diff options
Diffstat (limited to 'src/etc')
37 files changed, 492 insertions, 451 deletions
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index 92b9705..fffe84f 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -165,7 +165,7 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][ $referrer_host = str_replace(array("[", "]"), "", $referrer_host); if ($referrer_host) { if (strcasecmp($referrer_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 || - strcasecmp($referrer_host, $config['system']['hostname']) == 0) { + strcasecmp($referrer_host, $config['system']['hostname']) == 0) { $found_host = true; } @@ -1126,11 +1126,11 @@ function ldap_get_groups($username, $authcfg) { $gresults = isset($authcfg['ldap_rfc2307']) ? $info : $info[0][$ldapgroupattribute]; - if(is_array($gresults)) { + if (is_array($gresults)) { /* Iterate through the groups and throw them into an array */ foreach ($gresults as $grp) { - if (((isset($authcfg['ldap_rfc2307'])) && (stristr($grp["dn"], "CN=") !== false)) - || ((!isset($authcfg['ldap_rfc2307'])) && (stristr($grp, "CN=") !== false))) { + if (((isset($authcfg['ldap_rfc2307'])) && (stristr($grp["dn"], "CN=") !== false)) || + ((!isset($authcfg['ldap_rfc2307'])) && (stristr($grp, "CN=") !== false))) { $grpsplit = isset($authcfg['ldap_rfc2307']) ? explode(",", $grp["dn"]) : explode(",", $grp); $memberof[] = preg_replace("/CN=/i", "", $grpsplit[0]); } diff --git a/src/etc/inc/authgui.inc b/src/etc/inc/authgui.inc index a60712d..58bbd6c 100644 --- a/src/etc/inc/authgui.inc +++ b/src/etc/inc/authgui.inc @@ -130,7 +130,7 @@ function display_error_form($http_code, $desc) { $cssfile = "/bootstrap/css/pfSense.css"; if (isset($config['system']['webgui']['webguicss'])) { - if(file_exists("bootstrap/css/" . $config['system']['webgui']['webguicss'])) { + if (file_exists("bootstrap/css/" . $config['system']['webgui']['webguicss'])) { $cssfile = "/bootstrap/css/" . $config['system']['webgui']['webguicss']; } } @@ -139,6 +139,7 @@ function display_error_form($http_code, $desc) { <!DOCTYPE html> <html lang="en"> <head> + <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" href="<?=$cssfile?>" /> <title><?=gettext("Error: not allowed"); ?></title> </head> @@ -233,7 +234,7 @@ if ($local_ip == false) { $cssfile = "/bootstrap/css/pfSense.css"; if (isset($config['system']['webgui']['webguicss'])) { - if(file_exists("bootstrap/css/" . $config['system']['webgui']['webguicss'])) { + if (file_exists("bootstrap/css/" . $config['system']['webgui']['webguicss'])) { $cssfile = "/bootstrap/css/" . $config['system']['webgui']['webguicss']; } } @@ -242,6 +243,7 @@ if (isset($config['system']['webgui']['webguicss'])) { <!DOCTYPE html> <html lang="en"> <head> + <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" href="<?=$cssfile?>" /> <title><?=gettext("Login"); ?></title> <script type="text/javascript"> diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc index 7bfaf44..0f1d166 100644 --- a/src/etc/inc/captiveportal.inc +++ b/src/etc/inc/captiveportal.inc @@ -545,8 +545,9 @@ EOD; $rulenum++; $cprules .= "add {$rulenum} pass ip from table(100) to any out\n"; $rulenum++; - foreach ($cpips as $cpip) + foreach ($cpips as $cpip) { $cprules .= "table 100 add {$cpip}\n"; + } $cprules .= "add {$rulenum} pass ip from any to 255.255.255.255 in\n"; $rulenum++; $cprules .= "add {$rulenum} pass ip from 255.255.255.255 to any out\n"; diff --git a/src/etc/inc/config.console.inc b/src/etc/inc/config.console.inc index 33194bf..36cd694 100644 --- a/src/etc/inc/config.console.inc +++ b/src/etc/inc/config.console.inc @@ -101,15 +101,13 @@ BEGIN MANUAL CONFIGURATION OR WE WILL PROCEED WITH AUTO CONFIGURATION. EOD; } - echo <<<EOD - -Do you want to set up VLANs first? - -If you are not going to use VLANs, or only for optional interfaces, you should -say no here and use the webConfigurator to configure VLANs later, if required. - -Do you want to set up VLANs now [y|n]? -EOD; + echo "\n" . gettext("Do you want to set up VLANs first?"); + echo "\n" . + gettext( + "If you are not going to use VLANs, or only for optional interfaces, you should\n" . + "say no here and use the webConfigurator to configure VLANs later, if required.") . + "\n"; + echo "\n" . gettext("Do you want to set up VLANs now [y|n]?") . " "; if ($auto_assign) { $key = timeout(); @@ -314,10 +312,7 @@ EOD; echo "OPT" . ($i+1) . " -> " . $optif[$i] . "\n"; } - echo <<<EOD - -Do you want to proceed [y|n]? -EOD; + echo "\n" . gettext("Do you want to proceed [y|n]?") . " "; $key = chop(fgets($fp)); } @@ -330,13 +325,8 @@ EOD; $config['interfaces']['lan']['enable'] = true; } elseif (!platform_booting() && !$auto_assign) { -echo <<<EODD - -You have chosen to remove the LAN interface. - -Would you like to remove the LAN IP address and -unload the interface now? [y|n]? -EODD; + echo "\n" . gettext("You have chosen to remove the LAN interface.") . "\n"; + echo "\n" . gettext("Would you like to remove the LAN IP address and \nunload the interface now [y|n]?") . " "; if (strcasecmp(chop(fgets($fp)), "y") == 0) { if (isset($config['interfaces']['lan']) && $config['interfaces']['lan']['if']) { @@ -497,13 +487,8 @@ function vlan_setup() { $iflist = get_interface_list(); if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) { - - echo <<<EOD - -WARNING: all existing VLANs will be cleared if you proceed! - -Do you want to proceed [y|n]? -EOD; + echo "\n" . gettext("WARNING: all existing VLANs will be cleared if you proceed!") . "\n"; + echo "\n" . gettext("Do you want to proceed [y|n]?") . " "; if (strcasecmp(chop(fgets($fp)), "y") != 0) { return; diff --git a/src/etc/inc/dyndns.class b/src/etc/inc/dyndns.class index a241485..1d1641b 100644 --- a/src/etc/inc/dyndns.class +++ b/src/etc/inc/dyndns.class @@ -300,7 +300,7 @@ $ch = curl_init(); if ($this->_useIPv6 == false) { - curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); + curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); } if ($this->_dnsService != 'ods' and $this->_dnsService != 'route53 ') { @@ -691,7 +691,7 @@ case 'cloudflare': $needsIP = TRUE; $dnsServer ='api.cloudflare.com'; - $dnsHost = str_replace(' ','', $this->_dnsHost); + $dnsHost = str_replace(' ', '', $this->_dnsHost); $host_names = explode(".", $dnsHost); $bottom_host_name = $host_names[count($host_names)-2] . "." . $host_names[count($host_names)-1]; @@ -707,12 +707,12 @@ curl_setopt($ch, CURLOPT_URL, $getZoneId); $output = json_decode(curl_exec($ch)); $zone = $output->result[0]->id; - if ($zone){ // If zone ID was found get host ID + if ($zone) { // If zone ID was found get host ID $getHostId = "https://{$dnsServer}/client/v4/zones/{$zone}/dns_records?name={$this->_dnsHost}"; curl_setopt($ch, CURLOPT_URL, $getHostId); $output = json_decode(curl_exec($ch)); $host = $output->result[0]->id; - if ($host){ // If host ID was found update host + if ($host) { // If host ID was found update host $hostData = array( "content" => "{$this->_dnsIP}", "type" => "A", @@ -724,7 +724,7 @@ $updateHostId = "https://{$dnsServer}/client/v4/zones/{$zone}/dns_records/{$host}"; curl_setopt($ch, CURLOPT_URL, $updateHostId); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT'); - curl_setopt($ch, CURLOPT_POSTFIELDS,$data_json); + curl_setopt($ch, CURLOPT_POSTFIELDS, $data_json); } } break; @@ -831,15 +831,18 @@ case 'spdns': case 'spdns-v6': $needsIP = FALSE; - if ($this->_dnsVerboseLog) + if ($this->_dnsVerboseLog) { log_error("SPDNS: ({$this->_dnsHost}) DNS update() starting."); + } curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass); $server = "https://update.spdns.de/nic/update"; $port = ""; - if($this->_dnsServer) + if ($this->_dnsServer) { $server = $this->_dnsServer; - if($this->_dnsPort) + } + if ($this->_dnsPort) { $port = ":" . $this->_dnsPort; + } curl_setopt($ch, CURLOPT_URL, $server .$port . '?hostname=' . $this->_dnsHost . '&myip=' . $this->_dnsIP); break; default: @@ -1300,17 +1303,14 @@ break; case 'cloudflare': $output = json_decode($data); - if ($output->result->content === $this->_dnsIP){ + if ($output->result->content === $this->_dnsIP) { $status = "DynDNS: (Success) {$this->_dnsHost} updated to {$this->_dnsIP}"; $successful_update = true; - } - elseif ($output->errors[0]->code === 9103){ + } elseif ($output->errors[0]->code === 9103) { $status = "DynDNS ({$this->_dnsHost}): ERROR - Invalid Credentials! Don't forget to use API Key for password field with CloudFlare."; - } - elseif (($output->success) && (!$output->result[0]->id)) { + } elseif (($output->success) && (!$output->result[0]->id)) { $status = "DynDNS ({$this->_dnsHost}): ERROR - Zone or Host ID was not found, check your hostname."; - } - else { + } else { $status = "DynDNS ({$this->_dnsHost}): UNKNOWN ERROR - {$output->errors[0]->message}"; log_error("DynDNS ({$this->_dnsHost}): PAYLOAD: {$data}"); } diff --git a/src/etc/inc/easyrule.inc b/src/etc/inc/easyrule.inc index 199e7d0..727fd4b 100644 --- a/src/etc/inc/easyrule.inc +++ b/src/etc/inc/easyrule.inc @@ -53,8 +53,9 @@ function easyrule_find_rule_interface($int) { } /* add ipsec interfaces */ - if (ipsec_enabled()) + if (ipsec_enabled()) { $iflist["enc0"] = "IPSEC"; + } if (isset($iflist[$int])) { return $int; diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 5085160..2d4c6a5 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -430,7 +430,7 @@ function filter_configure_sync($delete_states_if_needed = true) { * then output the contents of the error to the caller */ if ($rules_loading <> 0) { - foreach($rules_error as $errorline) { + foreach ($rules_error as $errorline) { $saved_line_error = $errorline; $line_error = explode(":", $errorline); $line_number = $line_error[1]; @@ -2872,7 +2872,7 @@ function filter_generate_user_rule($rule) { (isset($rule['max-src-conn-rate']) and $rule['max-src-conn-rate'] <> "") or (isset($rule['max-src-conn-rates']) and $rule['max-src-conn-rates'] <> ""))) or (isset($rule['sloppy'])) or - (isset($rule['nopfsync'])) ) { + (isset($rule['nopfsync']))) { $aline['flags'] .= "( "; if (isset($rule['sloppy'])) { $aline['flags'] .= "sloppy "; @@ -3324,7 +3324,7 @@ EOD; } /* allow access to DHCP relay on interfaces */ - if(isset($config['dhcrelay']['enable'])) { + if (isset($config['dhcrelay']['enable'])) { $dhcifaces = explode(",", $dhcrelaycfg['interface']); foreach ($dhcifaces as $dhcrelayif) { if ($dhcrelayif == $on) { diff --git a/src/etc/inc/filter_log.inc b/src/etc/inc/filter_log.inc index a010471..848ff1d 100644 --- a/src/etc/inc/filter_log.inc +++ b/src/etc/inc/filter_log.inc @@ -230,21 +230,17 @@ function parse_unknown_log_line($line) { $pattern = "/^" . $date_pattern . "\ +" . $log_message_pattern . "$/"; - if (!preg_match($pattern, $line, $log_split)) + if (!preg_match($pattern, $line, $log_split)) { return ""; + } list($all, $flent['time'], $flent['message']) = $log_split; - if($g['debug']) { - log_error(sprintf(gettext("There was a error parsing: %s. Please report to mailing list or forum."), $flent['process'])); - return ""; - } - /* If there is time, and message, fields, then the line should be usable/good */ - if (!( (trim($flent['time']) == "") && (trim($flent['message']) == "") )) { + if (!((trim($flent['time']) == "") && (trim($flent['message']) == ""))) { return $flent; } else { - if($g['debug']) { + if ($g['debug']) { log_error(sprintf(gettext("There was a error parsing log entry: %s. Please report to mailing list or forum."), $errline)); } return ""; @@ -269,21 +265,17 @@ function parse_system_log_line($line) { $pattern = "/^" . $date_pattern . "\ +" . $process_pattern . "\ +" . $pid_pattern . "\ +" . $log_message_pattern . "$/"; - if (!preg_match($pattern, $line, $log_split)) + if (!preg_match($pattern, $line, $log_split)) { return ""; + } list($all, $flent['time'], $flent['host'], $flent['process'], $flent['pid'], $flent['message']) = $log_split; - if($g['debug']) { - log_error(sprintf(gettext("There was a error parsing: %s. Please report to mailing list or forum."), $flent['process'])); - return ""; - } - /* If there is time, process, and message, fields, then the line should be usable/good */ - if (!( (trim($flent['time']) == "") && (trim($flent['process']) == "") && (trim($flent['message']) == "") )) { + if (!((trim($flent['time']) == "") && (trim($flent['process']) == "") && (trim($flent['message']) == ""))) { return $flent; } else { - if($g['debug']) { + if ($g['debug']) { log_error(sprintf(gettext("There was a error parsing log entry: %s. Please report to mailing list or forum."), $errline)); } return ""; @@ -552,7 +544,7 @@ function find_action_image($action) { function handle_ajax($nentries, $tail = 50) { global $config; if ($_GET['lastsawtime'] or $_POST['lastsawtime']) { - global $filter_logfile,$filterent; + global $filter_logfile, $filterent; if ($_GET['lastsawtime']) { $lastsawtime = $_GET['lastsawtime']; } diff --git a/src/etc/inc/globals.inc b/src/etc/inc/globals.inc index 893590d..306639b 100644 --- a/src/etc/inc/globals.inc +++ b/src/etc/inc/globals.inc @@ -71,7 +71,7 @@ $g = array( "disablecrashreporter" => false, "crashreporterurl" => "https://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "13.0", + "latest_config" => "13.1", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", diff --git a/src/etc/inc/gwlb.inc b/src/etc/inc/gwlb.inc index 9880cdc..006a0b7 100644 --- a/src/etc/inc/gwlb.inc +++ b/src/etc/inc/gwlb.inc @@ -26,135 +26,136 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - pfSense_BUILDER_BINARIES: /sbin/route /usr/local/sbin/apinger pfSense_MODULE: routing */ require_once("config.inc"); require_once("rrd.inc"); -/* Returns an array of default values used for apinger.conf */ -function return_apinger_defaults() { +/* Returns an array of default values used for dpinger */ +function return_dpinger_defaults() { return array( "latencylow" => "200", "latencyhigh" => "500", "losslow" => "10", "losshigh" => "20", - "interval" => "1", - "down" => "10", - "avg_delay_samples" => "10", - "avg_loss_samples" => "50", - "avg_loss_delay_samples" => "20"); + "interval" => "250", + "loss_interval" => "500", + "time_period" => "25000", + "alert_interval" => "1000"); } -/* - * Creates monitoring configuration file and - * adds appropriate static routes. - */ -function setup_gateways_monitor() { - global $config, $g; +function running_dpinger_processes() { + global $g; - $gateways_arr = return_gateways_array(); - if (!is_array($gateways_arr)) { - log_error("No gateways to monitor. Apinger will not be run."); - killbypid("{$g['varrun_path']}/apinger.pid"); - @unlink("{$g['varrun_path']}/apinger.status"); - return; - } + $pidfiles = glob("{$g['varrun_path']}/dpinger_*.pid"); - $apinger_debug = ""; - if (isset($config['system']['apinger_debug'])) { - $apinger_debug = "debug on"; + $result = array(); + if ($pidfiles === FALSE) { + return $result; } - $apinger_default = return_apinger_defaults(); - $apingerconfig = <<<EOD - -# pfSense apinger configuration file. Automatically Generated! - -{$apinger_debug} - -## User and group the pinger should run as -user "root" -group "wheel" - -## Mailer to use (default: "/usr/lib/sendmail -t") -#mailer "/var/qmail/bin/qmail-inject" - -## Location of the pid-file (default: "/var/run/apinger.pid") -pid_file "{$g['varrun_path']}/apinger.pid" - -## Format of timestamp (%s macro) (default: "%b %d %H:%M:%S") -#timestamp_format "%Y%m%d%H%M%S" + foreach ($pidfiles as $pidfile) { + $result[] = preg_replace('/^dpinger_(\w+)\.pid$/', "$1", + basename($pidfile)); + } -status { - ## File where the status information should be written to - file "{$g['varrun_path']}/apinger.status" - ## Interval between file updates - ## when 0 or not set, file is written only when SIGUSR1 is received - interval 5s + return $result; } -######################################## -# RRDTool status gathering configuration -# Interval between RRD updates -rrd interval 60s; +/* + * Stop one or more dpinger process + * default parameter $gwname is '*' that will kill all running sessions + * If a gateway name is passed, only this one will be killed + */ +function stop_dpinger($gwname = '*') { + global $g; -## These parameters can be overridden in a specific alarm configuration -alarm default { - command on "/usr/local/sbin/pfSctl -c 'service reload dyndns %T' -c 'service reload ipsecdns' -c 'service reload openvpn %T' -c 'filter reload' " - command off "/usr/local/sbin/pfSctl -c 'service reload dyndns %T' -c 'service reload ipsecdns' -c 'service reload openvpn %T' -c 'filter reload' " - combine 10s -} + $pidfiles = glob("{$g['varrun_path']}/dpinger_{$gwname}.pid"); -## "Down" alarm definition. -## This alarm will be fired when target doesn't respond for 30 seconds. -alarm down "down" { - time {$apinger_default['down']}s -} + if ($pidfiles === FALSE) { + return; + } -## "Delay" alarm definition. -## This alarm will be fired when responses are delayed more than 200ms -## it will be canceled, when the delay drops below 100ms -alarm delay "delay" { - delay_low {$apinger_default['latencylow']}ms - delay_high {$apinger_default['latencyhigh']}ms + foreach ($pidfiles as $pidfile) { + if (isvalidpid($pidfile)) { + killbypid($pidfile); + } else { + @unlink($pidfile); + } + } } -## "Loss" alarm definition. -## This alarm will be fired when packet loss goes over 20% -## it will be canceled, when the loss drops below 10% -alarm loss "loss" { - percent_low {$apinger_default['losslow']} - percent_high {$apinger_default['losshigh']} +function start_dpinger($gateway) { + global $g; + + $dpinger_defaults = return_dpinger_defaults(); + + $pidfile = "{$g['varrun_path']}/dpinger_{$gateway['name']}.pid"; + $socket = "{$g['varrun_path']}/dpinger_{$gateway['name']}.sock"; + $alarm_cmd = "{$g['etc_path']}/rc.gateway_alarm {$gateway['name']}"; + + $params = "-S "; /* Log warnings via syslog */ + $params .= "-B {$gateway['gwifip']} "; /* Bind src address */ + $params .= "-p {$pidfile} "; /* PID filename */ + $params .= "-U {$socket} "; /* Status Socket */ + $params .= "-C \"{$alarm_cmd}\" "; /* Command to run on alarm */ + + $params .= "-s " . + (isset($gateway['interval']) && is_numeric($gateway['interval']) + ? $gateway['interval'] + : $dpinger_defaults['interval'] + ) . " "; + + $params .= "-l " . + (isset($gateway['loss_interval']) && is_numeric($gateway['loss_interval']) + ? $gateway['loss_interval'] + : $dpinger_defaults['loss_interval'] + ) . " "; + + $params .= "-t " . + (isset($gateway['time_period']) && is_numeric($gateway['time_period']) + ? $gateway['time_period'] + : $dpinger_defaults['time_period'] + ) . " "; + + $params .= "-A " . + (isset($gateway['alert_interval']) && is_numeric($gateway['alert_interval']) + ? $gateway['alert_interval'] + : $dpinger_defaults['alert_interval'] + ) . " "; + + $params .= "-D " . + (isset($gateway['latencyhigh']) && is_numeric($gateway['latencyhigh']) + ? $gateway['latencyhigh'] + : $dpinger_defaults['latencyhigh'] + ) . " "; + + $params .= "-L " . + (isset($gateway['losshigh']) && is_numeric($gateway['losshigh']) + ? $gateway['losshigh'] + : $dpinger_defaults['losshigh'] + ) . " "; + + mwexec_bg("/usr/local/bin/dpinger {$params} {$gateway['monitor']}"); } -target default { - ## How often the probe should be sent - interval {$apinger_default['interval']}s - - ## How many replies should be used to compute average delay - ## for controlling "delay" alarms - avg_delay_samples {$apinger_default['avg_delay_samples']} - - ## How many probes should be used to compute average loss - avg_loss_samples {$apinger_default['avg_loss_samples']} - - ## The delay (in samples) after which loss is computed - ## without this delays larger than interval would be treated as loss - avg_loss_delay_samples {$apinger_default['avg_loss_delay_samples']} - - ## Names of the alarms that may be generated for the target - alarms "down","delay","loss" - - ## Location of the RRD - #rrd file "{$g['vardb_path']}/rrd/apinger-%t.rrd" -} +/* + * Creates monitoring configuration file and + * adds appropriate static routes. + */ +function setup_gateways_monitor() { + global $config, $g; -EOD; + $gateways_arr = return_gateways_array(); + if (!is_array($gateways_arr)) { + log_error("No gateways to monitor. dpinger will not run."); + stop_dpinger(); + return; + } $monitor_ips = array(); - foreach ($gateways_arr as $name => $gateway) { + foreach ($gateways_arr as $gwname => $gateway) { /* Do not monitor if such was requested */ if (isset($gateway['monitor_disable'])) { continue; @@ -172,7 +173,7 @@ EOD; continue; } - /* Interface ip is needed since apinger will bind a socket to it. + /* Interface ip is needed since dpinger will bind a socket to it. * However the config GUI should already have checked this and when * PPoE is used the IP address is set to "dynamic". So using is_ipaddrv4 * or is_ipaddrv6 to identify packet type would be wrong, especially as @@ -262,176 +263,111 @@ EOD; } $monitor_ips[] = $gateway['monitor']; - $apingercfg = "target \"{$gateway['monitor']}\" {\n"; - $apingercfg .= " description \"{$name}\"\n"; - $apingercfg .= " srcip \"{$gwifip}\"\n"; - - ## How often the probe should be sent - if (!empty($gateway['interval']) && is_numeric($gateway['interval'])) { - $interval = intval($gateway['interval']); # Restrict to Integer - if ($interval < 1) { - $interval = 1; # Minimum - } - if ($interval != $apinger_default['interval']) { # If not default value - $apingercfg .= " interval " . $interval . "s\n"; - } - } + $gateways_arr[$gwname]['enable_dpinger'] = true; + $gateways_arr[$gwname]['gwifip'] = $gwifip; + } - ## How many replies should be used to compute average delay - ## for controlling "delay" alarms - if (!empty($gateway['avg_delay_samples']) && is_numeric($gateway['avg_delay_samples'])) { - $avg_delay_samples = intval($gateway['avg_delay_samples']); # Restrict to Integer - if ($avg_delay_samples < 1) { - $avg_delay_samples = 1; # Minimum - } - if ($avg_delay_samples != $apinger_default['avg_delay_samples']) { # If not default value - $apingercfg .= " avg_delay_samples " . $avg_delay_samples . "\n"; - } - } + stop_dpinger(); - ## How many probes should be used to compute average loss - if (!empty($gateway['avg_loss_samples']) && is_numeric($gateway['avg_loss_samples'])) { - $avg_loss_samples = intval($gateway['avg_loss_samples']); # Restrict to Integer - if ($avg_loss_samples < 1) { - $avg_loss_samples = 1; # Minimum - } - if ($avg_loss_samples != $apinger_default['avg_loss_samples']) { # If not default value - $apingercfg .= " avg_loss_samples " . $avg_loss_samples . "\n"; - } + /* Start new processes */ + foreach ($gateways_arr as $gateway) { + if (isset($gateway['enable_dpinger'])) { + start_dpinger($gateway); } + } - ## The delay (in samples) after which loss is computed - ## without this delays larger than interval would be treated as loss - if (!empty($gateway['avg_loss_delay_samples']) && is_numeric($gateway['avg_loss_delay_samples'])) { - $avg_loss_delay_samples = intval($gateway['avg_loss_delay_samples']); # Restrict to Integer - if ($avg_loss_delay_samples < 1) { - $avg_loss_delay_samples = 1; # Minimum - } - if ($avg_loss_delay_samples != $apinger_default['avg_loss_delay_samples']) { # If not default value - $apingercfg .= " avg_loss_delay_samples " . $avg_loss_delay_samples . "\n"; - } - } + return 0; +} - $alarms = ""; - $alarmscfg = ""; - $override = false; - if (!empty($gateway['losslow'])) { - $alarmscfg .= "alarm loss \"{$name}loss\" {\n"; - $alarmscfg .= "\tpercent_low {$gateway['losslow']}\n"; - $alarmscfg .= "\tpercent_high {$gateway['losshigh']}\n"; - $alarmscfg .= "}\n"; - $alarms .= "\"{$name}loss\""; - $override = true; - } else { - if ($override == true) { - $alarms .= ","; - } - $alarms .= "\"loss\""; - $override = true; - } - if (!empty($gateway['latencylow'])) { - $alarmscfg .= "alarm delay \"{$name}delay\" {\n"; - $alarmscfg .= "\tdelay_low {$gateway['latencylow']}ms\n"; - $alarmscfg .= "\tdelay_high {$gateway['latencyhigh']}ms\n"; - $alarmscfg .= "}\n"; - if ($override == true) { - $alarms .= ","; - } - $alarms .= "\"{$name}delay\""; - $override = true; - } else { - if ($override == true) { - $alarms .= ","; - } - $alarms .= "\"delay\""; - $override = true; - } - if (!empty($gateway['down'])) { - $alarmscfg .= "alarm down \"{$name}down\" {\n"; - $alarmscfg .= "\ttime {$gateway['down']}s\n"; - $alarmscfg .= "}\n"; - if ($override == true) { - $alarms .= ","; - } - $alarms .= "\"{$name}down\""; - $override = true; - } else { - if ($override == true) { - $alarms .= ","; - } - $alarms .= "\"down\""; - $override = true; - } - if ($override == true) { - $apingercfg .= "\talarms override {$alarms};\n"; - } +function get_dpinger_status($gwname) { + global $g; - if (isset($gateway['force_down'])) { - $apingercfg .= "\tforce_down on\n"; - } + $socket = "{$g['varrun_path']}/dpinger_{$gwname}.sock"; - $apingercfg .= " rrd file \"{$g['vardb_path']}/rrd/{$gateway['name']}-quality.rrd\"\n"; - $apingercfg .= "}\n"; - $apingercfg .= "\n"; + if (!file_exists($socket)) { + log_error("dpinger: status socket {$socket} not found"); + return false; + } - $apingerconfig .= $alarmscfg; - $apingerconfig .= $apingercfg; + $fp = stream_socket_client("unix://{$socket}", $errno, $errstr, 10); + if (!$fp) { + log_error("dpinger: cannot connect to status socket {$socket} - $errstr ($errno)"); + return false; + } - # Create gateway quality RRD with settings more suitable for pfSense graph set, - # since apinger uses default step (300; 5 minutes) and other settings that don't - # match the pfSense gateway quality graph set. - create_gateway_quality_rrd("{$g['vardb_path']}/rrd/{$gateway['name']}-quality.rrd"); + $status = ''; + while (!feof($fp)) { + $status .= fgets($fp, 1024); } - @file_put_contents("{$g['varetc_path']}/apinger.conf", $apingerconfig); - unset($apingerconfig); + fclose($fp); + + $r = array(); + list( + $r['latency_avg'], + $r['latency_stddev'], + $r['loss'], + $r['alarm_on'], + $r['srcip'], + $r['targetip'] + ) = explode(' ', preg_replace('/\n/', '', $status)); - /* Restart apinger process */ - if (isvalidpid("{$g['varrun_path']}/apinger.pid")) { - sigkillbypid("{$g['varrun_path']}/apinger.pid", "HUP"); - } else { - /* start a new apinger process */ - @unlink("{$g['varrun_path']}/apinger.status"); - sleep(1); - mwexec_bg("/usr/local/sbin/apinger -c {$g['varetc_path']}/apinger.conf"); - sleep(1); - sigkillbypid("{$g['varrun_path']}/apinger.pid", "USR1"); + $gateways_arr = return_gateways_array(); + unset($gw); + if (isset($gateways_arr[$gwname])) { + $gw = $gateways_arr[$gwname]; } - return 0; + $r['status'] = "none"; + if (isset($gw) && isset($gw['force_down'])) { + $r['status'] = "force_down"; + } else if ($r['alarm_on'] == 1) { + $r['status'] = "down"; + } else if (isset($gw)) { + if (isset($gw['latencylow']) && + is_numeric($gw['latencylow']) && + ($r['latency_avg'] > $gw['latencylow'])) { + $r['status'] = "delay"; + } else if (isset($gw['losslow']) && + is_numeric($gw['losslow']) && + ($r['loss'] > $gw['losslow'])) { + $r['status'] = "loss"; + } + } + + $r['latency_avg'] = round($r['latency_avg']/1000, 3); + $r['latency_stddev'] = round($r['latency_stddev']/1000, 3); + + return $r; } -/* return the status of the apinger targets as a array */ +/* return the status of the dpinger targets as an array */ function return_gateways_status($byname = false) { global $config, $g; - $apingerstatus = array(); - /* Always get the latest status from apinger */ - if (file_exists("{$g['varrun_path']}/apinger.pid")) { - sigkillbypid("{$g['varrun_path']}/apinger.pid", "USR1"); - } - if (file_exists("{$g['varrun_path']}/apinger.status")) { - $apingerstatus = file("{$g['varrun_path']}/apinger.status"); - } else { - $apingerstatus = array(); - } - + $dpinger_gws = running_dpinger_processes(); $status = array(); - foreach ($apingerstatus as $line) { - $info = explode("|", $line); + + $gateways_arr = return_gateways_array(); + + foreach ($dpinger_gws as $gwname) { + $dpinger_status = get_dpinger_status($gwname); + if ($dpinger_status === false) { + continue; + } + if ($byname == false) { - $target = $info[0]; + $target = $dpinger_status['targetip']; } else { - $target = $info[2]; + $target = $gwname; } $status[$target] = array(); - $status[$target]['monitorip'] = $info[0]; - $status[$target]['srcip'] = $info[1]; - $status[$target]['name'] = $info[2]; - $status[$target]['lastcheck'] = $info[5] ? date('r', $info[5]) : date('r'); - $status[$target]['delay'] = empty($info[6]) ? "0ms" : round($info[6], 1) ."ms" ; - $status[$target]['loss'] = empty($info[7]) ? "0.0%" : round($info[7], 1) . "%"; - $status[$target]['status'] = trim($info[8]); + $status[$target]['monitorip'] = $dpinger_status['targetip']; + $status[$target]['srcip'] = $dpinger_status['srcip']; + $status[$target]['name'] = $gwname; + $status[$target]['delay'] = empty($dpinger_status['latency_avg']) ? "0ms" : $dpinger_status['latency_avg'] . "ms"; + $status[$target]['loss'] = empty($dpinger_status['loss']) ? "0.0%" : round($dpinger_status['loss'], 1) . "%"; + $status[$target]['status'] = $dpinger_status['status']; } /* tack on any gateways that have monitoring disabled @@ -441,7 +377,7 @@ function return_gateways_status($byname = false) { if (!isset($gwitem['monitor_disable'])) { continue; } - if (!is_ipaddr($gwitem['monitorip'])) { + if (!is_ipaddr($gwitem['monitor'])) { $realif = $gwitem['interface']; $tgtip = get_interface_gateway($realif); if (!is_ipaddr($tgtip)) { @@ -449,7 +385,7 @@ function return_gateways_status($byname = false) { } $srcip = find_interface_ip($realif); } else { - $tgtip = $gwitem['monitorip']; + $tgtip = $gwitem['monitor']; $srcip = find_interface_ip($realif); } if ($byname == true) { @@ -462,7 +398,6 @@ function return_gateways_status($byname = false) { if ($target == "none") { $target = $gwitem['name']; $status[$target]['name'] = $gwitem['name']; - $status[$target]['lastcheck'] = date('r'); $status[$target]['delay'] = "0.0ms"; $status[$target]['loss'] = "100.0%"; $status[$target]['status'] = "down"; @@ -470,7 +405,6 @@ function return_gateways_status($byname = false) { $status[$target]['monitorip'] = $tgtip; $status[$target]['srcip'] = $srcip; $status[$target]['name'] = $gwitem['name']; - $status[$target]['lastcheck'] = date('r'); $status[$target]['delay'] = "0.0ms"; $status[$target]['loss'] = "0.0%"; $status[$target]['status'] = "none"; @@ -1249,4 +1183,4 @@ function gateway_is_gwgroup_member($name) { return $members; } -?>
\ No newline at end of file +?> diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index 8767615..984913b 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -824,7 +824,7 @@ function interface_gre_configure(&$gre, $grekey = "") { /* Do not change the order here for more see gre(4) NOTES section. */ if (is_ipaddrv6($gre['remote-addr'])) { mwexec("/sbin/ifconfig {$greif} inet6 tunnel {$realifip6} " . escapeshellarg($gre['remote-addr'])); - }else{ + } else { mwexec("/sbin/ifconfig {$greif} tunnel {$realifip} " . escapeshellarg($gre['remote-addr'])); } if ((is_ipaddrv6($gre['tunnel-local-addr'])) || (is_ipaddrv6($gre['tunnel-remote-addr']))) { @@ -945,7 +945,7 @@ function interface_gif_configure(&$gif, $gifkey = "") { if (is_ipaddrv6($gif['remote-addr'])) { mwexec("/sbin/ifconfig {$gifif} inet6 tunnel {$realifip} " . escapeshellarg($gif['remote-addr'])); } else { - mwexec("/sbin/ifconfig {$gifif} tunnel {$realifip} " . escapeshellarg($gif['remote-addr'])); + mwexec("/sbin/ifconfig {$gifif} tunnel {$realifip} " . escapeshellarg($gif['remote-addr'])); } if ((is_ipaddrv6($gif['tunnel-local-addr'])) || (is_ipaddrv6($gif['tunnel-remote-addr']))) { /* XXX: The prefixlen argument for tunnels of ipv6 is useless since it needs to be 128 as enforced by kernel */ @@ -5241,17 +5241,19 @@ function get_possible_listen_ips($include_ipv6_link_local=false) { /* XXX: Maybe use array_merge below? */ $carplist = get_configured_carp_interface_list(); foreach ($carplist as $cif => $carpip) { - if (get_vip_descr($carpip)) + if (get_vip_descr($carpip)) { $interfaces[$cif] = $carpip . ' (' . get_vip_descr($carpip) . ')'; - else + } else { $interfaces[$cif] = $carpip; + } } $aliaslist = get_configured_ip_aliases_list(); foreach ($aliaslist as $aliasip => $aliasif) { - if (get_vip_descr($aliasip)) + if (get_vip_descr($aliasip)) { $interfaces[$aliasip] = $aliasip . ' (' . get_vip_descr($aliasip) . ')'; - else + } else { $interfaces[$aliasip] = $aliasip; + } } $interfaces['lo0'] = 'Localhost'; diff --git a/src/etc/inc/ipsec.inc b/src/etc/inc/ipsec.inc index de9ee00..e766ae1 100644 --- a/src/etc/inc/ipsec.inc +++ b/src/etc/inc/ipsec.inc @@ -205,8 +205,9 @@ $p2_pfskeygroups = array( function ipsec_enabled() { global $config; - if (!isset($config['ipsec']) || !is_array($config['ipsec'])) + if (!isset($config['ipsec']) || !is_array($config['ipsec'])) { return false; + } /* Check if we have at least one phase 1 entry. */ if (!isset($config['ipsec']['phase1']) || @@ -216,8 +217,9 @@ function ipsec_enabled() { } /* Check if at least one phase 1 entry is enabled. */ foreach ($config['ipsec']['phase1'] as $phase1) { - if (!isset($phase1['disabled'])) + if (!isset($phase1['disabled'])) { return true; + } } return false; @@ -477,8 +479,9 @@ function ipsec_phase2_status(&$ipsec_status, &$phase2) { */ function ipsec_list_sa() { - if (ipsec_enabled()) + if (ipsec_enabled()) { return pfSense_ipsec_list_sa(); + } return array(); } diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc index 202d6bd..9dc5579 100644 --- a/src/etc/inc/openvpn.inc +++ b/src/etc/inc/openvpn.inc @@ -131,8 +131,9 @@ function openvpn_build_mode_list() { $list = array(); - foreach ($openvpn_server_modes as $name => $desc) + foreach ($openvpn_server_modes as $name => $desc) { $list[$name] = $desc; + } return($list); } @@ -143,24 +144,28 @@ function openvpn_build_if_list() { $interfaces = get_configured_interface_with_descr(); $carplist = get_configured_carp_interface_list(); - foreach ($carplist as $cif => $carpip) + foreach ($carplist as $cif => $carpip) { $interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; + } $aliaslist = get_configured_ip_aliases_list(); - foreach ($aliaslist as $aliasip => $aliasif) + foreach ($aliaslist as $aliasip => $aliasif) { $interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; + } $grouplist = return_gateway_groups_array(); foreach ($grouplist as $name => $group) { - if($group['ipprotocol'] != inet) + if ($group['ipprotocol'] != inet) { continue; + } - if($group[0]['vip'] != "") + if ($group[0]['vip'] != "") { $vipif = $group[0]['vip']; - else + } else { $vipif = $group[0]['int']; + } $interfaces[$name] = "GW Group {$name}"; } @@ -168,8 +173,9 @@ function openvpn_build_if_list() { $interfaces['lo0'] = "Localhost"; $interfaces['any'] = "any"; - foreach ($interfaces as $iface => $ifacename) + foreach ($interfaces as $iface => $ifacename) { $list[$iface] = $ifacename; + } return($list); } @@ -183,8 +189,9 @@ function openvpn_build_crl_list() { $caname = ""; $ca = lookup_ca($crl['caref']); - if ($ca) + if ($ca) { $caname = " (CA: {$ca['descr']})"; + } $list[$crl['refid']] = $crl['descr'] . $caname; } @@ -201,9 +208,10 @@ function openvpn_build_cert_list($include_none = false, $prioritize_server_certs $list = array(); } + $non_server_list = array(); + if ($prioritize_server_certs) { $list[' '] = "===== Server Certificates ====="; - $non_server_list = array(); $non_server_list[' '] = "===== Non-Server Certificates ====="; } @@ -243,11 +251,7 @@ function openvpn_build_cert_list($include_none = false, $prioritize_server_certs } } - if ($prioritize_server_certs) { - $list = array_merge($list, $non_server_list); - } - - return($list); + return(array('server' => $list, 'non-server' => $non_server_list)); } function openvpn_build_bridge_list() { @@ -257,16 +261,19 @@ function openvpn_build_bridge_list() { $serverbridge_interface = array_merge($serverbridge_interface, get_configured_interface_with_descr()); $carplist = get_configured_carp_interface_list(); - foreach ($carplist as $cif => $carpip) + foreach ($carplist as $cif => $carpip) { $serverbridge_interface[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; + } $aliaslist = get_configured_ip_aliases_list(); - foreach ($aliaslist as $aliasip => $aliasif) + foreach ($aliaslist as $aliasip => $aliasif) { $serverbridge_interface[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; + } - foreach ($serverbridge_interface as $iface => $ifacename) + foreach ($serverbridge_interface as $iface => $ifacename) { $list[$iface] = htmlspecialchars($ifacename); + } return($list); } diff --git a/src/etc/inc/pfsense-utils.inc b/src/etc/inc/pfsense-utils.inc index f9049fa..6d6fa54 100644 --- a/src/etc/inc/pfsense-utils.inc +++ b/src/etc/inc/pfsense-utils.inc @@ -408,11 +408,13 @@ function get_carp_interface_status($carpinterface) { global $config; foreach ($config['virtualip']['vip'] as $carp) { - if ($carp['mode'] != "carp") + if ($carp['mode'] != "carp") { continue; + } $carpif = "_vip{$carp['uniqid']}"; - if ($carpinterface !== $carpif) + if ($carpinterface !== $carpif) { continue; + } $interface = get_real_interface($carp['interface']); $vhid = $carp['vhid']; diff --git a/src/etc/inc/pkg-utils.inc b/src/etc/inc/pkg-utils.inc index 81f5b02..0303092 100644 --- a/src/etc/inc/pkg-utils.inc +++ b/src/etc/inc/pkg-utils.inc @@ -192,7 +192,7 @@ function pkg_call($params, $mute = false) { $now = time(); - if(($now - $started) >= $maxwaittime) { + if (($now - $started) >= $maxwaittime) { $rc = -1; proc_terminate($process); break; @@ -204,7 +204,7 @@ function pkg_call($params, $mute = false) { fclose($pipes[2]); proc_close($process); - if(!isset($rc)) { + if (!isset($rc)) { $rc = $status['exitcode']; } @@ -353,7 +353,7 @@ function get_package_id($package_name) { foreach ($config['installedpackages']['package'] as $idx => $pkg) { if ($pkg['name'] == $package_name || - get_package_internal_name($pkg) == $package_name) { + get_package_internal_name($pkg) == $package_name) { return $idx; } } diff --git a/src/etc/inc/rrd.inc b/src/etc/inc/rrd.inc index 1459c93..0aa7152 100644 --- a/src/etc/inc/rrd.inc +++ b/src/etc/inc/rrd.inc @@ -278,7 +278,7 @@ function enable_rrd_graphing() { $captiveportalvalid = $rrdcaptiveportalinterval * 2; $ntpdvalid = $rrdntpdinterval * 2; $dhcpdvalid = $rrddhcpdinterval * 2; - + /* Assume 2*10GigE for now */ $downstream = 2500000000; $upstream = 2500000000; @@ -915,11 +915,11 @@ function enable_rrd_graphing() { } /* End NTP statistics */ - + /* Start dhcpd statistics */ if (is_array($config['dhcpd'])) { foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) { - if (isset($config['dhcpd'][$dhcpif]['statsgraph'])) { + if (isset($config['dhcpd'][$dhcpif]['statsgraph'])) { if (!file_exists("$rrddbpath$dhcpif$dhcpd")) { $rrdcreate = "$rrdtool create $rrddbpath$dhcpif$dhcpd --step $rrddhcpdinterval "; $rrdcreate .= "DS:leases:GAUGE:$dhcpdvalid:0:100000 "; @@ -950,7 +950,7 @@ function enable_rrd_graphing() { $rrdupdatesh .= "# polling leases for dhcp \n"; $rrdupdatesh .= "DHCP=`${php} -q ${dhcpd_gather} '${dhcpif}'`\n"; $rrdupdatesh .= "$rrdtool update $rrddbpath$dhcpif$dhcpd \${DHCP}\n"; - + } } } diff --git a/src/etc/inc/service-utils.inc b/src/etc/inc/service-utils.inc index c97c7c9..f4d355d 100644 --- a/src/etc/inc/service-utils.inc +++ b/src/etc/inc/service-utils.inc @@ -322,7 +322,7 @@ function get_services() { $gateways_arr = return_gateways_array(); if (is_array($gateways_arr)) { $pconfig = array(); - $pconfig['name'] = "apinger"; + $pconfig['name'] = "dpinger"; $pconfig['description'] = gettext("Gateway Monitoring Daemon"); $services[] = $pconfig; } @@ -609,7 +609,7 @@ function service_control_start($name, $extras) { case 'openntpd': system_ntp_configure(); break; - case 'apinger': + case 'dpinger': setup_gateways_monitor(); break; case 'bsnmpd': @@ -678,8 +678,8 @@ function service_control_stop($name, $extras) { case 'openntpd': killbyname("openntpd"); break; - case 'apinger': - killbypid("{$g['varrun_path']}/apinger.pid"); + case 'dpinger': + stop_dpinger(); break; case 'bsnmpd': killbypid("{$g['varrun_path']}/snmpd.pid"); @@ -748,8 +748,7 @@ function service_control_restart($name, $extras) { case 'openntpd': system_ntp_configure(); break; - case 'apinger': - killbypid("{$g['varrun_path']}/apinger.pid"); + case 'dpinger': setup_gateways_monitor(); break; case 'bsnmpd': diff --git a/src/etc/inc/shaper.inc b/src/etc/inc/shaper.inc index e1897a7..160e49c 100644 --- a/src/etc/inc/shaper.inc +++ b/src/etc/inc/shaper.inc @@ -1310,7 +1310,12 @@ class priq_queue { function build_form() { - $sform = new Form(); + $sform = new Form(new Form_Button( + 'Submit', + 'Save' + )); + + $sform->setAction("firewall_shaper.php"); $section = new Form_Section(""); @@ -1323,13 +1328,20 @@ class priq_queue { )); $section->addInput(new Form_Input( - 'name', + 'newname', 'Name', 'text', $this->GetQname() ))->setHelp('Enter the name of the queue here. Do not use spaces and limit the size to 15 characters.'); $section->addInput(new Form_Input( + 'name', + null, + 'hidden', + $this->GetQname() + )); + + $section->addInput(new Form_Input( 'priority', 'Priority', 'number', @@ -1351,7 +1363,8 @@ class priq_queue { 'default', null, null, - $this->GetDefault() + $this->GetDefault(), + 'default' ))->setHelp('Default Queue'); } @@ -1394,14 +1407,21 @@ class priq_queue { $this->GetDescription() )); - $section->addInput(new Form_Input( + $sform->add($section); + + $sform->addGlobal(new Form_Input( 'interface', null, 'hidden', $this->GetInterface() )); - $sform->add($section); + $sform->addGlobal(new Form_Input( + 'name', + null, + 'hidden', + $this->GetQname() + )); return($sform); } @@ -3741,8 +3761,9 @@ EOD; $form .= "<tbody>"; // If there are no bandwidths defined, make a blank one for convenience - if(empty($bandwidth)) + if (empty($bandwidth)) { $bandwidth = array(0 => array('bw' => '', 'bwscale' => 'Kb', 'bwsched' => 'none')); + } if (is_array($bandwidth)) { foreach ($bandwidth as $bwidx => $bw) { @@ -3810,6 +3831,7 @@ EOD; $sform = new Form(); + $sform->setAction("firewall_shaper.php"); $section = new Form_Section('Limiters'); @@ -4132,7 +4154,7 @@ class dnqueue_class extends dummynet_class { $sform = new Form(); - + $sform->setAction("firewall_shaper.php"); $section = new Form_Section('Limiters'); $section->addInput(new Form_Checkbox( @@ -4169,11 +4191,12 @@ class dnqueue_class extends dummynet_class { $bandwidth = $this->GetBandwidth(); // Delete a row - if(isset($_GET['delbwrow']) && (count($bandwidth) > 0)) + if (isset($_GET['delbwrow']) && (count($bandwidth) > 0)) { unset($bandwidth[$_GET['delbwrow']]); + } // Add a row - if($_GET['newbwrow']) { + if ($_GET['newbwrow']) { array_push($bandwidth, array(count($bandwidth) => array('bw' => '', 'burst' => '', 'bwscale' => 'Kb', 'bwsched' => 'none') )); } @@ -4182,7 +4205,7 @@ class dnqueue_class extends dummynet_class { $row = 0; $numrows = count($bandwidth) - 1; - if($numrows >= 0) { + if ($numrows >= 0) { foreach ($bandwidth as $bwidx => $bw) { $group = new Form_Group($row == 0 ? 'Bandwidth':null); @@ -4213,8 +4236,9 @@ class dnqueue_class extends dummynet_class { 'firewall_shaper_vinterface.php?pipe=' . $pipe . '&queue=' . $qname . '&action=' . $action . '&delbwrow=' . $bwidx ))->removeClass('btn-primary')->addClass('btn-danger btn-sm'); - if($row == $numrows) + if ($row == $numrows) { $group->setHelp('Bandwidth is the rate (e.g. Mbit/s) to which traffic in this limiter will be restricted.'); + } $section->add($group); $row++; diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index 645f48d..9cbc534 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -587,7 +587,7 @@ function system_routing_configure($interface = "") { } $gateways_arr = return_gateways_array(false, true); - foreach($gateways_arr as $gateway) { + foreach ($gateways_arr as $gateway) { // setup static interface routes for nonlocal gateways if (isset($gateway["nonlocalgateway"])) { $srgatewayip = $gateway['gateway']; @@ -838,7 +838,7 @@ function system_syslogd_start() { $syslogd_extra = ""; if (isset($syslogcfg)) { - $separatelogfacilities = array('ntp', 'ntpd', 'ntpdate', 'charon', 'ipsec_starter', 'openvpn', 'pptps', 'poes', 'l2tps', 'relayd', 'hostapd', 'dnsmasq', 'filterdns', 'unbound', 'dhcpd', 'dhcrelay', 'dhclient', 'dhcp6c', 'apinger', 'radvd', 'routed', 'olsrd', 'zebra', 'ospfd', 'bgpd', 'miniupnpd', 'filterlog'); + $separatelogfacilities = array('ntp', 'ntpd', 'ntpdate', 'charon', 'ipsec_starter', 'openvpn', 'pptps', 'poes', 'l2tps', 'relayd', 'hostapd', 'dnsmasq', 'filterdns', 'unbound', 'dhcpd', 'dhcrelay', 'dhclient', 'dhcp6c', 'dpinger', 'radvd', 'routed', 'olsrd', 'zebra', 'ospfd', 'bgpd', 'miniupnpd', 'filterlog'); $syslogconf = ""; if ($config['installedpackages']['package']) { foreach ($config['installedpackages']['package'] as $package) { @@ -898,11 +898,11 @@ function system_syslogd_start() { $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*"); } - $syslogconf .= "!apinger\n"; + $syslogconf .= "!dpinger\n"; if (!isset($syslogcfg['disablelocallogging'])) { $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/gateways.log\n"; } - if (isset($syslogcfg['apinger'])) { + if (isset($syslogcfg['dpinger'])) { $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*"); } diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc index a5ed9d1..a7bb6ce 100644 --- a/src/etc/inc/upgrade_config.inc +++ b/src/etc/inc/upgrade_config.inc @@ -4033,7 +4033,7 @@ function upgrade_125_to_126() { /* subtract 2 from ipsec log levels. the value stored in the config.xml * will now match the strongswan level exactly. */ - foreach(array_keys($ipsec_log_cats) as $cat) { + foreach (array_keys($ipsec_log_cats) as $cat) { if (!isset($config['ipsec']["ipsec_{$cat}"])) { $new_level = $def_loglevel; } else { @@ -4121,8 +4121,9 @@ function upgrade_128_to_129() { } /* IPSEC is always on in 2.3. */ - if (isset($config['ipsec']['enable'])) + if (isset($config['ipsec']['enable'])) { unset($config['ipsec']['enable']); + } } function upgrade_129_to_130() { @@ -4141,4 +4142,54 @@ function upgrade_129_to_130() { } } +function upgrade_130_to_131() { + global $config; + + if (isset($config['syslog']['apinger'])) { + $config['syslog']['dpinger'] = true; + unset($config['syslog']['apinger']); + } + + if (isset($config['system']['apinger_debug'])) { + unset($config['system']['apinger_debug']); + } + + if (!isset($config['gateways']['gateway_item']) || + !is_array($config['gateways']['gateway_item'])) { + return; + } + + foreach ($config['gateways']['gateway_item'] as &$gw) { + // dpinger uses milliseconds + if (isset($gw['interval']) && + is_numeric($gw['interval'])) { + $gw['interval'] = $gw['interval'] * 1000; + } + if (isset($gw['down']) && + is_numeric($gw['down'])) { + $gw['loss_interval'] = $gw['down'] * 1000; + unset($gw['down']); + } + + if (isset($gw['avg_delay_samples'])) { + unset($gw['avg_delay_samples']); + } + if (isset($gw['avg_delay_samples_calculated'])) { + unset($gw['avg_delay_samples_calculated']); + } + if (isset($gw['avg_loss_samples'])) { + unset($gw['avg_loss_samples']); + } + if (isset($gw['avg_loss_samples_calculated'])) { + unset($gw['avg_loss_samples_calculated']); + } + if (isset($gw['avg_loss_delay_samples'])) { + unset($gw['avg_loss_delay_samples']); + } + if (isset($gw['avg_loss_delay_samples_calculated'])) { + unset($gw['avg_loss_delay_samples_calculated']); + } + } +} + ?> diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc index 8bf41da..d372be7 100644 --- a/src/etc/inc/util.inc +++ b/src/etc/inc/util.inc @@ -1041,21 +1041,24 @@ function get_configured_carp_interface_list($carpinterface = '', $family = 'inet $iflist = array(); - if (!is_array($config['virtualip']['vip']) || empty($config['virtualip']['vip'])) + if (!is_array($config['virtualip']['vip']) || empty($config['virtualip']['vip'])) { return $iflist; + } $viparr = &$config['virtualip']['vip']; foreach ($viparr as $vip) { - if ($vip['mode'] != "carp") + if ($vip['mode'] != "carp") { continue; + } if (empty($carpinterface)) { $iflist["_vip{$vip['uniqid']}"] = $vip['subnet']; continue; } - if ($carpinterface != "_vip{$vip['uniqid']}") + if ($carpinterface != "_vip{$vip['uniqid']}") { continue; + } switch ($what) { case 'subnet': @@ -1478,8 +1481,9 @@ function mwexec($command, $nologentry = false, $clearsigmask = false, $backgroun // run in foreground, and (optionally) log if nonzero return $outputarray = array(); exec("$command 2>&1", $outputarray, $retval); - if (($retval <> 0) && (!$nologentry || isset($config['system']['developerspew']))) + if (($retval <> 0) && (!$nologentry || isset($config['system']['developerspew']))) { log_error(sprintf(gettext("The command '%1\$s' returned exit code '%2\$d', the output was '%3\$s' "), $command, $retval, implode(" ", $outputarray))); + } } if ($clearsigmask) { @@ -1495,7 +1499,7 @@ function mwexec_bg($command, $clearsigmask = false) { } /* unlink a file, or pattern-match of a file, if it exists - if the file/path contains glob() compatible wildcards, all matching files will be unlinked + if the file/path contains glob() compatible wildcards, all matching files will be unlinked if no matches, no error occurs */ function unlink_if_exists($fn) { $to_do = glob($fn); diff --git a/src/etc/inc/voucher.inc b/src/etc/inc/voucher.inc index 2e0f5f5..97b2403 100644 --- a/src/etc/inc/voucher.inc +++ b/src/etc/inc/voucher.inc @@ -588,8 +588,9 @@ function voucher_configure_zone($sync = false) { $roll = $rollent['number']; $len = ($rollent['count'] >> 3) + 1; - if (strlen(base64_decode($rollent['used'])) != $len) + if (strlen(base64_decode($rollent['used'])) != $len) { $rollent['used'] = base64_encode(str_repeat("\000", $len)); + } voucher_write_used_db($roll, $rollent['used']); $minutes = $rollent['minutes']; $active_vouchers = array(); diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index 0e3d1a2..8769ca1 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -1223,7 +1223,8 @@ EOD; $tunneltype = "type = transport"; if ((($ph1ent['authentication_method'] == "xauth_psk_server") || - ($ph1ent['authentication_method'] == "pre_shared_key")) && isset($ph1ent['mobile'])) { + ($ph1ent['authentication_method'] == "pre_shared_key")) && + isset($ph1ent['mobile'])) { $left_spec = "%any"; } else { $tmpsubnet = ipsec_get_phase1_src($ph1ent); diff --git a/src/etc/login.conf b/src/etc/login.conf index 1e61a9f..98324e2 100644 --- a/src/etc/login.conf +++ b/src/etc/login.conf @@ -35,7 +35,7 @@ default:\ :maxproc=unlimited:\ :sbsize=unlimited:\ :vmemoryuse=unlimited:\ - :idletime=unlimited:\ + :idletime=unlimited:\ :priority=0:\ :ignoretime@:\ :umask=022: @@ -81,7 +81,7 @@ russian|Russian Users Accounts:\ ###################################################################### ## ## Example entries -## +## ###################################################################### ###################################################################### diff --git a/src/etc/phpshellsessions/gitsync b/src/etc/phpshellsessions/gitsync index dceeaa9..3aa072f 100644 --- a/src/etc/phpshellsessions/gitsync +++ b/src/etc/phpshellsessions/gitsync @@ -48,7 +48,7 @@ while (!empty($temp_args)) { switch ($arg) { case "--help": echo "Usage: playback gitsync [options] [[repository] <branch>]\nOptions:\n"; - foreach($valid_args as $arg_name => $arg_desc) { + foreach ($valid_args as $arg_name => $arg_desc) { echo $arg_name . "\n" . $arg_desc; } exit; diff --git a/src/etc/rc.carpbackup b/src/etc/rc.carpbackup index 32cb319..e74ea3c 100755 --- a/src/etc/rc.carpbackup +++ b/src/etc/rc.carpbackup @@ -50,7 +50,7 @@ $friendly_descr = convert_friendly_interface_to_friendly_descr($friendly); $vips = link_interface_to_vips($friendly, '', $vhid); $carp_iface = "{$friendly}_vip{$vhid}"; -if(is_array($vips)) { +if (is_array($vips)) { foreach ($vips as $vip) { $notificationmsg = sprintf('Carp cluster member "(%1$s): (%2$s)" has resumed the state "BACKUP" for vhid %3$s', $argument, $friendly_descr, $vhid); diff --git a/src/etc/rc.gateway_alarm b/src/etc/rc.gateway_alarm new file mode 100755 index 0000000..a1afb65 --- /dev/null +++ b/src/etc/rc.gateway_alarm @@ -0,0 +1,63 @@ +#!/bin/sh +# +# rc.gateway_alarm +# +# Copyright (c) 2015 Electric Sheep Fencing, LLC. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgment: +# "This product includes software developed by the pfSense Project +# for use in the pfSense® software distribution. (http://www.pfsense.org/). +# +# 4. The names "pfSense" and "pfSense Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# coreteam@pfsense.org. +# +# 5. Products derived from this software may not be called "pfSense" +# nor may "pfSense" appear in their names without prior written +# permission of the Electric Sheep Fencing, LLC. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# +# "This product includes software developed by the pfSense Project +# for use in the pfSense software distribution (http://www.pfsense.org/). +# +# THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. + +GW="$1" + +if [ -z "$GW" ]; then + exit 1 +fi + +/usr/local/sbin/pfSctl \ + -c "service reload dyndns ${GW}" \ + -c "service reload ipsecdns" \ + -c "service reload openvpn ${GW}" \ + -c "filter reload" >/dev/null 2>&1 + +exit $? diff --git a/src/etc/rc.initial.defaults b/src/etc/rc.initial.defaults index 40ceaf9..c80a18d 100755 --- a/src/etc/rc.initial.defaults +++ b/src/etc/rc.initial.defaults @@ -36,24 +36,13 @@ $fp = fopen('php://stdin', 'r'); - echo <<<EOD - -You are about to reset the firewall to factory defaults. -The firewall will reboot after resetting the configuration. - -Do you want to proceed [y|n]? -EOD; + echo "\n" . gettext("You are about to reset the firewall to factory defaults."); + echo "\n" . gettext("The firewall will reboot after resetting the configuration."); + echo "\n" . gettext("Do you want to proceed [y|n]?") . " "; if (strcasecmp(chop(fgets($fp)), "y") == 0) { - reset_factory_defaults(); - - echo <<<EOD - -{$g['product_name']} is rebooting now. - -EOD; - + echo "\n" . sprintf(gettext("%s is rebooting now."), $g['product_name']) . "\n"; system_reboot_sync(); } diff --git a/src/etc/rc.initial.halt b/src/etc/rc.initial.halt index df91ded..27377b5 100755 --- a/src/etc/rc.initial.halt +++ b/src/etc/rc.initial.halt @@ -37,21 +37,11 @@ $fp = fopen('php://stdin', 'r'); - echo <<<EOD - -{$g['product_name']} will shutdown and halt system. This may take a few minutes, depending on your hardware. - -Do you want to proceed [y|n]? -EOD; + echo "\n" . sprintf(gettext("%s will shutdown and halt system. This may take a few minutes, depending on your hardware."), $g['product_name']) . "\n"; + echo gettext("Do you want to proceed [y|n]?") . " "; if (strcasecmp(chop(fgets($fp)), "y") == 0) { - - echo <<<EOD - -{$g['product_name']} will shutdown and halt system now. - -EOD; - + echo "\n" . sprintf(gettext("%s will shutdown and halt system now."), $g['product_name']) . "\n"; system_halt(); } diff --git a/src/etc/rc.initial.password b/src/etc/rc.initial.password index 0e13f7c..969745b 100755 --- a/src/etc/rc.initial.password +++ b/src/etc/rc.initial.password @@ -40,14 +40,14 @@ echo "\n" . gettext(' The webConfigurator admin password and privileges will be reset to the default (which is "' . strtolower($g['product_name']) . '").') . "\n" . - gettext('Do you want to proceed [y|n]?'); + gettext('Do you want to proceed [y|n]?') . " "; if (strcasecmp(chop(fgets($fp)), "y") == 0) { if (isset($config['system']['webgui']['authmode']) && - $config['system']['webgui']['authmode'] != "Local Database") { + $config['system']['webgui']['authmode'] != "Local Database") { echo "\n" . gettext(' The User manager authentication server is set to "' . $config['system']['webgui']['authmode'] . '".') . "\n" . - gettext('Do you want to set it back to Local Database [y|n]?'); + gettext('Do you want to set it back to Local Database [y|n]?') . " "; if (strcasecmp(chop(fgets($fp)), "y") == 0) { $config['system']['webgui']['authmode'] = "Local Database"; } @@ -76,7 +76,7 @@ The User manager authentication server is set to "' . $config['system']['webgui' write_config(gettext("password changed from console menu")); echo "\n" . gettext(' -The password for the webConfigurator has been reset and +The password for the webConfigurator has been reset and the default username has been set to "admin".') . "\n" . gettext(' Remember to set the password to something else than diff --git a/src/etc/rc.initial.reboot b/src/etc/rc.initial.reboot index 6f70407..fdcc480 100755 --- a/src/etc/rc.initial.reboot +++ b/src/etc/rc.initial.reboot @@ -37,21 +37,11 @@ $fp = fopen('php://stdin', 'r'); - echo <<<EOD - -{$g['product_name']} will reboot. This may take a few minutes, depending on your hardware. - -Do you want to proceed [y|n]? -EOD; + echo "\n" . sprintf(gettext("%s will reboot. This may take a few minutes, depending on your hardware."), $g['product_name']) . "\n"; + echo gettext("Do you want to proceed [y|n]?") . " "; if (strcasecmp(chop(fgets($fp)), "y") == 0) { - - echo <<<EOD - -{$g['product_name']} is rebooting now. - -EOD; - + echo "\n" . sprintf(gettext("%s is rebooting now."), $g['product_name']) . "\n"; system_reboot_sync(); } diff --git a/src/etc/rc.newwanip b/src/etc/rc.newwanip index ea44b81..45cef96 100755 --- a/src/etc/rc.newwanip +++ b/src/etc/rc.newwanip @@ -216,8 +216,8 @@ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interface /* * Some services (e.g. dyndns, see ticket #4066) depend on * filter_configure() to be called before, otherwise pass out - * route-to rules have the old ip set in 'from' and connection - * do not go through correct link + * route-to rules have the old ip set in 'from' and connections + * do not go through the correct link */ filter_configure_sync(); diff --git a/src/etc/rc.openvpn b/src/etc/rc.openvpn index cda8067..790f9c8 100755 --- a/src/etc/rc.openvpn +++ b/src/etc/rc.openvpn @@ -76,7 +76,7 @@ if (isset($_GET['interface'])) { } if ((is_array($config['openvpn']['openvpn-server']) && count($config['openvpn']['openvpn-server'])) || - (is_array($config['openvpn']['openvpn-client']) && count($config['openvpn']['openvpn-client']))) { + (is_array($config['openvpn']['openvpn-client']) && count($config['openvpn']['openvpn-client']))) { if (empty($argument) || $argument == "all") { $argument = "all"; $log_text = "all"; diff --git a/src/etc/rc.packages b/src/etc/rc.packages index 643ee85..f4ec045 100755 --- a/src/etc/rc.packages +++ b/src/etc/rc.packages @@ -73,15 +73,15 @@ if ($pkg == '' || $when == '') { pkg_remove_prefix($pkg); switch ($when) { -case "post-install": - install_package_xml($pkg); - break; -case "deinstall": -case "post-deinstall": - delete_package_xml($pkg, $when); - break; -default: - usage(); + case "post-install": + install_package_xml($pkg); + break; + case "deinstall": + case "post-deinstall": + delete_package_xml($pkg, $when); + break; + default: + usage(); } ?> diff --git a/src/etc/services b/src/etc/services index 1f85da0..6687559 100644 --- a/src/etc/services +++ b/src/etc/services @@ -134,7 +134,7 @@ bootpc 68/tcp dhcpc #Bootstrap Protocol Client bootpc 68/udp dhcpc #Bootstrap Protocol Client tftp 69/tcp #Trivial File Transfer tftp 69/udp #Trivial File Transfer -tftp-proxy 6969/udp +tftp-proxy 6969/udp gopher 70/tcp gopher 70/udp netrjs-1 71/tcp #Remote Job Service diff --git a/src/etc/sshd b/src/etc/sshd index 05ddb63..2e59824 100755 --- a/src/etc/sshd +++ b/src/etc/sshd @@ -163,7 +163,7 @@ $generate_keys = array(); foreach ($keys as $key) { if (!file_exists("{$sshConfigDir}/ssh_host_{$key['suffix']}key") || - !file_exists("{$sshConfigDir}/ssh_host_{$key['suffix']}key.pub")) { + !file_exists("{$sshConfigDir}/ssh_host_{$key['suffix']}key.pub")) { $generate_keys[] = $key; } } diff --git a/src/etc/ssl/openssl.cnf b/src/etc/ssl/openssl.cnf index 41664e6..3ea2df5 100644 --- a/src/etc/ssl/openssl.cnf +++ b/src/etc/ssl/openssl.cnf @@ -275,7 +275,7 @@ authorityKeyIdentifier=keyid:always,issuer:always # So we do this instead. basicConstraints = CA:true -# Key usage: this is typical for a CA certificate. +# Key usage: this is typical for a CA certificate. keyUsage = cRLSign, keyCertSign # Some might want this also |