From 924f202ee818c72b10855d3a1c06b34a9e7aa595 Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 31 May 2010 19:14:29 +0000 Subject: Fixes #622. Add a new file status for signaling default gateway under /tmp. dhclient script will check for this file to define if the interface needs a default gateway or not from its given routes. --- etc/inc/system.inc | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 6281a14..75e3f6d 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -263,15 +263,29 @@ function system_routing_configure() { $interfacegw = ""; /* tack on all the hard defined gateways as well */ if (is_array($config['gateways']['gateway_item'])) { + mwexec("/bin/rm {$g['tmp_path']}/*_defaultgw"); + $foundgw = false; foreach ($config['gateways']['gateway_item'] as $gateway) { if (isset($gateway['defaultgw'])) { if ($gateway['gateway'] == "dynamic") $gateway['gateway'] = get_interface_gateway($gateway['interface']); $gatewayip = $gateway['gateway']; $interfacegw = $gateway['interface']; + if (!empty($interfacegw)) { + $defaultif = get_real_interface($gateway['interface']); + if ($defaultif) + @file_put_contents("{$g['tmp_path']}/{$defaultif}_defaultgw", $gatewayip); + } + $foundgw = true; break; } } + if ($foundgw == false) { + $defaultif = get_real_interface("wan"); + $interfacegw = "wan"; + $gatewayip = get_interface_gateway("wan"); + @touch("{$g['tmp_path']}/{$defaultif}_defaultgw"); + } } $dont_add_route = false; /* if OLSRD is enabled, allow WAN to house DHCP. */ @@ -1418,4 +1432,4 @@ function system_get_dmesg_boot() { return file_get_contents("{$g['varlog_path']}/dmesg.boot"); } -?> \ No newline at end of file +?> -- cgit v1.1 From 59cfe65d3cd4fd3b7208d0503f571759956b9021 Mon Sep 17 00:00:00 2001 From: Ermal Date: Tue, 1 Jun 2010 17:35:27 +0000 Subject: Do not set max_execution time here. --- etc/inc/config.lib.inc | 2 +- etc/inc/upgrade_config.inc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'etc') diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 435949f..90968ad 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -359,7 +359,7 @@ function convert_config() { global $config, $g; $now = date("H:i:s"); log_error("Start Configuration upgrade at $now, set execution timeout to 15 minutes"); - ini_set("max_execution_time", "900"); + //ini_set("max_execution_time", "900"); /* special case upgrades */ /* fix every minute crontab bogons entry */ diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index cb690d6..a6486e3 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -1669,7 +1669,7 @@ function upgrade_054_to_055() { global $g; /* RRD files changed for quality, traffic and packets graphs */ - ini_set("max_execution_time", "1800"); + //ini_set("max_execution_time", "1800"); /* convert traffic RRD file */ global $parsedcfg, $listtags; $listtags = array("ds", "v", "rra", "row"); -- cgit v1.1 From 651e77c6f7c5d2250c69aeb1a3b3355439fcfec9 Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 1 Jun 2010 12:38:36 -0400 Subject: Don't kill login here. When this happens from ssh is also resets the console menu. Kill $PPID instead which should have the same intended effect. --- etc/rc.initial | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/rc.initial b/etc/rc.initial index 7485e0d..7f7ad23 100755 --- a/etc/rc.initial +++ b/etc/rc.initial @@ -155,7 +155,7 @@ case ${opmode} in fi ;; "") - killall login ; exit + kill $PPID ; exit ;; esac -- cgit v1.1 From 99f4210976a05e0450ab6d5df2b7c8cf87c29099 Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 1 Jun 2010 12:49:06 -0400 Subject: Send TERM to sshd during shutdown/reboot to ensure that client sessions are kicked properly. Fixes #626. --- etc/rc.halt | 2 ++ etc/rc.reboot | 2 ++ 2 files changed, 4 insertions(+) (limited to 'etc') diff --git a/etc/rc.halt b/etc/rc.halt index 4f3d1ef..d208ccd 100755 --- a/etc/rc.halt +++ b/etc/rc.halt @@ -9,5 +9,7 @@ fi sleep 1 +killall -TERM sshd 2>&1 /dev/null + /sbin/shutdown -p now diff --git a/etc/rc.reboot b/etc/rc.reboot index af5d874..b3ed50a 100755 --- a/etc/rc.reboot +++ b/etc/rc.reboot @@ -21,6 +21,8 @@ else /etc/rc.conf_mount_ro fi +killall -TERM sshd 2>&1 /dev/null + sleep 1 echo -n "Downing interfaces: " -- cgit v1.1 From 1e68a58b7e6e69c3d4c71c9243252269dce8fa39 Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 1 Jun 2010 13:06:17 -0400 Subject: Fix upgrade code for disable bit on OpenVPN CSC entries. --- etc/inc/upgrade_config.inc | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'etc') diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index a6486e3..81ee8f6 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -1539,6 +1539,11 @@ function upgrade_051_to_052() { $csc['wins_server1'] = $csc['dhcp_wins']; unset($csc['dhcp_wins']); + if (!empty($csc['disable'])) + $csc['disable'] = true; + else + unset($csc['disable']); + $config['openvpn']['openvpn-csc'][] = $csc; } -- cgit v1.1 From f73be85cfd6ea44d545183cc9b7874d6db33de68 Mon Sep 17 00:00:00 2001 From: Ermal Date: Tue, 1 Jun 2010 22:13:32 +0000 Subject: Use sockstat, netstat might take to long under certain circumstances. --- etc/rc.initial | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/rc.initial b/etc/rc.initial index 7f7ad23..13fcbba 100755 --- a/etc/rc.initial +++ b/etc/rc.initial @@ -62,7 +62,7 @@ echo "10) Filter Logs" echo "11) Restart webConfigurator" echo "12) ${product} Developer Shell" echo "13) Upgrade from console" -SSHD=`netstat -an | grep "*.22" | wc -l` +SSHD=`/usr/bin/sockstat -4l | grep "*.22" | wc -l` if [ "$SSHD" -gt 0 ]; then echo "14) Disable Secure Shell (sshd)"; else -- cgit v1.1 From 3fb8caf25800fce340a6478557040752e6dbb35d Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Tue, 1 Jun 2010 19:05:22 -0400 Subject: Do not nuke /tmp/ on livecd's --- etc/rc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/rc b/etc/rc index 57a5902..c878145 100755 --- a/etc/rc +++ b/etc/rc @@ -171,7 +171,9 @@ if [ ! -h /tmp/tmp ]; then fi # Make sure our /tmp is 777 + Sticky -rm -rf /tmp/* +if [ ! "$PLATFORM" = "cdrom" ] ; then + rm -rf /tmp/* +fi chmod 1777 /tmp if [ ! "$PLATFORM" = "cdrom" ] ; then -- cgit v1.1 From 634e5206525c3e9cb9067cdfe22a2b0d6e3bc580 Mon Sep 17 00:00:00 2001 From: Ermal Date: Tue, 1 Jun 2010 23:13:20 +0000 Subject: Remove spurious call to mute console. --- etc/rc.bootup | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'etc') diff --git a/etc/rc.bootup b/etc/rc.bootup index e50d14d..d9c3543 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -161,7 +161,6 @@ $wan_if = get_real_interface(); * and ask the user to reassign interfaces. This will * avoid a reboot and thats a good thing. */ -unmute_kernel_msgs(); while(is_interface_mismatch() == true) { echo "\nNetwork interface mismatch -- Running interface assignment option.\n"; set_networking_interfaces_ports(); @@ -379,4 +378,4 @@ led_normalize(); conf_mount_ro(); -?> \ No newline at end of file +?> -- cgit v1.1 From ac8ff0a4f3effcdd535bd9187bb92c1a781970e0 Mon Sep 17 00:00:00 2001 From: Ermal Date: Tue, 1 Jun 2010 23:19:34 +0000 Subject: When an interface spoofs its mac address change the mac address of all vlans having it as parent. Remove such code from the vlan configuration phase since this is way the mac change will always get propagated and its faster. --- etc/inc/interfaces.inc | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'etc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 9ff2c40..cdfcf5d 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -151,16 +151,6 @@ function interface_vlan_configure(&$vlan) { /* invalidate interface cache */ get_interface_arr(true); - /* all vlans need to spoof their parent mac address, too. see - * ticket #1514: http://cvstrac.pfsense.com/tktview?tn=1514,33 - */ - foreach($config['interfaces'] as $interfaces) { - if($interfaces['if'] == $if && $interfaces['spoofmac']) { - mwexec("/sbin/ifconfig " . escapeshellarg($vlanif) . - " link " . escapeshellarg($interfaces['spoofmac'])); - } - } - /* XXX: ermal -- for now leave it here at the moment it does not hurt. */ interfaces_bring_up($if); @@ -1896,6 +1886,18 @@ function interface_configure($interface = "wan", $reloadall = false) { if ($wancfg['spoofmac']) { mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " link " . escapeshellarg($wancfg['spoofmac'])); + + /* + * All vlans need to spoof their parent mac address, too. see + * ticket #1514: http://cvstrac.pfsense.com/tktview?tn=1514,33 + */ + if (is_array($config['vlans']['vlan'])) { + foreach ($config['vlans']['vlan'] as $vlan) { + if ($vlan['if'] == $realif) + mwexec("/sbin/ifconfig " . escapeshellarg($vlan['vlanif']) . + " link " . escapeshellarg($wancfg['spoofmac'])); + } + } } else { $mac = get_interface_mac(get_real_interface($wancfg['if'])); if($mac == "ff:ff:ff:ff:ff:ff") { -- cgit v1.1 From 79d87198e541f16e37df07ed54dc96767bb963a4 Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 2 Jun 2010 12:26:48 -0400 Subject: Remove this line, it is not needed. --- etc/rc.halt | 2 -- 1 file changed, 2 deletions(-) (limited to 'etc') diff --git a/etc/rc.halt b/etc/rc.halt index d208ccd..4f3d1ef 100755 --- a/etc/rc.halt +++ b/etc/rc.halt @@ -9,7 +9,5 @@ fi sleep 1 -killall -TERM sshd 2>&1 /dev/null - /sbin/shutdown -p now -- cgit v1.1 From 2d99dce73be4d5c020f8e6bdbbb61bc2e52fdd4c Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 2 Jun 2010 12:27:24 -0400 Subject: Don't kill ssh, it will stop the rest of the process when done from ssh. Instead, do not shut down network interfaces before a reboot. The original motive for doing this may no longer be necessary. Fixes #626 --- etc/rc.reboot | 9 --------- 1 file changed, 9 deletions(-) (limited to 'etc') diff --git a/etc/rc.reboot b/etc/rc.reboot index b3ed50a..ecc47c2 100755 --- a/etc/rc.reboot +++ b/etc/rc.reboot @@ -21,15 +21,6 @@ else /etc/rc.conf_mount_ro fi -killall -TERM sshd 2>&1 /dev/null - sleep 1 -echo -n "Downing interfaces: " -for INTERFACE in `/sbin/ifconfig -l`; do - echo -n "$INTERFACE " - /sbin/ifconfig $INTERFACE down -done - /sbin/shutdown -r now - -- cgit v1.1 From 871768cf8a5eda75f829c4c6da00c1c1dd30bd3c Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 2 Jun 2010 16:39:54 +0000 Subject: Use the functions from the pfSense module to configure interfaces on interfaces.inc. --- etc/inc/interfaces.inc | 138 +++++++++++++++++++++++-------------------------- 1 file changed, 66 insertions(+), 72 deletions(-) (limited to 'etc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index cdfcf5d..7bcd95d 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -51,7 +51,7 @@ function interfaces_bring_up($interface) { log_error( "Backtrace: " . debug_backtrace() ); return; } - mwexec("/sbin/ifconfig " . escapeshellarg($interface) . " up"); + pfSense_interface_flags($interface, IFF_UP); } /* @@ -87,7 +87,7 @@ function does_interface_exist($interface) { function interfaces_loopback_configure() { if($g['booting']) echo "Configuring loopback interface..."; - mwexec("/sbin/ifconfig lo0 127.0.0.1"); + pfSense_interface_setaddress("lo0", "127.0.0.1"); interfaces_bring_up("lo0"); exec("/sbin/route add 127.0.0.2 127.0.0.1"); if($g['booting']) @@ -122,7 +122,7 @@ function interface_vlan_configure(&$vlan) { $vlanif = empty($vlan['vlanif']) ? "{$if}_vlan{$vlan['tag']}" : $vlan['vlanif']; $tag = $vlan['tag']; - if(empty($if)) { + if (empty($if)) { log_error("interface_vlan_confgure called with if undefined."); return; } @@ -130,21 +130,17 @@ function interface_vlan_configure(&$vlan) { /* make sure the parent interface is up */ interfaces_bring_up($if); /* Since we are going to add vlan(4) try to enable all that hardware supports. */ - mwexec("/sbin/ifconfig {$if} vlanhwtag"); - mwexec("/sbin/ifconfig {$if} vlanmtu"); - mwexec("/sbin/ifconfig {$if} vlanhwfilter"); + pfSense_interface_capabilities($if, IFCAP_VLAN_HWTAGGING|IFCAP_VLAN_MTU|IFCAP_VLAN_HWFILTER); if (!empty($vlanif) && does_interface_exist($vlanif)) { interface_bring_down($vlanif); } else { - $tmpvlanif = exec("/sbin/ifconfig vlan create"); - mwexec("/sbin/ifconfig {$tmpvlanif} name {$vlanif}"); - mwexec("/usr/sbin/ngctl name {$tmpvlanif}: {$vlanif}"); + $tmpvlanif = pfSense_interface_create("vlan"); + pfSense_interface_rename($tmpvlanif, $vlanif); + pfSense_ngctl_name("{$tmpvlanif}:", $vlanif); } - - mwexec("/sbin/ifconfig {$vlanif} vlan " . - escapeshellarg($tag) . " vlandev " . - escapeshellarg($if)); + + pfSense_vlan_create($vlanif, $if, $tag); interfaces_bring_up($vlanif); @@ -323,12 +319,11 @@ function interface_bridge_configure(&$bridge) { $checklist = get_configured_interface_list(); if ($g['booting'] || !empty($bridge['bridgeif'])) { - mwexec("/sbin/ifconfig {$bridge['bridgeif']} destroy"); - mwexec("/sbin/ifconfig {$bridge['bridgeif']} create"); + pfSense_interface_destroy($bridge['bridgeif']); + pfSense_interface_create($bridge['bridgeif']); $bridgeif = $bridge['bridgeif']; - } else { - $bridgeif = exec("/sbin/ifconfig bridge create"); - } + } else + $bridgeif = pfSense_interface_create("bridge"); /* Calculate smaller mtu and enforce it */ $smallermtu = 0; @@ -352,7 +347,7 @@ function interface_bridge_configure(&$bridge) { $realif1 = get_real_interface($member); $realif = escapeshellarg($realif1); /* make sure the parent interface is up */ - mwexec("/sbin/ifconfig {$realif} mtu {$smallermtu}"); + pfSense_interface_mtu($realif, $smallermtu); if(!$realif) log_error("realif not defined in interfaces bridge - up"); interfaces_bring_up($realif1); @@ -476,7 +471,7 @@ function interface_bridge_add_member($bridgeif, $interface) { $mtum = get_interface_mtu($interface); if ($mtu != $mtum) - mwexec("/sbin/ifconfig {$interface} mtu {$mtu}"); + pfSense_interface_mtu($interface, $mtu); interfaces_bring_up($interface); mwexec("/sbin/ifconfig {$bridgeif} addm {$interface}"); @@ -514,11 +509,11 @@ function interface_lagg_configure(&$lagg) { $checklist = get_interface_list(); if ($g['booting'] || !(empty($lagg['laggif']))) { - mwexec("/sbin/ifconfig {$lagg['laggif']} destroy"); - mwexec("/sbin/ifconfig {$lagg['laggif']} create"); + pfSense_interface_destroy($lagg['laggif']); + pfSense_interface_create($lagg['laggif']); $laggif = $lagg['laggif']; } else - $laggif = exec("/sbin/ifconfig lagg create"); + $laggif = pfSense_interface_create("lagg"); /* Calculate smaller mtu and enforce it */ $smallermtu = 0; @@ -538,7 +533,7 @@ function interface_lagg_configure(&$lagg) { if (!array_key_exists($member, $checklist)) continue; /* make sure the parent interface is up */ - mwexec("/sbin/ifconfig {$member} mtu {$smallermtu}"); + pfSense_interface_mtu($member, $smallermtu); interfaces_bring_up($member); mwexec("/sbin/ifconfig {$laggif} laggport {$member}"); } @@ -578,22 +573,21 @@ function interface_gre_configure(&$gre) { interfaces_bring_up($realif); if ($g['booting'] || !(empty($gre['greif']))) { - mwexec("/sbin/ifconfig {$gre['greif']} destroy"); - mwexec("/sbin/ifconfig {$gre['greif']} create"); + pfSense_interface_destroy($gre['greif']); + pfSense_interface_create($gre['greif']); $greif = $gre['greif']; - } else { - $greif = exec("/sbin/ifconfig gre create"); - } + } else + $greif = pfSense_interface_create("gre"); /* Do not change the order here for more see gre(4) NOTES section. */ mwexec("/sbin/ifconfig {$greif} tunnel {$realifip} {$gre['remote-addr']}"); mwexec("/sbin/ifconfig {$greif} {$gre['tunnel-local-addr']} {$gre['tunnel-remote-addr']} netmask " . gen_subnet_mask($gre['tunnel-remote-net'])); if (isset($gre['link0']) && $gre['link0']) - mwexec("/sbin/ifconfig {$greif} link0"); + pfSense_interface_flags($greif, IFF_LINK0); if (isset($gre['link1']) && $gre['link1']) - mwexec("/sbin/ifconfig {$greif} link1"); + pfSense_interface_flags($greif, IFF_LINK1); if (isset($gre['link2']) && $gre['link2']) - mwexec("/sbin/ifconfig {$greif} link2"); + pfSense_interface_flags($greif, IFF_LINK2); if($greif) interfaces_bring_up($greif); @@ -637,19 +631,19 @@ function interface_gif_configure(&$gif) { log_error("could not bring realif up -- variable not defined -- interface_gif_configure()"); if ($g['booting'] || !(empty($gif['gifif']))) { - mwexec("/sbin/ifconfig {$gif['gifif']} destroy"); - mwexec("/sbin/ifconfig {$gif['gifif']} create"); + pfSense_interface_destroy($gif['gifif']); + pfSense_interface_create($gif['gifif']); $gifif = $gif['gifif']; } else - $gifif = exec("/sbin/ifconfig gif create"); + $gifif = pfSense_interface_create("gif"); /* Do not change the order here for more see gif(4) NOTES section. */ mwexec("/sbin/ifconfig {$gifif} tunnel {$realifip} {$gif['remote-addr']}"); mwexec("/sbin/ifconfig {$gifif} {$gif['tunnel-local-addr']} {$gif['tunnel-remote-addr']} netmask " . gen_subnet_mask($gif['tunnel-remote-net'])); if (isset($gif['link0']) && $gif['link0']) - mwexec("/sbin/ifconfig {$gifif} link0"); + pfSense_interface_flags($gifif, IFF_LINK0); if (isset($gif['link1']) && $gif['link1']) - mwexec("/sbin/ifconfig {$gifif} link1"); + pfSense_interface_flags($gifif, IFF_LINK1); if($gifif) interfaces_bring_up($gifif); else @@ -680,6 +674,11 @@ function interfaces_configure() { $delayed_list = array(); $bridge_list = array(); + /* This is needed to speedup interfaces on bootup. */ + $reload = false; + if ($g['booting']) + $reload = true; + foreach($iflist as $if => $ifname) { $realif = $config['interfaces'][$if]['if']; if(is_array($config['interfaces'][$if]['pppoe']) && isset($config['interfaces'][$if]['pppoe']['pppoe-reset-type'])) @@ -697,7 +696,7 @@ function interfaces_configure() { echo "Configuring {$ifname} interface..."; if($g['debug']) log_error("Configuring {$ifname}"); - interface_configure($if, true); + interface_configure($if, $reload); if ($g['booting']) echo "done.\n"; } @@ -718,7 +717,7 @@ function interfaces_configure() { if ($g['debug']) log_error("Configuring {$ifname}"); - interface_configure($if, true); + interface_configure($if, $reload); if ($g['booting']) echo "done.\n"; @@ -733,7 +732,7 @@ function interfaces_configure() { if($g['debug']) log_error("Configuring {$ifname}"); - interface_configure($if, true); + interface_configure($if, $reload); if ($g['booting']) echo "done.\n"; @@ -770,7 +769,7 @@ function interfaces_configure() { function interface_reconfigure($interface = "wan") { interface_bring_down($interface); - interface_configure($interface); + interface_configure($interface, true); } function interface_vip_bring_down(&$vip) { @@ -781,17 +780,17 @@ function interface_vip_bring_down(&$vip) { case "ipalias": $vipif = get_real_interface($vip['interface']); if(does_interface_exist($vipif)) - mwexec("/sbin/ifconfig {$vipif} delete {$vip['subnet']}"); + pfSense_interface_deladdress($vipif, $vip['subnet']); break; case "carp": $vipif = "vip" . $vip['vhid']; if(does_interface_exist($vipif)) - mwexec("/sbin/ifconfig {$vipif} destroy"); + pfSense_interface_destroy($vipif); break; case "carpdev-dhcp": $vipif = "vip" . $vip['vhid']; if(does_interface_exist($vipif)) - mwexec("/sbin/ifconfig {$vipif} destroy"); + pfSense_interface_destroy($vipif); break; } } @@ -830,7 +829,7 @@ function interface_bring_down($interface = "wan", $destroy = false) { unlink_if_exists("{$g['varetc_path']}/dhclient_{$interface}.conf"); if(does_interface_exist("$realif")) { mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " delete", true); - mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " down"); + pfSense_interface_flags($realif, -IFF_UP); mwexec("/usr/sbin/arp -d -i {$realif} -a"); } break; @@ -842,7 +841,7 @@ function interface_bring_down($interface = "wan", $destroy = false) { default: if(does_interface_exist("$realif")) { mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " delete", true); - mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " down"); + pfSense_interface_flags($realif, -IFF_UP); mwexec("/usr/sbin/arp -d -i {$realif} -a"); } break; @@ -862,7 +861,7 @@ function interface_bring_down($interface = "wan", $destroy = false) { if ($destroy == true) { if (preg_match("/^tun|^ovpn|^gif|^gre|^lagg|^bridge|vlan/i", $realif)) - mwexec("/sbin/ifconfig {$realif} destroy"); + pfSense_interface_destroy($realif); } return; @@ -1301,11 +1300,11 @@ function interface_carp_configure(&$vip) { /* create the carp interface and setup */ if (does_interface_exist($vipif)) { - interface_bring_down($vipif); + pfSense_interface_flags($vipif, -IFF_UP); } else { - $carpif = exec("/sbin/ifconfig carp create"); - mwexec("/sbin/ifconfig {$carpif} name {$vipif}"); - mwexec("/usr/sbin/ngctl name {$carpif}: {$vipif}"); + $carpif = pfSense_interface_create("carp"); + pfSense_interface_rename($carpif, $vipif); + pfSense_ngctl_name("{$carpif}:", $vipif); } /* invalidate interface cache */ @@ -1351,7 +1350,7 @@ function interface_carpdev_configure(&$vip) { } else { $carpdevif = exec("/sbin/ifconfig carp create"); mwexec("/sbin/ifconfig {$carpdevif} name {$vipif}"); - mwexec("/usr/sbin/ngctl name {$carpdevif}: {$vipif}"); + pfSense_ngctl_name("{$carpdevif}:", $vipif); } mwexec("/sbin/ifconfig {$vipif} carpdev {$realif} vhid {$vip['vhid']} advskew {$vip['advskew']} {$password}"); @@ -1439,7 +1438,7 @@ function interface_wireless_clone($realif, $wlcfg) { if($needs_clone == true) { /* remove previous instance if it exists */ if(does_interface_exist($realif)) - mwexec("/sbin/ifconfig {$realif} destroy"); + pfSense_interface_destroy($realif); log_error("Cloning new wireless interface {$realif}"); // Create the new wlan interface. FreeBSD returns the new interface name. @@ -1451,7 +1450,7 @@ function interface_wireless_clone($realif, $wlcfg) { } $newif = trim($out[0]); // Rename the interface to {$parentnic}_wlan{$number}#: EX: ath0_wlan0 - mwexec("/sbin/ifconfig {$newif} name {$realif} 2>&1", false); + pfSense_interface_rename($newif, $realif); // FIXME: not sure what ngctl is for. Doesn't work. // mwexec("/usr/sbin/ngctl name {$newif}: {$realif}", false); } @@ -1887,17 +1886,17 @@ function interface_configure($interface = "wan", $reloadall = false) { mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " link " . escapeshellarg($wancfg['spoofmac'])); - /* - * All vlans need to spoof their parent mac address, too. see - * ticket #1514: http://cvstrac.pfsense.com/tktview?tn=1514,33 - */ - if (is_array($config['vlans']['vlan'])) { - foreach ($config['vlans']['vlan'] as $vlan) { - if ($vlan['if'] == $realif) - mwexec("/sbin/ifconfig " . escapeshellarg($vlan['vlanif']) . - " link " . escapeshellarg($wancfg['spoofmac'])); - } - } + /* + * All vlans need to spoof their parent mac address, too. see + * ticket #1514: http://cvstrac.pfsense.com/tktview?tn=1514,33 + */ + if (is_array($config['vlans']['vlan'])) { + foreach ($config['vlans']['vlan'] as $vlan) { + if ($vlan['if'] == $realif) + mwexec("/sbin/ifconfig " . escapeshellarg($vlan['vlanif']) . + " link " . escapeshellarg($wancfg['spoofmac'])); + } + } } else { $mac = get_interface_mac(get_real_interface($wancfg['if'])); if($mac == "ff:ff:ff:ff:ff:ff") { @@ -1924,7 +1923,7 @@ function interface_configure($interface = "wan", $reloadall = false) { mwexec($cmd); } if (!empty($wancfg['mtu'])) - mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " mtu {$wancfg['mtu']}"); + pfSense_interface_mtu($realif, $wancfg['mtu']); /* invalidate interface/ip/sn cache */ get_interface_arr(true); @@ -1950,10 +1949,7 @@ function interface_configure($interface = "wan", $reloadall = false) { break; default: if ($wancfg['ipaddr'] <> "" && $wancfg['subnet'] <> "") { - if($wancfg['ipaddr'] && $wancfg['subnet']) - mwexec("/sbin/ifconfig " . escapeshellarg($realif) . - " " . escapeshellarg($wancfg['ipaddr'] . "/" . - $wancfg['subnet'])); + pfSense_interface_setaddress($realif, "{$wancfg['ipaddr']}/{$wancfg['subnet']}"); } else if (substr($realif, 0, 3) == "gre") { if (is_array($config['gres']['gre'])) { foreach ($config['gres']['gre'] as $gre) @@ -2029,8 +2025,6 @@ function interface_configure($interface = "wan", $reloadall = false) { } } - unmute_kernel_msgs(); - return 0; } -- cgit v1.1 From b29d9c8ea328c3454346fa2c334673c36f78ca0c Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 2 Jun 2010 16:50:54 +0000 Subject: Start sshd early on boot so it is availble as soon as the first ip is configured. --- etc/rc.bootup | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'etc') diff --git a/etc/rc.bootup b/etc/rc.bootup index d9c3543..858ea2e 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -198,6 +198,10 @@ system_hosts_generate(); /* configure loopback interface */ interfaces_loopback_configure(); +echo "Starting Secure Shell Services..."; +mwexec_bg("/etc/sshd"); +echo "done.\n"; + /* set up interfaces */ if(!$debugging) mute_kernel_msgs(); @@ -260,10 +264,6 @@ system_routing_configure(); /* enable routing */ system_routing_enable(); -echo "Starting Secure Shell Services..."; -mwexec_bg("/etc/sshd"); -echo "done.\n"; - /* configure console menu */ system_console_configure(); -- cgit v1.1 From bf444c344e9a95a5d7e65ae13f40d20aa9958df1 Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 2 Jun 2010 16:56:46 +0000 Subject: Use the new functions on CP code too. --- etc/inc/captiveportal.inc | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'etc') diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 885040b..0f94462 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -34,7 +34,7 @@ added rules which may have been created by other per-user code (index.php, etc). These changes are (c) 2004 Keycom PLC. - pfSense_BUILDER_BINARIES: /sbin/ifconfig /sbin/ipfw /sbin/sysctl /sbin/kldunload + pfSense_BUILDER_BINARIES: /sbin/ipfw /sbin/sysctl /sbin/kldunload pfSense_BUILDER_BINARIES: /usr/local/sbin/lighttpd /usr/local/bin/minicron /sbin/pfctl pfSense_BUILDER_BINARIES: /bin/hostname /bin/cp pfSense_MODULE: captiveportal @@ -58,7 +58,7 @@ function captiveportal_configure() { $ifaces = get_configured_interface_list(); foreach ($ifaces as $kiface => $kiface2) { $tmpif = get_real_interface($kiface); - mwexec("/sbin/ifconfig {$tmpif} -ipfwfilter"); + pfSense_interface_flags($tmpif, -IFF_IPFW_FILTER); } $cpinterfaces = explode(",", $config['captiveportal']['interface']); $firsttime = 0; @@ -77,14 +77,14 @@ function captiveportal_configure() { if (!empty($carpif)) { $carpsif = explode(" ", $carpif); foreach ($carpsif as $cpcarp) { - mwexec("/sbin/ifconfig {$cpcarp} ipfwfilter"); + pfSense_interface_flags($cpcarp, IFF_IPFW_FILTER); $carpip = find_interface_ip($cpcarp); if (is_ipaddr($carpip)) $cpips[] = $carpip; } } $cpips[] = $cpipm; - mwexec("/sbin/ifconfig {$tmpif} ipfwfilter"); + pfSense_interface_flags($tmpif, IFF_IPFW_FILTER); } } } @@ -391,12 +391,12 @@ EOD; foreach ($listifs as $listrealif => $listif) { if (!empty($listrealif)) { if (does_interface_exist($listrealif)) { - mwexec("/sbin/ifconfig {$listrealif} -ipfwfilter"); + pfSense_interface_flags($listrealif, -IFF_IPFW_FILTER); $carpif = link_ip_to_carp_interface(find_interface_ip($listrealif)); if (!empty($carpif)) { $carpsif = explode(" ", $carpif); foreach ($carpsif as $cpcarp) - mwexec("/sbin/ifconfig {$cpcarp} -ipfwfilter"); + pfSense_interface_flags($cpcarp, -IFF_IPFW_FILTER); } } } -- cgit v1.1 From 3d0633917f7acf6f32d178bd68602282db18538d Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 2 Jun 2010 17:17:55 +0000 Subject: Use the module functions to set/remove/test interface capabilities. --- etc/inc/pfsense-utils.inc | 61 ++++++++++++++++------------------------------- 1 file changed, 21 insertions(+), 40 deletions(-) (limited to 'etc') diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 1015023..21bbe0c 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -188,13 +188,15 @@ function enable_hardware_offloading($interface) { if($int <> "") $interface = $int; $int_family = preg_split("/[0-9]+/", $interface); - $options = strtolower(`/sbin/ifconfig -m {$interface} | grep capabilities`); + $options = pfSense_get_interface_addresses($interface); + if (!is_array($options)) + return; $supported_ints = array('fxp'); if (in_array($int_family, $supported_ints)) { if(isset($config['system']['do_not_use_nic_microcode'])) continue; if(does_interface_exist($interface)) - mwexec("/sbin/ifconfig {$interface} link0"); + pfSense_interface_flags($interface, IFF_LINK0); } /* skip vlans for checksumming and polling */ @@ -202,26 +204,24 @@ function enable_hardware_offloading($interface) { return; if($config['system']['disablechecksumoffloading']) { - if(stristr($options, "txcsum") == true) - mwexec("/sbin/ifconfig {$interface} -txcsum 2>/dev/null"); - if(stristr($options, "rxcsum") == true) - mwexec("/sbin/ifconfig {$interface} -rxcsum 2>/dev/null"); + if (isset($options['encaps']['txcsum'])) + pfSense_interface_capabilities($interface, -IFCAP_TXCSUM); + if (isset($options['encaps']['rxcsum'])) + pfSense_interface_capabilities($interface, -IFCAP_RXCSUM); } else { - if(stristr($options, "txcsum") == true) - mwexec("/sbin/ifconfig {$interface} txcsum 2>/dev/null"); - if(stristr($options, "rxcsum") == true) - mwexec("/sbin/ifconfig {$interface} rxcsum 2>/dev/null"); + if (isset($options['caps']['txcsum'])) + pfSense_interface_capabilities($interface, IFCAP_TXCSUM); + if (isset($options['caps']['rxcsum'])) + pfSense_interface_capabilities($interface, IFCAP_RXCSUM); } /* if the NIC supports polling *AND* it is enabled in the GUI */ - if(interface_supports_polling($interface)) { - $polling = isset($config['system']['polling']); - if($polling) { - mwexec("/sbin/ifconfig {$interface} polling 2>/dev/null"); - } else { - mwexec("/sbin/ifconfig {$interface} -polling 2>/dev/null"); - } - } + $polling = isset($config['system']['polling']); + if($polling && isset($options['caps']['polling'])) + pfSense_interface_capabilities($interface, IFCAP_POLLING); + else + pfSense_interface_capabilities($interface, -IFCAP_POLLING); + return; } @@ -236,29 +236,10 @@ function enable_hardware_offloading($interface) { * ******/ function interface_supports_polling($iface) { - $pattern = '/([a-z].*)[0-9]/'; - preg_match($pattern, $iface, $iface2); - $interface=$iface2[1]; - $supported_ints = array("bge", - "dc", - "em", - "fwe", - "fwip", - "fxp", - "ixgb", - "nfe", - "vge", - "re", - "rl", - "sf", - "sis", - "ste", - "stge", - "vge", - "vr", - "xl"); - if(in_array($interface, $supported_ints)) + $opts = pfSense_get_interface_addresses($iface); + if (is_array($opts) && isset($opts['caps']['polling'])) return true; + return false; } -- cgit v1.1 From d538b8fa7e05f75a457fbdda1072b90f326ee149 Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 2 Jun 2010 17:20:10 +0000 Subject: Correct ifconfig syntax --- etc/inc/config.lib.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'etc') diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 90968ad..707dee8 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -932,7 +932,7 @@ EODD; if (strcasecmp(chop(fgets($fp)), "y") == 0) { if($config['interfaces']['lan']['if']) - mwexec("/sbin/ifconfig delete " . $config['interfaces']['lan']['if']); + mwexec("/sbin/ifconfig " . $config['interfaces']['lan']['if'] . " delete"); } if(isset($config['interfaces']['lan'])) unset($config['interfaces']['lan']); @@ -950,7 +950,7 @@ EODD; unset($config['nat']); } else { if(isset($config['interfaces']['lan']['if'])) - mwexec("/sbin/ifconfig delete " . $config['interfaces']['lan']['if']); + mwexec("/sbin/ifconfig " . $config['interfaces']['lan']['if'] . " delete"); if(isset($config['interfaces']['lan'])) unset($config['interfaces']['lan']); if(isset($config['dhcpd']['lan'])) -- cgit v1.1 From 6ef98d296de5b95f1a6f123b4dec5ea55e3aa4e9 Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 2 Jun 2010 22:55:33 +0000 Subject: Mute this command so people do not think something went wrong. --- etc/inc/captiveportal.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 0f94462..ce2a834 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -108,7 +108,7 @@ function captiveportal_configure() { unlink_if_exists("{$g['vardb_path']}/captiveportal_mac.db"); unlink_if_exists("{$g['vardb_path']}/captiveportal_ip.db"); unlink_if_exists("{$g['vardb_path']}/captiveportal_radius.db"); - mwexec("/sbin/ipfw -q table all flush"); + mwexec("/sbin/ipfw -q table all flush", true); /* setup new database in case someone tries to access the status -> captive portal page */ touch("{$g['vardb_path']}/captiveportal.db"); -- cgit v1.1