diff options
Diffstat (limited to 'src/etc/inc/interfaces.inc')
| -rw-r--r-- | src/etc/inc/interfaces.inc | 5814 |
1 files changed, 5814 insertions, 0 deletions
diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc new file mode 100644 index 0000000..4d9389a --- /dev/null +++ b/src/etc/inc/interfaces.inc @@ -0,0 +1,5814 @@ +<?php +/* + interfaces.inc + Copyright (C) 2004-2008 Scott Ullrich + Copyright (C) 2008-2009 Ermal Luçi + All rights reserved. + + function interfaces_wireless_configure is + Copyright (C) 2005 Espen Johansen + All rights reserved. + + originally part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notices, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notices, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + + pfSense_BUILDER_BINARIES: /sbin/dhclient /bin/sh /usr/bin/grep /usr/bin/xargs /usr/bin/awk /usr/local/sbin/choparp + pfSense_BUILDER_BINARIES: /sbin/ifconfig /sbin/route /usr/sbin/ngctl /usr/sbin/arp /bin/kill /usr/local/sbin/mpd5 + pfSense_BUILDER_BINARIES: /usr/local/sbin/dhcp6c + pfSense_MODULE: interfaces + +*/ + +/* include all configuration functions */ +require_once("globals.inc"); +require_once("util.inc"); +require_once("gwlb.inc"); + +function interfaces_bring_up($interface) { + if (!$interface) { + log_error(gettext("interfaces_bring_up() was called but no variable defined.")); + log_error("Backtrace: " . debug_backtrace()); + return; + } + pfSense_interface_flags($interface, IFF_UP); +} + +/* + * Return the interface array + */ +function get_interface_arr($flush = false) { + global $interface_arr_cache; + + /* If the cache doesn't exist, build it */ + if (!isset($interface_arr_cache) or $flush) { + $interface_arr_cache = pfSense_interface_listget(); + } + + return $interface_arr_cache; +} + +/* + * does_interface_exist($interface): return true or false if a interface is + * detected. + */ +function does_interface_exist($interface, $flush = true) { + global $config; + + if (!$interface) { + return false; + } + + $ints = get_interface_arr($flush); + if (in_array($interface, $ints)) { + return true; + } else { + return false; + } +} + +/* + * does_vip_exist($vip): return true or false if a vip is + * configured. + */ +function does_vip_exist($vip) { + global $config; + + if (!$vip) { + return false; + } + + + switch ($vip['mode']) { + case "carp": + case "ipalias": + /* XXX: Make proper checks? */ + $realif = get_real_interface($vip['interface']); + if (!does_interface_exist($realif)) { + return false; + } + break; + case "proxyarp": + /* XXX: Implement this */ + default: + return false; + } + + $ifacedata = pfSense_getall_interface_addresses($realif); + foreach ($ifacedata as $vipips) { + if ($vipips == "{$vip['subnet']}/{$vip['subnet_bits']}") { + return true; + } + } + + return false; +} + +function interface_netgraph_needed($interface = "wan") { + global $config; + + $found = false; + if (!empty($config['pptpd']) && + $config['pptpd']['mode'] == "server") { + $found = true; + } + if ($found == false && !empty($config['l2tp']) && + $config['l2tp']['mode'] == "server") { + $found = true; + } + if ($found == false && is_array($config['pppoes']['pppoe'])) { + foreach ($config['pppoes']['pppoe'] as $pppoe) { + if ($pppoe['mode'] != "server") { + continue; + } + if ($pppoe['interface'] == $interface) { + $found = true; + break; + } + } + } + if ($found == false) { + $found = interface_isppp_type($interface); + } + + if ($found == false) { + $realif = get_real_interface($interface); + if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { + foreach ($config['ppps']['ppp'] as $pppid => $ppp) { + $ports = explode(',', $ppp['ports']); + foreach ($ports as $pid => $port) { + $port = get_real_interface($port); + if ($realif == $port) { + $found = true; + break; + } + /* Find the parent interfaces of the vlans in the MLPPP configs + * there should be only one element in the array here + * -- this could be better . . . */ + $parent_if = get_parent_interface($port); + if ($realif == $parent_if[0]) { + $found = true; + break; + } + } + } + } + } + + if ($found == false) { + $realif = get_real_interface($interface); + pfSense_ngctl_detach("{$realif}:", $realif); + } + /* NOTE: We make sure for this on interface_ppps_configure() + * no need to do it here again. + * else + * pfSense_ngctl_attach(".", $realif); + */ +} + +function interfaces_loopback_configure() { + global $g; + + if (platform_booting()) { + echo gettext("Configuring loopback interface..."); + } + pfSense_interface_setaddress("lo0", "127.0.0.1"); + interfaces_bring_up("lo0"); + if (platform_booting()) { + echo gettext("done.") . "\n"; + } + return 0; +} + +function interfaces_vlan_configure($realif = "") { + global $config, $g; + if (platform_booting()) { + echo gettext("Configuring VLAN interfaces..."); + } + if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) { + foreach ($config['vlans']['vlan'] as $vlan) { + if (empty($vlan['vlanif'])) { + $vlan['vlanif'] = "{$vlan['if']}_vlan{$vlan['tag']}"; + } + if (!empty($realif) && $realif != $vlan['vlanif']) { + continue; + } + + /* XXX: Maybe we should report any errors?! */ + interface_vlan_configure($vlan); + } + } + if (platform_booting()) { + echo gettext("done.") . "\n"; + } +} + +function interface_vlan_configure(&$vlan) { + global $config, $g; + + if (!is_array($vlan)) { + log_error(gettext("VLAN: called with wrong options. Problems with config!")); + return; + } + $if = $vlan['if']; + $vlanif = empty($vlan['vlanif']) ? "{$if}_vlan{$vlan['tag']}" : $vlan['vlanif']; + $tag = $vlan['tag']; + + if (empty($if)) { + log_error(gettext("interface_vlan_configure called with if undefined.")); + return; + } + + /* make sure the parent interface is up */ + interfaces_bring_up($if); + /* Since we are going to add vlan(4) try to enable all that hardware supports. */ + pfSense_interface_capabilities($if, IFCAP_VLAN_HWTAGGING|IFCAP_VLAN_MTU|IFCAP_VLAN_HWFILTER); + + if (!empty($vlanif) && does_interface_exist($vlanif)) { + interface_bring_down($vlanif, true); + } else { + $tmpvlanif = pfSense_interface_create("vlan"); + pfSense_interface_rename($tmpvlanif, $vlanif); + pfSense_ngctl_name("{$tmpvlanif}:", $vlanif); + } + + pfSense_vlan_create($vlanif, $if, $tag); + + interfaces_bring_up($vlanif); + + /* invalidate interface cache */ + get_interface_arr(true); + + /* XXX: ermal -- for now leave it here at the moment it does not hurt. */ + interfaces_bring_up($if); + + return $vlanif; +} + +function interface_qinq_configure(&$vlan, $fd = NULL) { + global $config, $g; + + if (!is_array($vlan)) { + log_error(sprintf(gettext("QinQ compat VLAN: called with wrong options. Problems with config!%s"), "\n")); + return; + } + + $qinqif = $vlan['if']; + $tag = $vlan['tag']; + if (empty($qinqif)) { + log_error(sprintf(gettext("interface_qinq_configure called with if undefined.%s"), "\n")); + return; + } + + if (!does_interface_exist($qinqif)) { + log_error(sprintf(gettext("interface_qinq_configure called with invalid if.%s"), "\n")); + return; + } + + $vlanif = interface_vlan_configure($vlan); + + if ($fd == NULL) { + $exec = true; + $fd = fopen("{$g['tmp_path']}/netgraphcmd", "w"); + } else { + $exec = false; + } + /* make sure the parent is converted to ng_vlan(4) and is up */ + interfaces_bring_up($qinqif); + + pfSense_ngctl_attach(".", $qinqif); + if (!empty($vlanif) && does_interface_exist($vlanif)) { + fwrite($fd, "shutdown {$qinqif}qinq:\n"); + exec("/usr/sbin/ngctl msg {$qinqif}qinq: gettable", $result); + if (empty($result)) { + fwrite($fd, "mkpeer {$qinqif}: vlan lower downstream\n"); + fwrite($fd, "name {$qinqif}:lower {$vlanif}qinq\n"); + fwrite($fd, "connect {$qinqif}: {$vlanif}qinq: upper nomatch\n"); + } + } else { + fwrite($fd, "mkpeer {$qinqif}: vlan lower downstream\n"); + fwrite($fd, "name {$qinqif}:lower {$vlanif}qinq\n"); + fwrite($fd, "connect {$qinqif}: {$vlanif}qinq: upper nomatch\n"); + } + + /* invalidate interface cache */ + get_interface_arr(true); + + if (!stristr($qinqif, "_vlan")) { + mwexec("/sbin/ifconfig {$qinqif} promisc\n"); + } + + $macaddr = get_interface_mac($qinqif); + if (!empty($vlan['members'])) { + $members = explode(" ", $vlan['members']); + foreach ($members as $qtag) { + $qinq = array(); + $qinq['tag'] = $qtag; + $qinq['if'] = $vlanif; + interface_qinq2_configure($qinq, $fd, $macaddr); + } + } + if ($exec == true) { + fclose($fd); + mwexec("/usr/sbin/ngctl -f {$g['tmp_path']}/netgraphcmd"); + } + + interfaces_bring_up($qinqif); + if (!empty($vlan['members'])) { + $members = explode(" ", $vlan['members']); + foreach ($members as $qif) { + interfaces_bring_up("{$vlanif}_{$qif}"); + } + } + + return $vlanif; +} + +function interfaces_qinq_configure() { + global $config, $g; + if (platform_booting()) { + echo gettext("Configuring QinQ interfaces..."); + } + if (is_array($config['qinqs']['qinqentry']) && count($config['qinqs']['qinqentry'])) { + foreach ($config['qinqs']['qinqentry'] as $qinq) { + /* XXX: Maybe we should report any errors?! */ + interface_qinq_configure($qinq); + } + } + if (platform_booting()) { + echo gettext("done.") . "\n"; + } +} + +function interface_qinq2_configure(&$qinq, $fd, $macaddr) { + global $config, $g; + + if (!is_array($qinq)) { + log_error(sprintf(gettext("QinQ compat VLAN: called with wrong options. Problems with config!%s"), "\n")); + return; + } + + $if = $qinq['if']; + $tag = $qinq['tag']; + $vlanif = "{$if}_{$tag}"; + if (empty($if)) { + log_error(sprintf(gettext("interface_qinq2_configure called with if undefined.%s"), "\n")); + return; + } + + fwrite($fd, "shutdown {$if}h{$tag}:\n"); + fwrite($fd, "mkpeer {$if}qinq: eiface {$if}{$tag} ether\n"); + fwrite($fd, "name {$if}qinq:{$if}{$tag} {$if}h{$tag}\n"); + fwrite($fd, "msg {$if}qinq: addfilter { vlan={$tag} hook=\"{$if}{$tag}\" }\n"); + fwrite($fd, "msg {$if}h{$tag}: setifname \"{$vlanif}\"\n"); + fwrite($fd, "msg {$if}h{$tag}: set {$macaddr}\n"); + + /* invalidate interface cache */ + get_interface_arr(true); + + return $vlanif; +} + +function interfaces_create_wireless_clones() { + global $config, $g; + + if (platform_booting()) { + echo gettext("Creating wireless clone interfaces..."); + } + + $iflist = get_configured_interface_list(); + + foreach ($iflist as $if) { + $realif = $config['interfaces'][$if]['if']; + if (is_interface_wireless($realif)) { + interface_wireless_clone(interface_get_wireless_clone($realif), $config['interfaces'][$if]); + } + } + + if (isset($config['wireless']['clone']) && is_array($config['wireless']['clone']) && count($config['wireless']['clone'])) { + foreach ($config['wireless']['clone'] as $clone) { + if (empty($clone['cloneif'])) { + continue; + } + if (does_interface_exist($clone['cloneif'])) { + continue; + } + /* XXX: Maybe we should report any errors?! */ + interface_wireless_clone($clone['cloneif'], $clone); + } + } + if (platform_booting()) { + echo gettext("done.") . "\n"; + } + +} + +function interfaces_bridge_configure($checkmember = 0, $realif = "") { + global $config; + + $i = 0; + if (is_array($config['bridges']['bridged']) && count($config['bridges']['bridged'])) { + foreach ($config['bridges']['bridged'] as $bridge) { + if (empty($bridge['bridgeif'])) { + $bridge['bridgeif'] = "bridge{$i}"; + } + if (!empty($realif) && $realif != $bridge['bridgeif']) { + continue; + } + + if ($checkmember == 1) { + /* XXX: It should not be possible no? */ + if (strstr($bridge['if'], '_vip')) { + continue; + } + $members = explode(',', $bridge['members']); + foreach ($members as $member) { + if (!empty($config['interfaces'][$bridge['if']]) && $config['interfaces'][$bridge['if']]['ipaddrv6'] == "track6") { + continue 2; + } + } + } + else if ($checkmember == 2) { + $members = explode(',', $bridge['members']); + foreach ($members as $member) { + if (empty($config['interfaces'][$bridge['if']]) || $config['interfaces'][$bridge['if']]['ipaddrv6'] != "track6") { + continue 2; + } + } + } + /* XXX: Maybe we should report any errors?! */ + interface_bridge_configure($bridge, $checkmember); + $i++; + } + } +} + +function interface_bridge_configure(&$bridge, $checkmember = 0) { + global $config, $g; + + if (!is_array($bridge)) { + return; + } + + if (empty($bridge['members'])) { + log_error(sprintf(gettext("No members found on %s"), $bridge['bridgeif'])); + return; + } + + $members = explode(',', $bridge['members']); + if (!count($members)) { + return; + } + + /* Calculate smaller mtu and enforce it */ + $smallermtu = 0; + $commonrx = true; + $commontx = true; + $foundgif = false; + foreach ($members as $member) { + $realif = get_real_interface($member); + $mtu = get_interface_mtu($realif); + if (substr($realif, 0, 3) == "gif") { + $foundgif = true; + if ($checkmember == 1) { + return; + } + if ($mtu <= 1500) { + continue; + } + } + if ($smallermtu == 0 && !empty($mtu)) { + $smallermtu = $mtu; + } else if (!empty($mtu) && $mtu < $smallermtu) { + $smallermtu = $mtu; + } + } + if ($foundgif == false && $checkmember == 2) { + return; + } + + /* Just in case anything is not working well */ + if ($smallermtu == 0) { + $smallermtu = 1500; + } + + if (platform_booting() || !empty($bridge['bridgeif'])) { + pfSense_interface_destroy($bridge['bridgeif']); + pfSense_interface_create($bridge['bridgeif']); + $bridgeif = escapeshellarg($bridge['bridgeif']); + } else { + $bridgeif = pfSense_interface_create("bridge"); + $bridge['bridgeif'] = $bridgeif; + } + + $bridgemtu = interface_find_child_cfgmtu($bridge['bridgeif']); + if ($bridgemtu > $smallermtu) { + $smallermtu = $bridgemtu; + } + + $checklist = get_configured_interface_list(); + + /* Add interfaces to bridge */ + foreach ($members as $member) { + if (empty($checklist[$member])) { + continue; + } + $realif = get_real_interface($member); + if (!$realif) { + log_error(gettext("realif not defined in interfaces bridge - up")); + continue; + } + /* make sure the parent interface is up */ + pfSense_interface_mtu($realif, $smallermtu); + interfaces_bring_up($realif); + enable_hardware_offloading($member); + pfSense_bridge_add_member($bridge['bridgeif'], $realif); + } + + if (isset($bridge['enablestp'])) { + /* Choose spanning tree proto */ + mwexec("/sbin/ifconfig {$bridgeif} proto " . escapeshellarg($bridge['proto'])); + + if (!empty($bridge['stp'])) { + $stpifs = explode(',', $bridge['stp']); + foreach ($stpifs as $stpif) { + $realif = get_real_interface($stpif); + mwexec("/sbin/ifconfig {$bridgeif} stp {$realif}"); + } + } + if (!empty($bridge['maxage'])) { + mwexec("/sbin/ifconfig {$bridgeif} maxage " . escapeshellarg($bridge['maxage'])); + } + if (!empty($bridge['fwdelay'])) { + mwexec("/sbin/ifconfig {$bridgeif} fwddelay " . escapeshellarg($bridge['fwdelay'])); + } + if (!empty($bridge['hellotime'])) { + mwexec("/sbin/ifconfig {$bridgeif} hellotime " . escapeshellarg($bridge['hellotime'])); + } + if (!empty($bridge['priority'])) { + mwexec("/sbin/ifconfig {$bridgeif} priority " . escapeshellarg($bridge['priority'])); + } + if (!empty($bridge['holdcnt'])) { + mwexec("/sbin/ifconfig {$bridgeif} holdcnt " . escapeshellarg($bridge['holdcnt'])); + } + if (!empty($bridge['ifpriority'])) { + $pconfig = explode(",", $bridge['ifpriority']); + $ifpriority = array(); + foreach ($pconfig as $cfg) { + $embcfg = explode_assoc(":", $cfg); + foreach ($embcfg as $key => $value) { + $ifpriority[$key] = $value; + } + } + foreach ($ifpriority as $key => $value) { + $realif = get_real_interface($key); + mwexec("/sbin/ifconfig ${bridgeif} ifpriority {$realif} " . escapeshellarg($value)); + } + } + if (!empty($bridge['ifpathcost'])) { + $pconfig = explode(",", $bridge['ifpathcost']); + $ifpathcost = array(); + foreach ($pconfig as $cfg) { + $embcfg = explode_assoc(":", $cfg); + foreach ($embcfg as $key => $value) { + $ifpathcost[$key] = $value; + } + } + foreach ($ifpathcost as $key => $value) { + $realif = get_real_interface($key); + mwexec("/sbin/ifconfig ${bridgeif} ifpathcost {$realif} " . escapeshellarg($value)); + } + } + } + + if ($bridge['maxaddr'] <> "") { + mwexec("/sbin/ifconfig {$bridgeif} maxaddr " . escapeshellarg($bridge['maxaddr'])); + } + if ($bridge['timeout'] <> "") { + mwexec("/sbin/ifconfig {$bridgeif} timeout " . escapeshellarg($bridge['timeout'])); + } + if ($bridge['span'] <> "") { + $realif = get_real_interface($bridge['span']); + mwexec("/sbin/ifconfig {$bridgeif} span {$realif}"); + } + if (!empty($bridge['edge'])) { + $edgeifs = explode(',', $bridge['edge']); + foreach ($edgeifs as $edgeif) { + $realif = get_real_interface($edgeif); + mwexec("/sbin/ifconfig {$bridgeif} edge {$realif}"); + } + } + if (!empty($bridge['autoedge'])) { + $edgeifs = explode(',', $bridge['autoedge']); + foreach ($edgeifs as $edgeif) { + $realif = get_real_interface($edgeif); + mwexec("/sbin/ifconfig {$bridgeif} -autoedge {$realif}"); + } + } + if (!empty($bridge['ptp'])) { + $ptpifs = explode(',', $bridge['ptp']); + foreach ($ptpifs as $ptpif) { + $realif = get_real_interface($ptpif); + mwexec("/sbin/ifconfig {$bridgeif} ptp {$realif}"); + } + } + if (!empty($bridge['autoptp'])) { + $ptpifs = explode(',', $bridge['autoptp']); + foreach ($ptpifs as $ptpif) { + $realif = get_real_interface($ptpif); + mwexec("/sbin/ifconfig {$bridgeif} -autoptp {$realif}"); + } + } + if (!empty($bridge['static'])) { + $stickyifs = explode(',', $bridge['static']); + foreach ($stickyifs as $stickyif) { + $realif = get_real_interface($stickyif); + mwexec("/sbin/ifconfig {$bridgeif} sticky {$realif}"); + } + } + if (!empty($bridge['private'])) { + $privateifs = explode(',', $bridge['private']); + foreach ($privateifs as $privateif) { + $realif = get_real_interface($privateif); + mwexec("/sbin/ifconfig {$bridgeif} private {$realif}"); + } + } + + if ($bridge['bridgeif']) { + interfaces_bring_up($bridge['bridgeif']); + } else { + log_error(gettext("bridgeif not defined -- could not bring interface up")); + } +} + +function interface_bridge_add_member($bridgeif, $interface, $flagsapplied = false) { + + if (!does_interface_exist($bridgeif) || !does_interface_exist($interface)) { + return; + } + + if ($flagsapplied == false) { + $mtu = get_interface_mtu($bridgeif); + $mtum = get_interface_mtu($interface); + if ($mtu != $mtum && !(substr($interface, 0, 3) == "gif" && $mtu <= 1500)) { + pfSense_interface_mtu($interface, $mtu); + } + + hardware_offloading_applyflags($interface); + interfaces_bring_up($interface); + } + + pfSense_bridge_add_member($bridgeif, $interface); +} + +function interfaces_lagg_configure($realif = "") { + global $config, $g; + if (platform_booting()) { + echo gettext("Configuring LAGG interfaces..."); + } + $i = 0; + if (is_array($config['laggs']['lagg']) && count($config['laggs']['lagg'])) { + foreach ($config['laggs']['lagg'] as $lagg) { + if (empty($lagg['laggif'])) { + $lagg['laggif'] = "lagg{$i}"; + } + if (!empty($realif) && $realif != $lagg['laggif']) { + continue; + } + /* XXX: Maybe we should report any errors?! */ + interface_lagg_configure($lagg); + $i++; + } + } + if (platform_booting()) { + echo gettext("done.") . "\n"; + } +} + +function interface_lagg_configure($lagg) { + global $config, $g; + + if (!is_array($lagg)) { + return -1; + } + + $members = explode(',', $lagg['members']); + if (!count($members)) { + return -1; + } + + if (platform_booting() || !(empty($lagg['laggif']))) { + pfSense_interface_destroy($lagg['laggif']); + pfSense_interface_create($lagg['laggif']); + $laggif = $lagg['laggif']; + } else { + $laggif = pfSense_interface_create("lagg"); + } + + /* Check if MTU was defined for this lagg interface */ + $lagg_mtu = interface_find_child_cfgmtu($laggif); + if ($lagg_mtu == 0) { + /* Calculate smaller mtu and enforce it */ + $smallermtu = 0; + foreach ($members as $member) { + $mtu = get_interface_mtu($member); + if ($smallermtu == 0 && !empty($mtu)) { + $smallermtu = $mtu; + } else if (!empty($mtu) && $mtu < $smallermtu) { + $smallermtu = $mtu; + } + } + $lagg_mtu = $smallermtu; + } + + /* Just in case anything is not working well */ + if ($lagg_mtu == 0) { + $lagg_mtu = 1500; + } + + foreach ($members as $member) { + if (!does_interface_exist($member)) { + continue; + } + /* make sure the parent interface is up */ + pfSense_interface_mtu($member, $lagg_mtu); + interfaces_bring_up($member); + hardware_offloading_applyflags($member); + mwexec("/sbin/ifconfig " . escapeshellarg($laggif) . " laggport " . escapeshellarg($member)); + } + pfSense_interface_capabilities($laggif, -$flags_off); + pfSense_interface_capabilities($laggif, $flags_on); + + mwexec("/sbin/ifconfig {$laggif} laggproto " . escapeshellarg($lagg['proto'])); + + interfaces_bring_up($laggif); + + return $laggif; +} + +function interfaces_gre_configure($checkparent = 0, $realif = "") { + global $config; + + if (is_array($config['gres']['gre']) && count($config['gres']['gre'])) { + foreach ($config['gres']['gre'] as $i => $gre) { + if (empty($gre['greif'])) { + $gre['greif'] = "gre{$i}"; + } + if (!empty($realif) && $realif != $gre['greif']) { + continue; + } + + if ($checkparent == 1) { + if (substr($gre['if'], 0, 4) == '_vip') { + continue; + } + if (substr($gre['if'], 0, 5) == '_lloc') { + continue; + } + if (!empty($config['interfaces'][$gre['if']]) && $config['interfaces'][$gre['if']]['ipaddrv6'] == "track6") { + continue; + } + } else if ($checkparent == 2) { + if ((substr($gre['if'], 0, 4) != '_vip' && substr($gre['if'], 0, 5) != '_lloc') && + (empty($config['interfaces'][$gre['if']]) || $config['interfaces'][$gre['if']]['ipaddrv6'] != "track6")) { + continue; + } + } + /* XXX: Maybe we should report any errors?! */ + interface_gre_configure($gre); + } + } +} + +/* NOTE: $grekey is not used but useful for passing this function to array_walk. */ +function interface_gre_configure(&$gre, $grekey = "") { + global $config, $g; + + if (!is_array($gre)) { + return -1; + } + + $realif = get_real_interface($gre['if']); + $realifip = get_interface_ip($gre['if']); + + /* make sure the parent interface is up */ + interfaces_bring_up($realif); + + if (platform_booting() || !(empty($gre['greif']))) { + pfSense_interface_destroy($gre['greif']); + pfSense_interface_create($gre['greif']); + $greif = $gre['greif']; + } else { + $greif = pfSense_interface_create("gre"); + } + + /* Do not change the order here for more see gre(4) NOTES section. */ + mwexec("/sbin/ifconfig {$greif} tunnel {$realifip} " . escapeshellarg($gre['remote-addr'])); + if ((is_ipaddrv6($gre['tunnel-local-addr'])) || (is_ipaddrv6($gre['tunnel-remote-addr']))) { + /* XXX: The prefixlen argument for tunnels of ipv6 is useless since it needs to be 128 as enforced by kernel */ + //mwexec("/sbin/ifconfig {$greif} inet6 " . escapeshellarg($gre['tunnel-local-addr']) . " " . escapeshellarg($gre['tunnel-remote-addr']) . " prefixlen /" . escapeshellarg($gre['tunnel-remote-net'])); + mwexec("/sbin/ifconfig {$greif} inet6 " . escapeshellarg($gre['tunnel-local-addr']) . " " . escapeshellarg($gre['tunnel-remote-addr']) . " prefixlen 128"); + } else { + mwexec("/sbin/ifconfig {$greif} " . escapeshellarg($gre['tunnel-local-addr']) . " " . escapeshellarg($gre['tunnel-remote-addr']) . " netmask " . gen_subnet_mask($gre['tunnel-remote-net'])); + } + if (isset($gre['link0'])) { + pfSense_interface_flags($greif, IFF_LINK0); + } + if (isset($gre['link1'])) { + pfSense_interface_flags($greif, IFF_LINK1); + } + if (isset($gre['link2'])) { + pfSense_interface_flags($greif, IFF_LINK2); + } + + if ($greif) { + interfaces_bring_up($greif); + } else { + log_error(gettext("Could not bring greif up -- variable not defined.")); + } + + if (isset($gre['link1']) && $gre['link1']) { + mwexec("/sbin/route add " . escapeshellarg($gre['tunnel-remote-addr']) . "/" . escapeshellarg($gre['tunnel-remote-net']) . " " . escapeshellarg($gre['tunnel-local-addr'])); + } + if (is_ipaddrv4($gre['tunnel-remote-addr'])) { + file_put_contents("{$g['tmp_path']}/{$greif}_router", $gre['tunnel-remote-addr']); + } + if (is_ipaddrv6($gre['tunnel-remote-addr'])) { + file_put_contents("{$g['tmp_path']}/{$greif}_routerv6", $gre['tunnel-remote-addr']); + } + + interfaces_bring_up($greif); + + return $greif; +} + +function interfaces_gif_configure($checkparent = 0, $realif = "") { + global $config; + + if (is_array($config['gifs']['gif']) && count($config['gifs']['gif'])) { + foreach ($config['gifs']['gif'] as $i => $gif) { + if (empty($gif['gifif'])) { + $gre['gifif'] = "gif{$i}"; + } + if (!empty($realif) && $realif != $gif['gifif']) { + continue; + } + + if ($checkparent == 1) { + if (substr($gif['if'], 0, 4) == '_vip') { + continue; + } + if (substr($gif['if'], 0, 5) == '_lloc') { + continue; + } + if (!empty($config['interfaces'][$gif['if']]) && $config['interfaces'][$gif['if']]['ipaddrv6'] == "track6") { + continue; + } + } + else if ($checkparent == 2) { + if ((substr($gif['if'], 0, 4) != '_vip' && substr($gif['if'], 0, 5) != '_lloc') && + (empty($config['interfaces'][$gif['if']]) || $config['interfaces'][$gif['if']]['ipaddrv6'] != "track6")) { + continue; + } + } + /* XXX: Maybe we should report any errors?! */ + interface_gif_configure($gif); + } + } +} + +/* NOTE: $gifkey is not used but useful for passing this function to array_walk. */ +function interface_gif_configure(&$gif, $gifkey = "") { + global $config, $g; + + if (!is_array($gif)) { + return -1; + } + + $realif = get_real_interface($gif['if']); + $ipaddr = get_interface_ip($gif['if']); + + if (is_ipaddrv4($gif['remote-addr'])) { + if (is_ipaddrv4($ipaddr)) { + $realifip = $ipaddr; + } else { + $realifip = get_interface_ip($gif['if']); + } + $realifgw = get_interface_gateway($gif['if']); + } else if (is_ipaddrv6($gif['remote-addr'])) { + if (is_ipaddrv6($ipaddr)) { + $realifip = $ipaddr; + } else { + $realifip = get_interface_ipv6($gif['if']); + } + $realifgw = get_interface_gateway_v6($gif['if']); + } + /* make sure the parent interface is up */ + if ($realif) { + interfaces_bring_up($realif); + } else { + log_error(gettext("could not bring realif up -- variable not defined -- interface_gif_configure()")); + } + + if (platform_booting() || !(empty($gif['gifif']))) { + pfSense_interface_destroy($gif['gifif']); + pfSense_interface_create($gif['gifif']); + $gifif = $gif['gifif']; + } else { + $gifif = pfSense_interface_create("gif"); + } + + /* Do not change the order here for more see gif(4) NOTES section. */ + mwexec("/sbin/ifconfig {$gifif} tunnel {$realifip} " . escapeshellarg($gif['remote-addr'])); + if ((is_ipaddrv6($gif['tunnel-local-addr'])) || (is_ipaddrv6($gif['tunnel-remote-addr']))) { + /* XXX: The prefixlen argument for tunnels of ipv6 is useless since it needs to be 128 as enforced by kernel */ + //mwexec("/sbin/ifconfig {$gifif} inet6 " . escapeshellarg($gif['tunnel-local-addr']) . " " . escapeshellarg($gif['tunnel-remote-addr']) . " prefixlen /" . escapeshellarg($gif['tunnel-remote-net'])); + mwexec("/sbin/ifconfig {$gifif} inet6 " . escapeshellarg($gif['tunnel-local-addr']) . " " . escapeshellarg($gif['tunnel-remote-addr']) . " prefixlen 128"); + } else { + mwexec("/sbin/ifconfig {$gifif} " . escapeshellarg($gif['tunnel-local-addr']) . " " . escapeshellarg($gif['tunnel-remote-addr']) . " netmask " . gen_subnet_mask($gif['tunnel-remote-net'])); + } + if (isset($gif['link0'])) { + pfSense_interface_flags($gifif, IFF_LINK0); + } + if (isset($gif['link1'])) { + pfSense_interface_flags($gifif, IFF_LINK1); + } + if ($gifif) { + interfaces_bring_up($gifif); + } else { + log_error(gettext("could not bring gifif up -- variable not defined")); + } + + if (!platform_booting()) { + $iflist = get_configured_interface_list(); + foreach ($iflist as $ifname) { + if ($config['interfaces'][$ifname]['if'] == $gifif) { + if (get_interface_gateway($ifname)) { + system_routing_configure($ifname); + break; + } + if (get_interface_gateway_v6($ifname)) { + system_routing_configure($ifname); + break; + } + } + } + } + + + if (is_ipaddrv4($gif['tunnel-remote-addr'])) { + file_put_contents("{$g['tmp_path']}/{$gifif}_router", $gif['tunnel-remote-addr']); + } + if (is_ipaddrv6($gif['tunnel-remote-addr'])) { + file_put_contents("{$g['tmp_path']}/{$gifif}_routerv6", $gif['tunnel-remote-addr']); + } + + if (is_ipaddrv4($realifgw)) { + mwexec("/sbin/route change -host " . escapeshellarg($gif['remote-addr']) . " {$realifgw}"); + } + if (is_ipaddrv6($realifgw)) { + mwexec("/sbin/route change -host -inet6 " . escapeshellarg($gif['remote-addr']) . " {$realifgw}"); + } + + interfaces_bring_up($gifif); + + return $gifif; +} + +function interfaces_configure() { + global $config, $g; + + /* Set up our loopback interface */ + interfaces_loopback_configure(); + + /* create the unconfigured wireless clones */ + interfaces_create_wireless_clones(); + + /* set up LAGG virtual interfaces */ + interfaces_lagg_configure(); + + /* set up VLAN virtual interfaces */ + interfaces_vlan_configure(); + + interfaces_qinq_configure(); + + $iflist = get_configured_interface_with_descr(); + $delayed_list = array(); + $bridge_list = array(); + $track6_list = array(); + + /* This is needed to speedup interfaces on bootup. */ + $reload = false; + if (!platform_booting()) { + $reload = true; + } + + foreach ($iflist as $if => $ifname) { + $realif = $config['interfaces'][$if]['if']; + if (strstr($realif, "bridge")) { + $bridge_list[$if] = $ifname; + } else if (strstr($realif, "gre")) { + $delayed_list[$if] = $ifname; + } else if (strstr($realif, "gif")) { + $delayed_list[$if] = $ifname; + } else if (strstr($realif, "ovpn")) { + //echo "Delaying OpenVPN interface configuration...done.\n"; + continue; + } else if (!empty($config['interfaces'][$if]['ipaddrv6']) && $config['interfaces'][$if]['ipaddrv6'] == "track6") { + $track6_list[$if] = $ifname; + } else { + if (platform_booting()) { + printf(gettext("Configuring %s interface..."), $ifname); + } + + if ($g['debug']) { + log_error(sprintf(gettext("Configuring %s"), $ifname)); + } + interface_configure($if, $reload); + if (platform_booting()) { + echo gettext("done.") . "\n"; + } + } + } + + /* + * NOTE: The following function parameter consists of + * 1 - Do not load gre/gif/bridge with parent/member as vip + * 2 - Do load gre/gif/bridge with parent/member as vip + */ + + /* set up GRE virtual interfaces */ + interfaces_gre_configure(1); + + /* set up GIF virtual interfaces */ + interfaces_gif_configure(1); + + /* set up BRIDGe virtual interfaces */ + interfaces_bridge_configure(1); + + foreach ($track6_list as $if => $ifname) { + if (platform_booting()) { + printf(gettext("Configuring %s interface..."), $ifname); + } + if ($g['debug']) { + log_error(sprintf(gettext("Configuring %s"), $ifname)); + } + + interface_configure($if, $reload); + + if (platform_booting()) { + echo gettext("done.") . "\n"; + } + } + + /* bring up vip interfaces */ + interfaces_vips_configure(); + + /* set up GRE virtual interfaces */ + interfaces_gre_configure(2); + + /* set up GIF virtual interfaces */ + interfaces_gif_configure(2); + + foreach ($delayed_list as $if => $ifname) { + if (platform_booting()) { + printf(gettext("Configuring %s interface..."), $ifname); + } + if ($g['debug']) { + log_error(sprintf(gettext("Configuring %s"), $ifname)); + } + + interface_configure($if, $reload); + + if (platform_booting()) { + echo gettext("done.") . "\n"; + } + } + + /* set up BRIDGe virtual interfaces */ + interfaces_bridge_configure(2); + + foreach ($bridge_list as $if => $ifname) { + if (platform_booting()) { + printf(gettext("Configuring %s interface..."), $ifname); + } + if ($g['debug']) { + log_error(sprintf(gettext("Configuring %s"), $ifname)); + } + + interface_configure($if, $reload); + + if (platform_booting()) { + echo gettext("done.") . "\n"; + } + } + + /* configure interface groups */ + interfaces_group_setup(); + + if (!platform_booting()) { + /* reconfigure static routes (kernel may have deleted them) */ + system_routing_configure(); + + /* reload IPsec tunnels */ + vpn_ipsec_configure(); + + /* reload dhcpd (interface enabled/disabled status may have changed) */ + services_dhcpd_configure(); + + /* restart dnsmasq or unbound */ + if (isset($config['dnsmasq']['enable'])) { + services_dnsmasq_configure(); + } elseif (isset($config['unbound']['enable'])) { + services_unbound_configure(); + } + } + + return 0; +} + +function interface_reconfigure($interface = "wan", $reloadall = false) { + interface_bring_down($interface); + interface_configure($interface, $reloadall); +} + +function interface_vip_bring_down($vip) { + global $g; + + if (strpos($vip['interface'], '_vip')) { + if (is_ipaddrv6($vip['subnet'])) { + $family = 'inet6'; + } else { + $family = 'inet'; + } + + $carpvip = get_configured_carp_interface_list($vip['interface'], $family, 'vip'); + $iface = $carpvip['interface']; + } else { + $iface = $vip['interface']; + } + + $vipif = get_real_interface($iface); + switch ($vip['mode']) { + case "proxyarp": + if (file_exists("{$g['varrun_path']}/choparp_{$vipif}.pid")) { + killbypid("{$g['varrun_path']}/choparp_{$vipif}.pid"); + } + break; + case "ipalias": + if (does_interface_exist($vipif)) { + if (is_ipaddrv6($vip['subnet'])) { + mwexec("/sbin/ifconfig {$vipif} inet6 " . escapeshellarg($vip['subnet']) . " -alias"); + } else { + pfSense_interface_deladdress($vipif, $vip['subnet']); + } + } + break; + case "carp": + /* XXX: Is enough to delete ip address? */ + if (does_interface_exist($vipif)) { + if (is_ipaddrv6($vip['subnet'])) { + mwexec("/sbin/ifconfig {$vipif} inet6 " . escapeshellarg($vip['subnet']) . " delete"); + } else { + pfSense_interface_deladdress($vipif, $vip['subnet']); + } + } + break; + } +} + +function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg = false) { + global $config, $g; + + if (!isset($config['interfaces'][$interface])) { + return; + } + + if ($g['debug']) { + log_error("Calling interface down for interface {$interface}, destroy is " . (($destroy) ? 'true' : 'false')); + } + + /* + * NOTE: The $realifv6 is needed when WANv4 is type PPP and v6 is DHCP and the option v6 from v4 is used. + * In this case the real $realif of v4 is different from that of v6 for operation. + * Keep this in mind while doing changes here! + */ + if ($ifacecfg === false) { + $ifcfg = $config['interfaces'][$interface]; + $ppps = $config['ppps']['ppp']; + $realif = get_real_interface($interface); + $realifv6 = get_real_interface($interface, "inet6", true); + } elseif (!is_array($ifacecfg)) { + log_error(gettext("Wrong parameters used during interface_bring_down")); + $ifcfg = $config['interfaces'][$interface]; + $ppps = $config['ppps']['ppp']; + $realif = get_real_interface($interface); + $realifv6 = get_real_interface($interface, "inet6", true); + } else { + $ifcfg = $ifacecfg['ifcfg']; + $ppps = $ifacecfg['ppps']; + if (isset($ifacecfg['ifcfg']['realif'])) { + $realif = $ifacecfg['ifcfg']['realif']; + /* XXX: Any better way? */ + $realifv6 = $realif; + } else { + $realif = get_real_interface($interface); + $realifv6 = get_real_interface($interface, "inet6", true); + } + } + + switch ($ifcfg['ipaddr']) { + case "ppp": + case "pppoe": + case "pptp": + case "l2tp": + if (is_array($ppps) && count($ppps)) { + foreach ($ppps as $pppid => $ppp) { + if ($realif == $ppp['if']) { + if (isset($ppp['ondemand']) && !$destroy) { + send_event("interface reconfigure {$interface}"); + break; + } + if (file_exists("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid")) { + killbypid("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid"); + sleep(2); + } + unlink_if_exists("{$g['varetc_path']}/mpd_{$interface}.conf"); + break; + } + } + } + break; + case "dhcp": + kill_dhclient_process($realif); + unlink_if_exists("{$g['varetc_path']}/dhclient_{$interface}.conf"); + if (does_interface_exist("$realif")) { + mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " delete", true); + interface_ipalias_cleanup($interface); + if ($destroy == true) { + pfSense_interface_flags($realif, -IFF_UP); + } + mwexec("/usr/sbin/arp -d -i " . escapeshellarg($realif) . " -a"); + } + break; + default: + if (does_interface_exist("$realif")) { + mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " delete", true); + interface_ipalias_cleanup($interface); + if ($destroy == true) { + pfSense_interface_flags($realif, -IFF_UP); + } + mwexec("/usr/sbin/arp -d -i " . escapeshellarg($realif) . " -a"); + } + break; + } + + $track6 = array(); + switch ($ifcfg['ipaddrv6']) { + case "slaac": + case "dhcp6": + $pidv6 = find_dhcp6c_process($realif); + if ($pidv6) { + posix_kill($pidv6, SIGTERM); + } + sleep(3); + unlink_if_exists("{$g['varetc_path']}/dhcp6c_{$interface}.conf"); + unlink_if_exists("{$g['varetc_path']}/dhcp6c_{$interface}_script.sh"); + unlink_if_exists("{$g['varetc_path']}/rtsold_{$realifv6}_script.sh"); + if (does_interface_exist($realifv6)) { + $ip6 = find_interface_ipv6($realifv6); + if (is_ipaddrv6($ip6) && $ip6 != "::") { + mwexec("/sbin/ifconfig " . escapeshellarg($realifv6) . " inet6 {$ip6} delete", true); + } + interface_ipalias_cleanup($interface, "inet6"); + if ($destroy == true) { + pfSense_interface_flags($realif, -IFF_UP); + } + //mwexec("/usr/sbin/arp -d -i " . escapeshellarg($realif) . " -a"); + } + $track6 = link_interface_to_track6($interface); + break; + case "6rd": + case "6to4": + $realif = "{$interface}_stf"; + if (does_interface_exist("$realif")) { + /* destroy stf interface if tunnel is being disabled or tunnel type is being changed */ + if (($ifcfg['ipaddrv6'] == '6rd' && (!isset($config['interfaces'][$interface]['ipaddrv6']) || $config['interfaces'][$interface]['ipaddrv6'] != '6rd')) || + ($ifcfg['ipaddrv6'] == '6to4' && (!isset($config['interfaces'][$interface]['ipaddrv6']) || $config['interfaces'][$interface]['ipaddrv6'] != '6to4'))) { + $destroy = true; + } else { + /* get_interface_ipv6() returns empty value if interface is being disabled */ + $ip6 = get_interface_ipv6($interface); + if (is_ipaddrv6($ip6)) { + mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " inet6 {$ip6} delete", true); + } + } + interface_ipalias_cleanup($interface, "inet6"); + if ($destroy == true) { + pfSense_interface_flags($realif, -IFF_UP); + } + } + $track6 = link_interface_to_track6($interface); + break; + default: + if (does_interface_exist("$realif")) { + $ip6 = get_interface_ipv6($interface); + if (is_ipaddrv6($ip6)) { + mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " inet6 {$ip6} delete", true); + } + if (!empty($ifcfg['ipaddrv6']) && is_ipaddrv6($ifcfg['ipaddrv6'])) { + mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " inet6 {$ifcfg['ipaddrv6']} delete", true); + } + interface_ipalias_cleanup($interface, "inet6"); + if ($destroy == true) { + pfSense_interface_flags($realif, -IFF_UP); + } + //mwexec("/usr/sbin/arp -d -i " . escapeshellarg($realif) . " -a"); + } + $track6 = link_interface_to_track6($interface); + break; + } + + if (!empty($track6) && is_array($track6)) { + if (!function_exists('services_dhcpd_configure')) { + require_once('services.inc'); + } + /* Bring down radvd and dhcp6 on these interfaces */ + services_dhcpd_configure('inet6', $track6); + } + + $old_router = ''; + if (file_exists("{$g['tmp_path']}/{$realif}_router")) { + $old_router = trim(file_get_contents("{$g['tmp_path']}/{$realif}_router")); + } + + /* remove interface up file if it exists */ + unlink_if_exists("{$g['tmp_path']}/{$realif}up"); + unlink_if_exists("{$g['vardb_path']}/{$interface}ip"); + unlink_if_exists("{$g['vardb_path']}/{$interface}ipv6"); + unlink_if_exists("{$g['tmp_path']}/{$realif}_router"); + unlink_if_exists("{$g['tmp_path']}/{$realif}_routerv6"); + unlink_if_exists("{$g['varetc_path']}/nameserver_{$realif}"); + unlink_if_exists("{$g['varetc_path']}/searchdomain_{$realif}"); + + /* hostapd and wpa_supplicant do not need to be running when the interface is down. + * They will also use 100% CPU if running after the wireless clone gets deleted. */ + if (is_array($ifcfg['wireless'])) { + kill_hostapd($realif); + mwexec(kill_wpasupplicant($realif)); + } + + if ($destroy == true) { + if (preg_match("/^[a-z0-9]+^tun|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_stf$/i", $realif)) { + pfSense_interface_destroy($realif); + } + } + + return; +} + +function interfaces_carp_set_maintenancemode($carp_maintenancemode) { + global $config; + if (isset($config["virtualip_carp_maintenancemode"]) && $carp_maintenancemode == false) { + unset($config["virtualip_carp_maintenancemode"]); + write_config("Leave CARP maintenance mode"); + } else if (!isset($config["virtualip_carp_maintenancemode"]) && $carp_maintenancemode == true) { + $config["virtualip_carp_maintenancemode"] = true; + write_config("Enter CARP maintenance mode"); + } + + $viparr = &$config['virtualip']['vip']; + foreach ($viparr as $vip) { + if ($vip['mode'] == "carp") { + interface_carp_configure($vip); + } + } +} + +function interface_isppp_type($interface) { + global $config; + + if (!is_array($config['interfaces'][$interface])) { + return false; + } + + switch ($config['interfaces'][$interface]['ipaddr']) { + case 'pptp': + case 'l2tp': + case 'pppoe': + case 'ppp': + return true; + break; + default: + return false; + break; + } +} + +function interfaces_ptpid_used($ptpid) { + global $config; + + if (is_array($config['ppps']['ppp'])) { + foreach ($config['ppps']['ppp'] as & $settings) { + if ($ptpid == $settings['ptpid']) { + return true; + } + } + } + + return false; +} + +function interfaces_ptpid_next() { + + $ptpid = 0; + while (interfaces_ptpid_used($ptpid)) { + $ptpid++; + } + + return $ptpid; +} + +function getMPDCRONSettings($pppif) { + global $config; + + $cron_cmd_file = "{$g['varetc_path']}/pppoe_restart_{$pppif}"; + if (is_array($config['cron']['item'])) { + foreach ($config['cron']['item'] as $i => $item) { + if (stripos($item['command'], $cron_cmd_file) !== false) { + return array("ID" => $i, "ITEM" => $item); + } + } + } + + return NULL; +} + +function handle_pppoe_reset($post_array) { + global $config, $g; + + $pppif = "{$post_array['type']}{$post_array['ptpid']}"; + $cron_cmd_file = "{$g['varetc_path']}/pppoe_restart_{$pppif}"; + + if (!is_array($config['cron']['item'])) { + $config['cron']['item'] = array(); + } + + $itemhash = getMPDCRONSettings($pppif); + + // reset cron items if necessary and return + if (empty($post_array['pppoe-reset-type'])) { + if (isset($itemhash)) { + unset($config['cron']['item'][$itemhash['ID']]); + } + sigkillbypid("{$g['varrun_path']}/cron.pid", "HUP"); + return; + } + + if (empty($itemhash)) { + $itemhash = array(); + } + $item = array(); + if (isset($post_array['pppoe-reset-type']) && $post_array['pppoe-reset-type'] == "custom") { + $item['minute'] = $post_array['pppoe_resetminute']; + $item['hour'] = $post_array['pppoe_resethour']; + if (isset($post_array['pppoe_resetdate']) && $post_array['pppoe_resetdate'] <> "") { + $date = explode("/", $post_array['pppoe_resetdate']); + $item['mday'] = $date[1]; + $item['month'] = $date[0]; + } else { + $item['mday'] = "*"; + $item['month'] = "*"; + } + $item['wday'] = "*"; + $item['who'] = "root"; + $item['command'] = $cron_cmd_file; + } else if (isset($post_array['pppoe-reset-type']) && $post_array['pppoe-reset-type'] == "preset") { + switch ($post_array['pppoe_pr_preset_val']) { + case "monthly": + $item['minute'] = "0"; + $item['hour'] = "0"; + $item['mday'] = "1"; + $item['month'] = "*"; + $item['wday'] = "*"; + break; + case "weekly": + $item['minute'] = "0"; + $item['hour'] = "0"; + $item['mday'] = "*"; + $item['month'] = "*"; + $item['wday'] = "0"; + break; + case "daily": + $item['minute'] = "0"; + $item['hour'] = "0"; + $item['mday'] = "*"; + $item['month'] = "*"; + $item['wday'] = "*"; + break; + case "hourly": + $item['minute'] = "0"; + $item['hour'] = "*"; + $item['mday'] = "*"; + $item['month'] = "*"; + $item['wday'] = "*"; + break; + } // end switch + $item['who'] = "root"; + $item['command'] = $cron_cmd_file; + } + if (empty($item)) { + return; + } + if (isset($itemhash['ID'])) { + $config['cron']['item'][$itemhash['ID']] = $item; + } else { + $config['cron']['item'][] = $item; + } +} + +/* + * This function can configure PPPoE, MLPPP (PPPoE), PPTP. + * It writes the mpd config file to /var/etc every time the link is opened. + */ +function interface_ppps_configure($interface) { + global $config, $g; + + /* Return for unassigned interfaces. This is a minimum requirement. */ + if (empty($config['interfaces'][$interface])) { + return 0; + } + $ifcfg = $config['interfaces'][$interface]; + if (!isset($ifcfg['enable'])) { + return 0; + } + + // mpd5 requires a /var/spool/lock directory for PPP modem links. + if (!is_dir("/var/spool/lock")) { + mkdir("/var/spool/lock", 0777, true); + } + // mpd5 modem chat script expected in the same directory as the mpd_xxx.conf files + if (!file_exists("{$g['varetc_path']}/mpd.script")) { + @symlink("/usr/local/sbin/mpd.script", "{$g['varetc_path']}/mpd.script"); + } + + if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { + foreach ($config['ppps']['ppp'] as $pppid => $ppp) { + if ($ifcfg['if'] == $ppp['if']) { + break; + } + } + } + if (!$ppp || $ifcfg['if'] != $ppp['if']) { + log_error(sprintf(gettext("Can't find PPP config for %s in interface_ppps_configure()."), $ifcfg['if'])); + return 0; + } + $pppif = $ifcfg['if']; + if ($ppp['type'] == "ppp") { + $type = "modem"; + } else { + $type = $ppp['type']; + } + $upper_type = strtoupper($ppp['type']); + + /* XXX: This does not make sense and may create trouble + * comment it for now to be removed later on. + if (platform_booting()) { + $descr = isset($ifcfg['descr']) ? $ifcfg['descr'] : strtoupper($interface); + echo "starting {$pppif} link..."; + if (isvalidpid("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid")) + return 0; + } + */ + + $ports = explode(',', $ppp['ports']); + if ($type != "modem") { + foreach ($ports as $pid => $port) { + $ports[$pid] = get_real_interface($port); + if (empty($ports[$pid])) { + return 0; + } + } + } + $localips = explode(',', $ppp['localip']); + $gateways = explode(',', $ppp['gateway']); + $subnets = explode(',', $ppp['subnet']); + + /* We bring up the parent interface first because if DHCP is configured on the parent we need + * to obtain an address first so we can write it in the mpd .conf file for PPTP and L2TP configs + */ + foreach ($ports as $pid => $port) { + switch ($ppp['type']) { + case "pppoe": + /* Bring the parent interface up */ + interfaces_bring_up($port); + pfSense_ngctl_attach(".", $port); + /* Enable setautosrc to automatically change mac address if parent interface's changes */ + mwexec("ngctl msg {$port}: setautosrc 1"); + break; + case "pptp": + case "l2tp": + /* configure interface */ + if (is_ipaddr($localips[$pid])) { + // Manually configure interface IP/subnet + pfSense_interface_setaddress($port, "{$localips[$pid]}/{$subnets[$pid]}"); + interfaces_bring_up($port); + } else if (empty($localips[$pid])) { + $localips[$pid] = get_interface_ip($port); // try to get the interface IP from the port + } + + if (!is_ipaddr($localips[$pid])) { + log_error("Could not get a Local IP address for PPTP/L2TP link on {$port} in interfaces_ppps_configure. Using 0.0.0.0 ip!"); + $localips[$pid] = "0.0.0.0"; + } + if (!is_ipaddr($gateways[$pid])) { + log_error(sprintf(gettext('Could not get a PPTP/L2TP Remote IP address from %1$s for %2$s in interfaces_ppps_configure.'), $dhcp_gateway, $gway)); + return 0; + } + pfSense_ngctl_attach(".", $port); + break; + case "ppp": + if (!file_exists("{$port}")) { + log_error(sprintf(gettext("Device %s does not exist. PPP link cannot start without the modem device."), $port)); + return 0; + } + break; + default: + log_error(sprintf(gettext("Unknown %s configured as ppp interface."), $type)); + break; + } + } + + if (is_array($ports) && count($ports) > 1) { + $multilink = "enable"; + } else { + $multilink = "disable"; + } + + if ($type == "modem") { + if (is_ipaddr($ppp['localip'])) { + $localip = $ppp['localip']; + } else { + $localip = '0.0.0.0'; + } + + if (is_ipaddr($ppp['gateway'])) { + $gateway = $ppp['gateway']; + } else { + $gateway = "10.64.64.{$pppid}"; + } + $ranges = "{$localip}/0 {$gateway}/0"; + + if (empty($ppp['apnum'])) { + $ppp['apnum'] = 1; + } + } else { + $ranges = "0.0.0.0/0 0.0.0.0/0"; + } + + if (isset($ppp['ondemand'])) { + $ondemand = "enable"; + } else { + $ondemand = "disable"; + } + if (!isset($ppp['idletimeout'])) { + $ppp['idletimeout'] = 0; + } + + if (empty($ppp['username']) && $type == "modem") { + $ppp['username'] = "user"; + $ppp['password'] = "none"; + } + if (empty($ppp['password']) && $type == "modem") { + $passwd = "none"; + } else { + $passwd = base64_decode($ppp['password']); + } + + $bandwidths = explode(',', $ppp['bandwidth']); + $defaultmtu = "1492"; + if (!empty($ifcfg['mtu'])) { + $defaultmtu = intval($ifcfg['mtu']); + } + $mtus = explode(',', $ppp['mtu']); + $mrus = explode(',', $ppp['mru']); + + if (isset($ppp['mrru'])) { + $mrrus = explode(',', $ppp['mrru']); + } + + // Construct the mpd.conf file + $mpdconf = <<<EOD +startup: + # configure the console + set console close + # configure the web server + set web close + +default: +{$ppp['type']}client: + create bundle static {$interface} + set bundle enable ipv6cp + set iface name {$pppif} + +EOD; + $setdefaultgw = false; + $founddefaultgw = false; + if (is_array($config['gateways']['gateway_item'])) { + foreach ($config['gateways']['gateway_item'] as $gateway) { + if ($interface == $gateway['interface'] && isset($gateway['defaultgw'])) { + $setdefaultgw = true; + break; + } else if (isset($gateway['defaultgw']) && !empty($gateway['interface'])) { + $founddefaultgw = true; + break; + } + } + } + + if (($interface == "wan" && $founddefaultgw == false) || $setdefaultgw == true) { + $setdefaultgw = true; + $mpdconf .= <<<EOD + set iface route default + +EOD; + } + $mpdconf .= <<<EOD + set iface {$ondemand} on-demand + set iface idle {$ppp['idletimeout']} + +EOD; + + if (isset($ppp['ondemand'])) { + $mpdconf .= <<<EOD + set iface addrs 10.10.1.1 10.10.1.2 + +EOD; + } + + if (isset($ppp['tcpmssfix'])) { + $tcpmss = "disable"; + } else { + $tcpmss = "enable"; + } + $mpdconf .= <<<EOD + set iface {$tcpmss} tcpmssfix + +EOD; + + $mpdconf .= <<<EOD + set iface up-script /usr/local/sbin/ppp-linkup + set iface down-script /usr/local/sbin/ppp-linkdown + set ipcp ranges {$ranges} + +EOD; + if (isset($ppp['vjcomp'])) { + $mpdconf .= <<<EOD + set ipcp no vjcomp + +EOD; + } + + if (isset($config['system']['dnsallowoverride'])) { + $mpdconf .= <<<EOD + set ipcp enable req-pri-dns + set ipcp enable req-sec-dns + +EOD; + } + + if (!isset($ppp['verbose_log'])) { + $mpdconf .= <<<EOD + #log -bund -ccp -chat -iface -ipcp -lcp -link + +EOD; + } + + foreach ($ports as $pid => $port) { + $port = get_real_interface($port); + $mpdconf .= <<<EOD + + create link static {$interface}_link{$pid} {$type} + set link action bundle {$interface} + set link {$multilink} multilink + set link keep-alive 10 60 + set link max-redial 0 + +EOD; + if (isset($ppp['shortseq'])) { + $mpdconf .= <<<EOD + set link no shortseq + +EOD; + } + + if (isset($ppp['acfcomp'])) { + $mpdconf .= <<<EOD + set link no acfcomp + +EOD; + } + + if (isset($ppp['protocomp'])) { + $mpdconf .= <<<EOD + set link no protocomp + +EOD; + } + + $mpdconf .= <<<EOD + set link disable chap pap + set link accept chap pap eap + set link disable incoming + +EOD; + + + if (!empty($bandwidths[$pid])) { + $mpdconf .= <<<EOD + set link bandwidth {$bandwidths[$pid]} + +EOD; + } + + if (empty($mtus[$pid])) { + $mtus[$pid] = $defaultmtu; + } + $mpdconf .= <<<EOD + set link mtu {$mtus[$pid]} + +EOD; + + if (!empty($mrus[$pid])) { + $mpdconf .= <<<EOD + set link mru {$mrus[$pid]} + +EOD; + } + + if (!empty($mrrus[$pid])) { + $mpdconf .= <<<EOD + set link mrru {$mrrus[$pid]} + +EOD; + } + + $mpdconf .= <<<EOD + set auth authname "{$ppp['username']}" + set auth password {$passwd} + +EOD; + if ($type == "modem") { + $mpdconf .= <<<EOD + set modem device {$ppp['ports']} + set modem script DialPeer + set modem idle-script Ringback + set modem watch -cd + set modem var \$DialPrefix "DT" + set modem var \$Telephone "{$ppp['phone']}" + +EOD; + } + if (isset($ppp['connect-timeout']) && $type == "modem") { + $mpdconf .= <<<EOD + set modem var \$ConnectTimeout "{$ppp['connect-timeout']}" + +EOD; + } + if (isset($ppp['initstr']) && $type == "modem") { + $initstr = base64_decode($ppp['initstr']); + $mpdconf .= <<<EOD + set modem var \$InitString "{$initstr}" + +EOD; + } + if (isset($ppp['simpin']) && $type == "modem") { + if ($ppp['pin-wait'] == "") { + $ppp['pin-wait'] = 0; + } + $mpdconf .= <<<EOD + set modem var \$SimPin "{$ppp['simpin']}" + set modem var \$PinWait "{$ppp['pin-wait']}" + +EOD; + } + if (isset($ppp['apn']) && $type == "modem") { + $mpdconf .= <<<EOD + set modem var \$APN "{$ppp['apn']}" + set modem var \$APNum "{$ppp['apnum']}" + +EOD; + } + if ($type == "pppoe") { + // Send a null service name if none is set. + $provider = isset($ppp['provider']) ? $ppp['provider'] : ""; + $mpdconf .= <<<EOD + set pppoe service "{$provider}" + +EOD; + } + if ($type == "pppoe") { + $mpdconf .= <<<EOD + set pppoe iface {$port} + +EOD; + } + + if ($type == "pptp" || $type == "l2tp") { + $mpdconf .= <<<EOD + set {$type} self {$localips[$pid]} + set {$type} peer {$gateways[$pid]} + +EOD; + } + + $mpdconf .= "\topen\n"; + } //end foreach ($port) + + + /* Generate mpd.conf. If mpd_[interface].conf exists in the conf path, then link to it instead of generating a fresh conf file. */ + if (file_exists("{$g['conf_path']}/mpd_{$interface}.conf")) { + @symlink("{$g['conf_path']}/mpd_{$interface}.conf", "{$g['varetc_path']}/mpd_{$interface}.conf"); + } else { + $fd = fopen("{$g['varetc_path']}/mpd_{$interface}.conf", "w"); + if (!$fd) { + log_error(sprintf(gettext("Error: cannot open mpd_%s.conf in interface_ppps_configure().%s"), $interface, "\n")); + return 0; + } + // Write out mpd_ppp.conf + fwrite($fd, $mpdconf); + fclose($fd); + unset($mpdconf); + } + + // Create the uptime log if requested and if it doesn't exist already, or delete it if it is no longer requested. + if (isset($ppp['uptime'])) { + if (!file_exists("/conf/{$pppif}.log")) { + conf_mount_rw(); + file_put_contents("/conf/{$pppif}.log", ''); + conf_mount_ro(); + } + } else { + if (file_exists("/conf/{$pppif}.log")) { + conf_mount_rw(); + @unlink("/conf/{$pppif}.log"); + conf_mount_ro(); + } + } + + /* clean up old lock files */ + foreach ($ports as $port) { + if (file_exists("{$g['var_path']}/spool/lock/LCK..{$port}")) { + unlink("{$g['var_path']}/spool/lock/LCK..{$port}"); + } + } + + /* fire up mpd */ + mwexec("/usr/local/sbin/mpd5 -b -k -d {$g['varetc_path']} -f mpd_{$interface}.conf -p {$g['varrun_path']}/" . + escapeshellarg($ppp['type']) . "_{$interface}.pid -s ppp " . escapeshellarg($ppp['type']) . "client"); + + // Check for PPPoE periodic reset request + if ($type == "pppoe") { + if (!empty($ppp['pppoe-reset-type'])) { + interface_setup_pppoe_reset_file($ppp['if'], $interface); + } else { + interface_setup_pppoe_reset_file($ppp['if']); + } + } + /* wait for upto 10 seconds for the interface to appear (ppp(oe)) */ + $i = 0; + while ($i < 3) { + sleep(10); + if (does_interface_exist($ppp['if'], true)) { + break; + } + $i++; + } + + /* we only support the 3gstats.php for huawei modems for now. Will add more later. */ + /* We should be able to launch the right version for each modem */ + /* We can also guess the mondev from the manufacturer */ + exec("usbconfig | egrep -ie '(huawei)'", $usbmodemoutput); + mwexec("/bin/ps auxww|grep \"{$interface}\" |grep \"[3]gstats\" | awk '{print $2}' |xargs kill"); + foreach ($ports as $port) { + if (preg_match("/huawei/i", implode("\n", $usbmodemoutput))) { + $mondev = substr(basename($port), 0, -1); + $devlist = glob("/dev/{$mondev}?"); + $mondev = basename(end($devlist)); + } + if (preg_match("/zte/i", implode("\n", $usbmodemoutput))) { + $mondev = substr(basename($port), 0, -1) . "1"; + } + if ($mondev != '') { + log_error("Starting 3gstats.php on device '{$mondev}' for interface '{$interface}'"); + mwexec_bg("/usr/local/bin/3gstats.php {$mondev} {$interface}"); + } + } + + return 1; +} + +function interfaces_sync_setup() { + global $g, $config; + + if (isset($config['system']['developerspew'])) { + $mt = microtime(); + echo "interfaces_sync_setup() being called $mt\n"; + } + + if (platform_booting()) { + echo gettext("Configuring CARP settings..."); + mute_kernel_msgs(); + } + + /* suck in configuration items */ + if ($config['hasync']) { + $pfsyncenabled = $config['hasync']['pfsyncenabled']; + $pfsyncinterface = $config['hasync']['pfsyncinterface']; + $pfsyncpeerip = $config['hasync']['pfsyncpeerip']; + } else { + unset($pfsyncinterface); + unset($pfsyncenabled); + } + + set_sysctl(array( + "net.inet.carp.preempt" => "1", + "net.inet.carp.log" => "1") + ); + + if (!empty($pfsyncinterface)) { + $carp_sync_int = get_real_interface($pfsyncinterface); + } else { + unset($carp_sync_int); + } + + /* setup pfsync interface */ + if (isset($carp_sync_int) and isset($pfsyncenabled)) { + if (is_ipaddr($pfsyncpeerip)) { + $syncpeer = "syncpeer {$pfsyncpeerip}"; + } else { + $syncpeer = "-syncpeer"; + } + + mwexec("/sbin/ifconfig pfsync0 syncdev {$carp_sync_int} {$syncpeer} up", false); + mwexec("/sbin/ifconfig pfsync0 -defer", false); + + sleep(1); + + /* XXX: Handle an issue with pfsync(4) and carp(4). In a cluster carp will come up before pfsync(4) has updated and so will cause issues + * for existing sessions. + */ + log_error("waiting for pfsync..."); + $i = 0; + while (intval(trim(`/sbin/ifconfig pfsync0 | /usr/bin/grep 'syncok: 0' | /usr/bin/grep -v grep | /usr/bin/wc -l`)) == 0 && $i < 30) { + $i++; + sleep(1); + } + log_error("pfsync done in $i seconds."); + log_error("Configuring CARP settings finalize..."); + } else { + mwexec("/sbin/ifconfig pfsync0 -syncdev -syncpeer down", false); + } + + if ($config['virtualip']['vip']) { + set_single_sysctl("net.inet.carp.allow", "1"); + } else { + set_single_sysctl("net.inet.carp.allow", "0"); + } + + if (platform_booting()) { + unmute_kernel_msgs(); + echo gettext("done.") . "\n"; + } +} + +function interface_proxyarp_configure($interface = "") { + global $config, $g; + if (isset($config['system']['developerspew'])) { + $mt = microtime(); + echo "interface_proxyarp_configure() being called $mt\n"; + } + + /* kill any running choparp */ + if (empty($interface)) { + killbyname("choparp"); + } else { + $vipif = get_real_interface($interface); + if (file_exists("{$g['varrun_path']}/choparp_{$vipif}.pid")) { + killbypid("{$g['varrun_path']}/choparp_{$vipif}.pid"); + } + } + + $paa = array(); + if (!empty($config['virtualip']) && is_array($config['virtualip']['vip'])) { + + /* group by interface */ + foreach ($config['virtualip']['vip'] as $vipent) { + if ($vipent['mode'] === "proxyarp") { + if ($vipent['interface']) { + $proxyif = $vipent['interface']; + } else { + $proxyif = "wan"; + } + + if (!empty($interface) && $interface != $proxyif) { + continue; + } + + if (!is_array($paa[$proxyif])) { + $paa[$proxyif] = array(); + } + + $paa[$proxyif][] = $vipent; + } + } + } + + if (!empty($interface)) { + if (is_array($paa[$interface])) { + $paaifip = get_interface_ip($interface); + if (!is_ipaddr($paaifip)) { + return; + } + $args = get_real_interface($interface) . " auto"; + foreach ($paa[$interface] as $paent) { + if (isset($paent['subnet'])) { + $args .= " " . escapeshellarg("{$paent['subnet']}/{$paent['subnet_bits']}"); + } else if (isset($paent['range'])) { + $args .= " " . escapeshellarg($paent['range']['from'] . "-" . $paent['range']['to']); + } + } + mwexec_bg("/usr/local/sbin/choparp " . $args); + } + } else if (count($paa) > 0) { + foreach ($paa as $paif => $paents) { + $paaifip = get_interface_ip($paif); + if (!is_ipaddr($paaifip)) { + continue; + } + $args = get_real_interface($paif) . " auto"; + foreach ($paents as $paent) { + if (isset($paent['subnet'])) { + $args .= " " . escapeshellarg("{$paent['subnet']}/{$paent['subnet_bits']}"); + } else if (isset($paent['range'])) { + $args .= " " . escapeshellarg($paent['range']['from'] . "-" . $paent['range']['to']); + } + } + mwexec_bg("/usr/local/sbin/choparp " . $args); + } + } +} + +function interface_ipalias_cleanup($interface, $inet = "inet4") { + global $g, $config; + + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $vip) { + if ($vip['mode'] == "ipalias" && $vip['interface'] == $interface) { + if ($inet == "inet6" && is_ipaddrv6($vip['subnet'])) { + interface_vip_bring_down($vip); + } else if ($inet == "inet4" && is_ipaddrv4($vip['subnet'])) { + interface_vip_bring_down($vip); + } + } + } + } +} + +function interfaces_vips_configure($interface = "") { + global $g, $config; + if (isset($config['system']['developerspew'])) { + $mt = microtime(); + echo "interfaces_vips_configure() being called $mt\n"; + } + $paa = array(); + if (is_array($config['virtualip']['vip'])) { + $carp_setuped = false; + $anyproxyarp = false; + foreach ($config['virtualip']['vip'] as $vip) { + switch ($vip['mode']) { + case "proxyarp": + /* nothing it is handled on interface_proxyarp_configure() */ + if ($interface <> "" && $vip['interface'] <> $interface) { + continue; + } + $anyproxyarp = true; + break; + case "ipalias": + if ($interface <> "" && $vip['interface'] <> $interface) { + continue; + } + interface_ipalias_configure($vip); + break; + case "carp": + if ($interface <> "" && $vip['interface'] <> $interface) { + continue; + } + if ($carp_setuped == false) { + $carp_setuped = true; + } + interface_carp_configure($vip); + break; + } + } + if ($carp_setuped == true) { + interfaces_sync_setup(); + } + if ($anyproxyarp == true) { + interface_proxyarp_configure(); + } + } +} + +function interface_ipalias_configure(&$vip) { + global $config; + + if ($vip['mode'] != 'ipalias') { + return; + } + + if ($vip['interface'] != 'lo0' && stripos($vip['interface'], '_vip') === false) { + if (!isset($config['interfaces'][$vip['interface']])) { + return; + } + + if (!isset($config['interfaces'][$vip['interface']]['enable'])) { + return; + } + } + + $af = 'inet'; + if (is_ipaddrv6($vip['subnet'])) { + $af = 'inet6'; + } + $iface = $vip['interface']; + $vipadd = ''; + if (strpos($vip['interface'], '_vip')) { + $carpvip = get_configured_carp_interface_list($vip['interface'], $af, 'vip'); + $iface = $carpvip['interface']; + $vipadd = "vhid {$carpvip['vhid']}"; + } + $if = get_real_interface($iface); + mwexec("/sbin/ifconfig " . escapeshellarg($if) ." {$af} ". escapeshellarg($vip['subnet']) ."/" . escapeshellarg($vip['subnet_bits']) . " alias {$vipadd}"); + unset($iface, $af, $if, $carpvip, $vipadd); +} + +function interface_reload_carps($cif) { + global $config; + + $carpifs = link_ip_to_carp_interface(find_interface_ip($cif)); + if (empty($carpifs)) { + return; + } + + $carps = explode(" ", $carpifs); + if (is_array($config['virtualip']['vip'])) { + $viparr = &$config['virtualip']['vip']; + foreach ($viparr as $vip) { + if (in_array($vip['carpif'], $carps)) { + switch ($vip['mode']) { + case "carp": + interface_vip_bring_down($vip); + sleep(1); + interface_carp_configure($vip); + break; + case "ipalias": + interface_vip_bring_down($vip); + sleep(1); + interface_ipalias_configure($vip); + break; + } + } + } + } +} + +function interface_carp_configure(&$vip) { + global $config, $g; + if (isset($config['system']['developerspew'])) { + $mt = microtime(); + echo "interface_carp_configure() being called $mt\n"; + } + + if ($vip['mode'] != "carp") { + return; + } + + /* NOTE: Maybe its useless nowadays */ + $realif = get_real_interface($vip['interface']); + if (!does_interface_exist($realif)) { + file_notice("CARP", sprintf(gettext("Interface specified for the virtual IP address %s does not exist. Skipping this VIP."), $vip['subnet']), "Firewall: Virtual IP", ""); + return; + } + + $vip_password = $vip['password']; + $vip_password = escapeshellarg(addslashes(str_replace(" ", "", $vip_password))); + if ($vip['password'] != "") { + $password = " pass {$vip_password}"; + } + + $advbase = ""; + if (!empty($vip['advbase'])) { + $advbase = "advbase " . escapeshellarg($vip['advbase']); + } + + $carp_maintenancemode = isset($config["virtualip_carp_maintenancemode"]); + if ($carp_maintenancemode) { + $advskew = "advskew 254"; + } else { + $advskew = "advskew " . escapeshellarg($vip['advskew']); + } + + mwexec("/sbin/ifconfig {$realif} vhid " . escapeshellarg($vip['vhid']) . " {$advskew} {$advbase} {$password}"); + + if (is_ipaddrv4($vip['subnet'])) { + mwexec("/sbin/ifconfig {$realif} " . escapeshellarg($vip['subnet']) . "/" . escapeshellarg($vip['subnet_bits']) . " alias vhid " . escapeshellarg($vip['vhid'])); + } else if (is_ipaddrv6($vip['subnet'])) { + mwexec("/sbin/ifconfig {$realif} inet6 " . escapeshellarg($vip['subnet']) . " prefixlen " . escapeshellarg($vip['subnet_bits']) . " alias vhid " . escapeshellarg($vip['vhid'])); + } + + return $realif; +} + +function interface_wireless_clone($realif, $wlcfg) { + global $config, $g; + /* Check to see if interface has been cloned as of yet. + * If it has not been cloned then go ahead and clone it. + */ + $needs_clone = false; + if (is_array($wlcfg['wireless'])) { + $wlcfg_mode = $wlcfg['wireless']['mode']; + } else { + $wlcfg_mode = $wlcfg['mode']; + } + switch ($wlcfg_mode) { + case "hostap": + $mode = "wlanmode hostap"; + break; + case "adhoc": + $mode = "wlanmode adhoc"; + break; + default: + $mode = ""; + break; + } + $baseif = interface_get_wireless_base($wlcfg['if']); + if (does_interface_exist($realif)) { + exec("/sbin/ifconfig " . escapeshellarg($realif), $output, $ret); + $ifconfig_str = implode($output); + if (($wlcfg_mode == "hostap") && (!preg_match("/hostap/si", $ifconfig_str))) { + log_error(sprintf(gettext("Interface %s changed to hostap mode"), $realif)); + $needs_clone = true; + } + if (($wlcfg_mode == "adhoc") && (!preg_match("/adhoc/si", $ifconfig_str))) { + log_error(sprintf(gettext("Interface %s changed to adhoc mode"), $realif)); + $needs_clone = true; + } + if (($wlcfg_mode == "bss") && (preg_match("/hostap|adhoc/si", $ifconfig_str))) { + log_error(sprintf(gettext("Interface %s changed to infrastructure mode"), $realif)); + $needs_clone = true; + } + } else { + $needs_clone = true; + } + + if ($needs_clone == true) { + /* remove previous instance if it exists */ + if (does_interface_exist($realif)) { + pfSense_interface_destroy($realif); + } + + log_error(sprintf(gettext("Cloning new wireless interface %s"), $realif)); + // Create the new wlan interface. FreeBSD returns the new interface name. + // example: wlan2 + exec("/sbin/ifconfig wlan create wlandev {$baseif} {$mode} bssid 2>&1", $out, $ret); + if ($ret <> 0) { + log_error(sprintf(gettext('Failed to clone interface %1$s with error code %2$s, output %3$s'), $baseif, $ret, $out[0])); + return false; + } + $newif = trim($out[0]); + // Rename the interface to {$parentnic}_wlan{$number}#: EX: ath0_wlan0 + pfSense_interface_rename($newif, $realif); + file_put_contents("{$g['tmp_path']}/{$realif}_oldmac", get_interface_mac($realif)); + } + return true; +} + +function interface_sync_wireless_clones(&$ifcfg, $sync_changes = false) { + global $config, $g; + + $shared_settings = array('standard', 'turbo', 'protmode', 'txpower', 'channel', + 'diversity', 'txantenna', 'rxantenna', 'distance', + 'regdomain', 'regcountry', 'reglocation'); + + if (!is_interface_wireless($ifcfg['if'])) { + return; + } + + $baseif = interface_get_wireless_base($ifcfg['if']); + + // Sync shared settings for assigned clones + $iflist = get_configured_interface_list(false, true); + foreach ($iflist as $if) { + if ($baseif == interface_get_wireless_base($config['interfaces'][$if]['if']) && $ifcfg['if'] != $config['interfaces'][$if]['if']) { + if (isset($config['interfaces'][$if]['wireless']['standard']) || $sync_changes) { + foreach ($shared_settings as $setting) { + if ($sync_changes) { + if (isset($ifcfg['wireless'][$setting])) { + $config['interfaces'][$if]['wireless'][$setting] = $ifcfg['wireless'][$setting]; + } else if (isset($config['interfaces'][$if]['wireless'][$setting])) { + unset($config['interfaces'][$if]['wireless'][$setting]); + } + } else { + if (isset($config['interfaces'][$if]['wireless'][$setting])) { + $ifcfg['wireless'][$setting] = $config['interfaces'][$if]['wireless'][$setting]; + } else if (isset($ifcfg['wireless'][$setting])) { + unset($ifcfg['wireless'][$setting]); + } + } + } + if (!$sync_changes) { + break; + } + } + } + } + + // Read or write settings at shared area + if (isset($config['wireless']['interfaces'][$baseif]) && is_array($config['wireless']['interfaces'][$baseif])) { + foreach ($shared_settings as $setting) { + if ($sync_changes) { + if (isset($ifcfg['wireless'][$setting])) { + $config['wireless']['interfaces'][$baseif][$setting] = $ifcfg['wireless'][$setting]; + } else if (isset($config['wireless']['interfaces'][$baseif][$setting])) { + unset($config['wireless']['interfaces'][$baseif][$setting]); + } + } else if (isset($config['wireless']['interfaces'][$baseif][$setting])) { + if (isset($config['wireless']['interfaces'][$baseif][$setting])) { + $ifcfg['wireless'][$setting] = $config['wireless']['interfaces'][$baseif][$setting]; + } else if (isset($ifcfg['wireless'][$setting])) { + unset($ifcfg['wireless'][$setting]); + } + } + } + } + + // Sync the mode on the clone creation page with the configured mode on the interface + if (interface_is_wireless_clone($ifcfg['if']) && isset($config['wireless']['clone']) && is_array($config['wireless']['clone'])) { + foreach ($config['wireless']['clone'] as &$clone) { + if ($clone['cloneif'] == $ifcfg['if']) { + if ($sync_changes) { + $clone['mode'] = $ifcfg['wireless']['mode']; + } else { + $ifcfg['wireless']['mode'] = $clone['mode']; + } + break; + } + } + unset($clone); + } +} + +function interface_wireless_configure($if, &$wl, &$wlcfg) { + global $config, $g; + + /* open up a shell script that will be used to output the commands. + * since wireless is changing a lot, these series of commands are fragile + * and will sometimes need to be verified by a operator by executing the command + * and returning the output of the command to the developers for inspection. please + * do not change this routine from a shell script to individual exec commands. -sullrich + */ + + // Remove script file + unlink_if_exists("{$g['tmp_path']}/{$if}_setup.sh"); + + // Clone wireless nic if needed. + interface_wireless_clone($if, $wl); + + // Reject inadvertent changes to shared settings in case the interface hasn't been configured. + interface_sync_wireless_clones($wl, false); + + $fd_set = fopen("{$g['tmp_path']}/{$if}_setup.sh", "w"); + fwrite($fd_set, "#!/bin/sh\n"); + fwrite($fd_set, "# {$g['product_name']} wireless configuration script.\n\n"); + + $wlan_setup_log = fopen("{$g['tmp_path']}/{$if}_setup.log", "w"); + + /* set values for /path/program */ + $hostapd = "/usr/sbin/hostapd"; + $wpa_supplicant = "/usr/sbin/wpa_supplicant"; + $ifconfig = "/sbin/ifconfig"; + $sysctl = "/sbin/sysctl"; + $killall = "/usr/bin/killall"; + + /* Set all wireless ifconfig variables (split up to get rid of needed checking) */ + + $wlcmd = array(); + $wl_sysctl = array(); + /* Make sure it's up */ + $wlcmd[] = "up"; + /* Set a/b/g standard */ + $standard = str_replace(" Turbo", "", $wlcfg['standard']); + /* skip mode entirely for "auto" */ + if ($wlcfg['standard'] != "auto") { + $wlcmd[] = "mode " . escapeshellarg($standard); + } + + /* XXX: Disable ampdu for now on mwl when running in 11n mode + * to prevent massive packet loss under certain conditions. */ + if (preg_match("/^mwl/i", $if) && ($standard == "11ng" || $standard == "11na")) { + $wlcmd[] = "-ampdu"; + } + + /* Set ssid */ + if ($wlcfg['ssid']) { + $wlcmd[] = "ssid " .escapeshellarg($wlcfg['ssid']); + } + + /* Set 802.11g protection mode */ + $wlcmd[] = "protmode " . escapeshellarg($wlcfg['protmode']); + + /* set wireless channel value */ + if (isset($wlcfg['channel'])) { + if ($wlcfg['channel'] == "0") { + $wlcmd[] = "channel any"; + } else { + $wlcmd[] = "channel " . escapeshellarg($wlcfg['channel']); + } + } + + /* Set antenna diversity value */ + if (isset($wlcfg['diversity'])) { + $wl_sysctl[] = "diversity=" . escapeshellarg($wlcfg['diversity']); + } + + /* Set txantenna value */ + if (isset($wlcfg['txantenna'])) { + $wl_sysctl[] = "txantenna=" . escapeshellarg($wlcfg['txantenna']); + } + + /* Set rxantenna value */ + if (isset($wlcfg['rxantenna'])) { + $wl_sysctl[] = "rxantenna=" . escapeshellarg($wlcfg['rxantenna']); + } + + /* set Distance value */ + if ($wlcfg['distance']) { + $distance = escapeshellarg($wlcfg['distance']); + } + + /* Set wireless hostap mode */ + if ($wlcfg['mode'] == "hostap") { + $wlcmd[] = "mediaopt hostap"; + } else { + $wlcmd[] = "-mediaopt hostap"; + } + + /* Set wireless adhoc mode */ + if ($wlcfg['mode'] == "adhoc") { + $wlcmd[] = "mediaopt adhoc"; + } else { + $wlcmd[] = "-mediaopt adhoc"; + } + + /* Not necessary to set BSS mode as this is default if adhoc and/or hostap is NOT set */ + + /* handle hide ssid option */ + if (isset($wlcfg['hidessid']['enable'])) { + $wlcmd[] = "hidessid"; + } else { + $wlcmd[] = "-hidessid"; + } + + /* handle pureg (802.11g) only option */ + if (isset($wlcfg['pureg']['enable'])) { + $wlcmd[] = "mode 11g pureg"; + } else { + $wlcmd[] = "-pureg"; + } + + /* handle puren (802.11n) only option */ + if (isset($wlcfg['puren']['enable'])) { + $wlcmd[] = "puren"; + } else { + $wlcmd[] = "-puren"; + } + + /* enable apbridge option */ + if (isset($wlcfg['apbridge']['enable'])) { + $wlcmd[] = "apbridge"; + } else { + $wlcmd[] = "-apbridge"; + } + + /* handle turbo option */ + if (isset($wlcfg['turbo']['enable'])) { + $wlcmd[] = "mediaopt turbo"; + } else { + $wlcmd[] = "-mediaopt turbo"; + } + + /* handle txpower setting */ + // or don't. this has issues at the moment. + /* + if ($wlcfg['txpower'] <> "" && is_numeric($wlcfg['txpower'])) { + $wlcmd[] = "txpower " . escapeshellarg($wlcfg['txpower']); + }*/ + + /* handle wme option */ + if (isset($wlcfg['wme']['enable'])) { + $wlcmd[] = "wme"; + } else { + $wlcmd[] = "-wme"; + } + + /* set up wep if enabled */ + $wepset = ""; + if (isset($wlcfg['wep']['enable']) && is_array($wlcfg['wep']['key'])) { + switch ($wlcfg['wpa']['auth_algs']) { + case "1": + $wepset .= "authmode open wepmode on "; + break; + case "2": + $wepset .= "authmode shared wepmode on "; + break; + case "3": + $wepset .= "authmode mixed wepmode on "; + } + $i = 1; + foreach ($wlcfg['wep']['key'] as $wepkey) { + $wepset .= "wepkey " . escapeshellarg("{$i}:{$wepkey['value']}") . " "; + if (isset($wepkey['txkey'])) { + $wlcmd[] = "weptxkey {$i} "; + } + $i++; + } + $wlcmd[] = $wepset; + } else if (isset($wlcfg['wpa']['enable'])) { + $wlcmd[] = "authmode wpa wepmode off "; + } else { + $wlcmd[] = "authmode open wepmode off "; + } + + kill_hostapd($if); + mwexec(kill_wpasupplicant("{$if}")); + + /* generate wpa_supplicant/hostap config if wpa is enabled */ + conf_mount_rw(); + + switch ($wlcfg['mode']) { + case 'bss': + if (isset($wlcfg['wpa']['enable'])) { + $wpa .= <<<EOD +ctrl_interface={$g['varrun_path']}/wpa_supplicant +ctrl_interface_group=0 +ap_scan=1 +#fast_reauth=1 +network={ +ssid="{$wlcfg['ssid']}" +scan_ssid=1 +priority=5 +key_mgmt={$wlcfg['wpa']['wpa_key_mgmt']} +psk="{$wlcfg['wpa']['passphrase']}" +pairwise={$wlcfg['wpa']['wpa_pairwise']} +group={$wlcfg['wpa']['wpa_pairwise']} +} +EOD; + + @file_put_contents("{$g['varetc_path']}/wpa_supplicant_{$if}.conf", $wpa); + unset($wpa); + } + break; + case 'hostap': + if (!empty($wlcfg['wpa']['passphrase'])) { + $wpa_passphrase = "wpa_passphrase={$wlcfg['wpa']['passphrase']}\n"; + } else { + $wpa_passphrase = ""; + } + if (isset($wlcfg['wpa']['enable'])) { + $wpa .= <<<EOD +interface={$if} +driver=bsd +logger_syslog=-1 +logger_syslog_level=0 +logger_stdout=-1 +logger_stdout_level=0 +dump_file={$g['tmp_path']}/hostapd_{$if}.dump +ctrl_interface={$g['varrun_path']}/hostapd +ctrl_interface_group=wheel +#accept_mac_file={$g['tmp_path']}/hostapd_{$if}.accept +#deny_mac_file={$g['tmp_path']}/hostapd_{$if}.deny +#macaddr_acl={$wlcfg['wpa']['macaddr_acl']} +ssid={$wlcfg['ssid']} +debug={$wlcfg['wpa']['debug_mode']} +auth_algs={$wlcfg['wpa']['auth_algs']} +wpa={$wlcfg['wpa']['wpa_mode']} +wpa_key_mgmt={$wlcfg['wpa']['wpa_key_mgmt']} +wpa_pairwise={$wlcfg['wpa']['wpa_pairwise']} +wpa_group_rekey={$wlcfg['wpa']['wpa_group_rekey']} +wpa_gmk_rekey={$wlcfg['wpa']['wpa_gmk_rekey']} +wpa_strict_rekey={$wlcfg['wpa']['wpa_strict_rekey']} +{$wpa_passphrase} + +EOD; + + if (isset($wlcfg['wpa']['rsn_preauth'])) { + $wpa .= <<<EOD +# Enable the next lines for preauth when roaming. Interface = wired or wireless interface talking to the AP you want to roam from/to +rsn_preauth=1 +rsn_preauth_interfaces={$if} + +EOD; + } + if (is_array($wlcfg['wpa']['ieee8021x']) && isset($wlcfg['wpa']['ieee8021x']['enable'])) { + $wpa .= "ieee8021x=1\n"; + + if (!empty($wlcfg['auth_server_addr']) && !empty($wlcfg['auth_server_shared_secret'])) { + $auth_server_port = "1812"; + if (!empty($wlcfg['auth_server_port']) && is_numeric($wlcfg['auth_server_port'])) { + $auth_server_port = intval($wlcfg['auth_server_port']); + } + $wpa .= <<<EOD + +auth_server_addr={$wlcfg['auth_server_addr']} +auth_server_port={$auth_server_port} +auth_server_shared_secret={$wlcfg['auth_server_shared_secret']} + +EOD; + if (!empty($wlcfg['auth_server_addr2']) && !empty($wlcfg['auth_server_shared_secret2'])) { + $auth_server_port2 = "1812"; + if (!empty($wlcfg['auth_server_port2']) && is_numeric($wlcfg['auth_server_port2'])) { + $auth_server_port2 = intval($wlcfg['auth_server_port2']); + } + + $wpa .= <<<EOD +auth_server_addr={$wlcfg['auth_server_addr2']} +auth_server_port={$auth_server_port2} +auth_server_shared_secret={$wlcfg['auth_server_shared_secret2']} + +EOD; + } + } + } + + @file_put_contents("{$g['varetc_path']}/hostapd_{$if}.conf", $wpa); + unset($wpa); + } + break; + } + + /* + * all variables are set, lets start up everything + */ + + $baseif = interface_get_wireless_base($if); + preg_match("/^(.*?)([0-9]*)$/", $baseif, $baseif_split); + $wl_sysctl_prefix = 'dev.' . $baseif_split[1] . '.' . $baseif_split[2]; + + /* set sysctls for the wireless interface */ + if (!empty($wl_sysctl)) { + fwrite($fd_set, "# sysctls for {$baseif}\n"); + foreach ($wl_sysctl as $wl_sysctl_line) { + fwrite($fd_set, "{$sysctl} {$wl_sysctl_prefix}.{$wl_sysctl_line}\n"); + } + } + + /* set ack timers according to users preference (if he/she has any) */ + if ($distance) { + fwrite($fd_set, "# Enable ATH distance settings\n"); + fwrite($fd_set, "/sbin/athctrl.sh -i {$baseif} -d {$distance}\n"); + } + + if (isset($wlcfg['wpa']['enable'])) { + if ($wlcfg['mode'] == "bss") { + fwrite($fd_set, "{$wpa_supplicant} -B -i {$if} -c {$g['varetc_path']}/wpa_supplicant_{$if}.conf\n"); + } + if ($wlcfg['mode'] == "hostap") { + /* add line to script to restore old mac to make hostapd happy */ + if (file_exists("{$g['tmp_path']}/{$if}_oldmac")) { + $if_oldmac = file_get_contents("{$g['tmp_path']}/{$if}_oldmac"); + if (is_macaddr($if_oldmac)) { + fwrite($fd_set, "{$ifconfig} " . escapeshellarg($if) . + " link " . escapeshellarg($if_oldmac) . "\n"); + } + } + + fwrite($fd_set, "{$hostapd} -B -P {$g['varrun_path']}/hostapd_{$if}.pid {$g['varetc_path']}/hostapd_{$if}.conf\n"); + + /* add line to script to restore spoofed mac after running hostapd */ + if (file_exists("{$g['tmp_path']}/{$if}_oldmac")) { + if ($wl['spoofmac']) { + $if_curmac = $wl['spoofmac']; + } else { + $if_curmac = get_interface_mac($if); + } + if (is_macaddr($if_curmac)) { + fwrite($fd_set, "{$ifconfig} " . escapeshellarg($if) . + " link " . escapeshellarg($if_curmac) . "\n"); + } + } + } + } + + fclose($fd_set); + conf_mount_ro(); + + /* Making sure regulatory settings have actually changed + * before applying, because changing them requires bringing + * down all wireless networks on the interface. */ + exec("{$ifconfig} " . escapeshellarg($if), $output); + $ifconfig_str = implode($output); + unset($output); + $reg_changing = false; + + /* special case for the debug country code */ + if ($wlcfg['regcountry'] == 'DEBUG' && !preg_match("/\sregdomain\s+DEBUG\s/si", $ifconfig_str)) { + $reg_changing = true; + } else if ($wlcfg['regdomain'] && !preg_match("/\sregdomain\s+{$wlcfg['regdomain']}\s/si", $ifconfig_str)) { + $reg_changing = true; + } else if ($wlcfg['regcountry'] && !preg_match("/\scountry\s+{$wlcfg['regcountry']}\s/si", $ifconfig_str)) { + $reg_changing = true; + } else if ($wlcfg['reglocation'] == 'anywhere' && preg_match("/\s(indoor|outdoor)\s/si", $ifconfig_str)) { + $reg_changing = true; + } else if ($wlcfg['reglocation'] && $wlcfg['reglocation'] != 'anywhere' && !preg_match("/\s{$wlcfg['reglocation']}\s/si", $ifconfig_str)) { + $reg_changing = true; + } + + if ($reg_changing) { + /* set regulatory domain */ + if ($wlcfg['regdomain']) { + $wlregcmd[] = "regdomain " . escapeshellarg($wlcfg['regdomain']); + } + + /* set country */ + if ($wlcfg['regcountry']) { + $wlregcmd[] = "country " . escapeshellarg($wlcfg['regcountry']); + } + + /* set location */ + if ($wlcfg['reglocation']) { + $wlregcmd[] = escapeshellarg($wlcfg['reglocation']); + } + + $wlregcmd_args = implode(" ", $wlregcmd); + + /* build a complete list of the wireless clones for this interface */ + $clone_list = array(); + if (does_interface_exist(interface_get_wireless_clone($baseif))) { + $clone_list[] = interface_get_wireless_clone($baseif); + } + if (isset($config['wireless']['clone']) && is_array($config['wireless']['clone'])) { + foreach ($config['wireless']['clone'] as $clone) { + if ($clone['if'] == $baseif) { + $clone_list[] = $clone['cloneif']; + } + } + } + + /* find which clones are up and bring them down */ + $clones_up = array(); + foreach ($clone_list as $clone_if) { + $clone_status = pfSense_get_interface_addresses($clone_if); + if ($clone_status['status'] == 'up') { + $clones_up[] = $clone_if; + mwexec("{$ifconfig} " . escapeshellarg($clone_if) . " down"); + } + } + + /* apply the regulatory settings */ + mwexec("{$ifconfig} " . escapeshellarg($if) . " {$wlregcmd_args}"); + fwrite($wlan_setup_log, "$ifconfig" . escapeshellarg($if) . "$wlregcmd_args \n"); + + /* bring the clones back up that were previously up */ + foreach ($clones_up as $clone_if) { + interfaces_bring_up($clone_if); + + /* + * Rerun the setup script for the interface if it isn't this interface, the interface + * is in infrastructure mode, and WPA is enabled. + * This can be removed if wpa_supplicant stops dying when you bring the interface down. + */ + if ($clone_if != $if) { + $friendly_if = convert_real_interface_to_friendly_interface_name($clone_if); + if ((!empty($friendly_if)) && + ($config['interfaces'][$friendly_if]['wireless']['mode'] == "bss") && + (isset($config['interfaces'][$friendly_if]['wireless']['wpa']['enable']))) { + mwexec("/bin/sh {$g['tmp_path']}/" . escapeshellarg($clone_if) . "_setup.sh"); + } + } + } + } + + /* 20150318 cmb - Note: the below no longer appears to be true on FreeBSD 10.x, so don't set + * mode twice (for now at least). This can be removed entirely in the future if no problems are found + + * The mode must be specified in a separate command before ifconfig + * will allow the mode and channel at the same time in the next. */ + //mwexec("/sbin/ifconfig " . escapeshellarg($if) . " mode " . escapeshellarg($standard)); + //fwrite($wlan_setup_log, "/sbin/ifconfig " . escapeshellarg($if) . " mode " . escapeshellarg($standard) . "\n"); + + /* configure wireless */ + $wlcmd_args = implode(" ", $wlcmd); + mwexec("/sbin/ifconfig " . escapeshellarg($if) . " " . $wlcmd_args, false); + fwrite($wlan_setup_log, "/sbin/ifconfig " . escapeshellarg($if) . " " . "$wlcmd_args \n"); + fclose($wlan_setup_log); + + unset($wlcmd_args, $wlcmd); + + + sleep(1); + /* execute hostapd and wpa_supplicant if required in shell */ + mwexec("/bin/sh {$g['tmp_path']}/" . escapeshellarg($if) . "_setup.sh"); + + return 0; + +} + +function kill_hostapd($interface) { + global $g; + + if (isvalidpid("{$g['varrun_path']}/hostapd_{$interface}.pid")) { + return killbypid("{$g['varrun_path']}/hostapd_{$interface}.pid"); + } +} + +function kill_wpasupplicant($interface) { + return "/bin/pkill -f \"wpa_supplicant .*{$interface}\\.conf\"\n"; +} + +function find_dhclient_process($interface) { + if ($interface) { + $pid = `/bin/pgrep -axf "dhclient: {$interface}"`; + } else { + $pid = 0; + } + + return intval($pid); +} + +function kill_dhclient_process($interface) { + if (empty($interface) || !does_interface_exist($interface)) { + return; + } + + $i = 0; + while ((($pid = find_dhclient_process($interface)) != 0) && ($i < 3)) { + /* 3rd time make it die for sure */ + $sig = ($i == 2 ? SIGKILL : SIGTERM); + posix_kill($pid, $sig); + sleep(1); + $i++; + } + unset($i); +} + +function find_dhcp6c_process($interface) { + global $g; + + if ($interface && isvalidpid("{$g['varrun_path']}/dhcp6c_{$interface}.pid")) { + $pid = trim(file_get_contents("{$g['varrun_path']}/dhcp6c_{$interface}.pid"), " \n"); + } else { + return(false); + } + + return intval($pid); +} + +function interface_virtual_create($interface) { + global $config; + + if (strstr($interface, "_vlan")) { + interfaces_vlan_configure($vlan); + } else if (substr($interface, 0, 3) == "gre") { + interfaces_gre_configure(0, $interface); + } else if (substr($interface, 0, 3) == "gif") { + interfaces_gif_configure(0, $interface); + } else if (substr($interface, 0, 5) == "ovpns") { + if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'])) { + foreach ($config['openvpn']['openvpn-server'] as $server) { + if ($interface == "ovpns{$server['vpnid']}") { + if (!function_exists('openvpn_resync')) { + require_once('openvpn.inc'); + } + log_error("OpenVPN: Resync server {$server['description']}"); + openvpn_resync('server', $server); + } + } + unset($server); + } + } else if (substr($interface, 0, 5) == "ovpnc") { + if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'])) { + foreach ($config['openvpn']['openvpn-client'] as $client) { + if ($interface == "ovpnc{$client['vpnid']}") { + if (!function_exists('openvpn_resync')) { + require_once('openvpn.inc'); + } + log_error("OpenVPN: Resync server {$client['description']}"); + openvpn_resync('client', $client); + } + } + unset($client); + } + } else if (substr($interface, 0, 4) == "lagg") { + interfaces_lagg_configure($interface); + } else if (substr($interface, 0, 6) == "bridge") { + interfaces_bridge_configure(0, $interface); + } +} + +function interface_vlan_mtu_configured($realhwif, $mtu) { + global $config; + + if (is_array($config['vlans']) && is_array($config['vlans']['vlan'])) { + foreach ($config['vlans']['vlan'] as $vlan) { + if ($vlan['if'] != $realhwif) { + continue; + } + $assignedport = convert_real_interface_to_friendly_interface_name($vlan['vlanif']); + if (!empty($assignedport) && !empty($config['interfaces'][$assignedport]['mtu'])) { + if (intval($config['interfaces'][$assignedport]['mtu']) > $mtu) { + $mtu = $config['interfaces'][$assignedport]['mtu']; + } + } + } + } + + return $mtu; +} + +function interface_vlan_adapt_mtu($vlanifs, $mtu) { + global $config; + + if (!is_array($vlanifs)) { + return; + } + + /* All vlans need to use the same mtu value as their parent. */ + foreach ($vlanifs as $vlan) { + $assignedport = convert_real_interface_to_friendly_interface_name($vlan['vlanif']); + if (!empty($assignedport)) { + if (!empty($config['interfaces'][$assignedport]['mtu'])) { + pfSense_interface_mtu($vlan['vlanif'], $config['interfaces'][$assignedport]['mtu']); + } else { + if (get_interface_mtu($vlan['vlanif']) != $mtu) { + pfSense_interface_mtu($vlan['vlanif'], $mtu); + } + } + } else if (get_interface_mtu($vlan['vlanif']) != $mtu) { + pfSense_interface_mtu($vlan['vlanif'], $mtu); + } + } +} + +function interface_configure($interface = "wan", $reloadall = false, $linkupevent = false) { + global $config, $g; + global $interface_sn_arr_cache, $interface_ip_arr_cache; + global $interface_snv6_arr_cache, $interface_ipv6_arr_cache; + + $wancfg = $config['interfaces'][$interface]; + + if (!isset($wancfg['enable'])) { + return; + } + + $realif = get_real_interface($interface); + $realhwif_array = get_parent_interface($interface); + // Need code to handle MLPPP if we ever use $realhwif for MLPPP handling + $realhwif = $realhwif_array[0]; + + if (!platform_booting() && !(substr($realif, 0, 4) == "ovpn")) { + /* remove all IPv4 and IPv6 addresses */ + $tmpifaces = pfSense_getall_interface_addresses($realif); + if (is_array($tmpifaces)) { + foreach ($tmpifaces as $tmpiface) { + if (is_ipaddrv6($tmpiface) || is_subnetv6($tmpiface)) { + if (!is_linklocal($tmpiface)) { + mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " inet6 {$tmpiface} delete"); + } + } else { + if (is_subnetv4($tmpiface)) { + $tmpip = explode('/', $tmpiface); + $tmpip = $tmpip[0]; + } else { + $tmpip = $tmpiface; + } + pfSense_interface_deladdress($realif, $tmpip); + } + } + } + + /* only bring down the interface when both v4 and v6 are set to NONE */ + if (empty($wancfg['ipaddr']) && empty($wancfg['ipaddrv6'])) { + interface_bring_down($interface); + } + } + + $interface_to_check = $realif; + if (interface_isppp_type($interface)) { + $interface_to_check = $realhwif; + } + + /* Need to check that the interface exists or not in the case where its coming back from disabled state see #3270 */ + if (!platform_booting() && (in_array(substr($realif, 0, 3), array("gre", "gif")) || !does_interface_exist($interface_to_check))) { + interface_virtual_create($interface_to_check); + } + + /* Disable Accepting router advertisements unless specifically requested */ + if ($g['debug']) { + log_error("Deny router advertisements for interface {$interface}"); + } + mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " inet6 -accept_rtadv", true); + + /* wireless configuration? */ + if (is_array($wancfg['wireless'])) { + interface_wireless_configure($realif, $wancfg, $wancfg['wireless']); + } + + $mac = get_interface_mac($realhwif); + /* + * Don't try to reapply the spoofed MAC if it's already applied. + * When ifconfig link is used, it cycles the interface down/up, which triggers + * the interface config again, which attempts to spoof the MAC again, + * which cycles the link again... + */ + if ($wancfg['spoofmac'] && ($wancfg['spoofmac'] != $mac)) { + mwexec("/sbin/ifconfig " . escapeshellarg($realhwif) . + " link " . escapeshellarg($wancfg['spoofmac'])); + } else { + + if ($mac == "ff:ff:ff:ff:ff:ff") { + /* this is not a valid mac address. generate a + * temporary mac address so the machine can get online. + */ + echo gettext("Generating new MAC address."); + $random_mac = generate_random_mac_address(); + mwexec("/sbin/ifconfig " . escapeshellarg($realhwif) . + " link " . escapeshellarg($random_mac)); + $wancfg['spoofmac'] = $random_mac; + write_config(); + file_notice("MAC Address altered", sprintf(gettext('The INVALID MAC address (ff:ff:ff:ff:ff:ff) on interface %1$s has been automatically replaced with %2$s'), $realif, $random_mac), "Interfaces"); + } + } + + /* media */ + if ($wancfg['media'] || $wancfg['mediaopt']) { + $cmd = "/sbin/ifconfig " . escapeshellarg($realhwif); + if ($wancfg['media']) { + $cmd .= " media " . escapeshellarg($wancfg['media']); + } + if ($wancfg['mediaopt']) { + $cmd .= " mediaopt " . escapeshellarg($wancfg['mediaopt']); + } + mwexec($cmd); + } + + /* Apply hw offloading policies as configured */ + enable_hardware_offloading($interface); + + /* invalidate interface/ip/sn cache */ + get_interface_arr(true); + unset($interface_ip_arr_cache[$realif]); + unset($interface_sn_arr_cache[$realif]); + unset($interface_ipv6_arr_cache[$realif]); + unset($interface_snv6_arr_cache[$realif]); + + $tunnelif = substr($realif, 0, 3); + + if (does_interface_exist($wancfg['if'])) { + interfaces_bring_up($wancfg['if']); + } + + if (!empty($wancfg['mtu'])) { + if (stristr($realif, "_vlan")) { + $assignedparent = convert_real_interface_to_friendly_interface_name($realhwif); + if (!empty($assignedparent) && !empty($config['interfaces'][$assignedparent]['mtu'])) { + $parentmtu = $config['interfaces'][$assignedparent]['mtu']; + if ($wancfg['mtu'] > $parentmtu) { + log_error("There is a conflict on MTU between parent {$realhwif} and VLAN({$realif})"); + } + } else { + $parentmtu = 0; + } + + $parentmtu = interface_vlan_mtu_configured($realhwif, $parentmtu); + + if (get_interface_mtu($realhwif) != $parentmtu) { + pfSense_interface_mtu($realhwif, $parentmtu); + } + + /* All vlans need to use the same mtu value as their parent. */ + interface_vlan_adapt_mtu(link_interface_to_vlans($realhwif), $parentmtu); + } else if (substr($realif, 0, 4) == 'lagg') { + /* LAGG interface must be destroyed and re-created to change MTU */ + if ($wancfg['mtu'] != get_interface_mtu($realif)) { + if (isset($config['laggs']['lagg']) && is_array($config['laggs']['lagg'])) { + foreach ($config['laggs']['lagg'] as $lagg) { + if ($lagg['laggif'] == $realif) { + interface_lagg_configure($lagg); + break; + } + } + } + } + } else { + if ($wancfg['mtu'] != get_interface_mtu($realif)) { + pfSense_interface_mtu($realif, $wancfg['mtu']); + } + + /* This case is needed when the parent of vlans is being configured */ + $vlans = link_interface_to_vlans($realif); + if (is_array($vlans)) { + interface_vlan_adapt_mtu($vlans, $wancfg['mtu']); + } + unset($vlans); + } + /* XXX: What about gre/gif/.. ? */ + } + + switch ($wancfg['ipaddr']) { + case 'dhcp': + interface_dhcp_configure($interface); + break; + case 'pppoe': + case 'l2tp': + case 'pptp': + case 'ppp': + interface_ppps_configure($interface); + break; + default: + /* XXX: Kludge for now related to #3280 */ + if (!in_array($tunnelif, array("gif", "gre", "ovp"))) { + if (is_ipaddrv4($wancfg['ipaddr']) && $wancfg['subnet'] <> "") { + pfSense_interface_setaddress($realif, "{$wancfg['ipaddr']}/{$wancfg['subnet']}"); + } + } + break; + } + + switch ($wancfg['ipaddrv6']) { + case 'slaac': + case 'dhcp6': + interface_dhcpv6_configure($interface, $wancfg); + break; + case '6rd': + interface_6rd_configure($interface, $wancfg); + break; + case '6to4': + interface_6to4_configure($interface, $wancfg); + break; + case 'track6': + interface_track6_configure($interface, $wancfg, $linkupevent); + break; + default: + /* XXX: Kludge for now related to #3280 */ + if (!in_array($tunnelif, array("gif", "gre", "ovp"))) { + if (is_ipaddrv6($wancfg['ipaddrv6']) && $wancfg['subnetv6'] <> "") { + //pfSense_interface_setaddress($realif, "{$wancfg['ipaddrv6']}/{$wancfg['subnetv6']}"); + // FIXME: Add IPv6 Support to the pfSense module + mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " inet6 {$wancfg['ipaddrv6']} prefixlen " . escapeshellarg($wancfg['subnetv6'])); + } + } + break; + } + + interface_netgraph_needed($interface); + + if (!platform_booting()) { + link_interface_to_vips($interface, "update"); + + if ($tunnelif != 'gre') { + unset($gre); + $gre = link_interface_to_gre($interface); + if (!empty($gre)) { + array_walk($gre, 'interface_gre_configure'); + } + } + + if ($tunnelif != 'gif') { + unset($gif); + $gif = link_interface_to_gif ($interface); + if (!empty($gif)) { + array_walk($gif, 'interface_gif_configure'); + } + } + + if ($linkupevent == false || substr($realif, 0, 4) == "ovpn") { + unset($bridgetmp); + $bridgetmp = link_interface_to_bridge($interface); + if (!empty($bridgetmp)) { + interface_bridge_add_member($bridgetmp, $realif); + } + } + + $grouptmp = link_interface_to_group($interface); + if (!empty($grouptmp)) { + array_walk($grouptmp, 'interface_group_add_member'); + } + + if ($interface == "lan") { + /* make new hosts file */ + system_hosts_generate(); + } + + if ($reloadall == true) { + + /* reconfigure static routes (kernel may have deleted them) */ + system_routing_configure($interface); + + /* reload ipsec tunnels */ + send_event("service reload ipsecdns"); + + /* restart dnsmasq or unbound */ + if (isset($config['dnsmasq']['enable'])) { + services_dnsmasq_configure(); + } elseif (isset($config['unbound']['enable'])) { + services_unbound_configure(); + } + + /* update dyndns */ + send_event("service reload dyndns {$interface}"); + + /* reload captive portal */ + if (!function_exists('captiveportal_init_rules_byinterface')) { + require_once('captiveportal.inc'); + } + captiveportal_init_rules_byinterface($interface); + } + } + + interfaces_staticarp_configure($interface); + return 0; +} + +function interface_track6_configure($interface = "lan", $wancfg, $linkupevent = false) { + global $config, $g; + + if (!is_array($wancfg)) { + return; + } + + if (!isset($wancfg['enable'])) { + return; + } + + /* If the interface is not configured via another, exit */ + if (empty($wancfg['track6-interface'])) { + return; + } + + /* always configure a link-local of fe80::1:1 on the track6 interfaces */ + $realif = get_real_interface($interface); + $linklocal = find_interface_ipv6_ll($realif); + if (!empty($linklocal)) { + mwexec("/sbin/ifconfig {$realif} inet6 {$linklocal} delete"); + } + /* XXX: This might break for good on a carp installation using link-local as network ips */ + /* XXX: Probably should remove? */ + mwexec("/sbin/ifconfig {$realif} inet6 fe80::1:1%{$realif}"); + + $trackcfg = $config['interfaces'][$wancfg['track6-interface']]; + if (!isset($trackcfg['enable'])) { + log_error("Interface {$interface} tracking non-existant interface {$wancfg['track6-interface']}"); + return; + } + + switch ($trackcfg['ipaddrv6']) { + case "6to4": + if ($g['debug']) { + log_error("Interface {$interface} configured via {$wancfg['track6-interface']} type {$type}"); + } + interface_track6_6to4_configure($interface, $wancfg); + break; + case "6rd": + if ($g['debug']) { + log_error("Interface {$interface} configured via {$wancfg['track6-interface']} type {$type}"); + } + interface_track6_6rd_configure($interface, $wancfg); + break; + case "dhcp6": + if ($linkupevent == true) { + /* + * NOTE: Usually come here from rc.linkup calling so just call directly instead of generating event + * Instead of disrupting all other v4 configuration just restart DHCPv6 client for now + * + * XXX: Probably DHCPv6 client should handle this automagically itself? + */ + $parentrealif = get_real_interface($wancfg['track6-interface']); + $pidv6 = find_dhcp6c_process($parentrealif); + if ($pidv6) { + posix_kill($pidv6, SIGHUP); + } + } + break; + } + + if ($linkupevent == false) { + if (!function_exists('services_dhcpd_configure')) { + require_once("services.inc"); + } + + if (isset($config['unbound']['enable'])) { + services_unbound_configure(); + } + + services_dhcpd_configure("inet6"); + } + + return 0; +} + +function interface_track6_6rd_configure($interface = "lan", $lancfg) { + global $config, $g; + global $interface_ipv6_arr_cache; + global $interface_snv6_arr_cache; + + if (!is_array($lancfg)) { + return; + } + + /* If the interface is not configured via another, exit */ + if (empty($lancfg['track6-interface'])) { + return; + } + + $wancfg = $config['interfaces'][$lancfg['track6-interface']]; + if (empty($wancfg)) { + log_error("Interface {$interface} tracking non-existant interface {$lancfg['track6-interface']}"); + return; + } + + $ip4address = get_interface_ip($lancfg['track6-interface']); + if (!is_ipaddrv4($ip4address)) { /* XXX: This should not be needed by 6rd || (is_private_ip($ip4address))) { */ + log_error("The interface IPv4 '{$ip4address}' address on interface '{$lancfg['track6-interface']}' is not valid, not configuring 6RD tunnel"); + return; + } + $hexwanv4 = return_hex_ipv4($ip4address); + + /* create the long prefix notation for math, save the prefix length */ + $rd6prefix = explode("/", $wancfg['prefix-6rd']); + $rd6prefixlen = $rd6prefix[1]; + $rd6prefix = Net_IPv6::uncompress($rd6prefix[0]); + + /* binary presentation of the prefix for all 128 bits. */ + $rd6lanbin = convert_ipv6_to_128bit($rd6prefix); + + /* just save the left prefix length bits */ + $rd6lanbin = substr($rd6lanbin, 0, $rd6prefixlen); + /* add the v4 address, offset n bits from the left */ + $rd6lanbin .= substr(sprintf("%032b", hexdec($hexwanv4)), (0 + $wancfg['prefix-6rd-v4plen']), 32); + + /* add the custom prefix id, max 32bits long? (64 bits - (prefixlen + (32 - v4plen)) */ + /* 64 - (37 + (32 - 17)) = 8 == /52 */ + $restbits = 64 - ($rd6prefixlen + (32 - $wancfg['prefix-6rd-v4plen'])); + // echo "64 - (prefixlen {$rd6prefixlen} + v4len (32 - {$wancfg['prefix-6rd-v4plen']})) = {$restbits} \n"; + $rd6lanbin .= substr(sprintf("%032b", str_pad($lancfg['track6-prefix-id'], 32, "0", STR_PAD_LEFT)), (32 - $restbits), 32); + /* fill the rest out with zeros */ + $rd6lanbin = str_pad($rd6lanbin, 128, "0", STR_PAD_RIGHT); + + /* convert the 128 bits for the lan address back into a valid IPv6 address */ + $rd6lan = convert_128bit_to_ipv6($rd6lanbin) ."1"; + + $lanif = get_real_interface($interface); + $oip = find_interface_ipv6($lanif); + if (is_ipaddrv6($oip)) { + mwexec("/sbin/ifconfig {$lanif} inet6 {$oip} delete"); + } + unset($interface_ipv6_arr_cache[$lanif]); + unset($interface_snv6_arr_cache[$lanif]); + log_error("rd6 {$interface} with ipv6 address {$rd6lan} based on {$lancfg['track6-interface']} ipv4 {$ip4address}"); + mwexec("/sbin/ifconfig {$lanif} inet6 {$rd6lan} prefixlen 64"); + + return 0; +} + +function interface_track6_6to4_configure($interface = "lan", $lancfg) { + global $config, $g; + global $interface_ipv6_arr_cache; + global $interface_snv6_arr_cache; + + if (!is_array($lancfg)) { + return; + } + + /* If the interface is not configured via another, exit */ + if (empty($lancfg['track6-interface'])) { + return; + } + + $wancfg = $config['interfaces'][$lancfg['track6-interface']]; + if (empty($wancfg)) { + log_error("Interface {$interface} tracking non-existant interface {$lancfg['track6-interface']}"); + return; + } + + $ip4address = get_interface_ip($lancfg['track6-interface']); + if (!is_ipaddrv4($ip4address) || is_private_ip($ip4address)) { + log_error("The interface IPv4 '{$ip4address}' address on interface '{$lancfg['track6-interface']}' is not public, not configuring 6RD tunnel"); + return; + } + $hexwanv4 = return_hex_ipv4($ip4address); + + /* create the long prefix notation for math, save the prefix length */ + $sixto4prefix = "2002::"; + $sixto4prefixlen = 16; + $sixto4prefix = Net_IPv6::uncompress($sixto4prefix); + + /* binary presentation of the prefix for all 128 bits. */ + $sixto4lanbin = convert_ipv6_to_128bit($sixto4prefix); + + /* just save the left prefix length bits */ + $sixto4lanbin = substr($sixto4lanbin, 0, $sixto4prefixlen); + /* add the v4 address */ + $sixto4lanbin .= sprintf("%032b", hexdec($hexwanv4)); + /* add the custom prefix id */ + $sixto4lanbin .= sprintf("%016b", $lancfg['track6-prefix-id']); + /* fill the rest out with zeros */ + $sixto4lanbin = str_pad($sixto4lanbin, 128, "0", STR_PAD_RIGHT); + + /* convert the 128 bits for the lan address back into a valid IPv6 address */ + $sixto4lan = convert_128bit_to_ipv6($sixto4lanbin) ."1"; + + $lanif = get_real_interface($interface); + $oip = find_interface_ipv6($lanif); + if (is_ipaddrv6($oip)) { + mwexec("/sbin/ifconfig {$lanif} inet6 {$oip} delete"); + } + unset($interface_ipv6_arr_cache[$lanif]); + unset($interface_snv6_arr_cache[$lanif]); + log_error("sixto4 {$interface} with ipv6 address {$sixto4lan} based on {$lancfg['track6-interface']} ipv4 {$ip4address}"); + mwexec("/sbin/ifconfig {$lanif} inet6 {$sixto4lan} prefixlen 64"); + + return 0; +} + +function interface_6rd_configure($interface = "wan", $wancfg) { + global $config, $g; + + /* because this is a tunnel interface we can only function + * with a public IPv4 address on the interface */ + + if (!is_array($wancfg)) { + return; + } + + if (!is_module_loaded('if_stf.ko')) { + mwexec('/sbin/kldload if_stf.ko'); + } + + $wanif = get_real_interface($interface); + $ip4address = find_interface_ip($wanif); + if (!is_ipaddrv4($ip4address)) { + log_error("The interface IPv4 '{$ip4address}' address on interface '{$wanif}' is not public, not configuring 6RD tunnel"); + return false; + } + $hexwanv4 = return_hex_ipv4($ip4address); + + if (!is_numeric($wancfg['prefix-6rd-v4plen'])) { + $wancfg['prefix-6rd-v4plen'] = 0; + } + + /* create the long prefix notation for math, save the prefix length */ + $rd6prefix = explode("/", $wancfg['prefix-6rd']); + $rd6prefixlen = $rd6prefix[1]; + $brgw = explode('.', $wancfg['gateway-6rd']); + $rd6brgw = substr(Net_IPv6::_ip2Bin($rd6prefix[0]), 0, $rd6prefixlen); + $rd6brgw .= str_pad(decbin($brgw[0]), 8, '0', STR_PAD_LEFT) . str_pad(decbin($brgw[1]), 8, '0', STR_PAD_LEFT) . str_pad(decbin($brgw[2]), 8, '0', STR_PAD_LEFT) . str_pad(decbin($brgw[3]), 8, '0', STR_PAD_LEFT); + if (strlen($rd6brgw) < 128) { + $rd6brgw = str_pad($rd6brgw, 128, '0', STR_PAD_RIGHT); + } + $rd6brgw = Net_IPv6::compress(Net_IPv6::_bin2Ip($rd6brgw)); + unset($brgw); + $rd6prefix = Net_IPv6::uncompress($rd6prefix[0]); + + /* binary presentation of the prefix for all 128 bits. */ + $rd6prefixbin = convert_ipv6_to_128bit($rd6prefix); + + /* just save the left prefix length bits */ + $rd6prefixbin = substr($rd6prefixbin, 0, $rd6prefixlen); + /* if the prefix length is not 32 bits we need to shave bits off from the left of the v4 address. */ + $rd6prefixbin .= substr(sprintf("%032b", hexdec($hexwanv4)), $wancfg['prefix-6rd-v4plen'], 32); + /* fill out the rest with 0's */ + $rd6prefixbin = str_pad($rd6prefixbin, 128, "0", STR_PAD_RIGHT); + + /* convert the 128 bits for the broker address back into a valid IPv6 address */ + $rd6prefix = convert_128bit_to_ipv6($rd6prefixbin); + + + /* XXX: need to extend to support variable prefix size for v4 */ + if (!is_module_loaded("if_stf")) { + mwexec("/sbin/kldload if_stf.ko"); + } + $stfiface = "{$interface}_stf"; + if (does_interface_exist($stfiface)) { + pfSense_interface_destroy($stfiface); + } + $tmpstfiface = pfSense_interface_create("stf"); + pfSense_interface_rename($tmpstfiface, $stfiface); + pfSense_interface_flags($stfiface, IFF_LINK2); + mwexec("/sbin/ifconfig {$stfiface} inet6 {$rd6prefix}/{$rd6prefixlen}"); + mwexec("/sbin/ifconfig {$stfiface} stfv4br " . escapeshellarg($wancfg['gateway-6rd'])); + if ($wancfg['prefix-6rd-v4plen'] >= 0 && $wancfg['prefix-6rd-v4plen'] <= 32) { + mwexec("/sbin/ifconfig {$stfiface} stfv4net {$ip4address}/" . escapeshellarg($wancfg['prefix-6rd-v4plen'])); + } + if ($g['debug']) { + log_error("Created 6rd interface {$stfiface} {$rd6prefix}/{$rd6prefixlen}"); + } + + /* write out a default router file */ + file_put_contents("{$g['tmp_path']}/{$wanif}_routerv6", "{$rd6brgw}\n"); + file_put_contents("{$g['tmp_path']}/{$wanif}_defaultgwv6", "{$rd6brgw}\n"); + + $ip4gateway = get_interface_gateway($interface); + if (is_ipaddrv4($ip4gateway)) { + mwexec("/sbin/route change -host " . escapeshellarg($wancfg['gateway-6rd']) . " {$ip4gateway}"); + } + + /* configure dependent interfaces */ + if (!platform_booting()) { + link_interface_to_track6($interface, "update"); + } + + return 0; +} + +function interface_6to4_configure($interface = "wan", $wancfg) { + global $config, $g; + + /* because this is a tunnel interface we can only function + * with a public IPv4 address on the interface */ + + if (!is_array($wancfg)) { + return; + } + + $wanif = get_real_interface($interface); + $ip4address = find_interface_ip($wanif); + if ((!is_ipaddrv4($ip4address)) || (is_private_ip($ip4address))) { + log_error("The interface IPv4 '{$ip4address}' address on interface '{$wanif}' is not public, not configuring 6RD tunnel"); + return false; + } + + /* create the long prefix notation for math, save the prefix length */ + $stfprefixlen = 16; + $stfprefix = Net_IPv6::uncompress("2002::"); + $stfarr = explode(":", $stfprefix); + $v4prefixlen = "0"; + + /* we need the hex form of the interface IPv4 address */ + $ip4arr = explode(".", $ip4address); + $hexwanv4 = ""; + foreach ($ip4arr as $octet) { + $hexwanv4 .= sprintf("%02x", $octet); + } + + /* we need the hex form of the broker IPv4 address */ + $ip4arr = explode(".", "192.88.99.1"); + $hexbrv4 = ""; + foreach ($ip4arr as $octet) { + $hexbrv4 .= sprintf("%02x", $octet); + } + + /* binary presentation of the prefix for all 128 bits. */ + $stfprefixbin = ""; + foreach ($stfarr as $element) { + $stfprefixbin .= sprintf("%016b", hexdec($element)); + } + /* just save the left prefix length bits */ + $stfprefixstartbin = substr($stfprefixbin, 0, $stfprefixlen); + + /* if the prefix length is not 32 bits we need to shave bits off from the left of the v4 address. */ + $stfbrokerbin = substr(sprintf("%032b", hexdec($hexbrv4)), $v4prefixlen, 32); + $stfbrokerbin = str_pad($stfprefixstartbin . $stfbrokerbin, 128, "0", STR_PAD_RIGHT); + + /* for the local subnet too. */ + $stflanbin = substr(sprintf("%032b", hexdec($hexwanv4)), $v4prefixlen, 32); + $stflanbin = str_pad($stfprefixstartbin . $stflanbin, 128, "0", STR_PAD_RIGHT); + + /* convert the 128 bits for the broker address back into a valid IPv6 address */ + $stfbrarr = array(); + $stfbrbinarr = array(); + $stfbrbinarr = str_split($stfbrokerbin, 16); + foreach ($stfbrbinarr as $bin) { + $stfbrarr[] = dechex(bindec($bin)); + } + $stfbrgw = Net_IPv6::compress(implode(":", $stfbrarr)); + + /* convert the 128 bits for the broker address back into a valid IPv6 address */ + $stflanarr = array(); + $stflanbinarr = array(); + $stflanbinarr = str_split($stflanbin, 16); + foreach ($stflanbinarr as $bin) { + $stflanarr[] = dechex(bindec($bin)); + } + $stflanpr = Net_IPv6::compress(implode(":", $stflanarr)); + $stflanarr[7] = 1; + $stflan = Net_IPv6::compress(implode(":", $stflanarr)); + + /* setup the stf interface */ + if (!is_module_loaded("if_stf")) { + mwexec("/sbin/kldload if_stf.ko"); + } + $stfiface = "{$interface}_stf"; + if (does_interface_exist($stfiface)) { + pfSense_interface_destroy($stfiface); + } + $tmpstfiface = pfSense_interface_create("stf"); + pfSense_interface_rename($tmpstfiface, $stfiface); + pfSense_interface_flags($stfiface, IFF_LINK2); + mwexec("/sbin/ifconfig {$stfiface} inet6 {$stflanpr} prefixlen 16"); + + if ($g['debug']) { + log_error("Set IPv6 address inet6 {$stflanpr} prefixlen 16 for {$stfiface}, route {$stfbrgw}"); + } + + /* write out a default router file */ + file_put_contents("{$g['tmp_path']}/{$wanif}_routerv6", "{$stfbrgw}"); + file_put_contents("{$g['tmp_path']}/{$wanif}_defaultgwv6", "{$stfbrgw}"); + + $ip4gateway = get_interface_gateway($interface); + if (is_ipaddrv4($ip4gateway)) { + mwexec("/sbin/route change -host 192.88.99.1 {$ip4gateway}"); + } + + if (!platform_booting()) { + link_interface_to_track6($interface, "update"); + } + + return 0; +} + +function interface_dhcpv6_configure($interface = "wan", $wancfg) { + global $config, $g; + + if (!is_array($wancfg)) { + return; + } + + $wanif = get_real_interface($interface, "inet6"); + $dhcp6cconf = ""; + + if ($wancfg['adv_dhcp6_config_file_override']) { + // DHCP6 Config File Override + $dhcp6cconf = DHCP6_Config_File_Override($wancfg, $wanif); + } elseif ($wancfg['adv_dhcp6_config_advanced']) { + // DHCP6 Config File Advanced + $dhcp6cconf = DHCP6_Config_File_Advanced($interface, $wancfg, $wanif); + } else { + // DHCP6 Config File Basic + $dhcp6cconf .= "interface {$wanif} {\n"; + + /* for SLAAC interfaces we do fire off a dhcp6 client for just our name servers */ + if ($wancfg['ipaddrv6'] == "slaac") { + $dhcp6cconf .= "\tinformation-only;\n"; + $dhcp6cconf .= "\trequest domain-name-servers;\n"; + $dhcp6cconf .= "\trequest domain-name;\n"; + $dhcp6cconf .= "\tscript \"{$g['varetc_path']}/dhcp6c_{$interface}_script.sh\"; # we'd like some nameservers please\n"; + $dhcp6cconf .= "};\n"; + } else { + $trackiflist = array(); + $iflist = link_interface_to_track6($interface); + foreach ($iflist as $ifname => $ifcfg) { + if (is_numeric($ifcfg['track6-prefix-id'])) { + $trackiflist[$ifname] = $ifcfg; + } + } + + /* skip address request if this is set */ + if (!isset($wancfg['dhcp6prefixonly'])) { + $dhcp6cconf .= "\tsend ia-na 0;\t# request stateful address\n"; + } + if (is_numeric($wancfg['dhcp6-ia-pd-len']) && !empty($trackiflist)) { + $dhcp6cconf .= "\tsend ia-pd 0;\t# request prefix delegation\n"; + } + + $dhcp6cconf .= "\trequest domain-name-servers;\n"; + $dhcp6cconf .= "\trequest domain-name;\n"; + $dhcp6cconf .= "\tscript \"{$g['varetc_path']}/dhcp6c_{$interface}_script.sh\"; # we'd like some nameservers please\n"; + $dhcp6cconf .= "};\n"; + + if (!isset($wancfg['dhcp6prefixonly'])) { + $dhcp6cconf .= "id-assoc na 0 { };\n"; + } + + if (is_numeric($wancfg['dhcp6-ia-pd-len']) && !empty($trackiflist)) { + /* Setup the prefix delegation */ + $dhcp6cconf .= "id-assoc pd 0 {\n"; + $preflen = 64 - $wancfg['dhcp6-ia-pd-len']; + if (isset($wancfg['dhcp6-ia-pd-send-hint'])) { + $dhcp6cconf .= "\tprefix ::/{$preflen} infinity;\n"; + } + foreach ($trackiflist as $friendly => $ifcfg) { + if ($g['debug']) { + log_error("setting up $ifdescr - {$ifcfg['track6-prefix-id']}"); + } + $realif = get_real_interface($friendly); + $dhcp6cconf .= "\tprefix-interface {$realif} {\n"; + $dhcp6cconf .= "\t\tsla-id {$ifcfg['track6-prefix-id']};\n"; + $dhcp6cconf .= "\t\tsla-len {$wancfg['dhcp6-ia-pd-len']};\n"; + $dhcp6cconf .= "\t};\n"; + } + unset($preflen, $iflist, $ifcfg, $ifname); + $dhcp6cconf .= "};\n"; + } + unset($trackiflist); + } + } + + /* wide-dhcp6c works for now. */ + if (!@file_put_contents("{$g['varetc_path']}/dhcp6c_{$interface}.conf", $dhcp6cconf)) { + printf("Error: cannot open dhcp6c_{$interface}.conf in interface_dhcpv6_configure() for writing.\n"); + unset($dhcp6cconf); + return 1; + } + unset($dhcp6cconf); + + $dhcp6cscript = "#!/bin/sh\n"; + $dhcp6cscript .= "# This shell script launches /etc/rc.newwanipv6 with a interface argument.\n"; + $dhcp6cscript .= "dmips=\${new_domain_name_servers}\n"; + $dhcp6cscript .= "dmnames=\${new_domain_name}\n"; + $dhcp6cscript .= "/usr/local/sbin/fcgicli -f /etc/rc.newwanipv6 -d \"interface={$wanif}&dmnames=\${dmnames}&dmips=\${dmips}\"\n"; + /* Add wide-dhcp6c shell script here. Because we can not pass a argument to it. */ + if (!@file_put_contents("{$g['varetc_path']}/dhcp6c_{$interface}_script.sh", $dhcp6cscript)) { + printf("Error: cannot open dhcp6c_{$interface}_script.sh in interface_dhcpv6_configure() for writing.\n"); + unset($dhcp6cscript); + return 1; + } + unset($dhcp6cscript); + @chmod("{$g['varetc_path']}/dhcp6c_{$interface}_script.sh", 0755); + + $rtsoldscript = "#!/bin/sh\n"; + $rtsoldscript .= "# This shell script launches dhcp6c and configured gateways for this interface.\n"; + $rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_routerv6\n"; + $rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_defaultgwv6\n"; + $rtsoldscript .= "/usr/bin/logger -t rtsold \"Recieved RA specifying route \$2 for interface {$interface}({$wanif})\"\n"; + $rtsoldscript .= "if [ -f {$g['varrun_path']}/dhcp6c_{$wanif}.pid ]; then\n"; + $rtsoldscript .= "\t/bin/pkill -F {$g['varrun_path']}/dhcp6c_{$wanif}.pid\n"; + $rtsoldscript .= "\t/bin/sleep 1\n"; + $rtsoldscript .= "fi\n"; + $rtsoldscript .= "/usr/local/sbin/dhcp6c -d -c {$g['varetc_path']}/dhcp6c_{$interface}.conf -p {$g['varrun_path']}/dhcp6c_{$wanif}.pid {$wanif}\n"; + $rtsoldscript .= "/usr/bin/logger -t rtsold \"Starting dhcp6 client for interface {$interface}({$wanif})\"\n"; + /* Add wide-dhcp6c shell script here. Because we can not pass a argument to it. */ + if (!@file_put_contents("{$g['varetc_path']}/rtsold_{$wanif}_script.sh", $rtsoldscript)) { + printf("Error: cannot open rtsold_{$interface}_script.sh in interface_dhcpv6_configure() for writing.\n"); + unset($rtsoldscript); + return 1; + } + unset($rtsoldscript); + @chmod("{$g['varetc_path']}/rtsold_{$wanif}_script.sh", 0755); + + /* accept router advertisements for this interface */ + set_single_sysctl("net.inet6.ip6.accept_rtadv", "1"); + log_error("Accept router advertisements on interface {$wanif} "); + mwexec("/sbin/ifconfig {$wanif} inet6 accept_rtadv"); + + /* fire up rtsold for IPv6 RAs first, this backgrounds immediately. It will call dhcp6c */ + if (isvalidpid("{$g['varrun_path']}/rtsold_{$wanif}.pid")) { + killbypid("{$g['varrun_path']}/rtsold_{$wanif}.pid"); + sleep(2); + } + mwexec("/usr/sbin/rtsold -1 -p {$g['varrun_path']}/rtsold_{$wanif}.pid -O {$g['varetc_path']}/rtsold_{$wanif}_script.sh {$wanif}"); + + /* NOTE: will be called from rtsold invoked script + * link_interface_to_track6($interface, "update"); + */ + + return 0; +} + +function DHCP6_Config_File_Advanced($interface, $wancfg, $wanif) { + global $g; + + $send_options = ""; + if ($wancfg['adv_dhcp6_interface_statement_send_options'] != '') { + $options = explode(',', $wancfg['adv_dhcp6_interface_statement_send_options']); + foreach ($options as $option) { + $send_options .= "\tsend " . trim($option) . ";\n"; + } + } + + $request_options = ""; + if ($wancfg['adv_dhcp6_interface_statement_request_options'] != '') { + $options = explode(',', $wancfg['adv_dhcp6_interface_statement_request_options']); + foreach ($options as $option) { + $request_options .= "\trequest " . trim($option) . ";\n"; + } + } + + $information_only = ""; + if ($wancfg['adv_dhcp6_interface_statement_information_only_enable'] != '') { + $information_only = "\tinformation-only;\n"; + } + + $script = "\tscript \"{$g['varetc_path']}/dhcp6c_{$interface}_script.sh\";\n"; + if ($wancfg['adv_dhcp6_interface_statement_script'] != '') { + $script = "\tscript \"{$wancfg['adv_dhcp6_interface_statement_script']}\";\n"; + } + + $interface_statement = "interface"; + $interface_statement .= " {$wanif}"; + $interface_statement .= " {\n"; + $interface_statement .= "$send_options"; + $interface_statement .= "$request_options"; + $interface_statement .= "$information_only"; + $interface_statement .= "$script"; + $interface_statement .= "};\n"; + + $id_assoc_statement_address = ""; + if ($wancfg['adv_dhcp6_id_assoc_statement_address_enable'] != '') { + $id_assoc_statement_address .= "id-assoc"; + $id_assoc_statement_address .= " na"; + if (is_numeric($wancfg['adv_dhcp6_id_assoc_statement_address_id'])) { + $id_assoc_statement_address .= " {$wancfg['adv_dhcp6_id_assoc_statement_address_id']}"; + } + $id_assoc_statement_address .= " { "; + + if (($wancfg['adv_dhcp6_id_assoc_statement_address'] != '') && + (is_numeric($wancfg['adv_dhcp6_id_assoc_statement_address_pltime']) || + ($wancfg['adv_dhcp6_id_assoc_statement_address_pltime'] == 'infinity'))) { + $id_assoc_statement_address .= "\n\taddress"; + $id_assoc_statement_address .= " {$wancfg['adv_dhcp6_id_assoc_statement_address']}"; + $id_assoc_statement_address .= " {$wancfg['adv_dhcp6_id_assoc_statement_address_pltime']}"; + if ((is_numeric($wancfg['adv_dhcp6_id_assoc_statement_address_vltime'])) || + ($wancfg['adv_dhcp6_id_assoc_statement_address_vltime'] == 'infinity')) { + $id_assoc_statement_address .= " {$wancfg['adv_dhcp6_id_assoc_statement_address_vltime']}"; + } + $id_assoc_statement_address .= ";\n"; + } + + $id_assoc_statement_address .= "};\n"; + } + + $id_assoc_statement_prefix = ""; + if ($wancfg['adv_dhcp6_id_assoc_statement_prefix_enable'] != '') { + $id_assoc_statement_prefix .= "id-assoc"; + $id_assoc_statement_prefix .= " pd"; + if (is_numeric($wancfg['adv_dhcp6_id_assoc_statement_prefix_id'])) { + $id_assoc_statement_prefix .= " {$wancfg['adv_dhcp6_id_assoc_statement_prefix_id']}"; + } + $id_assoc_statement_prefix .= " { "; + + if (($wancfg['adv_dhcp6_id_assoc_statement_prefix'] != '') && + (is_numeric($wancfg['adv_dhcp6_id_assoc_statement_prefix_pltime']) || + ($wancfg['adv_dhcp6_id_assoc_statement_prefix_pltime'] == 'infinity'))) { + $id_assoc_statement_prefix .= "\n\tprefix"; + $id_assoc_statement_prefix .= " {$wancfg['adv_dhcp6_id_assoc_statement_prefix']}"; + $id_assoc_statement_prefix .= " {$wancfg['adv_dhcp6_id_assoc_statement_prefix_pltime']}"; + if ((is_numeric($wancfg['adv_dhcp6_id_assoc_statement_prefix_vltime'])) || + ($wancfg['adv_dhcp6_id_assoc_statement_prefix_vltime'] == 'infinity')) { + $id_assoc_statement_prefix .= " {$wancfg['adv_dhcp6_id_assoc_statement_prefix_vltime']}"; + } + $id_assoc_statement_prefix .= ";"; + } + + if (is_numeric($wancfg['adv_dhcp6_prefix_interface_statement_sla_id'])) { + $id_assoc_statement_prefix .= "\n\tprefix-interface"; + $id_assoc_statement_prefix .= " {$wanif}"; + $id_assoc_statement_prefix .= " {\n"; + $id_assoc_statement_prefix .= "\t\tsla-id {$wancfg['adv_dhcp6_prefix_interface_statement_sla_id']};\n"; + if (($wancfg['adv_dhcp6_prefix_interface_statement_sla_len'] >= 0) && + ($wancfg['adv_dhcp6_prefix_interface_statement_sla_len'] <= 128)) { + $id_assoc_statement_prefix .= "\t\tsla-len {$wancfg['adv_dhcp6_prefix_interface_statement_sla_len']};\n"; + } + $id_assoc_statement_prefix .= "\t};"; + } + + if (($wancfg['adv_dhcp6_id_assoc_statement_prefix'] != '') || + (is_numeric($wancfg['adv_dhcp6_prefix_interface_statement_sla_id']))) { + $id_assoc_statement_prefix .= "\n"; + } + + $id_assoc_statement_prefix .= "};\n"; + } + + $authentication_statement = ""; + if (($wancfg['adv_dhcp6_authentication_statement_authname'] != '') && + ($wancfg['adv_dhcp6_authentication_statement_protocol'] == 'delayed')) { + $authentication_statement .= "authentication"; + $authentication_statement .= " {$wancfg['adv_dhcp6_authentication_statement_authname']}"; + $authentication_statement .= " {\n"; + $authentication_statement .= "\tprotocol {$wancfg['adv_dhcp6_authentication_statement_protocol']};\n"; + if (preg_match("/(hmac(-)?md5)||(HMAC(-)?MD5)/", $wancfg['adv_dhcp6_authentication_statement_algorithm'])) { + $authentication_statement .= "\talgorithm {$wancfg['adv_dhcp6_authentication_statement_algorithm']};\n"; + } + if ($wancfg['adv_dhcp6_authentication_statement_rdm'] == 'monocounter') { + $authentication_statement .= "\trdm {$wancfg['adv_dhcp6_authentication_statement_rdm']};\n"; + } + $authentication_statement .= "};\n"; + } + + $key_info_statement = ""; + if (($wancfg['adv_dhcp6_key_info_statement_keyname'] != '') && + ($wancfg['adv_dhcp6_key_info_statement_realm'] != '') && + (is_numeric($wancfg['adv_dhcp6_key_info_statement_keyid'])) && + ($wancfg['adv_dhcp6_key_info_statement_secret'] != '')) { + $key_info_statement .= "keyinfo"; + $key_info_statement .= " {$wancfg['adv_dhcp6_key_info_statement_keyname']}"; + $key_info_statement .= " {\n"; + $key_info_statement .= "\trealm \"{$wancfg['adv_dhcp6_key_info_statement_realm']}\";\n"; + $key_info_statement .= "\tkeyid {$wancfg['adv_dhcp6_key_info_statement_keyid']};\n"; + $key_info_statement .= "\tsecret \"{$wancfg['adv_dhcp6_key_info_statement_secret']}\";\n"; + if (preg_match("/((([0-9]{4}-)?[0-9]{2}[0-9]{2} )?[0-9]{2}:[0-9]{2})||(foreever)/", $wancfg['adv_dhcp6_key_info_statement_expire'])) { + $key_info_statement .= "\texpire \"{$wancfg['adv_dhcp6_key_info_statement_expire']}\";\n"; + } + $key_info_statement .= "};\n"; + } + + $dhcp6cconf = $interface_statement; + $dhcp6cconf .= $id_assoc_statement_address; + $dhcp6cconf .= $id_assoc_statement_prefix; + $dhcp6cconf .= $authentication_statement; + $dhcp6cconf .= $key_info_statement; + + $dhcp6cconf = DHCP6_Config_File_Substitutions($wancfg, $wanif, $dhcp6cconf); + + return $dhcp6cconf; +} + + +function DHCP6_Config_File_Override($wancfg, $wanif) { + + $dhcp6cconf = @file_get_contents($wancfg['adv_dhcp6_config_file_override_path']); + + if ($dhcp6cconf === false) { + log_error("Error: cannot open {$wancfg['adv_dhcp6_config_file_override_path']} in DHCP6_Config_File_Override() for reading.\n"); + return ''; + } else { + return DHCP6_Config_File_Substitutions($wancfg, $wanif, $dhcp6cconf);; + } +} + + +function DHCP6_Config_File_Substitutions($wancfg, $wanif, $dhcp6cconf) { + + $dhcp6cconf = DHCP_Config_File_Substitutions($wancfg, $wanif, $dhcp6cconf); + + return $dhcp6cconf; +} + + +function interface_dhcp_configure($interface = "wan") { + global $config, $g; + + $wancfg = $config['interfaces'][$interface]; + $wanif = $wancfg['if']; + if (empty($wancfg)) { + $wancfg = array(); + } + + /* generate dhclient_wan.conf */ + $fd = fopen("{$g['varetc_path']}/dhclient_{$interface}.conf", "w"); + if (!$fd) { + printf(printf(gettext("Error: cannot open dhclient_%s.conf in interface_dhcp_configure() for writing.%s"), $interface, "\n")); + return 1; + } + + if ($wancfg['dhcphostname']) { + $dhclientconf_hostname = "send dhcp-client-identifier \"{$wancfg['dhcphostname']}\";\n"; + $dhclientconf_hostname .= "\tsend host-name \"{$wancfg['dhcphostname']}\";\n"; + } else { + $dhclientconf_hostname = ""; + } + + $wanif = get_real_interface($interface); + if (empty($wanif)) { + log_error(sprintf(gettext("Invalid interface \"%s\" in interface_dhcp_configure()"), $interface)); + return 0; + } + $dhclientconf = ""; + + $dhclientconf .= <<<EOD +interface "{$wanif}" { +timeout 60; +retry 15; +select-timeout 0; +initial-interval 1; + {$dhclientconf_hostname} + script "/sbin/dhclient-script"; +EOD; + + if (is_ipaddrv4($wancfg['dhcprejectfrom'])) { + $dhclientconf .= <<<EOD + + reject {$wancfg['dhcprejectfrom']}; +EOD; + } + $dhclientconf .= <<<EOD + +} + +EOD; + + // DHCP Config File Advanced + if ($wancfg['adv_dhcp_config_advanced']) { + $dhclientconf = DHCP_Config_File_Advanced($interface, $wancfg, $wanif); + } + + if (is_ipaddr($wancfg['alias-address'])) { + $subnetmask = gen_subnet_mask($wancfg['alias-subnet']); + $dhclientconf .= <<<EOD +alias { + interface "{$wanif}"; + fixed-address {$wancfg['alias-address']}; + option subnet-mask {$subnetmask}; +} + +EOD; + } + + // DHCP Config File Override + if ($wancfg['adv_dhcp_config_file_override']) { + $dhclientconf = DHCP_Config_File_Override($wancfg, $wanif); + } + + fwrite($fd, $dhclientconf); + fclose($fd); + + /* bring wan interface up before starting dhclient */ + if ($wanif) { + interfaces_bring_up($wanif); + } else { + log_error(printf(gettext("Could not bring up %s interface in interface_dhcp_configure()"), $wanif)); + } + + /* Make sure dhclient is not running */ + kill_dhclient_process($wanif); + + /* fire up dhclient */ + mwexec("/sbin/dhclient -c {$g['varetc_path']}/dhclient_{$interface}.conf {$wanif} > {$g['tmp_path']}/{$wanif}_output 2> {$g['tmp_path']}/{$wanif}_error_output"); + + return 0; +} + +function DHCP_Config_File_Advanced($interface, $wancfg, $wanif) { + + $hostname = ""; + if ($wancfg['dhcphostname'] != '') { + $hostname = "\tsend host-name \"{$wancfg['dhcphostname']}\";\n"; + } + + /* DHCP Protocol Timings */ + $protocol_timings = array ('adv_dhcp_pt_timeout' => "timeout", 'adv_dhcp_pt_retry' => "retry", 'adv_dhcp_pt_select_timeout' => "select-timeout", 'adv_dhcp_pt_reboot' => "reboot", 'adv_dhcp_pt_backoff_cutoff' => "backoff-cutoff", 'adv_dhcp_pt_initial_interval' => "initial-interval"); + foreach ($protocol_timings as $Protocol_Timing => $PT_Name) { + $pt_variable = "{$Protocol_Timing}"; + ${$pt_variable} = ""; + if ($wancfg[$Protocol_Timing] != "") { + ${$pt_variable} = "{$PT_Name} {$wancfg[$Protocol_Timing]};\n"; + } + } + + $send_options = ""; + if ($wancfg['adv_dhcp_send_options'] != '') { + $options = explode(',', $wancfg['adv_dhcp_send_options']); + foreach ($options as $option) { + $send_options .= "\tsend " . trim($option) . ";\n"; + } + } + + $request_options = ""; + if ($wancfg['adv_dhcp_request_options'] != '') { + $request_options = "\trequest {$wancfg['adv_dhcp_request_options']};\n"; + } + + $required_options = ""; + if ($wancfg['adv_dhcp_required_options'] != '') { + $required_options = "\trequire {$wancfg['adv_dhcp_required_options']};\n"; + } + + $option_modifiers = ""; + if ($wancfg['adv_dhcp_option_modifiers'] != '') { + $modifiers = explode(',', $wancfg['adv_dhcp_option_modifiers']); + foreach ($modifiers as $modifier) { + $option_modifiers .= "\t" . trim($modifier) . ";\n"; + } + } + + $dhclientconf = "interface \"{$wanif}\" {\n"; + $dhclientconf .= "\n"; + $dhclientconf .= "# DHCP Protocol Timing Values\n"; + $dhclientconf .= "{$adv_dhcp_pt_timeout}"; + $dhclientconf .= "{$adv_dhcp_pt_retry}"; + $dhclientconf .= "{$adv_dhcp_pt_select_timeout}"; + $dhclientconf .= "{$adv_dhcp_pt_reboot}"; + $dhclientconf .= "{$adv_dhcp_pt_backoff_cutoff}"; + $dhclientconf .= "{$adv_dhcp_pt_initial_interval}"; + $dhclientconf .= "\n"; + $dhclientconf .= "# DHCP Protocol Options\n"; + $dhclientconf .= "{$hostname}"; + $dhclientconf .= "{$send_options}"; + $dhclientconf .= "{$request_options}"; + $dhclientconf .= "{$required_options}"; + $dhclientconf .= "{$option_modifiers}"; + $dhclientconf .= "\n"; + $dhclientconf .= "\tscript \"/sbin/dhclient-script\";\n"; + $dhclientconf .= "}\n"; + + $dhclientconf = DHCP_Config_File_Substitutions($wancfg, $wanif, $dhclientconf); + + return $dhclientconf; +} + + +function DHCP_Config_File_Override($wancfg, $wanif) { + + $dhclientconf = @file_get_contents($wancfg['adv_dhcp_config_file_override_path']); + + if ($dhclientconf === false) { + log_error("Error: cannot open {$wancfg['adv_dhcp_config_file_override_path']} in DHCP_Config_File_Override() for reading.\n"); + return ''; + } else { + return DHCP_Config_File_Substitutions($wancfg, $wanif, $dhclientconf); + } +} + + +function DHCP_Config_File_Substitutions($wancfg, $wanif, $dhclientconf) { + + /* Apply Interface Substitutions */ + $dhclientconf = str_replace("{interface}", "{$wanif}", $dhclientconf); + + /* Apply Hostname Substitutions */ + $dhclientconf = str_replace("{hostname}", $wancfg['dhcphostname'], $dhclientconf); + + /* Arrays of MAC Address Types, Cases, Delimiters */ + /* ASCII or HEX, Upper or Lower Case, Various Delimiters (none, space, colon, hyphen, period) */ + $various_mac_types = array("mac_addr_ascii", "mac_addr_hex"); + $various_mac_cases = array("U", "L"); + $various_mac_delimiters = array("", " ", ":", "-", "."); + + /* Apply MAC Address Substitutions */ + foreach ($various_mac_types as $various_mac_type) { + foreach ($various_mac_cases as $various_mac_case) { + foreach ($various_mac_delimiters as $various_mac_delimiter) { + + $res = stripos($dhclientconf, $various_mac_type . $various_mac_case . $various_mac_delimiter); + if ($res !== false) { + + /* Get MAC Address as ASCII String With Colon (:) delimiters */ + if ("$various_mac_case" == "U") { + $dhcpclientconf_mac = strtoupper(get_interface_mac($wanif)); + } + if ("$various_mac_case" == "L") { + $dhcpclientconf_mac = strtolower(get_interface_mac($wanif)); + } + + if ("$various_mac_type" == "mac_addr_hex") { + /* Convert MAC ascii string to HEX with colon (:) delimiters. */ + $dhcpclientconf_mac = str_replace(":", "", $dhcpclientconf_mac); + $dhcpclientconf_mac_hex = ""; + $delimiter = ""; + for ($i = 0; $i < strlen($dhcpclientconf_mac); $i++) { + $dhcpclientconf_mac_hex .= $delimiter. bin2hex($dhcpclientconf_mac[$i]); + $delimiter = ":"; + } + $dhcpclientconf_mac = $dhcpclientconf_mac_hex; + } + + /* MAC Address Delimiter Substitutions */ + $dhcpclientconf_mac = str_replace(":", $various_mac_delimiter, $dhcpclientconf_mac); + + /* Apply MAC Address Substitutions */ + $dhclientconf = str_replace("{" . $various_mac_type . $various_mac_case . $various_mac_delimiter . "}", $dhcpclientconf_mac, $dhclientconf); + } + } + } + } + + return $dhclientconf; +} + +function interfaces_group_setup() { + global $config; + + if (!is_array($config['ifgroups']['ifgroupentry'])) { + return; + } + + foreach ($config['ifgroups']['ifgroupentry'] as $groupar) { + interface_group_setup($groupar); + } + + return; +} + +function interface_group_setup(&$groupname /* The parameter is an array */) { + global $config; + + if (!is_array($groupname)) { + return; + } + $members = explode(" ", $groupname['members']); + foreach ($members as $ifs) { + $realif = get_real_interface($ifs); + if ($realif && does_interface_exist($realif)) { + mwexec("/sbin/ifconfig {$realif} group {$groupname['ifname']}"); + } + } + + return; +} + +function is_interface_group($if) { + global $config; + + if (is_array($config['ifgroups']['ifgroupentry'])) { + foreach ($config['ifgroups']['ifgroupentry'] as $groupentry) { + if ($groupentry['ifname'] === $if) { + return true; + } + } + } + + return false; +} + +function interface_group_add_member($interface, $groupname) { + $interface = get_real_interface($interface); + if (does_interface_exist($interface)) { + mwexec("/sbin/ifconfig {$interface} group " . escapeshellarg($groupname), true); + } +} + +/* COMPAT Function */ +function convert_friendly_interface_to_real_interface_name($interface) { + return get_real_interface($interface); +} + +/* COMPAT Function */ +function get_real_wan_interface($interface = "wan") { + return get_real_interface($interface); +} + +/* COMPAT Function */ +function get_current_wan_address($interface = "wan") { + return get_interface_ip($interface); +} + +/* + * convert_real_interface_to_friendly_interface_name($interface): convert fxp0 -> wan, etc. + */ +function convert_real_interface_to_friendly_interface_name($interface = "wan", $checkparent = false) { + global $config; + + if (stripos($interface, "_vip")) { + foreach ($config['virtualip']['vip'] as $counter => $vip) { + if ($vip['mode'] == "carp") { + if ($interface == "{$vip['interface']}_vip{$vip['vhid']}") { + return $vip['interface']; + } + } + } + } + + /* XXX: For speed reasons reference directly the interface array */ + $ifdescrs = &$config['interfaces']; + //$ifdescrs = get_configured_interface_list(false, true); + + foreach ($ifdescrs as $if => $ifname) { + if ($if == $interface || $ifname['if'] == $interface) { + return $if; + } + + if (get_real_interface($if) == $interface) { + return $if; + } + + if ($checkparent == false) { + continue; + } + + $int = get_parent_interface($if, true); + if (is_array($int)) { + foreach ($int as $iface) { + if ($iface == $interface) { + return $if; + } + } + } + } + + if ($interface == "enc0") { + return 'IPsec'; + } +} + +/* attempt to resolve interface to friendly descr */ +function convert_friendly_interface_to_friendly_descr($interface) { + global $config; + + switch ($interface) { + case "l2tp": + $ifdesc = "L2TP"; + break; + case "pptp": + $ifdesc = "PPTP"; + break; + case "pppoe": + $ifdesc = "PPPoE"; + break; + case "openvpn": + $ifdesc = "OpenVPN"; + break; + case "enc0": + case "ipsec": + case "IPsec": + $ifdesc = "IPsec"; + break; + default: + if (isset($config['interfaces'][$interface])) { + if (empty($config['interfaces'][$interface]['descr'])) { + $ifdesc = strtoupper($interface); + } else { + $ifdesc = strtoupper($config['interfaces'][$interface]['descr']); + } + break; + } else if (substr($interface, 0, 4) == '_vip') { + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $counter => $vip) { + if ($vip['mode'] == "carp") { + if ($interface == "{$vip['interface']}_vip{$vip['vhid']}") { + return "{$vip['subnet']} - {$vip['descr']}"; + } + } + } + } + } else if (substr($interface, 0, 5) == '_lloc') { + return get_interface_linklocal($interface); + } else { + /* if list */ + $ifdescrs = get_configured_interface_with_descr(false, true); + foreach ($ifdescrs as $if => $ifname) { + if ($if == $interface || $ifname == $interface) { + return $ifname; + } + } + } + break; + } + + return $ifdesc; +} + +function convert_real_interface_to_friendly_descr($interface) { + + $ifdesc = convert_real_interface_to_friendly_interface_name("{$interface}"); + + if (!empty($ifdesc)) { + return convert_friendly_interface_to_friendly_descr($ifdesc); + } + + return $interface; +} + +/* + * get_parent_interface($interface): + * --returns the (real or virtual) parent interface(s) array for a given interface friendly name (i.e. wan) + * or virtual interface (i.e. vlan) + * (We need array because MLPPP and bridge interfaces have more than one parent.) + * -- returns $interface passed in if $interface parent is not found + * -- returns empty array if an invalid interface is passed + * (Only handles ppps and vlans now.) + */ +function get_parent_interface($interface, $avoidrecurse = false) { + global $config; + + $parents = array(); + //Check that we got a valid interface passed + $realif = get_real_interface($interface); + if ($realif == NULL) { + return $parents; + } + + // If we got a real interface, find it's friendly assigned name + if ($interface == $realif && $avoidrecurse == false) { + $interface = convert_real_interface_to_friendly_interface_name($interface); + } + + if (!empty($interface) && isset($config['interfaces'][$interface])) { + $ifcfg = $config['interfaces'][$interface]; + switch ($ifcfg['ipaddr']) { + case "ppp": + case "pppoe": + case "pptp": + case "l2tp": + if (empty($parents)) { + if (is_array($config['ppps']['ppp'])) { + foreach ($config['ppps']['ppp'] as $pppidx => $ppp) { + if ($ifcfg['if'] == $ppp['if']) { + $ports = explode(',', $ppp['ports']); + foreach ($ports as $pid => $parent_if) { + $parents[$pid] = get_real_interface($parent_if); + } + break; + } + } + } + } + break; + case "dhcp": + case "static": + default: + // Handle _vlans + if (strpos($realif, '_vlan') !== FALSE) { + if (is_array($config['vlans']['vlan'])) { + foreach ($config['vlans']['vlan'] as $vlanidx => $vlan) { + if ($ifcfg['if'] == $vlan['vlanif']) { + $parents[0] = $vlan['if']; + break; + } + } + } + } + break; + } + } + + if (empty($parents)) { + $parents[0] = $realif; + } + + return $parents; +} + +function interface_is_wireless_clone($wlif) { + if (!stristr($wlif, "_wlan")) { + return false; + } else { + return true; + } +} + +function interface_get_wireless_base($wlif) { + if (!stristr($wlif, "_wlan")) { + return $wlif; + } else { + return substr($wlif, 0, stripos($wlif, "_wlan")); + } +} + +function interface_get_wireless_clone($wlif) { + if (!stristr($wlif, "_wlan")) { + return $wlif . "_wlan0"; + } else { + return $wlif; + } +} + +function get_real_interface($interface = "wan", $family = "all", $realv6iface = false, $flush = true) { + global $config, $g; + + $wanif = NULL; + + switch ($interface) { + case "l2tp": + $wanif = "l2tp"; + break; + case "pptp": + $wanif = "pptp"; + break; + case "pppoe": + $wanif = "pppoe"; + break; + case "openvpn": + $wanif = "openvpn"; + break; + case "ipsec": + case "enc0": + $wanif = "enc0"; + break; + case "ppp": + $wanif = "ppp"; + break; + default: + if (substr($interface, 0, 4) == '_vip') { + $wanif = get_configured_carp_interface_list($interface, '', 'iface'); + if (!empty($wanif)) { + $wanif = get_real_interface($wanif, $family); + } + break; + } else if (substr($interface, 0, 5) == '_lloc') { + $interface = substr($interface, 5); + } else if (does_interface_exist($interface, $flush)) { + /* + * If a real interface was already passed simply + * pass the real interface back. This encourages + * the usage of this function in more cases so that + * we can combine logic for more flexibility. + */ + $wanif = $interface; + break; + } + + if (empty($config['interfaces'][$interface])) { + break; + } + + $cfg = &$config['interfaces'][$interface]; + + if ($family == "inet6") { + switch ($cfg['ipaddrv6']) { + case "6rd": + case "6to4": + $wanif = "{$interface}_stf"; + break; + case 'pppoe': + case 'ppp': + case 'l2tp': + case 'pptp': + if (is_array($cfg['wireless']) || preg_match($g['wireless_regex'], $cfg['if'])) { + $wanif = interface_get_wireless_clone($cfg['if']); + } else { + $wanif = $cfg['if']; + } + break; + default: + switch ($cfg['ipaddr']) { + case 'pppoe': + case 'ppp': + case 'l2tp': + case 'pptp': + if (isset($cfg['dhcp6usev4iface']) && $realv6iface === false) { + $wanif = $cfg['if']; + } else { + $parents = get_parent_interface($interface); + if (!empty($parents[0])) { + $wanif = $parents[0]; + } else { + $wanif = $cfg['if']; + } + } + break; + default: + if (is_array($cfg['wireless']) || preg_match($g['wireless_regex'], $cfg['if'])) { + $wanif = interface_get_wireless_clone($cfg['if']); + } else { + $wanif = $cfg['if']; + } + break; + } + break; + } + } else { + // Wireless cloned NIC support (FreeBSD 8+) + // interface name format: $parentnic_wlanparentnic# + // example: ath0_wlan0 + if (is_array($cfg['wireless']) || preg_match($g['wireless_regex'], $cfg['if'])) { + $wanif = interface_get_wireless_clone($cfg['if']); + } else { + $wanif = $cfg['if']; + } + } + break; + } + + return $wanif; +} + +/* Guess the physical interface by providing a IP address */ +function guess_interface_from_ip($ipaddress) { + + $family = ''; + if (is_ipaddrv4($ipaddress)) { + $family = 'inet'; + } + if (empty($family) && is_ipaddrv6($ipaddress)) { + $family = 'inet6'; + } + + if (empty($family)) { + return false; + } + + /* create a route table we can search */ + $output = ''; + $_gb = exec("/sbin/route -n get -{$family} " . escapeshellarg($ipaddress) . " | /usr/bin/awk '/interface/ { print \$2; };'", $output); + $output[0] = trim($output[0], " \n"); + if (!empty($output[0])) { + return $output[0]; + } + + return false; +} + +/* + * find_ip_interface($ip): return the interface where an ip is defined + * (or if $bits is specified, where an IP within the subnet is defined) + */ +function find_ip_interface($ip, $bits = null) { + if (!is_ipaddr($ip)) { + return false; + } + + $isv6ip = is_ipaddrv6($ip); + + /* if list */ + $ifdescrs = get_configured_interface_list(); + + foreach ($ifdescrs as $ifdescr => $ifname) { + $ifip = ($isv6ip) ? get_interface_ipv6($ifname) : get_interface_ip($ifname); + if (is_null($ifip)) { + continue; + } + if (is_null($bits)) { + if ($ip == $ifip) { + $int = get_real_interface($ifname); + return $int; + } + } else { + if (ip_in_subnet($ifip, $ip . "/" . $bits)) { + $int = get_real_interface($ifname); + return $int; + } + } + } + + return false; +} + +/* + * find_virtual_ip_alias($ip): return the virtual IP alias where an IP is found + * (or if $bits is specified, where an IP within the subnet is found) + */ +function find_virtual_ip_alias($ip, $bits = null) { + global $config; + + if (!is_array($config['virtualip']['vip'])) { + return false; + } + if (!is_ipaddr($ip)) { + return false; + } + + $isv6ip = is_ipaddrv6($ip); + + foreach ($config['virtualip']['vip'] as $vip) { + if ($vip['mode'] === "ipalias") { + if (is_ipaddrv6($vip['subnet']) != $isv6ip) { + continue; + } + if (is_null($bits)) { + if (ip_in_subnet($ip, $vip['subnet'] . "/" . $vip['subnet_bits'])) { + return $vip; + } + } else { + if (($isv6ip && check_subnetsv6_overlap($ip, $bits, $vip['subnet'], $vip['subnet_bits'])) || + (!$isv6ip && check_subnets_overlap($ip, $bits, $vip['subnet'], $vip['subnet_bits']))) { + return $vip; + } + } + } + } + return false; +} + +/* + * find_number_of_created_carp_interfaces: return the number of carp interfaces + */ +function find_number_of_created_carp_interfaces() { + return `/sbin/ifconfig | grep "carp:" | wc -l`; +} + +/* + * find_carp_interface($ip): return the carp interface where an ip is defined + */ +function find_carp_interface($ip) { + global $config; + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $vip) { + if ($vip['mode'] == "carp") { + if (is_ipaddrv4($ip)) { + $carp_ip = get_interface_ip($vip['interface']); + } + if (is_ipaddrv6($ip)) { + $carp_ip = get_interface_ipv6($vip['interface']); + } + exec("/sbin/ifconfig", $output, $return); + foreach ($output as $line) { + $elements = preg_split("/[ ]+/i", $line); + if (strstr($elements[0], "vip")) { + $curif = str_replace(":", "", $elements[0]); + } + if (stristr($line, $ip)) { + $if = $curif; + continue; + } + } + + if ($if) { + return $if; + } + } + } + } +} + +function link_carp_interface_to_parent($interface) { + global $config; + + if (empty($interface)) { + return; + } + + $carp_ip = get_interface_ip($interface); + $carp_ipv6 = get_interface_ipv6($interface); + + if ((!is_ipaddrv4($carp_ip)) && (!is_ipaddrv6($carp_ipv6))) { + return; + } + + /* if list */ + $ifdescrs = get_configured_interface_list(); + foreach ($ifdescrs as $ifdescr => $ifname) { + /* check IPv4 */ + if (is_ipaddrv4($carp_ip)) { + $interfaceip = get_interface_ip($ifname); + $subnet_bits = get_interface_subnet($ifname); + $subnet_ip = gen_subnet("{$interfaceip}", "{$subnet_bits}"); + if (ip_in_subnet($carp_ip, "{$subnet_ip}/{$subnet_bits}")) { + return $ifname; + } + } + /* Check IPv6 */ + if (is_ipaddrv6($carp_ipv6)) { + $interfaceipv6 = get_interface_ipv6($ifname); + $prefixlen = get_interface_subnetv6($ifname); + if (ip_in_subnet($carp_ipv6, "{$interfaceipv6}/{$prefixlen}")) { + return $ifname; + } + } + } + return ""; +} + + +/****f* interfaces/link_ip_to_carp_interface + * NAME + * link_ip_to_carp_interface - Find where a CARP interface links to. + * INPUTS + * $ip + * RESULT + * $carp_ints + ******/ +function link_ip_to_carp_interface($ip) { + global $config; + + if (!is_ipaddr($ip)) { + return; + } + + $carp_ints = ""; + if (is_array($config['virtualip']['vip'])) { + $first = 0; + $carp_int = array(); + foreach ($config['virtualip']['vip'] as $vip) { + if ($vip['mode'] == "carp") { + $carp_ip = $vip['subnet']; + $carp_sn = $vip['subnet_bits']; + $carp_nw = gen_subnet($carp_ip, $carp_sn); + if (ip_in_subnet($ip, "{$carp_nw}/{$carp_sn}")) { + $carp_int[] = get_real_interface($vip['interface']); + } + } + } + if (!empty($carp_int)) { + $carp_ints = implode(" ", array_unique($carp_int)); + } + } + + return $carp_ints; +} + +function link_interface_to_track6($int, $action = "") { + global $config; + + if (empty($int)) { + return; + } + + if (is_array($config['interfaces'])) { + $list = array(); + foreach ($config['interfaces'] as $ifname => $ifcfg) { + if (!isset($ifcfg['enable'])) { + continue; + } + if (!empty($ifcfg['ipaddrv6']) && $ifcfg['track6-interface'] == $int) { + if ($action == "update") { + interface_track6_configure($ifname, $ifcfg); + } else if ($action == "") { + $list[$ifname] = $ifcfg; + } + } + } + return $list; + } +} + +function interface_find_child_cfgmtu($realiface) { + global $config; + + $interface = convert_real_interface_to_friendly_interface_name($realiface); + $vlans = link_interface_to_vlans($realiface); + $bridge = link_interface_to_bridge($realiface); + if (!empty($interface)) { + $gifs = link_interface_to_gif($interface); + $gres = link_interface_to_gre($interface); + } else { + $gifs = array(); + $gres = array(); + } + + $mtu = 0; + if (is_array($vlans)) { + foreach ($vlans as $vlan) { + $ifass = convert_real_interface_to_friendly_interface_name($vlan['vlanif']); + if (empty($ifass)) { + continue; + } + if (!empty($config['interfaces'][$ifass]['mtu'])) { + if (intval($config['interfaces'][$ifass]['mtu']) > $mtu) { + $mtu = intval($config['interfaces'][$ifass]['mtu']); + } + } + } + } + if (is_array($gifs)) { + foreach ($gifs as $vlan) { + $ifass = convert_real_interface_to_friendly_interface_name($vlan['gifif']); + if (empty($ifass)) { + continue; + } + if (!empty($config['interfaces'][$ifass]['mtu'])) { + if (intval($config['interfaces'][$ifass]['mtu']) > $mtu) { + $mtu = intval($config['interfaces'][$ifass]['mtu']); + } + } + } + } + if (is_array($gres)) { + foreach ($gres as $vlan) { + $ifass = convert_real_interface_to_friendly_interface_name($vlan['greif']); + if (empty($ifass)) { + continue; + } + if (!empty($config['interfaces'][$ifass]['mtu'])) { + if (intval($config['interfaces'][$ifass]['mtu']) > $mtu) { + $mtu = intval($config['interfaces'][$ifass]['mtu']); + } + } + } + } + $ifass = convert_real_interface_to_friendly_interface_name($bridge); + if (!empty($ifass) && !empty($config['interfaces'][$ifass]['mtu'])) { + if (intval($config['interfaces'][$ifass]['mtu']) > $mtu) { + $mtu = intval($config['interfaces'][$ifass]['mtu']); + } + } + unset($vlans, $bridge, $gifs, $gres, $ifass, $vlan); + + return $mtu; +} + +function link_interface_to_vlans($int, $action = "") { + global $config; + + if (empty($int)) { + return; + } + + if (is_array($config['vlans']['vlan'])) { + $ifaces = array(); + foreach ($config['vlans']['vlan'] as $vlan) { + if ($int == $vlan['if']) { + if ($action == "update") { + interfaces_bring_up($int); + } else { + $ifaces[$vlan['tag']] = $vlan; + } + } + } + if (!empty($ifaces)) { + return $ifaces; + } + } +} + +function link_interface_to_vips($int, $action = "", $vhid = '') { + global $config; + + if (is_array($config['virtualip']['vip'])) { + $result = array(); + foreach ($config['virtualip']['vip'] as $vip) { + if ($int == $vip['interface']) { + if ($action == "update") { + interfaces_vips_configure($int); + } else { + if (empty($vhid) || ($vhid == $vip['vhid'])) { + $result[] = $vip; + } + } + } + } + return $result; + } +} + +/****f* interfaces/link_interface_to_bridge + * NAME + * link_interface_to_bridge - Finds out a bridge group for an interface + * INPUTS + * $ip + * RESULT + * bridge[0-99] + ******/ +function link_interface_to_bridge($int) { + global $config; + + if (is_array($config['bridges']['bridged'])) { + foreach ($config['bridges']['bridged'] as $bridge) { + if (in_array($int, explode(',', $bridge['members']))) { + return "{$bridge['bridgeif']}"; + } + } + } +} + +function link_interface_to_group($int) { + global $config; + + $result = array(); + + if (is_array($config['ifgroups']['ifgroupentry'])) { + foreach ($config['ifgroups']['ifgroupentry'] as $group) { + if (in_array($int, explode(" ", $group['members']))) { + $result[$group['ifname']] = $int; + } + } + } + + return $result; +} + +function link_interface_to_gre($interface) { + global $config; + + $result = array(); + + if (is_array($config['gres']['gre'])) { + foreach ($config['gres']['gre'] as $gre) { + if ($gre['if'] == $interface) { + $result[] = $gre; + } + } + } + + return $result; +} + +function link_interface_to_gif($interface) { + global $config; + + $result = array(); + + if (is_array($config['gifs']['gif'])) { + foreach ($config['gifs']['gif'] as $gif) { + if ($gif['if'] == $interface) { + $result[] = $gif; + } + } + } + + return $result; +} + +/* + * find_interface_ip($interface): return the interface ip (first found) + */ +function find_interface_ip($interface, $flush = false) { + global $interface_ip_arr_cache; + global $interface_sn_arr_cache; + + $interface = str_replace("\n", "", $interface); + + if (!does_interface_exist($interface)) { + return; + } + + /* Setup IP cache */ + if (!isset($interface_ip_arr_cache[$interface]) or $flush) { + $ifinfo = pfSense_get_interface_addresses($interface); + $interface_ip_arr_cache[$interface] = $ifinfo['ipaddr']; + $interface_sn_arr_cache[$interface] = $ifinfo['subnetbits']; + } + + return $interface_ip_arr_cache[$interface]; +} + +/* + * find_interface_ipv6($interface): return the interface ip (first found) + */ +function find_interface_ipv6($interface, $flush = false) { + global $interface_ipv6_arr_cache; + global $interface_snv6_arr_cache; + global $config; + + $interface = trim($interface); + $interface = get_real_interface($interface); + + if (!does_interface_exist($interface)) { + return; + } + + /* Setup IP cache */ + if (!isset($interface_ipv6_arr_cache[$interface]) or $flush) { + $ifinfo = pfSense_get_interface_addresses($interface); + $interface_ipv6_arr_cache[$interface] = $ifinfo['ipaddr6']; + $interface_snv6_arr_cache[$interface] = $ifinfo['subnetbits6']; + } + + return $interface_ipv6_arr_cache[$interface]; +} + +/* + * find_interface_ipv6_ll($interface): return the interface ipv6 link local (first found) + */ +function find_interface_ipv6_ll($interface, $flush = false) { + global $interface_llv6_arr_cache; + global $config; + + $interface = str_replace("\n", "", $interface); + + if (!does_interface_exist($interface)) { + return; + } + + /* Setup IP cache */ + if (!isset($interface_llv6_arr_cache[$interface]) or $flush) { + $ifinfo = pfSense_getall_interface_addresses($interface); + foreach ($ifinfo as $line) { + if (strstr($line, ":")) { + $parts = explode("/", $line); + if (is_linklocal($parts[0])) { + $ifinfo['linklocal'] = $parts[0]; + } + } + } + $interface_llv6_arr_cache[$interface] = $ifinfo['linklocal']; + } + return $interface_llv6_arr_cache[$interface]; +} + +function find_interface_subnet($interface, $flush = false) { + global $interface_sn_arr_cache; + global $interface_ip_arr_cache; + + $interface = str_replace("\n", "", $interface); + if (does_interface_exist($interface) == false) { + return; + } + + if (!isset($interface_sn_arr_cache[$interface]) or $flush) { + $ifinfo = pfSense_get_interface_addresses($interface); + $interface_ip_arr_cache[$interface] = $ifinfo['ipaddr']; + $interface_sn_arr_cache[$interface] = $ifinfo['subnetbits']; + } + + return $interface_sn_arr_cache[$interface]; +} + +function find_interface_subnetv6($interface, $flush = false) { + global $interface_snv6_arr_cache; + global $interface_ipv6_arr_cache; + + $interface = str_replace("\n", "", $interface); + if (does_interface_exist($interface) == false) { + return; + } + + if (!isset($interface_snv6_arr_cache[$interface]) or $flush) { + $ifinfo = pfSense_get_interface_addresses($interface); + $interface_ipv6_arr_cache[$interface] = $ifinfo['ipaddr6']; + $interface_snv6_arr_cache[$interface] = $ifinfo['subnetbits6']; + } + + return $interface_snv6_arr_cache[$interface]; +} + +function ip_in_interface_alias_subnet($interface, $ipalias) { + global $config; + + if (empty($interface) || !is_ipaddr($ipalias)) { + return false; + } + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $vip) { + switch ($vip['mode']) { + case "ipalias": + if ($vip['interface'] <> $interface) { + break; + } + $subnet = is_ipaddrv6($ipalias) ? gen_subnetv6($vip['subnet'], $vip['subnet_bits']) : gen_subnet($vip['subnet'], $vip['subnet_bits']); + if (ip_in_subnet($ipalias, $subnet . "/" . $vip['subnet_bits'])) { + return true; + } + break; + } + } + } + + return false; +} + +function get_possible_listen_ips($include_ipv6_link_local=false) { + + $interfaces = get_configured_interface_with_descr(); + foreach ($interfaces as $iface => $ifacename) { + if ($include_ipv6_link_local) { + /* This is to avoid going though added ll below */ + if (substr($iface, 0, 5) == '_lloc') { + continue; + } + $llip = find_interface_ipv6_ll(get_real_interface($iface)); + if (!empty($llip)) { + $interfaces["_lloc{$iface}"] = "{$ifacename} IPv6 Link-Local"; + } + } + } + /* XXX: Maybe use array_merge below? */ + $carplist = get_configured_carp_interface_list(); + foreach ($carplist as $cif => $carpip) { + $interfaces[$cif] = $carpip . ' (' . get_vip_descr($carpip) . ')'; + } + $aliaslist = get_configured_ip_aliases_list(); + foreach ($aliaslist as $aliasip => $aliasif) { + $interfaces[$aliasip] = $aliasip . ' (' . get_vip_descr($aliasip) . ')'; + } + + $interfaces['lo0'] = 'Localhost'; + + return $interfaces; +} + +function get_possible_traffic_source_addresses($include_ipv6_link_local=false) { + global $config; + + $sourceips = get_possible_listen_ips($include_ipv6_link_local); + foreach (array('server', 'client') as $mode) { + if (is_array($config['openvpn']["openvpn-{$mode}"])) { + foreach ($config['openvpn']["openvpn-{$mode}"] as $id => $setting) { + if (!isset($setting['disable'])) { + $sourceips_key = 'ovpn' . substr($mode, 0, 1) . $setting['vpnid']; + $sourceips[$sourceips_key] = gettext("OpenVPN") . " ".$mode.": ".htmlspecialchars($setting['description']); + } + } + } + } + return $sourceips; +} + +function get_interface_ip($interface = "wan") { + + $realif = get_failover_interface($interface); + if (!$realif) { + return null; + } + + if (substr($realif, 0, 4) == '_vip') { + return get_configured_carp_interface_list($realif, 'inet', 'ip'); + } + + if (strstr($realif, "_vip")) { + return get_configured_carp_interface_list($realif); + } + + $curip = find_interface_ip($realif); + if ($curip && is_ipaddr($curip) && ($curip != "0.0.0.0")) { + return $curip; + } else { + return null; + } +} + +function get_interface_ipv6($interface = "wan", $flush = false) { + global $config; + + $realif = get_failover_interface($interface, 'inet6'); + if (!$realif) { + return null; + } + + if (substr($realif, 0, 4) == '_vip') { + return get_configured_carp_interface_list($realif, 'inet6', 'ip'); + } else if (substr($realif, 0, 5) == '_lloc') { + return get_interface_linklocal($interface); + } + + if (is_array($config['interfaces'][$interface])) { + switch ($config['interfaces'][$interface]['ipaddr']) { + case 'pppoe': + case 'l2tp': + case 'pptp': + case 'ppp': + if ($config['interfaces'][$interface]['ipaddrv6'] == 'dhcp6') { + $realif = get_real_interface($interface, 'inet6', true); + } + break; + } + } + + $curip = find_interface_ipv6($realif, $flush); + if ($curip && is_ipaddrv6($curip) && ($curip != "::")) { + return $curip; + } else { + /* + * NOTE: On the case when only the prefix is requested, + * the communication on WAN will be done over link-local. + */ + if (is_array($config['interfaces'][$interface]) && isset($config['interfaces'][$interface]['dhcp6prefixonly'])) { + $curip = find_interface_ipv6_ll($realif, $flush); + if ($curip && is_ipaddrv6($curip) && ($curip != "::")) { + return $curip; + } + } + } + return null; +} + +function get_interface_linklocal($interface = "wan") { + + $realif = get_failover_interface($interface, 'inet6'); + if (!$realif) { + return null; + } + + if (substr($interface, 0, 4) == '_vip') { + $realif = get_real_interface($interface); + } else if (substr($interface, 0, 5) == '_lloc') { + $realif = get_real_interface(substr($interface, 5)); + } + + $curip = find_interface_ipv6_ll($realif); + if ($curip && is_ipaddrv6($curip) && ($curip != "::")) { + return $curip; + } else { + return null; + } +} + +function get_interface_subnet($interface = "wan") { + + if (substr($interface, 0, 4) == '_vip') { + return get_configured_carp_interface_list($interface, 'inet', 'subnet'); + } + + $realif = get_real_interface($interface); + if (!$realif) { + return null; + } + + $cursn = find_interface_subnet($realif); + if (!empty($cursn)) { + return $cursn; + } + + return null; +} + +function get_interface_subnetv6($interface = "wan") { + + if (substr($interface, 0, 4) == '_vip') { + return get_configured_carp_interface_list($interface, 'inet6', 'subnet'); + } else if (substr($interface, 0, 5) == '_lloc') { + $interface = substr($interface, 5); + } + + $realif = get_real_interface($interface, 'inet6'); + if (!$realif) { + return null; + } + + $cursn = find_interface_subnetv6($realif); + if (!empty($cursn)) { + return $cursn; + } + + return null; +} + +/* return outside interfaces with a gateway */ +function get_interfaces_with_gateway() { + global $config; + + $ints = array(); + + /* loop interfaces, check config for outbound */ + foreach ($config['interfaces'] as $ifdescr => $ifname) { + switch ($ifname['ipaddr']) { + case "dhcp": + case "pppoe": + case "pptp": + case "l2tp": + case "ppp": + $ints[$ifdescr] = $ifdescr; + break; + default: + if (substr($ifname['if'], 0, 4) == "ovpn" || + !empty($ifname['gateway'])) { + $ints[$ifdescr] = $ifdescr; + } + break; + } + } + return $ints; +} + +/* return true if interface has a gateway */ +function interface_has_gateway($friendly) { + global $config; + + if (!empty($config['interfaces'][$friendly])) { + $ifname = &$config['interfaces'][$friendly]; + switch ($ifname['ipaddr']) { + case "dhcp": + case "pppoe": + case "pptp": + case "l2tp": + case "ppp": + return true; + break; + default: + if (substr($ifname['if'], 0, 4) == "ovpn") { + return true; + } + $tunnelif = substr($ifname['if'], 0, 3); + if ($tunnelif == "gif" || $tunnelif == "gre") { + return true; + } + if (!empty($ifname['gateway'])) { + return true; + } + break; + } + } + + return false; +} + +/* return true if interface has a gateway */ +function interface_has_gatewayv6($friendly) { + global $config; + + if (!empty($config['interfaces'][$friendly])) { + $ifname = &$config['interfaces'][$friendly]; + switch ($ifname['ipaddrv6']) { + case "slaac": + case "dhcp6": + case "6to4": + case "6rd": + return true; + break; + default: + if (substr($ifname['if'], 0, 4) == "ovpn") { + return true; + } + $tunnelif = substr($ifname['if'], 0, 3); + if ($tunnelif == "gif" || $tunnelif == "gre") { + return true; + } + if (!empty($ifname['gatewayv6'])) { + return true; + } + break; + } + } + + return false; +} + +/****f* interfaces/is_altq_capable + * NAME + * is_altq_capable - Test if interface is capable of using ALTQ + * INPUTS + * $int - string containing interface name + * RESULT + * boolean - true or false + ******/ + +function is_altq_capable($int) { + /* Per: + * http://www.freebsd.org/cgi/man.cgi?query=altq&apropos=0&sektion=0&manpath=FreeBSD+8.3-RELEASE&arch=default&format=html + * Only the following drivers have ALTQ support + * 20150328 - removed wireless drivers - ath, awi, bwn, iwi, ipw, ral, rum, run, wi - for now. redmine #4406 + */ + $capable = array("ae", "age", "alc", "ale", "an", "aue", "axe", "bce", + "bfe", "bge", "bridge", "cas", "dc", "de", "ed", "em", "ep", "epair", "et", "fxp", "gem", + "hme", "hn", "igb", "ixgbe", "jme", "le", "lem", "msk", "mxge", "my", "nfe", + "nge", "npe", "nve", "re", "rl", "sf", "sge", "sis", "sk", + "ste", "stge", "ti", "txp", "udav", "ural", "vge", "vmx", "vr", "vte", "xl", + "ndis", "tun", "ovpns", "ovpnc", "vlan", "pppoe", "pptp", "ng", + "l2tp", "ppp", "vtnet"); + + $int_family = remove_ifindex($int); + + if (in_array($int_family, $capable)) { + return true; + } else if (stristr($int, "l2tp")) { /* VLANs are named $parent_$vlan now */ + return true; + } else if (stristr($int, "_vlan")) { /* VLANs are named $parent_$vlan now */ + return true; + } else if (stristr($int, "_wlan")) { /* WLANs are named $parent_$wlan now */ + return true; + } else { + return false; + } +} + +/****f* interfaces/is_interface_wireless + * NAME + * is_interface_wireless - Returns if an interface is wireless + * RESULT + * $tmp - Returns if an interface is wireless + ******/ +function is_interface_wireless($interface) { + global $config, $g; + + $friendly = convert_real_interface_to_friendly_interface_name($interface); + if (!isset($config['interfaces'][$friendly]['wireless'])) { + if (preg_match($g['wireless_regex'], $interface)) { + if (isset($config['interfaces'][$friendly])) { + $config['interfaces'][$friendly]['wireless'] = array(); + } + return true; + } + return false; + } else { + return true; + } +} + +function get_wireless_modes($interface) { + /* return wireless modes and channels */ + $wireless_modes = array(); + + $cloned_interface = get_real_interface($interface); + + if ($cloned_interface && is_interface_wireless($cloned_interface)) { + $chan_list = "/sbin/ifconfig {$cloned_interface} list chan"; + $stack_list = "/usr/bin/awk -F\"Channel \" '{ gsub(/\\*/, \" \"); print \$2 \"\\\n\" \$3 }'"; + $format_list = "/usr/bin/awk '{print \$5 \" \" \$6 \",\" \$1}'"; + + $interface_channels = ""; + exec("$chan_list | $stack_list | sort -u | $format_list 2>&1", $interface_channels); + $interface_channel_count = count($interface_channels); + + $c = 0; + while ($c < $interface_channel_count) { + $channel_line = explode(",", $interface_channels["$c"]); + $wireless_mode = trim($channel_line[0]); + $wireless_channel = trim($channel_line[1]); + if (trim($wireless_mode) != "") { + /* if we only have 11g also set 11b channels */ + if ($wireless_mode == "11g") { + if (!isset($wireless_modes["11b"])) { + $wireless_modes["11b"] = array(); + } + } else if ($wireless_mode == "11g ht") { + if (!isset($wireless_modes["11b"])) { + $wireless_modes["11b"] = array(); + } + if (!isset($wireless_modes["11g"])) { + $wireless_modes["11g"] = array(); + } + $wireless_mode = "11ng"; + } else if ($wireless_mode == "11a ht") { + if (!isset($wireless_modes["11a"])) { + $wireless_modes["11a"] = array(); + } + $wireless_mode = "11na"; + } + $wireless_modes["$wireless_mode"]["$c"] = $wireless_channel; + } + $c++; + } + } + return($wireless_modes); +} + +/* return channel numbers, frequency, max txpower, and max regulation txpower */ +function get_wireless_channel_info($interface) { + $wireless_channels = array(); + + $cloned_interface = get_real_interface($interface); + + if ($cloned_interface && is_interface_wireless($cloned_interface)) { + $chan_list = "/sbin/ifconfig {$cloned_interface} list txpower"; + $stack_list = "/usr/bin/awk -F\"Channel \" '{ gsub(/\\*/, \" \"); print \$2 \"\\\n\" \$3 }'"; + $format_list = "/usr/bin/awk '{print \$1 \",\" \$3 \" \" \$4 \",\" \$5 \",\" \$7}'"; + + $interface_channels = ""; + exec("$chan_list | $stack_list | sort -u | $format_list 2>&1", $interface_channels); + + foreach ($interface_channels as $channel_line) { + $channel_line = explode(",", $channel_line); + if (!isset($wireless_channels[$channel_line[0]])) { + $wireless_channels[$channel_line[0]] = $channel_line; + } + } + } + return($wireless_channels); +} + +/****f* interfaces/get_interface_mtu + * NAME + * get_interface_mtu - Return the mtu of an interface + * RESULT + * $tmp - Returns the mtu of an interface + ******/ +function get_interface_mtu($interface) { + $mtu = pfSense_interface_getmtu($interface); + return $mtu['mtu']; +} + +function get_interface_mac($interface) { + + $macinfo = pfSense_get_interface_addresses($interface); + return $macinfo["macaddr"]; +} + +/****f* pfsense-utils/generate_random_mac_address + * NAME + * generate_random_mac - generates a random mac address + * INPUTS + * none + * RESULT + * $mac - a random mac address + ******/ +function generate_random_mac_address() { + $mac = "02"; + for ($x = 0; $x < 5; $x++) { + $mac .= ":" . dechex(rand(16, 255)); + } + return $mac; +} + +/****f* interfaces/is_jumbo_capable + * NAME + * is_jumbo_capable - Test if interface is jumbo frame capable. Useful for determining VLAN capability. + * INPUTS + * $int - string containing interface name + * RESULT + * boolean - true or false + ******/ +function is_jumbo_capable($iface) { + $iface = trim($iface); + $capable = pfSense_get_interface_addresses($iface); + + if (isset($capable['caps']['vlanmtu'])) { + return true; + } + + // hack for some lagg modes missing vlanmtu, but work fine w/VLANs + if (substr($iface, 0, 4) == "lagg") { + return true; + } + + return false; +} + +function interface_setup_pppoe_reset_file($pppif, $iface="") { + global $g; + + $cron_file = "{$g['varetc_path']}/pppoe_restart_{$pppif}"; + + if (!empty($iface) && !empty($pppif)) { + $cron_cmd = <<<EOD +#!/bin/sh +/usr/local/sbin/pfSctl -c 'interface reload {$iface}' +/usr/bin/logger -t {$pppif} "PPPoE periodic reset executed on {$iface}" + +EOD; + + @file_put_contents($cron_file, $cron_cmd); + chmod($cron_file, 0755); + sigkillbypid("{$g['varrun_path']}/cron.pid", "HUP"); + } else { + unlink_if_exists($cron_file); + } +} + +function get_interface_default_mtu($type = "ethernet") { + switch ($type) { + case "gre": + return 1476; + break; + case "gif": + return 1280; + break; + case "tun": + case "vlan": + case "tap": + case "ethernet": + default: + return 1500; + break; + } + + /* Never reached */ + return 1500; +} + +function get_vip_descr($ipaddress) { + global $config; + + foreach ($config['virtualip']['vip'] as $vip) { + if ($vip['subnet'] == $ipaddress) { + return ($vip['descr']); + } + } + return ""; +} + +function interfaces_staticarp_configure($if) { + global $config, $g; + if (isset($config['system']['developerspew'])) { + $mt = microtime(); + echo "interfaces_staticarp_configure($if) being called $mt\n"; + } + + $ifcfg = $config['interfaces'][$if]; + + if (empty($if) || empty($ifcfg['if']) || !isset($ifcfg['enable'])) { + return 0; + } + + /* Enable staticarp, if enabled */ + if (isset($config['dhcpd'][$if]['staticarp'])) { + mwexec("/sbin/ifconfig " . escapeshellarg($ifcfg['if']) . " staticarp "); + mwexec("/usr/sbin/arp -d -i " . escapeshellarg($ifcfg['if']) . " -a > /dev/null 2>&1 "); + if (is_array($config['dhcpd'][$if]['staticmap'])) { + foreach ($config['dhcpd'][$if]['staticmap'] as $arpent) { + mwexec("/usr/sbin/arp -s " . escapeshellarg($arpent['ipaddr']) . " " . escapeshellarg($arpent['mac'])); + } + } + } else { + mwexec("/sbin/ifconfig " . escapeshellarg($ifcfg['if']) . " -staticarp "); + mwexec("/usr/sbin/arp -d -i " . escapeshellarg($ifcfg['if']) . " -a > /dev/null 2>&1 "); + if (is_array($config['dhcpd'][$if]) && is_array($config['dhcpd'][$if]['staticmap'])) { + foreach ($config['dhcpd'][$if]['staticmap'] as $arpent) { + if (isset($arpent['arp_table_static_entry'])) { + mwexec("/usr/sbin/arp -s " . escapeshellarg($arpent['ipaddr']) . " " . escapeshellarg($arpent['mac'])); + } + } + } + } + + return 0; +} + +function get_failover_interface($interface, $family = "all") { + global $config; + + /* shortcut to get_real_interface if we find it in the config */ + if (is_array($config['interfaces'][$interface])) { + return get_real_interface($interface, $family); + } + + /* compare against gateway groups */ + $a_groups = return_gateway_groups_array(); + if (is_array($a_groups[$interface])) { + /* we found a gateway group, fetch the interface or vip */ + if (!empty($a_groups[$interface][0]['vip'])) { + return $a_groups[$interface][0]['vip']; + } else { + return $a_groups[$interface][0]['int']; + } + } + /* fall through to get_real_interface */ + /* XXX: Really needed? */ + return get_real_interface($interface, $family); +} + +function remove_ifindex($ifname) { + return preg_replace("/[0-9]+$/", "", $ifname); +} + +?> |
