From a26d95383a6146734f67c9db21cd83534052843a Mon Sep 17 00:00:00 2001 From: Andrew Thompson Date: Wed, 17 Aug 2011 14:07:20 +1200 Subject: Make initial changes to allow pfSense to work in a jail. This mostly avoids starting things that will not work and gets the initial config. Most of the pfSense functionality will not work (pf rules, routing, etc) but it can be used for testing. --- etc/inc/filter.inc | 2 ++ etc/inc/interfaces.inc | 7 +++++++ etc/inc/openvpn.inc | 4 +++- etc/inc/services.inc | 6 ++++-- etc/inc/system.inc | 11 ++++++++++ etc/inc/util.inc | 18 +++++++++++----- etc/inc/vpn.inc | 7 +++++++ etc/rc | 56 +++++++++++++++++++++++++++++--------------------- etc/rc.bootup | 55 ++++++++++++++++++++++++++++++++++++------------- etc/rc.initial | 4 ++++ usr/local/bin/beep.sh | 10 +++++---- 11 files changed, 131 insertions(+), 49 deletions(-) diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 7775d2f..db706ff 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -118,6 +118,8 @@ function filter_load_ipfw() { function filter_pflog_start() { global $config, $g; + if ($g['platform'] == 'jail') + return; if(isset($config['system']['developerspew'])) { $mt = microtime(); echo "filter_pflog_start() being called $mt\n"; diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 679e347..0e333fb 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -204,6 +204,10 @@ This block of code is only entered for OPTx interfaces that are configured for P } function interfaces_loopback_configure() { + global $g; + + if ($g['platform'] == 'jail') + return; if($g['booting']) echo "Configuring loopback interface..."; pfSense_interface_setaddress("lo0", "127.0.0.1"); @@ -853,6 +857,9 @@ function interface_gif_configure(&$gif, $gifkey = "") { function interfaces_configure() { global $config, $g; + if ($g['platform'] == 'jail') + return; + /* Set up our loopback interface */ interfaces_loopback_configure(); diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 285a65f..5925ff2 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -701,6 +701,8 @@ function openvpn_resync($mode, $settings) { function openvpn_resync_all($interface = "") { global $g, $config; + if ($g['platform'] == 'jail') + return; // delay our setup until the system // has a chance to init our paths if (!file_exists($g['varetc_path']."/openvpn") || @@ -980,4 +982,4 @@ function openvpn_refresh_crls() { } } -?> \ No newline at end of file +?> diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 2644aae..f1aae37 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -42,7 +42,7 @@ function services_dhcpd_configure() { global $config, $g; - if($g['services_dhcp_server_enable'] == false) + if ($g['platform'] == 'jail' || $g['services_dhcp_server_enable'] == false) return; if(isset($config['system']['developerspew'])) { @@ -454,6 +454,8 @@ EOD; function services_dhcrelay_configure() { global $config, $g; + if ($g['platform'] == 'jail') + return; if(isset($config['system']['developerspew'])) { $mt = microtime(); echo "services_dhcrelay_configure() being called $mt\n"; @@ -943,7 +945,7 @@ EOD; function setup_wireless_olsr() { global $config, $g; - if(!$config['installedpackages']['olsrd'] || !$config['installedpackages']) + if ($g['platform'] == 'jail' || !$config['installedpackages']['olsrd'] || !$config['installedpackages']) return; if(isset($config['system']['developerspew'])) { $mt = microtime(); diff --git a/etc/inc/system.inc b/etc/inc/system.inc index cdf8b83..67505c4 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -40,6 +40,8 @@ function activate_powerd() { global $config, $g; + if ($g['platform'] == 'jail') + return; if(isset($config['system']['powerd_enable'])) { if ($g["platform"] == "nanobsd") exec("/sbin/kldload cpufreq"); @@ -59,6 +61,8 @@ function get_default_sysctl_value($id) { function activate_sysctls() { global $config, $g; + if ($g['platform'] == 'jail') + return; exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000001"); exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x00000001"); exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000002"); @@ -285,6 +289,8 @@ function system_hosts_generate() { function system_dhcpleases_configure() { global $config, $g; + if ($g['platform'] == 'jail') + return; /* Start the monitoring process for dynamic dhcpclients. */ if (isset($config['dnsmasq']['regdhcp'])) { /* Make sure we do not error out */ @@ -320,6 +326,8 @@ function system_hostname_configure() { function system_routing_configure($interface = "") { global $config, $g; + if ($g['platform'] == 'jail') + return; if(isset($config['system']['developerspew'])) { $mt = microtime(); echo "system_routing_configure() being called $mt\n"; @@ -1153,6 +1161,9 @@ function system_timezone_configure() { function system_ntp_configure() { global $config, $g; + if ($g['platform'] == 'jail') + return; + $ntpcfg = "# \n"; $ntpcfg .= "# pfSense OpenNTPD configuration file \n"; $ntpcfg .= "# \n\n"; diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 96a48c72..2592b84 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -1217,8 +1217,11 @@ function mute_kernel_msgs() { global $config; // Do not mute serial console. The kernel gets very very cranky // and will start dishing you cannot control tty errors. - if(trim(file_get_contents("/etc/platform")) == "nanobsd") - return; + switch (trim(file_get_contents("/etc/platform"))) { + case "nanobsd": + case "jail": + return; + } if($config['system']['enableserial']) return; exec("/sbin/conscontrol mute on"); @@ -1228,14 +1231,19 @@ function unmute_kernel_msgs() { global $config; // Do not mute serial console. The kernel gets very very cranky // and will start dishing you cannot control tty errors. - if(trim(file_get_contents("/etc/platform")) == "nanobsd") - return; + switch (trim(file_get_contents("/etc/platform"))) { + case "nanobsd": + case "jail": + return; + } exec("/sbin/conscontrol mute off"); } function start_devd() { global $g; + if ($g['platform'] == 'jail') + return; exec("/sbin/devd"); sleep(1); } @@ -1502,4 +1510,4 @@ function array_merge_recursive_unique($array0, $array1) { return $result; } -?> \ No newline at end of file +?> diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 4baa9b0..def8345 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -82,6 +82,8 @@ function vpn_ipsec_configure($ipchg = false) { global $config, $g, $sa, $sn, $p1_ealgos, $p2_ealgos; + if ($g['platform'] == 'jail') + return; /* get the automatic ping_hosts.sh ready */ unlink_if_exists("{$g['vardb_path']}/ipsecpinghosts"); touch("{$g['vardb_path']}/ipsecpinghosts"); @@ -956,6 +958,11 @@ function vpn_ipsec_force_reload() { /* master setup for vpn (mpd) */ function vpn_setup() { + global $g; + + if ($g['platform'] == 'jail') + return; + /* start pptpd */ vpn_pptpd_configure(); diff --git a/etc/rc b/etc/rc index 0070dff..d8fc9a5 100755 --- a/etc/rc +++ b/etc/rc @@ -80,12 +80,14 @@ if [ ! "$PLATFORM" = "cdrom" ] ; then fi fi -# Check to see if a compact flash mountpoint exists -# If it fails to mount then run a fsck -fy -if grep -q cf /etc/fstab; then - /sbin/mount -w /cf 2>/dev/null - /sbin/mount -uw /cf || \ - (/sbin/umount /cf; /sbin/fsck -fy /cf; /sbin/mount -w /cf) +if [ ! "$PLATFORM" = "jail" ]; then + # Check to see if a compact flash mountpoint exists + # If it fails to mount then run a fsck -fy + if grep -q cf /etc/fstab; then + /sbin/mount -w /cf 2>/dev/null + /sbin/mount -uw /cf || \ + (/sbin/umount /cf; /sbin/fsck -fy /cf; /sbin/mount -w /cf) + fi fi # sync pw database after mount. @@ -109,8 +111,10 @@ echo echo "Welcome to ${product} ${version} ${platformbanner} ..." echo -# Enable console output if its muted. -/sbin/conscontrol mute off >/dev/null +if [ ! "$PLATFORM" = "jail" ]; then + # Enable console output if its muted. + /sbin/conscontrol mute off >/dev/null +fi if [ "$PLATFORM" = "cdrom" ] ; then # do nothing for cdrom platform @@ -121,6 +125,8 @@ elif [ "$PLATFORM" = "nanobsd" ] ; then /bin/mkdir -p /root/var/db/pkg /bin/rm -rf /var/db/pkg /bin/ln -s /root/var/db/pkg/ /var/db/pkg +elif [ "$PLATFORM" = "jail" ]; then + # do nothing for jail platform else SWAPDEVICE=`/bin/cat /etc/fstab | /usr/bin/grep swap | /usr/bin/cut -f1` /sbin/swapon -a 2>/dev/null >/dev/null @@ -302,9 +308,11 @@ fi /bin/chmod 0600 /var/log/*.log echo -n "." -DEVFS=`/sbin/mount | /usr/bin/grep devfs | /usr/bin/wc -l | /usr/bin/cut -d" " -f8` -if [ "$DEVFS" = "0" ]; then - mount_devfs devfs /dev +if [ ! "$PLATFORM" = "jail" ]; then + DEVFS=`/sbin/mount | /usr/bin/grep devfs | /usr/bin/wc -l | /usr/bin/cut -d" " -f8` + if [ "$DEVFS" = "0" ]; then + mount_devfs devfs /dev + fi fi # Create an initial utmp file @@ -318,18 +326,20 @@ if [ -f /etc/rc.conf ]; then /bin/rm -rf /etc/rc.conf fi -# Launching kbdmux(4) -if [ -f "/dev/kbdmux0" ]; then - echo -n "." - /usr/sbin/kbdcontrol -k /dev/kbdmux0 < /dev/console - [ -c "/dev/atkbd0" ] && kbdcontrol -a atkbd0 < /dev/console - [ -c "/dev/ukbd0" ] && kbdcontrol -a ukbd0 < /dev/console -fi +if [ ! "$PLATFORM" = "jail" ]; then + # Launching kbdmux(4) + if [ -f "/dev/kbdmux0" ]; then + echo -n "." + /usr/sbin/kbdcontrol -k /dev/kbdmux0 < /dev/console + [ -c "/dev/atkbd0" ] && kbdcontrol -a atkbd0 < /dev/console + [ -c "/dev/ukbd0" ] && kbdcontrol -a ukbd0 < /dev/console + fi -# Fire up unionfs if mount points exist. -if [ -f /dist/uniondirs ]; then - echo -n "." - /etc/rc.d/unionfs start + # Fire up unionfs if mount points exist. + if [ -f /dist/uniondirs ]; then + echo -n "." + /etc/rc.d/unionfs start + fi fi echo "done." @@ -411,6 +421,6 @@ echo "Bootup complete" /usr/local/bin/beep.sh start 2>&1 >/dev/null # Reset the cache. read-only requires this. -/bin/rm /tmp/config.cache +/bin/rm -f /tmp/config.cache exit 0 diff --git a/etc/rc.bootup b/etc/rc.bootup index c1749cf..e224519 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -157,21 +157,48 @@ echo "Loading configuration..."; parse_config_bootup(); echo "done.\n"; -/* - * Determine if we need to throw a interface exception - * and ask the user to reassign interfaces. This will - * avoid a reboot and thats a good thing. - */ -while(is_interface_mismatch() == true) { - led_assigninterfaces(); - echo "\nNetwork interface mismatch -- Running interface assignment option.\n"; - $ifaces = get_interface_list(); - if (is_array($ifaces)) { - foreach($ifaces as $iface => $ifdata) - interfaces_bring_up($iface); +if($g['platform'] == "jail") { + /* We must determine what network settings have been configured for us */ + $wanif = "lo0"; /* defaults, if the jail admin hasn't set us up */ + $ipaddr = "127.0.0.1"; + $iflist = get_interface_list(); + foreach ($iflist as $iface => $ifa) { + if (isset($ifa['ipaddr'])) { + $wanif = $iface; + $ipaddr = $ifa['ipaddr']; + break; + } + } + $config['interfaces'] = array(); + $config['interfaces']['lan'] = array(); + $config['interfaces']['lan']['enable'] = false; + $config['interfaces']['wan'] = array(); + /* XXX, todo */ + $config['interfaces']['wan']['if'] = $wanif; + $config['interfaces']['wan']['ipaddr'] = $ipaddr; + $config['interfaces']['wan']['subnet'] = "32"; /* XXX right? */ + $config['interfaces']['wan']['enable'] = true; + if($config['dhcpd']['lan']) + unset($config['dhcpd']['lan']['enable']); + unlink_if_exists('/conf/trigger_initial_wizard'); + write_config(); +} else { + /* + * Determine if we need to throw a interface exception + * and ask the user to reassign interfaces. This will + * avoid a reboot and thats a good thing. + */ + while(is_interface_mismatch() == true) { + led_assigninterfaces(); + echo "\nNetwork interface mismatch -- Running interface assignment option.\n"; + $ifaces = get_interface_list(); + if (is_array($ifaces)) { + foreach($ifaces as $iface => $ifdata) + interfaces_bring_up($iface); + } + set_networking_interfaces_ports(); + led_kitt(); } - set_networking_interfaces_ports(); - led_kitt(); } /* convert config and clean backups */ diff --git a/etc/rc.initial b/etc/rc.initial index 9f2de7a..ef636b4 100755 --- a/etc/rc.initial +++ b/etc/rc.initial @@ -44,6 +44,10 @@ WORD="https" # Set our operating platform PLATFORM=`cat /etc/platform` +if [ "$PLATFORM" = "jail" ]; then + exit +fi + # endless loop while : ; do diff --git a/usr/local/bin/beep.sh b/usr/local/bin/beep.sh index febb222..6f4e477 100755 --- a/usr/local/bin/beep.sh +++ b/usr/local/bin/beep.sh @@ -9,9 +9,11 @@ if [ "$PFSENSETYPE" = "embedded" ]; then fi # this is super annoying in VMware, exit if in VMware -VMWCOUNT=`/usr/bin/grep -c VMware /var/log/dmesg.boot` -if [ $VMWCOUNT -gt 0 ]; then - exit; +if [ -f /var/log/dmesg.boot ]; then + VMWCOUNT=`/usr/bin/grep -c VMware /var/log/dmesg.boot` + if [ $VMWCOUNT -gt 0 ]; then + exit; + fi fi # Check for different HZ @@ -37,4 +39,4 @@ if [ -c "/dev/speaker" ]; then /usr/local/bin/beep -p 400 $NOTELENGTH /usr/local/bin/beep -p 400 $NOTELENGTH fi -fi \ No newline at end of file +fi -- cgit v1.1