diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/captiveportal.inc | 2 | ||||
-rw-r--r-- | etc/inc/gwlb.inc | 4 | ||||
-rw-r--r-- | etc/inc/services.inc | 4 | ||||
-rw-r--r-- | etc/inc/system.inc | 26 | ||||
-rw-r--r-- | etc/inc/unbound.inc | 131 | ||||
-rw-r--r-- | etc/inc/vpn.inc | 2 | ||||
-rw-r--r-- | etc/pfSense.obsoletedfiles | 18 |
7 files changed, 72 insertions, 115 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 1b99e19..00d64c0 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -1132,7 +1132,7 @@ function captiveportal_allowedip_configure() { function captiveportal_get_last_activity($ip, $mac = NULL) { global $cpzoneid; - $ipfwoutput = pfSense_ipfw_getTablestats($cpzoneid, 1, $ip, $mac); + $ipfwoutput = pfSense_ipfw_getTablestats($cpzoneid, IP_FW_TABLE_XLISTENTRY, $ip, $mac); /* Reading only from one of the tables is enough of approximation. */ if (is_array($ipfwoutput)) { return $ipfwoutput['timestamp']; diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index a328968..8284266 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -561,13 +561,15 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive $ctype = strtoupper($ifcfg['ipaddr']); break; default: + $tunnelif = substr($ifcfg['if'], 0, 3); if (substr($ifcfg['if'], 0, 4) == "ovpn") { // if current iface is an ovpn server endpoint then skip it if (substr($ifcfg['if'], 4, 1) == 's') continue 2; $ctype = "VPNv4"; - } + } else if ($tunnelif == "gif" || $tunnelif == "gre") + $ctype = "TUNNELv4"; break; } $ctype = "_". strtoupper($ctype); diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 664c262..e17d3dd 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -1773,6 +1773,10 @@ function services_dnsmasq_configure() { $listen_addresses .= " --listen-address={$tmpaddrll6[0]} "; } else $listen_addresses .= " --listen-address={$interface} "; + } else if (strstr($interface, "_vip")) { + $laddr = get_configured_carp_interface_list($interface); + if (is_ipaddr($laddr)) + $listen_addresses .= " --listen-address={$laddr} "; } else { $if = get_real_interface($interface); if (does_interface_exist($if)) { diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 63d1d90..2136bc1 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -286,9 +286,13 @@ function system_hosts_generate() { } $syscfg = $config['system']; - $dnsmasqcfg = $config['dnsmasq']; + if (isset($config['unbound']) && isset($config['unbound']['enable'])) + $dnsmasqcfg = $config['unbound']; + else + $dnsmasqcfg = $config['dnsmasq']; - $hosts = "127.0.0.1 localhost localhost.{$syscfg['domain']}\n"; + $hosts = "127.0.0.1 localhost localhost.{$syscfg['domain']}\n"; + $hosts .= "::1 localhost localhost.{$syscfg['domain']}\n"; $lhosts = ""; $dhosts = ""; @@ -395,15 +399,17 @@ function system_dhcpleases_configure() { if (!file_exists("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases")) @touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases"); - if (isset($config['unbound']['enable'])) + if (isset($config['unbound']['enable'])) { $dns_pid = "unbound.pid"; - else + $unbound_conf = "-u {$g['unbound_chroot_path']}/dhcpleases_entries.conf"; + } else { $dns_pid = "dnsmasq.pid"; + $unbound_conf = ""; + } $pidfile = "{$g['varrun_path']}/dhcpleases.pid"; if (isvalidpid($pidfile)) { /* Make sure dhcpleases is using correct unbound or dnsmasq */ - $_gb = exec("/bin/pgrep -F {$pidfile} -f {$dns_pid}", $output, $retval); if (intval($retval) == 0) { sigkillbypid($pidfile, "HUP"); @@ -414,12 +420,12 @@ function system_dhcpleases_configure() { /* To ensure we do not start multiple instances of dhcpleases, perform some clean-up first. */ if (is_process_running("dhcpleases")) - mwexec('/bin/pkill dhcpleases'); - @unlink("{$g['varrun_path']}/dhcpleases.pid"); - mwexec("/usr/local/sbin/dhcpleases -l {$g['dhcpd_chroot_path']}/var/db/dhcpd.leases -d {$config['system']['domain']} -p {$g['varrun_path']}/{$dns_pid} -h {$g['varetc_path']}/hosts"); + sigkillbyname('dhcpleases', "TERM"); + @unlink($pidfile); + mwexec("/usr/local/sbin/dhcpleases -l {$g['dhcpd_chroot_path']}/var/db/dhcpd.leases -d {$config['system']['domain']} -p {$g['varrun_path']}/{$dns_pid} {$unbound_conf} -h {$g['varetc_path']}/hosts"); } else { - sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM"); - @unlink("{$g['varrun_path']}/dhcpleases.pid"); + sigkillbypid($pidfile, "TERM"); + @unlink($pidfile); } } diff --git a/etc/inc/unbound.inc b/etc/inc/unbound.inc index 2305592..96c01ca 100644 --- a/etc/inc/unbound.inc +++ b/etc/inc/unbound.inc @@ -307,6 +307,9 @@ include: {$g['unbound_chroot_path']}/access_lists.conf # Static host entries include: {$g['unbound_chroot_path']}/host_entries.conf +# dhcp lease entries +include: {$g['unbound_chroot_path']}/dhcpleases_entries.conf + # Domain overrides include: {$g['unbound_chroot_path']}/domainoverrides.conf {$forward_conf} @@ -349,7 +352,6 @@ EOF; } } - // Read /etc/hosts function read_hosts() { @@ -358,19 +360,19 @@ function read_hosts() { */ $etc_hosts = array(); foreach (file('/etc/hosts') as $line) { - $d = preg_split('/\s/', $line, -1, PREG_SPLIT_NO_EMPTY); + if (strpos($line, "dhcpleases automatically entered")) + break; + $d = preg_split('/\s+/', $line, -1, PREG_SPLIT_NO_EMPTY); if (empty($d) || substr(reset($d), 0, 1) == "#") continue; - if ($d[3] == "#") { - $ip = array_shift($d); - $fqdn = array_shift($d); - $name = array_shift($d); - if ($fqdn != "empty") { - if ($name != "empty") - array_push($etc_hosts, array(ipaddr => "$ip", fqdn => "$fqdn", name => "$name")); - else - array_push($etc_hosts, array(ipaddr => "$ip", fqdn => "$fqdn")); - } + $ip = array_shift($d); + $fqdn = array_shift($d); + $name = array_shift($d); + if (!empty($fqdn) && $fqdn != "empty") { + if (!empty($name) && $name != "empty") + array_push($etc_hosts, array(ipaddr => "$ip", fqdn => "$fqdn", name => "$name")); + else + array_push($etc_hosts, array(ipaddr => "$ip", fqdn => "$fqdn")); } } return $etc_hosts; @@ -480,102 +482,27 @@ function unbound_add_host_entries() { global $config, $g; $unbound_entries = "local-zone: \"{$config['system']['domain']}\" transparent\n"; - // IPv4 entries - $unbound_entries .= "local-data-ptr: \"127.0.0.1 localhost\"\n"; - $unbound_entries .= "local-data: \"localhost A 127.0.0.1\"\n"; - $unbound_entries .= "local-data: \"localhost.{$config['system']['domain']} A 127.0.0.1\"\n"; - // IPv6 entries - $unbound_entries .= "local-data-ptr: \"::1 localhost\"\n"; - $unbound_entries .= "local-data: \"localhost AAAA ::1\"\n"; - $unbound_entries .= "local-data: \"localhost.{$config['system']['domain']} AAAA ::1\"\n"; - - $listen_addresses = ""; - if (isset($config['unbound']['interface'])) { - $interfaces = explode(",", $config['unbound']['interface']); - foreach ($interfaces as $interface) { - if (is_ipaddrv4($interface)) { - $unbound_entries .= "local-data-ptr: \"{$interface} {$config['system']['hostname']}.{$config['system']['domain']}\"\n"; - $unbound_entries .= "local-data: \"{$config['system']['hostname']}.{$config['system']['domain']} A {$interface}\"\n"; - $unbound_entries .= "local-data: \"{$config['system']['hostname']} A {$interface}\"\n"; - } else if (is_ipaddrv6($interface)) { - $unbound_entries .= "local-data: \"{$config['system']['hostname']}.{$config['system']['domain']} AAAA {$interface}\"\n"; - $unbound_entries .= "local-data: \"{$config['system']['hostname']} AAAA {$interface}\"\n"; - } else { - $if = get_real_interface($interface); - if (does_interface_exist($if)) { - $laddr = find_interface_ip($if); - if (is_ipaddrv4($laddr)) { - $unbound_entries .= "local-data-ptr: \"{$laddr} {$config['system']['hostname']}.{$config['system']['domain']}\"\n"; - $unbound_entries .= "local-data: \"{$config['system']['hostname']}.{$config['system']['domain']} A {$laddr}\"\n"; - $unbound_entries .= "local-data: \"{$config['system']['hostname']} A {$laddr}\"\n"; - } - $laddr6 = find_interface_ipv6($if); - if (is_ipaddrv6($laddr6) && !isset($config['dnsmasq']['strictbind'])) { - $unbound_entries .= "local-data-ptr: \"{$laddr6} {$config['system']['hostname']}.{$config['system']['domain']}\"\n"; - $unbound_entries .= "local-data: \"{$config['system']['hostname']}.{$config['system']['domain']} AAAA {$laddr}\"\n"; - $unbound_entries .= "local-data: \"{$config['system']['hostname']} AAAA {$laddr}\"\n"; - } - } - } - } - } - // Static Host entries - if (isset($config['unbound']['hosts'])) { - $host_entries = ""; - $added_item = array(); - foreach($config['unbound']['hosts'] as $host) { - $current_host = $host['host']; - if ($host['host'] != "") - $host['host'] = $host['host']."."; - if (!$added_item[$current_host]) { - $host_entries .= "local-data-ptr: \"{$host['ip']} {$host['host']}{$host['domain']}\"\n"; - if (is_ipaddrv6($host['ip'])) - $host_entries .= "local-data: \"{$host['host']}{$host['domain']} IN AAAA {$host['ip']}\"\n"; - else - $host_entries .= "local-data: \"{$host['host']}{$host['domain']} IN A {$host['ip']}\"\n"; - if (!empty($host['descr']) && isset($config['unbound']['txtsupport'])) - $host_entries .= "local-data: '{$host['host']}{$host['domain']} TXT \"".addslashes($host['descr'])."\"'\n"; - - // Do not add duplicate entries - $added_item[$current_host] = true; - } - } - $unbound_entries .= $host_entries; - } - - // Static DHCP entries - $host_entries = ""; - if (isset($config['unbound']['regdhcpstatic']) && is_array($config['dhcpd'])) { - foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) - if (is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable'])) - foreach ($dhcpifconf['staticmap'] as $host) - if ($host['ipaddr'] && $host['hostname']) { - $host_entries .= "local-data-ptr: \"{$host['ipaddr']} {$host['hostname']}.{$config['system']['domain']}\"\n"; - $host_entries .= "local-data: \"{$host['hostname']}.{$config['system']['domain']} IN A {$host['ipaddr']}\"\n"; - if (!empty($host['descr']) && $unboundcfg['txtsupport'] == 'on') - $host_entries .= "local-data: '{$host['hostname']}.{$config['system']['domain']} TXT \"".addslashes($host['descr'])."\"'\n"; - } - $unbound_entries .= $host_entries; - } + $hosts = read_hosts(); + foreach ($hosts as $host) { + if (is_ipaddrv4($host['ipaddr'])) + $type = 'A'; + else if (is_ipaddrv6($host['ipaddr'])) + $type = 'AAAA'; + else + continue; - // Handle DHCPLeases added host entries - $dhcplcfg = read_hosts(); - $host_entries = ""; - if (is_array($dhcplcfg)) { - foreach($dhcplcfg as $key=>$host) { - $host_entries .= "local-data-ptr: \"{$host['ipaddr']} {$host['fqdn']}\"\n"; - $host_entries .= "local-data: \"{$host['fqdn']} IN A {$host['ipaddr']}\"\n"; - if (!empty($host['name'])) { - $host_entries .= "local-data-ptr: \"{$host['ipaddr']} {$host['name']}\"\n"; - $host_entries .= "local-data: \"{$host['name']} IN A {$host['ipaddr']}\"\n"; - } - } - $unbound_entries .= $host_entries; + $unbound_entries .= "local-data-ptr: \"{$host['ipaddr']} {$host['fqdn']}\"\n"; + $unbound_entries .= "local-data: \"{$host['fqdn']} {$type} {$host['ipaddr']}\"\n"; + if (isset($host['name'])) + $unbound_entries .= "local-data: \"{$host['name']} {$type} {$host['ipaddr']}\"\n"; } // Write out entries file_put_contents("{$g['unbound_chroot_path']}/host_entries.conf", $unbound_entries); + + /* dhcpleases will write to this config file, make sure it exists */ + @touch("{$g['unbound_chroot_path']}/dhcpleases_entries.conf"); } function unbound_control($action) { diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index f1f97fe..c2f9a87 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -440,7 +440,7 @@ EOD; if (isset($ph1ent['disabled'])) continue; - if (strpos($ph1ent['authentication_method'], 'rsa') || $ph1ent['authentication_method'] == 'eap-tls') { + if (strstr($ph1ent['authentication_method'], 'rsa') || $ph1ent['authentication_method'] == 'eap-tls') { $certline = ''; $ikeid = $ph1ent['ikeid']; diff --git a/etc/pfSense.obsoletedfiles b/etc/pfSense.obsoletedfiles index 2d2bf5e..db7afd4 100644 --- a/etc/pfSense.obsoletedfiles +++ b/etc/pfSense.obsoletedfiles @@ -820,22 +820,33 @@ /usr/local/share/locale/am /usr/local/share/locale/ar /usr/local/share/locale/az +/usr/local/share/locale/bg /usr/local/share/locale/bn /usr/local/share/locale/br /usr/local/share/locale/bs /usr/local/share/locale/cy +/usr/local/share/locale/da +/usr/local/share/locale/de /usr/local/share/locale/dk /usr/local/share/locale/ee /usr/local/share/locale/en_CA /usr/local/share/locale/en_GB +/usr/local/share/locale/es /usr/local/share/locale/es_ES /usr/local/share/locale/es_MX +/usr/local/share/locale/et +/usr/local/share/locale/eu /usr/local/share/locale/fa +/usr/local/share/locale/fr +/usr/local/share/locale/ga /usr/local/share/locale/gu /usr/local/share/locale/he /usr/local/share/locale/hi +/usr/local/share/locale/hr /usr/local/share/locale/hu +/usr/local/share/locale/id /usr/local/share/locale/is +/usr/local/share/locale/it /usr/local/share/locale/ka /usr/local/share/locale/kn /usr/local/share/locale/lt @@ -845,12 +856,19 @@ /usr/local/share/locale/mn /usr/local/share/locale/ms /usr/local/share/locale/mt +/usr/local/share/locale/nb +/usr/local/share/locale/nl /usr/local/share/locale/or +/usr/local/share/locale/pa +/usr/local/share/locale/pt_BR /usr/local/share/locale/pt_PT +/usr/local/share/locale/ru /usr/local/share/locale/sq /usr/local/share/locale/sr@Latn +/usr/local/share/locale/sv /usr/local/share/locale/ta /usr/local/share/locale/th +/usr/local/share/locale/vi /usr/local/share/locale/wa /usr/local/share/locale/zh /usr/local/share/locale/zh_CN.GB2312 |