validate_input($data, $input_errors); - + if ($data['priority'] > 255) $input_errors[] = gettext("Priority must be an integer between 1 and 255."); $reqdfields[] = "bandwidth"; @@ -2472,7 +2477,7 @@ class fairq_queue extends priq_queue { $reqdfieldsn[] = gettext("Bandwidthtype"); shaper_do_input_validation($data, $reqdfields, $reqdfieldsn, $input_errors); - + if ($data['bandwidth'] && !is_numeric($data['bandwidth'])) $input_errors[] = gettext("Bandwidth must be an integer."); @@ -2499,7 +2504,7 @@ class fairq_queue extends priq_queue { $input_errors[] = "The sum of children bandwidth exceeds that of the parent."; */ } - + function ReadConfig(&$q) { parent::ReadConfig($q); if (!empty($q['buckets'])) @@ -2511,14 +2516,14 @@ class fairq_queue extends priq_queue { else $this->SetHogs(""); } - + function build_javascript() { return parent::build_javascript(); } function build_tree() { $tree = " <li><a href=\"firewall_shaper.php?interface=" . - $this->GetInterface()."&queue=" . $this->GetQname()."&action=show"; + $this->GetInterface()."&queue=" . $this->GetQname()."&action=show"; $tree .= "\" "; $tmpvalue = trim($this->GetDefault()); if (!empty($tmpvalue)) @@ -2527,7 +2532,7 @@ class fairq_queue extends priq_queue { $tree .= "</li>"; return $tree; } - + /* Even this should take children into consideration */ function build_rules(&$default = false) { $pfq_rule = "queue ". $this->qname; @@ -2593,33 +2598,33 @@ class fairq_queue extends priq_queue { function build_form() { $form = parent::build_form(); $form .= "<tr>"; - $form .= "<td valign=\"center\" class=\"vncellreq\">" . gettext("Bandwidth") . "</td>"; + $form .= "<td valign=\"middle\" class=\"vncellreq\">" . gettext("Bandwidth") . "</td>"; $form .= "<td class=\"vtable\"> <input name=\"bandwidth\" id=\"bandwidth\" class=\"formfld unknown\" value=\""; if ($this->GetBandwidth() > 0) $form .= htmlspecialchars($this->GetBandwidth()); - $form .= "\">"; + $form .= "\" />"; $form .= "<select name=\"bandwidthtype\" id=\"bandwidthtype\" class=\"formselect\">"; $form .= "<option value=\"Gb\""; if ($this->GetBwscale() == "Gb") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">" . gettext("Gbit/s") . "</option>"; $form .= "<option value=\"Mb\""; if ($this->GetBwscale() == "Mb") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">" . gettext("Mbit/s") . "</option>"; $form .= "<option value=\"Kb\""; if ($this->GetBwscale() == "Kb") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">" . gettext("Kbit/s") . "</option>"; $form .= "<option value=\"b\""; if ($this->GetBwscale() == "b") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">" . gettext("Bit/s") . "</option>"; $form .= "<option value=\"%\""; if ($this->GetBwscale() == "%") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">%</option>"; - $form .= "</select> <br>"; + $form .= "</select> <br/>"; $form .= "<span class=\"vexpl\">" . gettext("Choose the amount of bandwidth for this queue"); $form .= "</span></td></tr>"; $form .= "<tr><td class=\"vncellreq\">" . gettext("Scheduler specific options") . "</td>"; @@ -2628,12 +2633,12 @@ class fairq_queue extends priq_queue { $tmpvalue = trim($this->GetBuckets()); if(!empty($tmpvalue)) $form .= $this->GetBuckets(); - $form .= "\"> " . gettext("Number of buckets available.") . "<br></td></tr>"; + $form .= "\" /> " . gettext("Number of buckets available.") . "<br/></td></tr>"; $form .= "<tr><td class=\"vtable\"><input id=\"hogs\" name=\"hogs\" value=\""; $tmpvalue = trim($this->GetHogs()); if(!empty($tmpvalue)) $form .= $this->GetHogs(); - $form .= "\"> " . gettext("Bandwidth limit for hosts to not saturate link.") . "<br></td></tr>"; + $form .= "\" /> " . gettext("Bandwidth limit for hosts to not saturate link.") . "<br/></td></tr>"; $form .= "</table></td></tr>"; return $form; } @@ -2792,7 +2797,7 @@ class dummynet_class { $reqdfieldsn[] = gettext("Bandwidthtype"); $reqdfields[] = "newname"; $reqdfieldsn[] = gettext("Name"); - + shaper_do_input_validation($data, $reqdfields, $reqdfieldsn, $input_errors); if ($data['plr'] && ((!is_numeric($data['plr'])) || @@ -2845,7 +2850,7 @@ class dnpipe_class extends dummynet_class { if (!is_array($this->subqueues)) $this->subqueues = array(); - + $q =& new dnqueue_class(); $q->SetLink($path); $q->SetEnabled("on"); @@ -2874,7 +2879,7 @@ class dnpipe_class extends dummynet_class { } return $qlist; } - + /* * Should search even its children */ @@ -2979,7 +2984,7 @@ class dnpipe_class extends dummynet_class { } function build_tree() { - $tree = " <li><a href=\"firewall_shaper_vinterface.php?pipe=" . $this->GetQname() ."&queue=".$this->GetQname() ."&action=show\">"; + $tree = " <li><a href=\"firewall_shaper_vinterface.php?pipe=" . $this->GetQname() ."&queue=".$this->GetQname() ."&action=show\">"; $tree .= $this->GetQname() . "</a>"; if (is_array($this->subqueues)) { $tree .= "<ul>"; @@ -2989,7 +2994,7 @@ class dnpipe_class extends dummynet_class { $tree .= "</ul>"; } $tree .= "</li>"; - + return $tree; } @@ -3086,7 +3091,8 @@ class dnpipe_class extends dummynet_class { $bwopt .= "<option value='{$bwidx}'>{$bw}</option>"; $javasr = <<<EOD -<script text='type/javascript'> +<script type='text/javascript'> +//<![CDATA[ var addBwRowTo = (function() { return (function (tableId) { var d, tbody, tr, td; @@ -3094,17 +3100,17 @@ var addBwRowTo = (function() { tbody = d.getElementById(tableId).getElementsByTagName("tbody").item(0); tr = d.createElement("tr"); td = d.createElement("td"); - td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='bandwidth_row-" + totalrows + "'></input><input size='10' type='text' class='formfld unknown' name='bandwidth" + totalrows + "' id='bandwidth" + totalrows + "'></input> "; + td.innerHTML="<input type='hidden' value='" + totalrows +"' name='bandwidth_row-" + totalrows + "' /><input size='10' type='text' class='formfld unknown' name='bandwidth" + totalrows + "' id='bandwidth" + totalrows + "' />"; tr.appendChild(td); td = d.createElement("td"); - td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='bwtype_row-" + totalrows + "'></input><select class='formselect' name='bwtype" + totalrows + "'>{$bwopt}</select>"; + td.innerHTML="<input type='hidden' value='" + totalrows +"' name='bwtype_row-" + totalrows + "' /><select class='formselect' name='bwtype" + totalrows + "'>{$bwopt}</select>"; tr.appendChild(td); td = d.createElement("td"); - td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='bwsched_row-" + totalrows + "'></input><select class='formselect' name='bwsched" + totalrows + "'>{$schedules}</select>"; + td.innerHTML="<input type='hidden' value='" + totalrows +"' name='bwsched_row-" + totalrows + "' /><select class='formselect' name='bwsched" + totalrows + "'>{$schedules}</select>"; tr.appendChild(td); td = d.createElement("td"); td.rowSpan = "1"; - td.innerHTML = '<a onclick="removeBwRow(this); return false;" href="#"><img border="0" src="/themes/{$g['theme']}/images/icons/icon_x.gif" /></a>'; + td.innerHTML = '<a onclick="removeBwRow(this); return false;" href="#"><img border="0" src="/themes/{$g['theme']}/images/icons/icon_x.gif" alt="remove" /></a>'; tr.appendChild(td); tbody.appendChild(tr); totalrows++; @@ -3120,6 +3126,7 @@ function removeBwRow(el) { el.parentNode.removeChild(el); } } +//]]> </script> EOD; @@ -3140,26 +3147,26 @@ EOD; } } - $form = "<tr><td valign=\"center\" class=\"vncellreq\"><br>"; + $form = "<tr><td valign=\"middle\" class=\"vncellreq\"><br/>"; $form .= gettext("Enable"); $form .= "</td><td class=\"vncellreq\">"; $form .= " <input type=\"checkbox\" id=\"enabled\" name=\"enabled\" value=\"on\""; if ($this->GetEnabled() == "on") - $form .= " CHECKED"; - $form .= " ><span class=\"vexpl\"> " . gettext("Enable limiter and its children") . "</span>"; + $form .= " checked=\"checked\""; + $form .= " /><span class=\"vexpl\"> " . gettext("Enable limiter and its children") . "</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"center\" class=\"vncellreq\"><br><span class=\"vexpl\">" . gettext("Name") . "</span></td>"; + $form .= "<tr><td valign=\"middle\" class=\"vncellreq\"><br/><span class=\"vexpl\">" . gettext("Name") . "</span></td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"newname\" name=\"newname\" value=\""; - $form .= $this->GetQname()."\">"; + $form .= $this->GetQname()."\" />"; $form .= "<input type=\"hidden\" id=\"name\" name=\"name\" value=\""; - $form .= $this->GetQname()."\">"; + $form .= $this->GetQname()."\" />"; if ($this->GetNumber() > 0) { $form .= "<input type=\"hidden\" id=\"number\" name=\"number\" value=\""; - $form .= $this->GetNumber()."\">"; + $form .= $this->GetNumber()."\" />"; } $form .= "</td></tr>"; - $form .= "<tr><td valign=\"center\" class=\"vncellreq\">" . gettext("Bandwidth"); + $form .= "<tr><td valign=\"middle\" class=\"vncellreq\">" . gettext("Bandwidth"); $bandwidth = $this->GetBandwidth(); $form .= "</td><td class=\"vncellreq\">"; $form .= "<table id='maintable'>"; @@ -3172,13 +3179,13 @@ EOD; if (is_array($bandwidth)) { foreach ($bandwidth as $bwidx => $bw) { $form .= "\n<tr><td width='40%'>"; - $form .= "<input class='formfld unknown' size='10' type=\"text\" id=\"bandwidth{$bwidx}\" name=\"bandwidth{$bwidx}\" value=\"{$bw['bw']}\">"; + $form .= "<input class='formfld unknown' size='10' type=\"text\" id=\"bandwidth{$bwidx}\" name=\"bandwidth{$bwidx}\" value=\"{$bw['bw']}\" />"; $form .= "</td><td width='20%'>"; $form .= "<select id=\"bwtype{$bwidx}\" name=\"bwtype{$bwidx}\" class=\"formselect\">"; foreach (array("Kb" => "Kbit/s", "Mb" => "Mbit/s", "Gb" => "Gbit/s", "b" => "Bit/s") as $bwsidx => $bwscale) { $form .= "<option value=\"{$bwsidx}\""; if ($bw['bwscale'] == $bwsidx) - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">{$bwscale}</option>"; } $form .= "</select>"; @@ -3187,97 +3194,97 @@ EOD; foreach ($schedules as $schd) { $selected = ""; if ($bw['bwsched'] == $schd) - $selected = "selected"; + $selected = "selected=\"selected\""; $form .= "<option value='{$schd}' {$selected}>{$schd}</option>"; } $form .= "</select>"; $form .= "</td><td width='5%' >"; - $form .= "<a onclick=\"removeBwRow(this); return false;\" href='#'><img border='0' src='/themes/{$g['theme']}/images/icons/icon_x.gif' /></a>"; + $form .= "<a onclick=\"removeBwRow(this); return false;\" href='#'><img border='0' src='/themes/{$g['theme']}/images/icons/icon_x.gif' alt='remove' /></a>"; $form .= "</td></tr>"; } } $form .= "</tbody></table>"; $form .= "<a onclick=\"javascript:addBwRowTo('maintable'); return false;\" href='#'>"; - $form .= "<img border='0' src='/themes/{$g['theme']}/images/icons/icon_plus.gif' alt='' title='" . gettext("add another schedule") . "' /></a>"; + $form .= "<img border='0' src='/themes/{$g['theme']}/images/icons/icon_plus.gif' alt='add' title='" . gettext("add another schedule") . "' /></a>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"center\" class=\"vncellreq\">" . gettext("Mask") . "</td>"; + $form .= "<tr><td valign=\"middle\" class=\"vncellreq\">" . gettext("Mask") . "</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<select name=\"mask\" class=\"formselect\">"; $form .= "<option value=\"none\""; if ($this->GetMask() == "none") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">none</option>"; $form .= "<option value=\"srcaddress\""; if ($this->GetMask() == "srcaddress") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">" . gettext("Source addresses") . "</option>"; $form .= "<option value=\"dstaddress\""; if ($this->GetMask() == "dstaddress") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">" . gettext("Destination addresses") . "</option>"; $form .= "</select>"; - $form .= " <br>"; + $form .= " <br/>"; $form .= "<span class=\"vexpl\">" . gettext("If 'source' or 'destination' is chosen, \n" . "a dynamic pipe with the bandwidth, delay, packet loss and queue size given above will \n" . "be created for each source/destination IP address encountered, \n" . "respectively. This makes it possible to easily specify bandwidth \n" . "limits per host.") . "</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"center\" class=\"vncellreq\">" . gettext("Description") . "</td>"; + $form .= "<tr><td valign=\"middle\" class=\"vncellreq\">" . gettext("Description") . "</td>"; $form .= "<td class=\"vncellreq\">"; - $form .= "<input type=\"text\" class=\"formfld unknown\" size=\"50%\" id=\"description\" name=\"description\" value=\""; + $form .= "<input type=\"text\" class=\"formfld unknown\" size=\"40\" id=\"description\" name=\"description\" value=\""; $form .= $this->GetDescription(); - $form .= "\">"; - $form .= "<br> <span class=\"vexpl\">"; + $form .= "\" />"; + $form .= "<br/> <span class=\"vexpl\">"; $form .= gettext("You may enter a description here for your reference (not parsed).") . "</span>"; $form .= "</td></tr>"; - $form .= "<tr id=\"sprtable4\" name=\"sprtable4\">"; + $form .= "<tr id=\"sprtable4\">"; $form .= "<td></td>"; $form .= "<td><div id=\"showadvancedboxspr\">"; - $form .= "<p><input type=\"button\" onClick=\"show_source_port_range()\""; - $form .= " value=\"" . gettext("Show advanced options") . "\"></input></a>"; - $form .= "</div></td></tr>"; - $form .= "<tr style=\"display:none\" id=\"sprtable\" name=\"sprtable\">"; + $form .= "<p><input type=\"button\" onclick=\"show_source_port_range()\""; + $form .= " value=\"" . gettext("Show advanced options") . "\" />"; + $form .= "</p></div></td></tr>"; + $form .= "<tr style=\"display:none\" id=\"sprtable\">"; - $form .= "<td valign=\"center\" class=\"vncellreq\">" . gettext("Delay") . "</td>"; - $form .= "<td valign=\"center\" class=\"vncellreq\">"; + $form .= "<td valign=\"middle\" class=\"vncellreq\">" . gettext("Delay") . "</td>"; + $form .= "<td valign=\"middle\" class=\"vncellreq\">"; $form .= "<input name=\"delay\" type=\"text\" id=\"delay\" size=\"5\" value=\""; - $form .= $this->GetDelay() . "\">"; - $form .= " ms<br> <span class=\"vexpl\">" . gettext("Hint: in most cases, you " - . "should specify 0 here (or leave the field empty)") . "</span>"; - $form .= "</td></tr><br/>"; - $form .= "<tr style=\"display:none\" id=\"sprtable1\" name=\"sprtable1\">"; - $form .= "<td valign=\"center\" class=\"vncellreq\">" . gettext("Packet loss rate") . "</td>"; - $form .= "<td valign=\"center\" class=\"vncellreq\">"; + $form .= $this->GetDelay() . "\" />"; + $form .= " ms<br/> <span class=\"vexpl\">" . gettext("Hint: in most cases, you " + . "should specify 0 here (or leave the field empty)") . "</span><br/>"; + $form .= "</td></tr>"; + $form .= "<tr style=\"display:none\" id=\"sprtable1\">"; + $form .= "<td valign=\"middle\" class=\"vncellreq\">" . gettext("Packet loss rate") . "</td>"; + $form .= "<td valign=\"middle\" class=\"vncellreq\">"; $form .= "<input name=\"plr\" type=\"text\" id=\"plr\" size=\"5\" value=\""; - $form .= $this->GetPlr() . "\">"; - $form .= " <br> <span class=\"vexpl\">" . gettext("Hint: in most cases, you " + $form .= $this->GetPlr() . "\" />"; + $form .= " <br/> <span class=\"vexpl\">" . gettext("Hint: in most cases, you " . "should specify 0 here (or leave the field empty). " . "A value of 0.001 means one packet in 1000 gets dropped") . "</span>"; $form .= "</td></tr>"; - $form .= "<tr style=\"display:none\" id=\"sprtable2\" name=\"sprtable2\">"; - $form .= "<td valign=\"center\" class=\"vncellreq\">" . gettext("Queue Size") . "</td>"; + $form .= "<tr style=\"display:none\" id=\"sprtable2\">"; + $form .= "<td valign=\"middle\" class=\"vncellreq\">" . gettext("Queue Size") . "</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"qlimit\" name=\"qlimit\" value=\""; - $form .= $this->GetQlimit() . "\">"; - $form .= " slots<br>"; + $form .= $this->GetQlimit() . "\" />"; + $form .= " slots<br/>"; $form .= "<span class=\"vexpl\">" . gettext("Hint: in most cases, you " . "should leave the field empty. All packets in this pipe are placed into a fixed-size queue first, " . "then they are delayed by value specified in the Delay field, and then they " . "are delivered to their destination.") . "</span>"; $form .= "</td></tr>"; - $form .= "<tr style=\"display:none\" id=\"sprtable5\" name=\"sprtable5\">"; - $form .= "<td valign=\"center\" class=\"vncellreq\">" . gettext("Bucket Size") . "</td>"; + $form .= "<tr style=\"display:none\" id=\"sprtable5\">"; + $form .= "<td valign=\"middle\" class=\"vncellreq\">" . gettext("Bucket Size") . "</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"buckets\" name=\"buckets\" value=\""; - $form .= $this->GetBuckets() . "\">"; - $form .= " slots<br>"; + $form .= $this->GetBuckets() . "\" />"; + $form .= " slots<br/>"; $form .= "<span class=\"vexpl\">" . gettext("Hint: in most cases, you " . "should leave the field empty. It increases the hash size set."); - $form .= "</td></tr>"; + $form .= "</span></td></tr>"; return $form; - + } function wconfig() { @@ -3390,10 +3397,10 @@ class dnqueue_class extends dummynet_class { function build_tree() { $parent =& $this->GetParent(); - $tree = " <li><a href=\"firewall_shaper_vinterface.php?pipe=" . $parent->GetQname() ."&queue=" . $this->GetQname() ."&action=show\">"; + $tree = " <li><a href=\"firewall_shaper_vinterface.php?pipe=" . $parent->GetQname() ."&queue=" . $this->GetQname() ."&action=show\">"; $tree .= $this->GetQname() . "</a>"; $tree .= "</li>"; - + return $tree; } @@ -3429,105 +3436,105 @@ class dnqueue_class extends dummynet_class { } function build_form() { - $form = "<tr><td valign=\"center\" class=\"vncellreq\"><br>"; + $form = "<tr><td valign=\"middle\" class=\"vncellreq\"><br/>"; $form .= gettext("Enable/Disable"); $form .= "</td><td class=\"vncellreq\">"; $form .= " <input type=\"checkbox\" id=\"enabled\" name=\"enabled\" value=\"on\""; if ($this->GetEnabled() == "on") - $form .= " CHECKED"; - $form .= " ><span class=\"vexpl\"> " . gettext("Enable/Disable queue") . "</span>"; + $form .= " checked=\"checked\""; + $form .= " /><span class=\"vexpl\"> " . gettext("Enable/Disable queue") . "</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"center\" class=\"vncellreq\"><br><span class=\"vexpl\">" . gettext("Name") . "</span></td>"; + $form .= "<tr><td valign=\"middle\" class=\"vncellreq\"><br/><span class=\"vexpl\">" . gettext("Name") . "</span></td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"newname\" name=\"newname\" value=\""; - $form .= $this->GetQname()."\">"; + $form .= $this->GetQname()."\" />"; $form .= "<input type=\"hidden\" id=\"name\" name=\"name\" value=\""; - $form .= $this->GetQname()."\">"; + $form .= $this->GetQname()."\" />"; if ($this->GetNumber() > 0) { $form .= "<input type=\"hidden\" id=\"number\" name=\"number\" value=\""; - $form .= $this->GetNumber()."\">"; + $form .= $this->GetNumber()."\" />"; } $form .= "</td></tr>"; - $form .= "<tr><td valign=\"center\" class=\"vncellreq\">" . gettext("Mask") . "</td>"; + $form .= "<tr><td valign=\"middle\" class=\"vncellreq\">" . gettext("Mask") . "</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<select name=\"mask\" class=\"formselect\">"; $form .= "<option value=\"none\""; if ($this->GetMask() == "none") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">" . gettext("none") . "</option>"; $form .= "<option value=\"srcaddress\""; if ($this->GetMask() == "srcaddress") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">" . gettext("Source addresses") . "</option>"; $form .= "<option value=\"dstaddress\""; if ($this->GetMask() == "dstaddress") - $form .= " selected=\"yes\""; + $form .= " selected=\"selected\""; $form .= ">" . gettext("Destination addresses") . "</option>"; $form .= "</select>"; - $form .= " slots<br>"; + $form .= " slots<br/>"; $form .= "<span class=\"vexpl\">" . gettext("If 'source' or 'destination' is chosen, \n" . "a dynamic pipe with the bandwidth, delay, packet loss and queue size given above will \n" . "be created for each source/destination IP address encountered, \n" . "respectively. This makes it possible to easily specify bandwidth \n" . "limits per host.") . "</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"center\" class=\"vncellreq\">Description</td>"; + $form .= "<tr><td valign=\"middle\" class=\"vncellreq\">" . gettext("Description") . "</td>"; $form .= "<td class=\"vncellreq\">"; - $form .= "<input type=\"text\" id=\"description\" class=\"formfld unknown\" size=\"50%\" name=\"description\" value=\""; + $form .= "<input type=\"text\" id=\"description\" class=\"formfld unknown\" size=\"40\" name=\"description\" value=\""; $form .= $this->GetDescription(); - $form .= "\">"; - $form .= "<br> <span class=\"vexpl\">"; + $form .= "\" />"; + $form .= "<br/> <span class=\"vexpl\">"; $form .= gettext("You may enter a description here for your reference (not parsed).") . "</span>"; $form .= "</td></tr>"; - $form .= "<tr id=\"sprtable4\" name=\"sprtable4\">"; + $form .= "<tr id=\"sprtable4\">"; $form .= "<td></td>"; $form .= "<td><div id=\"showadvancedboxspr\">"; - $form .= "<p><input type=\"button\" onClick=\"show_source_port_range()\""; - $form .= " value=\"" . gettext("Show advanced options") . "\"></input></a>"; - $form .= "</div></td></tr>"; - $form .= "<tr style=\"display:none\" id=\"sprtable\" name=\"sprtable\">"; - $form .= "<td valign=\"center\" class=\"vncellreq\">" . gettext("Weight") . "</td>"; - $form .= "<td valign=\"center\" class=\"vncellreq\">"; + $form .= "<p><input type=\"button\" onclick=\"show_source_port_range()\""; + $form .= " value=\"" . gettext("Show advanced options") . "\" />"; + $form .= "</p></div></td></tr>"; + $form .= "<tr style=\"display:none\" id=\"sprtable\">"; + $form .= "<td valign=\"middle\" class=\"vncellreq\">" . gettext("Weight") . "</td>"; + $form .= "<td valign=\"middle\" class=\"vncellreq\">"; $form .= "<input name=\"weight\" type=\"text\" id=\"weight\" size=\"5\" value=\""; - $form .= $this->GetWeight() . "\">"; - $form .= " <br> <span class=\"vexpl\">" . gettext("Hint: For queues under the same parent " + $form .= $this->GetWeight() . "\" />"; + $form .= " <br/> <span class=\"vexpl\">" . gettext("Hint: For queues under the same parent " . "this specifies the share that a queue gets(values range from 1 to 100, you can leave it blank otherwise)") . "</span>"; $form .= "</td></tr>"; - $form .= "<tr style=\"display:none\" id=\"sprtable1\" name=\"sprtable1\">"; - $form .= "<td valign=\"center\" class=\"vncellreq\">" . gettext("Packet loss rate") . "</td>"; - $form .= "<td valign=\"center\" class=\"vncellreq\">"; + $form .= "<tr style=\"display:none\" id=\"sprtable1\">"; + $form .= "<td valign=\"middle\" class=\"vncellreq\">" . gettext("Packet loss rate") . "</td>"; + $form .= "<td valign=\"middle\" class=\"vncellreq\">"; $form .= "<input name=\"plr\" type=\"text\" id=\"plr\" size=\"5\" value=\""; - $form .= $this->GetPlr() . "\">"; - $form .= " <br> <span class=\"vexpl\">" . gettext("Hint: in most cases, you " + $form .= $this->GetPlr() . "\" />"; + $form .= " <br/> <span class=\"vexpl\">" . gettext("Hint: in most cases, you " . "should specify 0 here (or leave the field empty). " . "A value of 0.001 means one packet in 1000 gets dropped") . "</span>"; $form .= "</td></tr>"; - $form .= "<tr style=\"display:none\" id=\"sprtable2\" name=\"sprtable2\">"; - $form .= "<td valign=\"center\" class=\"vncellreq\">" . gettext("Queue Size") . "</td>"; + $form .= "<tr style=\"display:none\" id=\"sprtable2\">"; + $form .= "<td valign=\"middle\" class=\"vncellreq\">" . gettext("Queue Size") . "</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"qlimit\" name=\"qlimit\" value=\""; - $form .= $this->GetQlimit() . "\">"; - $form .= " slots<br>"; + $form .= $this->GetQlimit() . "\" />"; + $form .= " slots<br/>"; $form .= "<span class=\"vexpl\">" . gettext("Hint: in most cases, you " . "should leave the field empty. All packets in this pipe are placed into a fixed-size queue first, " . "then they are delayed by value specified in the Delay field, and then they " . "are delivered to their destination.") . "</span>"; $form .= "</td></tr>"; - $form .= "<tr style=\"display:none\" id=\"sprtable5\" name=\"sprtable5\">"; - $form .= "<td valign=\"center\" class=\"vncellreq\">" . gettext("Bucket Size") . "</td>"; + $form .= "<tr style=\"display:none\" id=\"sprtable5\">"; + $form .= "<td valign=\"middle\" class=\"vncellreq\">" . gettext("Bucket Size") . "</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"buckets\" name=\"buckets\" value=\""; - $form .= $this->GetBuckets() . "\">"; - $form .= " " . gettext("slots") . "<br>"; + $form .= $this->GetBuckets() . "\" />"; + $form .= " " . gettext("slots") . "<br/>"; $form .= "<span class=\"vexpl\">" . gettext("Hint: in most cases, you " . "should leave the field empty. It increases the hash size set."); - $form .= "</td></tr>"; + $form .= "</span></td></tr>"; $form .= "<input type=\"hidden\" id=\"pipe\" name=\"pipe\""; - $form .= " value=\"" . $this->GetPipe() . "\">"; + $form .= " value=\"" . $this->GetPipe() . "\" />"; return $form; - + } function update_dn_data(&$data) { @@ -3644,44 +3651,44 @@ class layer7 { //Helps building the left tree function build_tree() { - $tree = " <li><a href=\"firewall_shaper_layer7.php?container=" . $this->GetRName() ."&action=show\">"; + $tree = " <li><a href=\"firewall_shaper_layer7.php?container=" . $this->GetRName() ."&action=show\">"; $tree .= $this->GetRName() . "</a>"; $tree .= "</li>"; - + return $tree; } function build_form() { - $form = "<tr><td valign=\"center\" class=\"vncellreq\"><br>"; + $form = "<tr><td valign=\"middle\" class=\"vncellreq\"><br/>"; $form .= gettext("Enable/Disable"); $form .= "</td><td class=\"vncellreq\">"; $form .= " <input type=\"checkbox\" id=\"enabled\" name=\"enabled\" value=\"on\" "; if ($this->GetREnabled() == "on") { - $form .= "checked = \"CHECKED\""; + $form .= "checked=\"checked\""; } - $form .= " ><span class=\"vexpl\"> " . gettext("Enable/Disable layer7 Container") . "</span>"; + $form .= " /><span class=\"vexpl\"> " . gettext("Enable/Disable layer7 Container") . "</span>"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"center\" class=\"vncellreq\"><br><span class=\"vexpl\">" . gettext("Name") . "</span></td>"; + $form .= "<tr><td valign=\"middle\" class=\"vncellreq\"><br/><span class=\"vexpl\">" . gettext("Name") . "</span></td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"container\" name=\"container\" value=\""; - $form .= $this->GetRName()."\">"; + $form .= $this->GetRName()."\" />"; $form .= "</td></tr>"; - $form .= "<tr><td valign=\"center\" class=\"vncellreq\">" . gettext("Description") . "</td>"; + $form .= "<tr><td valign=\"middle\" class=\"vncellreq\">" . gettext("Description") . "</td>"; $form .= "<td class=\"vncellreq\">"; - $form .= "<input type=\"text\" class=\"formfld unknown\" size=\"50%\" id=\"description\" name=\"description\" value=\""; + $form .= "<input type=\"text\" class=\"formfld unknown\" size=\"40\" id=\"description\" name=\"description\" value=\""; $form .= $this->GetRDescription(); - $form .= "\">"; - $form .= "<br> <span class=\"vexpl\">"; + $form .= "\" />"; + $form .= "<br/> <span class=\"vexpl\">"; $form .= gettext("You may enter a description here for your reference (not parsed).") . "</span>"; $form .= "</td></tr>"; - + return $form; } //Write the setting to the $config array function wconfig() { global $config; - + if(!is_array($config['l7shaper']['container'])) { $config['l7shaper']['container'] = array(); } @@ -3700,9 +3707,9 @@ class layer7 { if(is_array($cflink['rules'])) { unset($cflink['l7rules']); } - + $cflink['l7rules'] = array(); - + $i = 0; foreach($this->rsets as $rulel7) { $cflink['l7rules'][$i]['protocol'] = $rulel7->GetRProtocol(); @@ -3734,7 +3741,7 @@ class layer7 { function validate_input($data, &$input_errors) { $reqdfields[] = "container"; $reqdfieldsn[] = gettext("Name"); - + shaper_do_input_validation($data, $reqdfields, $reqdfieldsn, $input_errors); if (!preg_match("/^[a-zA-Z0-9_-]+$/", $data['container'])) @@ -3820,9 +3827,9 @@ function get_divert_ports() { function &get_l7c_reference_to_me_in_config(&$name) { global $config; - + $ptr = NULL; - + if(is_array($config['l7shaper']['container'])) { foreach($config['l7shaper']['container'] as $key => $value) { if($value['name'] == $name) @@ -3936,13 +3943,13 @@ function generate_protocols_array() { function get_l7_unique_list() { global $layer7_rules_list; - + $l7list = array(); if(is_array($layer7_rules_list)) foreach($layer7_rules_list as $l7c) if($l7c->GetREnabled()) $l7list[] = $l7c->GetRName(); - + return $l7list; } @@ -3958,15 +3965,15 @@ function cleanup_l7_from_rules(&$name) { } function get_dummynet_name_list() { - + $dn_name_list =& get_unique_dnqueue_list(); $dn_name = array(); if(is_array($dn_name_list)) foreach($dn_name_list as $key => $value) $dn_name[] = $key; - + return $dn_name; - + } function get_altq_name_list() { @@ -3975,7 +3982,7 @@ function get_altq_name_list() { if(is_array($altq_name_list)) foreach($altq_name_list as $key => $aqobj) $altq_name[] = $key; - + return $altq_name; } @@ -4009,13 +4016,13 @@ function altq_check_default_queues() { } } else $count++;; - + return 0; } function &get_unique_queue_list() { global $altq_list_queues; - + $qlist = array(); if (is_array($altq_list_queues)) { foreach ($altq_list_queues as $altq) { @@ -4033,7 +4040,7 @@ function &get_unique_queue_list() { function &get_unique_dnqueue_list() { global $dummynet_pipe_list; - + $qlist = array(); if (is_array($dummynet_pipe_list)) { foreach ($dummynet_pipe_list as $dn) { @@ -4066,7 +4073,7 @@ function unref_on_altq_queue_list($qname) { function read_altq_config() { global $altq_list_queues, $config; $path = array(); - + if (!is_array($config['shaper'])) $config['shaper'] = array(); if (!is_array($config['shaper']['queue'])) @@ -4074,7 +4081,7 @@ function read_altq_config() { $a_int = &$config['shaper']['queue']; $altq_list_queues = array(); - + if (!is_array($config['shaper']['queue'])) return; @@ -4112,7 +4119,7 @@ function read_dummynet_config() { $a_int = &$config['dnshaper']['queue']; $dummynet_pipe_list = array(); - + if (!is_array($config['dnshaper']['queue']) || !count($config['dnshaper']['queue'])) return; @@ -4151,16 +4158,16 @@ function get_interface_list_to_show() { } else { if (!is_altq_capable(get_real_interface($shif))) continue; - $tree .= " <li><a href=\"firewall_shaper.php?interface=".$shif."&action=add\">".$shDescr."</a></li>"; + $tree .= " <li><a href=\"firewall_shaper.php?interface=".$shif."&action=add\">".$shDescr."</a></li>"; } } - + return $tree; } function filter_generate_altq_queues() { global $altq_list_queues; - + read_altq_config(); $altq_rules = ""; @@ -4231,9 +4238,9 @@ function dnpipe_find_nextnumber() { function filter_generate_dummynet_rules() { global $g, $dummynet_pipe_list; - + read_dummynet_config(); - + if (!empty($dummynet_pipe_list)) { if (!is_module_loaded("dummynet.ko")) { mwexec("/sbin/kldload dummynet"); @@ -4259,14 +4266,14 @@ function build_iface_without_this_queue($iface, $qname) { if ($altq) $scheduler = ": " . $altq->GetScheduler(); $form = "<tr><td width=\"20%\" >"; - $form .= "<a href=\"firewall_shaper.php?interface=" . $iface . "&queue=" . $iface."&action=show\">". $shaperIFlist[$iface] . $scheduler."</a>"; + $form .= "<a href=\"firewall_shaper.php?interface=" . $iface . "&queue=" . $iface."&action=show\">". $shaperIFlist[$iface] . $scheduler."</a>"; $form .= "</td></tr>"; $form .= "<tr><td width=\"100%\" class=\"vncellreq\">"; $form .= "<a href=\"firewall_shaper_queues.php?interface="; - $form .= $iface . "&queue=". $qname . "&action=add\">"; + $form .= $iface . "&queue=". $qname . "&action=add\">"; $form .= "<img src=\""; $form .= "./themes/".$g['theme']."/images/icons/icon_plus.gif\""; - $form .= " width=\"17\" height=\"17\" border=\"0\" title=\"Clone shaper/queue on this interface\">"; + $form .= " width=\"17\" height=\"17\" border=\"0\" title=\"Clone shaper/queue on this interface\" alt=\"clone\" />"; $form .= gettext(" Clone shaper/queue on this interface") . "</a></td></tr>"; return $form; @@ -4274,18 +4281,18 @@ function build_iface_without_this_queue($iface, $qname) { } -$default_shaper_msg = "<tr><td align=\"center\" width=\"80%\" >"; -$default_shaper_msg .= "<span class=\"vexpl\"><strong><p><b>" . sprintf(gettext("Welcome to the %s Traffic Shaper."), $g['product_name']) . "</b><br />"; +$default_shaper_msg = "<tr><td align=\"center\" width=\"80%\">"; +$default_shaper_msg .= "<span class=\"vexpl\"><strong><b>" . sprintf(gettext("Welcome to the %s Traffic Shaper."), $g['product_name']) . "</b><br />"; $default_shaper_msg .= gettext("The tree on the left helps you navigate through the queues <br />" . "buttons at the bottom represent queue actions and are activated accordingly."); -$default_shaper_msg .= " </p></strong></span>"; +$default_shaper_msg .= "</strong></span>"; $default_shaper_msg .= "</td></tr>"; -$dn_default_shaper_msg = "<tr><td align=\"center\" width=\"80%\" >"; -$dn_default_shaper_msg .= "<span class=\"vexpl\"><strong><p><b>" . sprintf(gettext("Welcome to the %s Traffic Shaper."), $g['product_name']) . "</b><br />"; +$dn_default_shaper_msg = "<tr><td align=\"center\" width=\"80%\">"; +$dn_default_shaper_msg .= "<span class=\"vexpl\"><strong><b>" . sprintf(gettext("Welcome to the %s Traffic Shaper."), $g['product_name']) . "</b><br />"; $dn_default_shaper_msg .= gettext("The tree on the left helps you navigate through the queues <br />" . "buttons at the bottom represent queue actions and are activated accordingly."); -$dn_default_shaper_msg .= " </p></strong></span>"; +$dn_default_shaper_msg .= "</strong></span>"; $dn_default_shaper_msg .= "</td></tr>"; ?> diff --git a/etc/inc/system.inc b/etc/inc/system.inc index d895d2f..6299922 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -1615,4 +1615,21 @@ function get_possible_listen_ips() { return $listenips; } +function get_possible_traffic_source_addresses() { + global $config; + $sourceips = get_possible_listen_ips(); + foreach (array('server', 'client') as $mode) { + if (is_array($config['openvpn']["openvpn-{$mode}"])) { + foreach ($config['openvpn']["openvpn-{$mode}"] as $id => $setting) { + if (!isset($setting['disable'])) { + $vpn = array(); + $vpn['value'] = 'ovpn' . substr($mode, 0, 1) . $setting['vpnid']; + $vpn['name'] = gettext("OpenVPN") . " ".$mode.": ".htmlspecialchars($setting['description']); + $sourceips[] = $vpn; + } + } + } + } + return $sourceips; +} ?> diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 787abd4..d43c069 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -998,12 +998,25 @@ EOD; * For all other occasions the normal vpn_ipsec_configure() * will gracefully reload the settings without restarting */ -function vpn_ipsec_force_reload() { - global $config; - global $g; +function vpn_ipsec_force_reload($interface = "") { + global $g, $config; $ipseccfg = $config['ipsec']; + if (!empty($interface) && is_array($ipseccfg['phase1'])) { + $found = false; + foreach ($ipseccfg['phase1'] as $ipsec) { + if (!isset($ipsec['disabled']) && ($ipsec['interface'] == $interface)) { + $found = true; + break; + } + } + if (!$found) { + log_error(sprintf(gettext("Ignoring IPsec racoon daemon reload since there are no tunnels on interface %s"), $interface)); + return; + } + } + /* send a SIGKILL to be sure */ killbypid("{$g['varrun_path']}/racoon.pid"); diff --git a/etc/phpshellsessions/gitsync b/etc/phpshellsessions/gitsync index 656c1e8..e69e654 100644 --- a/etc/phpshellsessions/gitsync +++ b/etc/phpshellsessions/gitsync @@ -12,7 +12,7 @@ require_once("rrd.inc"); require_once("pfsense-utils.inc"); $GIT_PKG = "git"; // Either "git" or the full package URL -$GIT_REPO = "git://github.com/bsdperimeter/pfsense.git"; +$GIT_REPO = "git://github.com/pfsense/pfsense.git"; $DEFAULT_BRANCH = "master"; $CODIR = "/root/pfsense/"; $GITSYNC_MERGE = "/root/.gitsync_merge"; diff --git a/etc/phpshellsessions/svc b/etc/phpshellsessions/svc new file mode 100644 index 0000000..5770c02 --- /dev/null +++ b/etc/phpshellsessions/svc @@ -0,0 +1,83 @@ +require_once("config.inc"); +require_once("util.inc"); +require_once("service-utils.inc"); + +function usage() { + echo "Usage: playback svc <action> <service name> [service-specific options]\n\n"; + echo "Examples:\n"; + echo "playback svc stop dhcpd\n"; + echo "playback svc restart openvpn client 2\n"; + echo "playback svc stop captiveportal zone1\n"; + echo "\n"; +} + +global $g, $config, $argv, $command_split; + +if(is_array($command_split)) + $args = array_slice($command_split, 2); +else + $args = array_slice($argv, 3); + +if (empty($args[0])) { + usage(); +} + +$extras = array(); + +// start, stop, restart +$action = $args[0]; + +// dhcpd, openvpn, etc. +$svc_name = $args[1]; + +// Handle servive-specific options. +switch ($svc_name) { + case "openvpn": + if (in_array($args[2], array("server", "client"))) { + $extras['vpnmode'] = $args[2]; + } else { + echo "Invalid OpenVPN mode (server, client)\n"; + return; + } + if (is_numeric($args[3])) { + $extras['id'] = $args[3]; + } else { + echo "Invalid OpenVPN ID, must be numeric\n"; + return; + } + $vpnsvc = find_service_by_openvpn_vpnid($extras['id']); + if (empty($vpnsvc)) { + echo "No OpenVPN client or server found with that ID.\n"; + return; + } + break; + case "captiveportal": + if (is_validaliasname($args[2])) { + $extras['zone'] = $args[2]; + } else { + echo "Invalid Captive Portal Zone.\n"; + return; + } + $cpzone = find_service_by_cp_zone($extras['zone']); + if (empty($cpzone)) { + echo "No Captive Portal Zone found with that name.\n"; + return; + } + break; +} + +echo "Attempting to issue {$action} to {$svc_name} service...\n"; + +switch ($action) { + case "restart": + $savemsg = service_control_restart($svc_name, $extras); + break; + case "start": + $savemsg = service_control_start($svc_name, $extras); + break; + case "stop": + $savemsg = service_control_stop($svc_name, $extras); + break; +} + +echo "\n{$savemsg}\n"; @@ -39,25 +39,27 @@ if [ -e /root/force_fsck ]; then fi fi -TUNEFS_STATUS=`/sbin/tunefs -p / 2>&1 | /usr/bin/grep trim: | /usr/bin/awk '{print $4;}'` -if [ -e /root/TRIM_set ] && [ "${TUNEFS_STATUS}" = "disabled" ]; then - echo "Enabling TRIM support" - /sbin/tunefs -t enable / - if [ "$PLATFORM" = "nanobsd" ]; then - /sbin/tunefs -t enable /cf - fi - echo "Rebooting in 5 seconds after enabling TRIM..." - sleep 5 - /sbin/reboot -elif [ -e /root/TRIM_unset ] && [ "${TUNEFS_STATUS}" = "enabled" ]; then - echo "Disabling TRIM support" - /sbin/tunefs -t disable / - if [ "$PLATFORM" = "nanobsd" ]; then - /sbin/tunefs -t disable /cf +if [ -e /root/TRIM_set -o -e /root/TRIM_unset ]; then + TUNEFS_STATUS=`/sbin/tunefs -p / 2>&1 | /usr/bin/grep trim: | /usr/bin/awk '{print $4;}'` + if [ -e /root/TRIM_set ] && [ "${TUNEFS_STATUS}" = "disabled" ]; then + echo "Enabling TRIM support" + /sbin/tunefs -t enable / + if [ "$PLATFORM" = "nanobsd" ]; then + /sbin/tunefs -t enable /cf + fi + echo "Rebooting in 5 seconds after enabling TRIM..." + sleep 5 + /sbin/reboot + elif [ -e /root/TRIM_unset ] && [ "${TUNEFS_STATUS}" = "enabled" ]; then + echo "Disabling TRIM support" + /sbin/tunefs -t disable / + if [ "$PLATFORM" = "nanobsd" ]; then + /sbin/tunefs -t disable /cf + fi + echo "Rebooting in 5 seconds after disabling TRIM..." + sleep 5 + /sbin/reboot fi - echo "Rebooting in 5 seconds after disabling TRIM..." - sleep 5 - /sbin/reboot fi # Mount memory file system if it exists @@ -73,27 +75,17 @@ if [ "$PLATFORM" = "pfSense" ]; then fi fi -if [ "$PLATFORM" = "cdrom" ]; then +if [ "${PLATFORM}" = "cdrom" ]; then /etc/rc.cdrom -fi - -if [ "$PLATFORM" = "embedded" ]; then - export PKG_TMPDIR=/root/ - /etc/rc.embedded -fi - -if [ "$PLATFORM" = "nanobsd" ]; then - export PKG_TMPDIR=/root/ - /etc/rc.embedded -fi - -# Mount /. If it fails run a fsck. -if [ ! "$PLATFORM" = "cdrom" ] ; then +else + # Mount /. If it fails run a fsck. if [ "$PLATFORM" = "nanobsd" ]; then + export PKG_TMPDIR=/root/ /sbin/mount -uw / || (/sbin/fsck -fy; /sbin/mount -uw /) else /sbin/mount -a || (/sbin/fsck -fy; /sbin/mount -a) fi + # If /conf is a directory, convert it to a symlink to /cf/conf if [ -d "/conf" ]; then # If item is not a symlink then rm and recreate @@ -103,6 +95,21 @@ if [ ! "$PLATFORM" = "cdrom" ] ; then /bin/ln -s /cf/conf /conf fi fi + + if [ ! "$PLATFORM" = "jail" ]; then + # Check to see if a compact flash mountpoint exists + # If it fails to mount then run a fsck -fy + if grep -q cf /etc/fstab; then + /sbin/mount -w /cf 2>/dev/null + /sbin/mount -uw /cf || \ + (/sbin/umount /cf; /sbin/fsck -fy /cf; /sbin/mount -w /cf) + fi + fi + + USE_MFS_TMPVAR=`/usr/bin/grep -c use_mfs_tmpvar /cf/conf/config.xml` + if [ "${PLATFORM}" = "nanobsd" ] || [ "${PLATFORM}" = "embedded" ] || [ ${USE_MFS_TMPVAR} -gt 0 ]; then + /etc/rc.embedded + fi fi /bin/rm -f /root/force_fsck @@ -121,16 +128,6 @@ if [ "$CDDEVICE" != "" ]; then cdcontrol -f /dev/"$CDDEVICE" eject fi -if [ ! "$PLATFORM" = "jail" ]; then - # Check to see if a compact flash mountpoint exists - # If it fails to mount then run a fsck -fy - if grep -q cf /etc/fstab; then - /sbin/mount -w /cf 2>/dev/null - /sbin/mount -uw /cf || \ - (/sbin/umount /cf; /sbin/fsck -fy /cf; /sbin/mount -w /cf) - fi -fi - # sync pw database after mount. rm -f /etc/spwd.db.tmp /usr/sbin/pwd_mkdb -d /etc/ /etc/master.passwd @@ -139,7 +136,7 @@ product=`/usr/bin/grep product_name /etc/inc/globals.inc | /usr/bin/cut -d'"' -f hideplatform=`/usr/bin/grep hideplatform /etc/inc/globals.inc | /usr/bin/wc -l` varrunpath=`/usr/bin/grep varrun_path /etc/inc/globals.inc | /usr/bin/cut -d'"' -f4` -if [ "$PLATFORM" = "pfSense" ]; then +if [ "$PLATFORM" = "pfSense" ] && [ ${USE_MFS_TMPVAR} -eq 0 ]; then /sbin/mdmfs -S -M -s 4m md $varrunpath fi @@ -165,7 +162,7 @@ if [ "$PLATFORM" = "cdrom" ] ; then # do nothing for cdrom platform elif [ "$PLATFORM" = "embedded" ] ; then # do nothing for embedded platform -elif [ "$PLATFORM" = "nanobsd" ] ; then +elif [ "$PLATFORM" = "nanobsd" ] || [ ${USE_MFS_TMPVAR} -gt 0 ]; then # Ensure that old-style PKG packages can be persistent across reboots /bin/mkdir -p /root/var/db/pkg /bin/rm -rf /var/db/pkg @@ -180,6 +177,14 @@ else SWAPDEVICE=`/bin/cat /etc/fstab | /usr/bin/grep swap | /usr/bin/cut -f1` /sbin/swapon -a 2>/dev/null >/dev/null /etc/rc.savecore + + if [ -d /root/var/db/pkg ]; then + # User must have just disabled RAM disks, move these back into place. + /bin/mkdir -p /var/db/pkg + /bin/mv /root/var/db/pkg /var/db/pkg + /bin/mkdir -p /var/db/pbi + /bin/mv /root/var/db/pkg /var/db/pbi + fi fi if [ "$PLATFORM" = "cdrom" ] ; then diff --git a/etc/rc.embedded b/etc/rc.embedded index ada4558..b4c60fb 100755 --- a/etc/rc.embedded +++ b/etc/rc.embedded @@ -4,31 +4,31 @@ # For pfSense # Size of /tmp -tmpsize="40m" +USE_MFS_TMP_SIZE=`/usr/bin/grep use_mfs_tmp_size /cf/conf/config.xml | /usr/bin/cut -f2 -d'>' | /usr/bin/cut -f1 -d'<'` +if [ ! -z ${USE_MFS_TMP_SIZE} ] && [ ${USE_MFS_TMP_SIZE} -gt 0 ]; then + tmpsize="${USE_MFS_TMP_SIZE}m" +else + tmpsize="40m" +fi # Size of /var -varsize="60m" +USE_MFS_VAR_SIZE=`/usr/bin/grep use_mfs_var_size /cf/conf/config.xml | /usr/bin/cut -f2 -d'>' | /usr/bin/cut -f1 -d'<'` +if [ ! -z ${USE_MFS_VAR_SIZE} ] && [ ${USE_MFS_VAR_SIZE} -gt 0 ]; then + varsize="${USE_MFS_VAR_SIZE}m" +else + varsize="60m" +fi # Run some initialization routines [ -f /etc/rc.d/uzip ] && /etc/rc.d/uzip start -echo -n "Setting up embedded specific environment..." -# Initialize MFS for /tmp. Partly taken from /etc/rc.d/var -if (/bin/mkdir -p /tmp/.diskless 2> /dev/null); then - rmdir /tmp/.diskless -else - mdmfs -S -M -s ${tmpsize} md /tmp -fi -# Initialize MFS for /var. Partly taken from /etc/rc.d/var -if (/bin/mkdir -p /var/.diskless 2> /dev/null); then - rmdir /var/.diskless -else - mdmfs -S -M -s ${varsize} md /var -fi +echo -n "Setting up memory disks..." +mdmfs -S -M -s ${tmpsize} md /tmp +mdmfs -S -M -s ${varsize} md /var # Create some needed directories /bin/mkdir -p /var/db # Ensure vi's recover directory is present /bin/mkdir -p /var/tmp/vi.recover/ -echo " done."
\ No newline at end of file +echo " done." diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index f2712ad..f641212 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -254,7 +254,7 @@ function carp_sync_xml($url, $username, $password, $sections, $port = 80, $metho file_notice("sync_settings", $error, "Settings Sync", ""); } else { $parsed_response = XML_RPC_decode($resp->value()); - if(!is_array($parsed_response) && trim($parsed_repsonse) == "Authentication failed") { + if(!is_array($parsed_response) && trim($parsed_response) == "Authentication failed") { $error = "An authentication failure occurred while trying to access {$url}:{$port} ($method)."; log_error($error); file_notice("sync_settings", $error, "Settings Sync", ""); diff --git a/etc/rc.initial.password b/etc/rc.initial.password index 6b8c78f..65676f9 100755 --- a/etc/rc.initial.password +++ b/etc/rc.initial.password @@ -58,6 +58,9 @@ The webConfigurator admin password and privileges will be reset to the default ( $admin_user['scope'] = "system"; $admin_user['priv'] = array("user-shell-access"); + if (isset($admin_user['disabled'])) + unset($admin_user['disabled']); + local_user_set_password($admin_user, strtolower($g['product_name'])); local_user_set($admin_user); write_config(gettext("password changed from console menu")); diff --git a/etc/rc.initial.setlanip b/etc/rc.initial.setlanip index 5b60132..14213b5 100755 --- a/etc/rc.initial.setlanip +++ b/etc/rc.initial.setlanip @@ -258,7 +258,12 @@ function console_configure_ip_address($version) { $upperifname, $label_IPvX) . "\n> "; $intip = chop(fgets($fp)); $is_ipaddr = ($version === 6) ? is_ipaddrv6($intip) : is_ipaddrv4($intip); - } while (!($is_ipaddr || $intip == '')); + if ($is_ipaddr && is_ipaddr_configured($intip, $interface, true)) { + $ip_conflict = true; + echo gettext("This IP address conflicts with another interface or a VIP") . "\n"; + } else + $ip_conflict = false; + } while (($ip_conflict === true) || !($is_ipaddr || $intip == '')); if ($intip != '') { echo "\n" . sprintf(gettext("Subnet masks are entered as bit counts (as in CIDR notation) in %s."), $g['product_name']) . "\n"; diff --git a/etc/rc.kill_states b/etc/rc.kill_states new file mode 100755 index 0000000..d7e92d6 --- /dev/null +++ b/etc/rc.kill_states @@ -0,0 +1,72 @@ +#!/usr/local/bin/php -f +<?php +/* + rc.newwanip + Copyright (C) 2013 Renato Botelho (garga@pfsense.org) + part of pfSense (http://www.pfsense.com) + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* parse the configuration and include all functions used below */ +require_once("globals.inc"); +require_once("config.inc"); +require_once("interfaces.inc"); +require_once("util.inc"); + +// Do not process while booting +if($g['booting']) + exit; + +/* Interface address to cleanup states */ +$interface = str_replace("\n", "", $argv[1]); + +/* IP address to cleanup states */ +$local_ip = str_replace("\n", "", $argv[2]); + +if (empty($interface) || !does_interface_exist($interface)) { + log_error("rc.kill_states: Invalid interface '{$interface}'"); + exit; +} + +if (!empty($local_ip)) { + list($local_ip, $subnet_bits) = explode("/", $local_ip); + + if (empty($subnet_bits)) + $subnet_bits = "32"; + + if (!is_ipaddr($local_ip)) { + log_error("rc.kill_states: Invalid IP address '{$local_ip}'"); + exit; + } +} + +if (!isset($config['system']['kill_states'])) { + if (!empty($local_ip)) { + log_error("rc.kill_states: Removing states for IP {$local_ip}/{$subnet_bits}"); + mwexec("/sbin/pfctl -k 0.0.0.0/0 -k {$local_ip}/{$subnet_bits}", true); + mwexec("/sbin/pfctl -k {$local_ip}/{$subnet_bits}", true); + mwexec("/sbin/pfctl -K {$local_ip}/{$subnet_bits}", true); + } + log_error("rc.kill_states: Removing states for interface {$interface}"); + mwexec("/sbin/pfctl -i {$interface} -Fs", true); +} diff --git a/etc/rc.linkup b/etc/rc.linkup index 217fe65..3566b9d 100755 --- a/etc/rc.linkup +++ b/etc/rc.linkup @@ -44,7 +44,17 @@ function handle_argument_group($iface, $argument2) { $ipaddr = $config['interfaces'][$iface]['ipaddr']; $ip6addr = $config['interfaces'][$iface]['ipaddrv6']; - if ((!empty($ipaddr) && is_ipaddrv4($ipaddr)) || (empty($ipaddr) && empty($ip6addr)) || (!empty($ip6addr) && is_ipaddrv6($ip6addr))) { + $staticv4 = false; + if (empty($ipaddr)) + $staticv4 = true; + else + $staticv4 = is_ipaddrv4($ipaddr); + $staticv6 = false; + if (empty($ip6addr)) + $statcv6 = true; + else + $staticv6 = is_ipaddrv6($ip6addr); + if ($staticv4 === true && $staticv6 === true) { $friendly = convert_friendly_interface_to_friendly_descr($iface); log_error("Hotplug event detected for {$friendly}({$iface}) but ignoring since interface is configured with static IP ({$ipaddr} {$ip6addr})"); interfaces_staticarp_configure($iface); @@ -60,18 +70,13 @@ function handle_argument_group($iface, $argument2) { interface_bring_down($iface); break; case "start": + case "up": log_error("DEVD Ethernet attached event for {$iface}"); interfaces_staticarp_configure($iface); log_error("HOTPLUG: Configuring interface {$iface}"); // Do not try to readd to bridge otherwise em(4) has problems interface_configure($iface, false, true); break; - case "up": - log_error("DEVD Ethernet attached event for {$iface}"); - interfaces_staticarp_configure($iface); - log_error("HOTPLUG: Configuring interface {$iface}"); - interface_configure($iface); - break; } } } diff --git a/etc/rc.newwanip b/etc/rc.newwanip index 156c8f1..00c3ac3 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -1,34 +1,34 @@ #!/usr/local/bin/php -f <?php /* - rc.newwanip - Copyright (C) 2006 Scott Ullrich (sullrich@gmail.com) - part of pfSense (http://www.pfsense.com) - - Originally part of m0n0wall (http://m0n0.ch) - Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + rc.newwanip + Copyright (C) 2006 Scott Ullrich (sullrich@gmail.com) + part of pfSense (http://www.pfsense.com) + + Originally part of m0n0wall (http://m0n0.ch) + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ /* parse the configuration and include all functions used below */ @@ -43,7 +43,7 @@ require_once("openvpn.inc"); require_once("rrd.inc"); // Do not process while booting -if($g['booting']) +if($g['booting']) exit; function restart_packages() { @@ -52,7 +52,7 @@ function restart_packages() { /* restart packages */ system_ntp_configure(false); mwexec_bg("/usr/local/sbin/ntpdate_sync_once.sh", true); - log_error("{$g['product_name']} package system has detected an ip change $oldip -> $curwanip ... Restarting packages."); + log_error("{$g['product_name']} package system has detected an ip change $oldip -> $curwanip ... Restarting packages."); send_event("service reload packages"); } @@ -62,23 +62,23 @@ $argument = str_replace("\n", "", $argv[1]); log_error("rc.newwanip: Informational is starting {$argument}."); if(empty($argument)) { - $curwanip = get_interface_ip(); - $interface = "wan"; - $interface_real = get_real_interface(); + $curwanip = get_interface_ip(); + $interface = "wan"; + $interface_real = get_real_interface(); } else { - $interface = convert_real_interface_to_friendly_interface_name($argument); - $interface_real = $argument; - $curwanip = find_interface_ip($interface_real, true); - if($curwanip == "") - $curwanip = get_interface_ip($interface); + $interface = convert_real_interface_to_friendly_interface_name($argument); + $interface_real = $argument; + $curwanip = find_interface_ip($interface_real, true); + if($curwanip == "") + $curwanip = get_interface_ip($interface); } log_error("rc.newwanip: on (IP address: {$curwanip}) (interface: {$interface}) (real interface: {$interface_real})."); if($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) { - log_error("rc.newwanip: Failed to update {$interface} IP, restarting..."); + log_error("rc.newwanip: Failed to update {$interface} IP, restarting..."); send_event("interface reconfigure {$interface}"); - exit; + exit; } if (empty($interface)) { @@ -125,6 +125,10 @@ if ($interface == "lan") /* check tunneled IPv6 interface tracking */ switch($config['interfaces'][$interface]['ipaddrv6']) { + case "slaac": + case "dhcp6": + interface_dhcpv6_configure($interface, $config['interfaces'][$interface]); + break; case "6to4": interface_6to4_configure($interface, $config['interfaces'][$interface]); break; @@ -162,12 +166,12 @@ setup_gateways_monitor(); filter_configure(); if (is_ipaddr($oldip) && $curwanip == $oldip) { - /* We need to force sync VPNs on such even when the IP is the same. Even with - * the same IP the VPN software is unhappy with the IP disappearing, and we + /* We need to force sync VPNs on such even when the IP is the same. Even with + * the same IP the VPN software is unhappy with the IP disappearing, and we * could be failing back in which case we need to switch IPs back anyhow. */ /* reconfigure IPsec tunnels */ - vpn_ipsec_force_reload(); + vpn_ipsec_force_reload($interface); /* start OpenVPN server & clients */ if (substr($interface_real, 0, 4) != "ovpn") @@ -190,7 +194,7 @@ services_dnsupdate_process($interface); services_dyndns_configure($interface); /* reconfigure IPsec tunnels */ -vpn_ipsec_force_reload(); +vpn_ipsec_force_reload($interface); /* start OpenVPN server & clients */ if (substr($interface_real, 0, 4) != "ovpn") diff --git a/etc/rc.newwanipv6 b/etc/rc.newwanipv6 index 09a6f45..287ea6a 100755 --- a/etc/rc.newwanipv6 +++ b/etc/rc.newwanipv6 @@ -44,10 +44,6 @@ require_once("IPv6.inc"); require_once("services.inc"); require_once("rrd.inc"); -// Do not process while booting -if($g['booting']) - exit; - function restart_packages() { global $oldipv6, $curwanipv6, $g; @@ -69,13 +65,12 @@ sleep(5); if(empty($argument)) { $interface = "wan"; $interface_real = get_real_interface($interface); - $curwanipv6 = get_interface_ipv6($interface); + $curwanipv6 = get_interface_ipv6($interface, true); } else { $interface_real = $argument; $interface = convert_real_interface_to_friendly_interface_name($interface_real); - $curwanipv6 = find_interface_ipv6($interface_real, true); - if (empty($curwanipv6)) - $curwanipv6 = get_interface_ipv6($interface); + $curwanipv6 = get_interface_ipv6($interface, true); + $interface_realv6 = get_real_interface($interface, "inet6"); } if (empty($interface)) { @@ -84,6 +79,10 @@ if (empty($interface)) { exit; } +//Do not process while booting +if($g['booting'] && $config['interfaces'][$interface]['ipaddrv6'] != "dhcp6") + exit; + if(empty($curwanipv6) || !is_ipaddrv6($curwanipv6)) { log_error("rc.newwanipv6: Failed to update {$interface} IPv6, restarting..."); // send_event("interface reconfigure {$interface}"); @@ -107,7 +106,7 @@ if(!empty($_ENV['new_domain_name'])) /* write current WAN IPv6 to file */ file_put_contents("{$g['vardb_path']}/{$interface}_ipv6", $curwanipv6); -log_error("rc.newwanipv6: on (IP address: {$curwanipv6}) (interface: {$interface}) (real interface: {$interface_real})."); +log_error("rc.newwanipv6: on (IP address: {$curwanipv6}) (interface: {$interface}) (real interface: {$interface_realv6})."); $oldipv6 = ""; if (file_exists("{$g['vardb_path']}/{$interface}_cacheipv6")) @@ -131,16 +130,19 @@ setup_gateways_monitor(); /* signal filter reload */ filter_configure(); -if (is_ipaddr($oldipv6) && $curwanipv6 == $oldipv6) { - // Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing. - if (in_array($config['interfaces'][$interface]['ipaddrv6'], array('pppoe', 'pptp', 'ppp'))) { - /* reconfigure IPsec tunnels */ - vpn_ipsec_force_reload(); - - /* start OpenVPN server & clients */ - openvpn_resync_all($interface); - } - exit; +if (is_ipaddrv6($oldipv6)) { + if ($curwanipv6 == $oldipv6) { + // Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing. + if (in_array($config['interfaces'][$interface]['ipaddrv6'], array('pppoe', 'pptp', 'ppp'))) { + /* reconfigure IPsec tunnels */ + vpn_ipsec_force_reload($interface); + + /* start OpenVPN server & clients */ + openvpn_resync_all($interface); + } + exit; + } else if (does_interface_exist($interface_realv6)) + mwexec("/sbin/ifconfig {$interface_realv6} inet6 {$oldipv6} delete"); } file_put_contents("{$g['vardb_path']}/{$interface}_cacheipv6", $curwanipv6); @@ -152,7 +154,7 @@ services_dnsupdate_process($interface); services_dyndns_configure($interface); /* reconfigure IPsec tunnels */ -vpn_ipsec_force_reload(); +vpn_ipsec_force_reload($interface); /* start OpenVPN server & clients */ if (substr($interface_real, 0, 4) != "ovpn") diff --git a/etc/rc.reboot b/etc/rc.reboot index 4bb28a1..afdc93c 100755 --- a/etc/rc.reboot +++ b/etc/rc.reboot @@ -14,7 +14,13 @@ sleep 1 PLATFORM=`cat /etc/platform` if [ "$PLATFORM" = "pfSense" ]; then rm -rf /tmp/* -else +fi + +USE_MFS_TMPVAR=`/usr/bin/grep -c use_mfs_tmpvar /cf/conf/config.xml` +DISK_NAME=`/bin/df /var/db/rrd | /usr/bin/tail -1 | /usr/bin/awk '{print $1;}'` +DISK_TYPE=`/usr/bin/basename ${DISK_NAME} | /usr/bin/cut -c1-2` +# If we are not on a full install, or if the full install wants RAM disks, or if the full install _was_ using RAM disks, but isn't for the next boot... +if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then /etc/rc.backup_rrd.sh /etc/rc.backup_dhcpleases.sh fi diff --git a/etc/rc.shutdown b/etc/rc.shutdown index c7e8b25..c63e5e5 100755 --- a/etc/rc.shutdown +++ b/etc/rc.shutdown @@ -25,7 +25,13 @@ export PATH PLATFORM=`cat /etc/platform` if [ "$PLATFORM" = "pfSense" ]; then find -x /tmp/* -type f -exec rm -f {} \; -else +fi + +USE_MFS_TMPVAR=`/usr/bin/grep -c use_mfs_tmpvar /cf/conf/config.xml` +DISK_NAME=`/bin/df /var/db/rrd | /usr/bin/tail -1 | /usr/bin/awk '{print $1;}'` +DISK_TYPE=`/usr/bin/basename ${DISK_NAME} | /usr/bin/cut -c1-2` +# If we are not on a full install, or if the full install wants RAM disks, or if the full install _was_ using RAM disks, but isn't for the next boot... +if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then /etc/rc.backup_rrd.sh /etc/rc.backup_dhcpleases.sh fi diff --git a/etc/rc.update_bogons.sh b/etc/rc.update_bogons.sh index 0ecd46a..64b9075 100755 --- a/etc/rc.update_bogons.sh +++ b/etc/rc.update_bogons.sh @@ -113,15 +113,25 @@ if [ "$BOGON_V4_CKSUM" = "$ON_DISK_V4_CKSUM" ] || [ "$BOGON_V6_CKSUM" = "$ON_DIS fi if [ "$BOGON_V6_CKSUM" = "$ON_DISK_V6_CKSUM" ]; then + BOGONS_V6_TABLE_COUNT=`pfctl -sTables | grep ^bogonsv6$ | wc -l | awk '{ print $1 }'` ENTRIES_TOT=`pfctl -vvsTables | awk '/Addresses/ {s+=$2}; END {print s}'` - ENTRIES_V6=`pfctl -vvsTables | awk '/-\tbogonsv6$/ {getline; print $2}'` LINES_V6=`wc -l /tmp/bogonsv6 | awk '{ print $1 }'` - if [ $ENTRIES_MAX -gt $((2*ENTRIES_TOT-${ENTRIES_V6:-0}+LINES_V6)) ]; then - egrep -v "^fc00::/7" /tmp/bogonsv6 > /etc/bogonsv6 - RESULT=`/sbin/pfctl -t bogonsv6 -T replace -f /etc/bogonsv6 2>&1` - echo "$RESULT" | awk '{ print "Bogons V6 file downloaded: " $0 }' | logger + if [ $BOGONS_V6_TABLE_COUNT -gt 0 ]; then + ENTRIES_V6=`pfctl -vvsTables | awk '/-\tbogonsv6$/ {getline; print $2}'` + if [ $ENTRIES_MAX -gt $((2*ENTRIES_TOT-${ENTRIES_V6:-0}+LINES_V6)) ]; then + egrep -v "^fc00::/7" /tmp/bogonsv6 > /etc/bogonsv6 + RESULT=`/sbin/pfctl -t bogonsv6 -T replace -f /etc/bogonsv6 2>&1` + echo "$RESULT" | awk '{ print "Bogons V6 file downloaded: " $0 }' | logger + else + echo "Not saving or updating IPv6 bogons (increase table-entries limit)" | logger + fi else - echo "Not updating IPv6 bogons (increase table-entries limit)" | logger + if [ $ENTRIES_MAX -gt $((2*ENTRIES_TOT+LINES_V6)) ]; then + egrep -v "^fc00::/7" /tmp/bogonsv6 > /etc/bogonsv6 + echo "Bogons V6 file downloaded but not updating IPv6 bogons table because IPv6 Allow is off" | logger + else + echo "Not saving IPv6 bogons table (IPv6 Allow is off and table-entries limit is potentially too low)" | logger + fi fi rm /tmp/bogonsv6 else |