Actually make default sysctls reside on globals.inc and use those by default this allows to trim down the config.xml sysctl and also fixes #3666 by setting set source interface on reply of icmp

This commit is contained in:
Ermal 2014-11-10 20:32:05 +01:00
parent d3c36b1d8d
commit c46f9695ec
2 changed files with 7 additions and 10 deletions

View File

@ -153,7 +153,11 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024",
"net.inet.udp.checksum" => 1,
"net.bpf.zerocopy_enable" => 1,
"net.inet.icmp.reply_from_interface" => 1,
"vfs.forcesync" => "0"
"vfs.forcesync" => "0",
"net.enc.out.ipsec_bpf_mask" => "0x0001",
"net.enc.out.ipsec_filter_mask" => "0x0001",
"net.enc.in.ipsec_bpf_mask" => "0x0002",
"net.enc.in.ipsec_filter_mask" => "0x0002"
);
/* Include override values for the above if needed. If the file doesn't exist, don't try to load it. */

View File

@ -73,19 +73,12 @@ function get_default_sysctl_value($id) {
}
function activate_sysctls() {
global $config, $g;
global $config, $g, $sysctls;
if ($g['platform'] == 'jail')
return;
$sysctls = array(
"net.enc.out.ipsec_bpf_mask" => "0x0001",
"net.enc.out.ipsec_filter_mask" => "0x0001",
"net.enc.in.ipsec_bpf_mask" => "0x0002",
"net.enc.in.ipsec_filter_mask" => "0x0002"
);
if(is_array($config['sysctl'])) {
if (is_array($config['sysctl'])) {
foreach($config['sysctl']['item'] as $tunable) {
if($tunable['value'] == "default")
$value = get_default_sysctl_value($tunable['tunable']);