From d87fcac96b45958bd777c7ac38cc0665dbde6062 Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Mon, 10 Nov 2014 21:47:14 +0100
Subject: [PATCH] Do not require the default sysctl items to be set on the
 config.xml but rather extract the definitions from the sysctl tree. Also to
 reduce config.xml size

---
 conf.default/config.xml                  | 152 -----------------------
 etc/inc/system.inc                       |  39 +++++-
 etc/inc/unbound.inc                      |  18 +--
 usr/local/www/system_advanced_sysctl.php |  33 +++--
 4 files changed, 69 insertions(+), 173 deletions(-)

diff --git a/conf.default/config.xml b/conf.default/config.xml
index 01b2d5983..68c361aef 100644
--- a/conf.default/config.xml
+++ b/conf.default/config.xml
@@ -4,158 +4,6 @@
 	<version>9.9</version>
 	<lastchange></lastchange>
 	<theme>pfsense_ng</theme>
-	<sysctl>
-		<item>
-			<descr><![CDATA[Disable the pf ftp proxy handler.]]></descr>
-			<tunable>debug.pfftpproxy</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html]]></descr>
-			<tunable>vfs.read_max</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Set the ephemeral port range to be lower.]]></descr>
-			<tunable>net.inet.ip.portrange.first</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Drop packets to closed TCP ports without returning a RST]]></descr>
-			<tunable>net.inet.tcp.blackhole</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Do not send ICMP port unreachable messages for closed UDP ports]]></descr>
-			<tunable>net.inet.udp.blackhole</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Randomize the ID field in IP packets (default is 0: sequential IP IDs)]]></descr>
-			<tunable>net.inet.ip.random_id</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)]]></descr>
-			<tunable>net.inet.tcp.drop_synfin</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Enable sending IPv4 redirects]]></descr>
-			<tunable>net.inet.ip.redirect</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Enable sending IPv6 redirects]]></descr>
-			<tunable>net.inet6.ip6.redirect</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Enable privacy settings for IPv6 (RFC 4941)]]></descr>
-			<tunable>net.inet6.ip6.use_tempaddr</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Prefer privacy addresses and use them over the normal addresses]]></descr>
-			<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Generate SYN cookies for outbound SYN-ACK packets]]></descr>
-			<tunable>net.inet.tcp.syncookies</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Maximum incoming/outgoing TCP datagram size (receive)]]></descr>
-			<tunable>net.inet.tcp.recvspace</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Maximum incoming/outgoing TCP datagram size (send)]]></descr>
-			<tunable>net.inet.tcp.sendspace</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[IP Fastforwarding]]></descr>
-			<tunable>net.inet.ip.fastforwarding</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Do not delay ACK to try and piggyback it onto a data packet]]></descr>
-			<tunable>net.inet.tcp.delayed_ack</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
-			<tunable>net.inet.udp.maxdgram</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Handling of non-IP packets which are not passed to pfil (see if_bridge(4))]]></descr>
-			<tunable>net.link.bridge.pfil_onlyip</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Set to 0 to disable filtering on the incoming and outgoing member interfaces.]]></descr>
-			<tunable>net.link.bridge.pfil_member</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Set to 1 to enable filtering on the bridge interface]]></descr>
-			<tunable>net.link.bridge.pfil_bridge</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Allow unprivileged access to tap(4) device nodes]]></descr>
-			<tunable>net.link.tap.user_open</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())]]></descr>
-			<tunable>kern.randompid</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Maximum size of the IP input queue]]></descr>
-			<tunable>net.inet.ip.intr_queue_maxlen</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Disable CTRL+ALT+Delete reboot from keyboard.]]></descr>
-			<tunable>hw.syscons.kbd_reboot</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Enable TCP extended debugging]]></descr>
-			<tunable>net.inet.tcp.log_debug</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Set ICMP Limits]]></descr>
-			<tunable>net.inet.icmp.icmplim</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[TCP Offload Engine]]></descr>
-			<tunable>net.inet.tcp.tso</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[UDP Checksums]]></descr>
-			<tunable>net.inet.udp.checksum</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Maximum socket buffer size]]></descr>
-			<tunable>kern.ipc.maxsockbuf</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Reply ICMP from source interface]]></descr>
-			<tunable>net.inet.icmp.reply_from_interface</tunable>
-			<value>default</value>
-		</item>
-	</sysctl>
 	<system>
 		<optimization>normal</optimization>
 		<hostname>pfSense</hostname>
diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index 273b5a2ce..87bbdb211 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -72,13 +72,50 @@ function get_default_sysctl_value($id) {
 		return $sysctls[$id];
 }
 
+function get_sysctl_descr($sysctl) {
+	unset($output);
+	$_gb = exec("/sbin/sysctl -nd {$sysctl}", $output);
+
+	return $output[0];
+}
+
+function system_get_sysctls() {
+	global $config, $sysctls;
+
+	$disp_sysctl = array();
+	$disp_cache = array();
+	if (is_array($config['sysctl']) && is_array($config['sysctl']['item'])) {
+		foreach($config['sysctl']['item'] as $id => $tunable) {
+			if ($tunable['value'] == "default")
+				$value = get_default_sysctl_value($tunable['tunable']);
+			else
+				$value = $tunable['value'];
+
+			$disp_sysctl[$id] = $tunable;
+			$disp_sysctl[$id]['modified'] = true;
+			$disp_cache[$tunable['tunable']] = 'set';
+		}
+	}
+
+	foreach ($sysctls as $sysctl => $value) {
+		if (isset($disp_cache[$sysctl]))
+			continue;
+
+		$disp_sysctl[$sysctl] = array('tunable' => $sysctl, 'value' => $value, 'descr' => get_sysctl_descr($sysctl));
+		
+		
+	}
+	unset($disp_cache);
+	return $disp_sysctl;
+}
+
 function activate_sysctls() {
 	global $config, $g, $sysctls;
 
 	if ($g['platform'] == 'jail')
 		return;
 
-	if (is_array($config['sysctl'])) {
+	if (is_array($config['sysctl']) && is_array($config['sysctl']['item'])) {
 		foreach($config['sysctl']['item'] as $tunable) {
 			if($tunable['value'] == "default")
 				$value = get_default_sysctl_value($tunable['tunable']);
diff --git a/etc/inc/unbound.inc b/etc/inc/unbound.inc
index 408803551..b0473466f 100644
--- a/etc/inc/unbound.inc
+++ b/etc/inc/unbound.inc
@@ -79,14 +79,16 @@ function unbound_optimization() {
 	 * Larger socket buffer for busy servers
 	 * Check that it is set to 4MB (by default the OS has it configured to 4MB)
 	 */
-	foreach ($config['sysctl']['item'] as $tunable) {
-		if ($tunable['tunable'] == 'kern.ipc.maxsockbuf') {
-			$so = floor(($tunable['value']/1024/1024)-1);
-			// Check to ensure that the number is not a negative
-			if ($so > 0)
-				$optimization['so_rcvbuf'] = "so-rcvbuf: {$so}m";
-			else
-				unset($optimization['so_rcvbuf']);
+	if (is_array($config['sysctl']) && is_array($config['sysctl']['item'])) {
+		foreach ($config['sysctl']['item'] as $tunable) {
+			if ($tunable['tunable'] == 'kern.ipc.maxsockbuf') {
+				$so = floor(($tunable['value']/1024/1024)-1);
+				// Check to ensure that the number is not a negative
+				if ($so > 0)
+					$optimization['so_rcvbuf'] = "so-rcvbuf: {$so}m";
+				else
+					unset($optimization['so_rcvbuf']);
+			}
 		}
 	}
 	// Safety check in case kern.ipc.maxsockbuf is not available.
diff --git a/usr/local/www/system_advanced_sysctl.php b/usr/local/www/system_advanced_sysctl.php
index 7dcf3dfcf..51e1bf09b 100644
--- a/usr/local/www/system_advanced_sysctl.php
+++ b/usr/local/www/system_advanced_sysctl.php
@@ -47,25 +47,32 @@ require("guiconfig.inc");
 
 $referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/system_advanced_sysctl.php');
 
+if (!is_array($config['sysctl']))
+	$config['sysctl'] = array();
 if (!is_array($config['sysctl']['item']))
 	$config['sysctl']['item'] = array();
 
 $a_tunable = &$config['sysctl']['item'];
+$tunables = system_get_sysctls();
 
-if (is_numericint($_GET['id']))
-	$id = $_GET['id'];
-if (isset($_POST['id']) && is_numericint($_POST['id']))
-	$id = $_POST['id'];
+if (isset($_GET['id']))
+	$id = htmlspecialchars_decode($_GET['id']);
+if (isset($_POST['id']))
+	$id = htmlspecialchars_decode($_POST['id']);
 
 $act = $_GET['act'];
 if (isset($_POST['act']))
 	$act = $_POST['act'];
 
 if ($act == "edit") {
-	if ($a_tunable[$id]) {
+	if (isset($a_tunable[$id])) {
 		$pconfig['tunable'] = $a_tunable[$id]['tunable'];
 		$pconfig['value'] = $a_tunable[$id]['value'];
 		$pconfig['descr'] = $a_tunable[$id]['descr'];
+	} else if (isset($tunables[$id])) {
+		$pconfig['tunable'] = $tunables[$id]['tunable'];
+		$pconfig['value'] = $tunables[$id]['value'];
+		$pconfig['descr'] = $tunables[$id]['descr'];
 	}
 }
 
@@ -111,7 +118,7 @@ if ($_POST) {
 		$tunableent['value'] = $_POST['value'];
 		$tunableent['descr'] = $_POST['descr'];
 
-		if (isset($id) && $a_tunable[$id])
+		if (isset($id) && isset($a_tunable[$id]))
 			$a_tunable[$id] = $tunableent;
 		else
 			$a_tunable[] = $tunableent;
@@ -175,7 +182,11 @@ include("head.inc");
 							<td width="60%" class="listhdrr"><?=gettext("Description"); ?></td>
 							<td width="20%" class="listhdrr"><?=gettext("Value"); ?></td>
 						</tr>
-						<?php $i = 0; foreach ($config['sysctl']['item'] as $tunable): ?>
+						<?php foreach ($tunables as $i => $tunable):
+
+								if (!isset($tunable['modified']))
+									$i = $tunable['tunable'];
+						?>
 						<tr>
 							<td class="listlr" ondblclick="document.location='system_advanced_sysctl.php?act=edit&amp;id=<?=$i;?>';">
 								<?php echo $tunable['tunable']; ?>
@@ -185,10 +196,6 @@ include("head.inc");
 							</td>
 							<td class="listr" align="left" ondblclick="document.location='system_advanced_sysctl.php?act=edit&amp;id=<?=$i;?>';">
 								<?php echo $tunable['value']; ?>
-								<?php 
-									if($tunable['value'] == "default") 
-										echo "(" . get_default_sysctl_value($tunable['tunable']) . ")"; 
-								?>
 							</td>
 							<td class="list nowrap">
 								<table border="0" cellspacing="0" cellpadding="1" summary="edit delete">
@@ -198,16 +205,18 @@ include("head.inc");
 												<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="" />
 											</a>
 										</td>
+							<?php if (isset($tunable['modified'])): ?>
 										<td valign="middle">
 											<a href="system_advanced_sysctl.php?act=del&amp;id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this entry?"); ?>')">
 												<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" />
 											</a>
 										</td>
+							<?php endif; ?>
 									</tr>
 								</table>
 							</td>
 						</tr>
-						<?php $i++; endforeach; ?>
+						<?php endforeach; unset($tunables); ?>
 						<tr>
 						<td class="list" colspan="3">
 							</td>