Do not require the default sysctl items to be set on the config.xml but rather extract the definitions from the sysctl tree. Also to reduce config.xml size
This commit is contained in:
Ermal
parent
24d728bb4f
commit
d87fcac96b
|
|
@ -4,158 +4,6 @@
|
|||
<version>9.9</version>
|
||||
<lastchange></lastchange>
|
||||
<theme>pfsense_ng</theme>
|
||||
<sysctl>
|
||||
<item>
|
||||
<descr><![CDATA[Disable the pf ftp proxy handler.]]></descr>
|
||||
<tunable>debug.pfftpproxy</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html]]></descr>
|
||||
<tunable>vfs.read_max</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Set the ephemeral port range to be lower.]]></descr>
|
||||
<tunable>net.inet.ip.portrange.first</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Drop packets to closed TCP ports without returning a RST]]></descr>
|
||||
<tunable>net.inet.tcp.blackhole</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Do not send ICMP port unreachable messages for closed UDP ports]]></descr>
|
||||
<tunable>net.inet.udp.blackhole</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Randomize the ID field in IP packets (default is 0: sequential IP IDs)]]></descr>
|
||||
<tunable>net.inet.ip.random_id</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)]]></descr>
|
||||
<tunable>net.inet.tcp.drop_synfin</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Enable sending IPv4 redirects]]></descr>
|
||||
<tunable>net.inet.ip.redirect</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Enable sending IPv6 redirects]]></descr>
|
||||
<tunable>net.inet6.ip6.redirect</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Enable privacy settings for IPv6 (RFC 4941)]]></descr>
|
||||
<tunable>net.inet6.ip6.use_tempaddr</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Prefer privacy addresses and use them over the normal addresses]]></descr>
|
||||
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Generate SYN cookies for outbound SYN-ACK packets]]></descr>
|
||||
<tunable>net.inet.tcp.syncookies</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Maximum incoming/outgoing TCP datagram size (receive)]]></descr>
|
||||
<tunable>net.inet.tcp.recvspace</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Maximum incoming/outgoing TCP datagram size (send)]]></descr>
|
||||
<tunable>net.inet.tcp.sendspace</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[IP Fastforwarding]]></descr>
|
||||
<tunable>net.inet.ip.fastforwarding</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Do not delay ACK to try and piggyback it onto a data packet]]></descr>
|
||||
<tunable>net.inet.tcp.delayed_ack</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
|
||||
<tunable>net.inet.udp.maxdgram</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Handling of non-IP packets which are not passed to pfil (see if_bridge(4))]]></descr>
|
||||
<tunable>net.link.bridge.pfil_onlyip</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Set to 0 to disable filtering on the incoming and outgoing member interfaces.]]></descr>
|
||||
<tunable>net.link.bridge.pfil_member</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Set to 1 to enable filtering on the bridge interface]]></descr>
|
||||
<tunable>net.link.bridge.pfil_bridge</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Allow unprivileged access to tap(4) device nodes]]></descr>
|
||||
<tunable>net.link.tap.user_open</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())]]></descr>
|
||||
<tunable>kern.randompid</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Maximum size of the IP input queue]]></descr>
|
||||
<tunable>net.inet.ip.intr_queue_maxlen</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Disable CTRL+ALT+Delete reboot from keyboard.]]></descr>
|
||||
<tunable>hw.syscons.kbd_reboot</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Enable TCP extended debugging]]></descr>
|
||||
<tunable>net.inet.tcp.log_debug</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Set ICMP Limits]]></descr>
|
||||
<tunable>net.inet.icmp.icmplim</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[TCP Offload Engine]]></descr>
|
||||
<tunable>net.inet.tcp.tso</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[UDP Checksums]]></descr>
|
||||
<tunable>net.inet.udp.checksum</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Maximum socket buffer size]]></descr>
|
||||
<tunable>kern.ipc.maxsockbuf</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr><![CDATA[Reply ICMP from source interface]]></descr>
|
||||
<tunable>net.inet.icmp.reply_from_interface</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
</sysctl>
|
||||
<system>
|
||||
<optimization>normal</optimization>
|
||||
<hostname>pfSense</hostname>
|
||||
|
|
|
|||
|
|
@ -72,13 +72,50 @@ function get_default_sysctl_value($id) {
|
|||
return $sysctls[$id];
|
||||
}
|
||||
|
||||
function get_sysctl_descr($sysctl) {
|
||||
unset($output);
|
||||
$_gb = exec("/sbin/sysctl -nd {$sysctl}", $output);
|
||||
|
||||
return $output[0];
|
||||
}
|
||||
|
||||
function system_get_sysctls() {
|
||||
global $config, $sysctls;
|
||||
|
||||
$disp_sysctl = array();
|
||||
$disp_cache = array();
|
||||
if (is_array($config['sysctl']) && is_array($config['sysctl']['item'])) {
|
||||
foreach($config['sysctl']['item'] as $id => $tunable) {
|
||||
if ($tunable['value'] == "default")
|
||||
$value = get_default_sysctl_value($tunable['tunable']);
|
||||
else
|
||||
$value = $tunable['value'];
|
||||
|
||||
$disp_sysctl[$id] = $tunable;
|
||||
$disp_sysctl[$id]['modified'] = true;
|
||||
$disp_cache[$tunable['tunable']] = 'set';
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($sysctls as $sysctl => $value) {
|
||||
if (isset($disp_cache[$sysctl]))
|
||||
continue;
|
||||
|
||||
$disp_sysctl[$sysctl] = array('tunable' => $sysctl, 'value' => $value, 'descr' => get_sysctl_descr($sysctl));
|
||||
|
||||
|
||||
}
|
||||
unset($disp_cache);
|
||||
return $disp_sysctl;
|
||||
}
|
||||
|
||||
function activate_sysctls() {
|
||||
global $config, $g, $sysctls;
|
||||
|
||||
if ($g['platform'] == 'jail')
|
||||
return;
|
||||
|
||||
if (is_array($config['sysctl'])) {
|
||||
if (is_array($config['sysctl']) && is_array($config['sysctl']['item'])) {
|
||||
foreach($config['sysctl']['item'] as $tunable) {
|
||||
if($tunable['value'] == "default")
|
||||
$value = get_default_sysctl_value($tunable['tunable']);
|
||||
|
|
|
|||
|
|
@ -79,14 +79,16 @@ function unbound_optimization() {
|
|||
* Larger socket buffer for busy servers
|
||||
* Check that it is set to 4MB (by default the OS has it configured to 4MB)
|
||||
*/
|
||||
foreach ($config['sysctl']['item'] as $tunable) {
|
||||
if ($tunable['tunable'] == 'kern.ipc.maxsockbuf') {
|
||||
$so = floor(($tunable['value']/1024/1024)-1);
|
||||
// Check to ensure that the number is not a negative
|
||||
if ($so > 0)
|
||||
$optimization['so_rcvbuf'] = "so-rcvbuf: {$so}m";
|
||||
else
|
||||
unset($optimization['so_rcvbuf']);
|
||||
if (is_array($config['sysctl']) && is_array($config['sysctl']['item'])) {
|
||||
foreach ($config['sysctl']['item'] as $tunable) {
|
||||
if ($tunable['tunable'] == 'kern.ipc.maxsockbuf') {
|
||||
$so = floor(($tunable['value']/1024/1024)-1);
|
||||
// Check to ensure that the number is not a negative
|
||||
if ($so > 0)
|
||||
$optimization['so_rcvbuf'] = "so-rcvbuf: {$so}m";
|
||||
else
|
||||
unset($optimization['so_rcvbuf']);
|
||||
}
|
||||
}
|
||||
}
|
||||
// Safety check in case kern.ipc.maxsockbuf is not available.
|
||||
|
|
|
|||
|
|
@ -47,25 +47,32 @@ require("guiconfig.inc");
|
|||
|
||||
$referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/system_advanced_sysctl.php');
|
||||
|
||||
if (!is_array($config['sysctl']))
|
||||
$config['sysctl'] = array();
|
||||
if (!is_array($config['sysctl']['item']))
|
||||
$config['sysctl']['item'] = array();
|
||||
|
||||
$a_tunable = &$config['sysctl']['item'];
|
||||
$tunables = system_get_sysctls();
|
||||
|
||||
if (is_numericint($_GET['id']))
|
||||
$id = $_GET['id'];
|
||||
if (isset($_POST['id']) && is_numericint($_POST['id']))
|
||||
$id = $_POST['id'];
|
||||
if (isset($_GET['id']))
|
||||
$id = htmlspecialchars_decode($_GET['id']);
|
||||
if (isset($_POST['id']))
|
||||
$id = htmlspecialchars_decode($_POST['id']);
|
||||
|
||||
$act = $_GET['act'];
|
||||
if (isset($_POST['act']))
|
||||
$act = $_POST['act'];
|
||||
|
||||
if ($act == "edit") {
|
||||
if ($a_tunable[$id]) {
|
||||
if (isset($a_tunable[$id])) {
|
||||
$pconfig['tunable'] = $a_tunable[$id]['tunable'];
|
||||
$pconfig['value'] = $a_tunable[$id]['value'];
|
||||
$pconfig['descr'] = $a_tunable[$id]['descr'];
|
||||
} else if (isset($tunables[$id])) {
|
||||
$pconfig['tunable'] = $tunables[$id]['tunable'];
|
||||
$pconfig['value'] = $tunables[$id]['value'];
|
||||
$pconfig['descr'] = $tunables[$id]['descr'];
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -111,7 +118,7 @@ if ($_POST) {
|
|||
$tunableent['value'] = $_POST['value'];
|
||||
$tunableent['descr'] = $_POST['descr'];
|
||||
|
||||
if (isset($id) && $a_tunable[$id])
|
||||
if (isset($id) && isset($a_tunable[$id]))
|
||||
$a_tunable[$id] = $tunableent;
|
||||
else
|
||||
$a_tunable[] = $tunableent;
|
||||
|
|
@ -175,7 +182,11 @@ include("head.inc");
|
|||
<td width="60%" class="listhdrr"><?=gettext("Description"); ?></td>
|
||||
<td width="20%" class="listhdrr"><?=gettext("Value"); ?></td>
|
||||
</tr>
|
||||
<?php $i = 0; foreach ($config['sysctl']['item'] as $tunable): ?>
|
||||
<?php foreach ($tunables as $i => $tunable):
|
||||
|
||||
if (!isset($tunable['modified']))
|
||||
$i = $tunable['tunable'];
|
||||
?>
|
||||
<tr>
|
||||
<td class="listlr" ondblclick="document.location='system_advanced_sysctl.php?act=edit&id=<?=$i;?>';">
|
||||
<?php echo $tunable['tunable']; ?>
|
||||
|
|
@ -185,10 +196,6 @@ include("head.inc");
|
|||
</td>
|
||||
<td class="listr" align="left" ondblclick="document.location='system_advanced_sysctl.php?act=edit&id=<?=$i;?>';">
|
||||
<?php echo $tunable['value']; ?>
|
||||
<?php
|
||||
if($tunable['value'] == "default")
|
||||
echo "(" . get_default_sysctl_value($tunable['tunable']) . ")";
|
||||
?>
|
||||
</td>
|
||||
<td class="list nowrap">
|
||||
<table border="0" cellspacing="0" cellpadding="1" summary="edit delete">
|
||||
|
|
@ -198,16 +205,18 @@ include("head.inc");
|
|||
<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="" />
|
||||
</a>
|
||||
</td>
|
||||
<?php if (isset($tunable['modified'])): ?>
|
||||
<td valign="middle">
|
||||
<a href="system_advanced_sysctl.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this entry?"); ?>')">
|
||||
<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" />
|
||||
</a>
|
||||
</td>
|
||||
<?php endif; ?>
|
||||
</tr>
|
||||
</table>
|
||||
</td>
|
||||
</tr>
|
||||
<?php $i++; endforeach; ?>
|
||||
<?php endforeach; unset($tunables); ?>
|
||||
<tr>
|
||||
<td class="list" colspan="3">
|
||||
</td>
|
||||
|
|
|
|||
Reference in New Issue