Compare commits
1034 Commits
master
...
RELENG_2_1
Author | SHA1 | Date |
---|---|---|
Renato Botelho | 8105ffa61c | |
Renato Botelho | fcfa23da8b | |
Renato Botelho | 5940e65523 | |
Phil Davis | 798d8644d6 | |
jim-p | 5711c44624 | |
Phil Davis | 4c3abd3400 | |
Ermal | 935fcedbca | |
jim-p | 4045cf1efd | |
Phil Davis | 687712eec9 | |
Phil Davis | 95169728d8 | |
Phil Davis | c69f62b8f9 | |
Phil Davis | 91ee10c0a9 | |
Chris Buechler | e4982b9052 | |
Renato Botelho | 70eef83536 | |
Renato Botelho | 44c7d73c4a | |
Chris Buechler | 4721677dd7 | |
Renato Botelho | e112f9ee60 | |
jim-p | a376c57de5 | |
jim-p | 5b473705fa | |
Phil Davis | 29b3bb05e0 | |
Chris Buechler | 2c296872a7 | |
jim-p | 2f17d32ef2 | |
jim-p | 29be59ad8e | |
Renato Botelho | 07c24bf190 | |
Phil Davis | cce09d9431 | |
Renato Botelho | adab585de2 | |
Phil Davis | c5cfa06b27 | |
Renato Botelho | 9ec8e1f280 | |
dariomas | beae652c15 | |
Renato Botelho | e5b3335ad9 | |
Renato Botelho | cc265e2e59 | |
Renato Botelho | e5d2c6605b | |
Phil Davis | 9036e7661e | |
jim-p | 929dfb4cb9 | |
Renato Botelho | ee4da773eb | |
Phil Davis | ffda0775f6 | |
Renato Botelho | be32a003af | |
Renato Botelho | 7397f64315 | |
Renato Botelho | ccefd6031d | |
Renato Botelho | 354a1d3ffc | |
Renato Botelho | 1b5675a77e | |
Renato Botelho | 990162e36c | |
Renato Botelho | ce3ef2e7c9 | |
Renato Botelho | 2b56c7da66 | |
Renato Botelho | 7486c1f6c1 | |
Renato Botelho | ab6558b6a2 | |
Renato Botelho | a94b9befbd | |
Chris Buechler | a762649bb0 | |
Chris Buechler | b6a7a5a98c | |
Renato Botelho | 7f00d47e3d | |
Jared Dillard | 2a07df8528 | |
Jared Dillard | 41312f7fec | |
Matt Smith | fa8be5de0d | |
Jared Dillard | bdde98fcbd | |
jim-p | 086e76dc9f | |
Renato Botelho | 6d170e2ea7 | |
Matt Smith | b107e187b5 | |
Renato Botelho | e35ec76333 | |
Renato Botelho | 4a3495b3bd | |
Matt Smith | a3331d720c | |
jim-p | ffb8e02fc2 | |
jim-p | b21ad5d5fd | |
jim-p | 889c83d7f1 | |
jim-p | 8108b4235b | |
jim-p | a9d6ac9aac | |
Chris Buechler | 6f4a300bf8 | |
Chris Buechler | 8b8085cedb | |
jim-p | 978c71d28f | |
jim-p | bf2fb3db04 | |
jim-p | 2276d74319 | |
jim-p | 52c67bc2d2 | |
jim-p | 1de3a5dd51 | |
jim-p | 5a1450dc0c | |
Chris Buechler | 9edcc5faaf | |
Renato Botelho | 1ee3a2955a | |
Chris Buechler | ca16c66aab | |
Renato Botelho | 7b15d22967 | |
Chris Buechler | 9b8c7295f0 | |
Renato Botelho | c69e813c84 | |
Renato Botelho | 6d74e3e97b | |
Renato Botelho | 2bf2a1c4c9 | |
Phil Davis | 0ee6026764 | |
Phil Davis | efac3a1346 | |
Renato Botelho | e792ac3632 | |
Renato Botelho | 1c9a521b93 | |
Renato Botelho | 4f380b62d5 | |
Renato Botelho | 2d1e985d2b | |
Renato Botelho | 8aca755afe | |
Renato Botelho | cedd070513 | |
Renato Botelho | 559929c2da | |
Renato Botelho | d1dda49817 | |
Renato Botelho | f1a13a7fce | |
Renato Botelho | 811baa9bf5 | |
Renato Botelho | e8abc4a76a | |
Renato Botelho | fa73c7cd8b | |
Renato Botelho | ce9d5d7255 | |
Renato Botelho | 860b102acb | |
Renato Botelho | 3034b37185 | |
Renato Botelho | ff9b30ec40 | |
Renato Botelho | 62480a449e | |
Matt Smith | 7be297a2ce | |
Renato Botelho | 1cfe54900a | |
Renato Botelho | 73944f6824 | |
Renato Botelho | 9ddd3418da | |
Renato Botelho | aa27de6e78 | |
Renato Botelho | 592abfa4a4 | |
Renato Botelho | e41ab9aa32 | |
Renato Botelho | ee4ba9fba1 | |
Renato Botelho | 54a9da9fce | |
Renato Botelho | e7eeb5ceac | |
Renato Botelho | f5629ea6b8 | |
Renato Botelho | b2821f7df2 | |
Renato Botelho | ab3c1e240b | |
Renato Botelho | cd49f9cd5d | |
Renato Botelho | 4cc2ae78d3 | |
Renato Botelho | e912bfae18 | |
Renato Botelho | 6da518fcee | |
Renato Botelho | ad03afb62a | |
Renato Botelho | 4cc342453c | |
jim-p | cbf16c3020 | |
Renato Botelho | 3bbc23b80d | |
Renato Botelho | 764ac8c73a | |
Matt Smith | 466cabedd6 | |
Chris Buechler | bc76b18eb9 | |
jim-p | 7d363e57a0 | |
Renato Botelho | 268258b5aa | |
Renato Botelho | 22ed6e3eab | |
Manuel Silvoso | 1930a63e81 | |
Daniel Becker | a4d67bd5f7 | |
jim-p | d62a265c91 | |
Renato Botelho | 8d6c5f6621 | |
Chris Buechler | 38f6f50a84 | |
jim-p | c42a35e54a | |
Chris Buechler | ad57eacf87 | |
Chris Buechler | d3fa8a8775 | |
Renato Botelho | 29282ddc09 | |
Renato Botelho | 91946ea44d | |
Renato Botelho | 7e736f3850 | |
Daniel Becker | d973a602ab | |
jim-p | d0f365c277 | |
Daniel Becker | a0dd23e0dc | |
Ermal | 4ec6b54d18 | |
Ermal | 4e1b06aac4 | |
Ermal | c79f330d35 | |
Renato Botelho | 5216e3591c | |
Ermal | 188b3b8842 | |
Phil Davis | b6ba57f67e | |
Renato Botelho | 25f7f72574 | |
Ermal | 4d076356d5 | |
Ermal | 6657d23cff | |
Ermal | 2392ed60f3 | |
Renato Botelho | 19166f7d2d | |
Renato Botelho | 2ae503264c | |
Renato Botelho | 2db29614d2 | |
Ermal | dc5c69f122 | |
Ermal | a6711d23f8 | |
Daniel Becker | b1c9aff653 | |
Chris Buechler | 549b7ce250 | |
Renato Botelho | 67273d727b | |
Florian Asche | 8dcf0a577a | |
Renato Botelho | 1ccccb84f6 | |
Renato Botelho | 4ac23286d2 | |
Chris Buechler | 5f91c28eb3 | |
Phil Davis | 9fca757461 | |
Florian Asche | 90e5ca6f24 | |
Ermal | 2f0401aff5 | |
Ermal | 856be3119e | |
Ermal | d2bdd53a94 | |
Ermal | 69a5d97065 | |
Phil Davis | c58dbe2fa8 | |
m0se | 7fd38f44ba | |
Phil Davis | d530f8f77d | |
Ermal | 5aba8d905a | |
Ermal | 1f43ccf553 | |
Ermal | f96b9a1830 | |
Phil Davis | f4065455b0 | |
jim-p | d22169cfd6 | |
Renato Botelho | def5d042c9 | |
jim-p | 8294066e3e | |
Renato Botelho | e222576cde | |
Ermal | bde74857a8 | |
Renato Botelho | dc915669b8 | |
Marcello Coutinho | 251a12460e | |
Renato Botelho | 2def89a2dd | |
jim-p | aa87bae5fc | |
Renato Botelho | 02b29d72f9 | |
Ermal | 6e474fa9a1 | |
Chris Buechler | c40d6c7a99 | |
jim-p | 013b4695d0 | |
Chris Buechler | ffe35f4c96 | |
Renato Botelho | 51b2f811ae | |
Renato Botelho | b121ffad22 | |
Renato Botelho | c4fb986b27 | |
Renato Botelho | 9ebe5b7c27 | |
Chris Buechler | 141566ffb6 | |
Chris Buechler | ebfb0929d1 | |
jim-p | fbacfb900e | |
Ermal | 311464a18a | |
jim-p | b6f67168ff | |
Ermal | 3ec2fca107 | |
Renato Botelho | e538fc1844 | |
Ermal | 22889e9ee7 | |
Chris Buechler | 01df403551 | |
Chris Buechler | 358b6cdcd2 | |
Chris Buechler | b1d64b46e3 | |
Chris Buechler | 1aadf5d547 | |
Chris Buechler | e564437727 | |
Chris Buechler | 5579d12ac4 | |
Chris Buechler | c3abc75aca | |
Chris Buechler | d1ec51ba61 | |
Chris Buechler | 7c3cf71564 | |
Chris Buechler | 85e92a0636 | |
Renato Botelho | 46fb4fe77d | |
Chris Buechler | dd246dc48d | |
Chris Buechler | 7057761c79 | |
Chris Buechler | 0855a1c6c9 | |
Chris Buechler | 13e6fb2e02 | |
Ermal | 1274cfd47d | |
Ermal | e5b009b8e7 | |
Renato Botelho | 0e6cf71b17 | |
Renato Botelho | 3b77ba4a2a | |
Phil Davis | eaa2285c06 | |
Renato Botelho | ea44d3baaf | |
Renato Botelho | c184684176 | |
Renato Botelho | 4c3dafc4fd | |
Phil Davis | c805e0f35b | |
Renato Botelho | 11e4dcc72f | |
jim-p | e6b1b1c15f | |
Phil Davis | f3988c851b | |
Renato Botelho | cec6e65b46 | |
Ermal | 7324b14b77 | |
Renato Botelho | 0d8fc8ec41 | |
Renato Botelho | 9aa6ad5c16 | |
Renato Botelho | 29b3dd4fb9 | |
N0YB | 5cda503963 | |
Renato Botelho | a0cb321b02 | |
N0YB | d2aa08c22c | |
Renato Botelho | 9d8ce67306 | |
N0YB | 2e19c70fee | |
Renato Botelho | b517603f70 | |
N0YB | fe3088b965 | |
Renato Botelho | 5ec1108682 | |
N0YB | c5935cb42c | |
N0YB | 65149622bc | |
Renato Botelho | 6fee19989a | |
N0YB | 2e2a9fd15e | |
Renato Botelho | 3f55d0652a | |
N0YB | 39da9cf3d8 | |
N0YB | 84b48bb72f | |
Renato Botelho | f663a49cdb | |
N0YB | 563fed4911 | |
Renato Botelho | 1439ce2895 | |
Phil Davis | 19da4e758b | |
N0YB | 98669e514c | |
Ermal | be11dd7075 | |
Ermal | 3d38041ead | |
Renato Botelho | 331c50a6fb | |
Renato Botelho | ae0a369e1b | |
Renato Botelho | d03fcedf13 | |
N0YB | c58a9ec3f1 | |
Chris Buechler | f3e65ef46e | |
Ermal Luçi | 1c84a5a19f | |
N0YB | d58bee7daa | |
Renato Botelho | 5e57c7c4db | |
Chris Buechler | 9149b33e22 | |
Chris Buechler | 3945116d9c | |
N0YB | 3ef5194dae | |
Renato Botelho | f08d2ae755 | |
N0YB | 94046ff170 | |
Renato Botelho | 6c91204dbf | |
Renato Botelho | bb30d32c68 | |
N0YB | cacc258f3b | |
Renato Botelho | 218a4ffa50 | |
Renato Botelho | 6bb99c3fe0 | |
Renato Botelho | 2ccaa57559 | |
Renato Botelho | 246950c38f | |
Renato Botelho | d557438a87 | |
Chris Buechler | 263f1c9cb5 | |
N0YB | 0a173e6b07 | |
jim-p | 3ffc016ba6 | |
Renato Botelho | f8c5358dfb | |
N0YB | e1002cd272 | |
Renato Botelho | d7f3520f86 | |
N0YB | 76b1d814fa | |
Renato Botelho | 1aad59d80e | |
N0YB | 7d50bd3e32 | |
Renato Botelho | 6d0f5a635a | |
jim-p | 9904df17e5 | |
Ermal | 9cca1a4fdb | |
Phil Davis | cd962bb9ef | |
Ermal | ddb30ebfc6 | |
Renato Botelho | 95281343a4 | |
Ermal | 1de8842960 | |
Phil Davis | 0344d76eca | |
Phil Davis | b612c49f5e | |
Phil Davis | c670883338 | |
N0YB | 1541e25f93 | |
Renato Botelho | 78c74f9b21 | |
Renato Botelho | 2658000ba1 | |
N0YB | 813016d24d | |
Renato Botelho | 6e8bb592e4 | |
Renato Botelho | df992bc1a0 | |
Renato Botelho | 90435b203e | |
N0YB | e082672dfb | |
Phil Davis | edaa41be68 | |
Renato Botelho | 7f43c11687 | |
N0YB | cd83111a4c | |
jim-p | a73ba11b3c | |
Renato Botelho | 9f66bc5ec8 | |
N0YB | 082c9d961e | |
Renato Botelho | a02b89b08e | |
N0YB | a592177389 | |
N0YB | d11f5bff26 | |
N0YB | 334ca9d7da | |
Ermal Luçi | a63f8ba8f3 | |
Phil Davis | 6a2016960b | |
Renato Botelho | f13a1d6a8a | |
Ermal | 2c02c4d09a | |
Ermal | 846bedf994 | |
Renato Botelho | 8cee3e441e | |
N0YB | b48958df32 | |
Renato Botelho | 5462854c0f | |
N0YB | 3698711f26 | |
N0YB | d06c4448f5 | |
Ermal Luçi | aa563d40d0 | |
N0YB | 37b6250b9b | |
N0YB | 813288dc0e | |
Ermal Luçi | 5dbd81a6a9 | |
N0YB | 6c15643371 | |
Renato Botelho | bc50c8d761 | |
Ermal | 11aa4666a1 | |
Ermal | e45a0b69e7 | |
Ermal | 080fd00bac | |
Ermal | 9510780ffa | |
Ermal | 57cd35cf98 | |
Ermal | be1e934234 | |
Ermal | 4cdd20bcd6 | |
Renato Botelho | 9d40745bbf | |
Ermal | a23ff10708 | |
Ermal | ea188e4587 | |
Renato Botelho | 070dad6c8d | |
Ermal | 26ea40b7f1 | |
Ermal | 49a8ee7f82 | |
Ermal | 9c8f0a3a1b | |
Renato Botelho | 5b699be7e9 | |
N0YB | de76f36642 | |
Ermal Luçi | c51c2b4c61 | |
N0YB | 55e41a9832 | |
Renato Botelho | 47f7842f80 | |
Renato Botelho | d06ad5eb05 | |
Renato Botelho | 69498c0131 | |
N0YB | 6e2eabe5dc | |
Ermal Luçi | 63fd577307 | |
Ermal | 18e5723b37 | |
Renato Botelho | 25ba63fb0f | |
Ermal Luçi | a257e8e5b0 | |
N0YB | 94bf59b1ee | |
N0YB | d5d192a1d0 | |
N0YB | 3d1a290b07 | |
N0YB | 6b0d7871fc | |
N0YB | 7e23690a15 | |
N0YB | ec56ae9dd0 | |
N0YB | 5e736c8aa4 | |
N0YB | 1fe3c7584a | |
Renato Botelho | 56e3ea85c1 | |
Ermal Luçi | b74bf6859b | |
N0YB | 8749f693ab | |
Ermal Luçi | eba8aa8c2e | |
N0YB | 0c8a8127d3 | |
Ermal | e956712237 | |
jim-p | 26e58bb205 | |
Renato Botelho | 8a4d1dbd2a | |
Ermal | 69a0c7351b | |
Renato Botelho | 1ac5a652ff | |
Ermal | 82921e738b | |
Ermal | 6d43e1f2e6 | |
Ermal | 248b0124e4 | |
Ermal | b6584d176b | |
PiBa-NL | 33d1b241f1 | |
Ermal | 4b7b190b35 | |
Ermal | 70b49cba96 | |
Ermal | d671c1d0f7 | |
Ermal | 7c77641060 | |
Ermal Luçi | faf92d530c | |
N0YB | 1370befae4 | |
Renato Botelho | cb061c7f11 | |
N0YB | b9a494f00e | |
Ermal Luçi | cce4efbdf0 | |
N0YB | 5a2e0c3b4d | |
Ermal | ecd9fd5333 | |
Ermal | 64a093d65e | |
Ermal Luçi | 548564f21e | |
N0YB | 3ac9b8ae6b | |
Renato Botelho | 18b4e253a9 | |
Ermal Luçi | d78a548c6d | |
N0YB | fe672816e2 | |
Renato Botelho | 838e1f6342 | |
Renato Botelho | b67ec10c72 | |
Ermal | 2b2d0d545d | |
Renato Botelho | acbab51a8c | |
Renato Botelho | a8495e500a | |
Ermal | fb92e33201 | |
Ermal Luçi | 8f64257704 | |
Phil Davis | cd5d624172 | |
Ermal | e8b05b83ed | |
Ermal | ec96f17d62 | |
Ermal | 378296af77 | |
Ermal | 2b76f145e4 | |
Ermal Luçi | e505af1b1f | |
N0YB | 4c0c536501 | |
N0YB | 6aa8b0deec | |
Ermal Luçi | 349fdb3c4f | |
N0YB | 00537a6b7a | |
N0YB | 37227fbc1c | |
Ermal Luçi | 0681f6dfbd | |
N0YB | fd889d72f6 | |
jim-p | 01c1576292 | |
jim-p | 9525f7a6c8 | |
Renato Botelho | fe640345b6 | |
Renato Botelho | d210dddff3 | |
Renato Botelho | 429f454de6 | |
Renato Botelho | 5d56f23517 | |
Renato Botelho | 7d437401c8 | |
N0YB | d6e588368f | |
Ermal Luçi | bbec4947e0 | |
N0YB | 909a3e5566 | |
N0YB | c5523ea6e7 | |
Renato Botelho | 5833def1a5 | |
Ermal | 3442e3536c | |
Ermal | f188be51ae | |
Ermal | 6ce0e31c66 | |
Ermal Luçi | 5ba0cdf694 | |
Phil Davis | ad9f79d3bc | |
Phil Davis | 2e769d69d0 | |
Phil Davis | 50e10c80a2 | |
Renato Botelho | 6901d6af97 | |
Phil Davis | 54995d4153 | |
Phil Davis | 188a4d5586 | |
Renato Botelho | 4b5554a8e6 | |
N0YB | 18ed5f7d20 | |
Ermal Luçi | 80f5142995 | |
N0YB | c7a1d428ae | |
Phillip Davis | c1d59c7a4f | |
Phillip Davis | 6002c9be95 | |
Phillip Davis | 657eabdfd3 | |
jim-p | 949735aab9 | |
jim-p | b7ef3d173f | |
Chris Buechler | 2fede2d913 | |
jim-p | 8d112d7d51 | |
Renato Botelho | dab351f359 | |
Renato Botelho | bc30d9c58b | |
Renato Botelho | b3cbb07729 | |
Renato Botelho | af7a83737e | |
Renato Botelho | 4bdb08e3b0 | |
Ermal Luçi | 4b9011f5c5 | |
Renato Botelho | 1eb03024fe | |
Renato Botelho | 46b12609e5 | |
Renato Botelho | 44f2ef9b48 | |
Renato Botelho | 0ae6d91648 | |
Renato Botelho | 93e350f5d3 | |
Renato Botelho | 4dc8980318 | |
Renato Botelho | 645018b2ef | |
Renato Botelho | 4744c6e44e | |
Renato Botelho | 7ea30d6050 | |
Renato Botelho | eda4179204 | |
Klaws-- | 7962a55f15 | |
jim-p | 2b8dfa4e57 | |
Renato Botelho | cf3189ffa9 | |
Ermal Luçi | 511a51b381 | |
N0YB | 472e484cd1 | |
N0YB | 30a58cf802 | |
N0YB | d284845398 | |
Renato Botelho | 82482a6937 | |
Phil Davis | f70adc8245 | |
N0YB | 93dcedc1ec | |
Jim P | 886926e0d7 | |
N0YB | 4efc1c8df6 | |
Jim P | a43bdc39b7 | |
N0YB | df5501dcd3 | |
Renato Botelho | 2704796a21 | |
N0YB | 30469c9b0c | |
N0YB | cd6173f48c | |
Renato Botelho | 8467c588e4 | |
Renato Botelho | 505d5c7a5f | |
Renato Botelho | 43045948c8 | |
Renato Botelho | aefc6bc2f7 | |
jim-p | 93a7954399 | |
jim-p | 3d54553b87 | |
Chris Buechler | d2dd579401 | |
jim-p | 3e1460899d | |
Chris Buechler | 43656206a0 | |
Chris Buechler | f8d1587b6e | |
Renato Botelho | 51922cb793 | |
Phil Davis | 7c2ea0cc22 | |
jim-p | 0959b4d3ac | |
Ermal | 762b34c472 | |
Ermal | c8d611ed35 | |
Phil Davis | 44b72c67ec | |
phildd | d564ed2426 | |
Ermal | d68494e6ed | |
Ermal | 57b02731c1 | |
Ermal | 53555bf2f7 | |
Renato Botelho | 1a4ef44e5c | |
Renato Botelho | 14be28af75 | |
Ermal | 141254eb9a | |
Ermal | fed1b37258 | |
Ermal | 9e63dca959 | |
Ermal | b0ae52134e | |
Renato Botelho | e675625187 | |
Renato Botelho | f9dfaeaeb2 | |
Renato Botelho | 0450ae5564 | |
Renato Botelho | 73abb573fe | |
Renato Botelho | 5eb99ec9fa | |
Renato Botelho | e2edc30daa | |
Renato Botelho | 811ecea47e | |
Renato Botelho | 8f105c8a9e | |
Renato Botelho | 9886478019 | |
Ermal | e049c5e74f | |
Ermal | 3f2ae9d58f | |
Ermal | 4fd85b115e | |
Ermal | 27cea9a385 | |
Renato Botelho | 56301bed30 | |
Renato Botelho | f2aa828754 | |
jim-p | db817c937c | |
phildd | e20a0af708 | |
derelict-pf | e98daec596 | |
Ermal | 27a015571a | |
Ermal | 6a3b460168 | |
jim-p | e183e1cee7 | |
jim-p | c1d5f0ef4a | |
Phil Davis | b3b3d115cc | |
Phil Davis | 2c71286836 | |
Renato Botelho | d8b011b8e6 | |
Phil Davis | 9b74931109 | |
Renato Botelho | 3c263d4541 | |
Ermal | e08ba4bba6 | |
Renato Botelho | 9401e47c26 | |
Renato Botelho | 9d1225a90a | |
Renato Botelho | 97049b79c9 | |
jim-p | a6d96f9b80 | |
dwayne voelker | 8ff8325599 | |
dwayne voelker | 943d52cf12 | |
Renato Botelho | 21d74c8e79 | |
Renato Botelho | f70a140fe1 | |
Renato Botelho | 4e4e35dd93 | |
Renato Botelho | 30c15c58a1 | |
Renato Botelho | 1ebb561de3 | |
Renato Botelho | 4c91880c59 | |
jim-p | 48f1333bfd | |
Renato Botelho | 82d1a33e4a | |
Renato Botelho | 1ad6ad279f | |
jim-p | 186ab4ea1a | |
Renato Botelho | 58fac6951c | |
Renato Botelho | 6b1f9a9941 | |
Renato Botelho | 4e38f1c26b | |
Renato Botelho | ed25d803bf | |
Phil Davis | d07a2a2a67 | |
jim-p | 2ffc7dc3cf | |
jim-p | 793299b8f5 | |
jim-p | 58ee84b4b2 | |
Ermal | 892d23bc7a | |
Ermal | a00acb4c9f | |
Ermal Luçi | 215319ceb0 | |
Phil Davis | 96a60eb429 | |
Ermal Luçi | e30dd11d16 | |
Robert Nelson | 84eaea96c6 | |
Robert Nelson | b24622e2d1 | |
Jean Cyr | 91d647b420 | |
Renato Botelho | 90caf54ebf | |
Renato Botelho | 03e156efac | |
jim-p | 19b1021612 | |
Renato Botelho | 870608984c | |
Renato Botelho | 6ae050ae0e | |
Renato Botelho | fa757d146c | |
Renato Botelho | 34e178135b | |
Renato Botelho | bb6291e020 | |
Chris Buechler | d3ad6cf012 | |
Renato Botelho | aec89bd3c2 | |
Renato Botelho | 7610d2287c | |
Renato Botelho | f44ac2e973 | |
jim-p | 53c5407e64 | |
Renato Botelho | 785158c6c4 | |
Ermal | 599d564ea4 | |
Ermal | 37a4fc943a | |
Ermal | c4844c2c99 | |
Ermal | 56fbff2e55 | |
Renato Botelho | 9d87938501 | |
Phil Davis | 5d21bce0c6 | |
Phil Davis | f8804b74f9 | |
Phil Davis | 4bf23d320b | |
jim-p | a35bae6691 | |
jim-p | aad5eef2ab | |
Renato Botelho | f144493c68 | |
Renato Botelho | dd8e414e06 | |
Renato Botelho | 69aba8590e | |
Renato Botelho | 93f51e4b33 | |
Renato Botelho | a8521a6379 | |
jim-p | 63a1e1ee3f | |
Renato Botelho | 5352362425 | |
Renato Botelho | 521504d1c5 | |
Renato Botelho | de3045982b | |
Renato Botelho | e782e8f43f | |
Renato Botelho | ea838318c0 | |
Renato Botelho | 488e8c81ad | |
Renato Botelho | 6666ef4875 | |
Renato Botelho | 2db5f9c23c | |
Renato Botelho | bae42aaf13 | |
Warren Baker | dd33fd4e8b | |
Renato Botelho | 78b0e51e9a | |
Renato Botelho | 4a913451bb | |
Renato Botelho | babc58d308 | |
Renato Botelho | a518b337a9 | |
Renato Botelho | 7e7a65b073 | |
Jared Dillard | b35bcd45b3 | |
jim-p | 9f212aeae0 | |
jim-p | 151f5cb72d | |
jim-p | 12f7e3d4ec | |
jim-p | 6f4a2864ad | |
jim-p | fda96df060 | |
jim-p | 506ff948be | |
Warren Baker | 2b4f2f23e0 | |
jim-p | b93fd19b0a | |
Chris Buechler | 9e3cc25ba9 | |
Chris Buechler | 7825f71eae | |
jim-p | 619753eeea | |
Ermal Luçi | 58ba451355 | |
Marcello Coutinho | f82cbe49b4 | |
Warren Baker | 80f88b3bf2 | |
Richard Connon | ff8affb4d0 | |
Richard Connon | 931f3890ac | |
jim-p | f3a4601c85 | |
Renato Botelho | f58bfb932a | |
Renato Botelho | 65fec80dbb | |
Renato Botelho | 857ff425dd | |
Renato Botelho | 1650e1ec51 | |
jim-p | 5205b0eb7b | |
Renato Botelho | 197099cffd | |
jim-p | 1207b1d6da | |
jim-p | 11d8b2cd8b | |
jim-p | 7786cd6e37 | |
jim-p | be773f24f5 | |
jim-p | 428ea19f8a | |
Ermal | 9e768dafa4 | |
Renato Botelho | ac8e8506b9 | |
jim-p | a40e7761ef | |
Xon | baeb0599cf | |
PiBa-NL | fd750cd064 | |
jim-p | c4eeb1c472 | |
jim-p | 78db4f1a62 | |
Renato Botelho | 204e16db77 | |
Chris Buechler | bf2afff0aa | |
jim-p | 049d42115f | |
jim-p | 1e2cb1f88e | |
jim-p | b832d61759 | |
jim-p | a3d6166bb2 | |
jim-p | 408ebb78ab | |
Phil Davis | c312ee8fe5 | |
Ermal | 767afbb10d | |
Ermal | 58fbb3f033 | |
Phil Davis | e4cf52ed14 | |
Ermal | 2467086682 | |
Ermal | 168a194870 | |
Chris Buechler | d2f0b1421c | |
jim-p | b841bc2319 | |
Renato Botelho | 772e49cebd | |
jim-p | fae7ef31e3 | |
jim-p | 1d47cb37b3 | |
jim-p | 8571cdd51a | |
Renato Botelho | 279c2f425e | |
Renato Botelho | da95bdcd92 | |
jim-p | 9e6043ccc9 | |
Ermal | 25f9f33228 | |
Ermal | 19d723d2af | |
Ermal | 5aa44e9846 | |
jim-p | c22f480954 | |
Ermal | d6df2c4c71 | |
Ermal | 0ec64bd2a6 | |
Ermal | c088fe72cb | |
Ermal | 5d1bde9670 | |
Ermal | 48085d0cc8 | |
Ermal | 53ce7798fa | |
Phil Davis | e80908403b | |
Ermal | c59dd719e0 | |
Ermal | 44f0f09bda | |
Renato Botelho | 3cb5570492 | |
Individual IT Services | f70df069b3 | |
Chris Buechler | be40ce0b9b | |
Chris Buechler | 0c1870ca7d | |
Chris Buechler | 96551a20ba | |
Ermal | c9d099d788 | |
Renato Botelho | c59e21b5c7 | |
Chris Buechler | 7050776a10 | |
Ermal | 6f8cf5539d | |
Ermal | 628a64a9e5 | |
Renato Botelho | 7ca8bef40e | |
Ermal | 7cb3f7d26d | |
Chris Buechler | 254261e02a | |
Ermal Luçi | a2ac36616e | |
Ermal Luçi | 4a6f3d968a | |
Phil Davis | e9215ad443 | |
Phil Davis | 98c10c92c2 | |
Phil Davis | 68b253adee | |
Chris Buechler | ec532672c6 | |
Daniel Becker | 90652fbfe9 | |
Jean Cyr | 9880a11d3f | |
Shahid Sheikh | 6eb6e720fc | |
Shahid Sheikh | 414edd3e10 | |
Phil Davis | 0c3a7a05f9 | |
Renato Botelho | 7a6851dff7 | |
Phil Davis | d613b9d522 | |
jim-p | 3fcb6a21a3 | |
Renato Botelho | 35eb76fa91 | |
jim-p | b6239962e3 | |
jim-p | a41c031694 | |
jim-p | 636307a5cf | |
jim-p | c53f1e0c85 | |
Renato Botelho | e89c3caf2c | |
Chris Buechler | 475aa21460 | |
jim-p | 35e125b463 | |
jim-p | 8cd1d911dc | |
jim-p | 51f9b7e4ee | |
Renato Botelho | 3830eeb30d | |
Renato Botelho | 8f61cb87ec | |
Renato Botelho | 45ce573dae | |
jim-p | bbd875237a | |
Renato Botelho | 289dd6911d | |
N0YB | ffd2f32057 | |
jim-p | 5d6d195895 | |
N0YB | e6cfcd2647 | |
Chris Buechler | 3120295371 | |
Ermal | f843664906 | |
Renato Botelho | 4a19d53c42 | |
Ermal | 7d3eaae205 | |
jim-p | 68b0311cc1 | |
jim-p | 0f78c59ea3 | |
Ermal | f299990792 | |
Ermal | d5707d3357 | |
Ermal | 912e3f6fb9 | |
Ermal | 90af1b8bee | |
Ermal | 8b25798238 | |
Ermal | 2391780c83 | |
Ermal | 329acfb2fe | |
Ermal | 93d3861455 | |
Ermal | c6868a8fae | |
jim-p | b8131408db | |
Renato Botelho | 1702a83819 | |
Ermal | 4529f07d4f | |
Ermal | a38b4bfb40 | |
Ermal | f7496377d3 | |
Ermal | ed7edf071c | |
Renato Botelho | 5a1c54f087 | |
Phil Davis | ff6e6929e2 | |
jim-p | 727452338e | |
jim-p | 2a6661305c | |
jim-p | 371438339b | |
Renato Botelho | 90bc28cc9d | |
Renato Botelho | 4262641880 | |
Renato Botelho | cf96a1a958 | |
Renato Botelho | c6592f21c6 | |
Individual IT Services | 4be0c837ba | |
Ermal | 9a85884bc5 | |
Ermal | 7aae18661f | |
jim-p | afa76eff3d | |
Renato Botelho | a2dc7392fc | |
Renato Botelho | 47e26c6cb7 | |
Renato Botelho | f5013fea9a | |
Renato Botelho | be1ebaa967 | |
Renato Botelho | ed0f54e37e | |
Renato Botelho | b6d4c66630 | |
jim-p | 624660bc65 | |
jim-p | 2947c3895f | |
jim-p | 45630319d4 | |
jim-p | 7afcbe23cd | |
jim-p | b1ea7072d6 | |
Ermal | 8629713e03 | |
Warren Baker | 44ec92158e | |
jim-p | 9e906c4d6d | |
N0YB | 44399bd2da | |
Charlie Marshall | a4c8381187 | |
Renato Botelho | 4c47d7c2b7 | |
Warren Baker | e031ca6833 | |
Warren Baker | 5121b46ddf | |
Warren Baker | 49613c9cb8 | |
Warren Baker | 2e990047e5 | |
Warren Baker | 959a48a86e | |
N0YB | 7e750430e6 | |
N0YB | c05bf25ef8 | |
N0YB | ac50508387 | |
N0YB | 823bcb15af | |
N0YB | da49778090 | |
N0YB | fd828c9c90 | |
Ermal | 19b4f2c54a | |
Ermal | cb9799d5df | |
Chris Buechler | e2967ba637 | |
Chris Buechler | dde3cae3dc | |
Ermal | d6be721eed | |
Ermal | 907e2d6197 | |
Ermal | 482d738636 | |
Ermal | e492500fcd | |
Renato Botelho | 783228c7cc | |
Phil Davis | 721ea6f4f0 | |
Renato Botelho | 463cef1815 | |
jim-p | 32fb33927d | |
Renato Botelho | 07509027dd | |
Daniel Becker | f5b529b9fe | |
jim-p | 14266c3ef4 | |
jim-p | 0aa297594c | |
Renato Botelho | 7f3ad60513 | |
Ermal Luçi | 39655e065d | |
Daniel Becker | 6ed5c06bc8 | |
jim-p | 4e8eec4c3c | |
jim-p | 0af84753e9 | |
Phil Davis | 4d4a9bc798 | |
jim-p | 3e7d44fffc | |
Renato Botelho | 43e1d3533f | |
Renato Botelho | c6b83559b5 | |
jim-p | 355f494cf7 | |
jim-p | 2acefcda9f | |
Renato Botelho | eab652e4bd | |
Renato Botelho | 0b41c2ce61 | |
N0YB | d21dfd82cd | |
Charlie Marshall | 7656f21819 | |
jim-p | 455bc0b16d | |
Charlie Marshall | 7c0e81ac46 | |
Ermal | 4d81454695 | |
Renato Botelho | 30c5f6a27b | |
Renato Botelho | 4ff2b8056a | |
Renato Botelho | 68c11b2914 | |
Renato Botelho | e7b5a05779 | |
Phil Davis | ee15775759 | |
Phil Davis | 98f4043e93 | |
Jim P | 00da3ebb4b | |
N0YB | df19816900 | |
Ermal | 329024c872 | |
Ermal Luçi | 338ade4023 | |
Phil Davis | af49447af3 | |
Renato Botelho | a7b495403c | |
Renato Botelho | 174e627cad | |
Phil Davis | 69364ab812 | |
Warren Baker | eac9f72b9d | |
Warren Baker | bed551156f | |
Phil Davis | 458186467d | |
Phil Davis | 3dd6ed1ac1 | |
Renato Botelho | 8b8594c4d2 | |
N0YB | f1c252cf96 | |
jim-p | 8e088ea50a | |
Phil Davis | 166fc3cdf0 | |
jim-p | c2a58cd130 | |
jim-p | 30adceda1f | |
jim-p | 436a9a88b8 | |
jim-p | bb23692036 | |
Renato Botelho | 09f26fb7c5 | |
jim-p | dc3fc54a08 | |
jim-p | 298020b2b6 | |
jim-p | f8b0077858 | |
jim-p | 84962c6306 | |
jim-p | bdc3d5ca64 | |
jim-p | 48a0149690 | |
Renato Botelho | eb8e0aa9d6 | |
jim-p | e4a0be9bee | |
jim-p | 980b9cc6f8 | |
jim-p | 476429921d | |
jim-p | e7da869843 | |
jim-p | 0425af7289 | |
jim-p | ae9cb658ae | |
jim-p | 8a0c14c3e4 | |
jim-p | 7a10e3ebe7 | |
Ermal | 4e69371b20 | |
Ermal | 5128e0feb0 | |
Ermal | cd577ebd10 | |
Ermal | 1ed5aaa83a | |
Jim P | 3487a5c26f | |
Phil Davis | 23ea4d2a6a | |
Phil Davis | 64ad3cc8b5 | |
Phil Davis | fa535f758b | |
Phil Davis | b5cd5163c7 | |
Phil Davis | d86ec4e075 | |
Renato Botelho | 63b8c4db3b | |
Warren Baker | 74bd3c3f7f | |
Ermal Luçi | c1ecdca2fb | |
Daniel Becker | 6acbb7d2f1 | |
jim-p | fd4fc12087 | |
jim-p | 469e33330d | |
Ermal Luçi | d45fdd2a01 | |
Ermal Luçi | 03ffccb928 | |
Daniel Becker | b54b997d2d | |
Daniel Becker | c3101e14c0 | |
Daniel Becker | 93749c103f | |
Daniel Becker | e4ba18aa6e | |
Daniel Becker | 5a55d9d7d4 | |
Daniel Becker | 26f80aff92 | |
jim-p | f34fcff4b4 | |
Ermal | bc59bcff38 | |
Ermal | de2fe652ca | |
jim-p | a19fcb824c | |
jim-p | e7bc770e1a | |
Renato Botelho | e91abcc96e | |
Chris Buechler | 174e151df8 | |
Chris Buechler | df1b3eb700 | |
Daniel Becker | fc654f2c36 | |
jim-p | 6efe0caeb3 | |
Renato Botelho | c2bf84a18b | |
N0YB | 91c6c9021c | |
Renato Botelho | 010639a89b | |
Renato Botelho | ee3bc70325 | |
plinss | ae7372475b | |
Ermal | 51b262421b | |
Ermal | b877d6351c | |
Renato Botelho | 5fb149ba4b | |
jim-p | 9db8c46dff | |
jim-p | 0ee96a458a | |
Renato Botelho | abe411ad67 | |
Renato Botelho | 277fd8db2b | |
Renato Botelho | c3cbe91eed | |
Renato Botelho | 810c6a968c | |
Renato Botelho | 6a9a0736f6 | |
Ermal | 63356262a7 | |
Ermal | fae0e09833 | |
Ermal | 032a3c0a21 | |
Ermal | f4d0495eac | |
Ermal | 74f4a3cc82 | |
Ermal Luçi | ac086c621f | |
N0YB | 3e3aeb8b15 | |
Renato Botelho | f0f1737b64 | |
Matt Smith | 31677598c3 | |
Ermal | 5ee53aa1c9 | |
falbertopl | 51f98d0dcc | |
jim-p | c49b7c50af | |
jim-p | b54ffacc75 | |
jim-p | 0d7e24784f | |
jim-p | c8369c5908 | |
jim-p | 6c38268e6e | |
jim-p | b65492f677 | |
Ermal | 92465c6fc8 | |
jim-p | 6c2bb4e62b | |
Renato Botelho | 98d5e23461 | |
Ermal Luçi | f5035e0b6a | |
smos | 6dcbd1b3ad | |
Renato Botelho | 5ce5439f41 | |
N0YB | 24646d5750 | |
N0YB | 641f2f3c24 | |
dhatz | 9e5ae41ab2 | |
Renato Botelho | db83bdf9b3 | |
Renato Botelho | 1a03f64684 | |
Phil Davis | 2cfde694da | |
Klaws-- | 216c80dd13 | |
Klaws-- | 6e0d8f820f | |
jim-p | b275b65896 | |
jim-p | f09f3d6fb9 | |
jim-p | 1e7fa7cd9d | |
jim-p | 1525fe1f2d | |
jim-p | 69937c0527 | |
jim-p | 2aacbacf83 | |
Renato Botelho | efe42b5a05 | |
N0YB | 211d95a94d | |
N0YB | 1e86f51056 | |
N0YB | 88ba6d31a6 | |
PiBa-NL | 63b69d3427 | |
Phil Davis | 51f1fc586f | |
jim-p | 94fb9f2d97 | |
Ermal | b7d6c7f6bb | |
jim-p | 4f0710f32f | |
jim-p | 2706c79b47 | |
jim-p | 8744a1130e | |
jim-p | a27403c4e6 | |
jim-p | 850324a23e | |
jim-p | c32e058108 | |
jim-p | e43fa2ac99 | |
jim-p | 1142199675 | |
jim-p | f63733e05b | |
jim-p | 57fa70112a | |
jim-p | bca506d431 | |
Renato Botelho | ef01b77f6d | |
Renato Botelho | 9507aa0ec0 | |
Ermal | b48e2e6bcc | |
Ermal | 70a9e13176 | |
Ermal | 8cea45e4f8 | |
Ermal | 891dfb2496 | |
Ermal | 1005484304 | |
Ermal | f960f9dd20 | |
Ermal | 10ce1ac1cd | |
Ermal | ca2b90ec7e | |
Ermal | d90ea5ffd5 | |
Ermal | 08efe4e6f3 | |
Ermal | 6756d9eed6 | |
Ermal | 50a88d93fd | |
Ermal | 85a389c9f1 | |
Chris Buechler | af600fe246 | |
Chris Buechler | 891ecd18f8 | |
Chris Buechler | 7b79e0cb85 | |
N0YB | 5fb01c77a6 | |
N0YB | 304ea841cf | |
Chris Buechler | bcd94190b1 | |
Renato Botelho | 2ca432514e | |
Renato Botelho | c9322c5ceb | |
Renato Botelho | d60629b071 | |
jim-p | 654ed9e0c4 | |
jim-p | 94860e9e5e | |
jim-p | 185f24c35e | |
jim-p | 95dfe4f55c | |
jim-p | f09926869f | |
jim-p | 8a0f8732a5 | |
Ermal | 46b323f053 | |
Ermal | 1da5d1d742 | |
Ermal Luçi | 43b9f062e3 | |
Michele Di Maria | e59bd27375 | |
Ermal | 8959f2fc21 | |
Ermal | 7fdd0c73e0 | |
Ermal | 89784e551b | |
jim-p | 39b84ccc7f | |
jim-p | 56bf3ef146 | |
Ermal | 00a7438c5b | |
Renato Botelho | 50d3ed9c3c | |
jim-p | 90df9a993e | |
jim-p | 6b53736d3b | |
Phil Davis | d9f2de9ad4 | |
jim-p | f79a5df073 | |
Renato Botelho | 5789e9f837 | |
jim-p | 786399e5c7 | |
Ermal Luçi | b17c09ba4b | |
Jean Cyr | 2fbefad667 | |
jim-p | b27ec31472 | |
jim-p | dd6882695d | |
Renato Botelho | 2bba9aefc2 | |
jim-p | e0c7109d86 | |
swatspyder | 5217befec5 | |
Ermal Luçi | 0cbddf492a | |
Phil Davis | be47e83c43 | |
Phil Davis | acd8af41b1 | |
Ermal | 368d34c31a | |
jim-p | 5bf5328596 | |
Renato Botelho | 5c0c402a2b | |
Renato Botelho | f0867239c1 | |
Chris Buechler | 1546aaf0ea |
|
@ -1,7 +1,7 @@
|
|||
<?xml version="1.0"?>
|
||||
<!-- pfSense default system configuration -->
|
||||
<pfsense>
|
||||
<version>9.5</version>
|
||||
<version>9.8</version>
|
||||
<lastchange></lastchange>
|
||||
<theme>pfsense_ng</theme>
|
||||
<sysctl>
|
||||
|
@ -198,6 +198,7 @@
|
|||
<timeservers>0.pfsense.pool.ntp.org</timeservers>
|
||||
<webgui>
|
||||
<protocol>https</protocol>
|
||||
<noautocomplete/>
|
||||
</webgui>
|
||||
<disablenatreflection>yes</disablenatreflection>
|
||||
<!-- <disableconsolemenu/> -->
|
||||
|
@ -213,6 +214,7 @@
|
|||
<bogons>
|
||||
<interval>monthly</interval>
|
||||
</bogons>
|
||||
<kill_states/>
|
||||
</system>
|
||||
<interfaces>
|
||||
<wan>
|
||||
|
@ -642,15 +644,6 @@
|
|||
-->
|
||||
</proxyarp>
|
||||
<cron>
|
||||
<item>
|
||||
<minute>0</minute>
|
||||
<hour>*</hour>
|
||||
<mday>*</mday>
|
||||
<month>*</month>
|
||||
<wday>*</wday>
|
||||
<who>root</who>
|
||||
<command>/usr/bin/nice -n20 newsyslog</command>
|
||||
</item>
|
||||
<item>
|
||||
<minute>1,31</minute>
|
||||
<hour>0-5</hour>
|
||||
|
|
|
@ -234,12 +234,4 @@ WS Samoa
|
|||
YE Yemen
|
||||
YT Mayotte
|
||||
ZA South Africa
|
||||
ZM Zambia
|
||||
COM US Commercial
|
||||
EDU US Educational
|
||||
GOV US Government
|
||||
INT International
|
||||
MIL US Military
|
||||
NET Network
|
||||
ORG Non-Profit Organization
|
||||
ARPA Old style Arpanet
|
||||
ZM Zambia
|
|
@ -50,7 +50,7 @@ function get_swap_disks() {
|
|||
function get_disk_slices($disk) {
|
||||
global $g, $debug;
|
||||
$slices_array = array();
|
||||
$slices = trim(exec("/bin/ls /dev/{$disk}s* 2>/dev/null"));
|
||||
$slices = trim(exec("/bin/ls " . escapeshellarg("/dev/" . $disk . "s*") . " 2>/dev/null"));
|
||||
$slices = str_replace("/dev/", "", $slices);
|
||||
if($slices == "ls: No match.")
|
||||
return;
|
||||
|
@ -61,7 +61,7 @@ function get_disk_slices($disk) {
|
|||
function get_disks() {
|
||||
global $g, $debug;
|
||||
$disks_array = array();
|
||||
$disks = exec("/sbin/sysctl kern.disks | cut -d':' -f2");
|
||||
$disks = exec("/sbin/sysctl -n kern.disks");
|
||||
$disks_s = explode(" ", $disks);
|
||||
foreach($disks_s as $disk)
|
||||
if(trim($disk))
|
||||
|
@ -91,7 +91,7 @@ function test_config($file_location) {
|
|||
return;
|
||||
// config.xml was found. ensure it is sound.
|
||||
$root_obj = trim("<{$g['xml_rootobj']}>");
|
||||
$xml_file_head = exec("/usr/bin/head -2 {$file_location} | /usr/bin/tail -n1");
|
||||
$xml_file_head = exec("/usr/bin/head -2 " . escapeshellarg($file_location) . " | /usr/bin/tail -n1");
|
||||
if($debug) {
|
||||
echo "\nroot obj = $root_obj";
|
||||
echo "\nfile head = $xml_file_head";
|
||||
|
|
|
@ -0,0 +1,225 @@
|
|||
# $FreeBSD: src/etc/gettytab,v 1.22 2004/06/06 11:46:27 schweikh Exp $
|
||||
# from: @(#)gettytab 5.14 (Berkeley) 3/27/91
|
||||
#
|
||||
# Most of the table entries here are just copies of the old getty table,
|
||||
# it is by no means certain, or even likely, that any of them are optimal
|
||||
# for any purpose whatever. Nor is it likely that more than a couple are
|
||||
# even correct.
|
||||
#
|
||||
# The default gettytab entry, used to set defaults for all other
|
||||
# entries, and in cases where getty is called with no table name.
|
||||
#
|
||||
# cb, ce and ck are desirable on most crt's. The non-crt entries need to
|
||||
# be changed to turn them off (:cb@:ce@:ck@:).
|
||||
#
|
||||
# lc should always be on; it's a remainder of some stone age when there
|
||||
# have been terminals around not being able of handling lower-case
|
||||
# characters. Those terminals aren't supported any longer, but getty is
|
||||
# `smart' about them by default.
|
||||
#
|
||||
# Parity defaults to even, but the Pc entry and all the `std' entries
|
||||
# specify no parity. The different parities are:
|
||||
# (none): same as ep for getty. login will use terminal as is.
|
||||
# ep: getty will use raw mode (cs8 -parenb) (unless rw is set) and
|
||||
# fake parity. login will use even parity (cs7 parenb -parodd).
|
||||
# op: same as ep except odd parity (cs7 parenb parodd) for login.
|
||||
# getty will fake odd parity as well.
|
||||
# ap: same as ep except -inpck instead of inpck for login.
|
||||
# ap overrides op and ep.
|
||||
# np: 1. don't fake parity in getty. The fake parity garbles
|
||||
# characters on non-terminals (like pccons) that don't
|
||||
# support parity. It would probably better for getty not to
|
||||
# try to fake parity. It could just use cbreak mode so as
|
||||
# not to force cs8 and let the hardware handle the parity.
|
||||
# login has to be rely on the hardware anyway.
|
||||
# 2. set cs8 -parenb -istrip -inpck.
|
||||
# ep:op: same as ap.
|
||||
#
|
||||
default:\
|
||||
::cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\
|
||||
:if=/etc/issue:
|
||||
|
||||
#
|
||||
# Fixed speed entries
|
||||
#
|
||||
# The "std.NNN" names are known to the special case
|
||||
# portselector code in getty, however they can
|
||||
# be assigned to any table desired.
|
||||
# The "NNN-baud" names are known to the special case
|
||||
# autobaud code in getty, and likewise can
|
||||
# be assigned to any table desired (hopefully the same speed).
|
||||
#
|
||||
a|std.110|110-baud:\
|
||||
:np:nd#1:cd#1:uc:sp#110:
|
||||
b|std.134|134.5-baud:\
|
||||
:np:nd#1:cd#2:ff#1:td#1:sp#134:ht:nl:
|
||||
1|std.150|150-baud:\
|
||||
:np:nd#1:cd#2:td#1:fd#1:sp#150:ht:nl:lm=\E\72\6\6\17login\72 :
|
||||
c|std.300|300-baud:\
|
||||
:np:nd#1:cd#1:sp#300:
|
||||
d|std.600|600-baud:\
|
||||
:np:nd#1:cd#1:sp#600:
|
||||
f|std.1200|1200-baud:\
|
||||
:np:fd#1:sp#1200:
|
||||
6|std.2400|2400-baud:\
|
||||
:np:sp#2400:
|
||||
7|std.4800|4800-baud:\
|
||||
:np:sp#4800:
|
||||
2|std.9600|9600-baud:\
|
||||
:np:sp#9600:
|
||||
g|std.19200|19200-baud:\
|
||||
:np:sp#19200:
|
||||
std.38400|38400-baud:\
|
||||
:np:sp#38400:
|
||||
std.57600|57600-baud:\
|
||||
:np:sp#57600:
|
||||
std.115200|115200-baud:\
|
||||
:np:sp#115200:
|
||||
std.230400|230400-baud:\
|
||||
:np:sp#230400:
|
||||
|
||||
#
|
||||
# Entry specifying explicit device settings. See termios(4) and
|
||||
# /usr/include/termios.h, too. The entry forces the tty into
|
||||
# CLOCAL mode (so no DCD is required), and uses Xon/Xoff flow control.
|
||||
#
|
||||
# cflags: CLOCAL | HUPCL | CREAD | CS8
|
||||
# oflags: OPOST | ONLCR | OXTABS
|
||||
# iflags: IXOFF | IXON | ICRNL | IGNPAR
|
||||
# lflags: IEXTEN | ICANON | ISIG | ECHOCTL | ECHO | ECHOK | ECHOE | ECHOKE
|
||||
#
|
||||
# The `0' flags don't have input enabled. The `1' flags don't echo.
|
||||
# (Echoing is done inside getty itself.)
|
||||
#
|
||||
local.9600|CLOCAL tty @ 9600 Bd:\
|
||||
:c0#0x0000c300:c1#0x0000cb00:c2#0x0000cb00:\
|
||||
:o0#0x00000007:o1#0x00000002:o2#0x00000007:\
|
||||
:i0#0x00000704:i1#0x00000000:i2#0x00000704:\
|
||||
:l0#0x000005cf:l1#0x00000000:l2#0x000005cf:\
|
||||
:sp#9600:
|
||||
|
||||
#
|
||||
# Dial in rotary tables, speed selection via 'break'
|
||||
#
|
||||
0|d300|Dial-300:\
|
||||
:nx=d1200:cd#2:sp#300:
|
||||
d1200|Dial-1200:\
|
||||
:nx=d150:fd#1:sp#1200:
|
||||
d150|Dial-150:\
|
||||
:nx=d110:lm@:tc=150-baud:
|
||||
d110|Dial-110:\
|
||||
:nx=d300:tc=300-baud:
|
||||
|
||||
#
|
||||
# Fast dialup terminals, 2400/1200/300 rotary (can start either way)
|
||||
#
|
||||
D2400|d2400|Fast-Dial-2400:\
|
||||
:nx=D1200:tc=2400-baud:
|
||||
3|D1200|Fast-Dial-1200:\
|
||||
:nx=D300:tc=1200-baud:
|
||||
5|D300|Fast-Dial-300:\
|
||||
:nx=D2400:tc=300-baud:
|
||||
|
||||
#
|
||||
#telebit (19200)
|
||||
#
|
||||
t19200:\
|
||||
:nx=t2400:tc=19200-baud:
|
||||
t2400:\
|
||||
:nx=t1200:tc=2400-baud:
|
||||
t1200:\
|
||||
:nx=t19200:tc=1200-baud:
|
||||
|
||||
#
|
||||
#telebit (9600)
|
||||
#
|
||||
t9600:\
|
||||
:nx=t2400a:tc=9600-baud:
|
||||
t2400a:\
|
||||
:nx=t1200a:tc=2400-baud:
|
||||
t1200a:\
|
||||
:nx=t9600:tc=1200-baud:
|
||||
|
||||
#
|
||||
# Odd special case terminals
|
||||
#
|
||||
-|tty33|asr33|Pity the poor user of this beast:\
|
||||
:tc=110-baud:
|
||||
|
||||
4|Console|Console Decwriter II:\
|
||||
:nd@:cd@:rw:tc=300-baud:
|
||||
|
||||
e|Console-1200|Console Decwriter III:\
|
||||
:fd@:nd@:cd@:rw:tc=1200-baud:
|
||||
|
||||
i|Interdata console:\
|
||||
:uc:sp#0:
|
||||
|
||||
l|lsi chess terminal:\
|
||||
:sp#300:
|
||||
|
||||
X|Xwindow|X window system:\
|
||||
:fd@:nd@:cd@:rw:sp#9600:
|
||||
|
||||
P|Pc|Pc console:\
|
||||
:ht:np:sp#115200:al=root:
|
||||
|
||||
bootupcli:\
|
||||
tc=std.9600:\
|
||||
:ht:np:sp#115200:al=root:
|
||||
|
||||
#
|
||||
# Wierdo special case for fast crt's with hardcopy devices
|
||||
#
|
||||
8|T9600|CRT with hardcopy:\
|
||||
:nx=T300:tc=9600-baud:
|
||||
9|T300|CRT with hardcopy (300):\
|
||||
:nx=T9600:tc=300-baud:
|
||||
|
||||
#
|
||||
# Plugboard, and misc other terminals
|
||||
#
|
||||
plug-9600|Plugboard-9600:\
|
||||
:pf#1:tc=9600-baud:
|
||||
p|P9600|Plugboard-9600-rotary:\
|
||||
:pf#1:nx=P300:tc=9600-baud:
|
||||
q|P300|Plugboard-300:\
|
||||
:pf#1:nx=P1200:tc=300-baud:
|
||||
r|P1200|Plugboard-1200:\
|
||||
:pf#1:nx=P9600:tc=1200-baud:
|
||||
|
||||
#
|
||||
# XXXX Port selector
|
||||
#
|
||||
s|DSW|Port Selector:\
|
||||
:ps:sp#2400:
|
||||
|
||||
#
|
||||
# Auto-baud speed detect entry for Micom 600.
|
||||
# Special code in getty will switch this out
|
||||
# to one of the NNN-baud entries.
|
||||
#
|
||||
A|Auto-baud:\
|
||||
:ab:sp#2400:f0#040:
|
||||
|
||||
#
|
||||
# autologin - automatically log in as root
|
||||
#
|
||||
|
||||
autologin|al.9600:\
|
||||
::tc=std.9600:
|
||||
|
||||
#
|
||||
# Entries for 3-wire serial terminals. These don't supply carrier, so
|
||||
# clocal needs to be set, and crtscts needs to be unset.
|
||||
#
|
||||
3wire.9600|9600-3wire:\
|
||||
:np:nc:sp#9600:
|
||||
3wire.38400|38400-3wire:\
|
||||
:np:nc:sp#38400:
|
||||
3wire.57600|57600-3wire:\
|
||||
:np:nc:sp#57600:
|
||||
3wire.115200|115200-3wire:\
|
||||
:np:nc:sp#115200:
|
||||
3wire.230400|230400-3wire:\
|
||||
:np:nc:sp#230400:
|
|
@ -55,7 +55,7 @@ $security_passed = true;
|
|||
/* If this function doesn't exist, we're being called from Captive Portal or
|
||||
another internal subsystem which does not include authgui.inc */
|
||||
if (function_exists("display_error_form") && !isset($config['system']['webgui']['nodnsrebindcheck'])) {
|
||||
/* DNS ReBinding attack prevention. http://redmine.pfsense.org/issues/708 */
|
||||
/* DNS ReBinding attack prevention. https://redmine.pfsense.org/issues/708 */
|
||||
$found_host = false;
|
||||
|
||||
/* Either a IPv6 address with or without a alternate port */
|
||||
|
@ -86,6 +86,13 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
|
|||
break;
|
||||
}
|
||||
|
||||
if(is_array($config['dnsupdates']['dnsupdate']) && !$found_host)
|
||||
foreach($config['dnsupdates']['dnsupdate'] as $rfc2136)
|
||||
if(strcasecmp($rfc2136['host'], $http_host) == 0) {
|
||||
$found_host = true;
|
||||
break;
|
||||
}
|
||||
|
||||
if(!empty($config['system']['webgui']['althostnames']) && !$found_host) {
|
||||
$althosts = explode(" ", $config['system']['webgui']['althostnames']);
|
||||
foreach ($althosts as $ah)
|
||||
|
@ -123,6 +130,7 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui']['
|
|||
if(strcasecmp($referrer_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0
|
||||
|| strcasecmp($referrer_host, $config['system']['hostname']) == 0)
|
||||
$found_host = true;
|
||||
|
||||
if(!empty($config['system']['webgui']['althostnames']) && !$found_host) {
|
||||
$althosts = explode(" ", $config['system']['webgui']['althostnames']);
|
||||
foreach ($althosts as $ah) {
|
||||
|
@ -132,6 +140,21 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui']['
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(is_array($config['dyndnses']['dyndns']) && !$found_host)
|
||||
foreach($config['dyndnses']['dyndns'] as $dyndns)
|
||||
if(strcasecmp($dyndns['host'], $referrer_host) == 0) {
|
||||
$found_host = true;
|
||||
break;
|
||||
}
|
||||
|
||||
if(is_array($config['dnsupdates']['dnsupdate']) && !$found_host)
|
||||
foreach($config['dnsupdates']['dnsupdate'] as $rfc2136)
|
||||
if(strcasecmp($rfc2136['host'], $referrer_host) == 0) {
|
||||
$found_host = true;
|
||||
break;
|
||||
}
|
||||
|
||||
if(!$found_host) {
|
||||
$interface_list_ips = get_configured_ip_addresses();
|
||||
foreach($interface_list_ips as $ilips) {
|
||||
|
@ -438,18 +461,18 @@ function local_user_set(& $user) {
|
|||
mkdir($user_home, 0700);
|
||||
mwexec("/bin/cp /root/.* {$home_base}/", true);
|
||||
}
|
||||
chown($user_home, $user_name);
|
||||
chgrp($user_home, $user_group);
|
||||
@chown($user_home, $user_name);
|
||||
@chgrp($user_home, $user_group);
|
||||
|
||||
/* write out ssh authorized key file */
|
||||
if($user['authorizedkeys']) {
|
||||
if (!is_dir("{$user_home}/.ssh")) {
|
||||
mkdir("{$user_home}/.ssh", 0700);
|
||||
chown("{$user_home}/.ssh", $user_name);
|
||||
@mkdir("{$user_home}/.ssh", 0700);
|
||||
@chown("{$user_home}/.ssh", $user_name);
|
||||
}
|
||||
$keys = base64_decode($user['authorizedkeys']);
|
||||
file_put_contents("{$user_home}/.ssh/authorized_keys", $keys);
|
||||
chown("{$user_home}/.ssh/authorized_keys", $user_name);
|
||||
@file_put_contents("{$user_home}/.ssh/authorized_keys", $keys);
|
||||
@chown("{$user_home}/.ssh/authorized_keys", $user_name);
|
||||
} else
|
||||
unlink_if_exists("{$user_home}/.ssh/authorized_keys");
|
||||
|
||||
|
@ -742,6 +765,8 @@ function ldap_test_bind($authcfg) {
|
|||
ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING);
|
||||
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver);
|
||||
|
||||
$ldapbindun = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindun) : $ldapbindun;
|
||||
$ldapbindpw = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindpw) : $ldapbindpw;
|
||||
if ($ldapanon == true) {
|
||||
if (!($res = @ldap_bind($ldap))) {
|
||||
@ldap_close($ldap);
|
||||
|
@ -813,6 +838,8 @@ function ldap_get_user_ous($show_complete_ou=true, $authcfg) {
|
|||
ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING);
|
||||
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver);
|
||||
|
||||
$ldapbindun = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindun) : $ldapbindun;
|
||||
$ldapbindpw = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindpw) : $ldapbindpw;
|
||||
if ($ldapanon == true) {
|
||||
if (!($res = @ldap_bind($ldap))) {
|
||||
log_error(sprintf(gettext("ERROR! ldap_get_user_ous() could not bind anonymously to server %s."), $ldapname));
|
||||
|
@ -862,7 +889,7 @@ function ldap_get_groups($username, $authcfg) {
|
|||
if(!$username)
|
||||
return false;
|
||||
|
||||
if(stristr($username, "@")) {
|
||||
if(!isset($authcfg['ldap_nostrip_at']) && stristr($username, "@")) {
|
||||
$username_split = explode("@", $username);
|
||||
$username = $username_split[0];
|
||||
}
|
||||
|
@ -925,6 +952,8 @@ function ldap_get_groups($username, $authcfg) {
|
|||
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver);
|
||||
|
||||
/* bind as user that has rights to read group attributes */
|
||||
$ldapbindun = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindun) : $ldapbindun;
|
||||
$ldapbindpw = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindpw) : $ldapbindpw;
|
||||
if ($ldapanon == true) {
|
||||
if (!($res = @ldap_bind($ldap))) {
|
||||
log_error(sprintf(gettext("ERROR! ldap_get_groups() could not bind anonymously to server %s."), $ldapname));
|
||||
|
@ -984,7 +1013,7 @@ function ldap_backed($username, $passwd, $authcfg) {
|
|||
if(!function_exists("ldap_connect"))
|
||||
return;
|
||||
|
||||
if(stristr($username, "@")) {
|
||||
if(!isset($authcfg['ldap_nostrip_at']) && stristr($username, "@")) {
|
||||
$username_split = explode("@", $username);
|
||||
$username = $username_split[0];
|
||||
}
|
||||
|
@ -1060,6 +1089,8 @@ function ldap_backed($username, $passwd, $authcfg) {
|
|||
|
||||
/* ok, its up. now, lets bind as the bind user so we can search it */
|
||||
$error = false;
|
||||
$ldapbindun = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindun) : $ldapbindun;
|
||||
$ldapbindpw = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindpw) : $ldapbindpw;
|
||||
if ($ldapanon == true) {
|
||||
if (!($res = @ldap_bind($ldap)))
|
||||
$error = true;
|
||||
|
@ -1089,9 +1120,12 @@ function ldap_backed($username, $passwd, $authcfg) {
|
|||
log_auth(sprintf(gettext("Now Searching for %s in directory."), $username));
|
||||
/* Iterate through the user containers for search */
|
||||
foreach ($ldac_splits as $i => $ldac_split) {
|
||||
$ldac_split = isset($authcfg['ldap_utf8']) ? utf8_encode($ldac_split) : $ldac_split;
|
||||
$ldapfilter = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapfilter) : $ldapfilter;
|
||||
$ldapsearchbasedn = isset($authcfg['ldap_utf8']) ? utf8_encode("{$ldac_split},{$ldapbasedn}") : "{$ldac_split},{$ldapbasedn}";
|
||||
/* Make sure we just use the first user we find */
|
||||
if ($debug)
|
||||
log_auth(sprintf(gettext('Now Searching in server %1$s, container %2$s with filter %3$s.'), $ldapname, $ldac_split, $ldapfilter));
|
||||
log_auth(sprintf(gettext('Now Searching in server %1$s, container %2$s with filter %3$s.'), $ldapname, utf8_decode($ldac_split), utf8_decode($ldapfilter)));
|
||||
if ($ldapscope == "one")
|
||||
$ldapfunc = "ldap_list";
|
||||
else
|
||||
|
@ -1100,7 +1134,7 @@ function ldap_backed($username, $passwd, $authcfg) {
|
|||
if (stristr($ldac_split, "DC=") || empty($ldapbasedn))
|
||||
$search = @$ldapfunc($ldap,$ldac_split,$ldapfilter);
|
||||
else
|
||||
$search = @$ldapfunc($ldap,"{$ldac_split},{$ldapbasedn}",$ldapfilter);
|
||||
$search = @$ldapfunc($ldap,$ldapsearchbasedn,$ldapfilter);
|
||||
if (!$search) {
|
||||
log_error(sprintf(gettext("Search resulted in error: %s"), ldap_error($ldap)));
|
||||
continue;
|
||||
|
@ -1123,14 +1157,17 @@ function ldap_backed($username, $passwd, $authcfg) {
|
|||
}
|
||||
|
||||
/* Now lets bind as the user we found */
|
||||
$passwd = isset($authcfg['ldap_utf8']) ? utf8_encode($passwd) : $passwd;
|
||||
if (!($res = @ldap_bind($ldap, $userdn, $passwd))) {
|
||||
log_error(sprintf(gettext('ERROR! Could not login to server %1$s as user %2$s: %3$s'), $ldapname, $username, ldap_error($ldap)));
|
||||
@ldap_unbind($ldap);
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($debug)
|
||||
if ($debug) {
|
||||
$userdn = isset($authcfg['ldap_utf8']) ? utf8_decode($userdn) : $userdn;
|
||||
log_auth(sprintf(gettext('Logged in successfully as %1$s via LDAP server %2$s with DN = %3$s.'), $username, $ldapname, $userdn));
|
||||
}
|
||||
|
||||
/* At this point we are bound to LDAP so the user was auth'd okay. Close connection. */
|
||||
@ldap_unbind($ldap);
|
||||
|
@ -1305,16 +1342,14 @@ function session_auth() {
|
|||
global $HTTP_SERVER_VARS, $config, $_SESSION, $page;
|
||||
|
||||
// Handle HTTPS httponly and secure flags
|
||||
if($config['system']['webgui']['protocol'] == "https") {
|
||||
$currentCookieParams = session_get_cookie_params();
|
||||
session_set_cookie_params(
|
||||
$currentCookieParams["lifetime"],
|
||||
$currentCookieParams["path"],
|
||||
NULL,
|
||||
true,
|
||||
true
|
||||
);
|
||||
}
|
||||
$currentCookieParams = session_get_cookie_params();
|
||||
session_set_cookie_params(
|
||||
$currentCookieParams["lifetime"],
|
||||
$currentCookieParams["path"],
|
||||
NULL,
|
||||
($config['system']['webgui']['protocol'] == "https"),
|
||||
true
|
||||
);
|
||||
|
||||
if (!session_id())
|
||||
session_start();
|
||||
|
@ -1324,6 +1359,8 @@ function session_auth() {
|
|||
$authcfg = auth_get_authserver($config['system']['webgui']['authmode']);
|
||||
if (authenticate_user($_POST['usernamefld'], $_POST['passwordfld'], $authcfg) ||
|
||||
authenticate_user($_POST['usernamefld'], $_POST['passwordfld'])) {
|
||||
// Generate a new id to avoid session fixation
|
||||
session_regenerate_id();
|
||||
$_SESSION['Logged_In'] = "True";
|
||||
$_SESSION['Username'] = $_POST['usernamefld'];
|
||||
$_SESSION['last_access'] = time();
|
||||
|
|
|
@ -258,7 +258,7 @@ $have_cookies = isset($_COOKIE["cookie_test"]);
|
|||
<body onload="page_load()">
|
||||
<div id="login">
|
||||
<?php
|
||||
if(is_ipaddr($http_host) && !$local_ip) {
|
||||
if(is_ipaddr($http_host) && !$local_ip && !isset($config['system']['webgui']['nohttpreferercheck'])) {
|
||||
$nifty_background = "#999";
|
||||
print_info_box(gettext("You are accessing this router by an IP address not configured locally, which may be forwarded by NAT or other means. <br/><br/>If you did not setup this forwarding, you may be the target of a man-in-the-middle attack."));
|
||||
}
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
<?php
|
||||
/*
|
||||
captiveportal.inc
|
||||
part of pfSense (http://www.pfSense.org)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
Copyright (C) 2004-2011 Scott Ullrich <sullrich@gmail.com>
|
||||
Copyright (C) 2009-2012 Ermal Luçi <eri@pfsense.org>
|
||||
Copyright (C) 2009-2012 Ermal Lu<EFBFBD>i <eri@pfsense.org>
|
||||
Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
|
||||
|
||||
originally part of m0n0wall (http://m0n0.ch/wall)
|
||||
|
@ -153,9 +153,9 @@ function captiveportal_load_modules() {
|
|||
/* make sure ipfw is not on pfil hooks */
|
||||
mwexec("/sbin/sysctl net.inet.ip.pfil.inbound=\"pf\" net.inet6.ip6.pfil.inbound=\"pf\"" .
|
||||
" net.inet.ip.pfil.outbound=\"pf\" net.inet6.ip6.pfil.outbound=\"pf\"");
|
||||
/* Activate layer2 filtering */
|
||||
mwexec("/sbin/sysctl net.link.ether.ipfw=1 net.inet.ip.fw.one_pass=1");
|
||||
}
|
||||
/* Activate layer2 filtering */
|
||||
mwexec("/sbin/sysctl net.link.ether.ipfw=1 net.inet.ip.fw.one_pass=1");
|
||||
|
||||
/* Always load dummynet now that even allowed ip and mac passthrough use it. */
|
||||
if (!is_module_loaded("dummynet.ko")) {
|
||||
|
@ -362,6 +362,9 @@ EOD;
|
|||
/* remove old information */
|
||||
unlink_if_exists("{$g['vardb_path']}/captiveportal{$cpzone}.db");
|
||||
unlink_if_exists("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db");
|
||||
unlink_if_exists("{$g['vardb_path']}/captiveportal_{$cpzone}.rules");
|
||||
/* Release allocated pipes for this zone */
|
||||
captiveportal_free_dnrules();
|
||||
|
||||
mwexec("/usr/local/sbin/ipfw_context -d {$cpzone}", true);
|
||||
|
||||
|
@ -618,12 +621,6 @@ function captiveportal_prune_old() {
|
|||
/* NOTE: while this can be simplified in non radius case keep as is for now */
|
||||
$cpdb = captiveportal_read_db();
|
||||
|
||||
/*
|
||||
* To make sure we iterate over ALL accounts on every run the count($cpdb) is moved
|
||||
* outside of the loop. Otherwise the loop would evaluate count() on every iteration
|
||||
* and since $i would increase and count() would decrement they would meet before we
|
||||
* had a chance to iterate over all accounts.
|
||||
*/
|
||||
$unsetindexes = array();
|
||||
$voucher_needs_sync = false;
|
||||
/*
|
||||
|
@ -636,9 +633,9 @@ function captiveportal_prune_old() {
|
|||
|
||||
$timedout = false;
|
||||
$term_cause = 1;
|
||||
if (empty($cpentry[10]))
|
||||
$cpentry[10] = 'first';
|
||||
$radiusservers = $radiussrvs[$cpentry[10]];
|
||||
if (empty($cpentry[11]))
|
||||
$cpentry[11] = 'first';
|
||||
$radiusservers = $radiussrvs[$cpentry[11]];
|
||||
|
||||
/* hard timeout? */
|
||||
if ($timeout) {
|
||||
|
@ -718,13 +715,14 @@ function captiveportal_prune_old() {
|
|||
$cpentry[3]); // clientmac
|
||||
} else if ($cpcfg['reauthenticateacct'] == "interimupdate") {
|
||||
$session_time = $pruning_time - $cpentry[0];
|
||||
if (!empty($cpentry[10]) && $cpentry[10] > 60)
|
||||
$interval = $cpentry[10];
|
||||
if (!empty($cpentry[10]) && intval($cpentry[10]) > 60)
|
||||
$interval = intval($cpentry[10]);
|
||||
else
|
||||
$interval = 0;
|
||||
$past_interval_min = ($session_time > $interval);
|
||||
$within_interval = ($session_time % $interval >= 0 && $session_time % $interval <= 59);
|
||||
if (($interval > 0 && $past_interval_min && $within_interval) || $interval === 0) {
|
||||
if (!empty($interval))
|
||||
$within_interval = ($session_time % $interval >= 0 && $session_time % $interval <= 59);
|
||||
if (empty($interval) || ($interval > 0 && $past_interval_min && $within_interval)) {
|
||||
RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno
|
||||
$cpentry[4], // username
|
||||
$cpentry[5], // sessionid
|
||||
|
@ -777,27 +775,29 @@ function captiveportal_prune_old_automac() {
|
|||
$writecfg = false;
|
||||
foreach ($config['captiveportal'][$cpzone]['passthrumac'] as $eid => $emac) {
|
||||
if ($emac['logintype'] == "voucher") {
|
||||
if (isset($tmpvoucherdb[$emac['username']])) {
|
||||
$temac = $config['captiveportal'][$cpzone]['passthrumac'][$tmpvoucherdb[$emac['username']]];
|
||||
$ruleno = captiveportal_get_ipfw_passthru_ruleno($temac['mac']);
|
||||
$pipeno = captiveportal_get_dn_passthru_ruleno($temac['mac']);
|
||||
if ($ruleno) {
|
||||
captiveportal_free_ipfw_ruleno($ruleno);
|
||||
$macrules .= "delete {$ruleno}";
|
||||
++$ruleno;
|
||||
$macrules .= "delete {$ruleno}";
|
||||
if (isset($config['captiveportal'][$cpzone]['noconcurrentlogins'])) {
|
||||
if (isset($tmpvoucherdb[$emac['username']])) {
|
||||
$temac = $config['captiveportal'][$cpzone]['passthrumac'][$tmpvoucherdb[$emac['username']]];
|
||||
$ruleno = captiveportal_get_ipfw_passthru_ruleno($temac['mac']);
|
||||
$pipeno = captiveportal_get_dn_passthru_ruleno($temac['mac']);
|
||||
if ($ruleno) {
|
||||
captiveportal_free_ipfw_ruleno($ruleno);
|
||||
$macrules .= "delete {$ruleno}";
|
||||
++$ruleno;
|
||||
$macrules .= "delete {$ruleno}";
|
||||
}
|
||||
if ($pipeno) {
|
||||
captiveportal_free_dn_ruleno($pipeno);
|
||||
$macrules .= "pipe delete {$pipeno}\n";
|
||||
++$pipeno;
|
||||
$macrules .= "pipe delete {$pipeno}\n";
|
||||
}
|
||||
$writecfg = true;
|
||||
captiveportal_logportalauth($temac['username'], $temac['mac'], $temac['ip'], "DUPLICATE {$temac['username']} LOGIN - TERMINATING OLD SESSION");
|
||||
unset($config['captiveportal'][$cpzone]['passthrumac'][$tmpvoucherdb[$emac['username']]]);
|
||||
}
|
||||
if ($pipeno) {
|
||||
captiveportal_free_dn_ruleno($pipeno);
|
||||
$macrules .= "pipe delete {$pipeno}\n";
|
||||
++$pipeno;
|
||||
$macrules .= "pipe delete {$pipeno}\n";
|
||||
}
|
||||
$writecfg = true;
|
||||
captiveportal_logportalauth($temac['username'], $temac['mac'], $temac['ip'], "DUPLICATE {$temac['username']} LOGIN - TERMINATING OLD SESSION");
|
||||
unset($config['captiveportal'][$cpzone]['passthrumac'][$tmpvoucherdb[$emac['username']]]);
|
||||
$tmpvoucherdb[$emac['username']] = $eid;
|
||||
}
|
||||
$tmpvoucherdb[$emac['username']] = $eid;
|
||||
if (voucher_auth($emac['username']) <= 0) {
|
||||
$ruleno = captiveportal_get_ipfw_passthru_ruleno($emac['mac']);
|
||||
$pipeno = captiveportal_get_dn_passthru_ruleno($emac['mac']);
|
||||
|
@ -819,6 +819,7 @@ function captiveportal_prune_old_automac() {
|
|||
}
|
||||
}
|
||||
}
|
||||
unset($tmpvoucherdb);
|
||||
if (!empty($macrules)) {
|
||||
@file_put_contents("{$g['tmp_path']}/macentry.prunerules.tmp", $macrules);
|
||||
unset($macrules);
|
||||
|
@ -895,9 +896,9 @@ function captiveportal_disconnect_client($sessionid, $term_cause = 1, $logoutRea
|
|||
captiveportal_write_db("DELETE FROM captiveportal WHERE sessionid = '{$sessionid}'");
|
||||
|
||||
foreach ($result as $cpentry) {
|
||||
if (empty($cpentry[10]))
|
||||
$cpentry[10] = 'first';
|
||||
captiveportal_disconnect($cpentry, $radiusservers[$cpentry[10]], $term_cause);
|
||||
if (empty($cpentry[11]))
|
||||
$cpentry[11] = 'first';
|
||||
captiveportal_disconnect($cpentry, $radiusservers[$cpentry[11]], $term_cause);
|
||||
captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "DISCONNECT");
|
||||
}
|
||||
unset($result);
|
||||
|
@ -915,14 +916,14 @@ function captiveportal_radius_stop_all() {
|
|||
if (!empty($radiusservers)) {
|
||||
$cpdb = captiveportal_read_db();
|
||||
foreach ($cpdb as $cpentry) {
|
||||
if (empty($cpentry[10]))
|
||||
$cpentry[10] = 'first';
|
||||
if (!empty($radiusservers[$cpentry[10]])) {
|
||||
if (empty($cpentry[11]))
|
||||
$cpentry[11] = 'first';
|
||||
if (!empty($radiusservers[$cpentry[11]])) {
|
||||
RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno
|
||||
$cpentry[4], // username
|
||||
$cpentry[5], // sessionid
|
||||
$cpentry[0], // start time
|
||||
$radiusservers[$cpentry[10]],
|
||||
$radiusservers[$cpentry[11]],
|
||||
$cpentry[2], // clientip
|
||||
$cpentry[3], // clientmac
|
||||
7); // Admin Reboot
|
||||
|
@ -932,9 +933,18 @@ function captiveportal_radius_stop_all() {
|
|||
}
|
||||
|
||||
function captiveportal_passthrumac_configure_entry($macent) {
|
||||
global $cpzone, $config;
|
||||
|
||||
$bwUp = empty($macent['bw_up']) ? 0 : $macent['bw_up'];
|
||||
$bwDown = empty($macent['bw_down']) ? 0 : $macent['bw_down'];
|
||||
$bwUp = 0;
|
||||
if (!empty($macent['bw_up']))
|
||||
$bwUp = $macent['bw_up'];
|
||||
else if (isset($config['captiveportal'][$cpzone]['bwdefaultup']))
|
||||
$bwUp = $config['captiveportal'][$cpzone]['bwdefaultup'];
|
||||
$bwDown = 0;
|
||||
if (!empty($macent['bw_down']))
|
||||
$bwDown = $macent['bw_down'];
|
||||
else if (isset($config['captiveportal'][$cpzone]['bwdefaultdn']))
|
||||
$bwDown = $config['captiveportal'][$cpzone]['bwdefaultdn'];
|
||||
|
||||
$ruleno = captiveportal_get_next_ipfw_ruleno();
|
||||
$pipeno = captiveportal_get_next_dn_ruleno();
|
||||
|
@ -944,9 +954,9 @@ function captiveportal_passthrumac_configure_entry($macent) {
|
|||
$_gb = @pfSense_pipe_action("pipe {$pipeup} config bw {$bwUp}Kbit/s queue 100 buckets 16");
|
||||
$pipedown = $pipeno + 1;
|
||||
$_gb = @pfSense_pipe_action("pipe {$pipedown} config bw {$bwDown}Kbit/s queue 100 buckets 16");
|
||||
$rules .= "add {$ruleno} pipe {$pipeup} ip from any to any MAC {$macent['mac']} any\n";
|
||||
$rules .= "add {$ruleno} pipe {$pipeup} ip from any to any MAC any {$macent['mac']}\n";
|
||||
$ruleno++;
|
||||
$rules .= "add {$ruleno} pipe {$pipedown} ip from any to any MAC any {$macent['mac']}\n";
|
||||
$rules .= "add {$ruleno} pipe {$pipedown} ip from any to any MAC {$macent['mac']} any\n";
|
||||
|
||||
return $rules;
|
||||
}
|
||||
|
@ -1001,8 +1011,16 @@ function captiveportal_allowedip_configure_entry($ipent, $ishostname = false) {
|
|||
|
||||
$rules = "";
|
||||
$cp_filterdns_conf = "";
|
||||
$enBwup = empty($ipent['bw_up']) ? 0 : intval($ipent['bw_up']);
|
||||
$enBwdown = empty($ipent['bw_down']) ? 0 : intval($ipent['bw_down']);
|
||||
$enBwup = 0;
|
||||
if (!empty($ipent['bw_up']))
|
||||
$enBwup = intval($ipent['bw_up']);
|
||||
else if (isset($config['captiveportal'][$cpzone]['bwdefaultup']))
|
||||
$enBwup = $config['captiveportal'][$cpzone]['bwdefaultup'];
|
||||
$enBwdown = 0;
|
||||
if (!empty($ipent['bw_down']))
|
||||
$enBwdown = intval($ipent['bw_down']);
|
||||
else if (isset($config['captiveportal'][$cpzone]['bwdefaultdn']))
|
||||
$enBwdown = $config['captiveportal'][$cpzone]['bwdefaultdn'];
|
||||
|
||||
$pipeno = captiveportal_get_next_dn_ruleno();
|
||||
$_gb = @pfSense_pipe_action("pipe {$pipeno} config bw {$enBwup}Kbit/s queue 100 buckets 16");
|
||||
|
@ -1200,7 +1218,7 @@ function radius($username,$password,$clientip,$clientmac,$type, $radiusctx = nul
|
|||
$pipeno = captiveportal_get_next_dn_ruleno();
|
||||
|
||||
/* If the pool is empty, return appropriate message and fail authentication */
|
||||
if (is_null($pipeno)) {
|
||||
if (empty($pipeno)) {
|
||||
$auth_list = array();
|
||||
$auth_list['auth_val'] = 1;
|
||||
$auth_list['error'] = "System reached maximum login capacity";
|
||||
|
@ -1228,7 +1246,9 @@ function radius($username,$password,$clientip,$clientmac,$type, $radiusctx = nul
|
|||
$auth_list,
|
||||
$pipeno,
|
||||
$radiusctx);
|
||||
}
|
||||
} else {
|
||||
captiveportal_free_dn_ruleno($pipeno);
|
||||
}
|
||||
|
||||
return $auth_list;
|
||||
}
|
||||
|
@ -1241,7 +1261,7 @@ function captiveportal_opendb() {
|
|||
else {
|
||||
$errormsg = "";
|
||||
$DB = @sqlite_open("{$g['vardb_path']}/captiveportal{$cpzone}.db");
|
||||
if (@sqlite_exec($DB, "CREATE TABLE captiveportal (allow_time INTEGER, pipeno INTEGER, ip TEXT, mac TEXT, username TEXT, sessionid TEXT, bpassword TEXT, session_timeout INTEGER, idle_timeout INTEGER, session_terminate_time INTEGER, interim_interval INTEGER) ", $errormsg)) {
|
||||
if (@sqlite_exec($DB, "CREATE TABLE captiveportal (allow_time INTEGER, pipeno INTEGER, ip TEXT, mac TEXT, username TEXT, sessionid TEXT, bpassword TEXT, session_timeout INTEGER, idle_timeout INTEGER, session_terminate_time INTEGER, interim_interval INTEGER, radiusctx TEXT) ", $errormsg)) {
|
||||
@sqlite_exec($DB, "CREATE UNIQUE INDEX idx_active ON captiveportal (sessionid, username)");
|
||||
@sqlite_exec($DB, "CREATE INDEX user ON captiveportal (username)");
|
||||
@sqlite_exec($DB, "CREATE INDEX ip ON captiveportal (ip)");
|
||||
|
@ -1319,17 +1339,8 @@ function captiveportal_write_elements() {
|
|||
|
||||
$cpcfg = $config['captiveportal'][$cpzone];
|
||||
|
||||
/* delete any existing elements */
|
||||
if (is_dir($g['captiveportal_element_path'])) {
|
||||
$dh = opendir($g['captiveportal_element_path']);
|
||||
while (($file = readdir($dh)) !== false) {
|
||||
if ($file != "." && $file != "..")
|
||||
unlink($g['captiveportal_element_path'] . "/" . $file);
|
||||
}
|
||||
closedir($dh);
|
||||
} else {
|
||||
if (!is_dir($g['captiveportal_element_path']))
|
||||
@mkdir($g['captiveportal_element_path']);
|
||||
}
|
||||
|
||||
if (is_array($cpcfg['element'])) {
|
||||
conf_mount_rw();
|
||||
|
@ -1338,8 +1349,8 @@ function captiveportal_write_elements() {
|
|||
printf(gettext("Error: cannot open '%s' in captiveportal_write_elements()%s"), $data['name'], "\n");
|
||||
return 1;
|
||||
}
|
||||
unlink_if_exists("{$g['captiveportal_path']}/{$data['name']}");
|
||||
@symlink("{$g['captiveportal_element_path']}/{$data['name']}", "{$g['captiveportal_path']}/{$data['name']}");
|
||||
if (!file_exists("{$g['captiveportal_path']}/{$data['name']}"))
|
||||
@symlink("{$g['captiveportal_element_path']}/{$data['name']}", "{$g['captiveportal_path']}/{$data['name']}");
|
||||
}
|
||||
conf_mount_ro();
|
||||
}
|
||||
|
@ -1347,31 +1358,57 @@ function captiveportal_write_elements() {
|
|||
return 0;
|
||||
}
|
||||
|
||||
function captiveportal_free_dnrules($rulenos_start = 2000, $rulenos_range_max = 64500) {
|
||||
global $cpzone;
|
||||
|
||||
$cpruleslck = lock("captiveportalrulesdn", LOCK_EX);
|
||||
if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) {
|
||||
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules"));
|
||||
$ridx = $rulenos_start;
|
||||
while ($ridx < $rulenos_range_max) {
|
||||
if ($rules[$ridx] == $cpzone) {
|
||||
$rules[$ridx] = false;
|
||||
$ridx++;
|
||||
$rules[$ridx] = false;
|
||||
$ridx++;
|
||||
} else
|
||||
$ridx += 2;
|
||||
}
|
||||
file_put_contents("{$g['vardb_path']}/captiveportaldn.rules", serialize($rules));
|
||||
unset($rules);
|
||||
}
|
||||
unlock($cpruleslck);
|
||||
}
|
||||
|
||||
function captiveportal_get_next_dn_ruleno($rulenos_start = 2000, $rulenos_range_max = 64500) {
|
||||
global $config, $g;
|
||||
global $config, $g, $cpzone;
|
||||
|
||||
$cpruleslck = lock("captiveportalrulesdn", LOCK_EX);
|
||||
$ruleno = 0;
|
||||
if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) {
|
||||
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules"));
|
||||
for ($ridx = $rulenos_start; $ridx < $rulenos_range_max; $ridx++) {
|
||||
if ($rules[$ridx]) {
|
||||
$ridx = $rulenos_start;
|
||||
while ($ridx < $rulenos_range_max) {
|
||||
if (empty($rules[$ridx])) {
|
||||
$ruleno = $ridx;
|
||||
$rules[$ridx] = $cpzone;
|
||||
$ridx++;
|
||||
continue;
|
||||
$rules[$ridx] = $cpzone;
|
||||
break;
|
||||
} else {
|
||||
$ridx += 2;
|
||||
}
|
||||
$ruleno = $ridx;
|
||||
$rules[$ridx] = "used";
|
||||
$rules[++$ridx] = "used";
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
$rules = array_pad(array(), $rulenos_range_max, false);
|
||||
$rules[$rulenos_start] = "used";
|
||||
$rules[++$rulenos_start] = "used";
|
||||
$ruleno = $rulenos_start;
|
||||
$rules[$rulenos_start] = $cpzone;
|
||||
$rulenos_start++;
|
||||
$rules[$rulenos_start] = $cpzone;
|
||||
}
|
||||
file_put_contents("{$g['vardb_path']}/captiveportaldn.rules", serialize($rules));
|
||||
unlock($cpruleslck);
|
||||
unset($rules);
|
||||
|
||||
return $ruleno;
|
||||
}
|
||||
|
@ -1383,8 +1420,10 @@ function captiveportal_free_dn_ruleno($ruleno) {
|
|||
if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) {
|
||||
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules"));
|
||||
$rules[$ruleno] = false;
|
||||
$rules[++$ruleno] = false;
|
||||
$ruleno++;
|
||||
$rules[$ruleno] = false;
|
||||
file_put_contents("{$g['vardb_path']}/captiveportaldn.rules", serialize($rules));
|
||||
unset($rules);
|
||||
}
|
||||
unlock($cpruleslck);
|
||||
}
|
||||
|
@ -1397,17 +1436,19 @@ function captiveportal_get_dn_passthru_ruleno($value) {
|
|||
return NULL;
|
||||
|
||||
$cpruleslck = lock("captiveportalrulesdn", LOCK_EX);
|
||||
$ruleno = NULL;
|
||||
if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) {
|
||||
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules"));
|
||||
$ruleno = intval(`/sbin/ipfw -x {$cpzone} show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 5 | /usr/bin/head -n 1`);
|
||||
if ($rules[$ruleno]) {
|
||||
unlock($cpruleslck);
|
||||
return $ruleno;
|
||||
}
|
||||
unset($output);
|
||||
$_gb = exec("/sbin/ipfw -x {$cpzone} show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/awk '{print $5}' | /usr/bin/head -n 1", $output);
|
||||
$ruleno = intval($output[0]);
|
||||
if (!$rules[$ruleno])
|
||||
$ruleno = NULL;
|
||||
unset($rules);
|
||||
}
|
||||
|
||||
unlock($cpruleslck);
|
||||
return NULL;
|
||||
|
||||
return $ruleno;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1426,28 +1467,33 @@ function captiveportal_get_next_ipfw_ruleno($rulenos_start = 2, $rulenos_range_m
|
|||
$ruleno = 0;
|
||||
if (file_exists("{$g['vardb_path']}/captiveportal_{$cpzone}.rules")) {
|
||||
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal_{$cpzone}.rules"));
|
||||
for ($ridx = 2; $ridx < ($rulenos_range_max - $rulenos_start); $ridx++) {
|
||||
if ($rules[$ridx]) {
|
||||
$ridx = $rulenos_start;
|
||||
while ($ridx < $rulenos_range_max) {
|
||||
if (empty($rules[$ridx])) {
|
||||
$ruleno = $ridx;
|
||||
$rules[$ridx] = $cpzone;
|
||||
$ridx++;
|
||||
$rules[$ridx] = $cpzone;
|
||||
break;
|
||||
} else {
|
||||
/*
|
||||
* This allows our traffic shaping pipes to be the in pipe the same as ruleno
|
||||
* and the out pipe ruleno + 1.
|
||||
*/
|
||||
$ridx++;
|
||||
continue;
|
||||
$ridx += 2;
|
||||
}
|
||||
$ruleno = $ridx;
|
||||
$rules[$ridx] = "used";
|
||||
$rules[++$ridx] = "used";
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
$rules = array_pad(array(), $rulenos_range_max, false);
|
||||
$rules[$rulenos_start] = "used";
|
||||
$rules[++$rulenos_start] = "used";
|
||||
$ruleno = 2;
|
||||
$ruleno = $rulenos_start;
|
||||
$rules[$rulenos_start] = $cpzone;
|
||||
$rulenos_start++;
|
||||
$rules[$rulenos_start] = $cpzone;
|
||||
}
|
||||
file_put_contents("{$g['vardb_path']}/captiveportal_{$cpzone}.rules", serialize($rules));
|
||||
unlock($cpruleslck);
|
||||
unset($rules);
|
||||
|
||||
return $ruleno;
|
||||
}
|
||||
|
||||
|
@ -1462,10 +1508,12 @@ function captiveportal_free_ipfw_ruleno($ruleno) {
|
|||
if (file_exists("{$g['vardb_path']}/captiveportal_{$cpzone}.rules")) {
|
||||
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal_{$cpzone}.rules"));
|
||||
$rules[$ruleno] = false;
|
||||
$rules[++$ruleno] = false;
|
||||
$ruleno++;
|
||||
$rules[$ruleno] = false;
|
||||
file_put_contents("{$g['vardb_path']}/captiveportal_{$cpzone}.rules", serialize($rules));
|
||||
}
|
||||
unlock($cpruleslck);
|
||||
unset($rules);
|
||||
}
|
||||
|
||||
function captiveportal_get_ipfw_passthru_ruleno($value) {
|
||||
|
@ -1476,17 +1524,19 @@ function captiveportal_get_ipfw_passthru_ruleno($value) {
|
|||
return NULL;
|
||||
|
||||
$cpruleslck = lock("captiveportalrules{$cpzone}", LOCK_EX);
|
||||
$ruleno = NULL;
|
||||
if (file_exists("{$g['vardb_path']}/captiveportal_{$cpzone}.rules")) {
|
||||
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal_{$cpzone}.rules"));
|
||||
$ruleno = intval(`/sbin/ipfw -x {$cpzone} show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 1 | /usr/bin/head -n 1`);
|
||||
if ($rules[$ruleno]) {
|
||||
unlock($cpruleslck);
|
||||
return $ruleno;
|
||||
}
|
||||
unset($output);
|
||||
$_gb = exec("/sbin/ipfw -x {$cpzone} show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/awk '{print $1}' | /usr/bin/head -n 1", $output);
|
||||
$ruleno = intval($output[0]);
|
||||
if (!$rules[$ruleno])
|
||||
$ruleno = NULL;
|
||||
}
|
||||
|
||||
unlock($cpruleslck);
|
||||
return NULL;
|
||||
unset($rules);
|
||||
|
||||
return $ruleno;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1783,8 +1833,9 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
|
|||
$radiusctx = 'first';
|
||||
|
||||
foreach ($cpdb as $cpentry) {
|
||||
if (empty($cpentry[10]))
|
||||
$cpentry[10] = 'first';
|
||||
if (empty($cpentry[11])) {
|
||||
$cpentry[11] = 'first';
|
||||
}
|
||||
/* on the same ip */
|
||||
if ($cpentry[2] == $clientip) {
|
||||
if (isset($config['captiveportal'][$cpzone]['nomacfilter']) || $cpentry[3] == $clientmac)
|
||||
|
@ -1802,7 +1853,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
|
|||
$remaining_time = 0;
|
||||
|
||||
/* This user was already logged in so we disconnect the old one */
|
||||
captiveportal_disconnect($cpentry,$radiusservers[$cpentry[10]],13);
|
||||
captiveportal_disconnect($cpentry,$radiusservers[$cpentry[11]],13);
|
||||
captiveportal_logportalauth($cpentry[4],$cpentry[3],$cpentry[2],"CONCURRENT LOGIN - TERMINATING OLD SESSION");
|
||||
$unsetindexes[] = $cpentry[5];
|
||||
break;
|
||||
|
@ -1811,7 +1862,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
|
|||
/* on the same username */
|
||||
if (strcasecmp($cpentry[4], $username) == 0) {
|
||||
/* This user was already logged in so we disconnect the old one */
|
||||
captiveportal_disconnect($cpentry,$radiusservers[$cpentry[10]],13);
|
||||
captiveportal_disconnect($cpentry,$radiusservers[$cpentry[11]],13);
|
||||
captiveportal_logportalauth($cpentry[4],$cpentry[3],$cpentry[2],"CONCURRENT LOGIN - TERMINATING OLD SESSION");
|
||||
$unsetindexes[] = $cpentry[5];
|
||||
break;
|
||||
|
@ -1851,7 +1902,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
|
|||
unlock($cpdblck);
|
||||
$macrules = captiveportal_passthrumac_configure_entry($mac);
|
||||
file_put_contents("{$g['tmp_path']}/macentry_{$cpzone}.rules.tmp", $macrules);
|
||||
mwexec("/sbin/ipfw -x {$cpzone}-q {$g['tmp_path']}/macentry_{$cpzone}.rules.tmp");
|
||||
mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/macentry_{$cpzone}.rules.tmp");
|
||||
$writecfg = true;
|
||||
} else {
|
||||
/* See if a pipeno is passed, if not start sessions because this means there isn't one atm */
|
||||
|
@ -1902,13 +1953,14 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
|
|||
|
||||
/* encode password in Base64 just in case it contains commas */
|
||||
$bpassword = base64_encode($password);
|
||||
$insertquery = "INSERT INTO captiveportal (allow_time, pipeno, ip, mac, username, sessionid, bpassword, session_timeout, idle_timeout, session_terminate_time, interim_interval) ";
|
||||
$insertquery = "INSERT INTO captiveportal (allow_time, pipeno, ip, mac, username, sessionid, bpassword, session_timeout, idle_timeout, session_terminate_time, interim_interval, radiusctx) ";
|
||||
$insertquery .= "VALUES ({$allow_time}, {$pipeno}, '{$clientip}', '{$clientmac}', '{$safe_username}', '{$sessionid}', '{$bpassword}', ";
|
||||
$insertquery .= "{$session_timeout}, {$idle_timeout}, {$session_terminate_time}, {$interim_interval})";
|
||||
$insertquery .= "{$session_timeout}, {$idle_timeout}, {$session_terminate_time}, {$interim_interval}, '{$radiusctx}')";
|
||||
|
||||
/* store information to database */
|
||||
captiveportal_write_db($insertquery);
|
||||
unlock($cpdblck);
|
||||
unset($insertquery, $bpassword);
|
||||
|
||||
if (isset($config['captiveportal'][$cpzone]['radacct_enable']) && !empty($radiusservers[$radiusctx])) {
|
||||
$acct_val = RADIUS_ACCOUNTING_START($pipeno, $username, $sessionid, $radiusservers[$radiusctx], $clientip, $clientmac);
|
||||
|
@ -1916,8 +1968,13 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
|
|||
captiveportal_logportalauth($username,$clientmac,$clientip,$type,"RADIUS ACCOUNTING FAILED");
|
||||
}
|
||||
}
|
||||
} else
|
||||
} else {
|
||||
/* NOTE: #3062-11 If the pipeno has been allocated free it to not DoS the CP and maintain proper operation as in radius() case */
|
||||
if (!is_null($pipeno))
|
||||
captiveportal_free_dn_ruleno($pipeno);
|
||||
|
||||
unlock($cpdblck);
|
||||
}
|
||||
|
||||
if ($writecfg == true)
|
||||
write_config();
|
||||
|
@ -1925,10 +1982,10 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
|
|||
/* redirect user to desired destination */
|
||||
if (!empty($attributes['url_redirection']))
|
||||
$my_redirurl = $attributes['url_redirection'];
|
||||
else if (!empty($redirurl))
|
||||
$my_redirurl = $redirurl;
|
||||
else if (!empty($config['captiveportal'][$cpzone]['redirurl']))
|
||||
$my_redirurl = $config['captiveportal'][$cpzone]['redirurl'];
|
||||
else
|
||||
$my_redirurl = $redirurl;
|
||||
|
||||
if(isset($config['captiveportal'][$cpzone]['logoutwin_enable']) && !$passthrumac) {
|
||||
$ourhostname = portal_hostname_from_client_ip($clientip);
|
||||
|
@ -1943,7 +2000,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
|
|||
include("{$g['varetc_path']}/captiveportal-{$cpzone}-logout.html");
|
||||
|
||||
} else {
|
||||
header("Location: " . $my_redirurl);
|
||||
portal_reply_page($my_redirurl, "redir", "Just redirect the user.");
|
||||
}
|
||||
|
||||
return $sessionid;
|
||||
|
|
|
@ -34,8 +34,21 @@ define("OPEN_SSL_CONF_PATH", "/etc/ssl/openssl.cnf");
|
|||
|
||||
require_once("functions.inc");
|
||||
|
||||
global $openssl_digest_algs;
|
||||
$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
|
||||
|
||||
global $openssl_crl_status;
|
||||
$openssl_crl_status = array(
|
||||
OCSP_REVOKED_STATUS_NOSTATUS => "No Status (default)",
|
||||
OCSP_REVOKED_STATUS_UNSPECIFIED => "Unspecified",
|
||||
OCSP_REVOKED_STATUS_KEYCOMPROMISE => "Key Compromise",
|
||||
OCSP_REVOKED_STATUS_CACOMPROMISE => "CA Compromise",
|
||||
OCSP_REVOKED_STATUS_AFFILIATIONCHANGED => "Affiliation Changed",
|
||||
OCSP_REVOKED_STATUS_SUPERSEDED => "Superseded",
|
||||
OCSP_REVOKED_STATUS_CESSATIONOFOPERATION => "Cessation of Operation",
|
||||
OCSP_REVOKED_STATUS_CERTIFICATEHOLD => "Certificate Hold"
|
||||
);
|
||||
|
||||
function & lookup_ca($refid) {
|
||||
global $config;
|
||||
|
||||
|
@ -257,22 +270,28 @@ function cert_import(& $cert, $crt_str, $key_str) {
|
|||
|
||||
function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user", $digest_alg = "sha256") {
|
||||
|
||||
$ca =& lookup_ca($caref);
|
||||
if (!$ca)
|
||||
return false;
|
||||
$cert['type'] = $type;
|
||||
|
||||
$ca_str_crt = base64_decode($ca['crt']);
|
||||
$ca_str_key = base64_decode($ca['prv']);
|
||||
$ca_res_crt = openssl_x509_read($ca_str_crt);
|
||||
$ca_res_key = openssl_pkey_get_private(array(0 => $ca_str_key, 1 => ""));
|
||||
if(!$ca_res_key) return false;
|
||||
$ca_serial = ++$ca['serial'];
|
||||
if ($type != "self-signed") {
|
||||
$cert['caref'] = $caref;
|
||||
$ca =& lookup_ca($caref);
|
||||
if (!$ca)
|
||||
return false;
|
||||
|
||||
$ca_str_crt = base64_decode($ca['crt']);
|
||||
$ca_str_key = base64_decode($ca['prv']);
|
||||
$ca_res_crt = openssl_x509_read($ca_str_crt);
|
||||
$ca_res_key = openssl_pkey_get_private(array(0 => $ca_str_key, 1 => ""));
|
||||
if(!$ca_res_key) return false;
|
||||
$ca_serial = ++$ca['serial'];
|
||||
}
|
||||
|
||||
switch ($type) {
|
||||
case "ca":
|
||||
$cert_type = "v3_ca";
|
||||
break;
|
||||
case "server":
|
||||
case "self-signed":
|
||||
$cert_type = "server";
|
||||
break;
|
||||
default:
|
||||
|
@ -291,11 +310,20 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user", $di
|
|||
$res_key = openssl_pkey_new($args);
|
||||
if(!$res_key) return false;
|
||||
|
||||
// If this is a self-signed cert, blank out the CA and sign with the cert's key
|
||||
if ($type == "self-signed") {
|
||||
$ca = null;
|
||||
$ca_res_crt = null;
|
||||
$ca_res_key = $res_key;
|
||||
$ca_serial = 0;
|
||||
$cert['type'] = "server";
|
||||
}
|
||||
|
||||
// generate a certificate signing request
|
||||
$res_csr = openssl_csr_new($dn, $res_key, $args);
|
||||
if(!$res_csr) return false;
|
||||
|
||||
// self sign the certificate
|
||||
// sign the certificate using an internal CA
|
||||
$res_crt = openssl_csr_sign($res_csr, $ca_res_crt, $ca_res_key, $lifetime,
|
||||
$args, $ca_serial);
|
||||
if(!$res_crt) return false;
|
||||
|
@ -306,10 +334,8 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user", $di
|
|||
return false;
|
||||
|
||||
// return our certificate information
|
||||
$cert['caref'] = $caref;
|
||||
$cert['crt'] = base64_encode($str_crt);
|
||||
$cert['prv'] = base64_encode($str_key);
|
||||
$cert['type'] = $type;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
@ -482,6 +508,16 @@ function cert_get_dates($str_crt, $decode = true) {
|
|||
return array($start, $end);
|
||||
}
|
||||
|
||||
function cert_get_serial($str_crt, $decode = true) {
|
||||
if ($decode)
|
||||
$str_crt = base64_decode($str_crt);
|
||||
$crt_details = openssl_x509_parse($str_crt);
|
||||
if (isset($crt_details['serialNumber']) && !empty($crt_details['serialNumber']))
|
||||
return $crt_details['serialNumber'];
|
||||
else
|
||||
return NULL;
|
||||
}
|
||||
|
||||
function prv_get_modulus($str_crt, $decode = true){
|
||||
return cert_get_modulus($str_crt, $decode, "prv");
|
||||
}
|
||||
|
@ -561,32 +597,6 @@ function cert_in_use($certref) {
|
|||
is_captiveportal_cert($certref));
|
||||
}
|
||||
|
||||
/*
|
||||
CRL code is a *WORK IN PROGRESS* do not try to use these functions yet.
|
||||
|
||||
OpenSSL CRL status code constants.
|
||||
OCSP_REVOKED_STATUS_NOSTATUS
|
||||
OCSP_REVOKED_STATUS_UNSPECIFIED
|
||||
OCSP_REVOKED_STATUS_KEYCOMPROMISE
|
||||
OCSP_REVOKED_STATUS_CACOMPROMISE
|
||||
OCSP_REVOKED_STATUS_AFFILIATIONCHANGED
|
||||
OCSP_REVOKED_STATUS_SUPERSEDED
|
||||
OCSP_REVOKED_STATUS_CESSATIONOFOPERATION
|
||||
OCSP_REVOKED_STATUS_CERTIFICATEHOLD
|
||||
OCSP_REVOKED_STATUS_REMOVEFROMCRL
|
||||
*/
|
||||
|
||||
$openssl_crl_status = array(
|
||||
OCSP_REVOKED_STATUS_NOSTATUS => "No Status (default)",
|
||||
OCSP_REVOKED_STATUS_UNSPECIFIED => "Unspecified",
|
||||
OCSP_REVOKED_STATUS_KEYCOMPROMISE => "Key Compromise",
|
||||
OCSP_REVOKED_STATUS_CACOMPROMISE => "CA Compromise",
|
||||
OCSP_REVOKED_STATUS_AFFILIATIONCHANGED => "Affiliation Changed",
|
||||
OCSP_REVOKED_STATUS_SUPERSEDED => "Superseded",
|
||||
OCSP_REVOKED_STATUS_CESSATIONOFOPERATION => "Cessation of Operation",
|
||||
OCSP_REVOKED_STATUS_CERTIFICATEHOLD => "Certificate Hold"
|
||||
);
|
||||
|
||||
function crl_create(& $crl, $caref, $name, $serial=0, $lifetime=9999) {
|
||||
global $config;
|
||||
$ca =& lookup_ca($caref);
|
||||
|
@ -658,6 +668,22 @@ function cert_unrevoke($cert, & $crl) {
|
|||
return false;
|
||||
}
|
||||
|
||||
/* Compare two certificates to see if they match. */
|
||||
function cert_compare($cert1, $cert2) {
|
||||
/* Ensure two certs are identical by first checking that their issuers match, then
|
||||
subjects, then serial numbers, and finally the moduli. Anything less strict
|
||||
could accidentally count two similar, but different, certificates as
|
||||
being identical. */
|
||||
$c1 = base64_decode($cert1['crt']);
|
||||
$c2 = base64_decode($cert2['crt']);
|
||||
if ((cert_get_issuer($c1, false) == cert_get_issuer($c2, false))
|
||||
&& (cert_get_subject($c1, false) == cert_get_subject($c2, false))
|
||||
&& (cert_get_serial($c1, false) == cert_get_serial($c2, false))
|
||||
&& (cert_get_modulus($c1, false) == cert_get_modulus($c2, false)))
|
||||
return true;
|
||||
return false;
|
||||
}
|
||||
|
||||
function is_cert_revoked($cert, $crlref = "") {
|
||||
global $config;
|
||||
if (!is_array($config['crl']))
|
||||
|
@ -668,7 +694,7 @@ function is_cert_revoked($cert, $crlref = "") {
|
|||
if (!is_array($crl['cert']))
|
||||
return false;
|
||||
foreach ($crl['cert'] as $rcert) {
|
||||
if (($rcert['refid'] == $cert['refid']) || ($rcert['descr'] == $cert['descr']))
|
||||
if (cert_compare($rcert, $cert))
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
|
@ -676,7 +702,7 @@ function is_cert_revoked($cert, $crlref = "") {
|
|||
if (!is_array($crl['cert']))
|
||||
continue;
|
||||
foreach ($crl['cert'] as $rcert) {
|
||||
if (($rcert['refid'] == $cert['refid']) || ($rcert['descr'] == $cert['descr']))
|
||||
if (cert_compare($rcert, $cert))
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -51,13 +51,14 @@ function set_networking_interfaces_ports() {
|
|||
$fp = fopen('php://stdin', 'r');
|
||||
|
||||
$memory = get_memory();
|
||||
$avail = $memory[1];
|
||||
$physmem = $memory[0];
|
||||
$realmem = $memory[1];
|
||||
|
||||
if($avail < $g['minimum_ram_warning']) {
|
||||
if($physmem < $g['minimum_ram_warning']) {
|
||||
echo "\n\n\n";
|
||||
echo gettext("DANGER! WARNING! ACHTUNG!") . "\n\n";
|
||||
printf(gettext("%s requires *AT LEAST* %s RAM to function correctly.%s"), $g['product_name'], $g['minimum_ram_warning_text'], "\n");
|
||||
printf(gettext("Only (%s) MB RAM has been detected.%s"), $avail, "\n");
|
||||
printf(gettext("Only (%s) MB RAM has been detected, with (%s) available to %s.%s"), $realmem, $physmem, $g['product_name'], "\n");
|
||||
echo "\n" . gettext("Press ENTER to continue.") . " ";
|
||||
fgets($fp);
|
||||
echo "\n";
|
||||
|
|
|
@ -308,10 +308,7 @@ function conf_mount_rw() {
|
|||
if($g['platform'] == "cdrom" or $g['platform'] == "pfSense")
|
||||
return;
|
||||
|
||||
if (!isset($config['system']['nanobsd_force_rw']) && (refcount_reference(1000) > 1))
|
||||
return;
|
||||
|
||||
if (isset($config['system']['nanobsd_force_rw']) && is_writable("/"))
|
||||
if ((refcount_reference(1000) > 1) && is_writable("/"))
|
||||
return;
|
||||
|
||||
$status = mwexec("/sbin/mount -u -w -o sync,noatime {$g['cf_path']}");
|
||||
|
@ -348,12 +345,15 @@ function conf_mount_ro() {
|
|||
/* Do not trust $g['platform'] since this can be clobbered during factory reset. */
|
||||
$platform = trim(file_get_contents("/etc/platform"));
|
||||
/* do not umount on cdrom or pfSense platforms */
|
||||
if($platform == "cdrom" or $platform == "pfSense" or isset($config['system']['nanobsd_force_rw']))
|
||||
if($platform == "cdrom" or $platform == "pfSense")
|
||||
return;
|
||||
|
||||
if (refcount_unreference(1000) > 0)
|
||||
return;
|
||||
|
||||
if(isset($config['system']['nanobsd_force_rw']))
|
||||
return;
|
||||
|
||||
if($g['booting'])
|
||||
return;
|
||||
|
||||
|
@ -384,14 +384,16 @@ function convert_config() {
|
|||
|
||||
/* special case upgrades */
|
||||
/* fix every minute crontab bogons entry */
|
||||
$cron_item_count = count($config['cron']['item']);
|
||||
for($x=0; $x<$cron_item_count; $x++) {
|
||||
if(stristr($config['cron']['item'][$x]['command'], "rc.update_bogons.sh")) {
|
||||
if($config['cron']['item'][$x]['hour'] == "*" ) {
|
||||
$config['cron']['item'][$x]['hour'] = "3";
|
||||
write_config(gettext("Updated bogon update frequency to 3am"));
|
||||
log_error(gettext("Updated bogon update frequency to 3am"));
|
||||
}
|
||||
if (is_array($config['cron'])) {
|
||||
$cron_item_count = count($config['cron']['item']);
|
||||
for($x=0; $x<$cron_item_count; $x++) {
|
||||
if(stristr($config['cron']['item'][$x]['command'], "rc.update_bogons.sh")) {
|
||||
if($config['cron']['item'][$x]['hour'] == "*" ) {
|
||||
$config['cron']['item'][$x]['hour'] = "3";
|
||||
write_config(gettext("Updated bogon update frequency to 3am"));
|
||||
log_error(gettext("Updated bogon update frequency to 3am"));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($config['version'] == $g['latest_config'])
|
||||
|
|
|
@ -19,11 +19,13 @@
|
|||
* - OpenDNS (opendns.com)
|
||||
* - Namecheap (namecheap.com)
|
||||
* - HE.net (dns.he.net)
|
||||
* - HE.net IPv6 (dns.he.net)
|
||||
* - HE.net Tunnelbroker IP update (ipv4.tunnelbroker.net)
|
||||
* - SelfHost (selfhost.de)
|
||||
* - Amazon Route 53 (aws.amazon.com)
|
||||
* - DNS-O-Matic (dnsomatic.com)
|
||||
* - Custom DDNS (any URL)
|
||||
* - Custom DDNS IPv6 (any URL)
|
||||
* +----------------------------------------------------+
|
||||
* Requirements:
|
||||
* - PHP version 4.0.2 or higher with the CURL Library and the PCRE Library
|
||||
|
@ -55,7 +57,8 @@
|
|||
* DNSexit - Last Tested: 20 July 2008
|
||||
* OpenDNS - Last Tested: 4 August 2008
|
||||
* Namecheap - Last Tested: 31 August 2010
|
||||
* HE.net - Last Tested: NEVER
|
||||
* HE.net - Last Tested: 7 July 2013
|
||||
* HE.net IPv6 - Last Tested: 7 July 2013
|
||||
* HE.net Tunnel - Last Tested: 28 June 2011
|
||||
* SelfHost - Last Tested: 26 December 2011
|
||||
* Amazon Route 53 - Last tested: 01 April 2012
|
||||
|
@ -74,6 +77,7 @@
|
|||
|
||||
class updatedns {
|
||||
var $_cacheFile;
|
||||
var $_cacheFile_v6;
|
||||
var $_debugFile;
|
||||
var $_UserAgent = 'User-Agent: phpDynDNS/0.7';
|
||||
var $_errorVerbosity = 0;
|
||||
|
@ -100,6 +104,7 @@
|
|||
var $_dnsMaxCacheAgeDays;
|
||||
var $_dnsDummyUpdateDone;
|
||||
var $_forceUpdateNeeded;
|
||||
var $_useIPv6;
|
||||
|
||||
/*
|
||||
* Public Constructor Function (added 12 July 05) [beta]
|
||||
|
@ -119,6 +124,7 @@
|
|||
global $config, $g;
|
||||
|
||||
$this->_cacheFile = "{$g['conf_path']}/dyndns_{$dnsIf}{$dnsService}" . escapeshellarg($dnsHost) . "{$dnsID}.cache";
|
||||
$this->_cacheFile_v6 = "{$g['conf_path']}/dyndns_{$dnsIf}{$dnsService}" . escapeshellarg($dnsHost) . "{$dnsID}_v6.cache";
|
||||
$this->_debugFile = "{$g['varetc_path']}/dyndns_{$dnsIf}{$dnsService}" . escapeshellarg($dnsHost) . "{$dnsID}.debug";
|
||||
|
||||
$this->_dnsVerboseLog = $dnsVerboseLog;
|
||||
|
@ -149,6 +155,14 @@
|
|||
if (!$dnsHost) $this->_error(5);
|
||||
}
|
||||
|
||||
switch ($dnsService) {
|
||||
case 'he-net-v6':
|
||||
case 'custom-v6':
|
||||
$this->_useIPv6 = true;
|
||||
break;
|
||||
default:
|
||||
$this->_useIPv6 = false;
|
||||
}
|
||||
$this->_dnsService = strtolower($dnsService);
|
||||
$this->_dnsUser = $dnsUser;
|
||||
$this->_dnsPass = $dnsPass;
|
||||
|
@ -201,9 +215,11 @@
|
|||
case 'staticcling':
|
||||
case 'dnsexit':
|
||||
case 'custom':
|
||||
case 'custom-v6':
|
||||
case 'opendns':
|
||||
case 'namecheap':
|
||||
case 'he-net':
|
||||
case 'he-net-v6':
|
||||
case 'selfhost':
|
||||
case 'he-net-tunnelbroker':
|
||||
case 'route53':
|
||||
|
@ -293,7 +309,7 @@
|
|||
case 'noip-free':
|
||||
$needsIP = TRUE;
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
|
||||
$server = "http://dynupdate.no-ip.com/ducupdate.php";
|
||||
$server = "https://dynupdate.no-ip.com/ducupdate.php";
|
||||
$port = "";
|
||||
if($this->_dnsServer)
|
||||
$server = $this->_dnsServer;
|
||||
|
@ -315,7 +331,7 @@
|
|||
$needsIP = TRUE;
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
|
||||
curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass);
|
||||
$server = "http://members.easydns.com/dyn/dyndns.php";
|
||||
$server = "https://members.easydns.com/dyn/dyndns.php";
|
||||
$port = "";
|
||||
if($this->_dnsServer)
|
||||
$server = $this->_dnsServer;
|
||||
|
@ -351,7 +367,7 @@
|
|||
break;
|
||||
case 'dyns':
|
||||
$needsIP = FALSE;
|
||||
$server = "http://www.dyns.cx/postscript011.php";
|
||||
$server = "https://www.dyns.cx/postscript011.php";
|
||||
$port = "";
|
||||
if($this->_dnsServer)
|
||||
$server = $this->_dnsServer;
|
||||
|
@ -399,11 +415,11 @@
|
|||
break;
|
||||
case 'freedns':
|
||||
$needIP = FALSE;
|
||||
curl_setopt($ch, CURLOPT_URL, 'http://freedns.afraid.org/dynamic/update.php?' . $this->_dnsPass);
|
||||
curl_setopt($ch, CURLOPT_URL, 'https://freedns.afraid.org/dynamic/update.php?' . $this->_dnsPass);
|
||||
break;
|
||||
case 'dnsexit':
|
||||
$needsIP = TRUE;
|
||||
curl_setopt($ch, CURLOPT_URL, 'http://www.dnsexit.com/RemoteUpdate.sv?login='.$this->_dnsUser. '&password='.$this->_dnsPass.'&host='.$this->_dnsHost.'&myip='.$this->_dnsIP);
|
||||
curl_setopt($ch, CURLOPT_URL, 'https://www.dnsexit.com/RemoteUpdate.sv?login='.$this->_dnsUser. '&password='.$this->_dnsPass.'&host='.$this->_dnsHost.'&myip='.$this->_dnsIP);
|
||||
break;
|
||||
case 'loopia':
|
||||
$needsIP = TRUE;
|
||||
|
@ -427,7 +443,7 @@
|
|||
|
||||
case 'staticcling':
|
||||
$needsIP = FALSE;
|
||||
curl_setopt($ch, CURLOPT_URL, 'http://www.staticcling.org/update.html?login='.$this->_dnsUser.'&pass='.$this->_dnsPass);
|
||||
curl_setopt($ch, CURLOPT_URL, 'https://www.staticcling.org/update.html?login='.$this->_dnsUser.'&pass='.$this->_dnsPass);
|
||||
break;
|
||||
case 'dnsomatic':
|
||||
/* Example syntax
|
||||
|
@ -438,8 +454,16 @@
|
|||
log_error("DNS-O-Matic: DNS update() starting.");
|
||||
if (isset($this->_dnsWildcard) && $this->_dnsWildcard != "OFF") $this->_dnsWildcard = "ON";
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
|
||||
curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass);
|
||||
$server = "https://" . $this->_dnsUser . ":" . $this->_dnsPass . "@updates.dnsomatic.com/nic/update?hostname=";
|
||||
/*
|
||||
Reference: https://www.dnsomatic.com/wiki/api
|
||||
DNS-O-Matic usernames are 3-25 characters.
|
||||
DNS-O-Matic passwords are 6-20 characters.
|
||||
All ASCII letters and numbers accepted.
|
||||
Dots, dashes, and underscores allowed, but not at the beginning or end of the string.
|
||||
Required: "rawurlencode" http://www.php.net/manual/en/function.rawurlencode.php
|
||||
Encodes the given string according to RFC 3986.
|
||||
*/
|
||||
$server = "https://" . rawurlencode($this->_dnsUser) . ":" . rawurlencode($this->_dnsPass) . "@updates.dnsomatic.com/nic/update?hostname=";
|
||||
if($this->_dnsServer)
|
||||
$server = $this->_dnsServer;
|
||||
if($this->_dnsPort)
|
||||
|
@ -464,6 +488,7 @@
|
|||
curl_setopt($ch, CURLOPT_URL, $server);
|
||||
break;
|
||||
case 'he-net':
|
||||
case 'he-net-v6':
|
||||
$needsIP = FALSE;
|
||||
if ($this->_dnsVerboseLog)
|
||||
log_error("HE.net ({$this->_dnsHost}): DNS update() starting.");
|
||||
|
@ -554,6 +579,7 @@
|
|||
$this->_checkStatus(0, $result);
|
||||
break;
|
||||
case 'custom':
|
||||
case 'custom-v6':
|
||||
if ($this->_dnsVerboseLog)
|
||||
log_error("Custom DDNS ({$this->_dnsHost}): DNS update() starting.");
|
||||
if (strstr($this->dnsUpdateURL, "%IP%")) {$needsIP = TRUE;} else {$needsIP = FALSE;}
|
||||
|
@ -904,6 +930,7 @@
|
|||
break;
|
||||
|
||||
case 'he-net':
|
||||
case 'he-net-v6':
|
||||
if (preg_match("/badip/i", $data)) {
|
||||
$status = "phpDynDNS: (Error) Bad Request - The IP provided was invalid.";
|
||||
} else if (preg_match('/nohost/i', $data)) {
|
||||
|
@ -970,6 +997,7 @@
|
|||
$successful_update = true;
|
||||
break;
|
||||
case 'custom':
|
||||
case 'custom-v6':
|
||||
$successful_update = false;
|
||||
if ($this->_dnsResultMatch == "") {
|
||||
$successful_update = true;
|
||||
|
@ -994,13 +1022,20 @@
|
|||
/* Write WAN IP to cache file */
|
||||
$wan_ip = $this->_checkIP();
|
||||
conf_mount_rw();
|
||||
if ($wan_ip > 0) {
|
||||
if ($this->_useIPv6 == false && $wan_ip > 0) {
|
||||
$currentTime = time();
|
||||
notify_all_remote(sprintf(gettext("DynDNS updated IP Address on %s (%s) to %s"), convert_real_interface_to_friendly_descr($this->_if), $this->_if, $wan_ip));
|
||||
log_error("phpDynDNS: updating cache file {$this->_cacheFile}: {$wan_ip}");
|
||||
@file_put_contents($this->_cacheFile, "{$wan_ip}:{$currentTime}");
|
||||
} else
|
||||
@unlink($this->_cacheFile);
|
||||
if ($this->_useIPv6 == true && $wan_ip > 0) {
|
||||
$currentTime = time();
|
||||
notify_all_remote(sprintf(gettext("DynDNS updated IPv6 Address on %s (%s) to %s"), convert_real_interface_to_friendly_descr($this->_if), $this->_if, $wan_ip));
|
||||
log_error("phpDynDNS: updating cache file {$this->_cacheFile_v6}: {$wan_ip}");
|
||||
@file_put_contents($this->_cacheFile_v6, "{$wan_ip}|{$currentTime}");
|
||||
} else
|
||||
@unlink($this->_cacheFile_v6);
|
||||
conf_mount_ro();
|
||||
}
|
||||
$this->status = $status;
|
||||
|
@ -1055,7 +1090,7 @@
|
|||
/*
|
||||
* Private Function (added 12 July 05) [beta]
|
||||
* - Detect whether or not IP needs to be updated.
|
||||
* | Written Specifically for pfSense (pfsense.com) may
|
||||
* | Written Specifically for pfSense (https://www.pfsense.org) may
|
||||
* | work with other systems. pfSense base is FreeBSD.
|
||||
*/
|
||||
function _detectChange() {
|
||||
|
@ -1073,20 +1108,38 @@
|
|||
}
|
||||
$log_error = "DynDns ({$this->_dnsHost}): Current WAN IP: {$wan_ip} ";
|
||||
|
||||
if (file_exists($this->_cacheFile)) {
|
||||
$contents = file_get_contents($this->_cacheFile);
|
||||
list($cacheIP,$cacheTime) = explode(':', $contents);
|
||||
$this->_debug($cacheIP.'/'.$cacheTime);
|
||||
$initial = false;
|
||||
$log_error .= "Cached IP: {$cacheIP} ";
|
||||
if ($this->_useIPv6 == true) {
|
||||
if (file_exists($this->_cacheFile_v6)) {
|
||||
$contents = file_get_contents($this->_cacheFile_v6);
|
||||
list($cacheIP,$cacheTime) = explode('|', $contents);
|
||||
$this->_debug($cacheIP.'/'.$cacheTime);
|
||||
$initial = false;
|
||||
$log_error .= "Cached IPv6: {$cacheIP} ";
|
||||
} else {
|
||||
conf_mount_rw();
|
||||
$cacheIP = '::';
|
||||
@file_put_contents($this->_cacheFile, "::|{$currentTime}");
|
||||
conf_mount_ro();
|
||||
$cacheTime = $currentTime;
|
||||
$initial = true;
|
||||
$log_error .= "No Cached IPv6 found.";
|
||||
}
|
||||
} else {
|
||||
conf_mount_rw();
|
||||
$cacheIP = '0.0.0.0';
|
||||
@file_put_contents($this->_cacheFile, "0.0.0.0:{$currentTime}");
|
||||
conf_mount_ro();
|
||||
$cacheTime = $currentTime;
|
||||
$initial = true;
|
||||
$log_error .= "No Cached IP found.";
|
||||
if (file_exists($this->_cacheFile)) {
|
||||
$contents = file_get_contents($this->_cacheFile);
|
||||
list($cacheIP,$cacheTime) = explode(':', $contents);
|
||||
$this->_debug($cacheIP.'/'.$cacheTime);
|
||||
$initial = false;
|
||||
$log_error .= "Cached IP: {$cacheIP} ";
|
||||
} else {
|
||||
conf_mount_rw();
|
||||
$cacheIP = '0.0.0.0';
|
||||
@file_put_contents($this->_cacheFile, "0.0.0.0:{$currentTime}");
|
||||
conf_mount_ro();
|
||||
$cacheTime = $currentTime;
|
||||
$initial = true;
|
||||
$log_error .= "No Cached IP found.";
|
||||
}
|
||||
}
|
||||
if ($this->_dnsVerboseLog)
|
||||
log_error($log_error);
|
||||
|
@ -1148,10 +1201,16 @@
|
|||
if ($debug)
|
||||
log_error("DynDns ({$this->_dnsHost}): _checkIP() starting.");
|
||||
|
||||
$ip_address = find_interface_ip($this->_if);
|
||||
if (!is_ipaddr($ip_address))
|
||||
return 0;
|
||||
if (is_private_ip($ip_address)) {
|
||||
if ($this->_useIPv6 == true) {
|
||||
$ip_address = find_interface_ipv6($this->_if);
|
||||
if (!is_ipaddrv6($ip_address))
|
||||
return 0;
|
||||
} else {
|
||||
$ip_address = find_interface_ip($this->_if);
|
||||
if (!is_ipaddr($ip_address))
|
||||
return 0;
|
||||
}
|
||||
if ($this->_useIPv6 == false && is_private_ip($ip_address)) {
|
||||
$hosttocheck = "checkip.dyndns.org";
|
||||
$try = 0;
|
||||
while ($try < 3) {
|
||||
|
@ -1170,6 +1229,9 @@
|
|||
curl_setopt($ip_ch, CURLOPT_INTERFACE, $ip_address);
|
||||
curl_setopt($ip_ch, CURLOPT_CONNECTTIMEOUT, '30');
|
||||
curl_setopt($ip_ch, CURLOPT_TIMEOUT, 120);
|
||||
if ($this->_useIPv6 == false) {
|
||||
curl_setopt($ip_ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
|
||||
}
|
||||
$ip_result_page = curl_exec($ip_ch);
|
||||
curl_close($ip_ch);
|
||||
$ip_result_decoded = urldecode($ip_result_page);
|
||||
|
|
|
@ -71,7 +71,7 @@ function easyrule_find_rule_interface($int) {
|
|||
return false;
|
||||
}
|
||||
|
||||
function easyrule_block_rule_exists($int = 'wan') {
|
||||
function easyrule_block_rule_exists($int = 'wan', $ipproto = "inet") {
|
||||
global $blockaliasname, $config;
|
||||
/* No rules, we we know it doesn't exist */
|
||||
if (!is_array($config['filter']['rule'])) {
|
||||
|
@ -82,7 +82,8 @@ function easyrule_block_rule_exists($int = 'wan') {
|
|||
foreach ($config['filter']['rule'] as $rule) {
|
||||
if (!is_array($rule) || !is_array($rule['source']))
|
||||
continue;
|
||||
if ($rule['source']['address'] == $blockaliasname . strtoupper($int) && ($rule['interface'] == $int) && ($rule['ipprotocol'] == $ipproto))
|
||||
$checkproto = isset($rule['ipprotocol']) ? $rule['ipprotocol'] : "inet";
|
||||
if ($rule['source']['address'] == $blockaliasname . strtoupper($int) && ($rule['interface'] == $int) && ($checkproto == $ipproto))
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
|
@ -272,7 +273,7 @@ function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport, $ipp
|
|||
if ($proto == "icmp")
|
||||
$filterent['icmptype'] = 'echoreq';
|
||||
|
||||
if (strtolower($proto) == "icmp6")
|
||||
if ((strtolower($proto) == "icmp6") || (strtolower($proto) == "icmpv6"))
|
||||
$filterent['protocol'] = "icmp";
|
||||
|
||||
if (is_subnet($srchost)) {
|
||||
|
|
|
@ -58,6 +58,29 @@ $filterdns = array();
|
|||
/* Used for aliases and interface macros */
|
||||
$aliases = "";
|
||||
|
||||
function fix_rule_label($descr) {
|
||||
$descr = str_replace('"', '', $descr);
|
||||
if (strlen($descr) > 63)
|
||||
return substr($descr, 0, 60) . "...";
|
||||
else
|
||||
return $descr;
|
||||
}
|
||||
|
||||
function is_bogonsv6_used() {
|
||||
global $config, $g;
|
||||
# Only use bogonsv6 table if IPv6 Allow is on, and at least 1 enabled interface also has "blockbogons" enabled.
|
||||
$usebogonsv6 = false;
|
||||
if (isset($config['system']['ipv6allow'])) {
|
||||
foreach ($config['interfaces'] as $ifacedata) {
|
||||
if(isset($ifacedata['enable']) && isset($ifacedata['blockbogons'])) {
|
||||
$usebogonsv6 = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
return $usebogonsv6;
|
||||
}
|
||||
|
||||
function flowtable_configure() {
|
||||
global $config, $g;
|
||||
|
||||
|
@ -93,13 +116,16 @@ function filter_pflog_start($kill_first = false) {
|
|||
}
|
||||
mute_kernel_msgs();
|
||||
$output = 0;
|
||||
exec("/bin/pgrep -af 'tcpdump -s 256 -v -S -l -n -e -ttt -i pflog0'", $output, $retval);
|
||||
$tcpdump_cmd = "tcpdump -s 256 -v -S -l -n -e -ttt -i pflog0";
|
||||
exec("/bin/pgrep -af '{$tcpdump_cmd}'", $output, $retval);
|
||||
if ($kill_first && ($output[0] > 1)) {
|
||||
mwexec("/bin/kill {$output[0]}");
|
||||
usleep(1000);
|
||||
/* Ensure the restart below runs */
|
||||
$retval = 1;
|
||||
}
|
||||
if($retval != 0)
|
||||
mwexec_bg("/usr/sbin/tcpdump -s 256 -v -S -l -n -e -ttt -i pflog0 | logger -t pf -p local0.info");
|
||||
mwexec_bg("/usr/sbin/{$tcpdump_cmd} | logger -t pf -p local0.info");
|
||||
unmute_kernel_msgs();
|
||||
}
|
||||
|
||||
|
@ -126,6 +152,7 @@ function filter_delete_states_for_down_gateways() {
|
|||
if (isset($config['system']['kill_states']))
|
||||
return;
|
||||
|
||||
$any_gateway_down = false;
|
||||
$a_gateways = return_gateways_status();
|
||||
if (is_array($GatewaysList)) {
|
||||
foreach ($GatewaysList as $gwname => $gateway) {
|
||||
|
@ -139,20 +166,13 @@ function filter_delete_states_for_down_gateways() {
|
|||
continue;
|
||||
$gwstatus =& $a_gateways[$gateway['monitor']];
|
||||
if (strstr($gwstatus['status'], "down")) {
|
||||
if (!empty($gateway['interface']))
|
||||
$gwiface = $gateway['interface'];
|
||||
else
|
||||
$gwiface = get_real_interface($gateway['friendlyiface']);
|
||||
$cmd = "/sbin/pfctl -i {$gwiface} -Fs";
|
||||
mwexec($cmd);
|
||||
$gwip = $gateway['gateway'];
|
||||
if (is_ipaddr($gwip)) {
|
||||
$cmd = "/sbin/pfctl -i {$gwiface} -Fs -G {$gwip}";
|
||||
mwexec($cmd);
|
||||
}
|
||||
$any_gateway_down = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($any_gateway_down == true)
|
||||
mwexec("/sbin/pfctl -Fs");
|
||||
}
|
||||
|
||||
/* reload filter sync */
|
||||
|
@ -221,10 +241,6 @@ function filter_configure_sync($delete_states_if_needed = true) {
|
|||
return;
|
||||
}
|
||||
|
||||
// Copy rules.debug to rules.debug.old
|
||||
if(file_exists("{$g['tmp_path']}/rules.debug"))
|
||||
@copy("{$g['tmp_path']}/rules.debug", "{$g['tmp_path']}/rules.debug.old");
|
||||
|
||||
$limitrules = "";
|
||||
/* Define the maximum number of tables the system can handle (should be at least aliases*2+some spare) */
|
||||
$maxtables = is_numeric($config['system']['maximumtables']) ? $config['system']['maximumtables'] : "3000";
|
||||
|
@ -277,11 +293,13 @@ function filter_configure_sync($delete_states_if_needed = true) {
|
|||
$rules .= "{$altq_queues}\n";
|
||||
$rules .= "{$natrules}\n";
|
||||
$rules .= "{$pfrules}\n";
|
||||
|
||||
$rules .= discover_pkg_rules("filter");
|
||||
|
||||
@file_put_contents("{$g['tmp_path']}/rules.limits", $limitrules);
|
||||
mwexec("/sbin/pfctl -o basic -f {$g['tmp_path']}/rules.limits");
|
||||
unset($aliases, $gateways, $altq_queues, $natrules, $pfrules);
|
||||
|
||||
// Copy rules.debug to rules.debug.old
|
||||
if(file_exists("{$g['tmp_path']}/rules.debug"))
|
||||
@copy("{$g['tmp_path']}/rules.debug", "{$g['tmp_path']}/rules.debug.old");
|
||||
|
||||
if (!@file_put_contents("{$g['tmp_path']}/rules.debug", $rules, LOCK_EX)) {
|
||||
log_error("WARNING: Could not write new rules!");
|
||||
|
@ -289,6 +307,8 @@ function filter_configure_sync($delete_states_if_needed = true) {
|
|||
return;
|
||||
}
|
||||
|
||||
@file_put_contents("{$g['tmp_path']}/rules.limits", $limitrules);
|
||||
mwexec("/sbin/pfctl -Of {$g['tmp_path']}/rules.limits");
|
||||
unset($rules, $limitrules);
|
||||
|
||||
if(isset($config['system']['developerspew'])) {
|
||||
|
@ -302,33 +322,39 @@ function filter_configure_sync($delete_states_if_needed = true) {
|
|||
echo "pfctl done at $mt\n";
|
||||
}
|
||||
/*
|
||||
* check for a error while loading the rules file. if an error has occured
|
||||
* check for a error while loading the rules file. if an error has occurred
|
||||
* then output the contents of the error to the caller
|
||||
*/
|
||||
if($rules_loading <> 0) {
|
||||
$saved_line_error = $rules_error[0];
|
||||
$line_error = explode(":", $rules_error[0]);
|
||||
$line_number = $line_error[1];
|
||||
$line_split = file("{$g['tmp_path']}/rules.debug");
|
||||
if(is_array($line_split))
|
||||
$line_error = sprintf(gettext('The line in question reads [%1$d]: %2$s'), $line_number, $line_split[$line_number-1]);
|
||||
unset($line_split);
|
||||
if ($line_error and $line_number) {
|
||||
file_notice("filter_load", sprintf(gettext('There were error(s) loading the rules: %1$s - %2$s'), $rules_error[0], $line_error), "Filter Reload", "");
|
||||
update_filter_reload_status(sprintf(gettext('There were error(s) loading the rules: %1$s - %2$s'), $rules_error[0], $line_error));
|
||||
unlock($filterlck);
|
||||
return;
|
||||
}
|
||||
|
||||
/* Brutal ugly hack but required -- PF is stuck, unwedge */
|
||||
if (strstr("$rules_error[0]", "busy")) {
|
||||
exec("/sbin/pfctl -d; /sbin/pfctl -e; /sbin/pfctl -f {$g['tmp_path']}/rules.debug");
|
||||
$error_msg = gettext("PF was wedged/busy and has been reset.");
|
||||
file_notice("pf_busy", $error_msg, "pf_busy", "");
|
||||
} else {
|
||||
$_grbg = exec("/sbin/pfctl -o basic -f {$g['tmp_path']}/rules.debug.old 2>&1");
|
||||
}
|
||||
unset($rules_loading, $rules_error);
|
||||
|
||||
if ($line_error and $line_number) {
|
||||
file_notice("filter_load", sprintf(gettext('There were error(s) loading the rules: %1$s - %2$s'), $saved_line_error, $line_error), "Filter Reload", "");
|
||||
update_filter_reload_status(sprintf(gettext('There were error(s) loading the rules: %1$s - %2$s'), $saved_line_error, $line_error));
|
||||
unlock($filterlck);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
# If allow IPv6 has been unchecked then we can remove any bogonsv6 table (if the table is not there, the kill is still fine).
|
||||
if (!isset($config['system']['ipv6allow']))
|
||||
$_grbg = exec("/sbin/pfctl -t bogonsv6 -T kill");
|
||||
# If we are not using bogonsv6 then we can remove any bogonsv6 table from the running pf (if the table is not there, the kill is still fine).
|
||||
if (!is_bogonsv6_used())
|
||||
$_grbg = exec("/sbin/pfctl -t bogonsv6 -T kill 2>/dev/null");
|
||||
|
||||
update_filter_reload_status(gettext("Starting up layer7 daemon"));
|
||||
layer7_start_l7daemon();
|
||||
|
@ -343,7 +369,11 @@ function filter_configure_sync($delete_states_if_needed = true) {
|
|||
* FilterDNS has three debugging levels. The default choosen is 1.
|
||||
* Availabe are level 2 and greater then 2.
|
||||
*/
|
||||
mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns.pid -i 300 -c {$g['varetc_path']}/filterdns.conf -d 1");
|
||||
if (isset($config['system']['aliasesresolveinterval']) && is_numeric($config['system']['aliasesresolveinterval']))
|
||||
$resolve_interval = $config['system']['aliasesresolveinterval'];
|
||||
else
|
||||
$resolve_interval = 300;
|
||||
mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns.pid -i {$resolve_interval} -c {$g['varetc_path']}/filterdns.conf -d 1");
|
||||
}
|
||||
} else {
|
||||
killbypid("{$g['varrun_path']}/filterdns.pid");
|
||||
|
@ -353,9 +383,12 @@ function filter_configure_sync($delete_states_if_needed = true) {
|
|||
/* run items scheduled for after filter configure run */
|
||||
$fda = fopen("{$g['tmp_path']}/commands.txt", "w");
|
||||
if($fda) {
|
||||
if($after_filter_configure_run)
|
||||
if($after_filter_configure_run) {
|
||||
foreach($after_filter_configure_run as $afcr)
|
||||
fwrite($fda, $afcr . "\n");
|
||||
unset($after_filter_configure_run);
|
||||
}
|
||||
|
||||
/*
|
||||
* we need a way to let a user run a shell cmd after each
|
||||
* filter_configure() call. run this xml command after
|
||||
|
@ -371,6 +404,7 @@ function filter_configure_sync($delete_states_if_needed = true) {
|
|||
mwexec("sh {$g['tmp_path']}/commands.txt &");
|
||||
unlink("{$g['tmp_path']}/commands.txt");
|
||||
}
|
||||
|
||||
/* if time based rules are enabled then swap in the set */
|
||||
if($time_based_rules == true)
|
||||
filter_tdr_install_cron(true);
|
||||
|
@ -440,7 +474,7 @@ function filter_generate_scrubing() {
|
|||
return $scrubrules;
|
||||
}
|
||||
|
||||
function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddrnesting) {
|
||||
function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddrnesting, $all = false) {
|
||||
global $aliastable, $filterdns;
|
||||
|
||||
$addresses = explode(" ", $alias);
|
||||
|
@ -471,9 +505,9 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr
|
|||
}
|
||||
/* We already expanded this alias so there is no neccessity to do it again. */
|
||||
else if(!isset($aliasnesting[$address]))
|
||||
$tmpline = filter_generate_nested_alias($name, $aliastable[$address], $aliasnesting, $aliasaddrnesting);
|
||||
$tmpline = filter_generate_nested_alias($name, $aliastable[$address], $aliasnesting, $aliasaddrnesting, $all);
|
||||
} else if(!isset($aliasaddrnesting[$address])) {
|
||||
if (!is_ipaddr($address) && !is_subnet($address) && !is_port($address) && is_hostname($address)) {
|
||||
if ($all === false && !is_ipaddr($address) && !is_subnet($address) && !is_port($address) && is_hostname($address)) {
|
||||
if (!isset($filterdns["{$address}{$name}"]))
|
||||
$filterdns["{$address}{$name}"] = "pf {$address} {$name}\n";
|
||||
continue;
|
||||
|
@ -501,12 +535,7 @@ function filter_expand_alias($alias_name, $all = false)
|
|||
if($aliased['name'] == $alias_name) {
|
||||
$aliasnesting = array();
|
||||
$aliasaddrnesting = array();
|
||||
$result = filter_generate_nested_alias($aliased['name'], $aliased['address'], $aliasnesting, $aliasaddrnesting);
|
||||
if ($all === true)
|
||||
foreach ($aliasaddrnesting as $addr)
|
||||
if (!preg_match("/\s*$addr\s*/", $result))
|
||||
$result .= " {$addr}";
|
||||
return $result;
|
||||
return filter_generate_nested_alias($aliased['name'], $aliased['address'], $aliasnesting, $aliasaddrnesting, $all);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -566,7 +595,7 @@ function filter_generate_aliases() {
|
|||
if (!file_exists("/etc/bogonsv6"))
|
||||
@file_put_contents("/etc/bogonsv6", "");
|
||||
$aliases .= "table <bogons> persist file \"/etc/bogons\"\n";
|
||||
if (isset($config['system']['ipv6allow']))
|
||||
if (is_bogonsv6_used())
|
||||
$aliases .= "table <bogonsv6> persist file \"/etc/bogonsv6\"\n";
|
||||
|
||||
$vpns_list = filter_get_vpns_list();
|
||||
|
@ -646,6 +675,7 @@ function filter_generate_aliases() {
|
|||
}
|
||||
$result = "{$alias} \n";
|
||||
$result .= "{$aliases}";
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
|
@ -754,10 +784,15 @@ function filter_get_vpns_list() {
|
|||
if(is_array($config['openvpn']["openvpn-$type"])) {
|
||||
foreach ($config['openvpn']["openvpn-$type"] as $settings) {
|
||||
if(is_array($settings)) {
|
||||
if (is_subnet($settings['remote_network']) && $settings['remote_network'] <> "0.0.0.0/0")
|
||||
$vpns_arr[] = $settings['remote_network'];
|
||||
if (is_subnet($settings['tunnel_network']) && $settings['tunnel_network'] <> "0.0.0.0/0")
|
||||
$vpns_arr[] = $settings['tunnel_network'];
|
||||
if (!isset($settings['disable'])) {
|
||||
$remote_networks = explode(',', $settings['remote_network']);
|
||||
foreach ($remote_networks as $remote_network) {
|
||||
if (is_subnet($remote_network) && ($remote_network <> "0.0.0.0/0"))
|
||||
$vpns_arr[] = $remote_network;
|
||||
}
|
||||
if (is_subnet($settings['tunnel_network']) && $settings['tunnel_network'] <> "0.0.0.0/0")
|
||||
$vpns_arr[] = $settings['tunnel_network'];
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -868,7 +903,7 @@ function filter_generate_optcfg_array() {
|
|||
if(!is_ipaddrv6($oc['ipaddrv6']) && !empty($oc['ipaddrv6']))
|
||||
$oic['type6'] = $oc['ipaddrv6'];
|
||||
if (!empty($oc['track6-interface']))
|
||||
$oc['track6-interface'] = $oc['track6-interface'];
|
||||
$oic['track6-interface'] = $oc['track6-interface'];
|
||||
$oic['sn'] = get_interface_subnet($if);
|
||||
$oic['snv6'] = get_interface_subnetv6($if);
|
||||
$oic['mtu'] = empty($oc['mtu']) ? 1500 : $oc['mtu'];
|
||||
|
@ -1159,11 +1194,12 @@ function filter_generate_reflection_proxy($rule, $nordr, $rdr_ifs, $srcaddr, $ds
|
|||
}
|
||||
|
||||
$dstaddr = explode(" ", $dstaddr_port);
|
||||
if($dstaddr[2])
|
||||
$rflctintrange = $dstaddr[2];
|
||||
else
|
||||
if($dstaddr[2]) {
|
||||
$rflctintrange = array_pop($dstaddr);
|
||||
array_pop($dstaddr);
|
||||
} else
|
||||
return "";
|
||||
$dstaddr = $dstaddr[0];
|
||||
$dstaddr = implode(" ", $dstaddr);
|
||||
if(empty($dstaddr) || trim($dstaddr) == "0.0.0.0" || strtolower(trim($dstaddr)) == "port")
|
||||
return "";
|
||||
|
||||
|
@ -1228,13 +1264,13 @@ function filter_generate_reflection_proxy($rule, $nordr, $rdr_ifs, $srcaddr, $ds
|
|||
$delta = 0;
|
||||
|
||||
if(($inetdport + $delta + 1) - $starting_localhost_port_tmp > 500) {
|
||||
log_error("Not installing nat reflection rules for a port range > 500");
|
||||
log_error("Not installing NAT reflection rules for a port range > 500");
|
||||
$inetdport = $starting_localhost_port;
|
||||
$toadd_array = array();
|
||||
$toomanyports = true;
|
||||
break;
|
||||
} else if(($inetdport + $delta) > 19990) {
|
||||
log_error("Installing partial nat reflection rules. Maximum 1,000 reached.");
|
||||
log_error("Installing partial NAT reflection rules. Maximum 1,000 reached.");
|
||||
$delta = 19990 - $inetdport;
|
||||
$loc_pt[1] = $loc_pt[0] + $delta;
|
||||
if($delta == 0)
|
||||
|
@ -1324,6 +1360,12 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "
|
|||
$protocol = " proto {$proto}";
|
||||
} else
|
||||
$protocol = "";
|
||||
/* Set tgt for IPv6 */
|
||||
if ($proto == "ipv6") {
|
||||
$natip = get_interface_ipv6($if);
|
||||
if(is_ipaddrv6($natip))
|
||||
$tgt = "{$natip}/128";
|
||||
}
|
||||
/* Add the hard set source port (useful for ISAKMP) */
|
||||
if($natport != "")
|
||||
$tgt .= " port {$natport}";
|
||||
|
@ -1561,8 +1603,6 @@ function filter_nat_rules_generate() {
|
|||
$netip = explode("/", $route['network']);
|
||||
if (isset($GatewaysList[$route['gateway']])) {
|
||||
$gateway =& $GatewaysList[$route['gateway']];
|
||||
$gatewayip = $gateway['gateway'];
|
||||
$interfacegw = $gateway['interface'];
|
||||
if(!interface_has_gateway($gateway['interface']) && is_private_ip($netip[0])) {
|
||||
$numberofnathosts++;
|
||||
$tonathosts .= "{$route['network']} ";
|
||||
|
@ -1573,10 +1613,8 @@ function filter_nat_rules_generate() {
|
|||
foreach($FilterIflist as $ocname => $oc) {
|
||||
if(!interface_has_gateway($ocname)) {
|
||||
if(is_ipaddr($oc['alias-address'])) {
|
||||
$aliastarget = $oc['alias-address'];
|
||||
$aliassubnet = $oc['alias-subnet'];
|
||||
$numberofnathosts++;
|
||||
$tonathosts .= "{$oc['sa']}/{$oc['sn']} ";
|
||||
$tonathosts .= "{$oc['alias-address']}/{$oc['alias-subnet']} ";
|
||||
}
|
||||
if($oc['sa']) {
|
||||
$tonathosts .= "{$oc['sa']}/{$oc['sn']} ";
|
||||
|
@ -1632,9 +1670,10 @@ function filter_nat_rules_generate() {
|
|||
!empty($config['ipsec']['client']['pool_address']) &&
|
||||
!empty($config['ipsec']['client']['pool_netbits'])) {
|
||||
$tonathosts .= "{$config['ipsec']['client']['pool_address']}/{$config['ipsec']['client']['pool_netbits']} ";
|
||||
$numberofnathosts++;
|
||||
}
|
||||
$natrules .= "\n# Subnets to NAT \n";
|
||||
$tonathosts .= "127.0.0.0/8 0.0.0.0 ";
|
||||
$tonathosts .= "127.0.0.0/8 ";
|
||||
if($numberofnathosts > 4) {
|
||||
$natrules .= "table <tonatsubnets> { {$tonathosts} }\n";
|
||||
$macroortable = "<tonatsubnets>";
|
||||
|
@ -1845,19 +1884,20 @@ function filter_nat_rules_generate() {
|
|||
}
|
||||
}
|
||||
|
||||
if($reflection_type == "proxy" && !isset($rule['nordr'])) {
|
||||
$natrules .= filter_generate_reflection_proxy($rule, $nordr, $nat_if_list, $srcaddr, $dstaddr, $starting_localhost_port, $reflection_rules);
|
||||
$nat_if_list = array($natif);
|
||||
|
||||
foreach ($reflection_rules as $txtline)
|
||||
fwrite($inetd_fd, $txtline);
|
||||
} else if($reflection_type == "purenat" || isset($rule['nordr'])) {
|
||||
$rdr_if_list = implode(" ", $nat_if_list);
|
||||
if(count($nat_if_list) > 1)
|
||||
$rdr_if_list = "{ {$rdr_if_list} }";
|
||||
$natrules .= "\n# Reflection redirect\n";
|
||||
$natrules .= "{$nordr}rdr {$rdrpass}on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr_reflect}" . ($nordr == "" ? " -> {$target}{$localport}" : "");
|
||||
$nat_if_list = array_merge(array($natif), $nat_if_list);
|
||||
if ($reflection_type != "none") {
|
||||
if($reflection_type == "proxy" && !isset($rule['nordr'])) {
|
||||
$natrules .= filter_generate_reflection_proxy($rule, $nordr, $nat_if_list, $srcaddr, $dstaddr, $starting_localhost_port, $reflection_rules);
|
||||
$nat_if_list = array($natif);
|
||||
foreach ($reflection_rules as $txtline)
|
||||
fwrite($inetd_fd, $txtline);
|
||||
} else if($reflection_type == "purenat" || isset($rule['nordr'])) {
|
||||
$rdr_if_list = implode(" ", $nat_if_list);
|
||||
if(count($nat_if_list) > 1)
|
||||
$rdr_if_list = "{ {$rdr_if_list} }";
|
||||
$natrules .= "\n# Reflection redirect\n";
|
||||
$natrules .= "{$nordr}rdr {$rdrpass}on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr_reflect}" . ($nordr == "" ? " -> {$target}{$localport}" : "");
|
||||
$nat_if_list = array_merge(array($natif), $nat_if_list);
|
||||
}
|
||||
}
|
||||
|
||||
if(empty($nat_if_list))
|
||||
|
@ -1908,13 +1948,47 @@ function filter_generate_user_rule_arr($rule) {
|
|||
$ret['rule'] = $line;
|
||||
$ret['interface'] = $rule['interface'];
|
||||
if($rule['descr'] != "" and $line != "")
|
||||
$ret['descr'] = "label \"USER_RULE: " . str_replace('"', '', substr($rule['descr'], 0, 52)) . "\"";
|
||||
$ret['descr'] = "label \"" . fix_rule_label("USER_RULE: {$rule['descr']}") . "\"";
|
||||
else
|
||||
$ret['descr'] = "label \"USER_RULE\"";
|
||||
|
||||
return $ret;
|
||||
}
|
||||
|
||||
function filter_generate_port(& $rule, $target = "source", $isnat = false) {
|
||||
|
||||
$src = "";
|
||||
|
||||
$rule['protocol'] = strtolower($rule['protocol']);
|
||||
if(in_array($rule['protocol'], array("tcp","udp","tcp/udp"))) {
|
||||
if($rule[$target]['port']) {
|
||||
$srcport = explode("-", $rule[$target]['port']);
|
||||
$srcporta = alias_expand($srcport[0]);
|
||||
if(!$srcporta)
|
||||
log_error(sprintf(gettext("filter_generate_port: %s is not a valid {$target} port."), $srcport[0]));
|
||||
else if((!$srcport[1]) || ($srcport[0] == $srcport[1])) {
|
||||
$src .= " port {$srcporta} ";
|
||||
} else if(($srcport[0] == 1) && ($srcport[1] == 65535)) {
|
||||
/* no need for a port statement here */
|
||||
} else if ($isnat) {
|
||||
$src .= " port {$srcport[0]}:{$srcport[1]}";
|
||||
} else {
|
||||
if(is_port($srcporta) && $srcport[1] == 65535) {
|
||||
$src .= " port >= {$srcporta} ";
|
||||
} else if($srcport[0] == 1) {
|
||||
$src .= " port <= {$srcport[1]} ";
|
||||
} else {
|
||||
$srcport[0]--;
|
||||
$srcport[1]++;
|
||||
$src .= " port {$srcport[0]} >< {$srcport[1]} ";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $src;
|
||||
}
|
||||
|
||||
function filter_generate_address(& $rule, $target = "source", $isnat = false) {
|
||||
global $FilterIflist, $config;
|
||||
$src = "";
|
||||
|
@ -2050,32 +2124,7 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) {
|
|||
$src = " {$not} {$expsrc}";
|
||||
}
|
||||
|
||||
$rule['protocol'] = strtolower($rule['protocol']);
|
||||
if(in_array($rule['protocol'], array("tcp","udp","tcp/udp"))) {
|
||||
if($rule[$target]['port']) {
|
||||
$srcport = explode("-", $rule[$target]['port']);
|
||||
$srcporta = alias_expand($srcport[0]);
|
||||
if(!$srcporta)
|
||||
log_error(sprintf(gettext("filter_generate_address: %s is not a valid source port."), $srcport[0]));
|
||||
else if((!$srcport[1]) || ($srcport[0] == $srcport[1])) {
|
||||
$src .= " port {$srcporta} ";
|
||||
} else if(($srcport[0] == 1) && ($srcport[1] == 65535)) {
|
||||
/* no need for a port statement here */
|
||||
} else if ($isnat) {
|
||||
$src .= " port {$srcport[0]}:{$srcport[1]}";
|
||||
} else {
|
||||
if(is_port($srcporta) && $srcport[1] == 65535) {
|
||||
$src .= " port >= {$srcporta} ";
|
||||
} else if($srcport[0] == 1) {
|
||||
$src .= " port <= {$srcport[1]} ";
|
||||
} else {
|
||||
$srcport[0]--;
|
||||
$srcport[1]++;
|
||||
$src .= " port {$srcport[0]} >< {$srcport[1]} ";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
$src .= filter_generate_port($rule, $target, $isnat);
|
||||
|
||||
return $src;
|
||||
}
|
||||
|
@ -2144,12 +2193,14 @@ function filter_generate_user_rule($rule) {
|
|||
|
||||
/* check for unresolvable aliases */
|
||||
if($rule['source']['address'] && !alias_expand($rule['source']['address'])) {
|
||||
file_notice("Filter_Reload", "# unresolvable source aliases {$rule['descr']}");
|
||||
return "# unresolvable source aliases {$rule['descr']}";
|
||||
$error_text = "Unresolvable source alias '{$rule['source']['address']}' for rule '{$rule['descr']}'";
|
||||
file_notice("Filter_Reload", $error_text);
|
||||
return "# {$error_text}";
|
||||
}
|
||||
if($rule['destination']['address'] && !alias_expand($rule['destination']['address'])) {
|
||||
file_notice("Filter_Reload", "# unresolvable dest aliases {$rule['descr']}");
|
||||
return "# unresolvable dest aliases {$rule['descr']}";
|
||||
$error_text = "Unresolvable destination alias '{$rule['destination']['address']}' for rule '{$rule['descr']}'";
|
||||
file_notice("Filter_Reload", $error_text);
|
||||
return "# {$error_text}";
|
||||
}
|
||||
update_filter_reload_status("Setting up pass/block rules");
|
||||
$type = $rule['type'];
|
||||
|
@ -2253,8 +2304,19 @@ function filter_generate_user_rule($rule) {
|
|||
$aline['tag'] = " tag " .$rule['tag']. " ";
|
||||
if (!empty($rule['tagged']))
|
||||
$aline['tagged'] = " tagged " .$rule['tagged'] . " ";
|
||||
if (!empty($rule['dscp']))
|
||||
$aline['dscp'] = " dscp " . $rule['dscp'] . " ";
|
||||
if (!empty($rule['dscp'])) {
|
||||
switch (strtolower($rule['dscp'])) {
|
||||
case 'va': $aline['dscp'] = " dscp 44 "; break;
|
||||
case 'cs1': $aline['dscp'] = " dscp 8 "; break;
|
||||
case 'cs2': $aline['dscp'] = " dscp 16 "; break;
|
||||
case 'cs3': $aline['dscp'] = " dscp 24 "; break;
|
||||
case 'cs4': $aline['dscp'] = " dscp 32 "; break;
|
||||
case 'cs5': $aline['dscp'] = " dscp 40 "; break;
|
||||
case 'cs6': $aline['dscp'] = " dscp 48 "; break;
|
||||
case 'cs7': $aline['dscp'] = " dscp 56 "; break;
|
||||
default: $aline['dscp'] = " dscp " . preg_replace('/\s.*$/', '', $rule['dscp']) . " "; break;
|
||||
}
|
||||
}
|
||||
if (!empty($rule['vlanprio']) && ($rule['vlanprio'] != "none"))
|
||||
$aline['vlanprio'] = " ieee8021q-pcp " . $rule['vlanprio'] . " ";
|
||||
if (!empty($rule['vlanprioset']) && ($rule['vlanprioset'] != "none"))
|
||||
|
@ -2262,39 +2324,40 @@ function filter_generate_user_rule($rule) {
|
|||
if ($type == "pass") {
|
||||
if (isset($rule['allowopts']))
|
||||
$aline['allowopts'] = " allow-opts ";
|
||||
|
||||
$aline['flags'] = "";
|
||||
if ($rule['protocol'] == "tcp") {
|
||||
if (isset($rule['tcpflags_any']))
|
||||
$aline['flags'] = "flags any ";
|
||||
else if (!empty($rule['tcpflags2'])) {
|
||||
$aline['flags'] = "flags ";
|
||||
if (!empty($rule['tcpflags1'])) {
|
||||
$flags1 = explode(",", $rule['tcpflags1']);
|
||||
foreach ($flags1 as $flag1) {
|
||||
// CWR flag needs special treatment
|
||||
if($flag1[0] == "c")
|
||||
$aline['flags'] .= "W";
|
||||
else
|
||||
$aline['flags'] .= strtoupper($flag1[0]);
|
||||
}
|
||||
}
|
||||
$aline['flags'] = "";
|
||||
if ($rule['protocol'] == "tcp") {
|
||||
if (isset($rule['tcpflags_any']))
|
||||
$aline['flags'] = "flags any ";
|
||||
else if (!empty($rule['tcpflags2'])) {
|
||||
$aline['flags'] = "flags ";
|
||||
if (!empty($rule['tcpflags1'])) {
|
||||
$flags1 = explode(",", $rule['tcpflags1']);
|
||||
foreach ($flags1 as $flag1) {
|
||||
// CWR flag needs special treatment
|
||||
if($flag1[0] == "c")
|
||||
$aline['flags'] .= "W";
|
||||
else
|
||||
$aline['flags'] .= strtoupper($flag1[0]);
|
||||
}
|
||||
$aline['flags'] .= "/";
|
||||
if (!empty($rule['tcpflags2'])) {
|
||||
$flags2 = explode(",", $rule['tcpflags2']);
|
||||
foreach ($flags2 as $flag2) {
|
||||
// CWR flag needs special treatment
|
||||
if($flag2[0] == "c")
|
||||
$aline['flags'] .= "W";
|
||||
else
|
||||
$aline['flags'] .= strtoupper($flag2[0]);
|
||||
}
|
||||
}
|
||||
$aline['flags'] .= "/";
|
||||
if (!empty($rule['tcpflags2'])) {
|
||||
$flags2 = explode(",", $rule['tcpflags2']);
|
||||
foreach ($flags2 as $flag2) {
|
||||
// CWR flag needs special treatment
|
||||
if($flag2[0] == "c")
|
||||
$aline['flags'] .= "W";
|
||||
else
|
||||
$aline['flags'] .= strtoupper($flag2[0]);
|
||||
}
|
||||
$aline['flags'] .= " ";
|
||||
} else
|
||||
$aline['flags'] = "flags S/SA ";
|
||||
}
|
||||
$aline['flags'] .= " ";
|
||||
} else {
|
||||
$aline['flags'] = "flags S/SA ";
|
||||
}
|
||||
|
||||
}
|
||||
if ($type == "pass") {
|
||||
/*
|
||||
* # keep state
|
||||
* works with TCP, UDP, and ICMP.
|
||||
|
@ -2309,7 +2372,7 @@ function filter_generate_user_rule($rule) {
|
|||
* queueing in certain situations. please check the faq.
|
||||
*/
|
||||
$noadvoptions = false;
|
||||
if(isset($rule['statetype']) && $rule['statetype'] <> "") {
|
||||
if (isset($rule['statetype']) && $rule['statetype'] <> "") {
|
||||
switch($rule['statetype']) {
|
||||
case "none":
|
||||
$noadvoptions = true;
|
||||
|
@ -2317,7 +2380,7 @@ function filter_generate_user_rule($rule) {
|
|||
break;
|
||||
case "modulate state":
|
||||
case "synproxy state":
|
||||
if($rule['protocol'] == "tcp")
|
||||
if ($rule['protocol'] == "tcp")
|
||||
$aline['flags'] .= "{$rule['statetype']} ";
|
||||
break;
|
||||
case "sloppy state":
|
||||
|
@ -2331,32 +2394,38 @@ function filter_generate_user_rule($rule) {
|
|||
} else
|
||||
$aline['flags'] .= "keep state ";
|
||||
|
||||
if($noadvoptions == false || $l7_present)
|
||||
if( (isset($rule['source-track']) and $rule['source-track'] <> "") or
|
||||
if ($noadvoptions == false || $l7_present)
|
||||
if ((isset($rule['source-track']) and $rule['source-track'] <> "") or
|
||||
(isset($rule['max']) and $rule['max'] <> "") or
|
||||
(isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "") or
|
||||
(isset($rule['max-src-conn']) and $rule['max-src-conn'] <> "") or
|
||||
(isset($rule['max-src-conn-rate']) and $rule['max-src-conn-rate'] <> "") or
|
||||
(isset($rule['max-src-conn-rates']) and $rule['max-src-conn-rates'] <> "") or
|
||||
(isset($rule['max-src-states']) and $rule['max-src-states'] <> "") or
|
||||
(isset($rule['statetimeout']) and $rule['statetimeout'] <> "") or
|
||||
((in_array($rule['protocol'], array("tcp","tcp/udp"))) and
|
||||
((isset($rule['statetimeout']) and $rule['statetimeout'] <> "") or
|
||||
(isset($rule['max-src-conn']) and $rule['max-src-conn'] <> "") or
|
||||
(isset($rule['max-src-conn-rate']) and $rule['max-src-conn-rate'] <> "") or
|
||||
(isset($rule['max-src-conn-rates']) and $rule['max-src-conn-rates'] <> ""))) or
|
||||
isset($rule['sloppy']) or $l7_present) {
|
||||
$aline['flags'] .= "( ";
|
||||
if (isset($rule['sloppy']))
|
||||
$aline['flags'] .= "sloppy ";
|
||||
if(isset($rule['source-track']) and $rule['source-track'] <> "")
|
||||
if (isset($rule['source-track']) and $rule['source-track'] <> "")
|
||||
$aline['flags'] .= "source-track rule ";
|
||||
if(isset($rule['max']) and $rule['max'] <> "")
|
||||
if (isset($rule['max']) and $rule['max'] <> "")
|
||||
$aline['flags'] .= "max " . $rule['max'] . " ";
|
||||
if(isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "")
|
||||
if (isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "")
|
||||
$aline['flags'] .= "max-src-nodes " . $rule['max-src-nodes'] . " ";
|
||||
if(isset($rule['max-src-conn']) and $rule['max-src-conn'] <> "")
|
||||
if ((in_array($rule['protocol'], array("tcp","tcp/udp")))
|
||||
and isset($rule['max-src-conn'])
|
||||
and $rule['max-src-conn'] <> "")
|
||||
$aline['flags'] .= "max-src-conn " . $rule['max-src-conn'] . " ";
|
||||
if(isset($rule['max-src-states']) and $rule['max-src-states'] <> "")
|
||||
if (isset($rule['max-src-states']) and $rule['max-src-states'] <> "")
|
||||
$aline['flags'] .= "max-src-states " . $rule['max-src-states'] . " ";
|
||||
if(isset($rule['statetimeout']) and $rule['statetimeout'] <> "")
|
||||
if ((in_array($rule['protocol'], array("tcp","tcp/udp")))
|
||||
and isset($rule['statetimeout'])
|
||||
and $rule['statetimeout'] <> "")
|
||||
$aline['flags'] .= "tcp.established " . $rule['statetimeout'] . " ";
|
||||
if(isset($rule['max-src-conn-rate'])
|
||||
if ((in_array($rule['protocol'], array("tcp","tcp/udp")))
|
||||
and isset($rule['max-src-conn-rate'])
|
||||
and $rule['max-src-conn-rate'] <> ""
|
||||
and isset($rule['max-src-conn-rates'])
|
||||
and $rule['max-src-conn-rates'] <> "") {
|
||||
|
@ -2370,10 +2439,6 @@ function filter_generate_user_rule($rule) {
|
|||
$aline['flags'] .= " ) ";
|
||||
}
|
||||
}
|
||||
if($type == "reject" && $rule['protocol'] == "tcp") {
|
||||
/* special reject packet */
|
||||
$aline['flags'] .= "flags S/SA ";
|
||||
}
|
||||
if($rule['defaultqueue'] <> "") {
|
||||
$aline['queue'] = " queue (".$rule['defaultqueue'];
|
||||
if($rule['ackqueue'] <> "")
|
||||
|
@ -2419,7 +2484,7 @@ function filter_generate_user_rule($rule) {
|
|||
/* rules with a gateway or pool should create another rule for routing to vpns */
|
||||
if((($aline['route'] <> "") && (trim($aline['type']) == "pass") && strstr($dst, "any")) && (!isset($config['system']['disablenegate']))) {
|
||||
/* negate VPN/PPTP/PPPoE/Static Route networks for load balancer/gateway rules */
|
||||
$negate_networks = " to <negate_networks> ";
|
||||
$negate_networks = " to <negate_networks> " . filter_generate_port($rule, "destination");
|
||||
$line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] .
|
||||
$aline['interface'] . $aline['ipprotocol'] . $aline['prot'] . $aline['src'] . $aline['os'] .
|
||||
$negate_networks . $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['tagged'] .
|
||||
|
@ -2434,6 +2499,7 @@ function filter_generate_user_rule($rule) {
|
|||
$aline['divert'] . $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['tagged'] . $aline['dscp'] .
|
||||
$aline['vlanprio'] . $aline['vlanprioset'] . $aline['allowopts'] . $aline['flags'] . $aline['queue'] . $aline['dnpipe'] . $aline['schedlabel'];
|
||||
|
||||
unset($aline);
|
||||
|
||||
return $line;
|
||||
}
|
||||
|
@ -2441,6 +2507,8 @@ function filter_generate_user_rule($rule) {
|
|||
function filter_rules_generate() {
|
||||
global $config, $g, $FilterIflist, $time_based_rules, $GatewaysList;
|
||||
|
||||
$fix_rule_label = 'fix_rule_label';
|
||||
|
||||
update_filter_reload_status(gettext("Creating default rules"));
|
||||
if(isset($config['system']['developerspew'])) {
|
||||
$mt = microtime();
|
||||
|
@ -2505,23 +2573,17 @@ block quick inet proto { tcp, udp } from any to any port = 0
|
|||
block quick inet6 proto { tcp, udp } from any port = 0 to any
|
||||
block quick inet6 proto { tcp, udp } from any to any port = 0
|
||||
|
||||
|
||||
EOD;
|
||||
|
||||
$ipfrules .= <<<EOD
|
||||
|
||||
# Snort package
|
||||
block quick from <snort2c> to any label "Block snort2c hosts"
|
||||
block quick from any to <snort2c> label "Block snort2c hosts"
|
||||
|
||||
|
||||
EOD;
|
||||
|
||||
$ipfrules .= filter_process_carp_rules($log);
|
||||
|
||||
$ipfrules .= "\n# SSH lockout\n";
|
||||
if(is_array($config['system']['ssh']) && !empty($config['system']['ssh']['port'])) {
|
||||
$ipfrules .= "block in log quick proto tcp from <sshlockout> to any port ";
|
||||
$ipfrules .= "block in log quick proto tcp from <sshlockout> to (self) port ";
|
||||
$ipfrules .= $config['system']['ssh']['port'];
|
||||
$ipfrules .= " label \"sshlockout\"\n";
|
||||
} else {
|
||||
|
@ -2530,7 +2592,7 @@ EOD;
|
|||
else
|
||||
$sshport = 22;
|
||||
if($sshport)
|
||||
$ipfrules .= "block in log quick proto tcp from <sshlockout> to any port {$sshport} label \"sshlockout\"\n";
|
||||
$ipfrules .= "block in log quick proto tcp from <sshlockout> to (self) port {$sshport} label \"sshlockout\"\n";
|
||||
}
|
||||
|
||||
$ipfrules .= "\n# webConfigurator lockout\n";
|
||||
|
@ -2543,7 +2605,7 @@ EOD;
|
|||
$webConfiguratorlockoutport = $config['system']['webgui']['port'];
|
||||
}
|
||||
if($webConfiguratorlockoutport)
|
||||
$ipfrules .= "block in log quick proto tcp from <webConfiguratorlockout> to any port {$webConfiguratorlockoutport} label \"webConfiguratorlockout\"\n";
|
||||
$ipfrules .= "block in log quick proto tcp from <webConfiguratorlockout> to (self) port {$webConfiguratorlockoutport} label \"webConfiguratorlockout\"\n";
|
||||
|
||||
/*
|
||||
* Support for allow limiting of TCP connections by establishment rate
|
||||
|
@ -2556,6 +2618,8 @@ EOD;
|
|||
*/
|
||||
if(is_array($config['captiveportal'])) {
|
||||
foreach ($config['captiveportal'] as $cpcfg) {
|
||||
if(!isset($cpcfg['enable']))
|
||||
continue;
|
||||
$cpinterfaces = explode(",", $cpcfg['interface']);
|
||||
$cpiflist = array();
|
||||
$cpiplist = array();
|
||||
|
@ -2599,21 +2663,39 @@ EOD;
|
|||
/* block bogon networks */
|
||||
/* http://www.cymru.com/Documents/bogon-bn-nonagg.txt */
|
||||
/* file is automatically in cron every 3000 minutes */
|
||||
if(!isset($config['syslog']['nologbogons']))
|
||||
$bogonlog = "log";
|
||||
else
|
||||
$bogonlog = "";
|
||||
|
||||
if(isset($config['interfaces'][$on]['blockbogons'])) {
|
||||
$ipfrules .= <<<EOD
|
||||
# block bogon networks
|
||||
# block bogon networks (IPv4)
|
||||
# http://www.cymru.com/Documents/bogon-bn-nonagg.txt
|
||||
# http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt
|
||||
block in $log quick on \${$oc['descr']} from <bogons> to any label "block bogon IPv4 networks from {$oc['descr']}"
|
||||
block in $bogonlog quick on \${$oc['descr']} from <bogons> to any label "{$fix_rule_label("block bogon IPv4 networks from {$oc['descr']}")}"
|
||||
|
||||
EOD;
|
||||
if(isset($config['system']['ipv6allow'])) {
|
||||
$ipfrules .= <<<EOD
|
||||
block in $log quick on \${$oc['descr']} from <bogonsv6> to any label "block bogon IPv6 networks from {$oc['descr']}"
|
||||
|
||||
EOD;
|
||||
}
|
||||
}
|
||||
|
||||
if(isset($config['system']['ipv6allow']) && ($oc['type6'] == "slaac" || $oc['type6'] == "dhcp6")) {
|
||||
$ipfrules .= <<<EOD
|
||||
# allow our DHCPv6 client out to the {$oc['descr']}
|
||||
pass in quick on \${$oc['descr']} proto udp from fe80::/10 port = 546 to fe80::/10 port = 546 label "{$fix_rule_label("allow dhcpv6 client in {$oc['descr']}")}"
|
||||
pass in quick on \${$oc['descr']} proto udp from any port = 547 to any port = 546 label "{$fix_rule_label("allow dhcpv6 client in {$oc['descr']}")}"
|
||||
pass out quick on \${$oc['descr']} proto udp from any port = 546 to any port = 547 label "{$fix_rule_label("allow dhcpv6 client out {$oc['descr']}")}"
|
||||
|
||||
EOD;
|
||||
}
|
||||
|
||||
if(isset($config['interfaces'][$on]['blockbogons']) && isset($config['system']['ipv6allow'])) {
|
||||
$ipfrules .= <<<EOD
|
||||
# block bogon networks (IPv6)
|
||||
# http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt
|
||||
block in $bogonlog quick on \${$oc['descr']} from <bogonsv6> to any label "{$fix_rule_label("block bogon IPv6 networks from {$oc['descr']}")}"
|
||||
|
||||
EOD;
|
||||
}
|
||||
|
||||
$isbridged = false;
|
||||
if(is_array($config['bridges']['bridged'])) {
|
||||
foreach ($config['bridges']['bridged'] as $oc2) {
|
||||
|
@ -2626,17 +2708,22 @@ EOD;
|
|||
if($oc['ip'] && !($isbridged) && isset($oc['spoofcheck']))
|
||||
$ipfrules .= filter_rules_spoofcheck_generate($on, $oc['if'], $oc['sa'], $oc['sn'], $log);
|
||||
/* block private networks ? */
|
||||
if(!isset($config['syslog']['nologprivatenets']))
|
||||
$privnetlog = "log";
|
||||
else
|
||||
$privnetlog = "";
|
||||
|
||||
if(isset($config['interfaces'][$on]['blockpriv'])) {
|
||||
if($isbridged == false) {
|
||||
$ipfrules .= <<<EOD
|
||||
# block anything from private networks on interfaces with the option set
|
||||
antispoof for \${$oc['descr']}
|
||||
block in $log quick on \${$oc['descr']} from 10.0.0.0/8 to any label "Block private networks from {$oc['descr']} block 10/8"
|
||||
block in $log quick on \${$oc['descr']} from 127.0.0.0/8 to any label "Block private networks from {$oc['descr']} block 127/8"
|
||||
block in $log quick on \${$oc['descr']} from 100.64.0.0/10 to any label "Block private networks from {$oc['descr']} block 100.64/10"
|
||||
block in $log quick on \${$oc['descr']} from 172.16.0.0/12 to any label "Block private networks from {$oc['descr']} block 172.16/12"
|
||||
block in $log quick on \${$oc['descr']} from 192.168.0.0/16 to any label "Block private networks from {$oc['descr']} block 192.168/16"
|
||||
block in $log quick on \${$oc['descr']} from fc00::/7 to any label "Block ULA networks from {$oc['descr']} block fc00::/7"
|
||||
block in $privnetlog quick on \${$oc['descr']} from 10.0.0.0/8 to any label "{$fix_rule_label("Block private networks from {$oc['descr']} block 10/8")}"
|
||||
block in $privnetlog quick on \${$oc['descr']} from 127.0.0.0/8 to any label "{$fix_rule_label("Block private networks from {$oc['descr']} block 127/8")}"
|
||||
block in $privnetlog quick on \${$oc['descr']} from 100.64.0.0/10 to any label "{$fix_rule_label("Block private networks from {$oc['descr']} block 100.64/10")}"
|
||||
block in $privnetlog quick on \${$oc['descr']} from 172.16.0.0/12 to any label "{$fix_rule_label("Block private networks from {$oc['descr']} block 172.16/12")}"
|
||||
block in $privnetlog quick on \${$oc['descr']} from 192.168.0.0/16 to any label "{$fix_rule_label("Block private networks from {$oc['descr']} block 192.168/16")}"
|
||||
block in $privnetlog quick on \${$oc['descr']} from fc00::/7 to any label "{$fix_rule_label("Block ULA networks from {$oc['descr']} block fc00::/7")}"
|
||||
|
||||
EOD;
|
||||
}
|
||||
|
@ -2645,16 +2732,16 @@ EOD;
|
|||
case "pptp":
|
||||
$ipfrules .= <<<EOD
|
||||
# allow PPTP client
|
||||
pass in on \${$oc['descr']} proto tcp from any to any port = 1723 flags S/SA modulate state label "allow PPTP client on {$oc['descr']}"
|
||||
pass in on \${$oc['descr']} proto gre from any to any keep state label "allow PPTP client on {$oc['descr']}"
|
||||
pass in on \${$oc['descr']} proto tcp from any to any port = 1723 flags S/SA modulate state label "{$fix_rule_label("allow PPTP client on {$oc['descr']}")}"
|
||||
pass in on \${$oc['descr']} proto gre from any to any keep state label "{$fix_rule_label("allow PPTP client on {$oc['descr']}")}"
|
||||
|
||||
EOD;
|
||||
break;
|
||||
case "dhcp":
|
||||
$ipfrules .= <<<EOD
|
||||
# allow our DHCP client out to the {$oc['descr']}
|
||||
pass in on \${$oc['descr']} proto udp from any port = 67 to any port = 68 label "allow dhcp client out {$oc['descr']}"
|
||||
pass out on \${$oc['descr']} proto udp from any port = 68 to any port = 67 label "allow dhcp client out {$oc['descr']}"
|
||||
pass in on \${$oc['descr']} proto udp from any port = 67 to any port = 68 label "{$fix_rule_label("allow dhcp client out {$oc['descr']}")}"
|
||||
pass out on \${$oc['descr']} proto udp from any port = 68 to any port = 67 label "{$fix_rule_label("allow dhcp client out {$oc['descr']}")}"
|
||||
# Not installing DHCP server firewall rules for {$oc['descr']} which is configured for DHCP.
|
||||
|
||||
EOD;
|
||||
|
@ -2680,7 +2767,7 @@ pass out quick on \${$oc['descr']} proto udp from {$oc['ip']} port = 67 to any p
|
|||
EOD;
|
||||
}
|
||||
|
||||
if(is_ipaddrv4($pc['ip']) && $config['dhcpd'][$on]['failover_peerip'] <> "") {
|
||||
if(is_ipaddrv4($oc['ip']) && $config['dhcpd'][$on]['failover_peerip'] <> "") {
|
||||
$ipfrules .= <<<EOD
|
||||
# allow access to DHCP failover on {$oc['descr']} from {$config['dhcpd'][$on]['failover_peerip']}
|
||||
pass in quick on \${$oc['descr']} proto { tcp udp } from {$config['dhcpd'][$on]['failover_peerip']} to {$oc['ip']} port = 519 label "allow access to DHCP failover"
|
||||
|
@ -2693,27 +2780,18 @@ EOD;
|
|||
break;
|
||||
}
|
||||
switch($oc['type6']) {
|
||||
case "slaac":
|
||||
case "dhcp6":
|
||||
$ipfrules .= <<<EOD
|
||||
# allow our DHCPv6 client out to the {$oc['descr']}
|
||||
pass in quick on \${$oc['descr']} proto udp from fe80::/10 port = 546 to fe80::/10 port = 546 label "allow dhcpv6 client in {$oc['descr']}"
|
||||
pass in quick on \${$oc['descr']} proto udp from any port = 547 to any port = 546 label "allow dhcpv6 client in {$oc['descr']}"
|
||||
pass out quick on \${$oc['descr']} proto udp from any port = 546 to any port = 547 label "allow dhcpv6 client out {$oc['descr']}"
|
||||
|
||||
EOD;
|
||||
break;
|
||||
case "6rd":
|
||||
$ipfrules .= <<<EOD
|
||||
# allow our proto 41 traffic from the 6RD border relay in
|
||||
pass in on \${$oc['descr']} proto 41 from {$config['interfaces'][$on]['gateway-6rd']} to any label "Allow 6in4 traffic in for 6rd on {$oc['descr']}"
|
||||
pass out on \${$oc['descr']} proto 41 from any to {$config['interfaces'][$on]['gateway-6rd']} label "Allow 6in4 traffic out for 6rd on {$oc['descr']}"
|
||||
pass in on \${$oc['descr']} proto 41 from {$config['interfaces'][$on]['gateway-6rd']} to any label "{$fix_rule_label("Allow 6in4 traffic in for 6rd on {$oc['descr']}")}"
|
||||
pass out on \${$oc['descr']} proto 41 from any to {$config['interfaces'][$on]['gateway-6rd']} label "{$fix_rule_label("Allow 6in4 traffic out for 6rd on {$oc['descr']}")}"
|
||||
|
||||
EOD;
|
||||
if (is_ipaddrv6($oc['ipv6'])) {
|
||||
/* XXX: Really need to allow 6rd traffic coming in for v6 this is against default behaviour! */
|
||||
if (0 && is_ipaddrv6($oc['ipv6'])) {
|
||||
$ipfrules .= <<<EOD
|
||||
pass in on \${$oc['descr']} inet6 from any to {$oc['ipv6']}/{$oc['snv6']} label "Allow 6rd traffic in for 6rd on {$oc['descr']}"
|
||||
pass out on \${$oc['descr']} inet6 from {$oc['ipv6']}/{$oc['snv6']} to any label "Allow 6rd traffic out for 6rd on {$oc['descr']}"
|
||||
pass in on \${$oc['descr']} inet6 from any to {$oc['ipv6']}/{$oc['snv6']} label "{$fix_rule_label("Allow 6rd traffic in for 6rd on {$oc['descr']}")}"
|
||||
pass out on \${$oc['descr']} inet6 from {$oc['ipv6']}/{$oc['snv6']} to any label "{$fix_rule_label("Allow 6rd traffic out for 6rd on {$oc['descr']}")}"
|
||||
|
||||
EOD;
|
||||
}
|
||||
|
@ -2722,21 +2800,23 @@ EOD;
|
|||
if (is_ipaddrv4($oc['ip'])) {
|
||||
$ipfrules .= <<<EOD
|
||||
# allow our proto 41 traffic from the 6to4 border relay in
|
||||
pass in on \${$oc['descr']} proto 41 from any to {$oc['ip']} label "Allow 6in4 traffic in for 6to4 on {$oc['descr']}"
|
||||
pass out on \${$oc['descr']} proto 41 from {$oc['ip']} to any label "Allow 6in4 traffic out for 6to4 on {$oc['descr']}"
|
||||
pass in on \${$oc['descr']} proto 41 from any to {$oc['ip']} label "{$fix_rule_label("Allow 6in4 traffic in for 6to4 on {$oc['descr']}")}"
|
||||
pass out on \${$oc['descr']} proto 41 from {$oc['ip']} to any label "{$fix_rule_label("Allow 6in4 traffic out for 6to4 on {$oc['descr']}")}"
|
||||
|
||||
EOD;
|
||||
}
|
||||
if (is_ipaddrv6($oc['ipv6'])) {
|
||||
/* XXX: Really need to allow 6to4 traffic coming in for v6 this is against default behaviour! */
|
||||
if (0 && is_ipaddrv6($oc['ipv6'])) {
|
||||
$ipfrules .= <<<EOD
|
||||
pass in on \${$oc['descr']} inet6 from any to {$oc['ipv6']}/{$oc['snv6']} label "Allow 6in4 traffic in for 6to4 on {$oc['descr']}"
|
||||
pass out on \${$oc['descr']} inet6 from {$oc['ipv6']}/{$oc['snv6']} to any label "Allow 6in4 traffic out for 6to4 on {$oc['descr']}"
|
||||
pass in on \${$oc['descr']} inet6 from any to {$oc['ipv6']}/{$oc['snv6']} label "{$fix_rule_label("Allow 6in4 traffic in for 6to4 on {$oc['descr']}")}"
|
||||
pass out on \${$oc['descr']} inet6 from {$oc['ipv6']}/{$oc['snv6']} to any label "{$fix_rule_label("Allow 6in4 traffic out for 6to4 on {$oc['descr']}")}"
|
||||
|
||||
EOD;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
if ((is_array($config['dhcpdv6'][$on]) && isset($config['dhcpdv6'][$on]['enable'])) || isset($oc['track6-interface'])) {
|
||||
if ((is_array($config['dhcpdv6'][$on]) && isset($config['dhcpdv6'][$on]['enable'])) || isset($oc['track6-interface'])
|
||||
|| (is_array($config['dhcrelay6']) && !empty($config['dhcrelay6']['interface']) && in_array($on, explode(',', $config['dhcrelay6']['interface'])))) {
|
||||
$ipfrules .= <<<EOD
|
||||
# allow access to DHCPv6 server on {$oc['descr']}
|
||||
# We need inet6 icmp for stateless autoconfig and dhcpv6
|
||||
|
@ -2759,8 +2839,8 @@ EOD;
|
|||
}
|
||||
/*
|
||||
* NB: The loopback rules are needed here since the antispoof would take precedence then.
|
||||
* If you ever add the 'quick' keyword to the antispoof rules above move the looback
|
||||
* rules before them.
|
||||
* If you ever add the 'quick' keyword to the antispoof rules above move the looback
|
||||
* rules before them.
|
||||
*/
|
||||
$ipfrules .= <<<EOD
|
||||
|
||||
|
@ -2778,6 +2858,7 @@ pass out inet all keep state allow-opts label "let out anything IPv4 from firewa
|
|||
pass out inet6 all keep state allow-opts label "let out anything IPv6 from firewall host itself"
|
||||
|
||||
EOD;
|
||||
|
||||
foreach ($FilterIflist as $ifdescr => $ifcfg) {
|
||||
if(isset($ifcfg['virtual']))
|
||||
continue;
|
||||
|
@ -2787,7 +2868,10 @@ EOD;
|
|||
$ipfrules .= "pass out route-to ( {$ifcfg['if']} {$gw} ) from {$ifcfg['ip']} to !{$ifcfg['sa']}/{$ifcfg['sn']} keep state allow-opts label \"let out anything from firewall host itself\"\n";
|
||||
if (is_array($ifcfg['vips'])) {
|
||||
foreach ($ifcfg['vips'] as $vip)
|
||||
$ipfrules .= "pass out route-to ( {$ifcfg['if']} {$gw} ) from {$vip['ip']} to !{$vip['ip']}/{$vip['sn']} keep state allow-opts label \"let out anything from firewall host itself\"\n";
|
||||
if (ip_in_subnet($vip['ip'], "{$ifcfg['sa']}/{$ifcfg['sn']}"))
|
||||
$ipfrules .= "pass out route-to ( {$ifcfg['if']} {$gw} ) from {$vip['ip']} to !{$ifcfg['sa']}/{$ifcfg['sn']} keep state allow-opts label \"let out anything from firewall host itself\"\n";
|
||||
else
|
||||
$ipfrules .= "pass out route-to ( {$ifcfg['if']} {$gw} ) from {$vip['ip']} to !" . gen_subnet($vip['ip'], $vip['sn']) . "/{$vip['sn']} keep state allow-opts label \"let out anything from firewall host itself\"\n";
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -2806,12 +2890,9 @@ EOD;
|
|||
|
||||
/* add ipsec interfaces */
|
||||
if(isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable']))
|
||||
$ipfrules .= <<<EOD
|
||||
pass out on \$IPsec all keep state label "IPsec internal host to host"
|
||||
$ipfrules .= "pass out on \$IPsec all keep state label \"IPsec internal host to host\"\n";
|
||||
|
||||
EOD;
|
||||
|
||||
if(!isset($config['system']['webgui']['noantilockout'])) {
|
||||
if(is_array($config['system']['webgui']) && !isset($config['system']['webgui']['noantilockout'])) {
|
||||
$alports = filter_get_antilockout_ports();
|
||||
|
||||
if(count($config['interfaces']) > 1 && !empty($FilterIflist['lan']['if'])) {
|
||||
|
@ -2833,7 +2914,9 @@ pass in quick on {$wanif} proto tcp from any to ({$wanif}) port { {$alports} } k
|
|||
|
||||
EOD;
|
||||
}
|
||||
unset($alports);
|
||||
}
|
||||
|
||||
/* PPTPd enabled? */
|
||||
if($pptpdcfg['mode'] && ($pptpdcfg['mode'] != "off") && !isset($config['system']['disablevpnrules'])) {
|
||||
if($pptpdcfg['mode'] == "server")
|
||||
|
@ -2843,7 +2926,7 @@ EOD;
|
|||
if(is_ipaddr($pptpdtarget) and is_array($FilterIflist['wan'])) {
|
||||
$ipfrules .= <<<EOD
|
||||
# PPTPd rules
|
||||
pass in on \${$FilterIflist['wan']['descr']} proto tcp from any to $pptpdtarget port = 1723 modulate state label "allow pptpd {$pptpdtarget}"
|
||||
pass in on \${$FilterIflist['wan']['descr']} proto tcp from any to $pptpdtarget port = 1723 modulate state label "{$fix_rule_label("allow pptpd {$pptpdtarget}")}"
|
||||
pass in on \${$FilterIflist['wan']['descr']} proto gre from any to any keep state label "allow gre pptpd"
|
||||
|
||||
EOD;
|
||||
|
@ -2941,24 +3024,6 @@ EOD;
|
|||
unset($rule_arr1, $rule_arr2, $rule_arr3);
|
||||
}
|
||||
|
||||
$ipfrules .= "\n# Automatic Pass rules for any delegated IPv6 prefixes through dynamic IPv6 clients\n";
|
||||
/* add automatic LAN rules to allow IPv6 traffic out for dynamic IPv6 networks */
|
||||
foreach ($FilterIflist as $ifdescr => $ifcfg) {
|
||||
if (isset($ifcfg['track6-interface'])) {
|
||||
if (is_ipaddrv6($ifcfg['ipv6'])) {
|
||||
$trackifname = $ifcfg['track6-interface'];
|
||||
$trackcfg = $FilterIflist[$trackifname];
|
||||
$pdlen = 64 - calculate_ipv6_delegation_length($trackifname);
|
||||
$prefix = Net_IPv6::getNetmask($ifcfg['ipv6'], $pdlen);
|
||||
$ipfrules .= "pass in on \${$ifcfg['descr']} inet6 from $prefix/$pdlen to any keep state label \"Allow IPv6 on {$ifcfg['descr']} to any\"\n";
|
||||
/* add rules on the WAN for traffic back in, let the downstream router
|
||||
* figure out what to do with the traffic */
|
||||
if (is_ipaddrv6($trackcfg['ipv6']))
|
||||
$ipfrules .= "pass in on \${$trackcfg['descr']} inet6 from any to $prefix/$pdlen keep state label \"Allow IPv6 in on {$trackcfg['descr']} to $prefix/$pdlen\"\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* pass traffic between statically routed subnets and the subnet on the
|
||||
* interface in question to avoid problems with complicated routing
|
||||
* topologies
|
||||
|
@ -3005,10 +3070,7 @@ EOD;
|
|||
update_filter_reload_status(gettext("Creating IPsec rules..."));
|
||||
$ipfrules .= filter_generate_ipsec_rules();
|
||||
|
||||
$ipfrules .= <<<EOD
|
||||
anchor "tftp-proxy/*"
|
||||
|
||||
EOD;
|
||||
$ipfrules .= "\nanchor \"tftp-proxy/*\"\n";
|
||||
|
||||
update_filter_reload_status("Creating uPNP rules...");
|
||||
if (is_array($config['installedpackages']['miniupnpd']) && is_array($config['installedpackages']['miniupnpd']['config'][0])) {
|
||||
|
@ -3200,7 +3262,7 @@ function filter_tdr_hour($schedule) {
|
|||
$now = strtotime("now");
|
||||
if($g['debug'])
|
||||
log_error("[TDR DEBUG] S: $starting_time E: $ending_time N: $now");
|
||||
if($now >= $starting_time and $now <= $ending_time)
|
||||
if($now >= $starting_time and $now < $ending_time)
|
||||
return true;
|
||||
return false;
|
||||
}
|
||||
|
@ -3342,9 +3404,11 @@ function filter_generate_ipsec_rules() {
|
|||
$parentinterface = $ph1ent['interface'];
|
||||
}
|
||||
if (empty($FilterIflist[$parentinterface]['descr'])) {
|
||||
$ipfrules = "# Could not locate interface for IPsec: {$descr}\n";
|
||||
$ipfrules .= "# Could not locate interface for IPsec: {$descr}\n";
|
||||
continue;
|
||||
}
|
||||
|
||||
unset($gateway);
|
||||
/* add endpoint routes to correct gateway on interface */
|
||||
if((is_ipaddrv4($rgip)) && (interface_has_gateway($parentinterface))) {
|
||||
$gateway = get_interface_gateway($parentinterface);
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
/*
|
||||
pfSense_BUILDER_BINARIES: /usr/sbin/fifolog_reader /usr/bin/tail /usr/sbin/clog
|
||||
pfSense_BUILDER_BINARIES: /usr/sbin/fifolog_reader /usr/bin/tail /usr/local/sbin/clog
|
||||
pfSense_MODULE: filter
|
||||
*/
|
||||
|
||||
|
@ -55,9 +55,9 @@ function conv_log_filter($logfile, $nentries, $tail = 50, $filtertext = "", $fil
|
|||
$logarr = "";
|
||||
|
||||
if(isset($config['system']['usefifolog']))
|
||||
exec("/usr/sbin/fifolog_reader {$logfile} | /usr/bin/tail -r -n {$tail}", $logarr);
|
||||
exec("/usr/sbin/fifolog_reader " . escapeshellarg($logfile) . " | /usr/bin/tail -r -n {$tail}", $logarr);
|
||||
else
|
||||
exec("/usr/sbin/clog {$logfile} | grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/tail -r -n {$tail}", $logarr);
|
||||
exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/tail -r -n {$tail}", $logarr);
|
||||
|
||||
$filterlog = array();
|
||||
$counter = 0;
|
||||
|
@ -90,20 +90,28 @@ function match_filter_line($flent, $filtertext = "") {
|
|||
}
|
||||
|
||||
function match_filter_field($flent, $fields) {
|
||||
foreach ($fields as $field) {
|
||||
if ($fields[$field] == "All") continue;
|
||||
if ((strpos($fields[$field], '!') === 0)) {
|
||||
$fields[$field] = substr($fields[$field], 1);
|
||||
if (preg_match("/act/i", $field)) {
|
||||
if ( (in_arrayi($flent[$field], explode(",", str_replace(" ", ",", $fields[$field]))) ) ) return false;
|
||||
} else if ( (preg_match("/{$fields[$field]}/i", $flent[$field])) ) return false;
|
||||
foreach ($fields as $key => $field) {
|
||||
if ($field == "All")
|
||||
continue;
|
||||
if ((strpos($field, '!') === 0)) {
|
||||
$field = substr($field, 1);
|
||||
if (strtolower($key) == 'act') {
|
||||
if (in_arrayi($flent[$key], explode(" ", $field)))
|
||||
return false;
|
||||
} else {
|
||||
if (@preg_match("/{$field}/i", $flent[$key]))
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
if (strtolower($key) == 'act') {
|
||||
if (!in_arrayi($flent[$key], explode(" ", $field)))
|
||||
return false;
|
||||
} else {
|
||||
if (!@preg_match("/{$field}/i", $flent[$key]))
|
||||
return false;
|
||||
}
|
||||
}
|
||||
else {
|
||||
if (preg_match("/act/i", $field)) {
|
||||
if ( !(in_arrayi($flent[$field], explode(",", str_replace(" ", ",", $fields[$field]))) ) ) return false;
|
||||
} else if ( !(preg_match("/{$fields[$field]}/i", $flent[$field])) ) return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -191,6 +199,8 @@ function parse_filter_line($line) {
|
|||
/* If it's still 'Options', then just ignore it. */
|
||||
if ($flent['proto'] == "Options")
|
||||
$flent['proto'] = "none";
|
||||
} elseif (($flent['proto'] == "unknown") && (!(strpos($line, ': pfsync') === FALSE))) {
|
||||
$flent['proto'] = "PFSYNC";
|
||||
}
|
||||
|
||||
/* If there is a src, a dst, and a time, then the line should be usable/good */
|
||||
|
@ -205,7 +215,7 @@ function parse_filter_line($line) {
|
|||
}
|
||||
|
||||
function parse_ipport($addr) {
|
||||
$addr = rtrim($addr, ":");
|
||||
$addr = trim(rtrim($addr, ":"));
|
||||
if (substr($addr, 0, 4) == "kip ")
|
||||
$addr = substr($addr, 4);
|
||||
$port = '';
|
||||
|
@ -292,7 +302,7 @@ function find_rule_by_number_buffer($rulenum, $type){
|
|||
} else {
|
||||
$ruleString = $buffer_rules_normal["@".$rulenum];
|
||||
list(,$rulename,) = explode("\"",$ruleString);
|
||||
$rulename = str_replace("USER_RULE: ",'<img src="/themes/'.$g['theme'].'/images/icons/icon_frmfld_user.png" width="11" height="12" title="USER_RULE" alt="USER_RULE"/> ',$rulename);
|
||||
$rulename = str_replace("USER_RULE: ",'<img src="/themes/'.$g['theme'].'/images/icons/icon_frmfld_user.png" width="11" height="12" title="USER_RULE" alt="USER_RULE"/> ',htmlspecialchars($rulename));
|
||||
}
|
||||
return $rulename." (@".$rulenum.")";
|
||||
}
|
||||
|
|
|
@ -2,8 +2,8 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
globals.inc
|
||||
part of pfSense (www.pfsense.com)
|
||||
Copyright (C) 2004-2010 Scott Ullrich
|
||||
part of pfSense (www.pfsense.org)
|
||||
Copyright (C) 2004-2014 Electric Sheep Fencing LLC
|
||||
|
||||
Originally Part of m0n0wall
|
||||
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
|
||||
|
@ -34,6 +34,7 @@
|
|||
|
||||
*/
|
||||
|
||||
global $g;
|
||||
$g = array(
|
||||
"base_packages" => "siproxd",
|
||||
"event_address" => "unix:///var/run/check_reload_status",
|
||||
|
@ -56,11 +57,11 @@ $g = array(
|
|||
"xml_rootobj" => "pfsense",
|
||||
"admin_group" => "admins",
|
||||
"product_name" => "pfSense",
|
||||
"product_copyright" => "BSD Perimeter LLC",
|
||||
"product_copyright_url" => "http://www.bsdperimeter.com",
|
||||
"product_copyright_years" => "2004 - 2013",
|
||||
"product_copyright" => "Electric Sheep Fencing LLC",
|
||||
"product_copyright_url" => "http://www.electricsheepfencing.com",
|
||||
"product_copyright_years" => "2004 - 2014",
|
||||
"product_website" => "www.pfsense.org",
|
||||
"product_website_footer" => "http://www.pfsense.org/?gui21",
|
||||
"product_website_footer" => "https://www.pfsense.org/?gui211",
|
||||
"product_email" => "coreteam@pfsense.org",
|
||||
"hideplatform" => false,
|
||||
"hidedownloadbackup" => false,
|
||||
|
@ -69,9 +70,9 @@ $g = array(
|
|||
"disablehelpmenu" => false,
|
||||
"disablehelpicon" => false,
|
||||
"disablecrashreporter" => false,
|
||||
"crashreporterurl" => "http://crashreporter.pfsense.org/crash_reporter.php",
|
||||
"crashreporterurl" => "https://crashreporter.pfsense.org/crash_reporter.php",
|
||||
"debug" => false,
|
||||
"latest_config" => "9.5",
|
||||
"latest_config" => "10.1",
|
||||
"nopkg_platforms" => array("cdrom"),
|
||||
"minimum_ram_warning" => "101",
|
||||
"minimum_ram_warning_text" => "128 MB",
|
||||
|
@ -79,11 +80,11 @@ $g = array(
|
|||
"minimum_nic_count_text" => "*AT LEAST* 1",
|
||||
"wan_interface_name" => "wan",
|
||||
"nopccard_platforms" => array("wrap", "net48xx"),
|
||||
"xmlrpcbaseurl" => "www.pfsense.com",
|
||||
"xmlrpcbaseurl" => "https://packages.pfsense.org",
|
||||
"captiveportal_path" => "/usr/local/captiveportal",
|
||||
"captiveportal_element_path" => "/var/db/cpelements",
|
||||
"captiveportal_element_sizelimit" => 1048576,
|
||||
"xmlrpcpath" => "/pfSense/xmlrpc.php",
|
||||
"xmlrpcpath" => "/xmlrpc.php",
|
||||
"embeddedbootupslice" => "/dev/ad0a",
|
||||
"services_dhcp_server_enable" => true,
|
||||
"wireless_regex" => "/^(ndis|wi|ath|an|ral|ural|iwi|wlan|rum|run|bwn|zyd|mwl|bwi|ipw|iwn|malo|uath|upgt|urtw|wpi)/",
|
||||
|
@ -98,17 +99,19 @@ $tcpflags = array("syn", "ack", "fin", "rst", "psh", "urg", "ece", "cwr");
|
|||
|
||||
if(file_exists("/etc/platform")) {
|
||||
$arch = php_uname("m");
|
||||
$arch = ($arch == "i386") ? "" : '/' . $arch;
|
||||
|
||||
/* Full installs and NanoBSD use the same update directory and manifest in 2.x */
|
||||
$g['update_url']="https://updates.pfsense.org/_updaters{$arch}";
|
||||
$g['update_manifest']="https://updates.pfsense.org/manifest";
|
||||
|
||||
$g['platform'] = trim(file_get_contents("/etc/platform"));
|
||||
if($g['platform'] == "nanobsd") {
|
||||
$g['update_url']="http://snapshots.pfsense.org/FreeBSD_RELENG_8_3/{$arch}/pfSense_HEAD/.updaters/";
|
||||
$g['update_manifest']="http://updates.pfSense.com/nanobsd/manifest";
|
||||
$g['firmware_update_text']="pfSense-*.img.gz";
|
||||
$g['hidedownloadbackup'] = true;
|
||||
$g['hidebackupbeforeupgrade'] = true;
|
||||
|
||||
} else {
|
||||
$g['update_url']="http://snapshots.pfsense.org/FreeBSD_RELENG_8_3/{$arch}/pfSense_HEAD/.updaters/";
|
||||
$g['update_manifest']="http://updates.pfSense.com/manifest";
|
||||
$g['firmware_update_text']="pfSense-*.tgz";
|
||||
}
|
||||
}
|
||||
|
@ -152,6 +155,10 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024",
|
|||
"net.inet.udp.checksum" => 1
|
||||
);
|
||||
|
||||
/* Include override values for the above if needed. If the file doesn't exist, don't try to load it. */
|
||||
if (file_exists("/etc/inc/globals_override.inc"))
|
||||
@include("globals_override.inc");
|
||||
|
||||
$config_parsed = false;
|
||||
|
||||
?>
|
||||
|
|
130
etc/inc/gwlb.inc
130
etc/inc/gwlb.inc
|
@ -25,7 +25,7 @@
|
|||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
pfSense_BUILDER_BINARIES: /usr/bin/killall /sbin/route /usr/local/sbin/apinger
|
||||
pfSense_BUILDER_BINARIES: /sbin/route /usr/local/sbin/apinger
|
||||
pfSense_MODULE: routing
|
||||
|
||||
*/
|
||||
|
@ -58,7 +58,6 @@ function setup_gateways_monitor() {
|
|||
}
|
||||
|
||||
$apinger_default = return_apinger_defaults();
|
||||
$fd = fopen("{$g['varetc_path']}/apinger.conf", "w");
|
||||
$apingerconfig = <<<EOD
|
||||
|
||||
# pfSense apinger configuration file. Automatically Generated!
|
||||
|
@ -163,21 +162,45 @@ EOD;
|
|||
$gwifip = find_interface_ip($gateway['interface'], true);
|
||||
if (!is_ipaddrv4($gwifip))
|
||||
continue; //Skip this target
|
||||
|
||||
/*
|
||||
* If the gateway is the same as the monitor we do not add a
|
||||
* route as this will break the routing table.
|
||||
* Add static routes for each gateway with their monitor IP
|
||||
* not strictly necessary but is a added level of protection.
|
||||
*/
|
||||
if (is_ipaddrv4($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) {
|
||||
log_error("Removing static route for monitor {$gateway['monitor']} and adding a new route through {$gateway['gateway']}");
|
||||
mwexec("/sbin/route change -host " . escapeshellarg($gateway['monitor']) .
|
||||
" " . escapeshellarg($gateway['gateway']), true);
|
||||
}
|
||||
} else if (is_ipaddrv6($gateway['gateway'])) {
|
||||
/* link locals really need a different src ip */
|
||||
if(is_linklocal($gateway['gateway'])) {
|
||||
$linklocal = explode("%", find_interface_ipv6_ll($gateway['interface'], true));
|
||||
$gwifip = $linklocal[0];
|
||||
$ifscope = "%". $linklocal[1];
|
||||
$gwifip = find_interface_ipv6_ll($gateway['interface'], true);
|
||||
} else {
|
||||
$gwifip = find_interface_ipv6($gateway['interface'], true);
|
||||
}
|
||||
if (is_linklocal($gateway['monitor']) && !strstr($gateway['monitor'], '%'))
|
||||
$gateway['monitor'] .= "%{$gateway['interface']}";
|
||||
if (!is_ipaddrv6($gwifip))
|
||||
continue; //Skip this target
|
||||
|
||||
/*
|
||||
* If the gateway is the same as the monitor we do not add a
|
||||
* route as this will break the routing table.
|
||||
* Add static routes for each gateway with their monitor IP
|
||||
* not strictly necessary but is a added level of protection.
|
||||
*/
|
||||
if (is_ipaddrv6($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) {
|
||||
log_error("Removing static route for monitor {$gateway['monitor']} and adding a new route through {$gateway['gateway']}");
|
||||
mwexec("/sbin/route change -host -inet6 " . escapeshellarg($gateway['monitor']) .
|
||||
" " . escapeshellarg($gateway['gateway']), true);
|
||||
}
|
||||
} else
|
||||
continue;
|
||||
|
||||
$monitor_ips[] = monitor_ips;
|
||||
$monitor_ips[] = $gateway['monitor'];
|
||||
$apingercfg = "target \"{$gateway['monitor']}\" {\n";
|
||||
$apingercfg .= " description \"{$name}\"\n";
|
||||
$apingercfg .= " srcip \"{$gwifip}\"\n";
|
||||
|
@ -234,31 +257,13 @@ EOD;
|
|||
$apingercfg .= " rrd file \"{$g['vardb_path']}/rrd/{$gateway['name']}-quality.rrd\"\n";
|
||||
$apingercfg .= "}\n";
|
||||
$apingercfg .= "\n";
|
||||
/*
|
||||
* If the gateway is the same as the monitor we do not add a
|
||||
* route as this will break the routing table.
|
||||
* Add static routes for each gateway with their monitor IP
|
||||
* not strictly necessary but is a added level of protection.
|
||||
*/
|
||||
if (is_ipaddr($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) {
|
||||
log_error(sprintf(gettext('Removing static route for monitor %1$s and adding a new route through %2$s'), $gateway['monitor'], $gateway['gateway']));
|
||||
if(is_ipaddrv6($gateway['gateway'])) {
|
||||
$inetfamily = "-inet6";
|
||||
} else {
|
||||
$inetfamily = "-inet";
|
||||
}
|
||||
// mwexec("/sbin/route change {$inetfamily} -host " . escapeshellarg($gateway['monitor']) .
|
||||
// " " . escapeshellarg($gateway['gateway']), true);
|
||||
}
|
||||
|
||||
$apingerconfig .= $alarmscfg;
|
||||
$apingerconfig .= $apingercfg;
|
||||
}
|
||||
fwrite($fd, $apingerconfig);
|
||||
fclose($fd);
|
||||
@file_put_contents("{$g['varetc_path']}/apinger.conf", $apingerconfig);
|
||||
unset($apingerconfig);
|
||||
|
||||
killbypid("{$g['varrun_path']}/apinger.pid");
|
||||
if (is_dir("{$g['tmp_path']}"))
|
||||
chmod("{$g['tmp_path']}", 01777);
|
||||
if (!is_dir("{$g['vardb_path']}/rrd"))
|
||||
|
@ -266,10 +271,16 @@ EOD;
|
|||
|
||||
@chown("{$g['vardb_path']}/rrd", "nobody");
|
||||
|
||||
/* start a new apinger process */
|
||||
@unlink("{$g['varrun_path']}/apinger.status");
|
||||
sleep(1);
|
||||
mwexec_bg("/usr/local/sbin/apinger -c {$g['varetc_path']}/apinger.conf");
|
||||
if (isvalidpid("{$g['varrun_path']}/apinger.pid"))
|
||||
sigkillbypid("{$g['varrun_path']}/apinger.pid", "HUP");
|
||||
else {
|
||||
/* start a new apinger process */
|
||||
@unlink("{$g['varrun_path']}/apinger.status");
|
||||
sleep(1);
|
||||
mwexec_bg("/usr/local/sbin/apinger -c {$g['varetc_path']}/apinger.conf");
|
||||
sleep(1);
|
||||
sigkillbypid("{$g['varrun_path']}/apinger.pid", "USR1");
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -279,9 +290,13 @@ function return_gateways_status($byname = false) {
|
|||
global $config, $g;
|
||||
|
||||
$apingerstatus = array();
|
||||
/* Always get the latest status from apinger */
|
||||
if (file_exists("{$g['varrun_path']}/apinger.pid"))
|
||||
sigkillbypid("{$g['varrun_path']}/apinger.pid", "USR1");
|
||||
if (file_exists("{$g['varrun_path']}/apinger.status")) {
|
||||
$apingerstatus = file("{$g['varrun_path']}/apinger.status");
|
||||
}
|
||||
} else
|
||||
$apingerstatus = array();
|
||||
|
||||
$status = array();
|
||||
foreach($apingerstatus as $line) {
|
||||
|
@ -352,26 +367,30 @@ function return_gateways_array($disabled = false, $localhost = false) {
|
|||
$found_defaultv4 = 0;
|
||||
$found_defaultv6 = 0;
|
||||
|
||||
// Ensure the interface cache is up to date first
|
||||
$interfaces = get_interface_arr(true);
|
||||
$interfaces_v4 = array();
|
||||
$interfaces_v6 = array();
|
||||
|
||||
$i = 0;
|
||||
$i = -1;
|
||||
/* Process/add all the configured gateways. */
|
||||
if (is_array($config['gateways']['gateway_item'])) {
|
||||
foreach ($config['gateways']['gateway_item'] as $gateway) {
|
||||
/* Increment it here to do not skip items */
|
||||
$i++;
|
||||
|
||||
if (empty($config['interfaces'][$gateway['interface']]))
|
||||
continue;
|
||||
$wancfg = $config['interfaces'][$gateway['interface']];
|
||||
|
||||
/* skip disabled interfaces */
|
||||
if (!isset($wancfg['enable']))
|
||||
if ($disabled === false && !isset($wancfg['enable']))
|
||||
continue;
|
||||
|
||||
/* if the gateway is dynamic and we can find the IPv4, Great! */
|
||||
if (empty($gateway['gateway']) || $gateway['gateway'] == "dynamic" || $gateway['gateway'] == "dynamic6") {
|
||||
if (empty($gateway['gateway']) || $gateway['gateway'] == "dynamic") {
|
||||
if ($gateway['ipprotocol'] == "inet") {
|
||||
/* we know which interfaces is dynamic, this should be made a function */
|
||||
$gateway['ipprotocol'] = "inet";
|
||||
$gateway['gateway'] = get_interface_gateway($gateway['interface']);
|
||||
/* no IP address found, set to dynamic */
|
||||
if (!is_ipaddrv4($gateway['gateway']))
|
||||
|
@ -379,14 +398,13 @@ function return_gateways_array($disabled = false, $localhost = false) {
|
|||
$gateway['dynamic'] = true;
|
||||
}
|
||||
|
||||
/* if the gateway is dynamic6 and we can find the IPv6, Great! */
|
||||
/* if the gateway is dynamic and we can find the IPv6, Great! */
|
||||
else if ($gateway['ipprotocol'] == "inet6") {
|
||||
/* we know which interfaces is dynamic, this should be made a function, and for v6 too */
|
||||
$gateway['ipprotocol'] = "inet6";
|
||||
$gateway['gateway'] = get_interface_gateway_v6($gateway['interface']);
|
||||
/* no IPv6 address found, set to dynamic6 */
|
||||
/* no IPv6 address found, set to dynamic */
|
||||
if (!is_ipaddrv6($gateway['gateway']))
|
||||
$gateway['gateway'] = "dynamic6";
|
||||
$gateway['gateway'] = "dynamic";
|
||||
$gateway['dynamic'] = true;
|
||||
}
|
||||
} else {
|
||||
|
@ -407,10 +425,10 @@ function return_gateways_array($disabled = false, $localhost = false) {
|
|||
|
||||
/* special treatment for tunnel interfaces */
|
||||
if ($gateway['ipprotocol'] == "inet6") {
|
||||
$gateway['interface'] = get_real_interface($gateway['interface'], "inet6");
|
||||
$gateway['interface'] = get_real_interface($gateway['interface'], "inet6", false, false);
|
||||
$interfaces_v6[$gateway['friendlyiface']] = $gateway['friendlyiface'];
|
||||
} else {
|
||||
$gateway['interface'] = get_real_interface($gateway['interface']);
|
||||
$gateway['interface'] = get_real_interface($gateway['interface'], "all", false, false);
|
||||
$interfaces_v4[$gateway['friendlyiface']] = $gateway['friendlyiface'];
|
||||
}
|
||||
|
||||
|
@ -428,7 +446,6 @@ function return_gateways_array($disabled = false, $localhost = false) {
|
|||
$gateway['attribute'] = $i;
|
||||
|
||||
$gateways_arr[$gateway['name']] = $gateway;
|
||||
$i++;
|
||||
}
|
||||
}
|
||||
unset($gateway);
|
||||
|
@ -536,8 +553,11 @@ function return_gateways_array($disabled = false, $localhost = false) {
|
|||
$ctype = strtoupper($ifcfg['ipaddrv6']);
|
||||
break;
|
||||
default:
|
||||
$tunnelif = substr($ifcfg['if'], 0, 3);
|
||||
if (substr($ifcfg['if'], 0, 4) == "ovpn")
|
||||
$ctype = "VPNv6";
|
||||
else if ($tunnelif == "gif" || $tunnelif == "gre")
|
||||
$ctype = "TUNNELv6";
|
||||
break;
|
||||
}
|
||||
$ctype = "_". strtoupper($ctype);
|
||||
|
@ -565,7 +585,7 @@ function return_gateways_array($disabled = false, $localhost = false) {
|
|||
|
||||
/* Loopback dummy for dynamic interfaces without a IP */
|
||||
if (!is_ipaddrv6($gateway['gateway']) && $gateway['dynamic'] == true)
|
||||
$gateway['gateway'] = "dynamic6";
|
||||
$gateway['gateway'] = "dynamic";
|
||||
|
||||
/* automatically skip known static and dynamic gateways we have a array entry for */
|
||||
foreach($gateways_arr as $gateway_item) {
|
||||
|
@ -650,7 +670,7 @@ function fixup_default_gateway($ipprotocol, $gateways_status, $gateways_arr) {
|
|||
$dfltgwdown = true;
|
||||
}
|
||||
if ($dfltgwdown == true && !empty($upgw)) {
|
||||
if (preg_match("/dynamic/i", $gateways_arr[$upgw]['gateway']))
|
||||
if ($gateways_arr[$upgw]['gateway'] == "dynamic")
|
||||
$gateways_arr[$upgw]['gateway'] = get_interface_gateway($gateways_arr[$upgw]['friendlyiface']);
|
||||
if (is_ipaddr($gateways_arr[$upgw]['gateway'])) {
|
||||
log_error("Default gateway down setting {$upgw} as default!");
|
||||
|
@ -692,7 +712,7 @@ function return_gateway_groups_array() {
|
|||
if (is_array($config['gateways']['gateway_group'])) {
|
||||
$carplist = get_configured_carp_interface_list();
|
||||
foreach ($config['gateways']['gateway_group'] as $group) {
|
||||
/* create array with group gateways members seperated by tier */
|
||||
/* create array with group gateways members separated by tier */
|
||||
$tiers = array();
|
||||
$backupplan = array();
|
||||
$gwvip_arr = array();
|
||||
|
@ -700,7 +720,7 @@ function return_gateway_groups_array() {
|
|||
list($gwname, $tier, $vipname) = explode("|", $item);
|
||||
|
||||
if (is_ipaddr($carplist[$vipname])) {
|
||||
if (!is_array($group['name']))
|
||||
if (!is_array($gwvip_arr[$group['name']]))
|
||||
$gwvip_arr[$group['name']] = array();
|
||||
$gwvip_arr[$group['name']][$gwname] = $vipname;
|
||||
}
|
||||
|
@ -767,15 +787,17 @@ function return_gateway_groups_array() {
|
|||
else if (!empty($int))
|
||||
$gatewayip = get_interface_gateway($gateway['friendlyiface']);
|
||||
|
||||
if (!empty($int) && is_ipaddr($gatewayip)) {
|
||||
$groupmember = array();
|
||||
$groupmember['int'] = $int;
|
||||
$groupmember['gwip'] = $gatewayip;
|
||||
$groupmember['weight'] = isset($gateway['weight']) ? $gateway['weight'] : 1;
|
||||
if (is_array($gwvip_arr[$group['name']])&& !empty($gwvip_arr[$group['name']][$gwname]))
|
||||
$groupmember['vip'] = $gwvip_arr[$group['name']][$gwname];
|
||||
if (!empty($int)) {
|
||||
$gateway_groups_array[$group['name']]['ipprotocol'] = $gateway['ipprotocol'];
|
||||
$gateway_groups_array[$group['name']][] = $groupmember;
|
||||
if (is_ipaddr($gatewayip)) {
|
||||
$groupmember = array();
|
||||
$groupmember['int'] = $int;
|
||||
$groupmember['gwip'] = $gatewayip;
|
||||
$groupmember['weight'] = isset($gateway['weight']) ? $gateway['weight'] : 1;
|
||||
if (is_array($gwvip_arr[$group['name']])&& !empty($gwvip_arr[$group['name']][$member]))
|
||||
$groupmember['vip'] = $gwvip_arr[$group['name']][$member];
|
||||
$gateway_groups_array[$group['name']][] = $groupmember;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -862,7 +884,7 @@ function get_interface_gateway($interface, &$dynamic = false) {
|
|||
if (!is_ipaddrv4($gw) && !is_ipaddrv4($gwcfg['ipaddr'])) {
|
||||
$realif = get_real_interface($interface);
|
||||
if (file_exists("{$g['tmp_path']}/{$realif}_router")) {
|
||||
$gw = trim(file_get_contents("{$g['tmp_path']}/{$realif}_router"), " \n");
|
||||
$gw = trim(file_get_contents("{$g['tmp_path']}/{$realif}_router"), " \n");
|
||||
$dynamic = true;
|
||||
}
|
||||
if (file_exists("{$g['tmp_path']}/{$realif}_defaultgw"))
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -76,7 +76,7 @@ function parse_cisco_acl($attribs) {
|
|||
} else if (strstr($rule[0], "route")) {
|
||||
if (!is_array($attributes['routes']))
|
||||
$attributes['routes'] = array();
|
||||
$attributes['routes'][] = $route[1];
|
||||
$attributes['routes'][] = $rule[1];
|
||||
continue;
|
||||
}
|
||||
$rindex = cisco_extract_index($rule[0]);
|
||||
|
@ -120,7 +120,7 @@ function parse_cisco_acl($attribs) {
|
|||
$tmprule .= "from any";
|
||||
$index++;
|
||||
} else {
|
||||
$tmprule .= "from $rule[$index]";
|
||||
$tmprule .= "from {$rule[$index]}";
|
||||
$index++;
|
||||
$netmask = cisco_to_cidr($rule[$index]);
|
||||
$tmprule .= "/{$netmask} ";
|
||||
|
@ -139,7 +139,7 @@ function parse_cisco_acl($attribs) {
|
|||
$index++;
|
||||
$tmprule .= "to any";
|
||||
} else {
|
||||
$tmprule .= "to $rule[$index]";
|
||||
$tmprule .= "to {$rule[$index]}";
|
||||
$index++;
|
||||
$netmask = cisco_to_cidr($rule[$index]);
|
||||
$tmprule .= "/{$netmask} ";
|
||||
|
@ -175,9 +175,10 @@ function parse_cisco_acl($attribs) {
|
|||
|
||||
$rules = parse_cisco_acl($attributes);
|
||||
if (!empty($rules)) {
|
||||
@file_put_contents("/tmp/{$common_name}.rules", $rules);
|
||||
mwexec("/sbin/pfctl -a \"ipsec/{$common_name}\" -f {$g['tmp_path']}/{$common_name}.rules");
|
||||
@unlink("{$g['tmp_path']}/{$common_name}.rules");
|
||||
$pid = posix_getpid();
|
||||
@file_put_contents("/tmp/ipsec_{$pid}{$common_name}.rules", $rules);
|
||||
mwexec("/sbin/pfctl -a " . escapeshellarg("ipsec/{$common_name}") . " -f {$g['tmp_path']}/ipsec_{$pid}" . escapeshellarg($common_name) . ".rules");
|
||||
@unlink("{$g['tmp_path']}/ipsec_{$pid}{$common_name}.rules");
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -56,11 +56,10 @@ function getNasID()
|
|||
{
|
||||
global $g;
|
||||
|
||||
$nasId = "";
|
||||
exec("/bin/hostname", $nasId);
|
||||
if(!$nasId[0])
|
||||
$nasId[0] = "{$g['product_name']}";
|
||||
return $nasId[0];
|
||||
$nasId = gethostname();
|
||||
if(empty($nasId))
|
||||
$nasId = $g['product_name'];
|
||||
return $nasId;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -61,7 +61,7 @@ function led_blink($led, $speed=0) {
|
|||
* Letters a-j are off from 1/10s to 1s
|
||||
*/
|
||||
function led_pattern($led, $pattern, $repeat=true) {
|
||||
/* End with a . to stop after one interation. */
|
||||
/* End with a . to stop after one iteration. */
|
||||
$end = $repeat ? "" : ".";
|
||||
return led_ctl($led, "s{$pattern}{$end}");
|
||||
}
|
||||
|
|
|
@ -265,15 +265,12 @@ function are_notices_pending($category = "all") {
|
|||
* RESULT
|
||||
* returns true if message was sent
|
||||
******/
|
||||
function notify_via_smtp($message) {
|
||||
function notify_via_smtp($message, $force = false) {
|
||||
global $config, $g;
|
||||
if($g['booting'])
|
||||
return;
|
||||
|
||||
if(!$config['notifications']['smtp']['ipaddress'])
|
||||
return;
|
||||
|
||||
if(!$config['notifications']['smtp']['notifyemailaddress'])
|
||||
if(isset($config['notifications']['smtp']['disable']) && !$force)
|
||||
return;
|
||||
|
||||
/* Do NOT send the same message twice */
|
||||
|
@ -283,9 +280,26 @@ function notify_via_smtp($message) {
|
|||
return;
|
||||
}
|
||||
|
||||
/* Store last message sent to avoid spamming */
|
||||
$fd = fopen("/var/db/notices_lastmsg.txt", "w");
|
||||
fwrite($fd, $message);
|
||||
fclose($fd);
|
||||
|
||||
send_smtp_message($message, "{$config['system']['hostname']}.{$config['system']['domain']} - Notification");
|
||||
return;
|
||||
}
|
||||
|
||||
function send_smtp_message($message, $subject = "(no subject)") {
|
||||
global $config, $g;
|
||||
require_once("sasl.inc");
|
||||
require_once("smtp.inc");
|
||||
|
||||
if(!$config['notifications']['smtp']['ipaddress'])
|
||||
return;
|
||||
|
||||
if(!$config['notifications']['smtp']['notifyemailaddress'])
|
||||
return;
|
||||
|
||||
$smtp = new smtp_class;
|
||||
|
||||
$from = "pfsense@{$config['system']['hostname']}.{$config['system']['domain']}";
|
||||
|
@ -296,6 +310,7 @@ function notify_via_smtp($message) {
|
|||
|
||||
$smtp->direct_delivery = 0;
|
||||
$smtp->ssl = ($config['notifications']['smtp']['ssl'] == "checked") ? 1 : 0;
|
||||
$smtp->tls = ($config['notifications']['smtp']['tls'] == "checked") ? 1 : 0;
|
||||
$smtp->debug = 0;
|
||||
$smtp->html_debug = 0;
|
||||
$smtp->localhost=$config['system']['hostname'].".".$config['system']['domain'];
|
||||
|
@ -314,15 +329,10 @@ function notify_via_smtp($message) {
|
|||
$headers = array(
|
||||
"From: {$from}",
|
||||
"To: {$to}",
|
||||
"Subject: {$config['system']['hostname']}.{$config['system']['domain']} - Notification",
|
||||
"Subject: {$subject}",
|
||||
"Date: ".date("r")
|
||||
);
|
||||
|
||||
/* Store last message sent to avoid spamming */
|
||||
$fd = fopen("/var/db/notices_lastmsg.txt", "w");
|
||||
fwrite($fd, $message);
|
||||
fclose($fd);
|
||||
|
||||
if($smtp->SendMessage($from, preg_split('/\s*,\s*/', trim($to)), $headers, $message)) {
|
||||
log_error(sprintf(gettext("Message sent to %s OK"), $to));
|
||||
return;
|
||||
|
@ -330,10 +340,8 @@ function notify_via_smtp($message) {
|
|||
log_error(sprintf(gettext('Could not send the message to %1$s -- Error: %2$s'), $to, $smtp->error));
|
||||
return(sprintf(gettext('Could not send the message to %1$s -- Error: %2$s'), $to, $smtp->error));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
/****f* notices/notify_via_growl
|
||||
* NAME
|
||||
* notify_via_growl
|
||||
|
@ -342,10 +350,13 @@ function notify_via_smtp($message) {
|
|||
* RESULT
|
||||
* returns true if message was sent
|
||||
******/
|
||||
function notify_via_growl($message) {
|
||||
function notify_via_growl($message, $force=false) {
|
||||
require_once("growl.class");
|
||||
global $config,$g;
|
||||
|
||||
if (isset($config['notifications']['growl']['disable']) && !$force)
|
||||
return;
|
||||
|
||||
/* Do NOT send the same message twice */
|
||||
if(file_exists("/var/db/growlnotices_lastmsg.txt")) {
|
||||
$lastmsg = trim(file_get_contents("/var/db/growlnotices_lastmsg.txt"));
|
||||
|
|
|
@ -78,7 +78,7 @@ function parse_cisco_acl($attribs) {
|
|||
} else if (strstr($rule[0], "route")) {
|
||||
if (!is_array($attributes['routes']))
|
||||
$attributes['routes'] = array();
|
||||
$attributes['routes'][] = $route[1];
|
||||
$attributes['routes'][] = $rule[1];
|
||||
continue;
|
||||
}
|
||||
$rindex = cisco_extract_index($rule[0]);
|
||||
|
@ -122,7 +122,7 @@ function parse_cisco_acl($attribs) {
|
|||
$tmprule .= "from any";
|
||||
$index++;
|
||||
} else {
|
||||
$tmprule .= "from $rule[$index]";
|
||||
$tmprule .= "from {$rule[$index]}";
|
||||
$index++;
|
||||
$netmask = cisco_to_cidr($rule[$index]);
|
||||
$tmprule .= "/{$netmask} ";
|
||||
|
@ -141,7 +141,7 @@ function parse_cisco_acl($attribs) {
|
|||
$index++;
|
||||
$tmprule .= "to any";
|
||||
} else {
|
||||
$tmprule .= "to $rule[$index]";
|
||||
$tmprule .= "to {$rule[$index]}";
|
||||
$index++;
|
||||
$netmask = cisco_to_cidr($rule[$index]);
|
||||
$tmprule .= "/{$netmask} ";
|
||||
|
@ -177,9 +177,10 @@ function parse_cisco_acl($attribs) {
|
|||
|
||||
$rules = parse_cisco_acl($attributes);
|
||||
if (!empty($rules)) {
|
||||
@file_put_contents("/tmp/{$common_name}.rules", $rules);
|
||||
mwexec("/sbin/pfctl -a \"openvpn/{$common_name}\" -f {$g['tmp_path']}/{$common_name}.rules");
|
||||
@unlink("{$g['tmp_path']}/{$common_name}.rules");
|
||||
$pid = posix_getpid();
|
||||
@file_put_contents("/tmp/ovpn_{$pid}{$common_name}.rules", $rules);
|
||||
mwexec("/sbin/pfctl -a " . escapeshellarg("openvpn/{$common_name}") . " -f {$g['tmp_path']}/ovpn_{$pid}" . escapeshellarg($common_name) . ".rules");
|
||||
@unlink("{$g['tmp_path']}/ovpn_{$pid}{$common_name}.rules");
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -57,11 +57,10 @@ function getNasID()
|
|||
{
|
||||
global $g;
|
||||
|
||||
$nasId = "";
|
||||
exec("/bin/hostname", $nasId);
|
||||
if(!$nasId[0])
|
||||
$nasId[0] = "{$g['product_name']}";
|
||||
return $nasId[0];
|
||||
$nasId = gethostname();
|
||||
if(empty($nasId))
|
||||
$nasId = $g['product_name'];
|
||||
return $nasId;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -49,8 +49,10 @@ require_once("certs.inc");
|
|||
require_once('pfsense-utils.inc');
|
||||
require_once("auth.inc");
|
||||
|
||||
global $openvpn_prots;
|
||||
$openvpn_prots = array("UDP", "UDP6", "TCP", "TCP6");
|
||||
|
||||
global $openvpn_dev_mode;
|
||||
$openvpn_dev_mode = array("tun", "tap");
|
||||
|
||||
/*
|
||||
|
@ -66,9 +68,11 @@ $openvpn_dev_mode = array("tun", "tap");
|
|||
* -mgrooms
|
||||
*/
|
||||
|
||||
global $openvpn_dh_lengths;
|
||||
$openvpn_dh_lengths = array(
|
||||
1024, 2048, 4096 );
|
||||
|
||||
global $openvpn_cert_depths;
|
||||
$openvpn_cert_depths = array(
|
||||
1 => "One (Client+Server)",
|
||||
2 => "Two (Client+Intermediate+Server)",
|
||||
|
@ -77,6 +81,7 @@ $openvpn_cert_depths = array(
|
|||
5 => "Five (Client+4xIntermediate+Server)"
|
||||
);
|
||||
|
||||
global $openvpn_server_modes;
|
||||
$openvpn_server_modes = array(
|
||||
'p2p_tls' => gettext("Peer to Peer ( SSL/TLS )"),
|
||||
'p2p_shared_key' => gettext("Peer to Peer ( Shared Key )"),
|
||||
|
@ -84,6 +89,7 @@ $openvpn_server_modes = array(
|
|||
'server_user' => gettext("Remote Access ( User Auth )"),
|
||||
'server_tls_user' => gettext("Remote Access ( SSL/TLS + User Auth )"));
|
||||
|
||||
global $openvpn_client_modes;
|
||||
$openvpn_client_modes = array(
|
||||
'p2p_tls' => gettext("Peer to Peer ( SSL/TLS )"),
|
||||
'p2p_shared_key' => gettext("Peer to Peer ( Shared Key )") );
|
||||
|
@ -393,13 +399,13 @@ function openvpn_reconfigure($mode, $settings) {
|
|||
|
||||
/* create the tap device if required */
|
||||
if (!file_exists("/dev/{$tunname}"))
|
||||
exec("/sbin/ifconfig {$tunname} create");
|
||||
exec("/sbin/ifconfig " . escapeshellarg($tunname) . " create");
|
||||
|
||||
/* rename the device */
|
||||
mwexec("/sbin/ifconfig {$tunname} name {$devname}");
|
||||
mwexec("/sbin/ifconfig " . escapeshellarg($tunname) . " name " . escapeshellarg($devname));
|
||||
|
||||
/* add the device to the openvpn group */
|
||||
mwexec("/sbin/ifconfig {$devname} group openvpn");
|
||||
mwexec("/sbin/ifconfig " . escapeshellarg($devname) . " group openvpn");
|
||||
}
|
||||
|
||||
$pfile = $g['varrun_path'] . "/openvpn_{$mode_id}.pid";
|
||||
|
@ -532,6 +538,7 @@ function openvpn_reconfigure($mode, $settings) {
|
|||
$biface_sm=gen_subnet_mask(get_interface_subnet($settings['serverbridge_interface']));
|
||||
if (is_ipaddrv4($biface_ip) && is_ipaddrv4($settings['serverbridge_dhcp_start']) && is_ipaddrv4($settings['serverbridge_dhcp_end'])) {
|
||||
$conf .= "server-bridge {$biface_ip} {$biface_sm} {$settings['serverbridge_dhcp_start']} {$settings['serverbridge_dhcp_end']}\n";
|
||||
$conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n";
|
||||
} else {
|
||||
$conf .= "mode server\n";
|
||||
}
|
||||
|
@ -784,10 +791,18 @@ function openvpn_restart($mode, $settings) {
|
|||
if (($mode == "client") && strstr($settings['interface'], "_vip") && (get_carp_interface_status($settings['interface']) == "BACKUP"))
|
||||
return;
|
||||
|
||||
/* Check if client is bound to a gateway group */
|
||||
$a_groups = return_gateway_groups_array();
|
||||
if (is_array($a_groups[$settings['interface']])) {
|
||||
/* the interface is a gateway group. If a vip is defined and its a CARP backup then do not start */
|
||||
if (($a_groups[$settings['interface']][0]['vip'] <> "") && (get_carp_interface_status($a_groups[$settings['interface']][0]['vip']) == "BACKUP"))
|
||||
return;
|
||||
}
|
||||
|
||||
/* start the new process */
|
||||
$fpath = $g['varetc_path']."/openvpn/{$mode_id}.conf";
|
||||
openvpn_clear_route($mode, $settings);
|
||||
mwexec_bg("/usr/local/sbin/openvpn --config {$fpath}");
|
||||
mwexec_bg("/usr/local/sbin/openvpn --config " . escapeshellarg($fpath));
|
||||
|
||||
if (!$g['booting'])
|
||||
send_event("filter reload");
|
||||
|
@ -823,13 +838,23 @@ function openvpn_delete($mode, & $settings) {
|
|||
}
|
||||
|
||||
/* remove the device from the openvpn group */
|
||||
mwexec("/sbin/ifconfig {$devname} -group openvpn");
|
||||
mwexec("/sbin/ifconfig " . escapeshellarg($devname) . " -group openvpn");
|
||||
|
||||
/* restore the original adapter name */
|
||||
mwexec("/sbin/ifconfig {$devname} name {$tunname}");
|
||||
mwexec("/sbin/ifconfig " . escapeshellarg($devname) . " name " . escapeshellarg($tunname));
|
||||
|
||||
/* remove the configuration files */
|
||||
mwexec("/bin/rm {$g['varetc_path']}/openvpn/{$mode_id}.*");
|
||||
array_map('unlink', glob("{$g['varetc_path']}/openvpn/{$mode_id}.*"));
|
||||
}
|
||||
|
||||
function openvpn_cleanup_csc($common_name) {
|
||||
global $g, $config;
|
||||
if (empty($common_name))
|
||||
return;
|
||||
$fpath = "{$g['varetc_path']}/openvpn-csc/" . basename($common_name);
|
||||
if (is_file($fpath))
|
||||
unlink_if_exists($fpath);
|
||||
return;
|
||||
}
|
||||
|
||||
function openvpn_resync_csc(& $settings) {
|
||||
|
|
|
@ -340,17 +340,17 @@ function get_carp_interface_status($carpinterface) {
|
|||
* get_pfsync_interface_status($pfsyncinterface): returns the status of a pfsync
|
||||
*/
|
||||
function get_pfsync_interface_status($pfsyncinterface) {
|
||||
$result = does_interface_exist($pfsyncinterface);
|
||||
if($result <> true) return;
|
||||
$status = exec_command("/sbin/ifconfig {$pfsyncinterface} | /usr/bin/awk '/pfsync:/ {print \$5}'");
|
||||
return $status;
|
||||
if (!does_interface_exist($pfsyncinterface))
|
||||
return;
|
||||
|
||||
return exec_command("/sbin/ifconfig {$pfsyncinterface} | /usr/bin/awk '/pfsync:/ {print \$5}'");
|
||||
}
|
||||
|
||||
/*
|
||||
* add_rule_to_anchor($anchor, $rule): adds the specified rule to an anchor
|
||||
*/
|
||||
function add_rule_to_anchor($anchor, $rule, $label) {
|
||||
mwexec("echo " . $rule . " | /sbin/pfctl -a " . $anchor . ":" . $label . " -f -");
|
||||
mwexec("echo " . escapeshellarg($rule) . " | /sbin/pfctl -a " . escapeshellarg($anchor) . ":" . escapeshellarg($label) . " -f -");
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -619,7 +619,7 @@ if (!function_exists('php_check_syntax')){
|
|||
if (!function_exists('php_check_syntax')){
|
||||
function php_check_syntax($code_to_check, &$errormessage){
|
||||
return false;
|
||||
$command = "/usr/local/bin/php -l " . $code_to_check;
|
||||
$command = "/usr/local/bin/php -l " . escapeshellarg($code_to_check);
|
||||
$output = exec_command($command);
|
||||
if (stristr($output, "Errors parsing") == false) {
|
||||
echo "false\n";
|
||||
|
@ -661,17 +661,19 @@ function rmdir_recursive($path,$follow_links=false) {
|
|||
}
|
||||
|
||||
/*
|
||||
* call_pfsense_method(): Call a method exposed by the pfsense.com XMLRPC server.
|
||||
* call_pfsense_method(): Call a method exposed by the pfsense.org XMLRPC server.
|
||||
*/
|
||||
function call_pfsense_method($method, $params, $timeout = 0) {
|
||||
global $g, $config;
|
||||
|
||||
$ip = gethostbyname($g['product_website']);
|
||||
if($ip == $g['product_website'])
|
||||
return false;
|
||||
|
||||
$xmlrpc_base_url = isset($config['system']['altpkgrepo']['enable']) ? $config['system']['altpkgrepo']['xmlrpcbaseurl'] : $g['xmlrpcbaseurl'];
|
||||
$xmlrpc_path = $g['xmlrpcpath'];
|
||||
|
||||
$xmlrpcfqdn = preg_replace("(https?://)", "", $xmlrpc_base_url);
|
||||
$ip = gethostbyname($xmlrpcfqdn);
|
||||
if($ip == $xmlrpcfqdn)
|
||||
return false;
|
||||
|
||||
$msg = new XML_RPC_Message($method, array(XML_RPC_Encode($params)));
|
||||
$port = 0;
|
||||
$proxyurl = "";
|
||||
|
@ -711,9 +713,11 @@ function call_pfsense_method($method, $params, $timeout = 0) {
|
|||
*/
|
||||
function check_firmware_version($tocheck = "all", $return_php = true) {
|
||||
global $g, $config;
|
||||
|
||||
$ip = gethostbyname($g['product_website']);
|
||||
if($ip == $g['product_website'])
|
||||
|
||||
$xmlrpc_base_url = isset($config['system']['altpkgrepo']['enable']) ? $config['system']['altpkgrepo']['xmlrpcbaseurl'] : $g['xmlrpcbaseurl'];
|
||||
$xmlrpcfqdn = preg_replace("(https?://)", "", $xmlrpc_base_url);
|
||||
$ip = gethostbyname($xmlrpcfqdn);
|
||||
if($ip == $xmlrpcfqdn)
|
||||
return false;
|
||||
|
||||
$rawparams = array("firmware" => array("version" => trim(file_get_contents('/etc/version'))),
|
||||
|
@ -749,10 +753,12 @@ function check_firmware_version($tocheck = "all", $return_php = true) {
|
|||
function host_firmware_version($tocheck = "") {
|
||||
global $g, $config;
|
||||
|
||||
$os_version = trim(substr(php_uname("r"), 0, strpos(php_uname("r"), '-')));
|
||||
|
||||
return array(
|
||||
"firmware" => array("version" => trim(file_get_contents('/etc/version', " \n"))),
|
||||
"kernel" => array("version" => trim(file_get_contents('/etc/version_kernel', " \n"))),
|
||||
"base" => array("version" => trim(file_get_contents('/etc/version_base', " \n"))),
|
||||
"kernel" => array("version" => $os_version),
|
||||
"base" => array("version" => $os_version),
|
||||
"platform" => trim(file_get_contents('/etc/platform', " \n")),
|
||||
"config_version" => $config['version']
|
||||
);
|
||||
|
@ -987,7 +993,7 @@ function setup_serial_port($when="save", $path="") {
|
|||
fwrite($fd, "{$bcs}\n");
|
||||
}
|
||||
}
|
||||
if(isset($config['system']['enableserial'])) {
|
||||
if(isset($config['system']['enableserial']) || $g['enableserial_force']) {
|
||||
fwrite($fd, "-D");
|
||||
}
|
||||
fclose($fd);
|
||||
|
@ -1012,11 +1018,19 @@ function setup_serial_port($when="save", $path="") {
|
|||
$new_boot_config[] = $bcs;
|
||||
|
||||
$serialspeed = (is_numeric($config['system']['serialspeed'])) ? $config['system']['serialspeed'] : "9600";
|
||||
if(isset($config['system']['enableserial'])) {
|
||||
if(isset($config['system']['enableserial']) || $g['enableserial_force']) {
|
||||
$new_boot_config[] = 'boot_multicons="YES"';
|
||||
$new_boot_config[] = 'boot_serial="YES"';
|
||||
$new_boot_config[] = 'comconsole_speed="' . $serialspeed . '"';
|
||||
$new_boot_config[] = 'console="comconsole,vidconsole"';
|
||||
$primaryconsole = isset($g['primaryconsole_force']) ? $g['primaryconsole_force'] : $config['system']['primaryconsole'];
|
||||
switch ($primaryconsole) {
|
||||
case "video":
|
||||
$new_boot_config[] = 'console="vidconsole,comconsole"';
|
||||
break;
|
||||
case "serial":
|
||||
default:
|
||||
$new_boot_config[] = 'console="comconsole,vidconsole"';
|
||||
}
|
||||
} elseif ($g['platform'] == "nanobsd") {
|
||||
$new_boot_config[] = 'comconsole_speed="' . $serialspeed . '"';
|
||||
}
|
||||
|
@ -1031,7 +1045,7 @@ function setup_serial_port($when="save", $path="") {
|
|||
$fd = fopen("/etc/ttys", "w");
|
||||
foreach($ttys_split as $tty) {
|
||||
if(stristr($tty, "ttyd0") or stristr($tty, "ttyu0")) {
|
||||
if(isset($config['system']['enableserial'])) {
|
||||
if(isset($config['system']['enableserial']) || $g['enableserial_force']) {
|
||||
fwrite($fd, "ttyu0 \"/usr/libexec/getty bootupcli\" cons25 on secure\n");
|
||||
} else {
|
||||
fwrite($fd, "ttyu0 \"/usr/libexec/getty bootupcli\" cons25 off secure\n");
|
||||
|
@ -1442,7 +1456,7 @@ function get_interface_info($ifdescr) {
|
|||
|
||||
//returns cpu speed of processor. Good for determining capabilities of machine
|
||||
function get_cpu_speed() {
|
||||
return exec("sysctl hw.clockrate | awk '{ print $2 }'");
|
||||
return exec("/sbin/sysctl -n hw.clockrate");
|
||||
}
|
||||
|
||||
function add_hostname_to_watch($hostname) {
|
||||
|
@ -1452,7 +1466,7 @@ function add_hostname_to_watch($hostname) {
|
|||
if((is_fqdn($hostname)) && (!is_ipaddr($hostname))) {
|
||||
$domrecords = array();
|
||||
$domips = array();
|
||||
exec("host -t A $hostname", $domrecords, $rethost);
|
||||
exec("host -t A " . escapeshellarg($hostname), $domrecords, $rethost);
|
||||
if($rethost == 0) {
|
||||
foreach($domrecords as $domr) {
|
||||
$doml = explode(" ", $domr);
|
||||
|
@ -1494,9 +1508,9 @@ function is_fqdn($fqdn) {
|
|||
function pfsense_default_state_size() {
|
||||
/* get system memory amount */
|
||||
$memory = get_memory();
|
||||
$avail = $memory[1];
|
||||
$physmem = $memory[0];
|
||||
/* Be cautious and only allocate 10% of system memory to the state table */
|
||||
$max_states = (int) ($avail/10)*1000;
|
||||
$max_states = (int) ($physmem/10)*1000;
|
||||
return $max_states;
|
||||
}
|
||||
|
||||
|
@ -1526,7 +1540,7 @@ function compare_hostname_to_dnscache($hostname) {
|
|||
if((is_fqdn($hostname)) && (!is_ipaddr($hostname))) {
|
||||
$domrecords = array();
|
||||
$domips = array();
|
||||
exec("host -t A $hostname", $domrecords, $rethost);
|
||||
exec("host -t A " . escapeshellarg($hostname), $domrecords, $rethost);
|
||||
if($rethost == 0) {
|
||||
foreach($domrecords as $domr) {
|
||||
$doml = explode(" ", $domr);
|
||||
|
@ -1772,9 +1786,9 @@ function update_progress_bar($percent, $first_time) {
|
|||
|
||||
/* Split() is being DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged. */
|
||||
if(!function_exists("split")) {
|
||||
function split($seperator, $haystack, $limit = null) {
|
||||
log_error("deprecated split() call with seperator '{$seperator}'");
|
||||
return preg_split($seperator, $haystack, $limit);
|
||||
function split($separator, $haystack, $limit = null) {
|
||||
log_error("deprecated split() call with separator '{$separator}'");
|
||||
return preg_split($separator, $haystack, $limit);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1835,9 +1849,6 @@ function update_alias_url_data() {
|
|||
/* fetch down and add in */
|
||||
$temp_filename = tempnam("{$g['tmp_path']}/", "alias_import");
|
||||
unlink($temp_filename);
|
||||
$fda = fopen("{$g['tmp_path']}/tmpfetch","w");
|
||||
fwrite($fda, "/usr/bin/fetch -T 5 -q -o \"{$temp_filename}/aliases\" \"" . $alias_url . "\"");
|
||||
fclose($fda);
|
||||
mwexec("/bin/mkdir -p {$temp_filename}");
|
||||
mwexec("/usr/bin/fetch -T 5 -q -o \"{$temp_filename}/aliases\" \"" . $alias_url . "\"");
|
||||
/* if the item is tar gzipped then extract */
|
||||
|
@ -1871,15 +1882,17 @@ function update_alias_url_data() {
|
|||
}
|
||||
}
|
||||
}
|
||||
if ($updated)
|
||||
write_config();
|
||||
unlock($lockkey);
|
||||
if ($updated) {
|
||||
write_config();
|
||||
send_event("filter reload");
|
||||
}
|
||||
}
|
||||
|
||||
function process_alias_unzip($temp_filename) {
|
||||
if(!file_exists("/usr/local/bin/unzip"))
|
||||
return;
|
||||
mwexec("/bin/mv {$temp_filename}/aliases {$temp_filename}/aliases.zip");
|
||||
rename("{$temp_filename}/aliases", "{$temp_filename}/aliases.zip");
|
||||
mwexec("/usr/local/bin/unzip {$temp_filename}/aliases.tgz -d {$temp_filename}/aliases/");
|
||||
unlink("{$temp_filename}/aliases.zip");
|
||||
$files_to_process = return_dir_as_array("{$temp_filename}/");
|
||||
|
@ -1896,7 +1909,7 @@ function process_alias_unzip($temp_filename) {
|
|||
function process_alias_tgz($temp_filename) {
|
||||
if(!file_exists("/usr/bin/tar"))
|
||||
return;
|
||||
mwexec("/bin/mv {$temp_filename}/aliases {$temp_filename}/aliases.tgz");
|
||||
rename("{$temp_filename}/aliases", "{$temp_filename}/aliases.tgz");
|
||||
mwexec("/usr/bin/tar xzf {$temp_filename}/aliases.tgz -C {$temp_filename}/aliases/");
|
||||
unlink("{$temp_filename}/aliases.tgz");
|
||||
$files_to_process = return_dir_as_array("{$temp_filename}/");
|
||||
|
@ -2016,7 +2029,7 @@ function process_alias_urltable($name, $url, $freq, $forceupdate=false) {
|
|||
|
||||
// If the file doesn't exist or is older than update_freq days, fetch a new copy.
|
||||
if (!file_exists($urltable_filename)
|
||||
|| ((time() - filemtime($urltable_filename)) > ($freq * 86400))
|
||||
|| ((time() - filemtime($urltable_filename)) > ($freq * 86400 - 90))
|
||||
|| $forceupdate) {
|
||||
|
||||
// Try to fetch the URL supplied
|
||||
|
@ -2029,7 +2042,7 @@ function process_alias_urltable($name, $url, $freq, $forceupdate=false) {
|
|||
mwexec("/usr/bin/sed 's/\;.*//g' ". escapeshellarg($urltable_filename . ".tmp") . "| /usr/bin/egrep -v '^[[:space:]]*$|^#' > " . escapeshellarg($urltable_filename));
|
||||
unlink_if_exists($urltable_filename . ".tmp");
|
||||
} else
|
||||
mwexec("/usr/bin/touch {$urltable_filename}");
|
||||
touch($urltable_filename);
|
||||
conf_mount_ro();
|
||||
return true;
|
||||
} else {
|
||||
|
@ -2122,10 +2135,10 @@ function nanobsd_update_fstab($gslice, $complete_path, $oldufs, $newufs) {
|
|||
$tmppath = "/tmp/{$gslice}";
|
||||
$fstabpath = "/tmp/{$gslice}/etc/fstab";
|
||||
|
||||
exec("/bin/mkdir {$tmppath}");
|
||||
mkdir($tmppath);
|
||||
exec("/sbin/fsck_ufs -y /dev/{$complete_path}");
|
||||
exec("/sbin/mount /dev/ufs/{$gslice} {$tmppath}");
|
||||
exec("/bin/cp /etc/fstab {$fstabpath}");
|
||||
copy("/etc/fstab", $fstabpath);
|
||||
|
||||
if (!file_exists($fstabpath)) {
|
||||
$fstab = <<<EOF
|
||||
|
@ -2140,7 +2153,7 @@ EOF;
|
|||
$status = exec("sed -i \"\" \"s/pfsense{$oldufs}/pfsense{$newufs}/g\" {$fstabpath}");
|
||||
}
|
||||
exec("/sbin/umount {$tmppath}");
|
||||
exec("/bin/rmdir {$tmppath}");
|
||||
rmdir($tmppath);
|
||||
|
||||
return $status;
|
||||
}
|
||||
|
|
|
@ -57,7 +57,7 @@ if(!function_exists("update_status")) {
|
|||
}
|
||||
if(!function_exists("update_output_window")) {
|
||||
function update_output_window($status) {
|
||||
echo $status . "\n";
|
||||
echo htmlspecialchars($status) . "\n";
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -102,7 +102,7 @@ function remove_freebsd_package($packagestring) {
|
|||
// The packagestring passed in must be the full PBI package name,
|
||||
// as displayed by the pbi_info utility. e.g. "package-1.2.3_4-i386"
|
||||
// It must NOT have ".pbi" on the end.
|
||||
exec("/usr/local/sbin/pbi_info {$packagestring} | /usr/bin/awk '/Prefix/ {print $2}'",$pbidir);
|
||||
exec("/usr/local/sbin/pbi_info " . escapeshellarg($packagestring) . " | /usr/bin/awk '/Prefix/ {print $2}'",$pbidir);
|
||||
$pbidir = $pbidir[0];
|
||||
if ($pbidir == "") {
|
||||
log_error("PBI dir for {$packagestring} was not found - cannot cleanup PBI files");
|
||||
|
@ -127,7 +127,7 @@ function remove_freebsd_package($packagestring) {
|
|||
}
|
||||
}
|
||||
|
||||
exec("/usr/local/sbin/pbi_delete {$packagestring} 2>>/tmp/pbi_delete_errors.txt");
|
||||
exec("/usr/local/sbin/pbi_delete " . escapeshellarg($packagestring) . " 2>>/tmp/pbi_delete_errors.txt");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -188,7 +188,7 @@ function get_pkg_internal_name($package) {
|
|||
|
||||
/****f* pkg-utils/get_pkg_info
|
||||
* NAME
|
||||
* get_pkg_info - Retrieve package information from pfsense.com.
|
||||
* get_pkg_info - Retrieve package information from package server.
|
||||
* INPUTS
|
||||
* $pkgs - 'all' to retrieve all packages, an array containing package names otherwise
|
||||
* $info - 'all' to retrieve all information, an array containing keys otherwise
|
||||
|
@ -279,7 +279,7 @@ function is_freebsd_pkg_installed($pkg) {
|
|||
if(!$pkg)
|
||||
return;
|
||||
$output = "";
|
||||
exec("/usr/local/sbin/pbi_info \"{$pkg}\"", $output, $retval);
|
||||
exec("/usr/local/sbin/pbi_info " . escapeshellarg($pkg), $output, $retval);
|
||||
|
||||
return (intval($retval) == 0);
|
||||
}
|
||||
|
@ -361,19 +361,6 @@ function uninstall_package($pkg_name) {
|
|||
global $config, $static_output;
|
||||
global $builder_package_install;
|
||||
|
||||
// Back up /usr/local/lib libraries first if
|
||||
// not running from the builder code.
|
||||
// also take into account rrd binaries
|
||||
if(!$builder_package_install) {
|
||||
if(!file_exists("/tmp/pkg_libs.tgz")) {
|
||||
$static_output .= "Backing up libraries... ";
|
||||
update_output_window($static_output);
|
||||
mwexec("/usr/bin/tar czPf /tmp/pkg_libs.tgz `/bin/cat /etc/pfSense_md5.txt | /usr/bin/grep 'local/lib' | /usr/bin/awk '{ print $2 }' | /usr/bin/cut -d'(' -f2 | /usr/bin/cut -d')' -f1`", true);
|
||||
mwexec("/usr/bin/tar czPf /tmp/pkg_bins.tgz `/bin/cat /etc/pfSense_md5.txt | /usr/bin/grep 'rrd' | /usr/bin/awk '{ print $2 }' | /usr/bin/cut -d'(' -f2 | /usr/bin/cut -d')' -f1`", true);
|
||||
$static_output .= "\n";
|
||||
}
|
||||
}
|
||||
|
||||
$id = get_pkg_id($pkg_name);
|
||||
if ($id >= 0) {
|
||||
stop_service(get_pkg_internal_name($config['installedpackages']['package'][$id]));
|
||||
|
@ -397,20 +384,11 @@ function uninstall_package($pkg_name) {
|
|||
}
|
||||
}
|
||||
}
|
||||
delete_package_xml($pkg_name);
|
||||
if (is_package_installed($pkg_name))
|
||||
delete_package_xml($pkg_name);
|
||||
|
||||
// Restore libraries that we backed up if not
|
||||
// running from the builder code.
|
||||
if(!$builder_package_install) {
|
||||
$static_output .= "Cleaning up... ";
|
||||
update_output_window($static_output);
|
||||
mwexec("/usr/bin/tar xzPfk /tmp/pkg_libs.tgz -C /", true);
|
||||
mwexec("/usr/bin/tar xzPfk /tmp/pkg_bins.tgz -C /", true);
|
||||
@unlink("/tmp/pkg_libs.tgz");
|
||||
@unlink("/tmp/pkg_bins.tgz");
|
||||
$static_output .= gettext("done.") . "\n";
|
||||
update_output_window($static_output);
|
||||
}
|
||||
$static_output .= gettext("done.") . "\n";
|
||||
update_output_window($static_output);
|
||||
}
|
||||
|
||||
function force_remove_package($pkg_name) {
|
||||
|
@ -567,21 +545,32 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url =
|
|||
|
||||
$pkgaddout = "";
|
||||
|
||||
exec("/usr/local/sbin/pbi_add {$pkgstaging} -f -v --no-checksig {$fetchto} 2>&1", $pkgaddout);
|
||||
pkg_debug($pkgname . " " . print_r($pkgaddout, true) . "\npbi_add successfully completed.\n");
|
||||
setup_library_paths();
|
||||
exec("/usr/local/sbin/pbi_info " . preg_replace('/\.pbi$/','',$filename) . " | /usr/bin/awk '/Prefix/ {print $2}'",$pbidir);
|
||||
$pbidir = $pbidir[0];
|
||||
$linkdirs = array('bin','sbin');
|
||||
foreach($linkdirs as $dir) {
|
||||
if(is_dir("{$pbidir}/{$dir}")) {
|
||||
$files = scandir("{$pbidir}/{$dir}");
|
||||
foreach($files as $f) {
|
||||
if(!file_exists("/usr/local/{$dir}/{$f}")) {
|
||||
symlink("{$pbidir}/{$dir}/{$f}","/usr/local/{$dir}/{$f}");
|
||||
$result = exec("/usr/local/sbin/pbi_add " . $pkgstaging . " -f -v --no-checksig " . escapeshellarg($fetchto) . " 2>&1", $pkgaddout, $rc);
|
||||
pkg_debug($pkgname . " " . print_r($pkgaddout, true) . "\n");
|
||||
if ($rc == 0) {
|
||||
setup_library_paths();
|
||||
$result = exec("/usr/local/sbin/pbi_info " . escapeshellarg(preg_replace('/\.pbi$/','',$filename)) . " | /usr/bin/awk '/Prefix/ {print $2}'",$pbidir);
|
||||
$pbidir = $pbidir[0];
|
||||
$linkdirs = array('bin','sbin');
|
||||
foreach($linkdirs as $dir) {
|
||||
if(is_dir("{$pbidir}/{$dir}")) {
|
||||
$files = scandir("{$pbidir}/{$dir}");
|
||||
foreach($files as $f) {
|
||||
if(!file_exists("/usr/local/{$dir}/{$f}")) {
|
||||
@symlink("{$pbidir}/{$dir}/{$f}","/usr/local/{$dir}/{$f}");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
pkg_debug("pbi_add successfully completed.\n");
|
||||
} else {
|
||||
if (is_array($pkgaddout))
|
||||
foreach ($pkgaddout as $line)
|
||||
$static_output .= " " . $line .= "\n";
|
||||
|
||||
update_output_window($static_output);
|
||||
pkg_debug("pbi_add failed.\n");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
|
@ -590,7 +579,7 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url =
|
|||
function install_package($package, $pkg_info = "", $force_install = false) {
|
||||
global $g, $config, $static_output, $pkg_interface;
|
||||
|
||||
/* safe side. Write config below will send to ro again. */
|
||||
/* safe side. */
|
||||
conf_mount_rw();
|
||||
|
||||
if($pkg_interface == "console")
|
||||
|
@ -803,7 +792,7 @@ function install_package_xml($pkg) {
|
|||
if(stristr($filename, ".tgz") <> "") {
|
||||
pkg_debug(gettext("Extracting tarball to -C for ") . $filename . "...\n");
|
||||
$tarout = "";
|
||||
exec("/usr/bin/tar xvzf " . $prefix . $filename . " -C / 2>&1", $tarout);
|
||||
exec("/usr/bin/tar xvzf " . escapeshellarg($prefix . $filename) . " -C / 2>&1", $tarout);
|
||||
pkg_debug(print_r($tarout, true) . "\n");
|
||||
}
|
||||
if($pkg_chmod <> "") {
|
||||
|
@ -861,7 +850,7 @@ function install_package_xml($pkg) {
|
|||
$pkg_name_for_pbi_match = strtolower($pkg) . "-";
|
||||
exec("/usr/local/sbin/pbi_info | grep '^{$pkg_name_for_pbi_match}' | xargs /usr/local/sbin/pbi_info | awk '/Prefix/ {print $2}'",$pbidirarray);
|
||||
$pbidir0 = $pbidirarray[0];
|
||||
exec("find /usr/local/etc/ -name *.conf | grep \"{$pkg}\"",$files);
|
||||
exec("find /usr/local/etc/ -name *.conf | grep " . escapeshellarg($pkg),$files);
|
||||
foreach($files as $f) {
|
||||
$pbiconf = str_replace('/usr/local',$pbidir0,$f);
|
||||
if(is_file($pbiconf) || is_link($pbiconf)) {
|
||||
|
@ -1264,26 +1253,41 @@ function pkg_reinstall_all() {
|
|||
|
||||
@unlink('/conf/needs_package_sync');
|
||||
if (is_array($config['installedpackages']['package'])) {
|
||||
echo "One moment please, reinstalling packages...\n";
|
||||
echo " >>> Trying to fetch package info...";
|
||||
echo gettext("One moment please, reinstalling packages...\n");
|
||||
echo gettext(" >>> Trying to fetch package info...");
|
||||
log_error(gettext("Attempting to reinstall all packages"));
|
||||
$pkg_info = get_pkg_info();
|
||||
if ($pkg_info) {
|
||||
echo " Done.\n";
|
||||
} else {
|
||||
$xmlrpc_base_url = isset($config['system']['altpkgrepo']['enable']) ? $config['system']['altpkgrepo']['xmlrpcbaseurl'] : $g['xmlrpcbaseurl'];
|
||||
echo "\n" . sprintf(gettext(' >>> Unable to communicate with %1$s. Please verify DNS and interface configuration, and that %2$s has functional Internet connectivity.'), $xmlrpc_base_url, $g['product_name']) . "\n";
|
||||
$error = sprintf(gettext(' >>> Unable to communicate with %1$s. Please verify DNS and interface configuration, and that %2$s has functional Internet connectivity.'), $xmlrpc_base_url, $g['product_name']);
|
||||
echo "\n{$error}\n";
|
||||
log_error(gettext("Cannot reinstall packages: ") . $error);
|
||||
return;
|
||||
}
|
||||
$todo = array();
|
||||
foreach($config['installedpackages']['package'] as $package)
|
||||
$all_names = array();
|
||||
foreach($config['installedpackages']['package'] as $package) {
|
||||
$todo[] = array('name' => $package['name'], 'version' => $package['version']);
|
||||
$all_names[] = $package['name'];
|
||||
}
|
||||
$package_name_list = gettext("List of packages to reinstall: ") . implode(", ", $all_names);
|
||||
echo " >>> {$package_name_list}\n";
|
||||
log_error($package_name_list);
|
||||
|
||||
foreach($todo as $pkgtodo) {
|
||||
$static_output = "";
|
||||
if($pkgtodo['name']) {
|
||||
log_error(gettext("Uninstalling package") . " {$pkgtodo['name']}");
|
||||
uninstall_package($pkgtodo['name']);
|
||||
log_error(gettext("Finished uninstalling package") . " {$pkgtodo['name']}");
|
||||
log_error(gettext("Reinstalling package") . " {$pkgtodo['name']}");
|
||||
install_package($pkgtodo['name']);
|
||||
log_error(gettext("Finished installing package") . " {$pkgtodo['name']}");
|
||||
}
|
||||
}
|
||||
log_error(gettext("Finished reinstalling all packages."));
|
||||
} else
|
||||
echo "No packages are installed.";
|
||||
}
|
||||
|
@ -1321,16 +1325,34 @@ function stop_packages() {
|
|||
}
|
||||
}
|
||||
|
||||
$shell = @popen("/bin/sh", "w");
|
||||
if ($shell) {
|
||||
foreach ($rcfiles as $rcfile => $number) {
|
||||
foreach ($rcfiles as $rcfile => $number) {
|
||||
$shell = @popen("/bin/sh", "w");
|
||||
if ($shell) {
|
||||
echo " Stopping {$rcfile}...";
|
||||
fwrite($shell, "{$rcfile} stop >>/tmp/bootup_messages 2>&1");
|
||||
if (!@fwrite($shell, "{$rcfile} stop >>/tmp/bootup_messages 2>&1")) {
|
||||
if ($shell)
|
||||
pclose($shell);
|
||||
$shell = @popen("/bin/sh", "w");
|
||||
}
|
||||
echo "done.\n";
|
||||
pclose($shell);
|
||||
}
|
||||
|
||||
pclose($shell);
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
function get_pkg_interfaces_select_source($include_localhost=false) {
|
||||
$interfaces = get_configured_interface_with_descr();
|
||||
$ssifs = array();
|
||||
foreach ($interfaces as $iface => $ifacename) {
|
||||
$tmp["name"] = $ifacename;
|
||||
$tmp["value"] = $iface;
|
||||
$ssifs[] = $tmp;
|
||||
}
|
||||
if ($include_localhost) {
|
||||
$tmp["name"] = "Localhost";
|
||||
$tmp["value"] = "lo0";
|
||||
$ssifs[] = $tmp;
|
||||
}
|
||||
return $ssifs;
|
||||
}
|
||||
?>
|
||||
|
|
|
@ -54,6 +54,18 @@ $priv_list['page-diagnostics-factorydefaults']['descr'] = gettext("Allow access
|
|||
$priv_list['page-diagnostics-factorydefaults']['match'] = array();
|
||||
$priv_list['page-diagnostics-factorydefaults']['match'][] = "diag_defaults.php*";
|
||||
|
||||
$priv_list['page-diagnostics-ndptable'] = array();
|
||||
$priv_list['page-diagnostics-ndptable']['name'] = gettext("Webcfg - Diagnostics: NDP Table page");
|
||||
$priv_list['page-diagnostics-ndptable']['descr'] = gettext("Allow access to the 'Diagnostics: NDP Table' page.");
|
||||
$priv_list['page-diagnostics-ndptable']['match'] = array();
|
||||
$priv_list['page-diagnostics-ndptable']['match'][] = "diag_ndp.php*";
|
||||
|
||||
$priv_list['page-diagnostics-restore-full-backup'] = array();
|
||||
$priv_list['page-diagnostics-restore-full-backup']['name'] = gettext("Webcfg - Diagnostics: Restore full backup");
|
||||
$priv_list['page-diagnostics-restore-full-backup']['descr'] = gettext("Allow access to the 'Diagnostics: Restore Full Backup' page.");
|
||||
$priv_list['page-diagnostics-restore-full-backup']['match'] = array();
|
||||
$priv_list['page-diagnostics-restore-full-backup']['match'][] = "system_firmware_restorefullbackup.php";
|
||||
|
||||
$priv_list['page-diagnostics-showstates'] = array();
|
||||
$priv_list['page-diagnostics-showstates']['name'] = gettext("WebCfg - Diagnostics: Show States page");
|
||||
$priv_list['page-diagnostics-showstates']['descr'] = gettext("Allow access to the 'Diagnostics: Show States' page.");
|
||||
|
@ -66,6 +78,12 @@ $priv_list['page-diagnostics-sockets']['descr'] = gettext("Allow access to the '
|
|||
$priv_list['page-diagnostics-sockets']['match'] = array();
|
||||
$priv_list['page-diagnostics-sockets']['match'][] = "diag_sockets.php*";
|
||||
|
||||
$priv_list['page-diagnostics-testport'] = array();
|
||||
$priv_list['page-diagnostics-testport']['name'] = gettext("Webcfg - Diagnostics: Test Port");
|
||||
$priv_list['page-diagnostics-testport']['descr'] = gettext("Allow access to the 'Diagnostics: Test Port' page.");
|
||||
$priv_list['page-diagnostics-testport']['match'] = array();
|
||||
$priv_list['page-diagnostics-testport']['match'][] = "diag_testport.php*";
|
||||
|
||||
$priv_list['page-status-ipsec'] = array();
|
||||
$priv_list['page-status-ipsec']['name'] = gettext("WebCfg - Status: IPsec page");
|
||||
$priv_list['page-status-ipsec']['descr'] = gettext("Allow access to the 'Status: IPsec' page.");
|
||||
|
@ -84,18 +102,18 @@ $priv_list['page-status-ipsec-spd']['descr'] = gettext("Allow access to the 'Sta
|
|||
$priv_list['page-status-ipsec-spd']['match'] = array();
|
||||
$priv_list['page-status-ipsec-spd']['match'][] = "diag_ipsec_spd.php*";
|
||||
|
||||
$priv_list['page-status-ntp'] = array();
|
||||
$priv_list['page-status-ntp']['name'] = gettext("Webcfg - Status: NTP page");
|
||||
$priv_list['page-status-ntp']['descr'] = gettext("Allow access to the 'Status: NTP' page.");
|
||||
$priv_list['page-status-ntp']['match'] = array();
|
||||
$priv_list['page-status-ntp']['match'][] = "status_ntpd.php*";
|
||||
|
||||
$priv_list['page-ipsecxml'] = array();
|
||||
$priv_list['page-ipsecxml']['name'] = gettext("WebCfg - Diag IPsec XML page");
|
||||
$priv_list['page-ipsecxml']['descr'] = gettext("Allow access to the 'Diag IPsec XML' page.");
|
||||
$priv_list['page-ipsecxml']['match'] = array();
|
||||
$priv_list['page-ipsecxml']['match'][] = "diag_ipsec_xml.php";
|
||||
|
||||
$priv_list['page-diag-system-activity'] = array();
|
||||
$priv_list['page-diag-system-activity']['name'] = gettext("WebCfg - Diagnostics: System Activity");
|
||||
$priv_list['page-diag-system-activity']['descr'] = gettext("Allows access to the 'Diagnostics: System Activity' page");
|
||||
$priv_list['page-diag-system-activity']['match'] = array();
|
||||
$priv_list['page-diag-system-activity']['match'][] = "diag_system_activity*";
|
||||
|
||||
$priv_list['page-diagnostics-logs-system'] = array();
|
||||
$priv_list['page-diagnostics-logs-system']['name'] = gettext("WebCfg - Diagnostics: Logs: System page");
|
||||
$priv_list['page-diagnostics-logs-system']['descr'] = gettext("Allow access to the 'Diagnostics: Logs: System' page.");
|
||||
|
@ -132,12 +150,6 @@ $priv_list['page-diagnostics-logs-resolver']['descr'] = gettext("Allow access to
|
|||
$priv_list['page-diagnostics-logs-resolver']['match'] = array();
|
||||
$priv_list['page-diagnostics-logs-resolver']['match'][] = "diag_logs_resolver.php*";
|
||||
|
||||
$priv_list['page-diagnostics-logs-wireless'] = array();
|
||||
$priv_list['page-diagnostics-logs-wireless']['name'] = gettext("WebCfg - Diagnostics: Logs: Wireless page");
|
||||
$priv_list['page-diagnostics-logs-wireless']['descr'] = gettext("Allow access to the 'Diagnostics: Logs: System: Wireless' page.");
|
||||
$priv_list['page-diagnostics-logs-wireless']['match'] = array();
|
||||
$priv_list['page-diagnostics-logs-wireless']['match'][] = "diag_logs_wireless.php*";
|
||||
|
||||
$priv_list['page-hidden-nolongerincluded'] = array();
|
||||
$priv_list['page-hidden-nolongerincluded']['name'] = gettext("WebCfg - Hidden: No longer included page");
|
||||
$priv_list['page-hidden-nolongerincluded']['descr'] = gettext("Allow access to the 'Hidden: No longer included' page.");
|
||||
|
@ -174,6 +186,18 @@ $priv_list['page-status-systemlogs-loadbalancer']['descr'] = gettext("Allow acce
|
|||
$priv_list['page-status-systemlogs-loadbalancer']['match'] = array();
|
||||
$priv_list['page-status-systemlogs-loadbalancer']['match'][] = "diag_logs_relayd.php*";
|
||||
|
||||
$priv_list['page-status-systemlogs-routing'] = array();
|
||||
$priv_list['page-status-systemlogs-routing']['name'] = gettext("Webcfg - Status: System logs: Routing page");
|
||||
$priv_list['page-status-systemlogs-routing']['descr'] = gettext("Allow access to the 'Status: System logs: System: Routing' page.");
|
||||
$priv_list['page-status-systemlogs-routing']['match'] = array();
|
||||
$priv_list['page-status-systemlogs-routing']['match'][] = "diag_logs_routing.php*";
|
||||
|
||||
$priv_list['page-status-systemlogs-wireless'] = array();
|
||||
$priv_list['page-status-systemlogs-wireless']['name'] = gettext("Webcfg - Status: System logs: Wireless page");
|
||||
$priv_list['page-status-systemlogs-wireless']['descr'] = gettext("Allow access to the 'Status: System logs: System: Wireless' page.");
|
||||
$priv_list['page-status-systemlogs-wireless']['match'] = array();
|
||||
$priv_list['page-status-systemlogs-wireless']['match'][] = "diag_logs_wireless.php*";
|
||||
|
||||
$priv_list['page-diagnostics-logs-settings'] = array();
|
||||
$priv_list['page-diagnostics-logs-settings']['name'] = gettext("WebCfg - Diagnostics: Logs: Settings page");
|
||||
$priv_list['page-diagnostics-logs-settings']['descr'] = gettext("Allow access to the 'Diagnostics: Logs: Settings' page.");
|
||||
|
@ -204,11 +228,29 @@ $priv_list['page-diagnostics-patters']['descr'] = gettext("Allow access to the '
|
|||
$priv_list['page-diagnostics-patters']['match'] = array();
|
||||
$priv_list['page-diagnostics-patters']['match'][] = "patterns.php*";
|
||||
|
||||
$priv_list['page-diagnostics-limiter-info'] = array();
|
||||
$priv_list['page-diagnostics-limiter-info']['name'] = gettext("Diagnostics: Limiter Info");
|
||||
$priv_list['page-diagnostics-limiter-info']['descr'] = gettext("Allows access to the 'Diagnostics: Limiter Info' page");
|
||||
$priv_list['page-diagnostics-limiter-info']['match'] = array();
|
||||
$priv_list['page-diagnostics-limiter-info']['match'][] = "diag_limiter_info.php*";
|
||||
|
||||
$priv_list['page-diagnostics-pf-info'] = array();
|
||||
$priv_list['page-diagnostics-pf-info']['name'] = gettext("Diagnostics: pfInfo");
|
||||
$priv_list['page-diagnostics-pf-info']['descr'] = gettext("Allows access to the 'Diagnostics: pfInfo' page");
|
||||
$priv_list['page-diagnostics-pf-info']['match'] = array();
|
||||
$priv_list['page-diagnostics-pf-info']['match'][] = "diag_pf_info.php*";
|
||||
|
||||
$priv_list['page-diag-system-activity'] = array();
|
||||
$priv_list['page-diag-system-activity']['name'] = gettext("WebCfg - Diagnostics: System Activity");
|
||||
$priv_list['page-diag-system-activity']['descr'] = gettext("Allows access to the 'Diagnostics: System Activity' page");
|
||||
$priv_list['page-diag-system-activity']['match'] = array();
|
||||
$priv_list['page-diag-system-activity']['match'][] = "diag_system_activity*";
|
||||
$priv_list['page-diag-system-activity']['match'][] = "diag_system_activity.php*";
|
||||
|
||||
$priv_list['page-diagnostics-system-pftop'] = array();
|
||||
$priv_list['page-diagnostics-system-pftop']['name'] = gettext("Diagnostics: pfTop");
|
||||
$priv_list['page-diagnostics-system-pftop']['descr'] = gettext("Allows access to the 'Diagnostics: pfTop' page");
|
||||
$priv_list['page-diagnostics-system-pftop']['match'] = array();
|
||||
$priv_list['page-diagnostics-system-pftop']['match'][] = "diag_system_pftop.php*";
|
||||
|
||||
$priv_list['page-diagnostics-ping'] = array();
|
||||
$priv_list['page-diagnostics-ping']['name'] = gettext("WebCfg - Diagnostics: Ping page");
|
||||
|
@ -240,18 +282,6 @@ $priv_list['page-diagnostics-statessummary']['descr'] = gettext("Allow access to
|
|||
$priv_list['page-diagnostics-statessummary']['match'] = array();
|
||||
$priv_list['page-diagnostics-statessummary']['match'][] = "diag_states_summary.php*";
|
||||
|
||||
$priv_list['page-diag-system-activity'] = array();
|
||||
$priv_list['page-diag-system-activity']['name'] = gettext("WebCfg - Diagnostics: System Activity");
|
||||
$priv_list['page-diag-system-activity']['descr'] = gettext("Allows access to the 'Diagnostics: System Activity' page");
|
||||
$priv_list['page-diag-system-activity']['match'] = array();
|
||||
$priv_list['page-diag-system-activity']['match'][] = "diag_system_activity*";
|
||||
|
||||
$priv_list['page-diag-system-activity'] = array();
|
||||
$priv_list['page-diag-system-activity']['name'] = gettext("WebCfg - Diagnostics: System Activity");
|
||||
$priv_list['page-diag-system-activity']['descr'] = gettext("Allows access to the 'Diagnostics: System Activity' page");
|
||||
$priv_list['page-diag-system-activity']['match'] = array();
|
||||
$priv_list['page-diag-system-activity']['match'][] = "diag_system_pftop.php*";
|
||||
|
||||
$priv_list['page-diagnostics-tables'] = array();
|
||||
$priv_list['page-diagnostics-tables']['name'] = gettext("WebCfg - Diagnostics: PF Table IP addresses");
|
||||
$priv_list['page-diagnostics-tables']['descr'] = gettext("Allow access to the 'Diagnostics: Tables' page.");
|
||||
|
@ -296,6 +326,18 @@ $priv_list['page-firewall-alias-import']['descr'] = gettext("Allow access to the
|
|||
$priv_list['page-firewall-alias-import']['match'] = array();
|
||||
$priv_list['page-firewall-alias-import']['match'][] = "firewall_aliases_import.php*";
|
||||
|
||||
$priv_list['page-firewall-nat-npt'] = array();
|
||||
$priv_list['page-firewall-nat-npt']['name'] = gettext("Webcfg - Firewall: NAT: NPT page");
|
||||
$priv_list['page-firewall-nat-npt']['descr'] = gettext("Allow access to the 'Firewall: NAT: NPT' page.");
|
||||
$priv_list['page-firewall-nat-npt']['match'] = array();
|
||||
$priv_list['page-firewall-nat-npt']['match'][] = "firewall_nat_npt.php*";
|
||||
|
||||
$priv_list['page-firewall-nat-npt-edit'] = array();
|
||||
$priv_list['page-firewall-nat-npt-edit']['name'] = gettext("Webcfg - Firewall: NAT: NPt: Edit page");
|
||||
$priv_list['page-firewall-nat-npt-edit']['descr'] = gettext("Allow access to the 'Firewall: NAT: NPt: Edit' page.");
|
||||
$priv_list['page-firewall-nat-npt-edit']['match'] = array();
|
||||
$priv_list['page-firewall-nat-npt-edit']['match'][] = "firewall_nat_npt_edit.php*";
|
||||
|
||||
$priv_list['page-firewall-nat-portforward'] = array();
|
||||
$priv_list['page-firewall-nat-portforward']['name'] = gettext("WebCfg - Firewall: NAT: Port Forward page");
|
||||
$priv_list['page-firewall-nat-portforward']['descr'] = gettext("Allow access to the 'Firewall: NAT: Port Forward' page.");
|
||||
|
@ -501,8 +543,8 @@ $priv_list['page-interfaces-groups']['match'] = array();
|
|||
$priv_list['page-interfaces-groups']['match'][] = "interfaces_groups.php*";
|
||||
|
||||
$priv_list['page-interfacess-groups'] = array();
|
||||
$priv_list['page-interfacess-groups']['name'] = gettext("WebCfg - Interfaces: Groups: Edit page");
|
||||
$priv_list['page-interfacess-groups']['descr'] = gettext("Edit Interface groups");
|
||||
$priv_list['page-interfacess-groups']['name'] = gettext("Interfaces: Groups: Edit page");
|
||||
$priv_list['page-interfacess-groups']['descr'] = gettext("Allow access to the 'Interfaces: Groups: Edit' page.");
|
||||
$priv_list['page-interfacess-groups']['match'] = array();
|
||||
$priv_list['page-interfacess-groups']['match'][] = "interfaces_groups_edit.php*";
|
||||
|
||||
|
@ -513,8 +555,8 @@ $priv_list['page-interfacess-lagg']['match'] = array();
|
|||
$priv_list['page-interfacess-lagg']['match'][] = "interfaces_lagg.php*";
|
||||
|
||||
$priv_list['page-interfacess-lagg'] = array();
|
||||
$priv_list['page-interfacess-lagg']['name'] = gettext("WebCfg - Interfaces: LAGG: Edit page");
|
||||
$priv_list['page-interfacess-lagg']['descr'] = gettext("Edit Interface LAGG");
|
||||
$priv_list['page-interfacess-lagg']['name'] = gettext("Interfaces: LAGG: Edit page");
|
||||
$priv_list['page-interfacess-lagg']['descr'] = gettext("Allow access to the 'Interfaces: LAGG: Edit' page.");
|
||||
$priv_list['page-interfacess-lagg']['match'] = array();
|
||||
$priv_list['page-interfacess-lagg']['match'][] = "interfaces_lagg_edit.php*";
|
||||
|
||||
|
@ -537,8 +579,8 @@ $priv_list['page-interfaces-qinq']['match'] = array();
|
|||
$priv_list['page-interfaces-qinq']['match'][] = "interfaces_qinq.php*";
|
||||
|
||||
$priv_list['page-interfacess-qinq'] = array();
|
||||
$priv_list['page-interfacess-qinq']['name'] = gettext("WebCfg - Interfaces: QinQ: Edit page");
|
||||
$priv_list['page-interfacess-qinq']['descr'] = gettext("Edit Interface qinq");
|
||||
$priv_list['page-interfacess-qinq']['name'] = gettext("Interfaces: QinQ: Edit page");
|
||||
$priv_list['page-interfacess-qinq']['descr'] = gettext("Allow access to 'Interfaces: QinQ: Edit' page");
|
||||
$priv_list['page-interfacess-qinq']['match'] = array();
|
||||
$priv_list['page-interfacess-qinq']['match'][] = "interfaces_qinq_edit.php*";
|
||||
|
||||
|
@ -620,12 +662,24 @@ $priv_list['page-services-loadbalancer-relay-protocol-edit']['descr'] = gettext(
|
|||
$priv_list['page-services-loadbalancer-relay-protocol-edit']['match'] = array();
|
||||
$priv_list['page-services-loadbalancer-relay-protocol-edit']['match'][] = "load_balancer_relay_protocol_edit.php*";
|
||||
|
||||
$priv_list['page-services-loadbalancer-setting'] = array();
|
||||
$priv_list['page-services-loadbalancer-setting']['name'] = gettext("Webcfg - Services: Load Balancer: setting page");
|
||||
$priv_list['page-services-loadbalancer-setting']['descr'] = gettext("Allow access to the 'Settings: Load Balancer: Settings' page.");
|
||||
$priv_list['page-services-loadbalancer-setting']['match'] = array();
|
||||
$priv_list['page-services-loadbalancer-setting']['match'][] = "load_balancer_setting.php*";
|
||||
|
||||
$priv_list['page-services-loadbalancer-virtualservers'] = array();
|
||||
$priv_list['page-services-loadbalancer-virtualservers']['name'] = gettext("WebCfg - Services: Load Balancer: Virtual Servers page");
|
||||
$priv_list['page-services-loadbalancer-virtualservers']['descr'] = gettext("Allow access to the 'Services: Load Balancer: Virtual Servers' page.");
|
||||
$priv_list['page-services-loadbalancer-virtualservers']['match'] = array();
|
||||
$priv_list['page-services-loadbalancer-virtualservers']['match'][] = "load_balancer_virtual_server.php*";
|
||||
|
||||
$priv_list['page-services-ntpd'] = array();
|
||||
$priv_list['page-services-ntpd']['name'] = gettext("Webcfg - Services: NTP");
|
||||
$priv_list['page-services-ntpd']['descr'] = gettext("Allow access to the 'Services: NTP' page.");
|
||||
$priv_list['page-services-ntpd']['match'] = array();
|
||||
$priv_list['page-services-ntpd']['match'][] = "services_ntpd.php*";
|
||||
|
||||
$priv_list['page-loadbalancer-virtualserver-edit'] = array();
|
||||
$priv_list['page-loadbalancer-virtualserver-edit']['name'] = gettext("WebCfg - Load Balancer: Virtual Server: Edit page");
|
||||
$priv_list['page-loadbalancer-virtualserver-edit']['descr'] = gettext("Allow access to the 'Load Balancer: Virtual Server: Edit' page.");
|
||||
|
@ -692,18 +746,6 @@ $priv_list['page-services-captiveportal-filemanager']['descr'] = gettext("Allow
|
|||
$priv_list['page-services-captiveportal-filemanager']['match'] = array();
|
||||
$priv_list['page-services-captiveportal-filemanager']['match'][] = "services_captiveportal_filemanager.php*";
|
||||
|
||||
$priv_list['page-services-captiveportal-allowedhostnames'] = array();
|
||||
$priv_list['page-services-captiveportal-allowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Allowed IPs page");
|
||||
$priv_list['page-services-captiveportal-allowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed IPs' page.");
|
||||
$priv_list['page-services-captiveportal-allowedhostnames']['match'] = array();
|
||||
$priv_list['page-services-captiveportal-allowedhostnames']['match'][] = "services_captiveportal_ip.php*";
|
||||
|
||||
$priv_list['page-services-captiveportal-editallowedhostnames'] = array();
|
||||
$priv_list['page-services-captiveportal-editallowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Edit Allowed IPs page");
|
||||
$priv_list['page-services-captiveportal-editallowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Edit Allowed IPs' page.");
|
||||
$priv_list['page-services-captiveportal-editallowedhostnames']['match'] = array();
|
||||
$priv_list['page-services-captiveportal-editallowedhostnames']['match'][] = "services_captiveportal_ip_edit.php*";
|
||||
|
||||
$priv_list['page-services-captiveportal-allowedips'] = array();
|
||||
$priv_list['page-services-captiveportal-allowedips']['name'] = gettext("WebCfg - Services: Captive portal: Allowed IPs page");
|
||||
$priv_list['page-services-captiveportal-allowedips']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed IPs' page.");
|
||||
|
@ -728,17 +770,23 @@ $priv_list['page-services-captiveportal-editmacaddresses']['descr'] = gettext("A
|
|||
$priv_list['page-services-captiveportal-editmacaddresses']['match'] = array();
|
||||
$priv_list['page-services-captiveportal-editmacaddresses']['match'][] = "services_captiveportal_mac_edit.php*";
|
||||
|
||||
$priv_list['page-services-captiveportal-macaddresses'] = array();
|
||||
$priv_list['page-services-captiveportal-macaddresses']['name'] = gettext("WebCfg - Services: Captive portal: Allowed Hostnames page");
|
||||
$priv_list['page-services-captiveportal-macaddresses']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed Hostnames' page.");
|
||||
$priv_list['page-services-captiveportal-macaddresses']['match'] = array();
|
||||
$priv_list['page-services-captiveportal-macaddresses']['match'][] = "services_captiveportal_hostname.php*";
|
||||
$priv_list['page-services-captiveportal-allowedhostnames'] = array();
|
||||
$priv_list['page-services-captiveportal-allowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Allowed Hostnames page");
|
||||
$priv_list['page-services-captiveportal-allowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed Hostnames' page.");
|
||||
$priv_list['page-services-captiveportal-allowedhostnames']['match'] = array();
|
||||
$priv_list['page-services-captiveportal-allowedhostnames']['match'][] = "services_captiveportal_hostname.php*";
|
||||
|
||||
$priv_list['page-services-captiveportal-editmacaddresses'] = array();
|
||||
$priv_list['page-services-captiveportal-editmacaddresses']['name'] = gettext("WebCfg - Services: Captive portal: Edit Allowed Hostnames page");
|
||||
$priv_list['page-services-captiveportal-editmacaddresses']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed Hostnames' page.");
|
||||
$priv_list['page-services-captiveportal-editmacaddresses']['match'] = array();
|
||||
$priv_list['page-services-captiveportal-editmacaddresses']['match'][] = "services_captiveportal_hostname_edit.php*";
|
||||
$priv_list['page-services-captiveportal-editallowedhostnames'] = array();
|
||||
$priv_list['page-services-captiveportal-editallowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Edit Allowed Hostnames page");
|
||||
$priv_list['page-services-captiveportal-editallowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed Hostnames' page.");
|
||||
$priv_list['page-services-captiveportal-editallowedhostnames']['match'] = array();
|
||||
$priv_list['page-services-captiveportal-editallowedhostnames']['match'][] = "services_captiveportal_hostname_edit.php*";
|
||||
|
||||
$priv_list['page-services-captiveportal-editzones'] = array();
|
||||
$priv_list['page-services-captiveportal-editzones']['name'] = gettext("Webcfg - Services: Captive portal: Edit Zones page");
|
||||
$priv_list['page-services-captiveportal-editzones']['descr'] = gettext("Allow access to the 'Services: Captive portal: Edit Zones' page.");
|
||||
$priv_list['page-services-captiveportal-editzones']['match'] = array();
|
||||
$priv_list['page-services-captiveportal-editzones']['match'][] = "services_captiveportal_zones_edit.php*";
|
||||
|
||||
$priv_list['page-services-captiveportal-vouchers'] = array();
|
||||
$priv_list['page-services-captiveportal-vouchers']['name'] = gettext("WebCfg - Services: Captive portal Vouchers page");
|
||||
|
@ -752,6 +800,12 @@ $priv_list['page-services-captiveportal-voucher-edit']['descr'] = "Allow access
|
|||
$priv_list['page-services-captiveportal-voucher-edit']['match'] = array();
|
||||
$priv_list['page-services-captiveportal-voucher-edit']['match'][] = "services_captiveportal_vouchers_edit.php*";
|
||||
|
||||
$priv_list['page-services-captiveportal-zones'] = array();
|
||||
$priv_list['page-services-captiveportal-zones']['name'] = gettext("WebCfg - Services: Captiveprotal Zones page");
|
||||
$priv_list['page-services-captiveportal-zones']['descr'] = gettext("Allow access to the 'Services: CaptivePortal Zones' page.");
|
||||
$priv_list['page-services-captiveportal-zones']['match'] = array();
|
||||
$priv_list['page-services-captiveportal-zones']['match'][] = "services_captiveportal_zones.php*";
|
||||
|
||||
$priv_list['page-services-dhcpserver'] = array();
|
||||
$priv_list['page-services-dhcpserver']['name'] = gettext("WebCfg - Services: DHCP server page");
|
||||
$priv_list['page-services-dhcpserver']['descr'] = gettext("Allow access to the 'Services: DHCP server' page.");
|
||||
|
@ -770,11 +824,23 @@ $priv_list['page-services-dhcprelay']['descr'] = gettext("Allow access to the 'S
|
|||
$priv_list['page-services-dhcprelay']['match'] = array();
|
||||
$priv_list['page-services-dhcprelay']['match'][] = "services_dhcp_relay.php*";
|
||||
|
||||
$priv_list['page-services-dhcprelay6'] = array();
|
||||
$priv_list['page-services-dhcprelay6']['name'] = gettext("WebCfg - Services: DHCPv6 Relay page");
|
||||
$priv_list['page-services-dhcprelay6']['descr'] = gettext("Allow access to the 'Services: DHCPv6 Relay' page.");
|
||||
$priv_list['page-services-dhcprelay6']['match'] = array();
|
||||
$priv_list['page-services-dhcprelay6']['match'][] = "services_dhcpv6_relay.php*";
|
||||
$priv_list['page-services-dhcpv6server'] = array();
|
||||
$priv_list['page-services-dhcpv6server']['name'] = gettext("Webcfg - Services: DHCPv6 server page");
|
||||
$priv_list['page-services-dhcpv6server']['descr'] = gettext("Allow access to the 'Services: DHCPv6 server' page.");
|
||||
$priv_list['page-services-dhcpv6server']['match'] = array();
|
||||
$priv_list['page-services-dhcpv6server']['match'][] = "services_dhcpv6.php*";
|
||||
|
||||
$priv_list['page-services-dhcpserverv6-editstaticmapping'] = array();
|
||||
$priv_list['page-services-dhcpserverv6-editstaticmapping']['name'] = gettext("Webcfg - Services: DHCPv6 Server : Edit static mapping page");
|
||||
$priv_list['page-services-dhcpserverv6-editstaticmapping']['descr'] = gettext("Allow access to the 'Services: DHCPv6 Server : Edit static mapping' page.");
|
||||
$priv_list['page-services-dhcpserverv6-editstaticmapping']['match'] = array();
|
||||
$priv_list['page-services-dhcpserverv6-editstaticmapping']['match'][] = "services_dhcpv6_edit.php*";
|
||||
|
||||
$priv_list['page-services-dhcpv6relay'] = array();
|
||||
$priv_list['page-services-dhcpv6relay']['name'] = gettext("Webcfg - Services: DHCPv6 Relay page");
|
||||
$priv_list['page-services-dhcpv6relay']['descr'] = gettext("Allow access to the 'Services: DHCPv6 Relay' page.");
|
||||
$priv_list['page-services-dhcpv6relay']['match'] = array();
|
||||
$priv_list['page-services-dhcpv6relay']['match'][] = "services_dhcpv6_relay.php*";
|
||||
|
||||
$priv_list['page-services-dnsforwarder'] = array();
|
||||
$priv_list['page-services-dnsforwarder']['name'] = gettext("WebCfg - Services: DNS Forwarder page");
|
||||
|
@ -812,11 +878,11 @@ $priv_list['page-services-igmpproxy']['descr'] = gettext("Allow access to the 'S
|
|||
$priv_list['page-services-igmpproxy']['match'] = array();
|
||||
$priv_list['page-services-igmpproxy']['match'][] = "services_igmpproxy.php*";
|
||||
|
||||
$priv_list['page-services-igmpproxy'] = array();
|
||||
$priv_list['page-services-igmpproxy']['name'] = gettext("WebCfg - Firewall: Igmpproxy: Edit page");
|
||||
$priv_list['page-services-igmpproxy']['descr'] = gettext("Allow access to the 'Firewall: Igmpproxy' page.");
|
||||
$priv_list['page-services-igmpproxy']['match'] = array();
|
||||
$priv_list['page-services-igmpproxy']['match'][] = "services_igmpproxy_edit.php*";
|
||||
$priv_list['page-services-igmpproxy-edit'] = array();
|
||||
$priv_list['page-services-igmpproxy-edit']['name'] = gettext("Firewall: Igmpproxy: Edit page");
|
||||
$priv_list['page-services-igmpproxy-edit']['descr'] = gettext("Allow access to the 'Services: Igmpproxy: Edit' page.");
|
||||
$priv_list['page-services-igmpproxy-edit']['match'] = array();
|
||||
$priv_list['page-services-igmpproxy-edit']['match'][] = "services_igmpproxy_edit.php*";
|
||||
|
||||
$priv_list['page-services-rfc2136clients'] = array();
|
||||
$priv_list['page-services-rfc2136clients']['name'] = gettext("WebCfg - Services: RFC 2136 clients page");
|
||||
|
@ -824,6 +890,12 @@ $priv_list['page-services-rfc2136clients']['descr'] = gettext("Allow access to t
|
|||
$priv_list['page-services-rfc2136clients']['match'] = array();
|
||||
$priv_list['page-services-rfc2136clients']['match'][] = "services_rfc2136.php*";
|
||||
|
||||
$priv_list['page-services-router-advertisements'] = array();
|
||||
$priv_list['page-services-router-advertisements']['name'] = gettext("Webcfg - Services: Router advertisementspage");
|
||||
$priv_list['page-services-router-advertisements']['descr'] = gettext("Allow access to the 'Services: Router Advertisements' page.");
|
||||
$priv_list['page-services-router-advertisements']['match'] = array();
|
||||
$priv_list['page-services-router-advertisements']['match'][] = "services_router_advertisements.php*";
|
||||
|
||||
$priv_list['page-services-snmp'] = array();
|
||||
$priv_list['page-services-snmp']['name'] = gettext("WebCfg - Services: SNMP page");
|
||||
$priv_list['page-services-snmp']['descr'] = gettext("Allow access to the 'Services: SNMP' page.");
|
||||
|
@ -860,6 +932,12 @@ $priv_list['page-status-captiveportal']['descr'] = gettext("Allow access to the
|
|||
$priv_list['page-status-captiveportal']['match'] = array();
|
||||
$priv_list['page-status-captiveportal']['match'][] = "status_captiveportal.php*";
|
||||
|
||||
$priv_list['page-status-captiveportal-expire'] = array();
|
||||
$priv_list['page-status-captiveportal-expire']['name'] = gettext("Webcfg - Status: Captive portal Expire Vouchers page");
|
||||
$priv_list['page-status-captiveportal-expire']['descr'] = gettext("Allow access to the 'Status: Captive portal Expire Vouchers' page.");
|
||||
$priv_list['page-status-captiveportal-expire']['match'] = array();
|
||||
$priv_list['page-status-captiveportal-expire']['match'][] = "status_captiveportal_expire.php*";
|
||||
|
||||
$priv_list['page-status-captiveportal-test'] = array();
|
||||
$priv_list['page-status-captiveportal-test']['name'] = gettext("WebCfg - Status: Captive portal test Vouchers page");
|
||||
$priv_list['page-status-captiveportal-test']['descr'] = gettext("Allow access to the 'Status: Captive portal Test Vouchers' page.");
|
||||
|
@ -884,6 +962,12 @@ $priv_list['page-status-dhcpleases']['descr'] = gettext("Allow access to the 'St
|
|||
$priv_list['page-status-dhcpleases']['match'] = array();
|
||||
$priv_list['page-status-dhcpleases']['match'][] = "status_dhcp_leases.php*";
|
||||
|
||||
$priv_list['page-status-dhcpv6leases'] = array();
|
||||
$priv_list['page-status-dhcpv6leases']['name'] = gettext("Webcfg - Status: DHCPv6 leases page");
|
||||
$priv_list['page-status-dhcpv6leases']['descr'] = gettext("Allow access to the 'Status: DHCPv6 leases' page.");
|
||||
$priv_list['page-status-dhcpv6leases']['match'] = array();
|
||||
$priv_list['page-status-dhcpv6leases']['match'][] = "status_dhcpv6_leases.php*";
|
||||
|
||||
$priv_list['page-status-filterreloadstatus'] = array();
|
||||
$priv_list['page-status-filterreloadstatus']['name'] = gettext("WebCfg - Status: Filter Reload Status page");
|
||||
$priv_list['page-status-filterreloadstatus']['descr'] = gettext("Allow access to the 'Status: Filter Reload Status' page.");
|
||||
|
@ -908,6 +992,8 @@ $priv_list['page-status-trafficgraph']['descr'] = gettext("Allow access to the '
|
|||
$priv_list['page-status-trafficgraph']['match'] = array();
|
||||
$priv_list['page-status-trafficgraph']['match'][] = "status_graph.php*";
|
||||
$priv_list['page-status-trafficgraph']['match'][] = "bandwidth_by_ip.php*";
|
||||
$priv_list['page-status-trafficgraph']['match'][] = "graph.php*";
|
||||
$priv_list['page-status-trafficgraph']['match'][] = "ifstats.php*";
|
||||
|
||||
$priv_list['page-status-cpuload'] = array();
|
||||
$priv_list['page-status-cpuload']['name'] = gettext("WebCfg - Status: CPU load page");
|
||||
|
@ -992,31 +1078,31 @@ $priv_list['page-system-advanced-firewall'] = array();
|
|||
$priv_list['page-system-advanced-firewall']['name'] = gettext("WebCfg - System: Advanced: Firewall and NAT page");
|
||||
$priv_list['page-system-advanced-firewall']['descr'] = gettext("Allow access to the 'System: Advanced: Firewall and NAT' page.");
|
||||
$priv_list['page-system-advanced-firewall']['match'] = array();
|
||||
$priv_list['page-system-advanced-firewall']['match'][] = "system_advanced.php*";
|
||||
$priv_list['page-system-advanced-firewall']['match'][] = "system_advanced_firewall.php*";
|
||||
|
||||
$priv_list['page-system-advanced-misc'] = array();
|
||||
$priv_list['page-system-advanced-misc']['name'] = gettext("WebCfg - System: Advanced: Miscellaneous page");
|
||||
$priv_list['page-system-advanced-misc']['descr'] = gettext("Allow access to the 'System: Advanced: Miscellaneous' page.");
|
||||
$priv_list['page-system-advanced-misc']['match'] = array();
|
||||
$priv_list['page-system-advanced-misc']['match'][] = "system_advanced.php*";
|
||||
$priv_list['page-system-advanced-misc']['match'][] = "system_advanced_misc.php*";
|
||||
|
||||
$priv_list['page-system-advanced-network'] = array();
|
||||
$priv_list['page-system-advanced-network']['name'] = gettext("WebCfg - System: Advanced: Network page");
|
||||
$priv_list['page-system-advanced-network']['descr'] = gettext("Allow access to the 'System: Advanced: Networking' page.");
|
||||
$priv_list['page-system-advanced-network']['match'] = array();
|
||||
$priv_list['page-system-advanced-network']['match'][] = "system_advanced-network.php*";
|
||||
$priv_list['page-system-advanced-network']['match'][] = "system_advanced_network.php*";
|
||||
|
||||
$priv_list['page-system-advanced-notifications'] = array();
|
||||
$priv_list['page-system-advanced-notifications']['name'] = gettext("WebCfg - System: Advanced: Tunables page");
|
||||
$priv_list['page-system-advanced-notifications']['descr'] = gettext("Allow access to the 'System: Advanced: Tunables' page.");
|
||||
$priv_list['page-system-advanced-notifications']['name'] = gettext("WebCfg - System: Advanced: Notifications page");
|
||||
$priv_list['page-system-advanced-notifications']['descr'] = gettext("Allow access to the 'System: Advanced: Notifications' page.");
|
||||
$priv_list['page-system-advanced-notifications']['match'] = array();
|
||||
$priv_list['page-system-advanced-notifications']['match'][] = "system_advanced-sysctrl.php*";
|
||||
$priv_list['page-system-advanced-notifications']['match'][] = "system_advanced_notifications.php*";
|
||||
|
||||
$priv_list['page-system-advanced-sysctl'] = array();
|
||||
$priv_list['page-system-advanced-sysctl']['name'] = gettext("WebCfg - System: Advanced: Tunables page");
|
||||
$priv_list['page-system-advanced-sysctl']['descr'] = gettext("Allow access to the 'System: Advanced: Tunables' page.");
|
||||
$priv_list['page-system-advanced-sysctl']['match'] = array();
|
||||
$priv_list['page-system-advanced-sysctl']['match'][] = "system_advanced-sysctl.php*";
|
||||
$priv_list['page-system-advanced-sysctl']['match'][] = "system_advanced_sysctl.php*";
|
||||
|
||||
$priv_list['page-system-authservers'] = array();
|
||||
$priv_list['page-system-authservers']['name'] = gettext("WebCfg - System: Authentication Servers");
|
||||
|
@ -1102,8 +1188,14 @@ $priv_list['page-system-groupmanager-addprivs']['descr'] = gettext("Allow access
|
|||
$priv_list['page-system-groupmanager-addprivs']['match'] = array();
|
||||
$priv_list['page-system-groupmanager-addprivs']['match'][] = "system_groupmanager_addprivs.php*";
|
||||
|
||||
$priv_list['page-system-hasync'] = array();
|
||||
$priv_list['page-system-hasync']['name'] = gettext("Webcfg - System: High Availability Sync");
|
||||
$priv_list['page-system-hasync']['descr'] = gettext("Allow access to the 'System: High Availability Sync' page.");
|
||||
$priv_list['page-system-hasync']['match'] = array();
|
||||
$priv_list['page-system-hasync']['match'][] = "system_hasync.php*";
|
||||
|
||||
$priv_list['page-system-staticroutes'] = array();
|
||||
$priv_list['page-system-staticroutes']['name'] =gettext("WebCfg - System: Static Routes page");
|
||||
$priv_list['page-system-staticroutes']['name'] = gettext("WebCfg - System: Static Routes page");
|
||||
$priv_list['page-system-staticroutes']['descr'] = gettext("Allow access to the 'System: Static Routes' page.");
|
||||
$priv_list['page-system-staticroutes']['match'] = array();
|
||||
$priv_list['page-system-staticroutes']['match'][] = "system_routes.php*";
|
||||
|
@ -1234,11 +1326,11 @@ $priv_list['page-services-pppoeserver']['descr'] = gettext("Allow access to the
|
|||
$priv_list['page-services-pppoeserver']['match'] = array();
|
||||
$priv_list['page-services-pppoeserver']['match'][] = "vpn_pppoe.php*";
|
||||
|
||||
$priv_list['page-services-pppoeserver-eidt'] = array();
|
||||
$priv_list['page-services-pppoeserver-eidt']['name'] = gettext("WebCfg - Services: PPPoE Server: Edit page");
|
||||
$priv_list['page-services-pppoeserver-eidt']['descr'] = gettext("Allow access to the 'Services: PPPoE Server: Edit' page.");
|
||||
$priv_list['page-services-pppoeserver-eidt']['match'] = array();
|
||||
$priv_list['page-services-pppoeserver-eidt']['match'][] = "vpn_pppoe_edit.php*";
|
||||
$priv_list['page-services-pppoeserver-edit'] = array();
|
||||
$priv_list['page-services-pppoeserver-edit']['name'] = gettext("WebCfg - Services: PPPoE Server: Edit page");
|
||||
$priv_list['page-services-pppoeserver-edit']['descr'] = gettext("Allow access to the 'Services: PPPoE Server: Edit' page.");
|
||||
$priv_list['page-services-pppoeserver-edit']['match'] = array();
|
||||
$priv_list['page-services-pppoeserver-edit']['match'][] = "vpn_pppoe_edit.php*";
|
||||
|
||||
$priv_list['page-vpn-vpnpptp'] = array();
|
||||
$priv_list['page-vpn-vpnpptp']['name'] = gettext("WebCfg - VPN: VPN PPTP page");
|
||||
|
@ -1270,6 +1362,11 @@ $priv_list['page-xmlrpclibrary']['descr'] = gettext("Allow access to the 'XMLRPC
|
|||
$priv_list['page-xmlrpclibrary']['match'] = array();
|
||||
$priv_list['page-xmlrpclibrary']['match'][] = "xmlrpc.php*";
|
||||
|
||||
$priv_list['page-firewall-easyrule'] = array();
|
||||
$priv_list['page-firewall-easyrule']['name'] = gettext("WebCfg - Firewall: Easy Rule add/status page");
|
||||
$priv_list['page-firewall-easyrule']['descr'] = gettext("Allow access to the 'Firewall: Easy Rule' add/status page.");
|
||||
$priv_list['page-firewall-easyrule']['match'] = array();
|
||||
$priv_list['page-firewall-easyrule']['match'][] = "easyrule.php*";
|
||||
|
||||
$priv_rmvd = array();
|
||||
|
||||
|
|
|
@ -644,6 +644,16 @@ class Auth_RADIUS extends PEAR {
|
|||
}
|
||||
}
|
||||
|
||||
elseif ($vendor == 9) { /* RADIUS_VENDOR_CISCO */
|
||||
switch ($attrv) {
|
||||
case 1: /* Cisco-AVPair */
|
||||
if (!is_array($this->attributes['ciscoavpair']))
|
||||
$this->attributes['ciscoavpair'] = array();
|
||||
$this->attributes['ciscoavpair'][] = radius_cvt_string($datav);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
elseif ($vendor == 8744) { /* Colubris / HP MSM wireless */
|
||||
//documented at http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c02704528/c02704528.pdf pg 15-67
|
||||
if ($attrv == 0) { /* Colubris AV-Pair */
|
||||
|
@ -676,7 +686,7 @@ class Auth_RADIUS extends PEAR {
|
|||
break;
|
||||
|
||||
case 85: /* Acct-Interim-Interval: RFC 2869 */
|
||||
$this->attributes['interim_interval'] = radius_cvt_int($datav[1]);
|
||||
$this->attributes['interim_interval'] = radius_cvt_int($data);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
|
240
etc/inc/rrd.inc
240
etc/inc/rrd.inc
|
@ -36,10 +36,9 @@
|
|||
|
||||
function dump_rrd_to_xml($rrddatabase, $xmldumpfile) {
|
||||
$rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool";
|
||||
if(file_exists($xmldumpfile))
|
||||
mwexec("rm {$xmldumpfile}");
|
||||
unlink_if_exists($xmldumpfile);
|
||||
|
||||
exec("$rrdtool dump {$rrddatabase} {$xmldumpfile} 2>&1", $dumpout, $dumpret);
|
||||
exec("$rrdtool dump " . escapeshellarg($rrddatabase) . " {$xmldumpfile} 2>&1", $dumpout, $dumpret);
|
||||
if ($dumpret <> 0) {
|
||||
$dumpout = implode(" ", $dumpout);
|
||||
log_error(sprintf(gettext('RRD dump failed exited with %1$s, the error is: %2$s'), $dumpret, $dumpout));
|
||||
|
@ -48,7 +47,7 @@ function dump_rrd_to_xml($rrddatabase, $xmldumpfile) {
|
|||
}
|
||||
|
||||
function restore_rrd() {
|
||||
global $g;
|
||||
global $g, $config;
|
||||
|
||||
$rrddbpath = "/var/db/rrd/";
|
||||
$rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool";
|
||||
|
@ -216,6 +215,7 @@ function enable_rrd_graphing() {
|
|||
$spamd = "-spamd.rrd";
|
||||
$proc = "-processor.rrd";
|
||||
$mem = "-memory.rrd";
|
||||
$mbuf = "-mbuf.rrd";
|
||||
$cellular = "-cellular.rrd";
|
||||
$vpnusers = "-vpnusers.rrd";
|
||||
$captiveportalconcurrent = "-concurrent.rrd";
|
||||
|
@ -243,6 +243,7 @@ function enable_rrd_graphing() {
|
|||
$rrdlbpoolinterval = 60;
|
||||
$rrdprocinterval = 60;
|
||||
$rrdmeminterval = 60;
|
||||
$rrdmbufinterval = 60;
|
||||
$rrdcellularinterval = 60;
|
||||
$rrdvpninterval = 60;
|
||||
$rrdcaptiveportalinterval = 60;
|
||||
|
@ -257,13 +258,14 @@ function enable_rrd_graphing() {
|
|||
$lbpoolvalid = $rrdlbpoolinterval * 2;
|
||||
$procvalid = $rrdlbpoolinterval * 2;
|
||||
$memvalid = $rrdmeminterval * 2;
|
||||
$mbufvalid = $rrdmbufinterval * 2;
|
||||
$cellularvalid = $rrdcellularinterval * 2;
|
||||
$vpnvalid = $rrdvpninterval * 2;
|
||||
$captiveportalvalid = $rrdcaptiveportalinterval * 2;
|
||||
|
||||
/* Asume GigE for now */
|
||||
$downstream = 125000000;
|
||||
$upstream = 125000000;
|
||||
/* Assume 2*10GigE for now */
|
||||
$downstream = 2500000000;
|
||||
$upstream = 2500000000;
|
||||
|
||||
/* read the shaper config */
|
||||
read_altq_config();
|
||||
|
@ -322,10 +324,10 @@ function enable_rrd_graphing() {
|
|||
$rrdcreate .= "DS:outpass6:COUNTER:$trafficvalid:0:$upstream ";
|
||||
$rrdcreate .= "DS:inblock6:COUNTER:$trafficvalid:0:$downstream ";
|
||||
$rrdcreate .= "DS:outblock6:COUNTER:$trafficvalid:0:$upstream ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 ";
|
||||
|
||||
create_new_rrd($rrdcreate);
|
||||
unset($rrdcreate);
|
||||
|
@ -355,10 +357,10 @@ function enable_rrd_graphing() {
|
|||
$rrdcreate .= "DS:outpass6:COUNTER:$packetsvalid:0:$upstream ";
|
||||
$rrdcreate .= "DS:inblock6:COUNTER:$packetsvalid:0:$downstream ";
|
||||
$rrdcreate .= "DS:outblock6:COUNTER:$packetsvalid:0:$upstream ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 ";
|
||||
|
||||
create_new_rrd($rrdcreate);
|
||||
unset($rrdcreate);
|
||||
|
@ -384,10 +386,10 @@ function enable_rrd_graphing() {
|
|||
$rrdcreate .= "DS:snr:GAUGE:$wirelessvalid:0:1000 ";
|
||||
$rrdcreate .= "DS:rate:GAUGE:$wirelessvalid:0:1000 ";
|
||||
$rrdcreate .= "DS:channel:GAUGE:$wirelessvalid:0:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 ";
|
||||
|
||||
create_new_rrd($rrdcreate);
|
||||
unset($rrdcreate);
|
||||
|
@ -409,10 +411,10 @@ function enable_rrd_graphing() {
|
|||
if (!file_exists("$rrddbpath$ifname$vpnusers")) {
|
||||
$rrdcreate = "$rrdtool create $rrddbpath$ifname$vpnusers --step $rrdvpninterval ";
|
||||
$rrdcreate .= "DS:users:GAUGE:$vpnvalid:0:10000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 ";
|
||||
|
||||
create_new_rrd($rrdcreate);
|
||||
unset($rrdcreate);
|
||||
|
@ -475,10 +477,10 @@ function enable_rrd_graphing() {
|
|||
$rrdcreate .= "DS:$qname:COUNTER:$queuesvalid:0:$qbandwidth ";
|
||||
}
|
||||
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 ";
|
||||
|
||||
create_new_rrd($rrdcreate);
|
||||
unset($rrdcreate);
|
||||
|
@ -492,10 +494,10 @@ function enable_rrd_graphing() {
|
|||
$rrdcreate .= "DS:$qname:COUNTER:$queuesdropvalid:0:$qbandwidth ";
|
||||
}
|
||||
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 ";
|
||||
|
||||
create_new_rrd($rrdcreate);
|
||||
unset($rrdcreate);
|
||||
|
@ -560,10 +562,10 @@ function enable_rrd_graphing() {
|
|||
$rrdcreate .= "DS:rssi:GAUGE:$cellularvalid:0:100 ";
|
||||
$rrdcreate .= "DS:upstream:GAUGE:$cellularvalid:0:100000000 ";
|
||||
$rrdcreate .= "DS:downstream:GAUGE:$cellularvalid:0:100000000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 ";
|
||||
create_new_rrd($rrdcreate);
|
||||
unset($rrdcreate);
|
||||
}
|
||||
|
@ -593,10 +595,10 @@ function enable_rrd_graphing() {
|
|||
$rrdcreate .= "DS:pfnat:GAUGE:$statesvalid:0:10000000 ";
|
||||
$rrdcreate .= "DS:srcip:GAUGE:$statesvalid:0:10000000 ";
|
||||
$rrdcreate .= "DS:dstip:GAUGE:$statesvalid:0:10000000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 ";
|
||||
|
||||
create_new_rrd($rrdcreate);
|
||||
unset($rrdcreate);
|
||||
|
@ -628,10 +630,10 @@ function enable_rrd_graphing() {
|
|||
$rrdcreate .= "DS:system:GAUGE:$procvalid:0:10000000 ";
|
||||
$rrdcreate .= "DS:interrupt:GAUGE:$procvalid:0:10000000 ";
|
||||
$rrdcreate .= "DS:processes:GAUGE:$procvalid:0:10000000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 ";
|
||||
|
||||
create_new_rrd($rrdcreate);
|
||||
unset($rrdcreate);
|
||||
|
@ -658,18 +660,18 @@ function enable_rrd_graphing() {
|
|||
$rrdcreate .= "DS:free:GAUGE:$memvalid:0:10000000 ";
|
||||
$rrdcreate .= "DS:cache:GAUGE:$memvalid:0:10000000 ";
|
||||
$rrdcreate .= "DS:wire:GAUGE:$memvalid:0:10000000 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:720:3000";
|
||||
$rrdcreate .= "RRA:MIN:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:1440:2284 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:1440:2284";
|
||||
|
||||
create_new_rrd($rrdcreate);
|
||||
unset($rrdcreate);
|
||||
|
@ -688,6 +690,42 @@ function enable_rrd_graphing() {
|
|||
|
||||
/* End Memory statistics */
|
||||
|
||||
/* mbuf, create mbuf statistics database */
|
||||
if(! file_exists("$rrddbpath$ifname$mbuf")) {
|
||||
$rrdcreate = "$rrdtool create $rrddbpath$ifname$mbuf --step $rrdmbufinterval ";
|
||||
$rrdcreate .= "DS:current:GAUGE:$mbufvalid:0:10000000 ";
|
||||
$rrdcreate .= "DS:cache:GAUGE:$mbufvalid:0:10000000 ";
|
||||
$rrdcreate .= "DS:total:GAUGE:$mbufvalid:0:10000000 ";
|
||||
$rrdcreate .= "DS:max:GAUGE:$mbufvalid:0:10000000 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:1440:2284 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:1440:2284";
|
||||
|
||||
create_new_rrd($rrdcreate);
|
||||
unset($rrdcreate);
|
||||
}
|
||||
|
||||
/* enter UNKNOWN values in the RRD so it knows we rebooted. */
|
||||
if($g['booting']) {
|
||||
mwexec("$rrdtool update $rrddbpath$ifname$mbuf N:U:U:U:U");
|
||||
}
|
||||
|
||||
/* the mbuf stats gathering function. */
|
||||
$rrdupdatesh .= "MBUF=`$netstat -m | ";
|
||||
$rrdupdatesh .= " $awk '/mbuf clusters in use/ { gsub(/\//, \":\", $1); print $1; }'`\n";
|
||||
$rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$mbuf N:\${MBUF}\n";
|
||||
|
||||
/* End mbuf statistics */
|
||||
|
||||
/* SPAMD, set up the spamd rrd file */
|
||||
if (isset($config['installedpackages']['spamdsettings']) &&
|
||||
$config['installedpackages']['spamdsettings']['config'][0]['enablerrd']) {
|
||||
|
@ -696,18 +734,18 @@ function enable_rrd_graphing() {
|
|||
$rrdcreate = "$rrdtool create $rrddbpath$ifname$spamd --step $rrdspamdinterval ";
|
||||
$rrdcreate .= "DS:conn:GAUGE:$spamdvalid:0:10000 ";
|
||||
$rrdcreate .= "DS:time:GAUGE:$spamdvalid:0:86400 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:1440:2284 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:1440:2284 ";
|
||||
|
||||
create_new_rrd($rrdcreate);
|
||||
unset($rrdcreate);
|
||||
|
@ -732,22 +770,22 @@ function enable_rrd_graphing() {
|
|||
if (!file_exists("$concurrent_filename")) {
|
||||
$rrdcreate = "$rrdtool create $concurrent_filename --step $rrdcaptiveportalinterval ";
|
||||
$rrdcreate .= "DS:concurrentusers:GAUGE:$captiveportalvalid:0:10000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:LAST:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:LAST:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:LAST:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:LAST:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:1440:2284 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:1440:2284 ";
|
||||
$rrdcreate .= "RRA:LAST:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:LAST:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:LAST:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:LAST:0.5:1440:2284 ";
|
||||
|
||||
create_new_rrd($rrdcreate);
|
||||
unset($rrdcreate);
|
||||
|
@ -761,29 +799,29 @@ function enable_rrd_graphing() {
|
|||
/* the Captive Portal stats gathering function. */
|
||||
$rrdupdatesh .= "\n";
|
||||
$rrdupdatesh .= "# polling Captive Portal for number of concurrent users\n";
|
||||
$rrdupdatesh .= "CP=`$php -q $captiveportal_gather '$cpkey' $concurrent`\n";
|
||||
$rrdupdatesh .= "CP=`${php} -q ${captiveportal_gather} '${cpkey}' 'concurrent'`\n";
|
||||
$rrdupdatesh .= "$rrdtool update $concurrent_filename \${CP}\n";
|
||||
|
||||
$loggedin_filename = $rrddbpath . $ifname . '-' . $cpkey . $captiveportalloggedin;
|
||||
if (!file_exists("$loggedin_filename")) {
|
||||
$rrdcreate = "$rrdtool create $loggedin_filename --step $rrdcaptiveportalinterval ";
|
||||
$rrdcreate .= "DS:loggedinusers:GAUGE:$captiveportalvalid:0:10000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:LAST:0.5:1:1000 ";
|
||||
$rrdcreate .= "RRA:LAST:0.5:5:1000 ";
|
||||
$rrdcreate .= "RRA:LAST:0.5:60:1000 ";
|
||||
$rrdcreate .= "RRA:LAST:0.5:720:3000 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:MIN:0.5:1440:2284 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:MAX:0.5:1440:2284 ";
|
||||
$rrdcreate .= "RRA:LAST:0.5:1:1200 ";
|
||||
$rrdcreate .= "RRA:LAST:0.5:5:720 ";
|
||||
$rrdcreate .= "RRA:LAST:0.5:60:1860 ";
|
||||
$rrdcreate .= "RRA:LAST:0.5:1440:2284 ";
|
||||
|
||||
create_new_rrd($rrdcreate);
|
||||
unset($rrdcreate);
|
||||
|
@ -797,7 +835,7 @@ function enable_rrd_graphing() {
|
|||
/* the Captive Portal stats gathering function. */
|
||||
$rrdupdatesh .= "\n";
|
||||
$rrdupdatesh .= "# polling Captive Portal for number of logged in users\n";
|
||||
$rrdupdatesh .= "CP=`$php -q $captiveportal_gather $cpkey loggedin`\n";
|
||||
$rrdupdatesh .= "CP=`${php} -q ${captiveportal_gather} '${cpkey}' 'loggedin'`\n";
|
||||
$rrdupdatesh .= "$rrdtool update $loggedin_filename \${CP}\n";
|
||||
|
||||
}
|
||||
|
|
|
@ -43,6 +43,7 @@ require_once("openvpn.inc");
|
|||
require_once("ipsec.inc");
|
||||
require_once("vpn.inc");
|
||||
require_once("vslb.inc");
|
||||
require_once("gwlb.inc");
|
||||
|
||||
define("RCFILEPREFIX", "/usr/local/etc/rc.d/");
|
||||
function write_rcfile($params) {
|
||||
|
@ -66,7 +67,7 @@ function write_rcfile($params) {
|
|||
$tokill =& $params['stop'];
|
||||
} else if(!empty($params['executable'])) {
|
||||
/* just nuke the executable */
|
||||
$tokill = "/usr/bin/killall {$params['executable']}";
|
||||
$tokill = "/usr/bin/killall " . escapeshellarg($params['executable']);
|
||||
} else {
|
||||
/* make an educated guess (bad) */
|
||||
$tokill = array_pop(explode('/', array_shift(explode(' ', $params['start']))));
|
||||
|
@ -143,7 +144,7 @@ function stop_service($name) {
|
|||
|
||||
if(!($service['rcfile'] or $service['stopcmd'])) {
|
||||
if(is_process_running("{$service['executable']}"))
|
||||
mwexec("/usr/bin/killall {$service['executable']}");
|
||||
killbyname($service['executable']);
|
||||
return;
|
||||
}
|
||||
break;
|
||||
|
@ -151,8 +152,8 @@ function stop_service($name) {
|
|||
}
|
||||
}
|
||||
/* finally if we get here lets simply kill the service name */
|
||||
if(is_process_running("{$name}"))
|
||||
mwexec("/usr/bin/killall {$name}");
|
||||
if(is_process_running(escapeshellarg($name)))
|
||||
killbyname(escapeshellarg($name));
|
||||
}
|
||||
|
||||
function restart_service($name) {
|
||||
|
@ -201,10 +202,13 @@ function is_service_enabled($service_name) {
|
|||
global $config;
|
||||
if ($service_name == "")
|
||||
return false;
|
||||
if (isset($config['installedpackages'][$service_name]['config'][0]['enable']) &&
|
||||
((empty($config['installedpackages'][$service_name]['config'][0]['enable'])) ||
|
||||
($config['installedpackages'][$service_name]['config'][0]['enable'] === 'off')))
|
||||
return false;
|
||||
if (is_array($config['installedpackages'])) {
|
||||
if (isset($config['installedpackages'][$service_name]['config'][0]['enable']) &&
|
||||
((empty($config['installedpackages'][$service_name]['config'][0]['enable'])) ||
|
||||
($config['installedpackages'][$service_name]['config'][0]['enable'] === 'off'))) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -282,19 +286,21 @@ function get_services() {
|
|||
if ($oc['if'] && (!link_interface_to_bridge($if)))
|
||||
$iflist[$if] = $if;
|
||||
}
|
||||
$show_dhcprelay = false;
|
||||
foreach($iflist as $if) {
|
||||
if(isset($config['dhcrelay'][$if]['enable']))
|
||||
$show_dhcprelay = true;
|
||||
}
|
||||
|
||||
if($show_dhcprelay == true) {
|
||||
if(isset($config['dhcrelay']['enable'])) {
|
||||
$pconfig = array();
|
||||
$pconfig['name'] = "dhcrelay";
|
||||
$pconfig['description'] = gettext("DHCP Relay");
|
||||
$services[] = $pconfig;
|
||||
}
|
||||
|
||||
if(isset($config['dhcrelay6']['enable'])) {
|
||||
$pconfig = array();
|
||||
$pconfig['name'] = "dhcrelay6";
|
||||
$pconfig['description'] = gettext("DHCPv6 Relay");
|
||||
$services[] = $pconfig;
|
||||
}
|
||||
|
||||
if(is_dhcp_server_enabled()) {
|
||||
$pconfig = array();
|
||||
$pconfig['name'] = "dhcpd";
|
||||
|
@ -302,6 +308,14 @@ function get_services() {
|
|||
$services[] = $pconfig;
|
||||
}
|
||||
|
||||
$gateways_arr = return_gateways_array();
|
||||
if (is_array($gateways_arr)) {
|
||||
$pconfig = array();
|
||||
$pconfig['name'] = "apinger";
|
||||
$pconfig['description'] = gettext("Gateway Monitoring Daemon");
|
||||
$services[] = $pconfig;
|
||||
}
|
||||
|
||||
if(isset($config['snmpd']['enable'])) {
|
||||
$pconfig = array();
|
||||
$pconfig['name'] = "bsnmpd";
|
||||
|
@ -417,6 +431,9 @@ function get_service_status($service) {
|
|||
case "vhosts-http":
|
||||
$running = is_pid_running("{$g['varrun_path']}/vhosts-http.pid");
|
||||
break;
|
||||
case "dhcrelay6":
|
||||
$running = is_pid_running("{$g['varrun_path']}/dhcrelay6.pid");
|
||||
break;
|
||||
default:
|
||||
$running = is_service_running($service['name']);
|
||||
}
|
||||
|
@ -428,23 +445,21 @@ function get_service_status_icon($service, $withtext = true, $smallicon = false)
|
|||
$output = "";
|
||||
if(get_service_status($service)) {
|
||||
$statustext = gettext("Running");
|
||||
$output .= '<td class="listr" align="center">' . "\n";
|
||||
$output .= "<img style=\"vertical-align:middle\" title=\"" . sprintf(gettext("%s Service is"),$service["name"]) . " {$statustext}\" src=\"/themes/" . $g["theme"] . "/images/icons/";
|
||||
$output .= ($smallicon) ? "icon_pass.gif" : "icon_service_running.gif";
|
||||
$output .= "\" alt=\"status\" />";
|
||||
if ($withtext)
|
||||
$output .= " " . $statustext;
|
||||
$output .= "</td>\n";
|
||||
$output .= "\n";
|
||||
} else {
|
||||
$service_enabled = is_service_enabled($service['name']);
|
||||
$statustext = ($service_enabled) ? gettext("Stopped") : gettext("Disabled");
|
||||
$output .= '<td class="listbg" align="center">' . "\n";
|
||||
$output .= "<img style=\"vertical-align:middle\" title=\"" . sprintf(gettext("%s Service is"),$service["name"]) . " {$statustext}\" src=\"/themes/" . $g["theme"] . "/images/icons/";
|
||||
$output .= ($smallicon) ? "icon_block.gif" : "icon_service_stopped.gif";
|
||||
$output .= "\" alt=\"status\" />";
|
||||
if ($withtext)
|
||||
$output .= " " . "<font color=\"white\">{$statustext}</font>";
|
||||
$output .= "</td>\n";
|
||||
$output .= "\n";
|
||||
}
|
||||
return $output;
|
||||
}
|
||||
|
@ -503,16 +518,25 @@ function service_control_start($name, $extras) {
|
|||
services_radvd_configure();
|
||||
break;
|
||||
case 'captiveportal':
|
||||
$zone = $extras['zone'];
|
||||
$zone = htmlspecialchars($extras['zone']);
|
||||
captiveportal_init_webgui_zonename($zone);
|
||||
break;
|
||||
case 'ntpd':
|
||||
case 'openntpd':
|
||||
system_ntp_configure();
|
||||
break;
|
||||
case 'apinger':
|
||||
setup_gateways_monitor();
|
||||
break;
|
||||
case 'bsnmpd':
|
||||
services_snmpd_configure();
|
||||
break;
|
||||
case 'dhcrelay':
|
||||
services_dhcrelay_configure();
|
||||
break;
|
||||
case 'dhcrelay6':
|
||||
services_dhcrelay6_configure();
|
||||
break;
|
||||
case 'dnsmasq':
|
||||
services_dnsmasq_configure();
|
||||
break;
|
||||
|
@ -529,9 +553,9 @@ function service_control_start($name, $extras) {
|
|||
vpn_ipsec_force_reload();
|
||||
break;
|
||||
case 'openvpn':
|
||||
$vpnmode = $extras['vpnmode'];
|
||||
$vpnmode = isset($extras['vpnmode']) ? htmlspecialchars($extras['vpnmode']) : htmlspecialchars($extras['mode']);
|
||||
if (($vpnmode == "server") || ($vpnmode == "client")) {
|
||||
$id = $extras['id'];
|
||||
$id = isset($extras['vpnid']) ? htmlspecialchars($extras['vpnid']) : htmlspecialchars($extras['id']);
|
||||
$configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf";
|
||||
if (file_exists($configfile))
|
||||
openvpn_restart_by_vpnid($vpnmode, $id);
|
||||
|
@ -553,7 +577,7 @@ function service_control_stop($name, $extras) {
|
|||
killbypid("{$g['varrun_path']}/radvd.pid");
|
||||
break;
|
||||
case 'captiveportal':
|
||||
$zone = $extras['zone'];
|
||||
$zone = htmlspecialchars($extras['zone']);
|
||||
killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal.pid");
|
||||
killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal-SSL.pid");
|
||||
break;
|
||||
|
@ -563,6 +587,9 @@ function service_control_stop($name, $extras) {
|
|||
case 'openntpd':
|
||||
killbyname("openntpd");
|
||||
break;
|
||||
case 'apinger':
|
||||
killbypid("{$g['varrun_path']}/apinger.pid");
|
||||
break;
|
||||
case 'bsnmpd':
|
||||
killbypid("{$g['varrun_path']}/snmpd.pid");
|
||||
break;
|
||||
|
@ -575,6 +602,9 @@ function service_control_stop($name, $extras) {
|
|||
case 'dhcrelay':
|
||||
killbypid("{$g['varrun_path']}/dhcrelay.pid");
|
||||
break;
|
||||
case 'dhcrelay6':
|
||||
killbypid("{$g['varrun_path']}/dhcrelay6.pid");
|
||||
break;
|
||||
case 'dnsmasq':
|
||||
killbypid("{$g['varrun_path']}/dnsmasq.pid");
|
||||
break;
|
||||
|
@ -591,9 +621,9 @@ function service_control_stop($name, $extras) {
|
|||
exec("killall -9 racoon");
|
||||
break;
|
||||
case 'openvpn':
|
||||
$vpnmode = $extras['vpnmode'];
|
||||
$vpnmode = htmlspecialchars($extras['vpnmode']);
|
||||
if (($vpnmode == "server") or ($vpnmode == "client")) {
|
||||
$id = $extras['id'];
|
||||
$id = htmlspecialchars($extras['id']);
|
||||
$pidfile = "{$g['varrun_path']}/openvpn_{$vpnmode}{$id}.pid";
|
||||
killbypid($pidfile);
|
||||
}
|
||||
|
@ -614,7 +644,7 @@ function service_control_restart($name, $extras) {
|
|||
services_radvd_configure();
|
||||
break;
|
||||
case 'captiveportal':
|
||||
$zone = $extras['zone'];
|
||||
$zone = htmlspecialchars($extras['zone']);
|
||||
killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal.pid");
|
||||
killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal-SSL.pid");
|
||||
captiveportal_init_webgui_zonename($zone);
|
||||
|
@ -623,9 +653,19 @@ function service_control_restart($name, $extras) {
|
|||
case 'openntpd':
|
||||
system_ntp_configure();
|
||||
break;
|
||||
case 'apinger':
|
||||
killbypid("{$g['varrun_path']}/apinger.pid");
|
||||
setup_gateways_monitor();
|
||||
break;
|
||||
case 'bsnmpd':
|
||||
services_snmpd_configure();
|
||||
break;
|
||||
case 'dhcrelay':
|
||||
services_dhcrelay_configure();
|
||||
break;
|
||||
case 'dhcrelay6':
|
||||
services_dhcrelay6_configure();
|
||||
break;
|
||||
case 'dnsmasq':
|
||||
services_dnsmasq_configure();
|
||||
break;
|
||||
|
@ -642,9 +682,9 @@ function service_control_restart($name, $extras) {
|
|||
vpn_ipsec_force_reload();
|
||||
break;
|
||||
case 'openvpn':
|
||||
$vpnmode = $extras['vpnmode'];
|
||||
$vpnmode = htmlspecialchars($extras['vpnmode']);
|
||||
if ($vpnmode == "server" || $vpnmode == "client") {
|
||||
$id = $extras['id'];
|
||||
$id = htmlspecialchars($extras['id']);
|
||||
$configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf";
|
||||
if (file_exists($configfile))
|
||||
openvpn_restart_by_vpnid($vpnmode, $id);
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
/*
|
||||
services.inc
|
||||
part of the pfSense project (http://www.pfsense.com)
|
||||
part of the pfSense project (https://www.pfsense.org)
|
||||
|
||||
originally part of m0n0wall (http://m0n0.ch/wall)
|
||||
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
|
||||
|
@ -32,18 +32,17 @@
|
|||
|
||||
/*
|
||||
pfSense_BUILDER_BINARIES: /usr/bin/killall /bin/pgrep /bin/sh /usr/local/sbin/dhcpd /usr/local/sbin/igmpproxy
|
||||
pfSense_BUILDER_BINARIES: /sbin/ifconfig /usr/sbin/arp /sbin/ifconfig /usr/local/sbin/dnsmasq
|
||||
pfSense_BUILDER_BINARIES: /usr/sbin/bsnmpd /sbin/route
|
||||
pfSense_BUILDER_BINARIES: /sbin/ifconfig /usr/local/sbin/dnsmasq
|
||||
pfSense_BUILDER_BINARIES: /usr/local/sbin/miniupnpd /usr/sbin/radvd
|
||||
pfSense_BUILDER_BINARIES: /usr/local/sbin/dhcleases6
|
||||
pfSense_BUILDER_BINARIES: /usr/local/sbin/dhcleases6 /usr/sbin/bsnmpd
|
||||
pfSense_MODULE: utils
|
||||
*/
|
||||
|
||||
define('DYNDNS_PROVIDER_VALUES', 'dnsomatic dyndns dyndns-static dyndns-custom dhs dyns easydns noip noip-free ods zoneedit loopia freedns dnsexit opendns namecheap he-net he-net-tunnelbroker selfhost route53 custom');
|
||||
define('DYNDNS_PROVIDER_DESCRIPTIONS', 'DNS-O-Matic,DynDNS (dynamic),DynDNS (static),DynDNS (custom),DHS,DyNS,easyDNS,No-IP,No-IP (free),ODS.org,ZoneEdit,Loopia,freeDNS,DNSexit,OpenDNS,Namecheap,HE.net,HE.net Tunnelbroker,SelfHost,Route 53,Custom');
|
||||
define('DYNDNS_PROVIDER_VALUES', 'dnsomatic dyndns dyndns-static dyndns-custom dhs dyns easydns noip noip-free ods zoneedit loopia freedns dnsexit opendns namecheap he-net he-net-v6 he-net-tunnelbroker selfhost route53 custom custom-v6');
|
||||
define('DYNDNS_PROVIDER_DESCRIPTIONS', 'DNS-O-Matic,DynDNS (dynamic),DynDNS (static),DynDNS (custom),DHS,DyNS,easyDNS,No-IP,No-IP (free),ODS.org,ZoneEdit,Loopia,freeDNS,DNSexit,OpenDNS,Namecheap,HE.net,HE.net (v6),HE.net Tunnelbroker,SelfHost,Route 53,Custom,Custom (v6)');
|
||||
|
||||
/* implement ipv6 route advertising deamon */
|
||||
function services_radvd_configure() {
|
||||
function services_radvd_configure($blacklist = array()) {
|
||||
global $config, $g;
|
||||
|
||||
if ($g['platform'] == 'jail')
|
||||
|
@ -73,6 +72,9 @@ function services_radvd_configure() {
|
|||
if (!isset($config['interfaces'][$dhcpv6if]['enable']))
|
||||
continue;
|
||||
|
||||
/* Do not put in the config an interface which is down */
|
||||
if (isset($blacklist[$dhcpv6if]))
|
||||
continue;
|
||||
if (!isset($dhcpv6ifconf['ramode']))
|
||||
$dhcpv6ifconf['ramode'] = $dhcpv6ifconf['mode'];
|
||||
|
||||
|
@ -93,10 +95,9 @@ function services_radvd_configure() {
|
|||
}
|
||||
}
|
||||
|
||||
$realif = get_real_interface($dhcpv6if);
|
||||
if (in_array($realif, $radvdifs))
|
||||
$realif = get_real_interface($dhcpv6if, "inet6");
|
||||
if (isset($radvdifs[$realif]))
|
||||
continue;
|
||||
$radvdifs[] = $realif;
|
||||
|
||||
$ifcfgipv6 = get_interface_ipv6($dhcpv6if);
|
||||
if (!is_ipaddrv6($ifcfgipv6))
|
||||
|
@ -104,6 +105,7 @@ function services_radvd_configure() {
|
|||
|
||||
$ifcfgsnv6 = get_interface_subnetv6($dhcpv6if);
|
||||
$subnetv6 = gen_subnetv6($ifcfgipv6, $ifcfgsnv6);
|
||||
$radvdifs[$realif] = $realif;
|
||||
|
||||
$radvdconf .= "# Generated for DHCPv6 Server $dhcpv6if\n";
|
||||
$radvdconf .= "interface {$realif} {\n";
|
||||
|
@ -129,9 +131,8 @@ function services_radvd_configure() {
|
|||
}
|
||||
switch($dhcpv6ifconf['ramode']) {
|
||||
case "managed":
|
||||
$radvdconf .= "\tAdvManagedFlag on;\n";
|
||||
break;
|
||||
case "assist":
|
||||
$radvdconf .= "\tAdvManagedFlag on;\n";
|
||||
$radvdconf .= "\tAdvOtherConfigFlag on;\n";
|
||||
break;
|
||||
}
|
||||
|
@ -212,67 +213,69 @@ function services_radvd_configure() {
|
|||
continue;
|
||||
if(!isset($config['interfaces'][$if]['enable']))
|
||||
continue;
|
||||
|
||||
$realif = get_real_interface($if);
|
||||
/* prevent duplicate entries, manual overrides */
|
||||
if(in_array($realif, $radvdifs))
|
||||
/* Do not put in the config an interface which is down */
|
||||
if (isset($blacklist[$if]))
|
||||
continue;
|
||||
|
||||
$ifcfgipv6 = get_interface_ipv6($if);
|
||||
if(!is_ipaddrv6($ifcfgipv6))
|
||||
continue;
|
||||
|
||||
$ifcfgsnv6 = get_interface_subnetv6($if);
|
||||
$subnetv6 = gen_subnetv6($ifcfgipv6, $ifcfgsnv6);
|
||||
$trackif = $config['interfaces'][$if]['track6-interface'];
|
||||
if (empty($config['interfaces'][$trackif]))
|
||||
continue;
|
||||
$radvdifs[] = $realif;
|
||||
|
||||
$realif = get_real_interface($if, "inet6");
|
||||
/* prevent duplicate entries, manual overrides */
|
||||
if (isset($radvdifs[$realif]))
|
||||
continue;
|
||||
|
||||
$ifcfgipv6 = get_interface_ipv6($if);
|
||||
if(!is_ipaddrv6($ifcfgipv6)) {
|
||||
$subnetv6 = "::";
|
||||
$ifcfgsnv6 = "64";
|
||||
} else {
|
||||
$ifcfgsnv6 = get_interface_subnetv6($if);
|
||||
$subnetv6 = gen_subnetv6($ifcfgipv6, $ifcfgsnv6);
|
||||
}
|
||||
$radvdifs[$realif] = $realif;
|
||||
|
||||
$autotype = $config['interfaces'][$trackif]['ipaddrv6'];
|
||||
|
||||
if ($g['debug'])
|
||||
log_error("configuring RA on {$if} for type {$autotype} radvd subnet {$subnetv6}/{$ifcfgsnv6}");
|
||||
|
||||
$dnslist = array();
|
||||
if(is_ipaddrv6($ifcfgipv6)) {
|
||||
$radvdconf .= "# Generated config for {$autotype} delegation from {$trackif} on {$if}\n";
|
||||
$radvdconf .= "interface {$realif} {\n";
|
||||
$radvdconf .= "\tAdvSendAdvert on;\n";
|
||||
$radvdconf .= "\tMinRtrAdvInterval 3;\n";
|
||||
$radvdconf .= "\tMaxRtrAdvInterval 10;\n";
|
||||
$mtu = get_interface_mtu($realif);
|
||||
if (is_numeric($mtu))
|
||||
$radvdconf .= "\tAdvLinkMTU {$mtu};\n";
|
||||
else
|
||||
$radvdconf .= "\tAdvLinkMTU 1280;\n";
|
||||
$radvdconf .= "\tAdvOtherConfigFlag on;\n";
|
||||
$radvdconf .= "\t\tprefix {$subnetv6}/{$ifcfgsnv6} {\n";
|
||||
$radvdconf .= "\t\tAdvOnLink on;\n";
|
||||
$radvdconf .= "\t\tAdvAutonomous on;\n";
|
||||
$radvdconf .= "\t\tAdvRouterAddr on;\n";
|
||||
$radvdconf .= "\t};\n";
|
||||
$radvdconf .= "# Generated config for {$autotype} delegation from {$trackif} on {$if}\n";
|
||||
$radvdconf .= "interface {$realif} {\n";
|
||||
$radvdconf .= "\tAdvSendAdvert on;\n";
|
||||
$radvdconf .= "\tMinRtrAdvInterval 3;\n";
|
||||
$radvdconf .= "\tMaxRtrAdvInterval 10;\n";
|
||||
$mtu = get_interface_mtu($realif);
|
||||
if (is_numeric($mtu))
|
||||
$radvdconf .= "\tAdvLinkMTU {$mtu};\n";
|
||||
else
|
||||
$radvdconf .= "\tAdvLinkMTU 1280;\n";
|
||||
$radvdconf .= "\tAdvOtherConfigFlag on;\n";
|
||||
$radvdconf .= "\t\tprefix {$subnetv6}/{$ifcfgsnv6} {\n";
|
||||
$radvdconf .= "\t\tAdvOnLink on;\n";
|
||||
$radvdconf .= "\t\tAdvAutonomous on;\n";
|
||||
$radvdconf .= "\t\tAdvRouterAddr on;\n";
|
||||
$radvdconf .= "\t};\n";
|
||||
|
||||
/* add DNS servers */
|
||||
$dnslist = array();
|
||||
if (isset($config['dnsmasq']['enable'])) {
|
||||
$dnslist[] = $ifcfgipv6;
|
||||
} elseif (is_array($config['system']['dnsserver']) && !empty($config['system']['dnsserver'])) {
|
||||
foreach($config['system']['dnsserver'] as $server) {
|
||||
if(is_ipaddrv6($server))
|
||||
$dnslist[] = $server;
|
||||
}
|
||||
}
|
||||
if (count($dnslist) > 0) {
|
||||
$dnsstring = implode(" ", $dnslist);
|
||||
if (!empty($dnsstring))
|
||||
$radvdconf .= "\tRDNSS {$dnsstring} { };\n";
|
||||
}
|
||||
if (!empty($config['system']['domain'])) {
|
||||
$radvdconf .= "\tDNSSL {$config['system']['domain']} { };\n";
|
||||
}
|
||||
$radvdconf .= "};\n";
|
||||
/* add DNS servers */
|
||||
$dnslist = array();
|
||||
if (isset($config['dnsmasq']['enable'])) {
|
||||
$dnslist[] = $ifcfgipv6;
|
||||
} elseif (is_array($config['system']['dnsserver']) && !empty($config['system']['dnsserver'])) {
|
||||
foreach($config['system']['dnsserver'] as $server) {
|
||||
if(is_ipaddrv6($server))
|
||||
$dnslist[] = $server;
|
||||
}
|
||||
}
|
||||
if (count($dnslist) > 0) {
|
||||
$dnsstring = implode(" ", $dnslist);
|
||||
if (!empty($dnsstring))
|
||||
$radvdconf .= "\tRDNSS {$dnsstring} { };\n";
|
||||
}
|
||||
if (!empty($config['system']['domain'])) {
|
||||
$radvdconf .= "\tDNSSL {$config['system']['domain']} { };\n";
|
||||
}
|
||||
$radvdconf .= "};\n";
|
||||
}
|
||||
|
||||
/* write radvd.conf */
|
||||
|
@ -300,7 +303,7 @@ function services_radvd_configure() {
|
|||
return 0;
|
||||
}
|
||||
|
||||
function services_dhcpd_configure($family = "all") {
|
||||
function services_dhcpd_configure($family = "all", $blacklist = array()) {
|
||||
global $config, $g;
|
||||
|
||||
/* configure DHCPD chroot once */
|
||||
|
@ -315,8 +318,8 @@ function services_dhcpd_configure($family = "all") {
|
|||
fwrite($fd, "/bin/mkdir -p {$g['dhcpd_chroot_path']}/lib\n");
|
||||
fwrite($fd, "/bin/mkdir -p {$g['dhcpd_chroot_path']}/run\n");
|
||||
fwrite($fd, "/usr/sbin/chown -R dhcpd:_dhcp {$g['dhcpd_chroot_path']}/*\n");
|
||||
fwrite($fd, "/bin/cp /lib/libc.so.* {$g['dhcpd_chroot_path']}/lib/\n");
|
||||
fwrite($fd, "/bin/cp /usr/local/sbin/dhcpd {$g['dhcpd_chroot_path']}/usr/local/sbin/\n");
|
||||
fwrite($fd, "/bin/cp -n /lib/libc.so.* {$g['dhcpd_chroot_path']}/lib/\n");
|
||||
fwrite($fd, "/bin/cp -n /usr/local/sbin/dhcpd {$g['dhcpd_chroot_path']}/usr/local/sbin/\n");
|
||||
fwrite($fd, "/bin/chmod a+rx {$g['dhcpd_chroot_path']}/usr/local/sbin/dhcpd\n");
|
||||
|
||||
$status = `/sbin/mount | /usr/bin/grep -v grep | /usr/bin/grep "{$g['dhcpd_chroot_path']}/dev"`;
|
||||
|
@ -328,8 +331,8 @@ function services_dhcpd_configure($family = "all") {
|
|||
if ($family == "all" || $family == "inet")
|
||||
services_dhcpdv4_configure();
|
||||
if ($family == "all" || $family == "inet6") {
|
||||
services_dhcpdv6_configure();
|
||||
services_radvd_configure();
|
||||
services_dhcpdv6_configure($blacklist);
|
||||
services_radvd_configure($blacklist);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -349,8 +352,6 @@ function services_dhcpdv4_configure() {
|
|||
/* kill any running dhcpd */
|
||||
if (isvalidpid("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpd.pid"))
|
||||
killbypid("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpd.pid");
|
||||
else
|
||||
mwexec("/usr/bin/killall dhcpd", true);
|
||||
|
||||
/* DHCP enabled on any interfaces? */
|
||||
if (!is_dhcp_server_enabled())
|
||||
|
@ -385,6 +386,16 @@ function services_dhcpdv4_configure() {
|
|||
$dhcpdcfg = $config['dhcpd'];
|
||||
$Iflist = get_configured_interface_list();
|
||||
|
||||
/* Only consider DNS servers with IPv4 addresses for the IPv4 DHCP server. */
|
||||
$dns_arrv4 = array();
|
||||
if (is_array($syscfg['dnsserver'])) {
|
||||
foreach($syscfg['dnsserver'] as $dnsserver) {
|
||||
if (is_ipaddrv4($dnsserver)) {
|
||||
$dns_arrv4[] = $dnsserver;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($g['booting'])
|
||||
echo gettext("Starting DHCP service...");
|
||||
else
|
||||
|
@ -439,7 +450,6 @@ EOD;
|
|||
/* loop through and determine if we need to setup
|
||||
* failover peer "bleh" entries
|
||||
*/
|
||||
$dhcpnum = 0;
|
||||
foreach ($dhcpdcfg as $dhcpif => $dhcpifconf) {
|
||||
|
||||
interfaces_staticarp_configure($dhcpif);
|
||||
|
@ -466,11 +476,10 @@ EOD;
|
|||
}
|
||||
}
|
||||
} else {
|
||||
log_error(gettext("Warning! DHCP Failover setup and no CARP virtual IP's defined!"));
|
||||
log_error(gettext("Warning! DHCP Failover setup and no CARP virtual IPs defined!"));
|
||||
}
|
||||
if($skew > 10) {
|
||||
$type = "secondary";
|
||||
$dhcpdconf_pri = "mclt 600;\n";
|
||||
$my_port = "520";
|
||||
$peer_port = "519";
|
||||
} else {
|
||||
|
@ -481,7 +490,7 @@ EOD;
|
|||
$dhcpdconf_pri .= " mclt 600;\n";
|
||||
}
|
||||
$dhcpdconf .= <<<EOPP
|
||||
failover peer "dhcp{$dhcpnum}" {
|
||||
failover peer "dhcp_{$dhcpif}" {
|
||||
{$type};
|
||||
address {$intip};
|
||||
port {$my_port};
|
||||
|
@ -492,14 +501,11 @@ failover peer "dhcp{$dhcpnum}" {
|
|||
{$dhcpdconf_pri}
|
||||
load balance max seconds 3;
|
||||
}
|
||||
|
||||
\n
|
||||
EOPP;
|
||||
$dhcpnum++;
|
||||
}
|
||||
}
|
||||
|
||||
$dhcpnum = 0;
|
||||
|
||||
foreach ($dhcpdcfg as $dhcpif => $dhcpifconf) {
|
||||
|
||||
$newzone = array();
|
||||
|
@ -562,10 +568,10 @@ EOPP;
|
|||
$dnscfg .= " option domain-name-servers {$ifcfgip};";
|
||||
if ($newzone['domain-name'] && is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0]))
|
||||
$newzone['dns-servers'] = $syscfg['dnsserver'];
|
||||
} else if (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) {
|
||||
$dnscfg .= " option domain-name-servers " . join(",", $syscfg['dnsserver']) . ";";
|
||||
} else if (!empty($dns_arrv4)) {
|
||||
$dnscfg .= " option domain-name-servers " . join(",", $dns_arrv4) . ";";
|
||||
if ($newzone['domain-name'])
|
||||
$newzone['dns-servers'] = $syscfg['dnsserver'];
|
||||
$newzone['dns-servers'] = $dns_arrv4;
|
||||
}
|
||||
|
||||
/* Create classes - These all contain comma separated lists. Join them into one
|
||||
|
@ -626,8 +632,7 @@ EOPP;
|
|||
$dhcpdconf .= " option routers {$poolconf['gateway']};\n";
|
||||
|
||||
if($dhcpifconf['failover_peerip'] <> "") {
|
||||
$dhcpdconf .= " failover peer \"dhcp{$dhcpnum}\";\n";
|
||||
$dhcpnum++;
|
||||
$dhcpdconf .= " failover peer \"dhcp_{$dhcpif}\";\n";
|
||||
}
|
||||
|
||||
$pdnscfg = "";
|
||||
|
@ -845,21 +850,38 @@ EOD;
|
|||
if ($need_ddns_updates) {
|
||||
$dhcpdconf .= "ddns-update-style interim;\n";
|
||||
if (is_array($ddns_zones)) {
|
||||
$added_zones = array();
|
||||
foreach ($ddns_zones as $zone) {
|
||||
if (!is_array($zone) || empty($zone) || !is_array($zone['dns-servers']))
|
||||
continue;
|
||||
$primary = $zone['dns-servers'][0];
|
||||
$secondary = empty($zone['dns-servers'][1]) ? "" : $zone['dns-servers'][1];
|
||||
$dhcpdconf .= "zone {$zone['domain-name']} {\n";
|
||||
$dhcpdconf .= " primary {$primary};\n";
|
||||
if (is_ipaddrv4($secondary))
|
||||
$dhcpdconf .= " secondary {$secondary};\n";
|
||||
$dhcpdconf .= "}\n";
|
||||
$dhcpdconf .= "zone {$zone['ptr-domain']} {\n";
|
||||
$dhcpdconf .= " primary {$primary};\n";
|
||||
if (is_ipaddrv4($secondary))
|
||||
$dhcpdconf .= " secondary {$secondary};\n";
|
||||
$dhcpdconf .= "}\n";
|
||||
// Make sure we aren't using any invalid or IPv6 DNS servers.
|
||||
if (!is_ipaddrv4($primary)) {
|
||||
if (is_ipaddrv4($secondary)) {
|
||||
$primary = $secondary;
|
||||
$secondary = "";
|
||||
} else {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
// We don't need to add zones multiple times.
|
||||
if (!in_array($zone['domain-name'], $added_zones)) {
|
||||
$dhcpdconf .= "zone {$zone['domain-name']} {\n";
|
||||
$dhcpdconf .= " primary {$primary};\n";
|
||||
if (is_ipaddrv4($secondary))
|
||||
$dhcpdconf .= " secondary {$secondary};\n";
|
||||
$dhcpdconf .= "}\n";
|
||||
$added_zones[] = $zone['domain-name'];
|
||||
}
|
||||
if (!in_array($zone['ptr-domain'], $added_zones)) {
|
||||
$dhcpdconf .= "zone {$zone['ptr-domain']} {\n";
|
||||
$dhcpdconf .= " primary {$primary};\n";
|
||||
if (is_ipaddrv4($secondary))
|
||||
$dhcpdconf .= " secondary {$secondary};\n";
|
||||
$dhcpdconf .= "}\n";
|
||||
$added_zones[] = $zone['ptr-domain'];
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -876,6 +898,10 @@ EOD;
|
|||
if (!file_exists("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases"))
|
||||
@touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases");
|
||||
|
||||
/* make sure there isn't a stale dhcpd.pid file, which can make dhcpd fail to start. */
|
||||
/* if we get here, dhcpd has been killed and is not started yet */
|
||||
unlink_if_exists("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpd.pid");
|
||||
|
||||
/* fire up dhcpd in a chroot */
|
||||
if (count($dhcpdifs) > 0) {
|
||||
mwexec("/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot {$g['dhcpd_chroot_path']} -cf /etc/dhcpd.conf -pf {$g['varrun_path']}/dhcpd.pid " .
|
||||
|
@ -888,7 +914,7 @@ EOD;
|
|||
return 0;
|
||||
}
|
||||
|
||||
function services_dhcpdv6_configure() {
|
||||
function services_dhcpdv6_configure($blacklist = array()) {
|
||||
global $config, $g;
|
||||
|
||||
if($g['services_dhcp_server_enable'] == false)
|
||||
|
@ -939,8 +965,11 @@ function services_dhcpdv6_configure() {
|
|||
|
||||
/* we add a fake entry for interfaces that are set to track6 another WAN */
|
||||
foreach ($Iflist as $ifname) {
|
||||
/* Do not put in the config an interface which is down */
|
||||
if (isset($blacklist[$ifname]))
|
||||
continue;
|
||||
if (!empty($config['interfaces'][$ifname]['track6-interface'])) {
|
||||
$realif = get_real_interface($ifname);
|
||||
$realif = get_real_interface($ifname, "inet6");
|
||||
$ifcfgipv6 = get_interface_ipv6($ifname);
|
||||
if(!is_ipaddrv6($ifcfgipv6))
|
||||
continue;
|
||||
|
@ -975,6 +1004,7 @@ function services_dhcpdv6_configure() {
|
|||
|
||||
$dhcpdv6cfg[$ifname]['prefixrange']['from'] = Net_IPv6::compress($range['start']);
|
||||
$dhcpdv6cfg[$ifname]['prefixrange']['to'] = Net_IPv6::compress($range['end']);
|
||||
$dhcpdv6cfg[$ifname]['dns6ip'] = get_interface_ipv6($ifname);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -988,12 +1018,15 @@ function services_dhcpdv6_configure() {
|
|||
}
|
||||
}
|
||||
|
||||
if(isset($dhcpv6ifconf['netboot']) && !empty($dhcpv6ifconf['bootfile_url']))
|
||||
$custoptionsv6 .= "option dhcp6.bootfile-url code 59 = string;\n";
|
||||
|
||||
$dhcpdv6conf = <<<EOD
|
||||
|
||||
option domain-name "{$syscfg['domain']}";
|
||||
option ldap-server code 95 = text;
|
||||
option domain-search-list code 119 = text;
|
||||
{$custoptions}
|
||||
{$custoptionsv6}
|
||||
default-lease-time 7200;
|
||||
max-lease-time 86400;
|
||||
log-facility local7;
|
||||
|
@ -1023,9 +1056,10 @@ EOD;
|
|||
$ifcfgsnv6 = get_interface_subnetv6($dhcpv6if);
|
||||
$subnetv6 = gen_subnetv6($ifcfgipv6, $ifcfgsnv6);
|
||||
|
||||
if($is_olsr_enabled == true)
|
||||
if ($is_olsr_enabled == true) {
|
||||
if($dhcpv6ifconf['netmask'])
|
||||
$subnetmask = gen_subnet_maskv6($dhcpv6ifconf['netmask']);
|
||||
}
|
||||
|
||||
$dnscfgv6 = "";
|
||||
|
||||
|
@ -1033,7 +1067,7 @@ EOD;
|
|||
$dnscfgv6 .= " option domain-name \"{$dhcpv6ifconf['domain']}\";\n";
|
||||
}
|
||||
|
||||
if($dhcpv6ifconf['domainsearchlist'] <> "") {
|
||||
if ($dhcpv6ifconf['domainsearchlist'] <> "") {
|
||||
$dnscfgv6 .= " option domain-search \"" . join("\",\"", preg_split("/[ ;]+/", $dhcpv6ifconf['domainsearchlist'])) . "\";\n";
|
||||
}
|
||||
|
||||
|
@ -1051,7 +1085,7 @@ EOD;
|
|||
} else if (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) {
|
||||
$dns_arrv6 = array();
|
||||
foreach($syscfg['dnsserver'] as $dnsserver) {
|
||||
if(is_ipaddrv6($dnsserver)) {
|
||||
if (is_ipaddrv6($dnsserver)) {
|
||||
$dns_arrv6[] = $dnsserver;
|
||||
}
|
||||
}
|
||||
|
@ -1059,18 +1093,13 @@ EOD;
|
|||
$dnscfgv6 .= " option dhcp6.name-servers " . join(",", $dns_arrv6) . ";";
|
||||
}
|
||||
|
||||
if(is_ipaddrv6($ifcfgipv6)) {
|
||||
$dhcpdv6conf .= "subnet6 {$subnetv6}/{$ifcfgsnv6} {\n";
|
||||
if (is_ipaddrv6($ifcfgipv6)) {
|
||||
$dhcpdv6conf .= "subnet6 {$subnetv6}/{$ifcfgsnv6}";
|
||||
} else {
|
||||
$subnet6 = gen_subnetv6($dhcpv6ifconf['range']['from'], "64");
|
||||
$dhcpdv6conf .= "subnet6 {$subnet6}/64 {\n";
|
||||
$dhcpdv6conf .= "subnet6 {$subnet6}/64";
|
||||
}
|
||||
|
||||
if($dhcpv6ifconf['failover_peerip'] <> "")
|
||||
$dhcpdv6conf .= " deny dynamic bootp clients;\n";
|
||||
|
||||
if (isset($dhcpv6ifconf['denyunknown']))
|
||||
$dhcpdv6conf .= " deny unknown-clients;\n";
|
||||
$dhcpdv6conf .= " {\n";
|
||||
|
||||
$dhcpdv6conf .= <<<EOD
|
||||
range6 {$dhcpv6ifconf['range']['from']} {$dhcpv6ifconf['range']['to']};
|
||||
|
@ -1078,9 +1107,11 @@ $dnscfgv6
|
|||
|
||||
EOD;
|
||||
|
||||
if(is_ipaddrv6($dhcpv6ifconf['prefixrange']['from']) && is_ipaddrv6($dhcpv6ifconf['prefixrange']['to'])) {
|
||||
if (is_ipaddrv6($dhcpv6ifconf['prefixrange']['from']) && is_ipaddrv6($dhcpv6ifconf['prefixrange']['to'])) {
|
||||
$dhcpdv6conf .= " prefix6 {$dhcpv6ifconf['prefixrange']['from']} {$dhcpv6ifconf['prefixrange']['to']}/{$dhcpv6ifconf['prefixrange']['prefixlength']};\n";
|
||||
|
||||
}
|
||||
if (is_ipaddrv6($dhcpv6ifconf['dns6ip'])) {
|
||||
$dhcpdv6conf .= " option dhcp6.name-servers {$dhcpv6ifconf['dns6ip']};\n";
|
||||
}
|
||||
// default-lease-time
|
||||
if ($dhcpv6ifconf['defaultleasetime'])
|
||||
|
@ -1108,7 +1139,7 @@ EOD;
|
|||
|
||||
// Handle option, number rowhelper values
|
||||
$dhcpdv6conf .= "\n";
|
||||
if($dhcpv6ifconf['numberoptions']['item']) {
|
||||
if ($dhcpv6ifconf['numberoptions']['item']) {
|
||||
foreach($dhcpv6ifconf['numberoptions']['item'] as $itemv6idx => $itemv6) {
|
||||
$dhcpdv6conf .= " option custom-{$dhcpv6if}-{$itemv6idx} \"{$itemv6['value']}\";\n";
|
||||
}
|
||||
|
@ -1120,14 +1151,8 @@ EOD;
|
|||
|
||||
// net boot information
|
||||
if(isset($dhcpv6ifconf['netboot'])) {
|
||||
if ($dhcpv6ifconf['nextserver'] <> "") {
|
||||
$dhcpdv6conf .= " next-server {$dhcpv6ifconf['nextserver']};\n";
|
||||
}
|
||||
if ($dhcpv6ifconf['filename'] <> "") {
|
||||
$dhcpdv6conf .= " filename \"{$dhcpv6ifconf['filename']}\";\n";
|
||||
}
|
||||
if ($dhcpv6ifconf['rootpath'] <> "") {
|
||||
$dhcpdv6conf .= " option root-path \"{$dhcpv6ifconf['rootpath']}\";\n";
|
||||
if (!empty($dhcpv6ifconf['bootfile_url'])) {
|
||||
$dhcpdv6conf .= " option dhcp6.bootfile-url \"{$dhcpv6ifconf['bootfile_url']}\";\n";
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1162,12 +1187,12 @@ EOD;
|
|||
}
|
||||
}
|
||||
|
||||
if($config['dhcpdv6'][$dhcpv6if]['ramode'] <> "unmanaged") {
|
||||
if ($config['dhcpdv6'][$dhcpv6if]['ramode'] <> "unmanaged") {
|
||||
if(preg_match("/poes/si", $dhcpv6if)) {
|
||||
/* magic here */
|
||||
$dhcpdv6ifs = array_merge($dhcpdv6ifs, get_pppoes_child_interfaces($dhcpv6if));
|
||||
} else {
|
||||
$realif = get_real_interface($dhcpv6if);
|
||||
$realif = get_real_interface($dhcpv6if, "inet6");
|
||||
if (stristr("$realif", "bridge")) {
|
||||
$mac = get_interface_mac($realif);
|
||||
$v6address = generate_ipv6_from_mac($mac);
|
||||
|
@ -1194,6 +1219,10 @@ EOD;
|
|||
if (!file_exists("{$g['dhcpd_chroot_path']}/var/db/dhcpd6.leases"))
|
||||
@touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd6.leases");
|
||||
|
||||
/* make sure there isn't a stale dhcpdv6.pid file, which may make dhcpdv6 fail to start. */
|
||||
/* if we get here, dhcpdv6 has been killed and is not started yet */
|
||||
unlink_if_exists("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpdv6.pid");
|
||||
|
||||
/* fire up dhcpd in a chroot */
|
||||
if (count($dhcpdv6ifs) > 0) {
|
||||
mwexec("/usr/local/sbin/dhcpd -6 -user dhcpd -group _dhcp -chroot {$g['dhcpd_chroot_path']} -cf /etc/dhcpdv6.conf -pf {$g['varrun_path']}/dhcpdv6.pid " .
|
||||
|
@ -1257,8 +1286,8 @@ EOD;
|
|||
fclose($igmpfl);
|
||||
unset($igmpconf);
|
||||
|
||||
/* NOTE: -d 4 means everything LOG_WARNING and smaller */
|
||||
mwexec("/usr/local/sbin/igmpproxy -d 4 -c {$g['tmp_path']}/igmpproxy.conf");
|
||||
/* NOTE: -d4 means everything LOG_WARNING and smaller */
|
||||
mwexec("/usr/local/sbin/igmpproxy -d4 -c {$g['tmp_path']}/igmpproxy.conf");
|
||||
log_error(gettext("Started IGMP proxy service."));
|
||||
|
||||
return 0;
|
||||
|
@ -1355,8 +1384,7 @@ function services_dhcrelay_configure() {
|
|||
if (is_array($config['gateways']['gateway_item'])) {
|
||||
foreach ($config['gateways']['gateway_item'] as $gateway) {
|
||||
if (isset($gateway['defaultgw'])) {
|
||||
$a_gateways = return_gateways_array(true);
|
||||
$destif = $a_gateways[$rtent['gateway']]['interface'];
|
||||
$destif = get_real_interface($gateway['interface']);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -1393,7 +1421,7 @@ function services_dhcrelay6_configure() {
|
|||
return;
|
||||
if(isset($config['system']['developerspew'])) {
|
||||
$mt = microtime();
|
||||
echo "services_dhcrelay_configure() being called $mt\n";
|
||||
echo "services_dhcrelay6_configure() being called $mt\n";
|
||||
}
|
||||
|
||||
/* kill any running dhcrelay */
|
||||
|
@ -1474,8 +1502,7 @@ function services_dhcrelay6_configure() {
|
|||
if (is_array($config['gateways']['gateway_item'])) {
|
||||
foreach ($config['gateways']['gateway_item'] as $gateway) {
|
||||
if (isset($gateway['defaultgw'])) {
|
||||
$a_gateways = return_gateways_array(true);
|
||||
$destif = $a_gateways[$rtent['gateway']]['interface'];
|
||||
$destif = $gateway['interface'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -1494,7 +1521,7 @@ function services_dhcrelay6_configure() {
|
|||
return; /* XXX */
|
||||
}
|
||||
|
||||
$cmd = "/usr/local/sbin/dhcrelay -6 -pf \"{$g['varetc_path']}/dhcrelay6.pid\"";
|
||||
$cmd = "/usr/local/sbin/dhcrelay -6 -pf \"{$g['varrun_path']}/dhcrelay6.pid\"";
|
||||
foreach ($dhcrelayifs as $dhcrelayif) {
|
||||
$cmd .= " -l {$dhcrelayif}";
|
||||
}
|
||||
|
@ -1572,12 +1599,14 @@ function dyndnsCheckIP($int) {
|
|||
// Avoid the long wait for the external check to timeout.
|
||||
if (stristr($gateways_status[$config['interfaces'][$int]['gateway']]['status'],"down"))
|
||||
return "down";
|
||||
$hosttocheck = "checkip.dyndns.org";
|
||||
$checkip = gethostbyname($hosttocheck);
|
||||
$ip_ch = curl_init("http://{$checkip}");
|
||||
$hosttocheck = "http://checkip.dyndns.org";
|
||||
$ip_ch = curl_init($hosttocheck);
|
||||
curl_setopt($ip_ch, CURLOPT_RETURNTRANSFER, 1);
|
||||
curl_setopt($ip_ch, CURLOPT_SSL_VERIFYPEER, FALSE);
|
||||
curl_setopt($ip_ch, CURLOPT_INTERFACE, $ip_address);
|
||||
curl_setopt($ip_ch, CURLOPT_CONNECTTIMEOUT, '30');
|
||||
curl_setopt($ip_ch, CURLOPT_TIMEOUT, 120);
|
||||
curl_setopt($ip_ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
|
||||
$ip_result_page = curl_exec($ip_ch);
|
||||
curl_close($ip_ch);
|
||||
$ip_result_decoded = urldecode($ip_result_page);
|
||||
|
@ -1633,8 +1662,18 @@ function services_dnsmasq_configure() {
|
|||
if(isset($config['dnsmasq']['interface'])) {
|
||||
$interfaces = explode(",", $config['dnsmasq']['interface']);
|
||||
foreach ($interfaces as $interface) {
|
||||
if (is_ipaddr($interface)) {
|
||||
if (is_ipaddrv4($interface)) {
|
||||
$listen_addresses .= " --listen-address={$interface} ";
|
||||
} else if (is_ipaddrv6($interface)) {
|
||||
/*
|
||||
* XXX: Since dnsmasq does not support link-local address
|
||||
* with scope specified. These checks are being done.
|
||||
*/
|
||||
if (is_linklocal($interface) && strstr($interface, "%")) {
|
||||
$tmpaddrll6 = explode("%", $interface);
|
||||
$listen_addresses .= " --listen-address={$tmpaddrll6[0]} ";
|
||||
} else
|
||||
$listen_addresses .= " --listen-address={$interface} ";
|
||||
} else {
|
||||
$if = get_real_interface($interface);
|
||||
if (does_interface_exist($if)) {
|
||||
|
@ -1642,8 +1681,17 @@ function services_dnsmasq_configure() {
|
|||
if (is_ipaddrv4($laddr))
|
||||
$listen_addresses .= " --listen-address={$laddr} ";
|
||||
$laddr6 = find_interface_ipv6($if);
|
||||
if (is_ipaddrv6($laddr6) && !isset($config['dnsmasq']['strictbind']))
|
||||
$listen_addresses .= " --listen-address={$laddr6} ";
|
||||
if (is_ipaddrv6($laddr6) && !isset($config['dnsmasq']['strictbind'])) {
|
||||
/*
|
||||
* XXX: Since dnsmasq does not support link-local address
|
||||
* with scope specified. These checks are being done.
|
||||
*/
|
||||
if (is_linklocal($laddr6) && strstr($laddr6, "%")) {
|
||||
$tmpaddrll6 = explode("%", $laddr6);
|
||||
$listen_addresses .= " --listen-address={$tmpaddrll6[0]} ";
|
||||
} else
|
||||
$listen_addresses .= " --listen-address={$laddr6} ";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1654,16 +1702,9 @@ function services_dnsmasq_configure() {
|
|||
}
|
||||
}
|
||||
|
||||
/* Setup forwarded domains */
|
||||
if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) {
|
||||
foreach($config['dnsmasq']['domainoverrides'] as $override) {
|
||||
if ($override['ip'] == "!")
|
||||
$override[ip] = "";
|
||||
$args .= ' --server=/' . $override['domain'] . '/' . $override['ip'];
|
||||
}
|
||||
}
|
||||
|
||||
/* If selected, then forward reverse lookups for private IPv4 addresses to nowhere. */
|
||||
/* If selected, then first forward reverse lookups for private IPv4 addresses to nowhere. */
|
||||
/* If any of these are duplicated by a user-specified domain override (e.g. 10.in-addr.arpa) then */
|
||||
/* the user-specified entry made later on the command line below will be the one that is effective. */
|
||||
if (isset($config['dnsmasq']['no_private_reverse'])) {
|
||||
/* Note: Carrier Grade NAT (CGN) addresses 100.64.0.0/10 are intentionally not here. */
|
||||
/* End-users should not be aware of CGN addresses, so reverse lookups for these should not happen. */
|
||||
|
@ -1676,6 +1717,15 @@ function services_dnsmasq_configure() {
|
|||
}
|
||||
}
|
||||
|
||||
/* Setup forwarded domains */
|
||||
if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) {
|
||||
foreach($config['dnsmasq']['domainoverrides'] as $override) {
|
||||
if ($override['ip'] == "!")
|
||||
$override[ip] = "";
|
||||
$args .= ' --server=/' . $override['domain'] . '/' . $override['ip'];
|
||||
}
|
||||
}
|
||||
|
||||
/* Allow DNS Rebind for forwarded domains */
|
||||
if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) {
|
||||
if(!isset($config['system']['webgui']['nodnsrebindcheck'])) {
|
||||
|
@ -1698,7 +1748,7 @@ function services_dnsmasq_configure() {
|
|||
|
||||
if ($config['dnsmasq']['custom_options'])
|
||||
foreach (preg_split('/\s+/', $config['dnsmasq']['custom_options']) as $c) {
|
||||
$args .= " --$c";
|
||||
$args .= " " . escapeshellarg("--{$c}");
|
||||
$p = explode('=', $c);
|
||||
if (array_key_exists($p[0], $standard_args))
|
||||
unset($standard_args[$p[0]]);
|
||||
|
@ -1927,7 +1977,7 @@ EOD;
|
|||
return 0;
|
||||
}
|
||||
|
||||
function services_dnsupdate_process($int = "") {
|
||||
function services_dnsupdate_process($int = "", $updatehost = "", $forced = false) {
|
||||
global $config, $g;
|
||||
if(isset($config['system']['developerspew'])) {
|
||||
$mt = microtime();
|
||||
|
@ -1936,17 +1986,27 @@ function services_dnsupdate_process($int = "") {
|
|||
|
||||
/* Dynamic DNS updating active? */
|
||||
if (is_array($config['dnsupdates']['dnsupdate'])) {
|
||||
$notify_text = "";
|
||||
foreach ($config['dnsupdates']['dnsupdate'] as $i => $dnsupdate) {
|
||||
if (!isset($dnsupdate['enable']))
|
||||
continue;
|
||||
if (!empty($int) && $int != $dnsupdate['interface'])
|
||||
continue;
|
||||
if (!empty($updatehost) && ($updatehost != $dnsupdate['host']))
|
||||
continue;
|
||||
|
||||
/* determine interface name */
|
||||
$if = get_real_interface($dnsupdate['interface']);
|
||||
$wanip = get_interface_ip($dnsupdate['interface']);
|
||||
if ($wanip) {
|
||||
if (isset($dnsupdate['usepublicip']))
|
||||
$wanip = dyndnsCheckIP($dnsupdate['interface']);
|
||||
else
|
||||
$wanip = get_interface_ip($dnsupdate['interface']);
|
||||
|
||||
$wanipv6 = get_interface_ipv6($dnsupdate['interface']);
|
||||
$cacheFile = "{$g['conf_path']}/dyndns_{$dnsupdate['interface']}_rfc2136_" . escapeshellarg($dnsupdate['host']) . "_{$dnsupdate['server']}.cache";
|
||||
$currentTime = time();
|
||||
|
||||
if ($wanip || $wanipv6) {
|
||||
$keyname = $dnsupdate['keyname'];
|
||||
/* trailing dot */
|
||||
if (substr($keyname, -1) != ".")
|
||||
|
@ -1990,23 +2050,68 @@ EOD;
|
|||
$upinst = "";
|
||||
if (!empty($dnsupdate['server']))
|
||||
$upinst .= "server {$dnsupdate['server']}\n";
|
||||
$upinst .= "update delete {$dnsupdate['host']} A\n";
|
||||
$upinst .= "update add {$dnsupdate['host']} {$dnsupdate['ttl']} A {$wanip}\n";
|
||||
|
||||
if (file_exists($cacheFile)) {
|
||||
list($cachedipv4, $cacheTimev4) = explode("|", file_get_contents($cacheFile));
|
||||
}
|
||||
if (file_exists("{$cacheFile}.ipv6")) {
|
||||
list($cachedipv6, $cacheTimev6) = explode("|", file_get_contents("{$cacheFile}.ipv6"));
|
||||
}
|
||||
|
||||
// 25 Days
|
||||
$maxCacheAgeSecs = 25 * 24 * 60 * 60;
|
||||
$need_update = false;
|
||||
|
||||
conf_mount_rw();
|
||||
/* Update IPv4 if we have it. */
|
||||
if (is_ipaddrv4($wanip)) {
|
||||
if (($wanip != $cachedipv4) || (($currentTime - $cacheTimev4) > $maxCacheAgeSecs) || $forced) {
|
||||
$upinst .= "update delete {$dnsupdate['host']}. A\n";
|
||||
$upinst .= "update add {$dnsupdate['host']}. {$dnsupdate['ttl']} A {$wanip}\n";
|
||||
$notify_text .= sprintf(gettext("DynDNS updated IP Address (A) for {$dnsupdate['host']} on %s (%s) to %s"), convert_real_interface_to_friendly_descr($if), $if, $wanip) . "\n";
|
||||
@file_put_contents($cacheFile, "{$wanip}|{$currentTime}");
|
||||
log_error("phpDynDNS: updating cache file {$cacheFile}: {$wanip}");
|
||||
$need_update = true;
|
||||
} else {
|
||||
log_error("phpDynDNS: Not updating {$dnsupdate['host']} A record because the IP address has not changed.");
|
||||
}
|
||||
} else
|
||||
@unlink($cacheFile);
|
||||
|
||||
/* Update IPv6 if we have it. */
|
||||
if (is_ipaddrv6($wanipv6)) {
|
||||
if (($wanipv6 != $cachedipv6) || (($currentTime - $cacheTimev6) > $maxCacheAgeSecs) || $forced) {
|
||||
$upinst .= "update delete {$dnsupdate['host']}. AAAA\n";
|
||||
$upinst .= "update add {$dnsupdate['host']}. {$dnsupdate['ttl']} AAAA {$wanipv6}\n";
|
||||
$notify_text .= sprintf(gettext("DynDNS updated IPv6 Address (AAAA) for {$dnsupdate['host']} on %s (%s) to %s"), convert_real_interface_to_friendly_descr($if), $if, $wanipv6) . "\n";
|
||||
@file_put_contents("{$cacheFile}.ipv6", "{$wanipv6}|{$currentTime}");
|
||||
log_error("phpDynDNS: updating cache file {$cacheFile}.ipv6: {$wanipv6}");
|
||||
$need_update = true;
|
||||
} else {
|
||||
log_error("phpDynDNS: Not updating {$dnsupdate['host']} AAAA record because the IPv6 address has not changed.");
|
||||
}
|
||||
} else
|
||||
@unlink("{$cacheFile}.ipv6");
|
||||
conf_mount_ro();
|
||||
|
||||
$upinst .= "\n"; /* mind that trailing newline! */
|
||||
|
||||
@file_put_contents("{$g['varetc_path']}/nsupdatecmds{$i}", $upinst);
|
||||
unset($upinst);
|
||||
|
||||
/* invoke nsupdate */
|
||||
$cmd = "/usr/bin/nsupdate -k {$g['varetc_path']}/K{$i}{$keyname}+157+00000.key";
|
||||
if (isset($dnsupdate['usetcp']))
|
||||
$cmd .= " -v";
|
||||
$cmd .= " {$g['varetc_path']}/nsupdatecmds{$i}";
|
||||
|
||||
mwexec_bg($cmd);
|
||||
unset($cmd);
|
||||
if ($need_update) {
|
||||
@file_put_contents("{$g['varetc_path']}/nsupdatecmds{$i}", $upinst);
|
||||
unset($upinst);
|
||||
/* invoke nsupdate */
|
||||
$cmd = "/usr/bin/nsupdate -k {$g['varetc_path']}/K{$i}{$keyname}+157+00000.key";
|
||||
if (isset($dnsupdate['usetcp']))
|
||||
$cmd .= " -v";
|
||||
$cmd .= " {$g['varetc_path']}/nsupdatecmds{$i}";
|
||||
mwexec_bg($cmd);
|
||||
unset($cmd);
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!empty($notify_text)) {
|
||||
notify_all_remote($notify_text);
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
@ -2135,7 +2240,7 @@ function install_cron_job($command, $active=false, $minute="0", $hour="*", $mont
|
|||
write_config(sprintf(gettext("Updated cron job for %s"), $command));
|
||||
}
|
||||
} else {
|
||||
if(($is_installed == true) && ($x > 0)) {
|
||||
if($is_installed == true) {
|
||||
unset($config['cron']['item'][$x]);
|
||||
write_config(sprintf(gettext("Removed cron job for %s"), $command));
|
||||
}
|
||||
|
|
|
@ -331,11 +331,11 @@ class altq_root_queue {
|
|||
if ($data['qlimit'] && (!is_numeric($data['qlimit'])))
|
||||
$input_errors[] = gettext("Qlimit must be an integer.");
|
||||
if ($data['qlimit'] < 0)
|
||||
$input_errors[] = gettext("Qlimit must be an positive.");
|
||||
$input_errors[] = gettext("Qlimit must be positive.");
|
||||
if ($data['tbrconfig'] && (!is_numeric($data['tbrconfig'])))
|
||||
$input_errors[] = gettext("Tbrsize must be an integer.");
|
||||
if ($data['tbrconfig'] < 0)
|
||||
$input_errors[] = gettext("Tbrsize must be an positive.");
|
||||
$input_errors[] = gettext("Tbrsize must be positive.");
|
||||
}
|
||||
|
||||
/* Implement this to shorten some code on the frontend page */
|
||||
|
@ -530,6 +530,8 @@ class altq_root_queue {
|
|||
$rules = " altq on " . get_real_interface($this->GetInterface());
|
||||
if ($this->GetScheduler())
|
||||
$rules .= " ".strtolower($this->GetScheduler());
|
||||
if ($this->GetQlimit() > 0)
|
||||
$rules .= " qlimit " . $this->GetQlimit() . " ";
|
||||
if ($this->GetBandwidth()) {
|
||||
$rules .= " bandwidth ".trim($this->GetBandwidth());
|
||||
if ($this->GetBwscale())
|
||||
|
@ -1002,14 +1004,10 @@ class priq_queue {
|
|||
$reqdfieldsn[] = gettext("Name");
|
||||
shaper_do_input_validation($data, $reqdfields, $reqdfieldsn, $input_errors);
|
||||
|
||||
if ($data['bandwidth'] && (!is_numeric($data['bandwidth'])))
|
||||
if ($data['bandwidth'] && (!is_numeric($data['bandwidth'])))
|
||||
$input_errors[] = "Bandwidth must be an integer.";
|
||||
if ($data['bandwidth'] < 0)
|
||||
if ($data['bandwidth'] < 0)
|
||||
$input_errors[] = "Bandwidth cannot be negative.";
|
||||
if ($data['qlimit'] && (!is_numeric($data['qlimit'])))
|
||||
$input_errors[] = "Qlimit must be an integer.";
|
||||
if ($data['qlimit'] < 0)
|
||||
$input_errors[] = "Qlimit must be an positive.";
|
||||
if ($data['priority'] && (!is_numeric($data['priority'])
|
||||
|| ($data['priority'] < 1) || ($data['priority'] > 15))) {
|
||||
$input_errors[] = gettext("The priority must be an integer between 1 and 15.");
|
||||
|
@ -1196,7 +1194,7 @@ class priq_queue {
|
|||
$form .= "<td width=\"78%\" class=\"vtable\"> <input name=\"qlimit\" type=\"text\" id=\"qlimit\" size=\"8\" value=\"";
|
||||
$form .= htmlspecialchars($this->GetQlimit());
|
||||
$form .= "\" />";
|
||||
$form .= "<br/> <span class=\"vexpl\">" . gettext("Queue limit in packets per second.");
|
||||
$form .= "<br/> <span class=\"vexpl\">" . gettext("Queue limit in packets.");
|
||||
$form .= "</span></td></tr>";
|
||||
$form .= "<tr>";
|
||||
$form .= "<td width=\"22%\" valign=\"middle\" class=\"vncell\">" . gettext("Scheduler options") . "</td>";
|
||||
|
@ -1229,7 +1227,7 @@ class priq_queue {
|
|||
$tmpvalue = $this->GetCodel();
|
||||
if(!empty($tmpvalue))
|
||||
$form .= " checked=\"checked\"";
|
||||
$form .= " /> <a target=\"_new\" href=\"http://http://www.bufferbloat.net/projects/codel/wiki\">" . gettext("Codel Active Queue") . "</a><br/>";
|
||||
$form .= " /> <a target=\"_new\" href=\"http://www.bufferbloat.net/projects/codel/wiki\">" . gettext("Codel Active Queue") . "</a><br/>";
|
||||
$form .= "<span class=\"vexpl\"><br/>" . gettext("Select options for this queue");
|
||||
$form .= "</span></td></tr><tr>";
|
||||
$form .= "<td width=\"22%\" class=\"vncellreq\">" . gettext("Description") . "</td>";
|
||||
|
@ -1648,7 +1646,7 @@ class hfsc_queue extends priq_queue {
|
|||
$input_errors[] = ("upperlimit m1 cannot be smaller than m2");
|
||||
|
||||
if (get_interface_bandwidth($this) < (0.8 * (floatval($bw_1) + floatval($bw_2))))
|
||||
$input_errors[] = ("upperlimit specification excedd 80% of allowable allocation.");
|
||||
$input_errors[] = ("upperlimit specification exceeds 80% of allowable allocation.");
|
||||
}
|
||||
*/
|
||||
if ($data['linkshare1'] <> "" && $data['linkshare2'] == "")
|
||||
|
@ -1674,7 +1672,7 @@ class hfsc_queue extends priq_queue {
|
|||
$input_errors[] = ("linkshare m1 cannot be smaller than m2");
|
||||
|
||||
if (get_interface_bandwidth($this) < (0.8 * (floatval($bw_1) + floatval($bw_2))))
|
||||
$input_errors[] = ("linkshare specification excedd 80% of allowable allocation.");
|
||||
$input_errors[] = ("linkshare specification exceeds 80% of allowable allocation.");
|
||||
}
|
||||
*/
|
||||
|
||||
|
@ -1693,7 +1691,7 @@ class hfsc_queue extends priq_queue {
|
|||
$input_errors[] = ("realtime m1 cannot be smaller than m2");
|
||||
|
||||
if (get_interface_bandwidth($this) < (0.8 * (floatval($bw_1) + floatval($bw_2))))
|
||||
$input_errors[] = ("realtime specification excedd 80% of allowable allocation.");
|
||||
$input_errors[] = ("realtime specification exceeds 80% of allowable allocation.");
|
||||
}
|
||||
*/
|
||||
}
|
||||
|
@ -2050,6 +2048,9 @@ class hfsc_queue extends priq_queue {
|
|||
$cflink['ecn'] = trim($this->GetEcn());
|
||||
if (empty($cflink['ecn']))
|
||||
unset($cflink['ecn']);
|
||||
$cflink['codel'] = trim($this->GetCodel());
|
||||
if (empty($cflink['codel']))
|
||||
unset($cflink['codel']);
|
||||
if ($this->GetLinkshare() <> "") {
|
||||
if ($this->GetL_m1() <> "") {
|
||||
$cflink['linkshare1'] = $this->GetL_m1();
|
||||
|
@ -2469,6 +2470,9 @@ class cbq_queue extends priq_queue {
|
|||
$cflink['ecn'] = trim($this->GetEcn());
|
||||
if (empty($cflink['ecn']))
|
||||
unset($cflink['ecn']);
|
||||
$cflink['codel'] = trim($this->GetCodel());
|
||||
if (empty($cflink['codel']))
|
||||
unset($cflink['codel']);
|
||||
$cflink['borrow'] = trim($this->GetBorrow());
|
||||
if (empty($cflink['borrow']))
|
||||
unset($cflink['borrow']);
|
||||
|
@ -2747,6 +2751,9 @@ class fairq_queue extends priq_queue {
|
|||
$cflink['ecn'] = trim($this->GetEcn());
|
||||
if (empty($cflink['ecn']))
|
||||
unset($cflink['ecn']);
|
||||
$cflink['codel'] = trim($this->GetCodel());
|
||||
if (empty($cflink['codel']))
|
||||
unset($cflink['codel']);
|
||||
$cflink['buckets'] = trim($this->GetBuckets());
|
||||
if (empty($cflink['buckets']))
|
||||
unset($cflink['buckets']);
|
||||
|
@ -2782,24 +2789,7 @@ class dummynet_class {
|
|||
var $mask;
|
||||
var $noerror;
|
||||
|
||||
var $ipv6allow;
|
||||
|
||||
/* constructor */
|
||||
|
||||
function __construct() {
|
||||
global $config;
|
||||
if (isset($config['system']['ipv6allow']))
|
||||
$this->ipv6allow = True;
|
||||
else
|
||||
$this->ipv6allow = False;
|
||||
|
||||
}
|
||||
|
||||
/* Accessor functions */
|
||||
function IPV6Enabled() {
|
||||
return $this->ipv6allow;
|
||||
}
|
||||
|
||||
function SetLink($link) {
|
||||
$this->link = $link;
|
||||
}
|
||||
|
@ -2883,14 +2873,11 @@ class dummynet_class {
|
|||
$javascript .= "if ((e.options[e.selectedIndex].text == \"none\") || enable_over) {\n";
|
||||
$javascript .= "document.iform.maskbits.disabled = 1;\n";
|
||||
$javascript .= "document.iform.maskbits.value = \"\";\n";
|
||||
if ($this->IPV6Enabled()) {
|
||||
$javascript .= "document.iform.maskbitsv6.disabled = 1;\n";
|
||||
$javascript .= "document.iform.maskbitsv6.value = \"\";\n";
|
||||
}
|
||||
$javascript .= "document.iform.maskbitsv6.disabled = 1;\n";
|
||||
$javascript .= "document.iform.maskbitsv6.value = \"\";\n";
|
||||
$javascript .= "} else {\n";
|
||||
$javascript .= "document.iform.maskbits.disabled = 0;\n";
|
||||
if ($this->IPV6Enabled())
|
||||
$javascript .= "document.iform.maskbitsv6.disabled = 0;\n";
|
||||
$javascript .= "document.iform.maskbitsv6.disabled = 0;\n";
|
||||
$javascript .= "}}\n";
|
||||
$javascript .= "//]]>\n";
|
||||
$javascript .= "</script>\n";
|
||||
|
@ -2900,6 +2887,8 @@ class dummynet_class {
|
|||
function validate_input($data, &$input_errors) {
|
||||
$reqdfields[] = "bandwidth";
|
||||
$reqdfieldsn[] = gettext("Bandwidth");
|
||||
$reqdfields[] = "burst";
|
||||
$reqdfieldsn[] = gettext("Burst");
|
||||
$reqdfields[] = "bandwidthtype";
|
||||
$reqdfieldsn[] = gettext("Bandwidthtype");
|
||||
$reqdfields[] = "newname";
|
||||
|
@ -2907,11 +2896,11 @@ class dummynet_class {
|
|||
|
||||
shaper_do_input_validation($data, $reqdfields, $reqdfieldsn, $input_errors);
|
||||
|
||||
if ($data['plr'] && ((!is_numeric($data['plr'])) ||
|
||||
($data['plr'] <= 0 && $data['plr'] > 1)))
|
||||
$input_errors[] = gettext("Plr must be an integer between 1 and 100.");
|
||||
if (($data['buckets'] && (!is_numeric($data['buckets']))) ||
|
||||
($data['buckets'] < 1 && $data['buckets'] > 100))
|
||||
if ($data['plr'] && (!is_numeric($data['plr']) ||
|
||||
($data['plr'] < 0) || ($data['plr'] > 1)))
|
||||
$input_errors[] = gettext("Plr must be a value between 0 and 1.");
|
||||
if ($data['buckets'] && (!is_numeric($data['buckets']) ||
|
||||
($data['buckets'] < 16) || ($data['buckets'] > 65535)))
|
||||
$input_errors[] = gettext("Buckets must be an integer between 16 and 65535.");
|
||||
if ($data['qlimit'] && (!is_numeric($data['qlimit'])))
|
||||
$input_errors[] = gettext("Queue limit must be an integer");
|
||||
|
@ -2922,11 +2911,9 @@ class dummynet_class {
|
|||
if (isset($data['maskbits']) && ($data['maskbits'] <> ""))
|
||||
if ((!is_numeric($data['maskbits'])) || ($data['maskbits'] <= 0) || ($data['maskbits'] > 32))
|
||||
$input_errors[] = gettext("IPV4 bit mask must be blank or numeric value between 1 and 32.");
|
||||
if ($this->IPV6Enabled())
|
||||
if (isset($data['maskbitsv6']) && ($data['maskbitsv6'] <> "")) {
|
||||
if ((!is_numeric($data['maskbitsv6'])) || ($data['maskbitsv6'] <= 0) || ($data['maskbitsv6'] > 128))
|
||||
$input_errors[] = gettext("IPV6 bit mask must be blank or numeric value between 1 and 128.");
|
||||
}
|
||||
if (isset($data['maskbitsv6']) && ($data['maskbitsv6'] <> ""))
|
||||
if ((!is_numeric($data['maskbitsv6'])) || ($data['maskbitsv6'] <= 0) || ($data['maskbitsv6'] > 128))
|
||||
$input_errors[] = gettext("IPV6 bit mask must be blank or numeric value between 1 and 128.");
|
||||
}
|
||||
|
||||
function build_mask_rules(&$pfq_rule) {
|
||||
|
@ -2936,24 +2923,20 @@ class dummynet_class {
|
|||
$pfq_rule .= " mask";
|
||||
switch ($mask['type']) {
|
||||
case 'srcaddress':
|
||||
if ($this->IPV6Enabled()) {
|
||||
if (!empty($mask['bitsv6']) && ($mask['bitsv6'] <> ""))
|
||||
$pfq_rule .= " src-ip6 /" . $mask['bitsv6'];
|
||||
else
|
||||
$pfq_rule .= " src-ip6 /128";
|
||||
}
|
||||
if (!empty($mask['bitsv6']) && ($mask['bitsv6'] <> ""))
|
||||
$pfq_rule .= " src-ip6 /" . $mask['bitsv6'];
|
||||
else
|
||||
$pfq_rule .= " src-ip6 /128";
|
||||
if (!empty($mask['bits']) && ($mask['bits'] <> ""))
|
||||
$pfq_rule .= sprintf(" src-ip 0x%x", gen_subnet_mask_long($mask['bits']));
|
||||
else
|
||||
$pfq_rule .= " src-ip 0xffffffff";
|
||||
break;
|
||||
case 'dstaddress':
|
||||
if ($this->IPV6Enabled()) {
|
||||
if (!empty($mask['bitsv6']) && ($mask['bitsv6'] <> ""))
|
||||
$pfq_rule .= " dst-ip6 /" . $mask['bitsv6'];
|
||||
else
|
||||
$pfq_rule .= " dst-ip6 /128";
|
||||
}
|
||||
if (!empty($mask['bitsv6']) && ($mask['bitsv6'] <> ""))
|
||||
$pfq_rule .= " dst-ip6 /" . $mask['bitsv6'];
|
||||
else
|
||||
$pfq_rule .= " dst-ip6 /128";
|
||||
if (!empty($mask['bits']) && ($mask['bits'] <> ""))
|
||||
$pfq_rule .= sprintf(" dst-ip 0x%x", gen_subnet_mask_long($mask['bits']));
|
||||
else
|
||||
|
@ -2997,6 +2980,12 @@ class dnpipe_class extends dummynet_class {
|
|||
function SetBandwidth($bandwidth) {
|
||||
$this->qbandwidth = $bandwidth;
|
||||
}
|
||||
function GetBurst() {
|
||||
return $this->qburst;
|
||||
}
|
||||
function SetBurst($burst) {
|
||||
$this->qburst = $burst;
|
||||
}
|
||||
|
||||
function &add_queue($interface, &$queue, &$path, &$input_errors) {
|
||||
|
||||
|
@ -3065,6 +3054,8 @@ class dnpipe_class extends dummynet_class {
|
|||
if (!empty($data["bandwidth{$i}"])) {
|
||||
if (!is_numeric($data["bandwidth{$i}"]))
|
||||
$input_errors[] = sprintf(gettext("Bandwidth for schedule %s must be an integer."), $data["bwsched{$i}"]);
|
||||
else if (($data["burst{$i}"] != "") && (!is_numeric($data["burst{$i}"])))
|
||||
$input_errors[] = sprintf(gettext("Burst for schedule %s must be an integer."), $data["bwsched{$i}"]);
|
||||
else
|
||||
$entries++;
|
||||
}
|
||||
|
@ -3095,6 +3086,7 @@ class dnpipe_class extends dummynet_class {
|
|||
if (isset($q["bandwidth{$i}"]) && $q["bandwidth{$i}"] <> "") {
|
||||
$bw = array();
|
||||
$bw['bw'] = $q["bandwidth{$i}"];
|
||||
$bw['burst'] = $q["burst{$i}"];
|
||||
if (isset($q["bwtype{$i}"]) && $q["bwtype{$i}"])
|
||||
$bw['bwscale'] = $q["bwtype{$i}"];
|
||||
if (isset($q["bwsched{$i}"]) && $q["bwsched{$i}"])
|
||||
|
@ -3104,9 +3096,12 @@ class dnpipe_class extends dummynet_class {
|
|||
}
|
||||
$this->SetBandwidth($bandwidth);
|
||||
}
|
||||
if (is_array($q['bandwidth']) && is_array($q['bandwidth']['item']))
|
||||
|
||||
if (is_array($q['bandwidth']) && is_array($q['bandwidth']['item'])) {
|
||||
$this->SetBandwidth($q['bandwidth']['item']);
|
||||
|
||||
$this->SetBurst($q['burst']['item']);
|
||||
}
|
||||
|
||||
if (isset($q['qlimit']) && $q['qlimit'] <> "")
|
||||
$this->SetQlimit($q['qlimit']);
|
||||
else
|
||||
|
@ -3177,6 +3172,8 @@ class dnpipe_class extends dummynet_class {
|
|||
if ($bw['bwsched'] == $schedule['name']) {
|
||||
if (filter_get_time_based_rule_status($schedule)) {
|
||||
$pfq_rule .= " bw ".trim($bw['bw']).$bw['bwscale'];
|
||||
if (is_numeric($bw['burst']) && ($bw['burst'] > 0))
|
||||
$pfq_rule .= " burst ".trim($bw['burst']);
|
||||
$found = true;
|
||||
break;
|
||||
}
|
||||
|
@ -3189,6 +3186,8 @@ class dnpipe_class extends dummynet_class {
|
|||
}
|
||||
} else {
|
||||
$pfq_rule .= " bw ".trim($bw['bw']).$bw['bwscale'];
|
||||
if (is_numeric($bw['burst']) && ($bw['burst'] > 0))
|
||||
$pfq_rule .= " burst ".trim($bw['burst']);
|
||||
$found = true;
|
||||
break;
|
||||
}
|
||||
|
@ -3199,7 +3198,7 @@ class dnpipe_class extends dummynet_class {
|
|||
$pfq_rule .= " bw 0";
|
||||
|
||||
if ($this->GetQlimit())
|
||||
$pfq_rule .= " queue " . $this->GetQlimit();
|
||||
$pfq_rule .= " queue " . $this->GetQlimit();
|
||||
if ($this->GetPlr())
|
||||
$pfq_rule .= " plr " . $this->GetPlr();
|
||||
if ($this->GetBuckets())
|
||||
|
@ -3253,6 +3252,9 @@ var addBwRowTo = (function() {
|
|||
td.innerHTML="<input type='hidden' value='" + totalrows +"' name='bandwidth_row-" + totalrows + "' /><input size='10' type='text' class='formfld unknown' name='bandwidth" + totalrows + "' id='bandwidth" + totalrows + "' />";
|
||||
tr.appendChild(td);
|
||||
td = d.createElement("td");
|
||||
td.innerHTML="<input type='hidden' value='" + totalrows +"' name='burst_row-" + totalrows + "' /><input size='10' type='text' class='formfld unknown' name='burst" + totalrows + "' id='burst" + totalrows + "' />";
|
||||
tr.appendChild(td);
|
||||
td = d.createElement("td");
|
||||
td.innerHTML="<input type='hidden' value='" + totalrows +"' name='bwtype_row-" + totalrows + "' /><select class='formselect' name='bwtype" + totalrows + "'>{$bwopt}</select>";
|
||||
tr.appendChild(td);
|
||||
td = d.createElement("td");
|
||||
|
@ -3321,7 +3323,8 @@ EOD;
|
|||
$form .= "</td><td class=\"vncellreq\">";
|
||||
$form .= "<table id='maintable'>";
|
||||
$form .= "<tbody><tr>";
|
||||
$form .= "<td width='40%'><div id='onecolumn'>Bandwidth</div></td>";
|
||||
$form .= "<td width='35%'><div id='onecolumn'>Bandwidth</div></td>";
|
||||
$form .= "<td width='35%'><div id='fifthcolumn'>Burst</div></td>";
|
||||
$form .= "<td width='20%'><div id='twocolumn'>Bw type</div></td>";
|
||||
$form .= "<td width='35%' ><div id='thirdcolumn'>Schedule</div></td>";
|
||||
$form .= "<td width='5%'><div id='fourthcolumn'></div></td>";
|
||||
|
@ -3331,6 +3334,8 @@ EOD;
|
|||
$form .= "\n<tr><td width='40%'>";
|
||||
$form .= "<input class='formfld unknown' size='10' type=\"text\" id=\"bandwidth{$bwidx}\" name=\"bandwidth{$bwidx}\" value=\"{$bw['bw']}\" />";
|
||||
$form .= "</td><td width='20%'>";
|
||||
$form .= "<input class='formfld unknown' size='10' type=\"text\" id=\"burst{$bwidx}\" name=\"burst{$bwidx}\" value=\"{$bw['burst']}\" />";
|
||||
$form .= "</td><td width='20%'>";
|
||||
$form .= "<select id=\"bwtype{$bwidx}\" name=\"bwtype{$bwidx}\" class=\"formselect\">";
|
||||
foreach (array("Kb" => "Kbit/s", "Mb" => "Mbit/s", "Gb" => "Gbit/s", "b" => "Bit/s") as $bwsidx => $bwscale) {
|
||||
$form .= "<option value=\"{$bwsidx}\"";
|
||||
|
@ -3356,6 +3361,7 @@ EOD;
|
|||
$form .= "</tbody></table>";
|
||||
$form .= "<a onclick=\"javascript:addBwRowTo('maintable'); return false;\" href='#'>";
|
||||
$form .= "<img border='0' src='/themes/{$g['theme']}/images/icons/icon_plus.gif' alt='add' title='" . gettext("add another schedule") . "' /></a>";
|
||||
$form .= "<br/><span class=\"vexpl\">" . gettext("Bandwidth is a rate (e.g. Mbit/s), burst is a total amount of data that will be transferred at full speed after an idle period.") . "</span><br />";
|
||||
$form .= "</td></tr>";
|
||||
$form .= "<tr><td valign=\"middle\" class=\"vncellreq\">" . gettext("Mask") . "</td>";
|
||||
$form .= "<td class=\"vncellreq\">";
|
||||
|
@ -3385,19 +3391,17 @@ EOD;
|
|||
$form .= $mask['bits'];
|
||||
$form .= "\"";
|
||||
if ($mask['type'] == "none")
|
||||
$form .= " disabled";
|
||||
$form .= " disabled=\"disabled\"";
|
||||
$form .= " />";
|
||||
$form .= " IPV4 mask bits (1-32)<br/>";
|
||||
if ($this->IPV6Enabled()) {
|
||||
$form .= "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/ <input type=\"text\" class=\"formfld unknown\" size=\"2\" id=\"maskbitsv6\" name=\"maskbitsv6\" value=\"";
|
||||
if ($mask['type'] <> "none")
|
||||
$form .= $mask['bitsv6'];
|
||||
$form .= "\"";
|
||||
if ($mask['type'] == "none")
|
||||
$form .= " disabled";
|
||||
$form .= " />";
|
||||
$form .= " IPV6 mask bits (1-128)<br/>";
|
||||
}
|
||||
$form .= "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/ <input type=\"text\" class=\"formfld unknown\" size=\"2\" id=\"maskbitsv6\" name=\"maskbitsv6\" value=\"";
|
||||
if ($mask['type'] <> "none")
|
||||
$form .= $mask['bitsv6'];
|
||||
$form .= "\"";
|
||||
if ($mask['type'] == "none")
|
||||
$form .= " disabled=\"disabled\"";
|
||||
$form .= " />";
|
||||
$form .= " IPV6 mask bits (1-128)<br/>";
|
||||
$form .= "<span class=\"vexpl\">" . gettext("If 'source' or 'destination' slots is chosen, \n"
|
||||
. "leaving the mask bits blank will create one pipe per host. Otherwise specify \n"
|
||||
. "the number of 'one' bits in the subnet mask used to group multiple hosts \n"
|
||||
|
@ -3483,10 +3487,7 @@ EOD;
|
|||
$mask = $this->GetMask();
|
||||
$cflink['mask'] = $mask['type'];
|
||||
$cflink['maskbits'] = $mask['bits'];
|
||||
if ($this->IPV6Enabled())
|
||||
$cflink['maskbitsv6'] = $mask['bitsv6'];
|
||||
else
|
||||
$cflink['maskbitsv6'] = "";
|
||||
$cflink['maskbitsv6'] = $mask['bitsv6'];
|
||||
$cflink['delay'] = $this->GetDelay();
|
||||
}
|
||||
|
||||
|
@ -3572,6 +3573,14 @@ class dnqueue_class extends dummynet_class {
|
|||
else
|
||||
$maskbitsv6 = "";
|
||||
$this->SetMask(array("type" => $masktype, "bits" => $maskbits, "bitsv6" => $maskbitsv6));
|
||||
if (isset($q['buckets']) && $q['buckets'] <> "")
|
||||
$this->SetBuckets($q['buckets']);
|
||||
else
|
||||
$this->SetBuckets("");
|
||||
if (isset($q['plr']) && $q['plr'] <> "")
|
||||
$this->SetPlr($q['plr']);
|
||||
else
|
||||
$this->SetPlr("");
|
||||
if (isset($q['weight']) && $q['weight'] <> "")
|
||||
$this->SetWeight($q['weight']);
|
||||
else
|
||||
|
@ -3663,19 +3672,17 @@ class dnqueue_class extends dummynet_class {
|
|||
$form .= $mask['bits'];
|
||||
$form .= "\"";
|
||||
if ($mask['type'] == "none")
|
||||
$form .= " disabled";
|
||||
$form .= " disabled=\"disabled\"";
|
||||
$form .= " />";
|
||||
$form .= " IPV4 mask bits (1-32)<br/>";
|
||||
if ($this->IPV6Enabled()) {
|
||||
$form .= "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/ <input type=\"text\" class=\"formfld unknown\" size=\"2\" id=\"maskbitsv6\" name=\"maskbitsv6\" value=\"";
|
||||
if ($mask['type'] <> "none")
|
||||
$form .= $mask['bitsv6'];
|
||||
$form .= "\"";
|
||||
if ($mask['type'] == "none")
|
||||
$form .= " disabled";
|
||||
$form .= " />";
|
||||
$form .= " IPV6 mask bits (1-128)<br/>";
|
||||
}
|
||||
$form .= "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/ <input type=\"text\" class=\"formfld unknown\" size=\"2\" id=\"maskbitsv6\" name=\"maskbitsv6\" value=\"";
|
||||
if ($mask['type'] <> "none")
|
||||
$form .= $mask['bitsv6'];
|
||||
$form .= "\"";
|
||||
if ($mask['type'] == "none")
|
||||
$form .= " disabled=\"disabled\"";
|
||||
$form .= " />";
|
||||
$form .= " IPV6 mask bits (1-128)<br/>";
|
||||
$form .= "<span class=\"vexpl\">" . gettext("If 'source' or 'destination' slots is chosen, \n"
|
||||
. "leaving the mask bits blank will create one pipe per host. Otherwise specify \n"
|
||||
. "the number of 'one' bits in the subnet mask used to group multiple hosts \n"
|
||||
|
@ -3701,7 +3708,7 @@ class dnqueue_class extends dummynet_class {
|
|||
$form .= "<input name=\"weight\" type=\"text\" id=\"weight\" size=\"5\" value=\"";
|
||||
$form .= $this->GetWeight() . "\" />";
|
||||
$form .= " <br/> <span class=\"vexpl\">" . gettext("Hint: For queues under the same parent "
|
||||
. "this specifies the share that a queue gets(values range from 1 to 100, you can leave it blank otherwise)") . "</span>";
|
||||
. "this specifies the share that a queue gets (values range from 1 to 100, higher values get a larger share. Can be left blank.)") . "</span>";
|
||||
$form .= "</td></tr>";
|
||||
$form .= "<tr style=\"display:none\" id=\"sprtable1\">";
|
||||
$form .= "<td valign=\"middle\" class=\"vncellreq\">" . gettext("Packet loss rate") . "</td>";
|
||||
|
@ -3758,10 +3765,7 @@ class dnqueue_class extends dummynet_class {
|
|||
$mask = $this->GetMask();
|
||||
$cflink['mask'] = $mask['type'];
|
||||
$cflink['maskbits'] = $mask['bits'];
|
||||
if ($this->IPV6Enabled())
|
||||
$cflink['maskbitsv6'] = $mask['bitsv6'];
|
||||
else
|
||||
$cflink['maskbitsv6'] = "";
|
||||
$cflink['maskbitsv6'] = $mask['bitsv6'];
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -4091,7 +4095,7 @@ function generate_layer7_files() {
|
|||
if (!is_module_loaded("ipdivert.ko"))
|
||||
mwexec("/sbin/kldload ipdivert.ko");
|
||||
|
||||
mwexec("rm -f {$g['tmp_path']}/*.l7");
|
||||
array_map('unlink', glob("{$g['tmp_path']}/*.l7"));
|
||||
}
|
||||
|
||||
foreach($layer7_rules_list as $l7rules) {
|
||||
|
@ -4122,7 +4126,7 @@ function layer7_start_l7daemon() {
|
|||
$path = "{$g['tmp_path']}/" . $filename;
|
||||
|
||||
unset($l7pid);
|
||||
/* Only reread the configuration rather than restart to avoid loosing information. */
|
||||
/* Only reread the configuration rather than restart to avoid losing information. */
|
||||
exec("/bin/pgrep -f 'ipfw-classifyd .* -p ". $l7rules->GetRPort() . "'", $l7pid);
|
||||
if (count($l7pid) > 0) {
|
||||
log_error(sprintf(gettext("Sending HUP signal to %s"), $l7pid[0]));
|
||||
|
@ -4306,7 +4310,7 @@ function read_altq_config() {
|
|||
foreach ($conf['queue'] as $key1 => $q) {
|
||||
array_push($path, $key1);
|
||||
/*
|
||||
* XXX: we compeletely ignore errors here but anyway we must have
|
||||
* XXX: we completely ignore errors here but anyway we must have
|
||||
* checked them before so no harm should be come from this.
|
||||
*/
|
||||
$root->add_queue($root->GetInterface(), $q, &$path, $input_errors);
|
||||
|
@ -4345,7 +4349,7 @@ function read_dummynet_config() {
|
|||
foreach ($conf['queue'] as $key1 => $q) {
|
||||
array_push($path, $key1);
|
||||
/*
|
||||
* XXX: we compeletely ignore errors here but anyway we must have
|
||||
* XXX: we completely ignore errors here but anyway we must have
|
||||
* checked them before so no harm should be come from this.
|
||||
*/
|
||||
$root->add_queue($root->GetQname(), $q, &$path, $input_errors);
|
||||
|
@ -4405,7 +4409,7 @@ function dnqueue_find_nextnumber() {
|
|||
$found = false;
|
||||
foreach ($dnused as $dnnum) {
|
||||
if (($dnnum - $dnnumber) > 1) {
|
||||
$dnnumber = $dnnum + 1;
|
||||
$dnnumber = $dnnum - 1;
|
||||
$found = true;
|
||||
break;
|
||||
} else
|
||||
|
@ -4431,7 +4435,7 @@ function dnpipe_find_nextnumber() {
|
|||
$found = false;
|
||||
foreach ($dnused as $dnnum) {
|
||||
if (($dnnum - $dnnumber) > 1) {
|
||||
$dnnumber = $dnnum + 1;
|
||||
$dnnumber = $dnnum - 1;
|
||||
$found = true;
|
||||
break;
|
||||
} else
|
||||
|
|
|
@ -1817,7 +1817,7 @@ function embed_wmedia(width, height, link) {
|
|||
}
|
||||
|
||||
/**
|
||||
* Return the error message for the occured error
|
||||
* Return the error message for the occurred error
|
||||
*
|
||||
* @access public
|
||||
* @return string Error message
|
||||
|
@ -10738,7 +10738,7 @@ class SimplePie_Misc
|
|||
return (bool) preg_match('/^([A-Za-z0-9\-._~\x{A0}-\x{D7FF}\x{F900}-\x{FDCF}\x{FDF0}-\x{FFEF}\x{10000}-\x{1FFFD}\x{20000}-\x{2FFFD}\x{30000}-\x{3FFFD}\x{40000}-\x{4FFFD}\x{50000}-\x{5FFFD}\x{60000}-\x{6FFFD}\x{70000}-\x{7FFFD}\x{80000}-\x{8FFFD}\x{90000}-\x{9FFFD}\x{A0000}-\x{AFFFD}\x{B0000}-\x{BFFFD}\x{C0000}-\x{CFFFD}\x{D0000}-\x{DFFFD}\x{E1000}-\x{EFFFD}!$&\'()*+,;=@]|(%[0-9ABCDEF]{2}))+$/u', $string);
|
||||
}
|
||||
|
||||
function space_seperated_tokens($string)
|
||||
function space_separated_tokens($string)
|
||||
{
|
||||
$space_characters = "\x20\x09\x0A\x0B\x0C\x0D";
|
||||
$string_length = strlen($string);
|
||||
|
@ -11830,7 +11830,7 @@ class SimplePie_Parse_Date
|
|||
/**
|
||||
* Parse a superset of W3C-DTF (allows hyphens and colons to be omitted, as
|
||||
* well as allowing any of upper or lower case "T", horizontal tabs, or
|
||||
* spaces to be used as the time seperator (including more than one))
|
||||
* spaces to be used as the time separator (including more than one))
|
||||
*
|
||||
* @access protected
|
||||
* @return int Timestamp
|
||||
|
@ -12904,7 +12904,7 @@ class SimplePie_Locator
|
|||
}
|
||||
if (isset($link['attribs']['href']['data']) && isset($link['attribs']['rel']['data']))
|
||||
{
|
||||
$rel = array_unique(SimplePie_Misc::space_seperated_tokens(strtolower($link['attribs']['rel']['data'])));
|
||||
$rel = array_unique(SimplePie_Misc::space_separated_tokens(strtolower($link['attribs']['rel']['data'])));
|
||||
|
||||
if ($this->base_location < $link['offset'])
|
||||
{
|
||||
|
@ -13669,4 +13669,4 @@ class SimplePie_Sanitize
|
|||
}
|
||||
}
|
||||
|
||||
?>
|
||||
?>
|
||||
|
|
115
etc/inc/smtp.inc
115
etc/inc/smtp.inc
|
@ -20,6 +20,7 @@ class smtp_class
|
|||
var $host_name="";
|
||||
var $host_port=25;
|
||||
var $ssl=0;
|
||||
var $tls=0;
|
||||
var $localhost="";
|
||||
var $timeout=0;
|
||||
var $data_timeout=0;
|
||||
|
@ -213,7 +214,7 @@ class smtp_class
|
|||
|
||||
Function ConnectToHost($domain, $port, $resolve_message)
|
||||
{
|
||||
if($this->ssl)
|
||||
if($this->ssl || $this->tls)
|
||||
{
|
||||
$version=explode(".",function_exists("phpversion") ? phpversion() : "3.0.7");
|
||||
$php_version=intval($version[0])*1000000+intval($version[1])*1000+intval($version[2]);
|
||||
|
@ -461,62 +462,20 @@ class smtp_class
|
|||
socket_set_timeout($this->connection,$timeout,0);
|
||||
if($this->debug)
|
||||
$this->OutputDebug(sprintf(gettext("Connected to SMTP server \"%s\"."), $domain));
|
||||
if(!strcmp($localhost=$this->localhost,"")
|
||||
&& !strcmp($localhost=getenv("SERVER_NAME"),"")
|
||||
&& !strcmp($localhost=getenv("HOST"),"")
|
||||
&& !strcmp($localhost=getenv("HOSTNAME"),"")
|
||||
&& !strcmp($localhost=exec("/bin/hostname"),""))
|
||||
$localhost="localhost";
|
||||
$success=0;
|
||||
if($this->VerifyResultLines("220",$responses)>0)
|
||||
{
|
||||
$fallback=1;
|
||||
if($this->esmtp
|
||||
|| strlen($this->user))
|
||||
{
|
||||
if($this->PutLine("EHLO $localhost"))
|
||||
{
|
||||
if(($success_code=$this->VerifyResultLines("250",$responses))>0)
|
||||
{
|
||||
$this->esmtp_host=$this->Tokenize($responses[0]," ");
|
||||
for($response=1;$response<count($responses);$response++)
|
||||
{
|
||||
$extension=strtoupper($this->Tokenize($responses[$response]," "));
|
||||
$this->esmtp_extensions[$extension]=$this->Tokenize("");
|
||||
}
|
||||
$success=1;
|
||||
$fallback=0;
|
||||
}
|
||||
else
|
||||
{
|
||||
if($success_code==0)
|
||||
{
|
||||
$code=$this->Tokenize($this->error," -");
|
||||
switch($code)
|
||||
{
|
||||
case "421":
|
||||
$fallback=0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
$fallback=0;
|
||||
}
|
||||
if($fallback)
|
||||
{
|
||||
if($this->PutLine("HELO $localhost")
|
||||
&& $this->VerifyResultLines("250",$responses)>0)
|
||||
$success=1;
|
||||
}
|
||||
// Send our HELLO
|
||||
$success = $this->hello($this->hostname());
|
||||
if ($this->tls)
|
||||
$success = $this->startTLS();
|
||||
|
||||
if($success
|
||||
&& strlen($this->user)
|
||||
&& strlen($this->pop3_auth_host)==0)
|
||||
{
|
||||
if(!IsSet($this->esmtp_extensions["AUTH"]))
|
||||
{
|
||||
$this->error=gettext("server does not require authentication");
|
||||
$this->error = gettext("server does not require authentication");
|
||||
$success=0;
|
||||
}
|
||||
else
|
||||
|
@ -599,6 +558,64 @@ class smtp_class
|
|||
return($success);
|
||||
}
|
||||
|
||||
Function hostname() {
|
||||
if(!strcmp($localhost=$this->localhost,"")
|
||||
&& !strcmp($localhost=getenv("SERVER_NAME"),"")
|
||||
&& !strcmp($localhost=getenv("HOST"),"")
|
||||
&& !strcmp($localhost=getenv("HOSTNAME"),"")
|
||||
&& !strcmp($localhost=gethostname(),""))
|
||||
$localhost="localhost";
|
||||
|
||||
return $localhost;
|
||||
}
|
||||
|
||||
Function hello()
|
||||
{
|
||||
$success = 0;
|
||||
$fallback = 1;
|
||||
if ($this->esmtp || strlen($this->user)) {
|
||||
if ($this->PutLine("EHLO ".$this->hostname())) {
|
||||
if (($success_code = $this->VerifyResultLines("250",$responses)) > 0) {
|
||||
$this->esmtp_host = $this->Tokenize($responses[0]," ");
|
||||
for($response=1;$response<count($responses);$response++) {
|
||||
$extension = strtoupper($this->Tokenize($responses[$response]," "));
|
||||
$this->esmtp_extensions[$extension]=$this->Tokenize("");
|
||||
}
|
||||
$success = 1;
|
||||
$fallback = 0;
|
||||
} else {
|
||||
if ($success_code == 0) {
|
||||
$code = $this->Tokenize($this->error," -");
|
||||
switch($code) {
|
||||
case "421":
|
||||
$fallback=0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
} else
|
||||
$fallback=0;
|
||||
}
|
||||
|
||||
if ($fallback) {
|
||||
if ($this->PutLine("HELO $localhost") && $this->VerifyResultLines("250",$responses)>0)
|
||||
$success=1;
|
||||
}
|
||||
return $success;
|
||||
}
|
||||
|
||||
Function startTLS() {
|
||||
if ($this->PutLine("STARTTLS") && $this->VerifyResultLines("220",$responses)>0) {
|
||||
if (!stream_socket_enable_crypto($this->connection,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
|
||||
return false;
|
||||
} else {
|
||||
// Resend HELO since session has been reset
|
||||
return $this->hello($this->hostname);
|
||||
}
|
||||
} else
|
||||
return false;
|
||||
}
|
||||
|
||||
Function MailFrom($sender)
|
||||
{
|
||||
if($this->direct_delivery)
|
||||
|
|
|
@ -33,7 +33,7 @@
|
|||
pfSense_BUILDER_BINARIES: /usr/sbin/powerd /usr/bin/killall /sbin/sysctl /sbin/route
|
||||
pfSense_BUILDER_BINARIES: /bin/hostname /bin/ls /usr/sbin/syslogd
|
||||
pfSense_BUILDER_BINARIES: /usr/sbin/pccardd /usr/local/sbin/lighttpd /bin/chmod /bin/mkdir
|
||||
pfSense_BUILDER_BINARIES: /usr/bin/tar /usr/local/bin/ntpd /usr/sbin/ntpdate
|
||||
pfSense_BUILDER_BINARIES: /usr/bin/tar /usr/local/sbin/ntpd /usr/sbin/ntpdate
|
||||
pfSense_BUILDER_BINARIES: /usr/bin/nohup /sbin/dmesg /usr/local/sbin/atareinit /sbin/kldload
|
||||
pfSense_MODULE: utils
|
||||
*/
|
||||
|
@ -154,12 +154,12 @@ function system_resolvconf_generate($dynupdate = false) {
|
|||
if (is_ipaddrv4($gatewayip)) {
|
||||
/* dns server array starts at 0 */
|
||||
$dnscountermo = $dnscounter - 1;
|
||||
mwexec("route change -host " . $syscfg['dnsserver'][$dnscountermo] . " {$gatewayip}");
|
||||
mwexec("/sbin/route change -host " . $syscfg['dnsserver'][$dnscountermo] . " {$gatewayip}");
|
||||
}
|
||||
if (is_ipaddrv6($gatewayip)) {
|
||||
/* dns server array starts at 0 */
|
||||
$dnscountermo = $dnscounter - 1;
|
||||
mwexec("route change -host -inet6 " . $syscfg['dnsserver'][$dnscountermo] . " {$gatewayip}");
|
||||
mwexec("/sbin/route change -host -inet6 " . $syscfg['dnsserver'][$dnscountermo] . " {$gatewayip}");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -177,8 +177,8 @@ function get_searchdomains() {
|
|||
|
||||
// Read in dhclient nameservers
|
||||
$search_list = glob("/var/etc/searchdomain_*");
|
||||
if (is_array($search_lists)) {
|
||||
foreach($search_lists as $fdns) {
|
||||
if (is_array($search_list)) {
|
||||
foreach($search_list as $fdns) {
|
||||
$contents = file($fdns, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
|
||||
if (!is_array($contents))
|
||||
continue;
|
||||
|
@ -276,14 +276,22 @@ function system_hosts_generate() {
|
|||
foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf)
|
||||
if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable']))
|
||||
foreach ($dhcpifconf['staticmap'] as $host)
|
||||
if ($host['ipaddr'] && $host['hostname'])
|
||||
if ($host['ipaddr'] && $host['hostname'] && $host['domain'])
|
||||
$dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$host['domain']} {$host['hostname']}\n";
|
||||
else if ($host['ipaddr'] && $host['hostname'] && $dhcpifconf['domain'])
|
||||
$dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$dhcpifconf['domain']} {$host['hostname']}\n";
|
||||
else if ($host['ipaddr'] && $host['hostname'])
|
||||
$dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
|
||||
}
|
||||
if (isset($dnsmasqcfg['regdhcpstatic']) && is_array($config['dhcpdv6'])) {
|
||||
foreach ($config['dhcpdv6'] as $dhcpif => $dhcpifconf)
|
||||
if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable']))
|
||||
foreach ($dhcpifconf['staticmap'] as $host)
|
||||
if ($host['ipaddrv6'] && $host['hostname'])
|
||||
if ($host['ipaddrv6'] && $host['hostname'] && $host['domain'])
|
||||
$dhosts .= "{$host['ipaddrv6']} {$host['hostname']}.{$host['domain']} {$host['hostname']}\n";
|
||||
else if ($host['ipaddrv6'] && $host['hostname'] && $dhcpifconf['domain'])
|
||||
$dhosts .= "{$host['ipaddrv6']} {$host['hostname']}.{$dhcpifconf['domain']} {$host['hostname']}\n";
|
||||
else if ($host['ipaddrv6'] && $host['hostname'])
|
||||
$dhosts .= "{$host['ipaddrv6']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
|
||||
}
|
||||
|
||||
|
@ -327,8 +335,13 @@ function system_dhcpleases_configure() {
|
|||
@touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases");
|
||||
if (isvalidpid("{$g['varrun_path']}/dhcpleases.pid"))
|
||||
sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "HUP");
|
||||
else
|
||||
else {
|
||||
/* To ensure we do not start multiple instances of dhcpleases, perform some clean-up first. */
|
||||
if (is_process_running("dhcpleases"))
|
||||
mwexec('/bin/pkill dhcpleases');
|
||||
@unlink("{$g['varrun_path']}/dhcpleases.pid");
|
||||
mwexec("/usr/local/sbin/dhcpleases -l {$g['dhcpd_chroot_path']}/var/db/dhcpd.leases -d {$config['system']['domain']} -p {$g['varrun_path']}/dnsmasq.pid -h {$g['varetc_path']}/hosts");
|
||||
}
|
||||
} else {
|
||||
sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM");
|
||||
@unlink("{$g['varrun_path']}/dhcpleases.pid");
|
||||
|
@ -365,17 +378,17 @@ function system_routing_configure($interface = "") {
|
|||
|
||||
$gatewayip = "";
|
||||
$interfacegw = "";
|
||||
$foundgw = false;
|
||||
$gatewayipv6 = "";
|
||||
$interfacegwv6 = "";
|
||||
$foundgw = false;
|
||||
$foundgwv6 = false;
|
||||
/* tack on all the hard defined gateways as well */
|
||||
if (is_array($config['gateways']['gateway_item'])) {
|
||||
mwexec("/bin/rm -f {$g['tmp_path']}/*_defaultgw {$g['tmp_path']}/*_defaultgwv6", true);
|
||||
array_map('unlink', glob("{$g['tmp_path']}/*_defaultgw{,v6}", GLOB_BRACE));
|
||||
foreach ($config['gateways']['gateway_item'] as $gateway) {
|
||||
if (isset($gateway['defaultgw'])) {
|
||||
if ($gateway['ipprotocol'] != "inet6" && (is_ipaddrv4($gateway['gateway']) || $gateway['gateway'] == "dynamic")) {
|
||||
if(strstr($gateway['gateway'], ":"))
|
||||
if ($foundgw == false && ($gateway['ipprotocol'] != "inet6" && (is_ipaddrv4($gateway['gateway']) || $gateway['gateway'] == "dynamic"))) {
|
||||
if(strpos($gateway['gateway'], ":"))
|
||||
continue;
|
||||
if ($gateway['gateway'] == "dynamic")
|
||||
$gateway['gateway'] = get_interface_gateway($gateway['interface']);
|
||||
|
@ -387,8 +400,8 @@ function system_routing_configure($interface = "") {
|
|||
@file_put_contents("{$g['tmp_path']}/{$defaultif}_defaultgw", $gateway['gateway']);
|
||||
}
|
||||
$foundgw = true;
|
||||
} else if ($gateway['ipprotocol'] == "inet6" && (is_ipaddrv6($gateway['gateway']) || $gateway['gateway'] == "dynamic6")) {
|
||||
if ($gateway['gateway'] == "dynamic6")
|
||||
} else if ($foundgwv6 == false && ($gateway['ipprotocol'] == "inet6" && (is_ipaddrv6($gateway['gateway']) || $gateway['gateway'] == "dynamic"))) {
|
||||
if ($gateway['gateway'] == "dynamic")
|
||||
$gateway['gateway'] = get_interface_gateway_v6($gateway['interface']);
|
||||
$gatewayipv6 = $gateway['gateway'];
|
||||
$interfacegwv6 = $gateway['interface'];
|
||||
|
@ -408,13 +421,13 @@ function system_routing_configure($interface = "") {
|
|||
$defaultif = get_real_interface("wan");
|
||||
$interfacegw = "wan";
|
||||
$gatewayip = get_interface_gateway("wan");
|
||||
@touch("{$g['tmp_path']}/{$defaultif}_defaultgw");
|
||||
@file_put_contents("{$g['tmp_path']}/{$defaultif}_defaultgw", $gatewayip);
|
||||
}
|
||||
if ($foundgwv6 == false) {
|
||||
$defaultifv6 = get_real_interface("wan");
|
||||
$interfacegwv6 = "wan";
|
||||
$gatewayipv6 = get_interface_gateway_v6("wan");
|
||||
@touch("{$g['tmp_path']}/{$defaultif}_defaultgwv6");
|
||||
@file_put_contents("{$g['tmp_path']}/{$defaultifv6}_defaultgwv6", $gatewayipv6);
|
||||
}
|
||||
$dont_add_route = false;
|
||||
/* if OLSRD is enabled, allow WAN to house DHCP. */
|
||||
|
@ -431,16 +444,16 @@ function system_routing_configure($interface = "") {
|
|||
if ($dont_add_route == false ) {
|
||||
if (!empty($interface) && $interface != $interfacegw)
|
||||
;
|
||||
else if (($interfacegw <> "bgpd") && (is_ipaddrv4($gatewayip))) {
|
||||
else if (is_ipaddrv4($gatewayip)) {
|
||||
log_error("ROUTING: setting default route to $gatewayip");
|
||||
mwexec("/sbin/route change -inet default " . escapeshellarg($gatewayip));
|
||||
}
|
||||
|
||||
if (!empty($interface) && $interface != $interfacegwv6)
|
||||
;
|
||||
else if (($interfacegwv6 <> "bgpd") && (is_ipaddrv6($gatewayipv6))) {
|
||||
else if (is_ipaddrv6($gatewayipv6)) {
|
||||
$ifscope = "";
|
||||
if(is_linklocal($gatewayipv6))
|
||||
if (is_linklocal($gatewayipv6))
|
||||
$ifscope = "%{$defaultifv6}";
|
||||
log_error("ROUTING: setting IPv6 default route to {$gatewayipv6}{$ifscope}");
|
||||
mwexec("/sbin/route change -inet6 default " . escapeshellarg($gatewayipv6) ."{$ifscope}");
|
||||
|
@ -565,11 +578,11 @@ function system_syslogd_start() {
|
|||
} else { // Defaults to CLOG
|
||||
$log_directive = "%";
|
||||
$log_size = "10240";
|
||||
$log_create_directive = "/usr/sbin/clog -i -s ";
|
||||
$log_create_directive = "/usr/local/sbin/clog -i -s ";
|
||||
}
|
||||
|
||||
if (isset($syslogcfg)) {
|
||||
$separatelogfacilities = array('ntp','ntpd','ntpdate','racoon','openvpn','pptps','poes','l2tps','relayd','hostapd','dnsmasq','filterdns','unbound','dhcpd','dhcrelay','dhclient','apinger','radvd','routed','olsrd','zebra','ospfd','bgpd','miniupnpd');
|
||||
$separatelogfacilities = array('ntp','ntpd','ntpdate','racoon','openvpn','pptps','poes','l2tps','relayd','hostapd','dnsmasq','filterdns','unbound','dhcpd','dhcrelay','dhclient','dhcp6c','apinger','radvd','routed','olsrd','zebra','ospfd','bgpd','miniupnpd');
|
||||
$syslogconf = "";
|
||||
if($config['installedpackages']['package']) {
|
||||
foreach($config['installedpackages']['package'] as $package) {
|
||||
|
@ -626,13 +639,11 @@ function system_syslogd_start() {
|
|||
$syslogconf .= "!dnsmasq,filterdns,unbound\n";
|
||||
if (!isset($syslogcfg['disablelocallogging']))
|
||||
$syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/resolver.log\n";
|
||||
if (isset($syslogcfg['apinger']))
|
||||
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*");
|
||||
|
||||
$syslogconf .= "!dhcpd,dhcrelay,dhclient\n";
|
||||
$syslogconf .= "!dhcpd,dhcrelay,dhclient,dhcp6c\n";
|
||||
if (!isset($syslogcfg['disablelocallogging']))
|
||||
$syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/dhcpd.log\n";
|
||||
if (isset($syslogcfg['apinger']))
|
||||
if (isset($syslogcfg['dhcp']))
|
||||
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*");
|
||||
|
||||
$syslogconf .= "!relayd\n";
|
||||
|
@ -702,7 +713,23 @@ EOD;
|
|||
if (!is_dir("{$g['dhcpd_chroot_path']}/var/run"))
|
||||
exec("/bin/mkdir -p {$g['dhcpd_chroot_path']}/var/run");
|
||||
|
||||
$retval = mwexec_bg("/usr/sbin/syslogd -s -c -c -l {$g['dhcpd_chroot_path']}/var/run/log -f {$g['varetc_path']}/syslog.conf");
|
||||
$sourceip = "";
|
||||
if (!empty($syslogcfg['sourceip'])) {
|
||||
if ($syslogcfg['ipproto'] == "ipv6") {
|
||||
$ifaddr = is_ipaddr($syslogcfg['sourceip']) ? $syslogcfg['sourceip'] : get_interface_ipv6($syslogcfg['sourceip']);
|
||||
if (!is_ipaddr($ifaddr))
|
||||
$ifaddr = get_interface_ip($syslogcfg['sourceip']);
|
||||
} else {
|
||||
$ifaddr = is_ipaddr($syslogcfg['sourceip']) ? $syslogcfg['sourceip'] : get_interface_ip($syslogcfg['sourceip']);
|
||||
if (!is_ipaddr($ifaddr))
|
||||
$ifaddr = get_interface_ipv6($syslogcfg['sourceip']);
|
||||
}
|
||||
if (is_ipaddr($ifaddr)) {
|
||||
$sourceip = "-b {$ifaddr}";
|
||||
}
|
||||
}
|
||||
|
||||
$retval = mwexec_bg("/usr/sbin/syslogd -s -c -c -l {$g['dhcpd_chroot_path']}/var/run/log -f {$g['varetc_path']}/syslog.conf {$sourceip}");
|
||||
|
||||
} else {
|
||||
$retval = mwexec_bg("/usr/sbin/syslogd -s -c -c -l {$g['dhcpd_chroot_path']}/var/run/log");
|
||||
|
@ -740,6 +767,43 @@ function system_pccard_start() {
|
|||
return $res;
|
||||
}
|
||||
|
||||
function system_webgui_create_certificate() {
|
||||
global $config, $g;
|
||||
|
||||
if (!is_array($config['ca']))
|
||||
$config['ca'] = array();
|
||||
$a_ca =& $config['ca'];
|
||||
if (!is_array($config['cert']))
|
||||
$config['cert'] = array();
|
||||
$a_cert =& $config['cert'];
|
||||
log_error("Creating SSL Certificate for this host");
|
||||
|
||||
$cert = array();
|
||||
$cert['refid'] = uniqid();
|
||||
$cert['descr'] = gettext("webConfigurator default ({$cert['refid']})");
|
||||
|
||||
$dn = array(
|
||||
'countryName' => "US",
|
||||
'stateOrProvinceName' => "State",
|
||||
'localityName' => "Locality",
|
||||
'organizationName' => "{$g['product_name']} webConfigurator Self-Signed Certificate",
|
||||
'emailAddress' => "admin@{$config['system']['hostname']}.{$config['system']['domain']}",
|
||||
'commonName' => "{$config['system']['hostname']}-{$cert['refid']}");
|
||||
$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */
|
||||
if (!cert_create($cert, null, 2048, 2000, $dn, "self-signed", "sha256")){
|
||||
while($ssl_err = openssl_error_string()){
|
||||
log_error("Error creating WebGUI Certificate: openssl library returns: " . $ssl_err);
|
||||
}
|
||||
error_reporting($old_err_level);
|
||||
return null;
|
||||
}
|
||||
error_reporting($old_err_level);
|
||||
|
||||
$a_cert[] = $cert;
|
||||
$config['system']['webgui']['ssl-certref'] = $cert['refid'];
|
||||
write_config(gettext("Generated new self-signed HTTPS certificate ({$cert['refid']})"));
|
||||
return $cert;
|
||||
}
|
||||
|
||||
function system_webgui_start() {
|
||||
global $config, $g;
|
||||
|
@ -762,37 +826,14 @@ function system_webgui_start() {
|
|||
if ($config['system']['webgui']['protocol'] == "https") {
|
||||
// Ensure that we have a webConfigurator CERT
|
||||
$cert =& lookup_cert($config['system']['webgui']['ssl-certref']);
|
||||
if(!is_array($cert) && !$cert['crt'] && !$cert['prv']) {
|
||||
if (!is_array($config['ca']))
|
||||
$config['ca'] = array();
|
||||
$a_ca =& $config['ca'];
|
||||
if (!is_array($config['cert']))
|
||||
$config['cert'] = array();
|
||||
$a_cert =& $config['cert'];
|
||||
log_error("Creating SSL Certificate for this host");
|
||||
$cert = array();
|
||||
$cert['refid'] = uniqid();
|
||||
$cert['descr'] = gettext("webConfigurator default");
|
||||
mwexec("/usr/local/bin/openssl genrsa 1024 > {$g['tmp_path']}/ssl.key");
|
||||
mwexec("/usr/local/bin/openssl req -new -x509 -nodes -sha256 -days 2000 -key {$g['tmp_path']}/ssl.key > {$g['tmp_path']}/ssl.crt");
|
||||
$crt = file_get_contents("{$g['tmp_path']}/ssl.crt");
|
||||
$key = file_get_contents("{$g['tmp_path']}/ssl.key");
|
||||
unlink("{$g['tmp_path']}/ssl.key");
|
||||
unlink("{$g['tmp_path']}/ssl.crt");
|
||||
cert_import($cert, $crt, $key);
|
||||
$a_cert[] = $cert;
|
||||
$config['system']['webgui']['ssl-certref'] = $cert['refid'];
|
||||
write_config(gettext("Importing HTTPS certificate"));
|
||||
if(!$config['system']['webgui']['port'])
|
||||
$portarg = "443";
|
||||
$ca = ca_chain($cert);
|
||||
} else {
|
||||
$crt = base64_decode($cert['crt']);
|
||||
$key = base64_decode($cert['prv']);
|
||||
if(!$config['system']['webgui']['port'])
|
||||
$portarg = "443";
|
||||
$ca = ca_chain($cert);
|
||||
}
|
||||
if(!is_array($cert) || !$cert['crt'] || !$cert['prv'])
|
||||
$cert = system_webgui_create_certificate();
|
||||
$crt = base64_decode($cert['crt']);
|
||||
$key = base64_decode($cert['prv']);
|
||||
|
||||
if(!$config['system']['webgui']['port'])
|
||||
$portarg = "443";
|
||||
$ca = ca_chain($cert);
|
||||
}
|
||||
|
||||
/* generate lighttpd configuration */
|
||||
|
@ -851,8 +892,8 @@ function system_generate_lighty_config($filename,
|
|||
$captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}";
|
||||
|
||||
$server_upload_dirs = "server.upload-dirs = ( \"{$g['tmp_path']}/captiveportal/\" )\n";
|
||||
exec("mkdir -p {$g['tmp_path']}/captiveportal");
|
||||
exec("chmod a-w {$g['tmp_path']}/captiveportal");
|
||||
if (!is_dir("{$g['tmp_path']}/captiveportal"))
|
||||
@mkdir("{$g['tmp_path']}/captiveportal", 0555);
|
||||
$server_max_request_size = "server.max-request-size = 384";
|
||||
$cgi_config = "";
|
||||
} else {
|
||||
|
@ -870,21 +911,21 @@ function system_generate_lighty_config($filename,
|
|||
$lighty_port = $port;
|
||||
|
||||
$memory = get_memory();
|
||||
$avail = $memory[1];
|
||||
$realmem = $memory[1];
|
||||
|
||||
// Determine web GUI process settings and take into account low memory systems
|
||||
if ($avail < 255)
|
||||
if ($realmem < 255)
|
||||
$max_procs = 1;
|
||||
else
|
||||
$max_procs = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2;
|
||||
|
||||
// Ramp up captive portal max procs, assuming each PHP process can consume up to 64MB RAM
|
||||
if ($captive_portal !== false) {
|
||||
if ($avail > 135 and $avail < 256) {
|
||||
if ($realmem > 135 and $realmem < 256) {
|
||||
$max_procs += 1; // 2 worker processes
|
||||
} else if ($avail > 255 and $avail < 513) {
|
||||
} else if ($realmem > 255 and $realmem < 513) {
|
||||
$max_procs += 2; // 3 worker processes
|
||||
} else if ($avail > 512) {
|
||||
} else if ($realmem > 512) {
|
||||
$max_procs += 4; // 6 worker processes
|
||||
}
|
||||
if ($max_procs > 1)
|
||||
|
@ -893,7 +934,7 @@ function system_generate_lighty_config($filename,
|
|||
$max_php_children = 1;
|
||||
|
||||
} else {
|
||||
if ($avail < 78)
|
||||
if ($realmem < 78)
|
||||
$max_php_children = 0;
|
||||
else
|
||||
$max_php_children = 1;
|
||||
|
@ -904,6 +945,14 @@ function system_generate_lighty_config($filename,
|
|||
else
|
||||
$fast_cgi_path = "{$g['tmp_path']}/php-fastcgi.socket";
|
||||
|
||||
if(!isset($config['syslog']['nologlighttpd'])) {
|
||||
$lighty_use_syslog = <<<EOD
|
||||
## where to send error-messages to
|
||||
server.errorlog-use-syslog="enable"
|
||||
EOD;
|
||||
}
|
||||
|
||||
|
||||
$fastcgi_config = <<<EOD
|
||||
#### fastcgi module
|
||||
## read fastcgi.txt for more info
|
||||
|
@ -952,8 +1001,7 @@ server.document-root = "{$document_root}"
|
|||
# Maximum idle time with nothing being written (php downloading)
|
||||
server.max-write-idle = 999
|
||||
|
||||
## where to send error-messages to
|
||||
server.errorlog-use-syslog="enable"
|
||||
{$lighty_use_syslog}
|
||||
|
||||
# files to check for if .../ is requested
|
||||
server.indexfiles = ( "index.php", "index.html",
|
||||
|
@ -1118,7 +1166,28 @@ EOD;
|
|||
|
||||
// Harden SSL a bit for PCI conformance testing
|
||||
$lighty_config .= "ssl.use-sslv2 = \"disable\"\n";
|
||||
$lighty_config .= "ssl.cipher-list = \"DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:!aNULL:!eNULL:!3DES:@STRENGTH\"\n";
|
||||
$lighty_config .= "ssl.use-sslv3 = \"disable\"\n";
|
||||
|
||||
/* Hifn accelerators do NOT work with the BEAST mitigation code. Do not allow it to be enabled if a Hifn card has been detected. */
|
||||
$fd = @fopen("{$g['varlog_path']}/dmesg.boot", "r");
|
||||
if ($fd) {
|
||||
while (!feof($fd)) {
|
||||
$dmesgl = fgets($fd);
|
||||
if (preg_match("/^hifn.: (.*?),/", $dmesgl, $matches) && isset($config['system']['webgui']['beast_protection'])) {
|
||||
unset($config['system']['webgui']['beast_protection']);
|
||||
log_error("BEAST Protection disabled because a conflicting cryptographic accelerator card has been detected (" . $matches[1] . ")");
|
||||
break;
|
||||
}
|
||||
}
|
||||
fclose($fd);
|
||||
}
|
||||
|
||||
if (isset($config['system']['webgui']['beast_protection'])) {
|
||||
$lighty_config .= "ssl.honor-cipher-order = \"enable\"\n";
|
||||
$lighty_config .= "ssl.cipher-list = \"ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM\"\n";
|
||||
} else {
|
||||
$lighty_config .= "ssl.cipher-list = \"DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:!aNULL:!eNULL:!3DES:@STRENGTH\"\n";
|
||||
}
|
||||
|
||||
if(!(empty($ca) || (strlen(trim($ca)) == 0)))
|
||||
$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
|
||||
|
@ -1163,7 +1232,17 @@ function system_timezone_configure() {
|
|||
|
||||
/* extract appropriate timezone file */
|
||||
$timezone = $syscfg['timezone'];
|
||||
if (!$timezone)
|
||||
if ($timezone) {
|
||||
exec('/usr/bin/tar -tvzf /usr/share/zoneinfo.tgz', $tzs);
|
||||
foreach ($tzs as $tz) {
|
||||
if (preg_match(",{$timezone}$,", $tz))
|
||||
break;
|
||||
if (preg_match(",{$timezone} link to *(.*)$,", $tz, $matches)) {
|
||||
$timezone = $matches[1];
|
||||
break;
|
||||
}
|
||||
}
|
||||
} else
|
||||
$timezone = "Etc/UTC";
|
||||
|
||||
conf_mount_rw();
|
||||
|
@ -1248,7 +1327,7 @@ function system_ntp_configure($start_ntpd=true) {
|
|||
foreach (explode(' ', $config['system']['timeservers']) as $ts)
|
||||
$ntpcfg .= "server {$ts} iburst maxpoll 9\n";
|
||||
|
||||
$ntpcfg .= "enable monitor\n";
|
||||
$ntpcfg .= "disable monitor\n";
|
||||
$ntpcfg .= "enable stats\n";
|
||||
$ntpcfg .= "statistics clockstats\n";
|
||||
$ntpcfg .= "statsdir {$statsdir}\n";
|
||||
|
@ -1271,7 +1350,8 @@ function system_ntp_configure($start_ntpd=true) {
|
|||
if (!is_ipaddr($interface)) {
|
||||
$interface = get_real_interface($interface);
|
||||
}
|
||||
$ntpcfg .= "interface listen {$interface}\n";
|
||||
if (!empty($interface))
|
||||
$ntpcfg .= "interface listen {$interface}\n";
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1293,10 +1373,10 @@ function system_ntp_configure($start_ntpd=true) {
|
|||
|
||||
/* if /var/empty does not exist, create it */
|
||||
if(!is_dir("/var/empty"))
|
||||
exec("/bin/mkdir -p /var/empty && chmod ug+rw /var/empty/.");
|
||||
mkdir("/var/empty", 0775, true);
|
||||
|
||||
/* start opentpd, set time now and use /var/etc/ntpd.conf */
|
||||
mwexec("/usr/local/bin/ntpd -g -c {$g['varetc_path']}/ntpd.conf -p {$g['varrun_path']}/ntpd.pid", false, true);
|
||||
mwexec("/usr/local/sbin/ntpd -g -c {$g['varetc_path']}/ntpd.conf -p {$g['varrun_path']}/ntpd.pid", false, true);
|
||||
|
||||
// Note that we are starting up
|
||||
log_error("NTPD is starting up.");
|
||||
|
|
|
@ -1991,7 +1991,7 @@ function upgrade_054_to_055() {
|
|||
/* restore the databases, if we have one */
|
||||
if (restore_rrd()) {
|
||||
/* Make sure to move the rrd backup out of the way. We will make a new one after converting. */
|
||||
exec("/bin/mv {$g['cf_conf_path']}/rrd.tgz {$g['cf_conf_path']}/backup");
|
||||
@rename("{$g['cf_conf_path']}/rrd.tgz", "{$g['cf_conf_path']}/backup/rrd.tgz");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -2653,6 +2653,14 @@ function upgrade_080_to_081() {
|
|||
$rrddbpath = "/var/db/rrd/";
|
||||
$rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool";
|
||||
|
||||
if ($g['platform'] != "pfSense") {
|
||||
/* restore the databases, if we have one */
|
||||
if (restore_rrd()) {
|
||||
/* Make sure to move the rrd backup out of the way. We will make a new one after converting. */
|
||||
@rename("{$g['cf_conf_path']}/rrd.tgz", "{$g['cf_conf_path']}/backup/rrd.tgz");
|
||||
}
|
||||
}
|
||||
|
||||
$rrdinterval = 60;
|
||||
$valid = $rrdinterval * 2;
|
||||
|
||||
|
@ -2779,9 +2787,14 @@ function upgrade_080_to_081() {
|
|||
file_put_contents("{$g['tmp_path']}/{$xmldumpnew}", $xml);
|
||||
mwexec("$rrdtool restore -f {$g['tmp_path']}/{$xmldumpnew} {$rrddbpath}/{$database} 2>&1");
|
||||
unset($xml);
|
||||
|
||||
# Default /tmp tmpfs is ~40mb, do not leave temp files around
|
||||
unlink_if_exists("{$g['tmp_path']}/{$xmldump}");
|
||||
unlink_if_exists("{$g['tmp_path']}/{$xmldumpnew}");
|
||||
}
|
||||
enable_rrd_graphing();
|
||||
/* Let's save the RRD graphs after we run enable RRD graphing */
|
||||
/* The function will restore the rrd.tgz so we will save it after */
|
||||
exec("cd /; LANG=C NO_REMOUNT=1 RRDDBPATH='{$rrddbpath}' CF_CONF_PATH='{$g['cf_conf_path']}' /etc/rc.backup_rrd.sh");
|
||||
if ($g['booting'])
|
||||
echo "Updating configuration...";
|
||||
foreach($config['filter']['rule'] as & $rule) {
|
||||
|
@ -2792,9 +2805,7 @@ function upgrade_080_to_081() {
|
|||
}
|
||||
|
||||
function upgrade_081_to_082() {
|
||||
global $config, $g;
|
||||
/* enable the allow IPv6 toggle */
|
||||
$config['system']['ipv6allow'] = true;
|
||||
/* don't enable the allow IPv6 toggle */
|
||||
}
|
||||
|
||||
function upgrade_082_to_083() {
|
||||
|
@ -2807,6 +2818,9 @@ function upgrade_082_to_083() {
|
|||
$config['captiveportal']['cpzone'] = array();
|
||||
$config['captiveportal']['cpzone'] = $tmpcp;
|
||||
$config['captiveportal']['cpzone']['zoneid'] = 8000;
|
||||
$config['captiveportal']['cpzone']['zone'] = "cpzone";
|
||||
if ($config['captiveportal']['cpzone']['auth_method'] == "radius")
|
||||
$config['captiveportal']['cpzone']['radius_protocol'] = "PAP";
|
||||
}
|
||||
if (!empty($config['voucher'])) {
|
||||
$tmpcp = $config['voucher'];
|
||||
|
@ -2889,16 +2903,11 @@ function upgrade_085_to_086() {
|
|||
foreach ($config['virtualip']['vip'] as $vip) {
|
||||
if ($vip['mode'] != "carp")
|
||||
continue;
|
||||
$vipchg[] = "s/\\([^_]\\)vip{$vip['vhid']}\\([^0-9]\\)/\\1{$vip['interface']}_vip{$vip['vhid']}\\2/g\n";
|
||||
}
|
||||
if (!empty($vipchg)) {
|
||||
file_put_contents("{$g['tmp_path']}/vipreplace", $vipchg);
|
||||
write_config();
|
||||
mwexec("/usr/bin/sed -I \"\" -f {$g['tmp_path']}/vipreplace /conf/config.xml");
|
||||
require_once("config.lib.inc");
|
||||
unset($config);
|
||||
$config = parse_config(true);
|
||||
@unlink("{$g['tmp_path']}/vipreplace");
|
||||
$config = array_replace_values_recursive(
|
||||
$config,
|
||||
'^vip' . $vip['vhid'] . '$',
|
||||
"{$vip['interface']}_vip{$vip['vhid']}"
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -3086,4 +3095,91 @@ function upgrade_094_to_095() {
|
|||
$config['interfaces'][$iface]['track6-prefix-id'] = 0;
|
||||
}
|
||||
|
||||
function upgrade_095_to_096() {
|
||||
global $config, $g;
|
||||
|
||||
$names = array("inpass", "outpass", "inblock", "outblock",
|
||||
"inpass6", "outpass6", "inblock6", "outblock6");
|
||||
$rrddbpath = "/var/db/rrd";
|
||||
$rrdtool = "/usr/local/bin/rrdtool";
|
||||
|
||||
if ($g['platform'] != "pfSense") {
|
||||
/* restore the databases, if we have one */
|
||||
if (restore_rrd()) {
|
||||
/* Make sure to move the rrd backup out of the way. We will make a new one after converting. */
|
||||
@rename("{$g['cf_conf_path']}/rrd.tgz", "{$g['cf_conf_path']}/backup/rrd.tgz");
|
||||
}
|
||||
}
|
||||
|
||||
/* Assume 2*10GigE for now */
|
||||
$stream = 2500000000;
|
||||
|
||||
/* build a list of traffic and packets databases */
|
||||
$databases = return_dir_as_array($rrddbpath, '/-(traffic|packets)\.rrd$/');
|
||||
rsort($databases);
|
||||
foreach($databases as $database) {
|
||||
if ($g['booting'])
|
||||
echo "Update RRD database {$database}.\n";
|
||||
|
||||
$cmd = "{$rrdtool} tune {$rrddbpath}/{$database}";
|
||||
foreach ($names as $name)
|
||||
$cmd .= " -a {$name}:{$stream}";
|
||||
mwexec("{$cmd} 2>&1");
|
||||
|
||||
}
|
||||
enable_rrd_graphing();
|
||||
/* Let's save the RRD graphs after we run enable RRD graphing */
|
||||
/* The function will restore the rrd.tgz so we will save it after */
|
||||
exec("cd /; LANG=C NO_REMOUNT=1 RRDDBPATH='{$rrddbpath}' CF_CONF_PATH='{$g['cf_conf_path']}' /etc/rc.backup_rrd.sh");
|
||||
}
|
||||
|
||||
function upgrade_096_to_097() {
|
||||
global $config, $g;
|
||||
/* If the user had disabled default block rule logging before, then bogon/private network logging was already off, so respect their choice. */
|
||||
if (isset($config['syslog']['nologdefaultblock'])) {
|
||||
$config['syslog']['nologbogons'] = true;
|
||||
$config['syslog']['nologprivatenets'] = true;
|
||||
}
|
||||
}
|
||||
|
||||
function upgrade_097_to_098() {
|
||||
global $config, $g;
|
||||
/* Disable kill_states by default */
|
||||
$config['system']['kill_states'] = true;
|
||||
}
|
||||
|
||||
function upgrade_098_to_099() {
|
||||
global $config;
|
||||
|
||||
if (empty($config['dhcpd']) || !is_array($config['dhcpd']))
|
||||
return;
|
||||
|
||||
foreach ($config['dhcpd'] as & $dhcpifconf) {
|
||||
if (isset($dhcpifconf['next-server'])) {
|
||||
$dhcpifconf['nextserver'] = $dhcpifconf['next-server'];
|
||||
unset($dhcpifconf['next-server']);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function upgrade_099_to_100() {
|
||||
require_once("/etc/inc/services.inc");
|
||||
install_cron_job("/usr/bin/nice -n20 newsyslog", false);
|
||||
}
|
||||
|
||||
function upgrade_100_to_101() {
|
||||
global $config, $g;
|
||||
|
||||
if (!is_array($config['voucher']))
|
||||
return;
|
||||
|
||||
foreach ($config['voucher'] as $cpzone => $cp) {
|
||||
if (!is_array($cp['roll']))
|
||||
continue;
|
||||
foreach ($cp['roll'] as $ridx => $rcfg) {
|
||||
if (!empty($rcfg['comment']))
|
||||
$config['voucher'][$cpzone]['roll'][$ridx]['descr'] = $rcfg['comment'];
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
/*
|
||||
util.inc
|
||||
part of the pfSense project (http://www.pfsense.com)
|
||||
part of the pfSense project (https://www.pfsense.org)
|
||||
|
||||
originally part of m0n0wall (http://m0n0.ch/wall)
|
||||
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
|
||||
|
@ -52,7 +52,7 @@ function isvalidpid($pidfile) {
|
|||
|
||||
function is_process_running($process) {
|
||||
$output = "";
|
||||
exec("/bin/pgrep -anx {$process}", $output, $retval);
|
||||
exec("/bin/pgrep -anx " . escapeshellarg($process), $output, $retval);
|
||||
|
||||
return (intval($retval) == 0);
|
||||
}
|
||||
|
@ -65,7 +65,7 @@ function isvalidproc($proc) {
|
|||
/* return 1 for success and 0 for a failure */
|
||||
function sigkillbypid($pidfile, $sig) {
|
||||
if (file_exists($pidfile))
|
||||
return mwexec("/bin/pkill -{$sig} -F {$pidfile}", true);
|
||||
return mwexec("/bin/pkill " . escapeshellarg("-{$sig}") . " -F {$pidfile}", true);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -73,7 +73,7 @@ function sigkillbypid($pidfile, $sig) {
|
|||
/* kill a process by name */
|
||||
function sigkillbyname($procname, $sig) {
|
||||
if(isvalidproc($procname))
|
||||
return mwexec("/usr/bin/killall -{$sig} " . escapeshellarg($procname), true);
|
||||
return mwexec("/usr/bin/killall " . escapeshellarg("-{$sig}") . " " . escapeshellarg($procname), true);
|
||||
}
|
||||
|
||||
/* kill a process by name */
|
||||
|
@ -394,6 +394,13 @@ function ip_range_to_subnet_array($startip, $endip) {
|
|||
return array();
|
||||
}
|
||||
|
||||
if (ip_greater_than($startip, $endip)) {
|
||||
// Swap start and end so we can process sensibly.
|
||||
$temp = $startip;
|
||||
$startip = $endip;
|
||||
$endip = $temp;
|
||||
}
|
||||
|
||||
// Container for subnets within this range.
|
||||
$rangesubnets = array();
|
||||
|
||||
|
@ -433,7 +440,7 @@ function ip_range_to_subnet_array($startip, $endip) {
|
|||
}
|
||||
}
|
||||
|
||||
// Some logic that will recursivly search from $startip to the first IP before the start of the subnet we just found.
|
||||
// Some logic that will recursively search from $startip to the first IP before the start of the subnet we just found.
|
||||
// NOTE: This may never be hit, the way the above algo turned out, but is left for completeness.
|
||||
if ($startip != $targetsub_min) {
|
||||
$rangesubnets = array_merge($rangesubnets, ip_range_to_subnet_array($startip, ip_before($targetsub_min)));
|
||||
|
@ -477,6 +484,10 @@ function is_ipaddr($ipaddr) {
|
|||
function is_ipaddrv6($ipaddr) {
|
||||
if (!is_string($ipaddr) || empty($ipaddr))
|
||||
return false;
|
||||
if (strstr($ipaddr, "%") && is_linklocal($ipaddr)) {
|
||||
$tmpip = explode("%", $ipaddr);
|
||||
$ipaddr = $tmpip[0];
|
||||
}
|
||||
return Net_IPv6::checkIPv6($ipaddr);
|
||||
}
|
||||
|
||||
|
@ -496,7 +507,15 @@ function is_ipaddrv4($ipaddr) {
|
|||
|
||||
/* returns true if $ipaddr is a valid linklocal address */
|
||||
function is_linklocal($ipaddr) {
|
||||
return preg_match('/^fe80:/i', $ipaddr);
|
||||
return (strtolower(substr($ipaddr, 0, 5)) == "fe80:");
|
||||
}
|
||||
|
||||
/* returns scope of a linklocal address */
|
||||
function get_ll_scope($addr) {
|
||||
if (!is_linklocal($addr) || !strstr($addr, "%"))
|
||||
return "";
|
||||
list ($ll, $scope) = explode("%", $addr);
|
||||
return $scope;
|
||||
}
|
||||
|
||||
/* returns true if $ipaddr is a valid literal IPv6 address */
|
||||
|
@ -701,6 +720,11 @@ function is_inrange_v6($test, $start, $end) {
|
|||
return false;
|
||||
}
|
||||
|
||||
/* returns true if $test is in the range between $start and $end */
|
||||
function is_inrange($test, $start, $end) {
|
||||
return is_ipaddrv6($test) ? is_inrange_v6($test, $start, $end) : is_inrange_v4($test, $start, $end);
|
||||
}
|
||||
|
||||
/* return the configured carp interface list */
|
||||
function get_configured_carp_interface_list() {
|
||||
global $config;
|
||||
|
@ -1014,6 +1038,10 @@ function get_interface_list($mode = "active", $keyby = "physical", $vfaces = "")
|
|||
function log_error($error) {
|
||||
global $g;
|
||||
$page = $_SERVER['SCRIPT_NAME'];
|
||||
if (empty($page)) {
|
||||
$files = get_included_files();
|
||||
$page = basename($files[0]);
|
||||
}
|
||||
syslog(LOG_ERR, "$page: $error");
|
||||
if ($g['debug'])
|
||||
syslog(LOG_WARNING, var_dump(debug_backtrace()));
|
||||
|
@ -1049,7 +1077,7 @@ function log_auth($error) {
|
|||
******/
|
||||
function exec_command($command) {
|
||||
$output = array();
|
||||
exec($command . ' 2>&1 ', $output);
|
||||
exec($command . ' 2>&1', $output);
|
||||
return(implode("\n", $output));
|
||||
}
|
||||
|
||||
|
@ -1275,9 +1303,9 @@ function verify_digital_signature($fname) {
|
|||
|
||||
/* obtain MAC address given an IP address by looking at the ARP table */
|
||||
function arp_get_mac_by_ip($ip) {
|
||||
mwexec("/sbin/ping -c 1 -t 1 {$ip}", true);
|
||||
mwexec("/sbin/ping -c 1 -t 1 " . escapeshellarg($ip), true);
|
||||
$arpoutput = "";
|
||||
exec("/usr/sbin/arp -n {$ip}", $arpoutput);
|
||||
exec("/usr/sbin/arp -n " . escapeshellarg($ip), $arpoutput);
|
||||
|
||||
if ($arpoutput[0]) {
|
||||
$arpi = explode(" ", $arpoutput[0]);
|
||||
|
@ -1498,14 +1526,15 @@ function set_sysctl($values) {
|
|||
* get_memory()
|
||||
* returns an array listing the amount of
|
||||
* memory installed in the hardware
|
||||
* [0]real and [1]available
|
||||
* [0] net memory available for the OS (FreeBSD) after some is taken by BIOS, video or whatever - e.g. 235 MBytes
|
||||
* [1] real (actual) memory of the system, should be the size of the RAM card/s - e.g. 256 MBytes
|
||||
*/
|
||||
function get_memory() {
|
||||
|
||||
$real = trim(`sysctl -n hw.physmem`, " \n");
|
||||
$avail = trim(`sysctl -n hw.realmem`, " \n");
|
||||
$physmem = trim(`sysctl -n hw.physmem`, " \n");
|
||||
$realmem = trim(`sysctl -n hw.realmem`, " \n");
|
||||
/* convert from bytes to megabytes */
|
||||
return array(($real/1048576),($avail/1048576));
|
||||
return array(($physmem/1048576),($realmem/1048576));
|
||||
}
|
||||
|
||||
function mute_kernel_msgs() {
|
||||
|
@ -1761,6 +1790,22 @@ function is_file_included($file = "") {
|
|||
return false;
|
||||
}
|
||||
|
||||
/*
|
||||
* Replace a value on a deep associative array using regex
|
||||
*/
|
||||
function array_replace_values_recursive($data, $match, $replace) {
|
||||
if (empty($data))
|
||||
return $data;
|
||||
|
||||
if (is_string($data))
|
||||
$data = preg_replace("/{$match}/", $replace, $data);
|
||||
else if (is_array($data))
|
||||
foreach ($data as $k => $v)
|
||||
$data[$k] = array_replace_values_recursive($v, $match, $replace);
|
||||
|
||||
return $data;
|
||||
}
|
||||
|
||||
/*
|
||||
This function was borrowed from a comment on PHP.net at the following URL:
|
||||
http://www.php.net/manual/en/function.array-merge-recursive.php#73843
|
||||
|
|
|
@ -40,7 +40,12 @@ if(!function_exists('captiveportal_syslog'))
|
|||
function xmlrpc_sync_voucher_expire($vouchers, $syncip, $port, $password, $username) {
|
||||
global $g, $config, $cpzone;
|
||||
require_once("xmlrpc.inc");
|
||||
if ($port == "443")
|
||||
|
||||
$protocol = "http";
|
||||
if (is_array($config['system']) && is_array($config['system']['webgui']) && !empty($config['system']['webgui']['protocol']) &&
|
||||
$config['system']['webgui']['protocol'] == "https")
|
||||
$protocol = "https";
|
||||
if ($protocol == "https" || $port == "443")
|
||||
$url = "https://{$syncip}";
|
||||
else
|
||||
$url = "http://{$syncip}";
|
||||
|
@ -48,6 +53,7 @@ function xmlrpc_sync_voucher_expire($vouchers, $syncip, $port, $password, $usern
|
|||
/* Construct code that is run on remote machine */
|
||||
$method = 'pfsense.exec_php';
|
||||
$execcmd = <<<EOF
|
||||
global \$cpzone;
|
||||
require_once('/etc/inc/captiveportal.inc');
|
||||
require_once('/etc/inc/voucher.inc');
|
||||
\$cpzone = "$cpzone";
|
||||
|
@ -88,7 +94,12 @@ EOF;
|
|||
function xmlrpc_sync_voucher_disconnect($dbent, $syncip, $port, $password, $username, $term_cause = 1, $stop_time = null) {
|
||||
global $g, $config, $cpzone;
|
||||
require_once("xmlrpc.inc");
|
||||
if ($port == "443")
|
||||
|
||||
$protocol = "http";
|
||||
if (is_array($config['system']) && is_array($config['system']['webgui']) && !empty($config['system']['webgui']['protocol']) &&
|
||||
$config['system']['webgui']['protocol'] == "https")
|
||||
$protocol = "https";
|
||||
if ($protocol == "https" || $port == "443")
|
||||
$url = "https://{$syncip}";
|
||||
else
|
||||
$url = "http://{$syncip}";
|
||||
|
@ -98,6 +109,7 @@ function xmlrpc_sync_voucher_disconnect($dbent, $syncip, $port, $password, $user
|
|||
$tmp_stop_time = (isset($stop_time)) ? $stop_time : "null";
|
||||
$method = 'pfsense.exec_php';
|
||||
$execcmd = <<<EOF
|
||||
global \$cpzone;
|
||||
require_once('/etc/inc/captiveportal.inc');
|
||||
require_once('/etc/inc/voucher.inc');
|
||||
\$cpzone = "$cpzone";
|
||||
|
@ -140,7 +152,12 @@ EOF;
|
|||
function xmlrpc_sync_used_voucher($voucher_received, $syncip, $port, $password, $username) {
|
||||
global $g, $config, $cpzone;
|
||||
require_once("xmlrpc.inc");
|
||||
if ($port == "443")
|
||||
|
||||
$protocol = "http";
|
||||
if (is_array($config['system']) && is_array($config['system']['webgui']) && !empty($config['system']['webgui']['protocol']) &&
|
||||
$config['system']['webgui']['protocol'] == "https")
|
||||
$protocol = "https";
|
||||
if ($protocol == "https" || $port == "443")
|
||||
$url = "https://{$syncip}";
|
||||
else
|
||||
$url = "http://{$syncip}";
|
||||
|
@ -148,6 +165,7 @@ function xmlrpc_sync_used_voucher($voucher_received, $syncip, $port, $password,
|
|||
/* Construct code that is run on remote machine */
|
||||
$method = 'pfsense.exec_php';
|
||||
$execcmd = <<<EOF
|
||||
global \$cpzone;
|
||||
require_once('/etc/inc/voucher.inc');
|
||||
\$cpzone = "$cpzone";
|
||||
\$timeleft = voucher_auth("$voucher_received");
|
||||
|
@ -173,23 +191,26 @@ EOF;
|
|||
$error = "A communications error occurred while attempting CaptivePortalVoucherSync XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
|
||||
log_error($error);
|
||||
file_notice("CaptivePortalVoucherSync", $error, "Communications error occurred", "");
|
||||
return 0; // $timeleft
|
||||
return null; // $timeleft
|
||||
} elseif($resp->faultCode()) {
|
||||
$error = "An error code was received while attempting CaptivePortalVoucherSync XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
|
||||
log_error($error);
|
||||
file_notice("CaptivePortalVoucherSync", $error, "Error code received", "");
|
||||
return 0; // $timeleft
|
||||
return null; // $timeleft
|
||||
} else {
|
||||
log_error("CaptivePortalVoucherSync XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
|
||||
}
|
||||
$toreturn = XML_RPC_Decode($resp->value());
|
||||
if (!is_array($config['voucher']))
|
||||
$config['voucher'] = array();
|
||||
if (is_array($toreturn['voucher']) && (count($toreturn['voucher'][$cpzone]['roll']) <> count($config['voucher'][$cpzone]['roll']))) {
|
||||
|
||||
if (is_array($toreturn['voucher']) && is_array($toreturn['voucher']['roll'])) {
|
||||
$config['voucher'][$cpzone]['roll'] = $toreturn['voucher']['roll'];
|
||||
write_config("Captive Portal Voucher database synchronized with {$url}");
|
||||
voucher_configure_zone(true);
|
||||
}
|
||||
unset($toreturn['voucher']);
|
||||
} else if (!isset($toreturn['timeleft']))
|
||||
return null;
|
||||
|
||||
return $toreturn['timeleft'];
|
||||
}
|
||||
|
@ -421,9 +442,12 @@ function voucher_auth($voucher_received, $test = 0) {
|
|||
}
|
||||
|
||||
// If we did a XMLRPC sync earlier check the timeleft
|
||||
if (!empty($config['voucher'][$cpzone]['vouchersyncdbip']))
|
||||
if($remote_time_used < $total_minutes)
|
||||
if (!empty($config['voucher'][$cpzone]['vouchersyncdbip'])) {
|
||||
if (!is_null($remote_time_used))
|
||||
$total_minutes = $remote_time_used;
|
||||
else if ($remote_time_used < $total_minutes)
|
||||
$total_minutes -= $remote_time_used;
|
||||
}
|
||||
|
||||
// All given vouchers were valid and this isn't simply a test.
|
||||
// Write back the used DB's
|
||||
|
|
|
@ -41,6 +41,8 @@
|
|||
pfSense_MODULE: vpn
|
||||
*/
|
||||
|
||||
require_once("ipsec.inc");
|
||||
|
||||
/* include all configuration functions */
|
||||
|
||||
function vpn_ipsec_failover_configure() {
|
||||
|
@ -192,8 +194,11 @@ function vpn_ipsec_configure($ipchg = false)
|
|||
if ($ph2ent['pinghost']) {
|
||||
if (!is_array($iflist))
|
||||
$iflist = get_configured_interface_list();
|
||||
foreach ($iflist as $ifent => $ifname) {
|
||||
if(is_ipaddrv6($ph2ent['pinghost'])) {
|
||||
$viplist = get_configured_vips_list();
|
||||
$srcip = null;
|
||||
$local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true, $ph2ent['mode']);
|
||||
if(is_ipaddrv6($ph2ent['pinghost'])) {
|
||||
foreach ($iflist as $ifent => $ifname) {
|
||||
$interface_ip = get_interface_ipv6($ifent);
|
||||
if(!is_ipaddrv6($interface_ip))
|
||||
continue;
|
||||
|
@ -202,17 +207,27 @@ function vpn_ipsec_configure($ipchg = false)
|
|||
$srcip = $interface_ip;
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
}
|
||||
} else {
|
||||
foreach ($iflist as $ifent => $ifname) {
|
||||
$interface_ip = get_interface_ip($ifent);
|
||||
if(!is_ipaddrv4($interface_ip))
|
||||
continue;
|
||||
$local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid'], true, $ph2ent['mode']);
|
||||
if ($local_subnet == "0.0.0.0/0" || ip_in_subnet($interface_ip, $local_subnet)) {
|
||||
$srcip = $interface_ip;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
/* if no valid src IP was found in configured interfaces, try the vips */
|
||||
if (is_null($srcip)) {
|
||||
foreach ($viplist as $vip) {
|
||||
if (ip_in_subnet($vip['ipaddr'], $local_subnet)) {
|
||||
$srcip = $vip['ipaddr'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
$dstip = $ph2ent['pinghost'];
|
||||
if(is_ipaddrv6($dstip)) {
|
||||
$family = "inet6";
|
||||
|
@ -306,6 +321,7 @@ function vpn_ipsec_configure($ipchg = false)
|
|||
|
||||
/* begin racoon.conf */
|
||||
$racoonconf = "";
|
||||
$peerid_verify = "";
|
||||
if ((is_array($a_phase1) && count($a_phase1)) || (is_array($a_phase2) && count($a_phase2))) {
|
||||
|
||||
$racoonconf .= "# This file is automatically generated. Do not edit\n";
|
||||
|
@ -342,6 +358,11 @@ function vpn_ipsec_configure($ipchg = false)
|
|||
$pool_address = long2ip32(ip2long($pool_address)+1);
|
||||
$pool_size = (~ip2long($pool_netmask) & 0xFFFFFFFF) - 2;
|
||||
|
||||
if ($pool_size < 0) {
|
||||
log_error(sprintf(gettext("Invalid mobile IPsec pool size: %s, using 0"), $pool_size));
|
||||
$pool_size = 0;
|
||||
}
|
||||
|
||||
$racoonconf .= "\tpool_size {$pool_size};\n";
|
||||
$racoonconf .= "\tnetwork4 {$pool_address};\n";
|
||||
$racoonconf .= "\tnetmask4 {$pool_netmask};\n";
|
||||
|
@ -605,6 +626,8 @@ function vpn_ipsec_configure($ipchg = false)
|
|||
/* Only specify peer ID if we are not dealing with a mobile PSK-only tunnel */
|
||||
if (!(($ph1ent['authentication_method'] == "pre_shared_key") && isset($ph1ent['mobile']))) {
|
||||
$peerid_spec = "peers_identifier {$peerid_type} {$peerid_data};";
|
||||
if (isset($ph1ent['verify_identifier']))
|
||||
$peerid_verify = "verify_identifier on;";
|
||||
}
|
||||
|
||||
/* add remote section to configuration */
|
||||
|
@ -617,6 +640,7 @@ remote {$rgip}
|
|||
exchange_mode {$ph1ent['mode']};
|
||||
my_identifier {$myid_type} {$myid_data};
|
||||
{$peerid_spec}
|
||||
{$peerid_verify}
|
||||
ike_frag on;
|
||||
generate_policy = {$genp};
|
||||
initial_contact = {$init};
|
||||
|
@ -869,7 +893,7 @@ EOD;
|
|||
|
||||
if(($ph2ent['mode'] == "tunnel") or ($ph2ent['mode'] == 'tunnel6')) {
|
||||
// Error will be logged above, no need to log this twice. #2201
|
||||
if (!is_subnet($localid))
|
||||
if (!is_subnet($localid) && ($localid != "0.0.0.0/0"))
|
||||
continue;
|
||||
|
||||
if($ph2ent['mode'] == "tunnel6")
|
||||
|
@ -1835,7 +1859,10 @@ function reload_tunnel_spd_policy($phase1, $phase2, $old_phase1, $old_phase2) {
|
|||
} else {
|
||||
add_hostname_to_watch($phase1['remote-gateway']);
|
||||
}
|
||||
if (!is_ipaddr($rgip)) {
|
||||
if (isset($phase1['mobile'])) {
|
||||
/* Don't log anything here, it's normal and we should skip it. */
|
||||
return false;
|
||||
} elseif (!is_ipaddr($rgip)) {
|
||||
log_error("Could not determine VPN endpoint for '{$phase1['descr']}'");
|
||||
return false;
|
||||
}
|
||||
|
@ -1900,7 +1927,7 @@ function reload_tunnel_spd_policy($phase1, $phase2, $old_phase1, $old_phase2) {
|
|||
}
|
||||
}
|
||||
/* add new SPD policies to replace them */
|
||||
if (!isset($phase1['disabled'])) {
|
||||
if (!isset($phase1['disabled']) && !isset($phase2['disabled'])) {
|
||||
$spdconf .= "spdadd {$family} {$local_subnet} " .
|
||||
"{$remote_subnet} any -P out ipsec " .
|
||||
"{$phase2['protocol']}/tunnel/{$ep}-" .
|
||||
|
@ -1921,6 +1948,9 @@ function reload_tunnel_spd_policy($phase1, $phase2, $old_phase1, $old_phase2) {
|
|||
/* generate temporary spd.conf */
|
||||
@file_put_contents($spdfile, $spdconf);
|
||||
unset($spdconf);
|
||||
/* remove static route to old gw */
|
||||
if (is_ipaddr($old_gw))
|
||||
mwexec("/sbin/route delete {$old_gw}", true);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
@ -337,7 +337,7 @@ function relayd_configure($kill_first=false) {
|
|||
|
||||
$conf .= " forward to <{$vs_a[$i]['poolname']}> port {$dest_port} {$lbmode} {$check_a[$pools[$vs_a[$i]['poolname']]['monitor']]} \n";
|
||||
|
||||
if (isset($vs_a[$i]['sitedown']) && strlen($vs_a[$i]['sitedown']) > 0)
|
||||
if (isset($vs_a[$i]['sitedown']) && strlen($vs_a[$i]['sitedown']) > 0 && ($vs_a[$i]['relay_protocol'] != 'dns'))
|
||||
$conf .= " forward to <{$vs_a[$i]['sitedown']}> port {$dest_port} {$lbmode} {$check_a[$pools[$vs_a[$i]['poolname']]['monitor']]} \n";
|
||||
$conf .= "}\n";
|
||||
} else {
|
||||
|
@ -349,7 +349,7 @@ function relayd_configure($kill_first=false) {
|
|||
$conf .= " sticky-address\n";
|
||||
|
||||
/* sitedown MUST use the same port as the primary pool - sucks, but it's a relayd thing */
|
||||
if (isset($vs_a[$i]['sitedown']) && strlen($vs_a[$i]['sitedown']) > 0)
|
||||
if (isset($vs_a[$i]['sitedown']) && strlen($vs_a[$i]['sitedown']) > 0 && ($vs_a[$i]['relay_protocol'] != 'dns'))
|
||||
$conf .= " forward to <{$vs_a[$i]['sitedown']}> port {$dest_port} {$check_a[$pools[$vs_a[$i]['sitedown']]['monitor']]} \n";
|
||||
|
||||
$conf .= "}\n";
|
||||
|
@ -365,6 +365,8 @@ function relayd_configure($kill_first=false) {
|
|||
if (! empty($vs_a)) {
|
||||
if ($kill_first) {
|
||||
mwexec('pkill relayd');
|
||||
/* Remove all active relayd anchors now that relayd is no longer running. */
|
||||
cleanup_lb_anchor("*");
|
||||
mwexec("/usr/local/sbin/relayd -f {$g['varetc_path']}/relayd.conf");
|
||||
} else {
|
||||
// it's running and there is a config, just reload
|
||||
|
@ -379,10 +381,14 @@ function relayd_configure($kill_first=false) {
|
|||
* returns "command failed"
|
||||
*/
|
||||
mwexec('pkill relayd');
|
||||
/* Remove all active relayd anchors now that relayd is no longer running. */
|
||||
cleanup_lb_anchor("*");
|
||||
}
|
||||
} else {
|
||||
if (! empty($vs_a)) {
|
||||
// not running and there is a config, start it
|
||||
/* Remove all active relayd anchors so it can start fresh. */
|
||||
cleanup_lb_anchor("*");
|
||||
mwexec("/usr/local/sbin/relayd -f {$g['varetc_path']}/relayd.conf");
|
||||
}
|
||||
}
|
||||
|
@ -482,4 +488,73 @@ function get_lb_summary() {
|
|||
return $relay_hosts;
|
||||
}
|
||||
|
||||
/* Get a list of all relayd virtual server anchors */
|
||||
function get_lb_anchors() {
|
||||
/* NOTE: These names come back prepended with "relayd/" e.g. "relayd/MyVSName" */
|
||||
return explode("\n", trim(`/sbin/pfctl -sA -a relayd | /usr/bin/awk '{print $1;}'`));
|
||||
}
|
||||
|
||||
/* Remove NAT rules from a relayd anchor that is no longer in use.
|
||||
$anchorname can either be * to clear all anchors or a specific anchor name.*/
|
||||
function cleanup_lb_anchor($anchorname = "*") {
|
||||
$lbanchors = get_lb_anchors();
|
||||
foreach ($lbanchors as $lba) {
|
||||
if (($anchorname == "*") || ($lba == "relayd/{$anchorname}")) {
|
||||
/* Flush both the NAT and the Table for the anchor, so it will be completely removed by pf. */
|
||||
mwexec("/sbin/pfctl -a " . escapeshellarg($lba) . " -F nat");
|
||||
mwexec("/sbin/pfctl -a " . escapeshellarg($lba) . " -F Tables");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Mark an anchor for later cleanup. This will allow us to remove an old VS name */
|
||||
function cleanup_lb_mark_anchor($name) {
|
||||
global $g;
|
||||
/* Nothing to do! */
|
||||
if (empty($name))
|
||||
return;
|
||||
$filename = "{$g['tmp_path']}/relayd_anchors_remove";
|
||||
$cleanup_anchors = array();
|
||||
/* Read in any currently unapplied name changes */
|
||||
if (file_exists($filename))
|
||||
$cleanup_anchors = explode("\n", file_get_contents($filename));
|
||||
/* Only add the anchor to the list if it's not already there. */
|
||||
if (!in_array($name, $cleanup_anchors))
|
||||
$cleanup_anchors[] = $name;
|
||||
file_put_contents($filename, implode("\n", $cleanup_anchors));
|
||||
}
|
||||
|
||||
/* Cleanup relayd anchors that have been marked for cleanup. */
|
||||
function cleanup_lb_marked() {
|
||||
global $g, $config;
|
||||
$filename = "{$g['tmp_path']}/relayd_anchors_remove";
|
||||
$cleanup_anchors = array();
|
||||
/* Nothing to do! */
|
||||
if (!file_exists($filename)) {
|
||||
return;
|
||||
} else {
|
||||
$cleanup_anchors = explode("\n", file_get_contents($filename));
|
||||
/* Nothing to do! */
|
||||
if (empty($cleanup_anchors))
|
||||
return;
|
||||
}
|
||||
|
||||
/* Load current names so we can make sure we don't remove an anchor that is still in use. */
|
||||
$vs_a = $config['load_balancer']['virtual_server'];
|
||||
$active_vsnames = array();
|
||||
if(is_array($vs_a)) {
|
||||
foreach ($vs_a as $vs) {
|
||||
$active_vsnames[] = $vs['name'];
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($cleanup_anchors as $anchor) {
|
||||
/* Only cleanup an anchor if it is not still active. */
|
||||
if (!in_array($anchor, $active_vsnames)) {
|
||||
cleanup_lb_anchor($anchor);
|
||||
}
|
||||
}
|
||||
unlink_if_exists($filename);
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?php
|
||||
/*
|
||||
part of pfSense (http://www.pfsense.org/)
|
||||
part of pfSense (https://www.pfsense.org/)
|
||||
|
||||
Copyright (C) 2006 Bill Marquette - bill.marquette@gmail.com.
|
||||
Copyright (C) 2006 Scott Ullrich - sullrich@pfsense.com.
|
||||
|
|
|
@ -232,7 +232,14 @@ function dump_xml_config_sub($arr, $indent) {
|
|||
$xmlconfig .= str_repeat("\t", $indent);
|
||||
if((is_bool($cval) && $cval == true) || ($cval === "")) {
|
||||
$xmlconfig .= "<$ent/>\n";
|
||||
} else if ((substr($ent, 0, 5) == "descr") || (substr($ent, 0, 6) == "detail")) {
|
||||
} else if ((substr($ent, 0, 5) == "descr")
|
||||
|| (substr($ent, 0, 6) == "detail")
|
||||
|| (substr($ent, 0, 12) == "login_banner")
|
||||
|| (substr($ent, 0, 9) == "ldap_attr")
|
||||
|| (substr($ent, 0, 9) == "ldap_bind")
|
||||
|| (substr($ent, 0, 11) == "ldap_basedn")
|
||||
|| (substr($ent, 0, 18) == "ldap_authcn")
|
||||
|| (substr($ent, 0, 19) == "ldap_extended_query")) {
|
||||
$xmlconfig .= "<$ent><![CDATA[" . htmlentities($cval) . "]]></$ent>\n";
|
||||
} else {
|
||||
$xmlconfig .= "<$ent>" . htmlentities($cval) . "</$ent>\n";
|
||||
|
@ -256,7 +263,14 @@ function dump_xml_config_sub($arr, $indent) {
|
|||
$xmlconfig .= "<$ent/>\n";
|
||||
} else if (!is_bool($val)) {
|
||||
$xmlconfig .= str_repeat("\t", $indent);
|
||||
if ((substr($ent, 0, 5) == "descr") || (substr($ent, 0, 6) == "detail"))
|
||||
if ((substr($ent, 0, 5) == "descr")
|
||||
|| (substr($ent, 0, 6) == "detail")
|
||||
|| (substr($ent, 0, 12) == "login_banner")
|
||||
|| (substr($ent, 0, 9) == "ldap_attr")
|
||||
|| (substr($ent, 0, 9) == "ldap_bind")
|
||||
|| (substr($ent, 0, 11) == "ldap_basedn")
|
||||
|| (substr($ent, 0, 18) == "ldap_authcn")
|
||||
|| (substr($ent, 0, 19) == "ldap_extended_query"))
|
||||
$xmlconfig .= "<$ent><![CDATA[" . htmlentities($val) . "]]></$ent>\n";
|
||||
else
|
||||
$xmlconfig .= "<$ent>" . htmlentities($val) . "</$ent>\n";
|
||||
|
|
|
@ -1002,7 +1002,7 @@ class XML_RPC_Client extends XML_RPC_Base {
|
|||
return false;
|
||||
}
|
||||
if ($this->proxy) {
|
||||
$this->headers = 'POST ' . $this->protocol . $this->server;
|
||||
$this->headers = 'POST ' . ($this->protocol=='ssl://'?'https://':$this->protocol). $this->server;
|
||||
if ($this->proxy_port) {
|
||||
$this->headers .= ':' . $this->port;
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
/*
|
||||
zeromq.inc
|
||||
part of the pfSense project (http://www.pfsense.com)
|
||||
part of the pfSense project (https://www.pfsense.org)
|
||||
Copyright 2010 Scott Ullrich <sullrich@gmail.com>
|
||||
All rights reserved.
|
||||
|
||||
|
|
14
etc/pf.os
14
etc/pf.os
|
@ -1,5 +1,5 @@
|
|||
# $FreeBSD: src/etc/pf.os,v 1.4.10.2 2011/09/22 01:13:40 delphij Exp $
|
||||
# $OpenBSD: pf.os,v 1.25 2010/10/18 15:55:27 deraadt Exp $
|
||||
# $FreeBSD: stable/9/etc/pf.os 244647 2012-12-24 00:45:54Z delphij $
|
||||
# $OpenBSD: pf.os,v 1.26 2012/08/03 12:25:16 jsg Exp $
|
||||
# passive OS fingerprinting
|
||||
# -------------------------
|
||||
#
|
||||
|
@ -226,7 +226,13 @@ S2:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4 (big boy)
|
|||
S3:64:1:60:M*,S,T,N,W0: Linux:2.4:.18-21:Linux 2.4.18 and newer
|
||||
S4:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4/2.6 <= 2.6.7
|
||||
S4:64:1:60:M*,S,T,N,W0: Linux:2.6:.1-7:Linux 2.4/2.6 <= 2.6.7
|
||||
S4:64:1:60:M*,S,T,N,W7: Linux:2.6:8:Linux 2.6.8 and newer (?)
|
||||
|
||||
S4:64:1:60:M*,S,T,N,W5: Linux:2.6::Linux 2.6 (newer, 1)
|
||||
S4:64:1:60:M*,S,T,N,W6: Linux:2.6::Linux 2.6 (newer, 2)
|
||||
S4:64:1:60:M*,S,T,N,W7: Linux:2.6::Linux 2.6 (newer, 3)
|
||||
T4:64:1:60:M*,S,T,N,W7: Linux:2.6::Linux 2.6 (newer, 4)
|
||||
|
||||
S10:64:1:60:M*,S,T,N,W4: Linux:3.0::Linux 3.0
|
||||
|
||||
S3:64:1:60:M*,S,T,N,W1: Linux:2.5::Linux 2.5 (sometimes 2.4)
|
||||
S4:64:1:60:M*,S,T,N,W1: Linux:2.5-2.6::Linux 2.5/2.6
|
||||
|
@ -429,6 +435,8 @@ S44:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows Pro SP1, 2000 SP3
|
|||
32767:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows SP1, 2000 SP4
|
||||
32767:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows SP1, 2000 SP4
|
||||
|
||||
8192:128:1:52:M*,N,W2,N,N,S: Windows:Vista::Windows Vista/7
|
||||
|
||||
# Odds, ends, mods:
|
||||
|
||||
S52:128:1:48:M1260,N,N,S: Windows:2000:cisco:Windows XP/2000 via Cisco
|
||||
|
|
|
@ -55,3 +55,14 @@
|
|||
/usr/local/www/javascript/diag_backup/diag_backup.js
|
||||
/usr/local/www/progress.php
|
||||
/usr/local/www/upload_progress.php
|
||||
/usr/sbin/ntpd
|
||||
/usr/local/bin/ntp-wait
|
||||
/usr/local/bin/ntpd
|
||||
/usr/local/bin/ntpdate
|
||||
/usr/local/bin/ntpdc
|
||||
/usr/local/bin/ntpq
|
||||
/usr/local/bin/ntptime
|
||||
/usr/local/bin/ntptrace
|
||||
/usr/local/bin/sntp
|
||||
/usr/local/bin/tickadj
|
||||
/usr/sbin/clog
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
global $config;
|
||||
require("filter.inc");
|
||||
require_once("filter.inc");
|
||||
require("shaper.inc");
|
||||
$config = parse_config(true);
|
||||
echo "Adding allow all rule...\n";
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
require_once("system.inc");
|
||||
|
||||
echo gettext("Generating a new self-signed SSL certificate for the GUI...");
|
||||
$cert = system_webgui_create_certificate();
|
||||
echo gettext("Done.\n");
|
||||
echo gettext("Restarting webConfigurator...");
|
||||
send_event("service restart webgui");
|
||||
echo gettext("Done.\n");
|
|
@ -19,7 +19,8 @@ $GITSYNC_MERGE = "/root/.gitsync_merge";
|
|||
|
||||
/* NOTE: Set branches here */
|
||||
$branches = array(
|
||||
"master" => "2.1 development branch",
|
||||
"master" => "2.2 development branch",
|
||||
"RELENG_2_1" => "2.1.* release branch",
|
||||
"RELENG_2_0" => "2.0.* release branch",
|
||||
"RELENG_1_2" => "1.2.* release branch",
|
||||
"build_commit" => "The commit originally used to build the image"
|
||||
|
|
36
etc/rc
36
etc/rc
|
@ -39,29 +39,6 @@ if [ -e /root/force_fsck ]; then
|
|||
fi
|
||||
fi
|
||||
|
||||
if [ -e /root/TRIM_set -o -e /root/TRIM_unset ]; then
|
||||
TUNEFS_STATUS=`/sbin/tunefs -p / 2>&1 | /usr/bin/grep trim: | /usr/bin/awk '{print $4;}'`
|
||||
if [ -e /root/TRIM_set ] && [ "${TUNEFS_STATUS}" = "disabled" ]; then
|
||||
echo "Enabling TRIM support"
|
||||
/sbin/tunefs -t enable /
|
||||
if [ "$PLATFORM" = "nanobsd" ]; then
|
||||
/sbin/tunefs -t enable /cf
|
||||
fi
|
||||
echo "Rebooting in 5 seconds after enabling TRIM..."
|
||||
sleep 5
|
||||
/sbin/reboot
|
||||
elif [ -e /root/TRIM_unset ] && [ "${TUNEFS_STATUS}" = "enabled" ]; then
|
||||
echo "Disabling TRIM support"
|
||||
/sbin/tunefs -t disable /
|
||||
if [ "$PLATFORM" = "nanobsd" ]; then
|
||||
/sbin/tunefs -t disable /cf
|
||||
fi
|
||||
echo "Rebooting in 5 seconds after disabling TRIM..."
|
||||
sleep 5
|
||||
/sbin/reboot
|
||||
fi
|
||||
fi
|
||||
|
||||
# Mount memory file system if it exists
|
||||
echo "Mounting filesystems..."
|
||||
|
||||
|
@ -255,7 +232,7 @@ fi
|
|||
# Setup compatibility link for packages that
|
||||
# have trouble overriding the PREFIX configure
|
||||
# argument since we build our packages in a
|
||||
# seperated PREFIX area
|
||||
# separated PREFIX area
|
||||
# Only create if symlink does not exist.
|
||||
if [ ! -h /tmp/tmp ]; then
|
||||
/bin/ln -hfs / /tmp/tmp
|
||||
|
@ -310,7 +287,7 @@ for logfile in $LOG_FILES; do
|
|||
# generate fifolog files
|
||||
/usr/sbin/fifolog_create -s 511488 /var/log/$logfile.log
|
||||
else
|
||||
/usr/sbin/clog -i -s 512144 /var/log/$logfile.log
|
||||
/usr/local/sbin/clog -i -s 512144 /var/log/$logfile.log
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
@ -358,8 +335,8 @@ echo "done."
|
|||
|
||||
# Ensure gettytab is of a sane size
|
||||
if [ `/bin/ls -la /etc/gettytab | /usr/bin/awk '{ print $5'}` -lt 512 ]; then
|
||||
echo ">>> Restoring /etc/gettytab due to unusal size"
|
||||
echo ">>> Restoring /etc/gettytab due to unusal size" | /usr/bin/logger
|
||||
echo ">>> Restoring /etc/gettytab due to unusual size"
|
||||
echo ">>> Restoring /etc/gettytab due to unusual size" | /usr/bin/logger
|
||||
/bin/cp /etc/gettytab.bak /etc/gettytab
|
||||
fi
|
||||
|
||||
|
@ -400,6 +377,10 @@ echo -n "Launching the init system..."
|
|||
/usr/bin/touch $varrunpath/booting
|
||||
/etc/rc.bootup
|
||||
|
||||
# /etc/rc.bootup unset $g['booting'], remove file right now to be
|
||||
# consistent
|
||||
/bin/rm $varrunpath/booting
|
||||
|
||||
# If a shell was selected from recovery
|
||||
# console then just drop to the shell now.
|
||||
if [ -f "/tmp/donotbootup" ]; then
|
||||
|
@ -428,7 +409,6 @@ echo "done."
|
|||
/bin/chmod a+rw /tmp/.
|
||||
|
||||
echo "Bootup complete"
|
||||
/bin/rm $varrunpath/booting
|
||||
|
||||
/usr/local/bin/beep.sh start 2>&1 >/dev/null
|
||||
|
||||
|
|
|
@ -128,7 +128,8 @@ echo ".";
|
|||
|
||||
/* get system memory amount */
|
||||
$memory = get_memory();
|
||||
$avail = $memory[1];
|
||||
$physmem = $memory[0];
|
||||
$realmem = $memory[1];
|
||||
echo " done.\n";
|
||||
|
||||
conf_mount_rw();
|
||||
|
@ -295,8 +296,8 @@ echo "Synchronizing user settings...";
|
|||
local_sync_accounts();
|
||||
echo "done.\n";
|
||||
|
||||
if($avail > 0 and $avail < 65) {
|
||||
echo "System has less than 65 megabytes of ram {$avail}. Delaying webConfigurator startup.\n";
|
||||
if($realmem > 0 and $realmem < 65) {
|
||||
echo "System has less than 65 megabytes of ram {$realmem}. Delaying webConfigurator startup.\n";
|
||||
/* start webConfigurator up on final pass */
|
||||
mwexec("/usr/local/sbin/pfSctl -c 'service restart webgui'");
|
||||
} else {
|
||||
|
@ -340,6 +341,9 @@ system_dhcpleases_configure();
|
|||
/* start DHCP relay */
|
||||
services_dhcrelay_configure();
|
||||
|
||||
/* start DHCP6 relay */
|
||||
services_dhcrelay6_configure();
|
||||
|
||||
/* dyndns service updates */
|
||||
send_event("service reload dyndnsall");
|
||||
|
||||
|
@ -382,7 +386,7 @@ if($config['system']['afterbootupshellcmd'] <> "") {
|
|||
mwexec($config['system']['afterbootupshellcmd']);
|
||||
}
|
||||
|
||||
if($avail < $g['minimum_ram_warning']) {
|
||||
if($physmem < $g['minimum_ram_warning']) {
|
||||
require_once("/etc/inc/notices.inc");
|
||||
file_notice("{$g['product_name']}MemoryRequirements", "{$g['product_name']} requires at least {$g['minimum_ram_warning_text']} of RAM. Expect unusual performance. This platform is not supported.", "Memory", "", 1);
|
||||
mwexec("/sbin/sysctl net.inet.tcp.recvspace=4096");
|
||||
|
@ -433,6 +437,7 @@ unset($g['booting']);
|
|||
if ($ipsec_dynamic_hosts) {
|
||||
vpn_ipsec_refresh_policies();
|
||||
vpn_ipsec_configure();
|
||||
filter_configure();
|
||||
}
|
||||
|
||||
led_normalize();
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
rc.captiveportal_configure
|
||||
part of pfSense (http://www.pfSense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
Copyright (C) 2004 Scott Ullrich
|
||||
All rights reserved.
|
||||
|
||||
|
@ -31,7 +31,7 @@
|
|||
|
||||
require("config.inc");
|
||||
require("functions.inc");
|
||||
require("filter.inc");
|
||||
require_once("filter.inc");
|
||||
require("shaper.inc");
|
||||
require("captiveportal.inc");
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
rc.carpdown
|
||||
part of pfSense (http://www.pfSense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
Copyright (C) 2004 Scott Ullrich
|
||||
All rights reserved.
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
rc.carpup
|
||||
part of pfSense (http://www.pfSense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
Copyright (C) 2004 Scott Ullrich
|
||||
All rights reserved.
|
||||
|
||||
|
@ -50,5 +50,13 @@ if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'
|
|||
}
|
||||
}
|
||||
}
|
||||
if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'])) {
|
||||
foreach ($config['openvpn']['openvpn-server'] as $settings) {
|
||||
if ($settings['interface'] == $argv[1]) {
|
||||
log_error("Starting OpenVPN instance on {$settings['interface']} because of transition to CARP master.");
|
||||
openvpn_restart('server', $settings);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
|
@ -3,7 +3,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
rc.conf_mount_ro
|
||||
part of pfSense (http://www.pfSense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
Copyright (C) 2004 Scott Ullrich
|
||||
All rights reserved.
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
rc.conf_mount_rw
|
||||
part of pfSense (http://www.pfSense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
Copyright (C) 2004 Scott Ullrich
|
||||
All rights reserved.
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
rc.dhclient_cron
|
||||
part of pfSense (http://www.pfSense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
Copyright (C) 2006 Scott Ullrich
|
||||
All rights reserved.
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
rc.dyndns.update
|
||||
part of pfSense (http://www.pfSense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
Copyright (C) 2004 Scott Ullrich
|
||||
All rights reserved.
|
||||
|
||||
|
|
|
@ -45,7 +45,7 @@
|
|||
continue;
|
||||
echo "1\n";
|
||||
echo "User {$user['name']} expires {$user['expires']}\n";
|
||||
if(!$user['expires'])
|
||||
if(!$user['expires'] || isset($user['disabled']))
|
||||
continue;
|
||||
echo "1\n";
|
||||
if(strtotime("-1 day") > strtotime($user['expires'])) {
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
rc.filter_configure
|
||||
part of pfSense (http://www.pfSense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
Copyright (C) 2004 Scott Ullrich
|
||||
All rights reserved.
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
rc.filter_configure_sync
|
||||
part of pfSense (http://www.pfSense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
Copyright (C) 2004 Scott Ullrich
|
||||
All rights reserved.
|
||||
|
||||
|
|
|
@ -55,7 +55,7 @@ function backup_vip_config_section() {
|
|||
$temp = array();
|
||||
$temp['vip'] = array();
|
||||
foreach($config['virtualip']['vip'] as $section) {
|
||||
if(($section['mode'] == "proxyarp" || $section['mode'] == "ipalias") && !strstr($section['interface'], "_vip"))
|
||||
if(($section['mode'] == "proxyarp" || $section['mode'] == "ipalias") && !(strstr($section['interface'], "_vip") || strstr($section['interface'], "lo0")))
|
||||
continue;
|
||||
if($section['advskew'] <> "") {
|
||||
$section_val = intval($section['advskew']);
|
||||
|
@ -107,7 +107,7 @@ function carp_check_version($url, $username, $password, $port = 80, $method = 'p
|
|||
/* send our XMLRPC message and timeout after 240 seconds */
|
||||
$resp = $cli->send($msg, "240");
|
||||
if(!is_object($resp)) {
|
||||
$error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}.";
|
||||
$error = "A communications error occurred while attempting XMLRPC sync with username {$username} {$url}:{$port}.";
|
||||
} elseif($resp->faultCode()) {
|
||||
$error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
|
||||
} else {
|
||||
|
@ -224,6 +224,8 @@ function carp_sync_xml($url, $username, $password, $sections, $port = 80, $metho
|
|||
$xml['system'][$section] = $config_copy['system'][$section];
|
||||
$xml['system']['nextgid'] = $config_copy['system']['nextgid'];
|
||||
break;
|
||||
case 'authserver':
|
||||
$xml['system'][$section] = $config_copy['system'][$section];
|
||||
default:
|
||||
$xml[$section] = $config_copy[$section];
|
||||
}
|
||||
|
@ -245,7 +247,7 @@ function carp_sync_xml($url, $username, $password, $sections, $port = 80, $metho
|
|||
/* send our XMLRPC message and timeout after 240 seconds */
|
||||
$resp = $cli->send($msg, "240");
|
||||
if(!is_object($resp)) {
|
||||
$error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}.";
|
||||
$error = "A communications error occurred while attempting XMLRPC sync with username {$username} {$url}:{$port}.";
|
||||
log_error($error);
|
||||
file_notice("sync_settings", $error, "Settings Sync", "");
|
||||
} elseif($resp->faultCode()) {
|
||||
|
@ -378,6 +380,9 @@ if (is_array($config['hasync'])) {
|
|||
$sections[] = 'user';
|
||||
$sections[] = 'group';
|
||||
}
|
||||
if ($hasync['synchronizeauthservers'] != "") {
|
||||
$sections[] = 'authserver';
|
||||
}
|
||||
if ($hasync['synchronizednsforwarder'] != "" and is_array($config['dnsmasq']))
|
||||
$sections[] = 'dnsmasq';
|
||||
if ($hasync['synchronizeschedules'] != "" || $hasync['synchronizerules'] != "") {
|
||||
|
@ -415,7 +420,7 @@ if (is_array($config['hasync'])) {
|
|||
$resp = $cli->send($msg, "900");
|
||||
|
||||
if (!is_object($resp)) {
|
||||
$error = "A communications error occured while attempting Filter sync with username {$username} {$synchronizetoip}:{$port}.";
|
||||
$error = "A communications error occurred while attempting Filter sync with username {$username} {$synchronizetoip}:{$port}.";
|
||||
log_error($error);
|
||||
file_notice("sync_settings", $error, "Settings Sync", "");
|
||||
} elseif($resp->faultCode()) {
|
||||
|
|
|
@ -61,9 +61,8 @@ fi
|
|||
product=`grep product_name /etc/inc/globals.inc | cut -d'"' -f4`
|
||||
hidebanner=`grep hidebanner /etc/inc/globals.inc | cut -d'"' -f4`
|
||||
|
||||
# Check to see if SSH is listening.
|
||||
SSHD=`/usr/bin/sockstat -4l | grep "*.22" | wc -l`
|
||||
if [ "$SSHD" -gt 0 ]; then
|
||||
# Check to see if SSH is running.
|
||||
if pgrep -q -a -F /var/run/sshd.pid sshd >/dev/null 2>&1; then
|
||||
sshd_option="14) Disable Secure Shell (sshd)";
|
||||
else
|
||||
sshd_option="14) Enable Secure Shell (sshd)";
|
||||
|
|
|
@ -46,6 +46,7 @@ echo "Q) Quit\n";
|
|||
|
||||
echo "\nPlease select an option to continue: ";
|
||||
|
||||
$pkg_interface = 'console';
|
||||
$command = strtoupper(chop(fgets($fp)));
|
||||
|
||||
switch ($command) {
|
||||
|
@ -69,28 +70,20 @@ switch ($command) {
|
|||
if($status) {
|
||||
conf_mount_rw();
|
||||
mark_subsystem_dirty('firmware');
|
||||
if(file_exists("/root/firmware.tgz"))
|
||||
unlink("/root/firmware.tgz");
|
||||
echo "\nFetching file size...\n";
|
||||
$file_size = exec("fetch -s \"$url\"");
|
||||
$file_size = trim($file_size, "\r");
|
||||
echo "\nFile size: $file_size\n";
|
||||
echo "\nFetching file...\n";
|
||||
exec("fetch -1 -w15 -a -v -o /root/firmware.tgz \"$url\"");
|
||||
if($file_size <> filesize("/root/firmware.tgz")) {
|
||||
echo "\nFile size mismatch. Upgrade cancelled.\n\n";
|
||||
fclose($fp);
|
||||
die;
|
||||
}
|
||||
unlink_if_exists("/root/firmware.tgz");
|
||||
echo "\nFetching file... ";
|
||||
download_file_with_progress_bar($url, '/root/firmware.tgz');
|
||||
if(!file_exists("/root/firmware.tgz")) {
|
||||
echo "Something went wrong during file transfer. Exiting.\n\n";
|
||||
fclose($fp);
|
||||
clear_subsystem_dirty('firmware');
|
||||
die;
|
||||
}
|
||||
$status = does_url_exist("$url.sha256");
|
||||
if($status) {
|
||||
echo "\nFetching sha256...\n";
|
||||
exec("fetch -1 -w15 -a -v -o /root/firmware.tgz.sha256 \"$url.sha256\"");
|
||||
echo "\nFetching sha256... ";
|
||||
download_file_with_progress_bar($url . ".sha256", '/root/firmware.tgz.sha256');
|
||||
echo "\n";
|
||||
} else {
|
||||
echo "\n\nWARNING.\n";
|
||||
echo "\nCould not locate a sha256 file. We cannot verify the download once completed.\n\n";
|
||||
|
@ -103,12 +96,13 @@ switch ($command) {
|
|||
echo "Downloaded file sha256: $file_sha256\n";
|
||||
if($source_sha256 <> $file_sha256) {
|
||||
echo "\n\nsha256 checksum does not match. Cancelling upgrade.\n\n";
|
||||
exec("rm -f /root/*.sha256");
|
||||
unlink_if_exists("/root/firmware.tgz.sha256");
|
||||
fclose($fp);
|
||||
clear_subsystem_dirty('firmware');
|
||||
die -1;
|
||||
}
|
||||
echo "\nsha256 checksum matches.\n";
|
||||
exec("rm -f /root/*.sha256");
|
||||
unlink_if_exists("/root/firmware.tgz.sha256");
|
||||
}
|
||||
if(strstr($url,"bdiff")) {
|
||||
echo "Binary DIFF upgrade file detected...\n";
|
||||
|
@ -120,6 +114,7 @@ switch ($command) {
|
|||
$type = "normal";
|
||||
}
|
||||
do_upgrade("/root/firmware.tgz", $type);
|
||||
clear_subsystem_dirty('firmware');
|
||||
exit;
|
||||
}
|
||||
case "2":
|
||||
|
@ -136,6 +131,7 @@ switch ($command) {
|
|||
if(file_exists($path)) {
|
||||
mark_subsystem_dirty('firmware');
|
||||
do_upgrade($path, $type);
|
||||
clear_subsystem_dirty('firmware');
|
||||
} else {
|
||||
echo "\nCould not find file.\n\n";
|
||||
fclose($fp);
|
||||
|
|
|
@ -253,67 +253,83 @@ function console_configure_ip_address($version) {
|
|||
}
|
||||
|
||||
if($isintdhcp == false or $interface <> "wan") {
|
||||
do {
|
||||
echo "\n" . sprintf(gettext("Enter the new %s %s address. Press <ENTER> for none:"),
|
||||
$upperifname, $label_IPvX) . "\n> ";
|
||||
$intip = chop(fgets($fp));
|
||||
$is_ipaddr = ($version === 6) ? is_ipaddrv6($intip) : is_ipaddrv4($intip);
|
||||
if ($is_ipaddr && is_ipaddr_configured($intip, $interface, true)) {
|
||||
$ip_conflict = true;
|
||||
echo gettext("This IP address conflicts with another interface or a VIP") . "\n";
|
||||
} else
|
||||
$ip_conflict = false;
|
||||
} while (($ip_conflict === true) || !($is_ipaddr || $intip == ''));
|
||||
if ($intip != '') {
|
||||
echo "\n" . sprintf(gettext("Subnet masks are entered as bit counts (as in CIDR notation) in %s."),
|
||||
$g['product_name']) . "\n";
|
||||
if ($version === 6) {
|
||||
echo "e.g. ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00 = 120\n";
|
||||
echo " ffff:ffff:ffff:ffff:ffff:ffff:ffff:0 = 112\n";
|
||||
echo " ffff:ffff:ffff:ffff:ffff:ffff:0:0 = 96\n";
|
||||
echo " ffff:ffff:ffff:ffff:ffff:0:0:0 = 80\n";
|
||||
echo " ffff:ffff:ffff:ffff:0:0:0:0 = 64\n";
|
||||
} else {
|
||||
echo "e.g. 255.255.255.0 = 24\n";
|
||||
echo " 255.255.0.0 = 16\n";
|
||||
echo " 255.0.0.0 = 8\n";
|
||||
}
|
||||
while(true) {
|
||||
do {
|
||||
$upperifname = strtoupper($interface);
|
||||
echo "\n" . sprintf(gettext("Enter the new %s %s subnet bit count:"),
|
||||
$upperifname, $label_IPvX) . "\n> ";
|
||||
$intbits = chop(fgets($fp));
|
||||
$restart_dhcpd = true;
|
||||
} while (!is_numeric($intbits) || ($intbits < 1) || ($intbits > $maxbits));
|
||||
|
||||
if ($version === 6) {
|
||||
$subnet = gen_subnetv6($intip, $intbits);
|
||||
} else {
|
||||
$subnet = gen_subnet($intip, $intbits);
|
||||
}
|
||||
do {
|
||||
echo "\n" . sprintf(gettext("Enter the new %s %s gateway address. Press <ENTER> for none:"),
|
||||
$upperifname, $label_IPvX) . "\n> ";
|
||||
$gwip = chop(fgets($fp));
|
||||
$is_ipaddr = ($version === 6) ? is_ipaddrv6($gwip) : is_ipaddrv4($gwip);
|
||||
$is_in_subnet = $is_ipaddr && ip_in_subnet($gwip, $subnet . "/" . $intbits);
|
||||
if ($gwip != '') {
|
||||
if (!$is_ipaddr) {
|
||||
echo sprintf(gettext("not an %s IP address!"), $label_IPvX) . "\n";
|
||||
} else if (!$is_in_subnet) {
|
||||
echo gettext("not in subnet!") . "\n";
|
||||
}
|
||||
echo "\n" . sprintf(gettext("Enter the new %s %s address. Press <ENTER> for none:"),
|
||||
$upperifname, $label_IPvX) . "\n> ";
|
||||
$intip = chop(fgets($fp));
|
||||
$is_ipaddr = ($version === 6) ? is_ipaddrv6($intip) : is_ipaddrv4($intip);
|
||||
if ($is_ipaddr && is_ipaddr_configured($intip, $interface, true)) {
|
||||
$ip_conflict = true;
|
||||
echo gettext("This IP address conflicts with another interface or a VIP") . "\n";
|
||||
} else
|
||||
$ip_conflict = false;
|
||||
} while (($ip_conflict === true) || !($is_ipaddr || $intip == ''));
|
||||
if ($intip != '') {
|
||||
echo "\n" . sprintf(gettext("Subnet masks are entered as bit counts (as in CIDR notation) in %s."),
|
||||
$g['product_name']) . "\n";
|
||||
if ($version === 6) {
|
||||
echo "e.g. ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00 = 120\n";
|
||||
echo " ffff:ffff:ffff:ffff:ffff:ffff:ffff:0 = 112\n";
|
||||
echo " ffff:ffff:ffff:ffff:ffff:ffff:0:0 = 96\n";
|
||||
echo " ffff:ffff:ffff:ffff:ffff:0:0:0 = 80\n";
|
||||
echo " ffff:ffff:ffff:ffff:0:0:0:0 = 64\n";
|
||||
} else {
|
||||
echo "e.g. 255.255.255.0 = 24\n";
|
||||
echo " 255.255.0.0 = 16\n";
|
||||
echo " 255.0.0.0 = 8\n";
|
||||
}
|
||||
} while (!($gwip == '' || ($is_ipaddr && $is_in_subnet)));
|
||||
do {
|
||||
$upperifname = strtoupper($interface);
|
||||
echo "\n" . sprintf(gettext("Enter the new %s %s subnet bit count:"),
|
||||
$upperifname, $label_IPvX) . "\n> ";
|
||||
$intbits = chop(fgets($fp));
|
||||
$intbits_ok = is_numeric($intbits) && (($intbits >= 1) || ($intbits <= $maxbits));
|
||||
$restart_dhcpd = true;
|
||||
|
||||
if ($gwip != '') {
|
||||
$inet_type = ($version === 6) ? "inet6" : "inet";
|
||||
$gwname = add_gateway_to_config($interface, $gwip, $inet_type);
|
||||
if ($version === 4 && $intbits < $maxbits) {
|
||||
if ($intip == gen_subnet($intip, $intbits)) {
|
||||
echo gettext("You cannot set network address to an interface");
|
||||
continue 2;
|
||||
$intbits_ok = false;
|
||||
} else if ($intip == gen_subnet_max($intip, $intbits)) {
|
||||
echo gettext("You cannot set broadcast address to an interface");
|
||||
continue 2;
|
||||
$intbits_ok = false;
|
||||
}
|
||||
}
|
||||
} while (!$intbits_ok);
|
||||
|
||||
if ($version === 6) {
|
||||
$subnet = gen_subnetv6($intip, $intbits);
|
||||
} else {
|
||||
$subnet = gen_subnet($intip, $intbits);
|
||||
}
|
||||
do {
|
||||
echo "\n" . sprintf(gettext("For a WAN, enter the new %s %s upstream gateway address."), $upperifname, $label_IPvX) . "\n" .
|
||||
gettext("For a LAN, press <ENTER> for none:") . "\n> ";
|
||||
$gwip = chop(fgets($fp));
|
||||
$is_ipaddr = ($version === 6) ? is_ipaddrv6($gwip) : is_ipaddrv4($gwip);
|
||||
$is_in_subnet = $is_ipaddr && ip_in_subnet($gwip, $subnet . "/" . $intbits);
|
||||
if ($gwip != '') {
|
||||
if (!$is_ipaddr) {
|
||||
echo sprintf(gettext("not an %s IP address!"), $label_IPvX) . "\n";
|
||||
} else if (!$is_in_subnet) {
|
||||
echo gettext("not in subnet!") . "\n";
|
||||
}
|
||||
}
|
||||
} while (!($gwip == '' || ($is_ipaddr && $is_in_subnet)));
|
||||
|
||||
if ($gwip != '') {
|
||||
$inet_type = ($version === 6) ? "inet6" : "inet";
|
||||
$gwname = add_gateway_to_config($interface, $gwip, $inet_type);
|
||||
}
|
||||
}
|
||||
$ifppp = console_get_interface_from_ppp(get_real_interface($interface));
|
||||
if (!empty($ifppp))
|
||||
$ifaceassigned = $ifppp;
|
||||
break;
|
||||
}
|
||||
$ifppp = console_get_interface_from_ppp(get_real_interface($interface));
|
||||
if (!empty($ifppp))
|
||||
$ifaceassigned = $ifppp;
|
||||
}
|
||||
|
||||
return array($intip, $intbits, $gwname);
|
||||
|
@ -333,7 +349,7 @@ $config['interfaces'][$interface]['gatewayv6'] = $gwname6;
|
|||
$config['interfaces'][$interface]['enable'] = true;
|
||||
|
||||
function console_configure_dhcpd($version = 4) {
|
||||
global $g, $config, $restart_dhcpd, $fp, $interface, $dry_run;
|
||||
global $g, $config, $restart_dhcpd, $fp, $interface, $dry_run, $intip, $intbits, $intip6, $intbits6;
|
||||
|
||||
$label_IPvX = ($version === 6) ? "IPv6" : "IPv4";
|
||||
$dhcpd = ($version === 6) ? "dhcpdv6" : "dhcpd";
|
||||
|
@ -341,25 +357,39 @@ function console_configure_dhcpd($version = 4) {
|
|||
if($g['services_dhcp_server_enable'])
|
||||
$yn = prompt_for_enable_dhcp_server($version);
|
||||
if ($yn == "y") {
|
||||
$subnet_start = ($version === 6) ? gen_subnetv6($intip6, $intbits6) : gen_subnet($intip, $intbits);
|
||||
$subnet_end = ($version === 6) ? gen_subnetv6_max($intip6, $intbits6) : gen_subnet_max($intip, $intbits);
|
||||
do {
|
||||
echo sprintf(gettext("Enter the start address of the %s client address range:"), $label_IPvX) . " ";
|
||||
$dhcpstartip = chop(fgets($fp));
|
||||
if ($dhcpstartip === "") {
|
||||
fclose($fp);
|
||||
exit(0);
|
||||
}
|
||||
$is_ipaddr = ($version === 6) ? is_ipaddrv6($dhcpstartip) : is_ipaddrv4($dhcpstartip);
|
||||
} while (!$is_ipaddr);
|
||||
do {
|
||||
echo sprintf(gettext("Enter the start address of the %s client address range:"), $label_IPvX) . " ";
|
||||
$dhcpstartip = chop(fgets($fp));
|
||||
if ($dhcpstartip === "") {
|
||||
fclose($fp);
|
||||
exit(0);
|
||||
}
|
||||
$is_ipaddr = ($version === 6) ? is_ipaddrv6($dhcpstartip) : is_ipaddrv4($dhcpstartip);
|
||||
$is_inrange = is_inrange($dhcpstartip, $subnet_start, $subnet_end);
|
||||
if (!$is_inrange)
|
||||
echo gettext("This IP address must be in the interface's subnet") . "\n";
|
||||
} while (!$is_ipaddr || !$is_inrange);
|
||||
|
||||
do {
|
||||
echo sprintf(gettext("Enter the end address of the %s client address range:"), $label_IPvX) . " ";
|
||||
$dhcpendip = chop(fgets($fp));
|
||||
if ($dhcpendip === "") {
|
||||
fclose($fp);
|
||||
exit(0);
|
||||
}
|
||||
$is_ipaddr = ($version === 6) ? is_ipaddrv6($dhcpendip) : is_ipaddrv4($dhcpendip);
|
||||
} while (!$is_ipaddr);
|
||||
do {
|
||||
echo sprintf(gettext("Enter the end address of the %s client address range:"), $label_IPvX) . " ";
|
||||
$dhcpendip = chop(fgets($fp));
|
||||
if ($dhcpendip === "") {
|
||||
fclose($fp);
|
||||
exit(0);
|
||||
}
|
||||
$is_ipaddr = ($version === 6) ? is_ipaddrv6($dhcpendip) : is_ipaddrv4($dhcpendip);
|
||||
$is_inrange = is_inrange($dhcpendip, $subnet_start, $subnet_end);
|
||||
if (!$is_inrange)
|
||||
echo gettext("This IP address must be in the interface's subnet") . "\n";
|
||||
$not_inorder = ($version === 6) ? (inet_pton($dhcpendip) < inet_pton($dhcpstartip)) : ip_less_than($dhcpendip, $dhcpstartip);
|
||||
if ($not_inorder) {
|
||||
echo gettext("The end address of the DHCP range must be >= the start address") . "\n";
|
||||
}
|
||||
} while (!$is_ipaddr || !$is_inrange);
|
||||
} while ($not_inorder);
|
||||
$restart_dhcpd = true;
|
||||
$config[$dhcpd][$interface]['enable'] = true;
|
||||
$config[$dhcpd][$interface]['range']['from'] = $dhcpstartip;
|
||||
|
@ -466,7 +496,7 @@ if ($intip6 != '') {
|
|||
}
|
||||
|
||||
if ($intip != '' || $intip6 != '') {
|
||||
if (count($ifdescrs) == "1" or $interface = "lan") {
|
||||
if (count($ifdescrs) == "1" or $interface == "lan") {
|
||||
if ($debug) {
|
||||
echo "ifdescrs count is " . count($ifdescrs) . "\n";
|
||||
echo "interface is {$interface} \n";
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
rc.interfaces_carp_configure
|
||||
part of pfSense (http://www.pfSense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
Copyright (C) 2004 Scott Ullrich
|
||||
All rights reserved.
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
rc.interfaces_lan_configure
|
||||
part of pfSense (http://www.pfSense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
Copyright (C) 2004 Scott Ullrich
|
||||
All rights reserved.
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
rc.interfaces_opt_configure
|
||||
part of pfSense (http://www.pfSense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
Copyright (C) 2004 Scott Ullrich
|
||||
All rights reserved.
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
rc.interfaces_wan_configure
|
||||
part of pfSense (http://www.pfSense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
Copyright (C) 2004 Scott Ullrich
|
||||
All rights reserved.
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/*
|
||||
rc.newwanip
|
||||
Copyright (C) 2013 Renato Botelho (garga@pfsense.org)
|
||||
part of pfSense (http://www.pfsense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are met:
|
||||
|
@ -63,6 +63,24 @@ if (!empty($local_ip)) {
|
|||
if (!isset($config['system']['kill_states'])) {
|
||||
if (!empty($local_ip)) {
|
||||
log_error("rc.kill_states: Removing states for IP {$local_ip}/{$subnet_bits}");
|
||||
$nat_states = exec_command("/sbin/pfctl -i {$interface} -ss | " .
|
||||
"/usr/bin/egrep '\-> +{$local_ip}:[0-9]+ +\->'");
|
||||
|
||||
$cleared_states = array();
|
||||
foreach(explode("\n", $nat_states) as $nat_state) {
|
||||
if (preg_match_all('/([\d\.]+):[\d]+[\s->]+/i', $nat_state, $matches, PREG_SET_ORDER) != 3)
|
||||
continue;
|
||||
|
||||
$src = $matches[0][1];
|
||||
$dst = $matches[2][1];
|
||||
|
||||
if (empty($src) || empty($dst) || in_array("{$src},{$dst}", $cleared_states))
|
||||
continue;
|
||||
|
||||
$cleared_states[] = "{$src},{$dst}";
|
||||
mwexec("/sbin/pfctl -k {$src} -k {$dst}", true);
|
||||
}
|
||||
|
||||
mwexec("/sbin/pfctl -k 0.0.0.0/0 -k {$local_ip}/{$subnet_bits}", true);
|
||||
mwexec("/sbin/pfctl -k {$local_ip}/{$subnet_bits}", true);
|
||||
mwexec("/sbin/pfctl -K {$local_ip}/{$subnet_bits}", true);
|
||||
|
|
|
@ -51,7 +51,7 @@ function handle_argument_group($iface, $argument2) {
|
|||
$staticv4 = is_ipaddrv4($ipaddr);
|
||||
$staticv6 = false;
|
||||
if (empty($ip6addr))
|
||||
$statcv6 = true;
|
||||
$staticv6 = true;
|
||||
else
|
||||
$staticv6 = is_ipaddrv6($ip6addr);
|
||||
if ($staticv4 === true && $staticv6 === true) {
|
||||
|
@ -60,7 +60,8 @@ function handle_argument_group($iface, $argument2) {
|
|||
interfaces_staticarp_configure($iface);
|
||||
$iface = get_real_interface($iface);
|
||||
interfaces_bring_up($iface);
|
||||
if ($argument2 == "start" || $argument2 == "up")
|
||||
/* NOTE: Do not generate event for OpenVPN since the daemon does that for us. */
|
||||
if (($argument2 == "start" || $argument2 == "up") && substr($iface, 0, 4) != "ovpn")
|
||||
send_event("interface newip {$iface}");
|
||||
} else {
|
||||
switch ($argument2) {
|
||||
|
@ -83,9 +84,7 @@ function handle_argument_group($iface, $argument2) {
|
|||
}
|
||||
|
||||
global $g;
|
||||
if (file_exists("{$g['varrun_path']}/booting")) {
|
||||
/* ignore all linkup events */
|
||||
} else {
|
||||
if (!file_exists("{$g['varrun_path']}/booting") && empty($g['booting'])) {
|
||||
if ($argc < 3) {
|
||||
log_error("HOTPLUG event: The number of required parameters not passed!");
|
||||
exit;
|
||||
|
|
|
@ -44,9 +44,10 @@ require_once("vpn.inc");
|
|||
if (file_exists("{$g['varrun_path']}/booting"))
|
||||
return;
|
||||
|
||||
if (isset($config['ipsec']['enable']))
|
||||
if (isset($config['ipsec']['enable'])) {
|
||||
sleep(15);
|
||||
log_error("IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.");
|
||||
else
|
||||
} else
|
||||
return;
|
||||
|
||||
$ipseclck = lock('ipsecdns', LOCK_EX);
|
||||
|
@ -60,5 +61,8 @@ vpn_ipsec_refresh_policies();
|
|||
|
||||
vpn_ipsec_configure();
|
||||
|
||||
if (isset($config['ipsec']['failoverforcereload']))
|
||||
vpn_ipsec_force_reload();
|
||||
|
||||
unlock($ipseclck);
|
||||
?>
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/*
|
||||
rc.newwanip
|
||||
Copyright (C) 2006 Scott Ullrich (sullrich@gmail.com)
|
||||
part of pfSense (http://www.pfsense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
|
||||
Originally part of m0n0wall (http://m0n0.ch)
|
||||
Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
|
||||
|
@ -40,6 +40,7 @@ require_once("shaper.inc");
|
|||
require_once("ipsec.inc");
|
||||
require_once("vpn.inc");
|
||||
require_once("openvpn.inc");
|
||||
require_once("IPv6.inc");
|
||||
require_once("rrd.inc");
|
||||
|
||||
// Do not process while booting
|
||||
|
@ -61,26 +62,47 @@ $argument = str_replace("\n", "", $argv[1]);
|
|||
|
||||
log_error("rc.newwanip: Informational is starting {$argument}.");
|
||||
|
||||
if(empty($argument)) {
|
||||
$curwanip = get_interface_ip();
|
||||
if (empty($argument)) {
|
||||
$interface = "wan";
|
||||
$interface_real = get_real_interface();
|
||||
} else {
|
||||
$interface = convert_real_interface_to_friendly_interface_name($argument);
|
||||
$interface_real = $argument;
|
||||
}
|
||||
|
||||
$interface_descr = convert_friendly_interface_to_friendly_descr($interface);
|
||||
|
||||
/* If the interface is configured and not enabled, bail. We do not need to change settings for disabled interfaces. #3313 */
|
||||
if (is_array($config['interfaces'][$interface]) && !isset($config['interfaces'][$interface]['enable'])) {
|
||||
log_error("Interface is disabled, nothing to do.");
|
||||
return;
|
||||
}
|
||||
|
||||
if (empty($argument))
|
||||
$curwanip = get_interface_ip();
|
||||
else {
|
||||
$curwanip = find_interface_ip($interface_real, true);
|
||||
if($curwanip == "")
|
||||
$curwanip = get_interface_ip($interface);
|
||||
}
|
||||
|
||||
log_error("rc.newwanip: on (IP address: {$curwanip}) (interface: {$interface}) (real interface: {$interface_real}).");
|
||||
log_error("rc.newwanip: on (IP address: {$curwanip}) (interface: {$interface_descr}[{$interface}]) (real interface: {$interface_real}).");
|
||||
|
||||
if($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) {
|
||||
log_error("rc.newwanip: Failed to update {$interface} IP, restarting...");
|
||||
send_event("interface reconfigure {$interface}");
|
||||
exit;
|
||||
/*
|
||||
* NOTE: Take care of openvpn and no-ip interfaces or similar if you generate the event to reconfigure an interface.
|
||||
* i.e. OpenVPN might be in tap mode and not have an ip.
|
||||
*/
|
||||
if ($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) {
|
||||
if (substr($interface_real, 0, 4) != "ovpn") {
|
||||
if (!empty($config['interfaces'][$interface]['ipaddr'])) {
|
||||
log_error("rc.newwanip: Failed to update {$interface} IP, restarting...");
|
||||
send_event("interface reconfigure {$interface}");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* XXX: This really possible? */
|
||||
if (empty($interface)) {
|
||||
filter_configure();
|
||||
restart_packages();
|
||||
|
@ -95,7 +117,8 @@ if (file_exists("{$g['vardb_path']}/{$interface}_cacheip"))
|
|||
system_resolvconf_generate(true);
|
||||
|
||||
/* write current WAN IP to file */
|
||||
file_put_contents("{$g['vardb_path']}/{$interface}_ip", $curwanip);
|
||||
if (is_ipaddr($curwanip))
|
||||
@file_put_contents("{$g['vardb_path']}/{$interface}_ip", $curwanip);
|
||||
|
||||
link_interface_to_vips($interface, "update");
|
||||
|
||||
|
@ -112,29 +135,26 @@ $grouptmp = link_interface_to_group($interface);
|
|||
if (!empty($grouptmp))
|
||||
array_walk($grouptmp, 'interface_group_add_member');
|
||||
|
||||
if ($linkupevent == false || substr($interface_real, 0, 4) == "ovpn") {
|
||||
unset($bridgetmp);
|
||||
$bridgetmp = link_interface_to_bridge($interface);
|
||||
if (!empty($bridgetmp))
|
||||
interface_bridge_add_member($bridgetmp, $interface_real);
|
||||
}
|
||||
unset($bridgetmp);
|
||||
$bridgetmp = link_interface_to_bridge($interface);
|
||||
if (!empty($bridgetmp))
|
||||
interface_bridge_add_member($bridgetmp, $interface_real);
|
||||
|
||||
/* make new hosts file */
|
||||
if ($interface == "lan")
|
||||
system_hosts_generate();
|
||||
system_hosts_generate();
|
||||
|
||||
/* check tunneled IPv6 interface tracking */
|
||||
switch($config['interfaces'][$interface]['ipaddrv6']) {
|
||||
case "slaac":
|
||||
case "dhcp6":
|
||||
interface_dhcpv6_configure($interface, $config['interfaces'][$interface]);
|
||||
break;
|
||||
case "6to4":
|
||||
interface_6to4_configure($interface, $config['interfaces'][$interface]);
|
||||
break;
|
||||
case "6rd":
|
||||
interface_6rd_configure($interface, $config['interfaces'][$interface]);
|
||||
break;
|
||||
case "dhcp6":
|
||||
if (isset($config['interfaces'][$interface]['dhcp6usev4iface']))
|
||||
interface_dhcpv6_configure($interface, $config['interfaces'][$interface]);
|
||||
break;
|
||||
}
|
||||
|
||||
/* Check Gif tunnels */
|
||||
|
@ -168,7 +188,8 @@ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interface
|
|||
/* reconfigure our gateway monitor */
|
||||
setup_gateways_monitor();
|
||||
|
||||
file_put_contents("{$g['vardb_path']}/{$interface}_cacheip", $curwanip);
|
||||
if (is_ipaddr($curwanip))
|
||||
@file_put_contents("{$g['vardb_path']}/{$interface}_cacheip", $curwanip);
|
||||
|
||||
/* perform RFC 2136 DNS update */
|
||||
services_dnsupdate_process($interface);
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/*
|
||||
rc.newwanipv6
|
||||
Copyright (C) 2006 Scott Ullrich (sullrich@gmail.com)
|
||||
part of pfSense (http://www.pfsense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
|
||||
Originally part of m0n0wall (http://m0n0.ch)
|
||||
Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
|
||||
|
@ -55,24 +55,22 @@ function restart_packages() {
|
|||
}
|
||||
|
||||
/* Interface IP address has changed */
|
||||
$argument = str_replace("\n", "", $argv[1]);
|
||||
$argument = trim($argv[1], " \n\t");
|
||||
|
||||
log_error("rc.newwanipv6: Informational is starting {$argument}.");
|
||||
|
||||
/* wait for the dhcp6c process to configure the LAN interface */
|
||||
sleep(5);
|
||||
|
||||
if(empty($argument)) {
|
||||
if (empty($argument)) {
|
||||
$interface = "wan";
|
||||
$interface_real = get_real_interface($interface);
|
||||
$interface_real = get_real_interface($interface, "inet6");
|
||||
$curwanipv6 = get_interface_ipv6($interface, true);
|
||||
} else {
|
||||
$interface_real = $argument;
|
||||
$interface = convert_real_interface_to_friendly_interface_name($interface_real);
|
||||
$curwanipv6 = get_interface_ipv6($interface, true);
|
||||
$interface_realv6 = get_real_interface($interface, "inet6");
|
||||
}
|
||||
|
||||
$interface_descr = convert_friendly_interface_to_friendly_descr($interface);
|
||||
|
||||
if (empty($interface)) {
|
||||
filter_configure();
|
||||
// restart_packages();
|
||||
|
@ -80,11 +78,15 @@ if (empty($interface)) {
|
|||
}
|
||||
|
||||
//Do not process while booting
|
||||
if($g['booting'] && $config['interfaces'][$interface]['ipaddrv6'] != "dhcp6")
|
||||
if ($g['booting'] && $config['interfaces'][$interface]['ipaddrv6'] != "dhcp6")
|
||||
exit;
|
||||
|
||||
if(empty($curwanipv6) || !is_ipaddrv6($curwanipv6)) {
|
||||
log_error("rc.newwanipv6: Failed to update {$interface} IPv6, restarting...");
|
||||
/*
|
||||
* NOTE: Take care of openvpn and similar if you generate the event to reconfigure an interface.
|
||||
* i.e. OpenVPN might be in tap mode and not have an ip.
|
||||
*/
|
||||
if ((empty($curwanipv6) || !is_ipaddrv6($curwanipv6)) && substr($interface_real, 0, 4) != "ovpn") {
|
||||
log_error("rc.newwanipv6: Failed to update {$interface_descr}[{$interface}] IPv6, restarting...");
|
||||
// send_event("interface reconfigure {$interface}");
|
||||
exit;
|
||||
}
|
||||
|
@ -93,20 +95,21 @@ if (!empty($_ENV['new_domain_name_servers'])) {
|
|||
$name_servers = explode(" ", $_ENV['new_domain_name_servers']);
|
||||
$valid_ns = array();
|
||||
foreach($name_servers as $ns) {
|
||||
if(is_ipaddrv6(trim($ns)))
|
||||
if (is_ipaddrv6(trim($ns)))
|
||||
$valid_ns[] = trim($ns);
|
||||
}
|
||||
|
||||
if(count($valid_ns > 0))
|
||||
if (count($valid_ns > 0))
|
||||
file_put_contents("{$g['varetc_path']}/nameserver_v6{$interface}", implode("\n", $valid_ns));
|
||||
}
|
||||
if(!empty($_ENV['new_domain_name']))
|
||||
if (!empty($_ENV['new_domain_name']))
|
||||
file_put_contents("{$g['varetc_path']}/searchdomain_v6{$interface}", $_ENV['new_domain_name']);
|
||||
|
||||
/* write current WAN IPv6 to file */
|
||||
file_put_contents("{$g['vardb_path']}/{$interface}_ipv6", $curwanipv6);
|
||||
if (is_ipaddrv6($curwanipv6))
|
||||
@file_put_contents("{$g['vardb_path']}/{$interface}_ipv6", $curwanipv6);
|
||||
|
||||
log_error("rc.newwanipv6: on (IP address: {$curwanipv6}) (interface: {$interface}) (real interface: {$interface_realv6}).");
|
||||
log_error("rc.newwanipv6: on (IP address: {$curwanipv6}) (interface: {$interface}) (real interface: {$interface_real}).");
|
||||
|
||||
$oldipv6 = "";
|
||||
if (file_exists("{$g['vardb_path']}/{$interface}_cacheipv6"))
|
||||
|
@ -138,14 +141,15 @@ if (is_ipaddrv6($oldipv6)) {
|
|||
vpn_ipsec_force_reload($interface);
|
||||
|
||||
/* start OpenVPN server & clients */
|
||||
openvpn_resync_all($interface);
|
||||
if (substr($interface_real, 0, 4) != "ovpn")
|
||||
openvpn_resync_all($interface);
|
||||
}
|
||||
exit;
|
||||
} else if (does_interface_exist($interface_realv6))
|
||||
mwexec("/sbin/ifconfig {$interface_realv6} inet6 {$oldipv6} delete");
|
||||
}
|
||||
} else if (does_interface_exist($interface_real))
|
||||
mwexec("/sbin/ifconfig {$interface_real} inet6 {$oldipv6} delete");
|
||||
|
||||
file_put_contents("{$g['vardb_path']}/{$interface}_cacheipv6", $curwanipv6);
|
||||
file_put_contents("{$g['vardb_path']}/{$interface}_cacheipv6", $curwanipv6);
|
||||
}
|
||||
|
||||
/* perform RFC 2136 DNS update */
|
||||
services_dnsupdate_process($interface);
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
<?php
|
||||
/*
|
||||
rc.notify_message
|
||||
part of pfSense (http://www.pfSense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
|
||||
All rights reserved.
|
||||
|
||||
|
|
|
@ -41,19 +41,26 @@ require_once("openvpn.inc");
|
|||
function openvpn_resync_if_needed ($mode, $ovpn_settings, $interface) {
|
||||
global $g, $config;
|
||||
|
||||
$resync_needed = false;
|
||||
if (empty($interface)) {
|
||||
$resync_needed = true;
|
||||
$resync_needed = true;
|
||||
if (isset($ovpn_settings['disable'])) {
|
||||
$resync_needed = false;
|
||||
} else {
|
||||
$mode_id = $mode . $ovpn_settings['vpnid'];
|
||||
$fpath = "{$g['varetc_path']}/openvpn/{$mode_id}.interface";
|
||||
$current_device = file_get_contents($fpath);
|
||||
$new_device = get_failover_interface($ovpn_settings['interface']);
|
||||
$this_device = $config['interfaces'][$interface]['if'];
|
||||
if (($current_device != $new_device) || ($current_device == $this_device) || ($new_device == $this_device))
|
||||
$resync_needed = true;
|
||||
if (!empty($interface)) {
|
||||
$mode_id = $mode . $ovpn_settings['vpnid'];
|
||||
$fpath = "{$g['varetc_path']}/openvpn/{$mode_id}.interface";
|
||||
if (file_exists($fpath)) {
|
||||
$current_device = file_get_contents($fpath);
|
||||
$current_device = trim($current_device, " \t\n");
|
||||
$new_device = get_failover_interface($ovpn_settings['interface']);
|
||||
if (isset($config['interfaces'][$interface])) {
|
||||
$this_device = $config['interfaces'][$interface]['if'];
|
||||
if (($current_device == $new_device) && ($current_device != $this_device))
|
||||
$resync_needed = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($resync_needed) {
|
||||
if ($resync_needed == true) {
|
||||
log_error("OpenVPN: Resync " . $mode_id . " " . $ovpn_settings['description']);
|
||||
openvpn_resync($mode, $ovpn_settings);
|
||||
}
|
||||
|
@ -63,42 +70,48 @@ function openvpn_resync_if_needed ($mode, $ovpn_settings, $interface) {
|
|||
if (file_exists("{$g['varrun_path']}/booting"))
|
||||
return;
|
||||
|
||||
/* Input argument is a comma-separated list of gateway names, blank or "all". */
|
||||
$argument = trim($argv[1], " \n");
|
||||
|
||||
if(is_array($config['openvpn']['openvpn-server']) || is_array($config['openvpn']['openvpn-client'])) {
|
||||
if (empty($argument) || $argument == "all")
|
||||
if (empty($argument) || $argument == "all") {
|
||||
$argument = "all";
|
||||
$log_text = "all";
|
||||
else
|
||||
} else {
|
||||
$log_text = "endpoints that may use " . $argument;
|
||||
}
|
||||
log_error("OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading " . $log_text . ".");
|
||||
} else
|
||||
return;
|
||||
|
||||
$gwgroups = array();
|
||||
$openvpnlck = lock('openvpn', LOCK_EX);
|
||||
if (empty($argument) || $argument == "all")
|
||||
$interface = "";
|
||||
else {
|
||||
// e.g. $argument = "WANGW", $interface = "wan"
|
||||
$interface = lookup_gateway_interface_by_name($argument);
|
||||
if (empty($interface))
|
||||
$interface = $argument;
|
||||
else
|
||||
// e.g. $argument = "WANGW", $gwgroups = array of gateway groups that use "wan"
|
||||
$gwgroups = gateway_is_gwgroup_member($argument);
|
||||
}
|
||||
|
||||
if(is_array($config['openvpn']['openvpn-server'])) {
|
||||
foreach($config['openvpn']['openvpn-server'] as &$server) {
|
||||
if ($server['interface'] == $interface || empty($interface) || (!empty($gwgroups) && in_array($server['interface'], $gwgroups)))
|
||||
openvpn_resync_if_needed('server', $server, $interface);
|
||||
$arg_array = explode(",",$argument);
|
||||
foreach ($arg_array as $arg_element) {
|
||||
$gwgroups = array();
|
||||
if ($arg_element == "all")
|
||||
$interface = "";
|
||||
else {
|
||||
// e.g. $arg_element = "WANGW", $interface = "wan"
|
||||
$interface = lookup_gateway_interface_by_name($arg_element);
|
||||
if (empty($interface))
|
||||
$interface = $arg_element;
|
||||
else
|
||||
// e.g. $arg_element = "WANGW", $gwgroups = array of gateway groups that use "wan"
|
||||
$gwgroups = gateway_is_gwgroup_member($arg_element);
|
||||
}
|
||||
}
|
||||
|
||||
if (is_array($config['openvpn']['openvpn-client'])) {
|
||||
foreach($config['openvpn']['openvpn-client'] as &$client) {
|
||||
if ($client['interface'] == $interface || empty($interface) || (!empty($gwgroups) && in_array($client['interface'], $gwgroups)))
|
||||
openvpn_resync_if_needed('client', $client, $interface);
|
||||
if(is_array($config['openvpn']['openvpn-server'])) {
|
||||
foreach($config['openvpn']['openvpn-server'] as &$server) {
|
||||
if ($server['interface'] == $interface || empty($interface) || (!empty($gwgroups) && in_array($server['interface'], $gwgroups)))
|
||||
openvpn_resync_if_needed('server', $server, $interface);
|
||||
}
|
||||
}
|
||||
|
||||
if (is_array($config['openvpn']['openvpn-client'])) {
|
||||
foreach($config['openvpn']['openvpn-client'] as &$client) {
|
||||
if ($client['interface'] == $interface || empty($interface) || (!empty($gwgroups) && in_array($client['interface'], $gwgroups)))
|
||||
openvpn_resync_if_needed('client', $client, $interface);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
rc.packages
|
||||
part of pfSense (http://www.pfSense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
Copyright (C) 2004 Scott Ullrich
|
||||
All rights reserved.
|
||||
|
||||
|
|
|
@ -27,6 +27,7 @@
|
|||
|
||||
# Set our operating platform
|
||||
PLATFORM=`/bin/cat /etc/platform`
|
||||
MIN_REALMEM_FOR_APC=512
|
||||
|
||||
if [ -d /usr/local/lib/php/20090626 ]; then
|
||||
EXTENSIONSDIR="/usr/local/lib/php/20090626/"
|
||||
|
@ -46,22 +47,35 @@ if [ -z "$AVAILMEM" ]; then
|
|||
AVAILMEM=`/bin/expr $MEM / 1048576`
|
||||
fi
|
||||
|
||||
# Calculate APC SHM size according
|
||||
# to detected memory values
|
||||
if [ "$AVAILMEM" -gt "135" ]; then
|
||||
APCSHMEMSIZE="10M"
|
||||
fi
|
||||
if [ "$AVAILMEM" -gt "256" ]; then
|
||||
APCSHMEMSIZE="20M"
|
||||
fi
|
||||
if [ "$AVAILMEM" -gt "384" ]; then
|
||||
APCSHMEMSIZE="25M"
|
||||
fi
|
||||
if [ "$AVAILMEM" -gt "512" ]; then
|
||||
APCSHMEMSIZE="30M"
|
||||
fi
|
||||
if [ "$AVAILMEM" -gt "784" ]; then
|
||||
APCSHMEMSIZE="50M"
|
||||
|
||||
# Get amount of ram installed on this system
|
||||
REALMEM=`/sbin/sysctl hw.realmem | /usr/bin/awk '{print $2/1048576}' | /usr/bin/awk -F '.' '{print $1}'`
|
||||
export REALMEM
|
||||
export LOWMEM
|
||||
|
||||
if [ "$REALMEM" -lt "$MIN_REALMEM_FOR_APC" ]; then
|
||||
LOWMEM="TRUE"
|
||||
echo ">>> Under $MIN_REALMEM_FOR_APC megabytes of ram detected. Not enabling APC."
|
||||
echo ">>> Under $MIN_REALMEM_FOR_APC megabytes of ram detected. Not enabling APC." | /usr/bin/logger -p daemon.info -i -t rc.php_ini_setup
|
||||
else
|
||||
|
||||
# Calculate APC SHM size according
|
||||
# to detected memory values
|
||||
if [ "$AVAILMEM" -gt "135" ]; then
|
||||
APCSHMEMSIZE="10M"
|
||||
fi
|
||||
if [ "$AVAILMEM" -gt "256" ]; then
|
||||
APCSHMEMSIZE="20M"
|
||||
fi
|
||||
if [ "$AVAILMEM" -gt "384" ]; then
|
||||
APCSHMEMSIZE="25M"
|
||||
fi
|
||||
if [ "$AVAILMEM" -gt "512" ]; then
|
||||
APCSHMEMSIZE="30M"
|
||||
fi
|
||||
if [ "$AVAILMEM" -gt "784" ]; then
|
||||
APCSHMEMSIZE="50M"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Set upload directory
|
||||
|
@ -74,7 +88,7 @@ fi
|
|||
# Define php modules. Do not add .so, it will
|
||||
# be done automatically by the script below.
|
||||
PHPMODULES="standard"
|
||||
if [ "$AVAILMEM" -gt 135 ]; then
|
||||
if [ "$LOWMEM" != "TRUE" ]; then
|
||||
PHPMODULES="$PHPMODULES apc"
|
||||
fi
|
||||
# Config read/write
|
||||
|
@ -121,6 +135,9 @@ PHPMODULES="$PHPMODULES pfSense"
|
|||
PHPMODULES="$PHPMODULES json"
|
||||
# bcmath
|
||||
PHPMODULES="$PHPMODULES bcmath"
|
||||
# filter
|
||||
PHPMODULES="$PHPMODULES filter"
|
||||
|
||||
|
||||
PHP_ZEND_MODULES="ioncube_loader"
|
||||
PHP_ZEND_MODULES_TS="ioncube_loader_ts"
|
||||
|
@ -249,11 +266,8 @@ for EXT in $PHP_ZEND_MODULES_TS; do
|
|||
fi
|
||||
done
|
||||
|
||||
# Get amount of ram installed on this system
|
||||
RAM=`/sbin/sysctl hw.realmem | /usr/bin/awk '{print $2/1000000}' | /usr/bin/awk -F '.' '{print $1}'`
|
||||
export RAM
|
||||
export LOWMEM
|
||||
if [ "$RAM" -gt 135 ]; then
|
||||
|
||||
if [ "$LOWMEM" != "TRUE" ]; then
|
||||
|
||||
/bin/cat >>/usr/local/lib/php.ini <<EOF
|
||||
|
||||
|
@ -263,11 +277,6 @@ apc.enable_cli="0"
|
|||
apc.shm_size="${APCSHMEMSIZE}"
|
||||
|
||||
EOF
|
||||
|
||||
else
|
||||
LOWMEM="TRUE"
|
||||
echo ">>> WARNING! under 128 megabytes of ram detected. Not enabling APC."
|
||||
echo ">>> WARNING! under 128 megabytes of ram detected. Not enabling APC." | /usr/bin/logger -p daemon.info -i -t rc.php_ini_setup
|
||||
fi
|
||||
|
||||
/bin/cat >>/usr/local/lib/php.ini <<EOF
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
rc.reload_all
|
||||
part of pfSense (http://www.pfSense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
Copyright (C) 2004 Scott Ullrich
|
||||
All rights reserved.
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
rc.reload_interfaces
|
||||
part of pfSense (http://www.pfSense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
Copyright (C) 2004 Scott Ullrich
|
||||
All rights reserved.
|
||||
|
||||
|
|
|
@ -51,7 +51,7 @@ function choose_backup() {
|
|||
echo gettext("Which configuration would you like to restore?") . "\n";
|
||||
echo " 1-" . count($confvers) . " : ";
|
||||
$number = strtoupper(chop(fgets($fp)));
|
||||
if (is_numeric($number) && ($number > 0) && ($number < count($confvers))) {
|
||||
if (is_numeric($number) && ($number > 0) && ($number <= count($confvers))) {
|
||||
return $number;
|
||||
} else {
|
||||
echo gettext("That is not a valid backup number.\n");
|
||||
|
@ -61,7 +61,7 @@ function choose_backup() {
|
|||
|
||||
function restore_history_backup($number) {
|
||||
global $g, $fp, $confvers;
|
||||
if (is_numeric($number) && ($number > 0) && ($number < count($confvers))) {
|
||||
if (is_numeric($number) && ($number > 0) && ($number <= count($confvers))) {
|
||||
$realnumber = $number - 1;
|
||||
echo "\n" . gettext("Is this the backup you wish to restore?") . "\n";
|
||||
list_backups($realnumber);
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
rc.start_packages
|
||||
part of pfSense (http://www.pfSense.com)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
Copyright (C) 2004 Scott Ullrich
|
||||
All rights reserved.
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
rc.update_alias_url-data.sh
|
||||
part of pfSense (http://pfSense.org)
|
||||
part of pfSense (https://www.pfsense.org)
|
||||
|
||||
Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
|
||||
All rights reserved.
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
# Update bogons file
|
||||
# Part of the pfSense project
|
||||
# www.pfsense.com
|
||||
# https://www.pfsense.org
|
||||
|
||||
# Global variables
|
||||
proc_error=""
|
||||
|
@ -14,7 +14,7 @@ process_url() {
|
|||
local filename=${url##*/}
|
||||
local ext=${filename#*.}
|
||||
|
||||
/usr/bin/fetch -q -o $file "${url}"
|
||||
/usr/bin/fetch -a -T 30 -q -o $file "${url}"
|
||||
|
||||
if [ ! -f $file ]; then
|
||||
echo "Could not download ${url}" | logger
|
||||
|
@ -84,9 +84,9 @@ if [ "$proc_error" != "" ]; then
|
|||
exit
|
||||
fi
|
||||
|
||||
BOGON_V4_CKSUM=`/usr/bin/fetch -q -o - "${v4urlcksum}" | awk '{ print $4 }'`
|
||||
BOGON_V4_CKSUM=`/usr/bin/fetch -T 30 -q -o - "${v4urlcksum}" | awk '{ print $4 }'`
|
||||
ON_DISK_V4_CKSUM=`md5 /tmp/bogons | awk '{ print $4 }'`
|
||||
BOGON_V6_CKSUM=`/usr/bin/fetch -q -o - "${v6urlcksum}" | awk '{ print $4 }'`
|
||||
BOGON_V6_CKSUM=`/usr/bin/fetch -T 30 -q -o - "${v6urlcksum}" | awk '{ print $4 }'`
|
||||
ON_DISK_V6_CKSUM=`md5 /tmp/bogonsv6 | awk '{ print $4 }'`
|
||||
|
||||
if [ "$BOGON_V4_CKSUM" = "$ON_DISK_V4_CKSUM" ] || [ "$BOGON_V6_CKSUM" = "$ON_DISK_V6_CKSUM" ]; then
|
||||
|
|
|
@ -40,10 +40,10 @@ if (count($todo) > 0) {
|
|||
exec("/sbin/pfctl -t " . escapeshellarg($t['name']) . " -T replace -f /var/db/aliastables/" . escapeshellarg($t['name']) . ".txt 2>&1", $result);
|
||||
log_error("{$argv[0]}: Updated {$t['name']} content from {$t['url']}: {$result[0]}");
|
||||
} elseif ($r == -1) {
|
||||
log_error("{$argv[0]}: {$t['name']} does not need updated.");
|
||||
log_error("{$argv[0]}: {$t['name']} does not need updating.");
|
||||
} else {
|
||||
log_error("{$argv[0]}: ERROR: could not update {$t['name']} content from {$t['url']}");
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
?>
|
||||
|
|
2
etc/sshd
2
etc/sshd
|
@ -121,6 +121,8 @@
|
|||
$sshconf .= "Protocol 2\n";
|
||||
/* Run the server on another port if we have one defined */
|
||||
$sshconf .= "Port $sshport\n";
|
||||
/* Hide FreeBSD version */
|
||||
$sshconf .= "VersionAddendum \n";
|
||||
|
||||
/* Apply package SSHDCond settings if config file exists */
|
||||
if(file_exists("/etc/sshd_extra"))
|
||||
|
|
|
@ -103,7 +103,7 @@ distinguished_name=req_distinguished_name
|
|||
req_extensions = v3_req
|
||||
prompt=no
|
||||
|
||||
default_bits = 1024
|
||||
default_bits = 2048
|
||||
default_keyfile = privkey.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
|
|
|
@ -1 +1 @@
|
|||
2.1-RC0
|
||||
2.1.5-RELEASE
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
# Detect interactive logins and display the shell
|
||||
if [ `env | grep SSH_TTY | wc -l` -gt 0 ] || [ `env | grep cons25 | wc -l` -gt 0 ]; then
|
||||
/etc/rc.initial
|
||||
exit
|
||||
fi
|
|
@ -1,2 +1,5 @@
|
|||
/etc/rc.initial
|
||||
exit
|
||||
# Detect interactive logins and display the shell
|
||||
if [ `env | grep SSH_TTY | wc -l` -gt 0 ] || [ `env | grep cons25 | wc -l` -gt 0 ]; then
|
||||
/etc/rc.initial
|
||||
exit
|
||||
fi
|
||||
|
|
|
@ -27,13 +27,14 @@ ROUTE=/sbin/route
|
|||
SED=/usr/bin/sed
|
||||
ARP=/usr/sbin/arp
|
||||
IFCONFIG=/sbin/ifconfig
|
||||
PFCTL=/sbin/pfctl
|
||||
|
||||
LOCALHOST=127.0.0.1
|
||||
|
||||
if [ -x /usr/bin/logger ]; then
|
||||
LOGGER="/usr/bin/logger -s -p user.notice -t dhclient"
|
||||
else
|
||||
LOGGER=echo
|
||||
LOGGER="echo"
|
||||
fi
|
||||
|
||||
#
|
||||
|
@ -42,11 +43,9 @@ fi
|
|||
|
||||
check_hostname() {
|
||||
current_hostname=`$HOSTNAME`
|
||||
if [ -z "$current_hostname" ]; then
|
||||
$LOGGER "New Hostname ($interface): $new_host_name"
|
||||
$HOSTNAME $new_host_name
|
||||
elif [ "$current_hostname" = "$old_host_name" -a \
|
||||
"$new_host_name" != "$old_host_name" ]; then
|
||||
if [ -z "$current_hostname" ] || \
|
||||
[ "$current_hostname" = "$old_host_name" -a \
|
||||
"$new_hostname" != "$old_host_name" ]; then
|
||||
$LOGGER "New Hostname ($interface): $new_host_name"
|
||||
$HOSTNAME $new_host_name
|
||||
fi
|
||||
|
@ -60,28 +59,30 @@ arp_flush() {
|
|||
|
||||
delete_old_states() {
|
||||
$LOGGER "Starting delete_old_states()"
|
||||
_FLUSHED=0
|
||||
# If the IP changed, remove states from the old one
|
||||
if [ -f /var/db/${interface}_ip ]; then
|
||||
OLD_IP = `cat /var/db/${interface}_ip`
|
||||
OLD_IP=`cat /var/db/${interface}_ip`
|
||||
$LOGGER "Comparing IPs: Old: ${OLD_IP} New: ${new_ip_address}"
|
||||
if [ -n "${OLD_IP}" ] && [ "${OLD_IP}" != "${new_ip_address}" ]; then
|
||||
$LOGGER "Removing states from old IP '${OLD_IP}' (new IP '${new_ip_address}')"
|
||||
/sbin/pfctl -i $interface -Fs
|
||||
pfctl -K ${OLD_IP}/32
|
||||
${PFCTL} -i $interface -Fs
|
||||
${PFCTL} -K ${OLD_IP}/32
|
||||
_FLUSHED=1
|
||||
fi
|
||||
fi
|
||||
# Delete states through old gateway if it's not the same
|
||||
OLD_ROUTER=""
|
||||
if [ -n "${old_routers}" ]; then
|
||||
OLD_ROUTER = $old_routers
|
||||
OLD_ROUTER=$old_routers
|
||||
elif [ -f /tmp/${interface}_router ]; then
|
||||
OLD_ROUTER=`cat /tmp/${interface}_router`
|
||||
fi
|
||||
if [ -z "${OLD_ROUTER}" ] && [ -f /tmp/${interface}_router ]; then
|
||||
OLD_ROUTER = `cat /tmp/${interface}_router`
|
||||
fi
|
||||
if [ -n "${OLD_ROUTER}" ]; then
|
||||
if [ ${_FLUSHED} -eq 0 -a -n "${OLD_ROUTER}" ]; then
|
||||
$LOGGER "Comparing Routers: Old: ${OLD_ROUTER} New: ${new_routers}"
|
||||
if [ "${OLD_ROUTER}" != "${new_routers}" ]; then
|
||||
$LOGGER "Removing states through old gateway '${OLD_ROUTER}' (new gateway '${new_routers}')"
|
||||
/sbin/pfctl -i $interface -Fs -G ${OLD_ROUTER}
|
||||
${PFCTL} -i $interface -Fs
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
@ -102,11 +103,12 @@ add_new_address() {
|
|||
netmask $new_subnet_mask \
|
||||
broadcast $new_broadcast_address \
|
||||
$medium
|
||||
$IFCONFIG $interface setfirst $new_ip_address
|
||||
|
||||
$LOGGER "New IP Address ($interface): $new_ip_address"
|
||||
$LOGGER "New Subnet Mask ($interface): $new_subnet_mask"
|
||||
$LOGGER "New Broadcast Address ($interface): $new_broadcast_address"
|
||||
$LOGGER "New Routers ($interface): $new_routers"
|
||||
$LOGGER "New IP Address ($interface): $new_ip_address"
|
||||
$LOGGER "New Subnet Mask ($interface): $new_subnet_mask"
|
||||
$LOGGER "New Broadcast Address ($interface): $new_broadcast_address"
|
||||
$LOGGER "New Routers ($interface): $new_routers"
|
||||
|
||||
|
||||
# This is necessary otherwise apinger will try to ping all 1s address
|
||||
|
|
|
@ -113,3 +113,18 @@ fi
|
|||
if [ -f /usr/local/sbin/php ]; then
|
||||
rm /usr/local/sbin/php
|
||||
fi
|
||||
|
||||
# Fixup permissions on installed files
|
||||
if [ "${PFSENSETYPE}" = "nanobsd" ]; then
|
||||
MTREECHKDIR=/tmp/${1}/
|
||||
else
|
||||
MTREECHKDIR=/
|
||||
fi
|
||||
if [ -f ${MTREECHKDIR}etc/installed_filesystem.mtree ]; then
|
||||
/usr/sbin/mtree -U -e -q -f ${MTREECHKDIR}etc/installed_filesystem.mtree -p ${MTREECHKDIR} > /conf/mtree.log;
|
||||
fi;
|
||||
|
||||
# Make sure to preserve existing time zone
|
||||
if [ "${PFSENSETYPE}" = "nanobsd" ] && [ -f /etc/localtime ]; then
|
||||
/bin/cp -p /etc/localtime /tmp/${1}/etc/localtime 2>/dev/null
|
||||
fi
|
||||
|
|
|
@ -13,14 +13,15 @@
|
|||
system("pfSsh.php playback gitsync " . escapeshellarg($config['system']['gitsync']['branch']) . " --upgrading");
|
||||
}
|
||||
|
||||
if($g['platform'] == "embedded") {
|
||||
$newslicedir = "";
|
||||
if ($argv[1] != "")
|
||||
$newslicedir = '/tmp/' . $argv[1];
|
||||
|
||||
if($g['platform'] == "embedded" || $g['enableserial_force'] || file_exists("{$newslicedir}/enableserial_force")) {
|
||||
$config['system']['enableserial'] = true;
|
||||
write_config();
|
||||
}
|
||||
|
||||
$newslicedir = "";
|
||||
if ($argv[1] != "")
|
||||
$newslicedir = '/tmp/' . $argv[1];
|
||||
system("echo \"Adding serial port settings ({$newslicedir})...\" >> /conf/upgrade_log.txt");
|
||||
setup_serial_port("upgrade", $newslicedir);
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ if(empty($argv[1])) {
|
|||
/* Huawei example */
|
||||
$device = "/dev/{$argv[1]}";
|
||||
$statfile = "/tmp/3gstats.{$argv[2]}";
|
||||
/* mode is a comma seperated value, thus submode is born */
|
||||
/* mode is a comma separated value, thus submode is born */
|
||||
$header = "#seconds,rssi,mode,submode,upstream,downstream,sentbytes,receivedbyts,bwupstream,bwdownstream,simstate,service\n";
|
||||
|
||||
$i = 0;
|
||||
|
|
|
@ -55,6 +55,7 @@ if(empty($type))
|
|||
|
||||
/* echo the rrd required syntax */
|
||||
echo "N:";
|
||||
$result = "NaN";
|
||||
|
||||
if ($type == "loggedin") {
|
||||
|
||||
|
@ -101,7 +102,7 @@ if ($type == "loggedin") {
|
|||
else {
|
||||
$result = $current_user_count;
|
||||
}
|
||||
} else
|
||||
} elseif ($type == "concurrent")
|
||||
$result = $no_users;
|
||||
|
||||
echo "$result";
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
#!/usr/local/bin/php -q
|
||||
<?php
|
||||
require_once("config.inc");
|
||||
require_once("globals.inc");
|
||||
require_once("notices.inc");
|
||||
$options = getopt("s::");
|
||||
|
||||
$message = "";
|
||||
|
||||
if($options['s'] <> "") {
|
||||
$subject = $options['s'];
|
||||
}
|
||||
|
||||
|
||||
$in = file("php://stdin");
|
||||
foreach($in as $line){
|
||||
$message .= "$line";
|
||||
}
|
||||
|
||||
if (!empty($subject))
|
||||
send_smtp_message($message, $subject);
|
||||
else
|
||||
send_smtp_message($message);
|
||||
?>
|
|
@ -40,7 +40,7 @@ if [ -f /var/db/pkgpinghosts ]; then
|
|||
PKGHOSTS="/var/db/pkgpinghosts"
|
||||
fi
|
||||
|
||||
cat $PKGHOSTS $HOSTS $IPSECHOSTS >/tmp/tmpHOSTS
|
||||
cat $PKGHOSTS $HOSTS $CURRENTIPSECHOSTS >/tmp/tmpHOSTS
|
||||
|
||||
if [ ! -d /var/db/pingstatus ]; then
|
||||
/bin/mkdir -p /var/db/pingstatus
|
||||
|
@ -75,29 +75,31 @@ for TOPING in $PINGHOSTS ; do
|
|||
fi
|
||||
echo Processing $DSTIP
|
||||
# Look for a service being down
|
||||
# Read in previous status
|
||||
PREVIOUSSTATUS=""
|
||||
if [ -f "/var/db/pingstatus/${DSTIP}" ]; then
|
||||
PREVIOUSSTATUS=`cat /var/db/pingstatus/$DSTIP`
|
||||
fi
|
||||
$PINGCMD -c $COUNT -S $SRCIP $DSTIP
|
||||
if [ $? -eq 0 ]; then
|
||||
# Host is up
|
||||
# Read in previous status
|
||||
PREVIOUSSTATUS=`cat /var/db/pingstatus/$DSTIP`
|
||||
if [ "$PREVIOUSSTATUS" = "DOWN" ]; then
|
||||
if [ "$PREVIOUSSTATUS" != "UP" ]; then
|
||||
# Service restored
|
||||
echo "UP" > /var/db/pingstatus/$DSTIP
|
||||
if [ "$SERVICERESTOREDSCRIPT" != "" ]; then
|
||||
echo "$DSTIP is UP, previous state was DOWN .. Running $SERVICERESTOREDSCRIPT"
|
||||
echo "$DSTIP is UP, previous state was DOWN .. Running $SERVICERESTOREDSCRIPT" | logger -p daemon.info -i -t PingMonitor
|
||||
echo "UP" > /var/db/pingstatus/$DSTIP
|
||||
sh -c $SERVICERESTOREDSCRIPT
|
||||
fi
|
||||
fi
|
||||
else
|
||||
# Host is down
|
||||
PREVIOUSSTATUS=`cat /var/db/pingstatus/$DSTIP`
|
||||
if [ "$PREVIOUSSTATUS" = "UP" ]; then
|
||||
if [ "$PREVIOUSSTATUS" != "DOWN" ]; then
|
||||
# Service is down
|
||||
echo "DOWN" > /var/db/pingstatus/$DSTIP
|
||||
if [ "$FAILURESCRIPT" != "" ]; then
|
||||
echo "$DSTIP is DOWN, previous state was UP .. Running $FAILURESCRIPT"
|
||||
echo "$DSTIP is DOWN, previous state was UP .. Running $FAILURESCRIPT" | logger -p daemon.info -i -t PingMonitor
|
||||
echo "DOWN" > /var/db/pingstatus/$DSTIP
|
||||
sh -c $FAILURESCRIPT
|
||||
fi
|
||||
fi
|
||||
|
@ -108,7 +110,7 @@ for TOPING in $PINGHOSTS ; do
|
|||
echo "Ping returned $?"
|
||||
echo $PINGTIME > /var/db/pingmsstatus/$DSTIP
|
||||
if [ "$THRESHOLD" != "" ]; then
|
||||
if [ "$PINGTIME" -gt "$THRESHOLD" ]; then
|
||||
if [ $(echo "${PINGTIME} > ${THRESHOLD}" | /usr/bin/bc) -eq 1 ]; then
|
||||
echo "$DSTIP has exceeded ping threshold $PINGTIME / $THRESHOLD .. Running $FAILURESCRIPT"
|
||||
echo "$DSTIP has exceeded ping threshold $PINGTIME / $THRESHOLD .. Running $FAILURESCRIPT" | logger -p daemon.info -i -t PingMonitor
|
||||
sh -c $FAILURESCRIPT
|
||||
|
@ -118,8 +120,8 @@ for TOPING in $PINGHOSTS ; do
|
|||
#WANTIME=`rrdtool fetch /var/db/rrd/wan-quality.rrd AVERAGE -r 120 -s -1min -e -1min | grep ":" | cut -f3 -d" " | cut -d"e" -f1`
|
||||
echo "Checking wan ping time $WANTIME"
|
||||
echo $WANTIME > /var/db/wanaverage
|
||||
if [ "$WANTHRESHOLD" != "" ]; then
|
||||
if [ "$WANTIME" -gt "$WANTHRESHOLD" ]; then
|
||||
if [ "$WANTHRESHOLD" != "" -a "$WANTIME" != "" ]; then
|
||||
if [ $(echo "${WANTIME} > ${WANTHRESHOLD}" | /usr/bin/bc) -eq 1 ]; then
|
||||
echo "$DSTIP has exceeded wan ping threshold $WANTIME / $WANTHRESHOLD .. Running $FAILURESCRIPT"
|
||||
echo "$DSTIP has exceeded wan ping threshold $WANTIME / $WANTHRESHOLD .. Running $FAILURESCRIPT" | logger -p daemon.info -i -t PingMonitor
|
||||
sh -c $FAILURESCRIPT
|
||||
|
|
|
@ -44,33 +44,6 @@
|
|||
|
||||
define('GIGAWORDS_RIGHT_OPERAND', '4294967296'); // 2^32
|
||||
|
||||
/**
|
||||
* Get the NAS-IP-Address based on the current wan address
|
||||
*
|
||||
* Use functions in interfaces.inc to find this out
|
||||
*
|
||||
*/
|
||||
if (!function_exists('getNasIP')) {
|
||||
function getNasIP()
|
||||
{
|
||||
global $config, $cpzone;
|
||||
|
||||
if (empty($config['captiveportal'][$cpzone]['radiussrcip_attribute'])) {
|
||||
$nasIp = get_interface_ip();
|
||||
} else {
|
||||
if (is_ipaddr($config['captiveportal'][$cpzone]['radiussrcip_attribute']))
|
||||
$nasIp = $config['captiveportal'][$cpzone]['radiussrcip_attribute'];
|
||||
else
|
||||
$nasIp = get_interface_ip($config['captiveportal'][$cpzone]['radiussrcip_attribute']);
|
||||
}
|
||||
|
||||
if(!is_ipaddr($nasIp))
|
||||
$nasIp = "0.0.0.0";
|
||||
|
||||
return $nasIp;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
RADIUS ACCOUNTING START
|
||||
-----------------------
|
||||
|
@ -96,6 +69,8 @@ function RADIUS_ACCOUNTING_START($ruleno, $username, $sessionid, $radiusservers,
|
|||
break;
|
||||
|
||||
default:
|
||||
if (!function_exists('getNasIP'))
|
||||
require_once("captiveportal.inc");
|
||||
$calledstationid = getNasIP();
|
||||
$callingstationid = $clientmac;
|
||||
break;
|
||||
|
|
|
@ -41,33 +41,6 @@
|
|||
pfSense_MODULE: captiveportal
|
||||
*/
|
||||
|
||||
/**
|
||||
* Get the NAS-IP-Address based on the current wan address
|
||||
*
|
||||
* Use functions in interfaces.inc to find this out
|
||||
*
|
||||
*/
|
||||
if (!function_exists('getNasIP')) {
|
||||
function getNasIP()
|
||||
{
|
||||
global $config, $cpzone;
|
||||
|
||||
if (empty($config['captiveportal'][$cpzone]['radiussrcip_attribute'])) {
|
||||
$nasIp = get_interface_ip();
|
||||
} else {
|
||||
if (is_ipaddr($config['captiveportal'][$cpzone]['radiussrcip_attribute']))
|
||||
$nasIp = $config['captiveportal'][$cpzone]['radiussrcip_attribute'];
|
||||
else
|
||||
$nasIp = get_interface_ip($config['captiveportal'][$cpzone]['radiussrcip_attribute']);
|
||||
}
|
||||
|
||||
if(!is_ipaddr($nasIp))
|
||||
$nasIp = "0.0.0.0";
|
||||
|
||||
return $nasIp;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
RADIUS AUTHENTICATION
|
||||
---------------------
|
||||
|
@ -95,6 +68,8 @@ function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$cli
|
|||
$callingstationid = $clientip;
|
||||
break;
|
||||
default:
|
||||
if (!function_exists('getNasIP'))
|
||||
require_once("captiveportal.inc");
|
||||
$calledstationid = getNasIP();
|
||||
$callingstationid = $clientmac;
|
||||
break;
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue