Revision 1ab56363
Added by Ermal Luçi over 16 years ago
- Do not restart ipfw-classifyd on every iteration just send a signal to reload the config. This way no data is lost
- Some cleanups to fix warning/spamming of the System logs
- Present is_module_loaded() function to check if a module is loaded.
| etc/inc/config.inc | ||
|---|---|---|
| 2834 | 2834 |
if($g['debug']) |
| 2835 | 2835 |
log_error("Config: FTP proxy disabled for interface {$ifent}");
|
| 2836 | 2836 |
|
| 2837 |
$helpers = exec("/bin/ps awux | grep \"/usr/local/sbin/ftp-proxy {$shaper_queue} -p {$port}\" | grep -v grep | sed \"s/ */ /g\" | cut -f2 -d\" \"");
|
|
| 2837 |
$helpers = `/bin/ps awux | grep "ftp-proxy" | grep "{$port}" | grep -v grep | awk '{ print $2 }'`;
|
|
| 2838 | 2838 |
if($helpers) |
| 2839 | 2839 |
mwexec("/bin/kill {$helpers}");
|
| 2840 | 2840 |
$interface_counter++; |
| etc/inc/filter.inc | ||
|---|---|---|
| 1072 | 1072 |
} |
| 1073 | 1073 |
fclose($inetd_fd); // Close file handle |
| 1074 | 1074 |
// Check if inetd is running, if not start it. If so, restart it gracefully. |
| 1075 |
$helpers = trim(exec("/bin/ps ax | /usr/bin/grep inetd | /usr/bin/grep -v grep | /usr/bin/grep 127"));
|
|
| 1075 |
$helpers = isvalidproc("inetd");
|
|
| 1076 | 1076 |
if(!$helpers) |
| 1077 |
mwexec("/usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf");
|
|
| 1077 |
killbypid("/var/run/inetd.pid");
|
|
| 1078 | 1078 |
else |
| 1079 |
mwexec("/usr/bin/killall -HUP inetd", true);
|
|
| 1079 |
sigkillbypid("/var/run/inetd.pid", "HUP");
|
|
| 1080 |
|
|
| 1080 | 1081 |
if ($pptpdcfg['mode'] && $pptpdcfg['mode'] != "off") {
|
| 1081 | 1082 |
if ($pptpdcfg['mode'] == "server") |
| 1082 | 1083 |
$pptpdtarget = "127.0.0.1"; |
| ... | ... | |
| 1751 | 1752 |
$cp_interface = $config['captiveportal']['interface']; |
| 1752 | 1753 |
$cp_interface_real = $FilterIflist[$cp_interface]['if']; |
| 1753 | 1754 |
$cp_interface_ip = $FilterIflist[$cp_interface_real]['ip']; |
| 1754 |
if (isset($config['captiveportal']['peruserbw'])) |
|
| 1755 |
mwexec("kldload dummynet");
|
|
| 1755 |
if (isset($config['captiveportal']['peruserbw']) && !is_module_loaded("dummynet.ko"))
|
|
| 1756 |
mwexec("/sbin/kldload dummynet");
|
|
| 1756 | 1757 |
if(is_ipaddr($cp_interface_ip) and $cp_interface_real) |
| 1757 | 1758 |
$ipfrules .= "pass in quick on {$cp_interface_real} proto tcp from any to {$cp_interface_ip} port { 8000 8001 } keep state\n";
|
| 1758 | 1759 |
} |
| etc/inc/shaper.inc | ||
|---|---|---|
| 3235 | 3235 |
} |
| 3236 | 3236 |
|
| 3237 | 3237 |
function delete_l7c() {
|
| 3238 |
$l7pid = `/bin/ps -ax | /usr/bin/grep ipfw-classifyd | /usr/bin/grep ". $l7rules->GetRPort() . " | /usr/bin/grep -v \"grep\" | /usr/bin/awk '{ print $1 }'`;
|
|
| 3239 |
mwexec("/bin/kill {$l7pid}");
|
|
| 3238 | 3240 |
unset_l7_object_by_reference($this->GetRName()); |
| 3239 | 3241 |
cleanup_l7_from_rules($this->GetRName()); |
| 3240 | 3242 |
} |
| ... | ... | |
| 3364 | 3366 |
read_layer7_config(); |
| 3365 | 3367 |
|
| 3366 | 3368 |
if (!empty($layer7_rules_list)) {
|
| 3367 |
mwexec("kldload ipdivert.ko");
|
|
| 3368 |
mwexec("killall -9 ipfw-classifyd");
|
|
| 3369 |
if (!is_module_loaded("ipdivert.ko"))
|
|
| 3370 |
mwexec("/sbin/kldload ipdivert.ko");
|
|
| 3371 |
//mwexec("killall -9 ipfw-classifyd");
|
|
| 3369 | 3372 |
mwexec("rm -f /tmp/*.l7");
|
| 3370 | 3373 |
} |
| 3371 | 3374 |
|
| ... | ... | |
| 3387 | 3390 |
global $layer7_rules_list; |
| 3388 | 3391 |
|
| 3389 | 3392 |
/* |
| 3390 |
* XXX: Needed ?! |
|
| 3393 |
* XXX: ermal - Needed ?!
|
|
| 3391 | 3394 |
* read_layer7_config(); |
| 3392 | 3395 |
*/ |
| 3393 | 3396 |
|
| ... | ... | |
| 3396 | 3399 |
$filename = $l7rules->GetRName() . ".l7"; |
| 3397 | 3400 |
$path = "/tmp/" . $filename; |
| 3398 | 3401 |
|
| 3399 |
// XXX: Hardcoded number of packets to garbage collect. |
|
| 3400 |
$ipfw_classifyd_init = "/usr/local/sbin/ipfw-classifyd -n 5 -c {$path} -p " . $l7rules->GetRPort() . " -P /usr/local/share/protocols";
|
|
| 3401 |
mwexec_bg($ipfw_classifyd_init); |
|
| 3402 |
unset($l7pid); |
|
| 3403 |
/* Only reread the configuration rather than restart to avoid loosing information. */ |
|
| 3404 |
$l7pid = `/bin/ps -ax | /usr/bin/grep ipfw-classifyd | /usr/bin/grep ". $l7rules->GetRPort() . " | /usr/bin/grep -v \"grep\" | /usr/bin/awk '{ print $1}'`;
|
|
| 3405 |
if (isset($l7pid)) |
|
| 3406 |
mwexec("/bin/kill -HUP {$l7pid}");
|
|
| 3407 |
else {
|
|
| 3408 |
// XXX: Hardcoded number of packets to garbage collect and queue length.. |
|
| 3409 |
$ipfw_classifyd_init = "/usr/local/sbin/ipfw-classifyd -n 5 -q 700 -c {$path} -p " . $l7rules->GetRPort() . " -P /usr/local/share/protocols";
|
|
| 3410 |
mwexec_bg($ipfw_classifyd_init); |
|
| 3411 |
} |
|
| 3402 | 3412 |
} |
| 3403 | 3413 |
} |
| 3404 | 3414 |
} |
| ... | ... | |
| 3679 | 3689 |
read_dummynet_config(); |
| 3680 | 3690 |
|
| 3681 | 3691 |
if (!empty($dummynet_pipe_list)) {
|
| 3682 |
mwexec("kldload dummynet");
|
|
| 3692 |
if (!is_module_loaded("dummynet.ko"))
|
|
| 3693 |
mwexec("/sbin/kldload dummynet");
|
|
| 3683 | 3694 |
/* XXX: Needs to be added code elsewhere to clear pipes/queues from kernel when not needed! */ |
| 3684 | 3695 |
//mwexec("pfctl -F dummynet");
|
| 3685 | 3696 |
} |
| etc/inc/util.inc | ||
|---|---|---|
| 42 | 42 |
|
| 43 | 43 |
function isvalidproc($proc) {
|
| 44 | 44 |
$running = `ps awux | grep $proc | grep -v grep | wc -l`; |
| 45 |
if(intval($running) > 1) |
|
| 45 |
if(intval($running) >= 1)
|
|
| 46 | 46 |
return true; |
| 47 | 47 |
else |
| 48 | 48 |
return false; |
| ... | ... | |
| 71 | 71 |
mwexec("/usr/bin/killall " . escapeshellarg($procname));
|
| 72 | 72 |
} |
| 73 | 73 |
|
| 74 |
function is_module_loaded($module_name) {
|
|
| 75 |
$running = `/sbin/kldstat -n {$module_name} | /usr/bin/grep {$module_name} | /usr/bin/wc -l`;
|
|
| 76 |
if (intval($running) >= 1) |
|
| 77 |
return true; |
|
| 78 |
else |
|
| 79 |
return false; |
|
| 80 |
} |
|
| 81 |
|
|
| 74 | 82 |
/* return the subnet address given a host address and a subnet bit count */ |
| 75 | 83 |
function gen_subnet($ipaddr, $bits) {
|
| 76 | 84 |
if (!is_ipaddr($ipaddr) || !is_numeric($bits)) |
Also available in: Unified diff