From 5fe3b65184ff67709c9b7b8b8712301664b2bb73 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 25 Jun 2010 10:46:19 -0400
Subject: Validate MTU in setup wizard. Ticket #464

---
 usr/local/www/wizards/setup_wizard.xml | 11 +++++++++++
 1 file changed, 11 insertions(+)
diff --git a/usr/local/www/wizards/setup_wizard.xml b/usr/local/www/wizards/setup_wizard.xml
index 64ffef1..485b2d2 100644
--- a/usr/local/www/wizards/setup_wizard.xml
+++ b/usr/local/www/wizards/setup_wizard.xml
@@ -328,6 +328,16 @@
 			<type>submit</type>
 		</field>
 	</fields>
+	<stepsubmitphpaction>
+		<![CDATA[
+		if(!empty($_POST['mtu'])) {
+			if($_POST['mtu'] < 576) {
+				print_info_box_np("MTU Must be at least 576 (Per RFC 791). Please press back in your browser window and correct.");
+				die;
+			}
+		}
+		]]>
+	</stepsubmitphpaction>
 	<stepsubmitbeforesave>
 		<![CDATA[
 			if($_POST['selectedtype'] == "Static") { 
@@ -428,3 +438,4 @@
 	</stepafterformdisplay>
 </step>
 </pfsensewizard>
+ 
\ No newline at end of file
-- 
cgit v1.1


From 618e43ca4f4e6f36bcfd7c0ecc32c8d6cebfb5ad Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 25 Jun 2010 11:15:52 -0400
Subject: Do some more strict validation on hostname, domain, and DNS servers.
 Ticket #464

---
 usr/local/www/wizards/setup_wizard.xml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/usr/local/www/wizards/setup_wizard.xml b/usr/local/www/wizards/setup_wizard.xml
index 485b2d2..5d08501 100644
--- a/usr/local/www/wizards/setup_wizard.xml
+++ b/usr/local/www/wizards/setup_wizard.xml
@@ -59,6 +59,8 @@
 			<type>input</type>
 			<bindstofield>system->hostname</bindstofield>
 			<description>EXAMPLE: myserver</description>
+			<validate>^[a-z0-9.|-]+$</validate>
+			<message>Invalid Hostname</message>
 		</field>
 		<field>
 			<name>Domain</name>
@@ -75,12 +77,16 @@
 			<!-- we must unset the fields because this is an array. -->
 			<unsetfield>yes</unsetfield>
 			<arraynum>0</arraynum>
+			<validate>^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$</validate>
+			<message>Primary DNS Server field is invalid</message>
 		</field>
 		<field>
 			<name>Secondary DNS Server</name>
 			<type>input</type>
 			<bindstofield>system->dnsserver</bindstofield>
 			<arraynum>1</arraynum>
+			<validate>^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$</validate>
+			<message>Secondary DNS Server field is invalid</message>
 		</field>
 		<field>
 			<name>Override DNS</name>
@@ -93,6 +99,26 @@
 			<type>submit</type>
 		</field>
 	</fields>
+	<stepsubmitphpaction>
+		<![CDATA[
+		if(empty($_POST['hostname']) || !is_hostname($_POST['hostname'])) {
+			print_info_box_np("Hostname is invalid. Please press back in your browser window and correct.");
+			die;
+		}
+		if(empty($_POST['domain']) || !is_domain($_POST['domain'])) {
+			print_info_box_np("Domain is invalid. Please press back in your browser window and correct.");
+			die;
+		}
+		if(!empty($_POST['primarydnsserver']) && !is_ipaddr($_POST['primarydnsserver'])) {
+			print_info_box_np("Primary DNS server is invalid. Please press back in your browser window and correct.");
+			die;
+		}
+		if(!empty($_POST['secondarydnsserver']) && !is_ipaddr($_POST['secondarydnsserver'])) {
+			print_info_box_np("Second DNS server is invalid. Please press back in your browser window and correct.");
+			die;
+		}
+		]]>
+	</stepsubmitphpaction>
 </step>
 <step>
 	<id>3</id>
-- 
cgit v1.1


From ce6b39f25d512d41ea8b2d83f3a50ed5182438e0 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 25 Jun 2010 11:21:56 -0400
Subject: Hide GMZ offset zones in setup wizard. Ticket #464

---
 usr/local/www/wizard.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/usr/local/www/wizard.php b/usr/local/www/wizard.php
index a59e83d..5ba3ff8 100755
--- a/usr/local/www/wizard.php
+++ b/usr/local/www/wizard.php
@@ -697,6 +697,8 @@ function showchange() {
 				echo "<td class=\"vtable\">";
 			echo "<select class='formselect' name='{$name}'>\n";
 			foreach ($timezonelist as $tz) {
+				if(strstr($tz, "GMT"))
+					continue;
 				$SELECTED = "";
 				if ($value == $tz) $SELECTED = " SELECTED";
 				echo "<option value='" . htmlspecialchars($tz) . "' {$SELECTED}>";
-- 
cgit v1.1


From 85ee0940ac9774cffe066e15249fde1edaa8f812 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 25 Jun 2010 12:12:17 -0400
Subject: Do more strict validation on WAN setup fields. Ticket #464

---
 usr/local/www/wizards/setup_wizard.xml | 47 +++++++++++++++++++++++++++++-----
 1 file changed, 41 insertions(+), 6 deletions(-)

diff --git a/usr/local/www/wizards/setup_wizard.xml b/usr/local/www/wizards/setup_wizard.xml
index 5d08501..b6300fd 100644
--- a/usr/local/www/wizards/setup_wizard.xml
+++ b/usr/local/www/wizards/setup_wizard.xml
@@ -206,6 +206,8 @@
 			<bindstofield>interfaces->wan->spoofmac</bindstofield>
 			<type>input</type>
 			<description> This field can be used to modify ("spoof") the MAC address of the WAN interface (may be required with some cable connections). Enter a MAC address in the following format: xx:xx:xx:xx:xx:xx or leave blank.</description>
+			<validate>^([0-9a-f]{2}([:-]||$)){6}$</validate>
+			<message>MAC Address field is invalid</message>
 		</field>
 		<field>
 			<donotdisable>true</donotdisable>
@@ -224,6 +226,8 @@
 			<type>input</type>
 			<typehint> / </typehint>
 			<combinefieldsbegin>true</combinefieldsbegin>
+			<validate>^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$</validate>
+			<message>IP Address field is invalid</message>
 		</field>
 		<field>
 			<combinefieldsend>true</combinefieldsend>
@@ -237,6 +241,8 @@
 			<name>Gateway</name>
 			<bindstofield>interfaces->wan->gateway</bindstofield>
 			<type>input</type>
+			<validate>^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$</validate>
+			<message>Gateway IP Address field is invalid</message>
 		</field>
 		<field>
 			<name>DHCP client configuration</name>
@@ -298,6 +304,8 @@
 			<type>input</type>
 			<typehint> / </typehint>
 			<bindstofield>pptp->local</bindstofield>
+			<validate>^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$</validate>
+			<message>PPTP Local IP Address field is invalid</message>
 		</field>
 		<field>
 			<combinefieldsend>true</combinefieldsend>
@@ -311,6 +319,8 @@
 			<name>PPTP Remote IP Address</name>
 			<bindstofield>pptp->remote</bindstofield>
 			<type>input</type>
+			<validate>^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$</validate>
+			<message>PPTP Remote IP Address field is invalid</message>
 		</field>
 		<field>
 			<name>PPTP Dial on demand</name>
@@ -356,11 +366,29 @@
 	</fields>
 	<stepsubmitphpaction>
 		<![CDATA[
-		if(!empty($_POST['mtu'])) {
-			if($_POST['mtu'] < 576) {
-				print_info_box_np("MTU Must be at least 576 (Per RFC 791). Please press back in your browser window and correct.");
-				die;
-			}
+		if(!empty($_POST['mtu']) && ($_POST['mtu'] < 576)) {
+			print_info_box_np("MTU Must be at least 576 (Per RFC 791). Please press back in your browser window and correct.");
+			die;
+		}
+		if(!empty($_POST['macaddress']) && !is_macaddr($_POST['macaddress'])) {
+			print_info_box_np("Invalid MAC Address. Please press back in your browser window and correct.");
+			die;
+		}
+		if(!empty($_POST['ipaddress']) && ($_POST['selectedtype'] == "Static") && (!is_ipaddr($_POST['ipaddress']))) {
+			print_info_box_np("Invalid WAN IP Address. Please press back in your browser window and correct.");
+			die;
+		}
+		if(!empty($_POST['dhcphostname']) && !is_hostname($_POST['dhcphostname'])) {
+			print_info_box_np("Invalid DHCP Hostname. Please press back in your browser window and correct.");
+			die;
+		}
+		if(!empty($_POST['pptplocalipaddress']) && !is_ipaddr($_POST['pptplocalipaddress'])) {
+			print_info_box_np("Invalid PPTP Local IP Address. Please press back in your browser window and correct.");
+			die;
+		}
+		if(!empty($_POST['pptpremoteipaddress']) && !is_ipaddr($_POST['pptpremoteipaddress'])) {
+			print_info_box_np("Invalid PPTP Remopte IP Address. Please press back in your browser window and correct.");
+			die;
 		}
 		]]>
 	</stepsubmitphpaction>
@@ -388,6 +416,8 @@
 			<type>input</type>
 			<bindstofield>interfaces->lan->ipaddr</bindstofield>
 			<description>Type dhcp if this interface uses DHCP to obtain its IP address.</description>
+			<validate>^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$</validate>
+			<message>LAN IP Address field is invalid</message>
 		</field>
 				<field>
 			<name>Subnet Mask</name>
@@ -400,6 +430,11 @@
 		</field>
 	</fields>
 	<stepsubmitphpaction>
+		<![CDATA[
+		if(empty($_POST['lanipaddress']) || !is_ipaddr($_POST['lanipaddress'])) {
+			print_info_box_np("Invalid LAN IP Address. Please press back in your browser window and correct.");
+			die;
+		}
 		$ft = split("\.", $_POST['lanipaddress']);
 		$ft_ip = $ft[0] . "." . $ft[1] . "." . $ft[2] . ".";
 		$config['dhcpd']['lan']['range']['from'] = $ft_ip . "10";
@@ -407,6 +442,7 @@
 		$hi = split("\.", $highestip);
 		$highestip = $hi[3]-10;
 		$config['dhcpd']['lan']['range']['to'] = $ft_ip . $highestip;
+		]]>
 	</stepsubmitphpaction>
 </step>
 <step>
@@ -464,4 +500,3 @@
 	</stepafterformdisplay>
 </step>
 </pfsensewizard>
- 
\ No newline at end of file
-- 
cgit v1.1


From ff93a5c1460e5c48f10fe92587ff2913eff8450a Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 25 Jun 2010 12:17:09 -0400
Subject: Validate time server. Should be the last thing that fixes #464

---
 usr/local/www/wizards/setup_wizard.xml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/usr/local/www/wizards/setup_wizard.xml b/usr/local/www/wizards/setup_wizard.xml
index b6300fd..d0ef4b3 100644
--- a/usr/local/www/wizards/setup_wizard.xml
+++ b/usr/local/www/wizards/setup_wizard.xml
@@ -130,6 +130,8 @@
 			<description>Enter the hostname (FQDN) of the time server.</description>
 			<type>input</type>
 			<bindstofield>system->timeservers</bindstofield>
+			<validate>^[a-z0-9.|-]+$</validate>
+			<message>Invalid Time Server Field</message>
 		</field>
 		<field>
 			<name>Timezone</name>
@@ -141,6 +143,14 @@
 			<type>submit</type>
 		</field>
 	</fields>
+	<stepsubmitphpaction>
+		<![CDATA[
+		if(!empty($_POST['timeserverhostname']) && !(is_hostname($_POST['timeserverhostname']) || is_ipaddr($_POST['timeserverhostname']))) {
+			print_info_box_np("Invalid Time Server. Please press back in your browser window and correct.");
+			die;
+		}
+		]]>
+	</stepsubmitphpaction>
 </step>
 <step>
 	<id>4</id>
-- 
cgit v1.1


From dabc76691966f00a20081b7731b2c5816f066536 Mon Sep 17 00:00:00 2001
From: Erik Fonnesbeck <efonnes@gmail.com>
Date: Fri, 25 Jun 2010 10:22:45 -0600
Subject: Check for tcp/udp in the protocol specified for outbound NAT rules,
 since tcp/udp itself is not a valid protocol choice in pf. Fixes #696

---
 etc/inc/filter.inc | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index c3a8cd2..0a6f39e 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1011,9 +1011,12 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "
 			$tgt = "($if)";
 	}
 	/* Add the protocol, if defined */
-	if (!empty($proto) && $proto != "any")
-		$protocol = " proto {$proto}";
-	else
+	if (!empty($proto) && $proto != "any") {
+		if ($proto == "tcp/udp")
+			$protocol = " proto { tcp udp }";
+		else
+			$protocol = " proto {$proto}";
+	} else
 		$protocol = "";
 	/* Add the hard set source port (useful for ISAKMP) */
 	if($natport != "")
-- 
cgit v1.1


From 4c9a23db7df40aa1b60a17d205fc7faa11f62257 Mon Sep 17 00:00:00 2001
From: Erik Fonnesbeck <efonnes@gmail.com>
Date: Fri, 25 Jun 2010 10:36:33 -0600
Subject: Label for 1:1 NAT reflection rules in rules.debug.

---
 etc/inc/filter.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 0a6f39e..fe7c047 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1426,7 +1426,7 @@ EOD;
 	$natrules .= "rdr-anchor \"miniupnpd\"\n";
 
 	if(!empty($reflection_txt))
-		$natrules .= "\n" . $reflection_txt;
+		$natrules .= "\n# Reflection redirects and NAT for 1:1 mappings\n" . $reflection_txt;
 
 	return $natrules;
 }
-- 
cgit v1.1


From 2708e3997d81f8a755d6b6a31247c2c120b4b4de Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 25 Jun 2010 13:08:09 -0400
Subject: Remove some redundant code and make sure admin's home directory is
 /root - Fixes #218

---
 etc/inc/auth.inc | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index 3a72db9..4f97f24 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -269,9 +269,9 @@ function local_user_set(& $user) {
 		fwrite($fd, $user['password']);
 		pclose($fd);
 		$user_group = "wheel";
+		$user_home = "/root";
 	}
 
-
 	/* read from pw db */
 	$fd = popen("/usr/sbin/pw usershow {$user_name} 2>&1", "r");
 	$pwread = fgets($fd);
@@ -295,18 +295,6 @@ function local_user_set(& $user) {
 	fwrite($fd, $user['password']);
 	pclose($fd);
 
-
-	/* admin user special handling */
-	if ($user_uid == 0) {
-		$cmd = "/usr/sbin/pw usermod -q -n {$user_name} -s /etc/rc.initial -H 0";
-		if($debug)
-			log_error("Running: {$cmd}");
-		$fd = popen($cmd, "w");
-		fwrite($fd, $user['password']);
-		pclose($fd);
-		$user_group = "wheel";
-	}
-
 	/* create user directory if required */
 	if (!is_dir($user_home)) {
 		mkdir($user_home, 0700);
-- 
cgit v1.1


From 8339ab6d6939f873a40845a02b9029ff02dc6b19 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 25 Jun 2010 14:38:03 -0400
Subject: Prevent the GUI from adding a user that already exists in /etc/passwd
 (root, operator, daemon, etc)

---
 usr/local/www/system_usermanager.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php
index 058046a..b0ecd8f 100644
--- a/usr/local/www/system_usermanager.php
+++ b/usr/local/www/system_usermanager.php
@@ -215,6 +215,14 @@ if (isAllowedPage("system_usermanager")) {
 					break;
 				}
 			}
+			$system_users = explode("\n", file_get_contents("/etc/passwd"));
+			foreach ($system_users as $s_user) {
+				$ent = explode(":", $s_user);
+				if ($ent[0] ==  $_POST['usernamefld']) {
+					$input_errors[] = gettext("That username already exists or is reserved by the system.");
+					break;
+				}
+			}
 		}
 
 		/*
-- 
cgit v1.1


From 3dec33d454ad5b8146b092e927385cc2bd2c14d4 Mon Sep 17 00:00:00 2001
From: Erik Fonnesbeck <efonnes@gmail.com>
Date: Fri, 25 Jun 2010 13:12:06 -0600
Subject: Validate for duplicate user names when editing, too.

---
 usr/local/www/system_usermanager.php | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php
index b0ecd8f..f89d834 100644
--- a/usr/local/www/system_usermanager.php
+++ b/usr/local/www/system_usermanager.php
@@ -207,19 +207,26 @@ if (isAllowedPage("system_usermanager")) {
 		if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2']))
 			$input_errors[] = gettext("The passwords do not match.");
 
+		if (isset($id) && $a_user[$id])
+			$oldusername = $a_user[$id]['name'];
+		else
+			$oldusername = "";
 		/* make sure this user name is unique */
-		if (!$input_errors && !(isset($id) && $a_user[$id])) {
+		if (!$input_errors) {
 			foreach ($a_user as $userent) {
-				if ($userent['name'] == $_POST['usernamefld']) {
+				if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
 					$input_errors[] = gettext("Another entry with the same username already exists.");
 					break;
 				}
 			}
+		}
+		/* also make sure it is not reserved */
+		if (!$input_errors) {
 			$system_users = explode("\n", file_get_contents("/etc/passwd"));
 			foreach ($system_users as $s_user) {
 				$ent = explode(":", $s_user);
-				if ($ent[0] ==  $_POST['usernamefld']) {
-					$input_errors[] = gettext("That username already exists or is reserved by the system.");
+				if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
+					$input_errors[] = gettext("That username is reserved by the system.");
 					break;
 				}
 			}
-- 
cgit v1.1


From 04735a091f2efc00baf45997124f5dec61d257e7 Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Sat, 26 Jun 2010 21:26:48 -0400
Subject: fix Description display. Ticket #666

---
 usr/local/www/status_gateways.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr/local/www/status_gateways.php b/usr/local/www/status_gateways.php
index 6d6c43d..72e14b2 100755
--- a/usr/local/www/status_gateways.php
+++ b/usr/local/www/status_gateways.php
@@ -118,7 +118,7 @@ include("head.inc");
                         ?>
 			</table>
                   </td>
-		  <td class="listbg"> <?=$a_gateway[$gateway['name']]['descr']; ?></td>
+		  <td class="listbg"> <?=$a_gateways[$gateway['name']]['descr']; ?></td>
                 </tr>
 		<?php } ?>
               </table>
-- 
cgit v1.1


From e88ace756391836878b81e8b4fb88776d96872c5 Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Sun, 27 Jun 2010 01:27:30 -0400
Subject: fix gettext

---
 usr/local/www/system_gateways_edit.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php
index 700ba41..98d1e81 100755
--- a/usr/local/www/system_gateways_edit.php
+++ b/usr/local/www/system_gateways_edit.php
@@ -375,7 +375,7 @@ function show_advanced_gateway() {
 			?>
 			<input name="monitor" type="text" id="monitor" value="<?php echo $monitor; ?>" />
 			<strong><?=gettext("Alternative monitor IP"); ?></strong> <br />
-			<?gettext("Enter an alternative address here to be used to monitor the link. This is used for the " .
+			<?=gettext("Enter an alternative address here to be used to monitor the link. This is used for the " .
 			"quality RRD graphs as well as the load balancer entries. Use this if the gateway does not respond " .
 			"to ICMP echo requests (pings)"); ?>.</strong>
 			<br />
-- 
cgit v1.1


From 9e3aadbe90cb6708fa86471fef45be5965bea602 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Mon, 28 Jun 2010 15:56:53 -0400
Subject: Add checkboxes to disable TSO and LRO since some drivers will
 misbehave with them set. Resolves #703

---
 etc/inc/pfsense-utils.inc                 | 21 ++++++++++++++++++
 usr/local/www/system_advanced_network.php | 36 ++++++++++++++++++++++++++++---
 2 files changed, 54 insertions(+), 3 deletions(-)

diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc
index e3eef07..8d2e894 100644
--- a/etc/inc/pfsense-utils.inc
+++ b/etc/inc/pfsense-utils.inc
@@ -215,6 +215,27 @@ function enable_hardware_offloading($interface) {
 			pfSense_interface_capabilities($interface, IFCAP_RXCSUM);
 	}
 
+	if($config['system']['disablesegmentationoffloading']) {
+		if (isset($options['encaps']['tso4']))
+			pfSense_interface_capabilities($interface, -IFCAP_TSO);
+		if (isset($options['encaps']['tso6']))
+			pfSense_interface_capabilities($interface, -IFCAP_TSO);
+	} else {
+		if (isset($options['caps']['tso4']))
+			pfSense_interface_capabilities($interface, IFCAP_TSO);
+		if (isset($options['caps']['tso6']))
+			pfSense_interface_capabilities($interface, IFCAP_TSO);
+	}
+
+	if($config['system']['disablelargereceiveoffloading']) {
+		if (isset($options['encaps']['lro']))
+			pfSense_interface_capabilities($interface, -IFCAP_LRO);
+	} else {
+		if (isset($options['caps']['lro']))
+			pfSense_interface_capabilities($interface, IFCAP_LRO);
+	}
+
+
 	/* if the NIC supports polling *AND* it is enabled in the GUI */
 	$polling = isset($config['system']['polling']);	
 	if($polling && isset($options['caps']['polling']))
diff --git a/usr/local/www/system_advanced_network.php b/usr/local/www/system_advanced_network.php
index d744a47..6c67e30 100644
--- a/usr/local/www/system_advanced_network.php
+++ b/usr/local/www/system_advanced_network.php
@@ -54,6 +54,8 @@ $pconfig['ipv6allow'] = isset($config['system']['ipv6allow']);
 $pconfig['polling_enable'] = isset($config['system']['polling']);
 $pconfig['sharednet'] = $config['system']['sharednet'];
 $pconfig['disablechecksumoffloading'] = isset($config['system']['disablechecksumoffloading']);
+$pconfig['disablesegmentationoffloading'] = isset($config['system']['disablesegmentationoffloading']);
+$pconfig['disablelargereceiveoffloading'] = isset($config['system']['disablelargereceiveoffloading']);
 $pconfig['flowtable'] = false;
 $pconfig['flowtable'] = isset($config['system']['flowtable']);
 
@@ -111,12 +113,24 @@ if ($_POST) {
 
 		if($_POST['disablechecksumoffloading'] == "yes") {
 			$config['system']['disablechecksumoffloading'] = $_POST['disablechecksumoffloading'];
-                        setup_microcode();
 		} else {
 			unset($config['system']['disablechecksumoffloading']);
-                        setup_microcode();
 		}
 
+		if($_POST['disablesegmentationoffloading'] == "yes") {
+			$config['system']['disablesegmentationoffloading'] = $_POST['disablesegmentationoffloading'];
+		} else {
+			unset($config['system']['disablesegmentationoffloading']);
+		}
+
+		if($_POST['disablelargereceiveoffloading'] == "yes") {
+			$config['system']['disablelargereceiveoffloading'] = $_POST['disablelargereceiveoffloading'];
+		} else {
+			unset($config['system']['disablelargereceiveoffloading']);
+		}
+
+		setup_microcode();
+
 		// Write out configuration (config.xml)
 		write_config();
 
@@ -234,7 +248,23 @@ function enable_change(enable_over) {
 									<strong><?=gettext("Disable hardware checksum offload"); ?></strong><br>
 									<?=gettext("Checking this option will disable hardware checksum offloading. Checksum offloading is broken in some hardware, particularly some Realtek cards. Rarely, drivers may have problems with checksum offloading and some specific NICs."); ?>
 								</td>
-							</tr>		
+							</tr>
+							<tr>
+								<td width="22%" valign="top" class="vncell"><?=gettext("Hardware TCP Segmentation Offloading"); ?></td>
+								<td width="78%" class="vtable">
+									<input name="disablesegmentationoffloading" type="checkbox" id="disablesegmentationoffloading" value="yes" <?php if (isset($config['system']['disablesegmentationoffloading'])) echo "checked"; ?> />
+									<strong><?=gettext("Disable hardware TCP segmentation offload"); ?></strong><br>
+									<?=gettext("Checking this option will disable hardware TCP segmentation offloading (TSO, TSO4, TSO6). This offloading is broken in some hardware drivers, and may impact performance with some specific NICs."); ?>
+								</td>
+							</tr>
+							<tr>
+								<td width="22%" valign="top" class="vncell"><?=gettext("Hardware Large Receive Offloading"); ?></td>
+								<td width="78%" class="vtable">
+									<input name="disablelargereceiveoffloading" type="checkbox" id="disablelargereceiveoffloading" value="yes" <?php if (isset($config['system']['disablelargereceiveoffloading'])) echo "checked"; ?> />
+									<strong><?=gettext("Disable hardware large receive offload"); ?></strong><br>
+									<?=gettext("Checking this option will disable hardware large receive offloading (LRO). This offloading is broken in some hardware drivers, and may impact performance with some specific NICs.."); ?>
+								</td>
+							</tr>
 							<tr>
 								<td width="22%" valign="top" class="vncell"><?=gettext("ARP Handling"); ?></td>
 								<td width="78%" class="vtable">
-- 
cgit v1.1


From 929a1b15cc627151655e126f88489930e828c7ef Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Tue, 29 Jun 2010 10:36:48 -0400
Subject: Use the real interface list in setup_microcode() Fixes #705

---
 etc/inc/pfsense-utils.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc
index 8d2e894..3d12fa9 100644
--- a/etc/inc/pfsense-utils.inc
+++ b/etc/inc/pfsense-utils.inc
@@ -393,9 +393,9 @@ function setup_polling() {
 function setup_microcode() {
 
 	/* if list */
-        $ifdescrs = get_configured_interface_list();
+	$ifs = get_interface_arr();
 
-	foreach($ifdescrs as $if)
+	foreach($ifs as $if)
 		enable_hardware_offloading($if);
 }
 
-- 
cgit v1.1


From c3b13d6082033ecd1d3f7672ca9b1533942ec00a Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Tue, 29 Jun 2010 11:26:31 -0400
Subject: Load cpufreq on nanobsd when enabling powerd. It's in the kernel on
 full installs. Fixes #704

---
 etc/inc/system.inc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index ac8fa37..a79a5fb 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -34,13 +34,15 @@
 	pfSense_BUILDER_BINARIES:	/bin/hostname	/bin/ls	/usr/bin/netstat	/usr/sbin/syslogd	
 	pfSense_BUILDER_BINARIES:	/usr/sbin/pccardd	/usr/local/sbin/lighttpd	/bin/chmod 	/bin/mkdir
 	pfSense_BUILDER_BINARIES:	/usr/bin/tar	/bin/sync	/usr/local/sbin/ntpd	/usr/sbin/ntpdate
-	pfSense_BUILDER_BINARIES:	/usr/bin/nohup	/sbin/dmesg	/usr/local/sbin/atareinit
+	pfSense_BUILDER_BINARIES:	/usr/bin/nohup	/sbin/dmesg	/usr/local/sbin/atareinit	/sbin/kldload
 	pfSense_MODULE:	utils
 */
 
 function activate_powerd() {
 	global $config, $g;
 	if(isset($config['system']['powerd_enable'])) {
+		if ($g["platform"] == "nanobsd")
+			exec("/sbin/kldload cpufreq");
 		exec("/usr/sbin/powerd -b adp -a adp");
 	} else {
 		if(is_process_running("powerd"))
-- 
cgit v1.1


From b11bd589692d1958973b761b50929f2adb2eaad2 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Tue, 29 Jun 2010 15:11:50 -0400
Subject: Forward back to system_advanced_admin.php and not system.php

---
 usr/local/www/system_advanced_admin.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr/local/www/system_advanced_admin.php b/usr/local/www/system_advanced_admin.php
index bfa5061..31a658c 100644
--- a/usr/local/www/system_advanced_admin.php
+++ b/usr/local/www/system_advanced_admin.php
@@ -157,7 +157,7 @@ if ($_POST) {
 			if ($port)
 				$url = "{$prot}://{$host}:{$port}/system_advanced_admin.php";
 			else
-				$url = "{$prot}://{$host}/system.php";
+				$url = "{$prot}://{$host}/system_advanced_admin.php";
 		}
 
 		write_config();
-- 
cgit v1.1


From 09ba7f74c35c399c46f44cd95d509e5bb6703803 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Tue, 29 Jun 2010 15:40:15 -0400
Subject: Fix this test, properly test if a variable is set. Fixes #691

---
 usr/local/www/system_advanced_admin.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr/local/www/system_advanced_admin.php b/usr/local/www/system_advanced_admin.php
index 31a658c..840d6bf 100644
--- a/usr/local/www/system_advanced_admin.php
+++ b/usr/local/www/system_advanced_admin.php
@@ -132,7 +132,7 @@ if ($_POST) {
 		else
 			unset($config['system']['enablesshd']);
 
-		$sshd_keyonly = $config['system']['sshdkeyonly'];
+		$sshd_keyonly = isset($config['system']['sshdkeyonly']);
 		if ($_POST['sshdkeyonly'])
 			$config['system']['sshdkeyonly'] = true;
 		else
-- 
cgit v1.1


From af31b277876c2da265c8ef40d6d4da1a7cfda810 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Tue, 29 Jun 2010 16:06:16 -0400
Subject: Give users who have "all" privileges shell access. Part of ticket
 #614

---
 etc/inc/auth.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index 4f97f24..7dab743 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -253,7 +253,7 @@ function local_user_set(& $user) {
 		mkdir($user_home, 0755);
 
 	/* configure shell type */
-	if (!userHasPrivilege($user, "user-shell-access")) {
+	if (!(userHasPrivilege($user, "user-shell-access") || userHasPrivilege($user, "page-all"))) {
 		if (!userHasPrivilege($user, "user-copy-files"))
 			$user_shell = "/sbin/nologin";
 		else
-- 
cgit v1.1


From 0d5ff3835df7b59894283536a17b03ef29700727 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Tue, 29 Jun 2010 16:26:18 -0400
Subject: Let pw handle the creation of the home directory rather than do it in
 php.

---
 etc/inc/auth.inc | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index 7dab743..2ce9f57 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -248,10 +248,6 @@ function local_user_set(& $user) {
 	if (!is_dir($home_base)) 
 		mkdir($home_base, 0755);
 
-	// Ensure $user_home exists and is writable
-	if(!is_dir($user_home)) 
-		mkdir($user_home, 0755);
-
 	/* configure shell type */
 	if (!(userHasPrivilege($user, "user-shell-access") || userHasPrivilege($user, "page-all"))) {
 		if (!userHasPrivilege($user, "user-copy-files"))
@@ -279,7 +275,7 @@ function local_user_set(& $user) {
 
 	/* determine add or mod */
 	if (!strncmp($pwread, "pw:", 3)) {
-		$user_op = "useradd -o";
+		$user_op = "useradd -m -o";
 	} else {
 		$user_op = "usermod";
 	}
-- 
cgit v1.1


From 77f7e3bf50f5aac001a9abe48d032fc4148b1994 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Tue, 29 Jun 2010 16:29:57 -0400
Subject: Set a skeleton directory for pw

---
 etc/inc/auth.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index 2ce9f57..ad434ab 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -275,7 +275,7 @@ function local_user_set(& $user) {
 
 	/* determine add or mod */
 	if (!strncmp($pwread, "pw:", 3)) {
-		$user_op = "useradd -m -o";
+		$user_op = "useradd -m -k /usr/share/skel -o";
 	} else {
 		$user_op = "usermod";
 	}
-- 
cgit v1.1


From cb58828465831cc4a4924462666d7a3c71293a3f Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Tue, 29 Jun 2010 16:43:47 -0400
Subject: Add the standard .tcshrc to the skel files.

---
 usr/share/skel/dot.tcshrc | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 usr/share/skel/dot.tcshrc

diff --git a/usr/share/skel/dot.tcshrc b/usr/share/skel/dot.tcshrc
new file mode 100644
index 0000000..97ca003
--- /dev/null
+++ b/usr/share/skel/dot.tcshrc
@@ -0,0 +1,5 @@
+set prompt="%{\033[0;1;33m%}[%{\033[0;1;37m%}`cat /etc/version`%{\033[0;1;33m%}]%{\033[0;1;33m%}%B[%{\033[0;1;37m%}%n%{\033[0;1;31m%}@%{\033[0;1;37m%}%M%{\033[0;1;33m%}]%{\033[0;1;32m%}%b%/%{\033[0;1;33m%}(%{\033[0;1;37m%}%h%{\033[0;1;33m%})%{\033[0;1;36m%}%{\033[0;1;31m%}:%{\033[0;40;37m%} "
+set autologout="0"
+set autolist set color set colorcat
+setenv CLICOLOR "true"
+setenv LSCOLORS "exfxcxdxbxegedabagacad"
-- 
cgit v1.1


From 29293dce60bdf28fa232b33625505436c5df33da Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Tue, 29 Jun 2010 16:51:25 -0400
Subject: Give users with ssh access a real shell, but make sure that admin
 still gets /etc/rc.initial

---
 etc/inc/auth.inc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index ad434ab..0af0594 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -254,6 +254,8 @@ function local_user_set(& $user) {
 			$user_shell = "/sbin/nologin";
 		else
 			$user_shell = "/usr/local/bin/scponly";
+	} else {
+		$user_shell = "/bin/tcsh";
 	}
 
 	/* root user special handling */
@@ -266,6 +268,7 @@ function local_user_set(& $user) {
 		pclose($fd);
 		$user_group = "wheel";
 		$user_home = "/root";
+		$user_shell = "/etc/rc.initial";
 	}
 
 	/* read from pw db */
-- 
cgit v1.1

