/src/etc/inc/upgrade_config.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/etc/inc/upgrade_config.inc @ 2b66dafa

1	791bcfd4	Bill Marquette	<?php
2			/*
3	ac24dc24	Renato Botelho	* upgrade_config.inc
4			*
5			* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	8f2f85c3	Luiz Otavio O Souza	* Copyright (c) 2014-2022 Rubicon Communications, LLC (Netgate)
9	ac24dc24	Renato Botelho	* All rights reserved.
10			*
11	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
12			* you may not use this file except in compliance with the License.
13			* You may obtain a copy of the License at
14	ac24dc24	Renato Botelho	*
15	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
16	ac24dc24	Renato Botelho	*
17	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
18			* distributed under the License is distributed on an "AS IS" BASIS,
19			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20			* See the License for the specific language governing permissions and
21			* limitations under the License.
22	995df6c3	Stephen Beaver	*/
23	791bcfd4	Bill Marquette
24	751533a2	Phil Davis	if (!function_exists("dump_rrd_to_xml")) {
25	c81ef6e2	Phil Davis	require_once("rrd.inc");
26	751533a2	Phil Davis	}
27	0b3613ef	Denny Page	if (!function_exists("read_altq_config")) {
28	c81ef6e2	Phil Davis	require_once("shaper.inc");
29	0b3613ef	Denny Page	}
30	51e2d459	Luiz Souza	if (!function_exists("console_configure")) {
31			require_once("/etc/inc/pfsense-utils.inc");
32			}
33	901aa044	Scott Ullrich
34	791bcfd4	Bill Marquette	/* Upgrade functions must be named:
35	bbaedc1b	Renato Botelho do Couto	* upgrade_XXX_to_YYY
36			* where XXX == previous version, zero padded, and YYY == next version, zero
37			* padded
38			*/
39	791bcfd4	Bill Marquette	function upgrade_010_to_011() {
40			global $config;
41			$opti = 1;
42			$ifmap = array('lan' => 'lan', 'wan' => 'wan', 'pptp' => 'pptp');
43
44			/* convert DMZ to optional, if necessary */
45			if (isset($config['interfaces']['dmz'])) {
46
47			$dmzcfg = &$config['interfaces']['dmz'];
48
49			if ($dmzcfg['if']) {
50			$config['interfaces']['opt' . $opti] = array();
51			$optcfg = &$config['interfaces']['opt' . $opti];
52
53			$optcfg['enable'] = $dmzcfg['enable'];
54			$optcfg['descr'] = "DMZ";
55			$optcfg['if'] = $dmzcfg['if'];
56			$optcfg['ipaddr'] = $dmzcfg['ipaddr'];
57			$optcfg['subnet'] = $dmzcfg['subnet'];
58
59			$ifmap['dmz'] = "opt" . $opti;
60			$opti++;
61			}
62
63			unset($config['interfaces']['dmz']);
64			}
65
66			/* convert WLAN1/2 to optional, if necessary */
67			for ($i = 1; isset($config['interfaces']['wlan' . $i]); $i++) {
68
69			if (!$config['interfaces']['wlan' . $i]['if']) {
70			unset($config['interfaces']['wlan' . $i]);
71			continue;
72			}
73
74			$wlancfg = &$config['interfaces']['wlan' . $i];
75			$config['interfaces']['opt' . $opti] = array();
76			$optcfg = &$config['interfaces']['opt' . $opti];
77
78			$optcfg['enable'] = $wlancfg['enable'];
79			$optcfg['descr'] = "WLAN" . $i;
80			$optcfg['if'] = $wlancfg['if'];
81			$optcfg['ipaddr'] = $wlancfg['ipaddr'];
82			$optcfg['subnet'] = $wlancfg['subnet'];
83			$optcfg['bridge'] = $wlancfg['bridge'];
84
85			$optcfg['wireless'] = array();
86			$optcfg['wireless']['mode'] = $wlancfg['mode'];
87			$optcfg['wireless']['ssid'] = $wlancfg['ssid'];
88			$optcfg['wireless']['channel'] = $wlancfg['channel'];
89			$optcfg['wireless']['wep'] = $wlancfg['wep'];
90
91			$ifmap['wlan' . $i] = "opt" . $opti;
92
93			unset($config['interfaces']['wlan' . $i]);
94			$opti++;
95			}
96
97			/* convert filter rules */
98	c6c398c6	jim-p	init_config_arr(array('filter', 'rule'));
99	791bcfd4	Bill Marquette	$n = count($config['filter']['rule']);
100			for ($i = 0; $i < $n; $i++) {
101
102			$fr = &$config['filter']['rule'][$i];
103
104			/* remap interface */
105	751533a2	Phil Davis	if (array_key_exists($fr['interface'], $ifmap)) {
106	791bcfd4	Bill Marquette	$fr['interface'] = $ifmap[$fr['interface']];
107	751533a2	Phil Davis	} else {
108	791bcfd4	Bill Marquette	/* remove the rule */
109	4b48d1b9	Carlos Eduardo Ramos	printf(gettext("%sWarning: filter rule removed " .
110			"(interface '%s' does not exist anymore)."), "\n", $fr['interface']);
111	791bcfd4	Bill Marquette	unset($config['filter']['rule'][$i]);
112			continue;
113			}
114
115			/* remap source network */
116			if (isset($fr['source']['network'])) {
117	751533a2	Phil Davis	if (array_key_exists($fr['source']['network'], $ifmap)) {
118	791bcfd4	Bill Marquette	$fr['source']['network'] = $ifmap[$fr['source']['network']];
119	751533a2	Phil Davis	} else {
120	791bcfd4	Bill Marquette	/* remove the rule */
121	4b48d1b9	Carlos Eduardo Ramos	printf(gettext("%sWarning: filter rule removed " .
122			"(source network '%s' does not exist anymore)."), "\n", $fr['source']['network']);
123	791bcfd4	Bill Marquette	unset($config['filter']['rule'][$i]);
124			continue;
125			}
126			}
127
128			/* remap destination network */
129			if (isset($fr['destination']['network'])) {
130	751533a2	Phil Davis	if (array_key_exists($fr['destination']['network'], $ifmap)) {
131	791bcfd4	Bill Marquette	$fr['destination']['network'] = $ifmap[$fr['destination']['network']];
132	751533a2	Phil Davis	} else {
133	791bcfd4	Bill Marquette	/* remove the rule */
134	4b48d1b9	Carlos Eduardo Ramos	printf(gettext("%sWarning: filter rule removed " .
135			"(destination network '%s' does not exist anymore)."), "\n", $fr['destination']['network']);
136	791bcfd4	Bill Marquette	unset($config['filter']['rule'][$i]);
137			continue;
138			}
139			}
140			}
141
142			/* convert shaper rules */
143	c6c398c6	jim-p	init_config_arr(array('pfqueueing', 'rule'));
144	791bcfd4	Bill Marquette	$n = count($config['pfqueueing']['rule']);
145	751533a2	Phil Davis	if (is_array($config['pfqueueing']['rule'])) {
146			for ($i = 0; $i < $n; $i++) {
147	791bcfd4	Bill Marquette
148	751533a2	Phil Davis	$fr = &$config['pfqueueing']['rule'][$i];
149	791bcfd4	Bill Marquette
150	751533a2	Phil Davis	/* remap interface */
151			if (array_key_exists($fr['interface'], $ifmap)) {
152			$fr['interface'] = $ifmap[$fr['interface']];
153			} else {
154	791bcfd4	Bill Marquette	/* remove the rule */
155	4d511e5b	Renato Botelho	printf(gettext("%sWarning: traffic shaper rule removed " .
156	751533a2	Phil Davis	"(interface '%s' does not exist anymore)."), "\n", $fr['interface']);
157	791bcfd4	Bill Marquette	unset($config['pfqueueing']['rule'][$i]);
158			continue;
159			}
160
161	751533a2	Phil Davis	/* remap source network */
162			if (isset($fr['source']['network'])) {
163			if (array_key_exists($fr['source']['network'], $ifmap)) {
164			$fr['source']['network'] = $ifmap[$fr['source']['network']];
165			} else {
166			/* remove the rule */
167			printf(gettext("%sWarning: traffic shaper rule removed " .
168			"(source network '%s' does not exist anymore)."), "\n", $fr['source']['network']);
169			unset($config['pfqueueing']['rule'][$i]);
170			continue;
171			}
172			}
173
174			/* remap destination network */
175			if (isset($fr['destination']['network'])) {
176			if (array_key_exists($fr['destination']['network'], $ifmap)) {
177			$fr['destination']['network'] = $ifmap[$fr['destination']['network']];
178			} else {
179			/* remove the rule */
180			printf(gettext("%sWarning: traffic shaper rule removed " .
181			"(destination network '%s' does not exist anymore)."), "\n", $fr['destination']['network']);
182			unset($config['pfqueueing']['rule'][$i]);
183			continue;
184			}
185	791bcfd4	Bill Marquette	}
186			}
187			}
188			}
189
190
191			function upgrade_011_to_012() {
192			global $config;
193			/* move LAN DHCP server config */
194			$tmp = $config['dhcpd'];
195			$config['dhcpd'] = array();
196			$config['dhcpd']['lan'] = $tmp;
197
198			/* encrypt password */
199			$config['system']['password'] = crypt($config['system']['password']);
200			}
201
202
203			function upgrade_012_to_013() {
204			global $config;
205			/* convert advanced outbound NAT config */
206			for ($i = 0; isset($config['nat']['advancedoutbound']['rule'][$i]); $i++) {
207			$curent = &$config['nat']['advancedoutbound']['rule'][$i];
208			$src = $curent['source'];
209			$curent['source'] = array();
210			$curent['source']['network'] = $src;
211			$curent['destination'] = array();
212			$curent['destination']['any'] = true;
213			}
214
215			/* add an explicit type="pass" to all filter rules to make things consistent */
216			for ($i = 0; isset($config['filter']['rule'][$i]); $i++) {
217			$config['filter']['rule'][$i]['type'] = "pass";
218			}
219			}
220
221
222			function upgrade_013_to_014() {
223			global $config;
224			/* convert shaper rules (make pipes) */
225			if (is_array($config['pfqueueing']['rule'])) {
226	c6c398c6	jim-p	init_config_arr(array('pfqueueing', 'pipe'));
227	791bcfd4	Bill Marquette	$config['pfqueueing']['pipe'] = array();
228
229			for ($i = 0; isset($config['pfqueueing']['rule'][$i]); $i++) {
230			$curent = &$config['pfqueueing']['rule'][$i];
231
232			/* make new pipe and associate with this rule */
233			$newpipe = array();
234			$newpipe['descr'] = $curent['descr'];
235			$newpipe['bandwidth'] = $curent['bandwidth'];
236			$newpipe['delay'] = $curent['delay'];
237			$newpipe['mask'] = $curent['mask'];
238			$config['pfqueueing']['pipe'][$i] = $newpipe;
239
240			$curent['targetpipe'] = $i;
241
242			unset($curent['bandwidth']);
243			unset($curent['delay']);
244			unset($curent['mask']);
245			}
246			}
247			}
248
249
250			function upgrade_014_to_015() {
251			global $config;
252			/* Default route moved */
253	751533a2	Phil Davis	if (isset($config['interfaces']['wan']['gateway'])) {
254			if ($config['interfaces']['wan']['gateway'] <> "") {
255	839966e3	Phil Davis	$config['system']['gateway'] = $config['interfaces']['wan']['gateway'];
256	751533a2	Phil Davis	}
257	fa6e5ba5	Phil Davis	unset($config['interfaces']['wan']['gateway']);
258	751533a2	Phil Davis	}
259	791bcfd4	Bill Marquette
260			/* Queues are no longer interface specific */
261	751533a2	Phil Davis	if (isset($config['interfaces']['lan']['schedulertype'])) {
262	791bcfd4	Bill Marquette	unset($config['interfaces']['lan']['schedulertype']);
263	751533a2	Phil Davis	}
264			if (isset($config['interfaces']['wan']['schedulertype'])) {
265	791bcfd4	Bill Marquette	unset($config['interfaces']['wan']['schedulertype']);
266	751533a2	Phil Davis	}
267	791bcfd4	Bill Marquette
268			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
269	751533a2	Phil Davis	if (isset($config['interfaces']['opt' . $i]['schedulertype'])) {
270	791bcfd4	Bill Marquette	unset($config['interfaces']['opt' . $i]['schedulertype']);
271	751533a2	Phil Davis	}
272	791bcfd4	Bill Marquette	}
273			}
274
275
276			function upgrade_015_to_016() {
277			global $config;
278			/* Alternate firmware URL moved */
279			if (isset($config['system']['firmwareurl']) && isset($config['system']['firmwarename'])) { // Only convert if both are defined.
280			$config['system']['alt_firmware_url'] = array();
281			$config['system']['alt_firmware_url']['enabled'] = "";
282			$config['system']['alt_firmware_url']['firmware_base_url'] = $config['system']['firmwareurl'];
283			$config['system']['alt_firmware_url']['firmware_filename'] = $config['system']['firmwarename'];
284	fa6e5ba5	Phil Davis	}
285			if (isset($config['system']['firmwareurl'])) {
286			unset($config['system']['firmwareurl']);
287			}
288			if (isset($config['system']['firmwarename'])) {
289			unset($config['system']['firmwarename']);
290	791bcfd4	Bill Marquette	}
291			}
292
293
294			function upgrade_016_to_017() {
295			global $config;
296			/* wipe previous shaper configuration */
297	fa6e5ba5	Phil Davis	if (isset($config['shaper']['queue'])) {
298			unset($config['shaper']['queue']);
299			}
300			if (isset($config['shaper']['rule'])) {
301			unset($config['shaper']['rule']);
302			}
303			if (isset($config['interfaces']['wan']['bandwidth'])) {
304			unset($config['interfaces']['wan']['bandwidth']);
305			}
306			if (isset($config['interfaces']['wan']['bandwidthtype'])) {
307			unset($config['interfaces']['wan']['bandwidthtype']);
308			}
309			if (isset($config['interfaces']['lan']['bandwidth'])) {
310			unset($config['interfaces']['lan']['bandwidth']);
311			}
312			if (isset($config['interfaces']['lan']['bandwidthtype'])) {
313			unset($config['interfaces']['lan']['bandwidthtype']);
314			}
315	791bcfd4	Bill Marquette	$config['shaper']['enable'] = FALSE;
316			}
317
318
319			function upgrade_017_to_018() {
320			global $config;
321	751533a2	Phil Davis	if (isset($config['proxyarp']) && is_array($config['proxyarp']['proxyarpnet'])) {
322	791bcfd4	Bill Marquette	$proxyarp = &$config['proxyarp']['proxyarpnet'];
323	751533a2	Phil Davis	foreach ($proxyarp as $arpent) {
324	791bcfd4	Bill Marquette	$vip = array();
325			$vip['mode'] = "proxyarp";
326			$vip['interface'] = $arpent['interface'];
327			$vip['descr'] = $arpent['descr'];
328			if (isset($arpent['range'])) {
329			$vip['range'] = $arpent['range'];
330			$vip['type'] = "range";
331			} else {
332			$subnet = explode('/', $arpent['network']);
333			$vip['subnet'] = $subnet[0];
334			if (isset($subnet[1])) {
335			$vip['subnet_bits'] = $subnet[1];
336			$vip['type'] = "network";
337			} else {
338			$vip['subnet_bits'] = "32";
339			$vip['type'] = "single";
340			}
341			}
342			$config['virtualip']['vip'][] = $vip;
343			}
344			unset($config['proxyarp']);
345			}
346	751533a2	Phil Davis	if (isset($config['installedpackages']) && isset($config['installedpackages']['carp']) && is_array($config['installedpackages']['carp']['config'])) {
347	791bcfd4	Bill Marquette	$carp = &$config['installedpackages']['carp']['config'];
348	751533a2	Phil Davis	foreach ($carp as $carpent) {
349	791bcfd4	Bill Marquette	$vip = array();
350			$vip['mode'] = "carp";
351			$vip['interface'] = "AUTO";
352	4d511e5b	Renato Botelho	$vip['descr'] = sprintf(gettext("CARP vhid %s"), $carpent['vhid']);
353	791bcfd4	Bill Marquette	$vip['type'] = "single";
354			$vip['vhid'] = $carpent['vhid'];
355			$vip['advskew'] = $carpent['advskew'];
356			$vip['password'] = $carpent['password'];
357			$vip['subnet'] = $carpent['ipaddress'];
358			$vip['subnet_bits'] = $carpent['netmask'];
359			$config['virtualip']['vip'][] = $vip;
360			}
361			unset($config['installedpackages']['carp']);
362			}
363			/* Server NAT is no longer needed */
364	fa6e5ba5	Phil Davis	if (isset($config['nat']['servernat'])) {
365			unset($config['nat']['servernat']);
366			}
367	791bcfd4	Bill Marquette
368			/* enable SSH */
369			if ($config['version'] == "1.8") {
370			$config['system']['sshenabled'] = true;
371			}
372			}
373
374
375			function upgrade_018_to_019() {
376			global $config;
377			}
378
379
380			function upgrade_019_to_020() {
381			global $config;
382	751533a2	Phil Davis	if (is_array($config['ipsec']['tunnel'])) {
383	791bcfd4	Bill Marquette	reset($config['ipsec']['tunnel']);
384			while (list($index, $tunnel) = each($config['ipsec']['tunnel'])) {
385			/* Sanity check on required variables */
386			/* This fixes bogus <tunnel> entries - remnant of bug #393 */
387			if (!isset($tunnel['local-subnet']) && !isset($tunnel['remote-subnet'])) {
388			unset($config['ipsec']['tunnel'][$tunnel]);
389			}
390			}
391			}
392			}
393
394			function upgrade_020_to_021() {
395			global $config;
396			/* shaper scheduler moved */
397	751533a2	Phil Davis	if (isset($config['system']['schedulertype'])) {
398	791bcfd4	Bill Marquette	$config['shaper']['schedulertype'] = $config['system']['schedulertype'];
399			unset($config['system']['schedulertype']);
400			}
401			}
402
403
404			function upgrade_021_to_022() {
405			global $config;
406			/* move gateway to wan interface */
407			$config['interfaces']['wan']['gateway'] = $config['system']['gateway'];
408			}
409
410			function upgrade_022_to_023() {
411			global $config;
412	751533a2	Phil Davis	if (isset($config['shaper'])) {
413	791bcfd4	Bill Marquette	/* wipe previous shaper configuration */
414			unset($config['shaper']);
415			}
416			}
417
418
419			function upgrade_023_to_024() {
420			global $config;
421			}
422
423
424			function upgrade_024_to_025() {
425			global $config;
426			$config['interfaces']['wan']['use_rrd_gateway'] = $config['system']['use_rrd_gateway'];
427	fa6e5ba5	Phil Davis	if (isset($config['system']['use_rrd_gateway'])) {
428			unset($config['system']['use_rrd_gateway']);
429			}
430	791bcfd4	Bill Marquette	}
431
432
433			function upgrade_025_to_026() {
434			global $config;
435			$cron_item = array();
436			$cron_item['minute'] = "0";
437			$cron_item['hour'] = "*";
438			$cron_item['mday'] = "*";
439			$cron_item['month'] = "*";
440			$cron_item['wday'] = "*";
441			$cron_item['who'] = "root";
442			$cron_item['command'] = "/usr/bin/nice -n20 newsyslog";
443
444			$config['cron']['item'][] = $cron_item;
445
446			$cron_item = array();
447			$cron_item['minute'] = "1,31";
448			$cron_item['hour'] = "0-5";
449			$cron_item['mday'] = "*";
450			$cron_item['month'] = "*";
451			$cron_item['wday'] = "*";
452			$cron_item['who'] = "root";
453			$cron_item['command'] = "/usr/bin/nice -n20 adjkerntz -a";
454
455			$config['cron']['item'][] = $cron_item;
456
457			$cron_item = array();
458			$cron_item['minute'] = "1";
459			$cron_item['hour'] = "*";
460			$cron_item['mday'] = "1";
461			$cron_item['month'] = "*";
462			$cron_item['wday'] = "*";
463			$cron_item['who'] = "root";
464			$cron_item['command'] = "/usr/bin/nice -n20 /etc/rc.update_bogons.sh";
465
466			$config['cron']['item'][] = $cron_item;
467
468			$cron_item = array();
469			$cron_item['minute'] = "*/60";
470			$cron_item['hour'] = "*";
471			$cron_item['mday'] = "*";
472			$cron_item['month'] = "*";
473			$cron_item['wday'] = "*";
474			$cron_item['who'] = "root";
475	b89270b7	Renato Botelho	$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard";
476	791bcfd4	Bill Marquette
477			$config['cron']['item'][] = $cron_item;
478
479			$cron_item = array();
480			$cron_item['minute'] = "1";
481			$cron_item['hour'] = "1";
482			$cron_item['mday'] = "*";
483			$cron_item['month'] = "*";
484			$cron_item['wday'] = "*";
485			$cron_item['who'] = "root";
486			$cron_item['command'] = "/usr/bin/nice -n20 /etc/rc.dyndns.update";
487
488			$config['cron']['item'][] = $cron_item;
489
490			$cron_item = array();
491			$cron_item['minute'] = "*/60";
492			$cron_item['hour'] = "*";
493			$cron_item['mday'] = "*";
494			$cron_item['month'] = "*";
495			$cron_item['wday'] = "*";
496			$cron_item['who'] = "root";
497			$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot";
498
499			$config['cron']['item'][] = $cron_item;
500
501			$cron_item = array();
502			$cron_item['minute'] = "*/60";
503			$cron_item['hour'] = "*";
504			$cron_item['mday'] = "*";
505			$cron_item['month'] = "*";
506			$cron_item['wday'] = "*";
507			$cron_item['who'] = "root";
508			$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 1800 snort2c";
509
510			$config['cron']['item'][] = $cron_item;
511			}
512
513
514			function upgrade_026_to_027() {
515			global $config;
516			}
517
518
519			function upgrade_027_to_028() {
520			global $config;
521			}
522
523
524			function upgrade_028_to_029() {
525			global $config;
526	c6c398c6	jim-p	init_config_arr(array('filter', 'rule'));
527	791bcfd4	Bill Marquette	$a_filter = &$config['filter']['rule'];
528	c6c398c6	jim-p	$rule_item = array();
529	791bcfd4	Bill Marquette	$rule_item['interface'] = "enc0";
530			$rule_item['type'] = "pass";
531			$rule_item['source']['any'] = true;
532			$rule_item['destination']['any'] = true;
533	4d511e5b	Renato Botelho	$rule_item['descr'] = gettext("Permit IPsec traffic.");
534	791bcfd4	Bill Marquette	$rule_item['statetype'] = "keep state";
535			$a_filter[] = $rule_item;
536			}
537
538
539			function upgrade_029_to_030() {
540			global $config;
541			/* enable the rrd config setting by default */
542			$config['rrd']['enable'] = true;
543			}
544
545
546			function upgrade_030_to_031() {
547			global $config;
548			/* Insert upgrade code here */
549			}
550
551
552			function upgrade_031_to_032() {
553			global $config;
554			/* Insert upgrade code here */
555			}
556
557
558			function upgrade_032_to_033() {
559			global $config;
560			/* Insert upgrade code here */
561			}
562
563
564			function upgrade_033_to_034() {
565			global $config;
566			/* Insert upgrade code here */
567			}
568
569
570			function upgrade_034_to_035() {
571			global $config;
572			/* Insert upgrade code here */
573			}
574
575
576			function upgrade_035_to_036() {
577			global $config;
578			/* Insert upgrade code here */
579			}
580
581
582			function upgrade_036_to_037() {
583			global $config;
584			/* Insert upgrade code here */
585			}
586
587
588			function upgrade_037_to_038() {
589			global $config;
590	db7f618b	Seth Mos	/* Insert upgrade code here */
591	791bcfd4	Bill Marquette	}
592
593
594			function upgrade_038_to_039() {
595			global $config;
596	ef026950	Ermal Lu?i	/* Insert upgrade code here */
597	791bcfd4	Bill Marquette	}
598
599
600			function upgrade_039_to_040() {
601	879f7db7	Erik Fonnesbeck	global $config, $g;
602	791bcfd4	Bill Marquette	$config['system']['webgui']['auth_method'] = "session";
603			$config['system']['webgui']['backing_method'] = "htpasswd";
604
605	fa6e5ba5	Phil Davis	if (isset($config['system']['username'])) {
606	791bcfd4	Bill Marquette	$config['system']['group'] = array();
607			$config['system']['group'][0]['name'] = "admins";
608	4d511e5b	Renato Botelho	$config['system']['group'][0]['description'] = gettext("System Administrators");
609	791bcfd4	Bill Marquette	$config['system']['group'][0]['scope'] = "system";
610	ebcdcaaa	jim-p	$config['system']['group'][0]['priv'] = "page-all";
611	791bcfd4	Bill Marquette	$config['system']['group'][0]['home'] = "index.php";
612			$config['system']['group'][0]['gid'] = "110";
613
614			$config['system']['user'] = array();
615			$config['system']['user'][0]['name'] = "{$config['system']['username']}";
616	9ff73b79	jim-p	$config['system']['user'][0]['descr'] = "System Administrator";
617	791bcfd4	Bill Marquette	$config['system']['user'][0]['scope'] = "system";
618			$config['system']['user'][0]['groupname'] = "admins";
619			$config['system']['user'][0]['password'] = "{$config['system']['password']}";
620			$config['system']['user'][0]['uid'] = "0";
621	6d8e6b22	jim-p	/* Ensure that we follow what this new "admin" username should be in the session. */
622			$_SESSION["Username"] = "{$config['system']['username']}";
623	791bcfd4	Bill Marquette
624			$config['system']['user'][0]['priv'] = array();
625			$config['system']['user'][0]['priv'][0]['id'] = "lockwc";
626			$config['system']['user'][0]['priv'][0]['name'] = "Lock webConfigurator";
627	4d511e5b	Renato Botelho	$config['system']['user'][0]['priv'][0]['descr'] = gettext("Indicates whether this user will lock access to the webConfigurator for other users.");
628	791bcfd4	Bill Marquette	$config['system']['user'][0]['priv'][1]['id'] = "lock-ipages";
629			$config['system']['user'][0]['priv'][1]['name'] = "Lock individual pages";
630	4d511e5b	Renato Botelho	$config['system']['user'][0]['priv'][1]['descr'] = gettext("Indicates whether this user will lock individual HTML pages after having accessed a particular page (the lock will be freed if the user leaves or saves the page form).");
631	791bcfd4	Bill Marquette	$config['system']['user'][0]['priv'][2]['id'] = "hasshell";
632			$config['system']['user'][0]['priv'][2]['name'] = "Has shell access";
633	4d511e5b	Renato Botelho	$config['system']['user'][0]['priv'][2]['descr'] = gettext("Indicates whether this user is able to login for example via SSH.");
634	791bcfd4	Bill Marquette	$config['system']['user'][0]['priv'][3]['id'] = "copyfiles";
635			$config['system']['user'][0]['priv'][3]['name'] = "Is allowed to copy files";
636	573ec19d	Renato Botelho do Couto	$config['system']['user'][0]['priv'][3]['descr'] = sprintf(gettext("Indicates whether this user is allowed to copy files onto the %s appliance via SCP/SFTP."), $g['product_label']);
637	791bcfd4	Bill Marquette	$config['system']['user'][0]['priv'][4]['id'] = "isroot";
638			$config['system']['user'][0]['priv'][4]['name'] = "Is root user";
639	530e4707	NOYB	$config['system']['user'][0]['priv'][4]['descr'] = gettext("This user is associated with the UNIX root user (this privilege should only be associated with one single user).");
640	791bcfd4	Bill Marquette
641			$config['system']['nextuid'] = "111";
642			$config['system']['nextgid'] = "111";
643
644			/* wipe previous auth configuration */
645	fa6e5ba5	Phil Davis	unset($config['system']['username']);
646			if (isset($config['system']['password'])) {
647			unset($config['system']['password']);
648			}
649	791bcfd4	Bill Marquette	}
650			}
651
652			function upgrade_040_to_041() {
653			global $config;
654	751533a2	Phil Davis	if (!$config['sysctl']) {
655	791bcfd4	Bill Marquette	$config['sysctl']['item'] = array();
656
657			$config['sysctl']['item'][0]['tunable'] = "net.inet.tcp.blackhole";
658	4816e5ca	Renato Botelho	$config['sysctl']['item'][0]['descr'] = gettext("Drop packets to closed TCP ports without returning a RST");
659	908c4eea	sullrich	$config['sysctl']['item'][0]['value'] = "default";
660	791bcfd4	Bill Marquette
661			$config['sysctl']['item'][1]['tunable'] = "net.inet.udp.blackhole";
662	4816e5ca	Renato Botelho	$config['sysctl']['item'][1]['descr'] = gettext("Do not send ICMP port unreachable messages for closed UDP ports");
663	908c4eea	sullrich	$config['sysctl']['item'][1]['value'] = "default";
664	791bcfd4	Bill Marquette
665			$config['sysctl']['item'][2]['tunable'] = "net.inet.ip.random_id";
666	77408e61	doktornotor	$config['sysctl']['item'][2]['descr'] = gettext("Randomize the ID field in IP packets (default is 1: Assign random IP IDs)");
667	908c4eea	sullrich	$config['sysctl']['item'][2]['value'] = "default";
668	791bcfd4	Bill Marquette
669			$config['sysctl']['item'][3]['tunable'] = "net.inet.tcp.drop_synfin";
670	4816e5ca	Renato Botelho	$config['sysctl']['item'][3]['descr'] = gettext("Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)");
671	908c4eea	sullrich	$config['sysctl']['item'][3]['value'] = "default";
672	791bcfd4	Bill Marquette
673			$config['sysctl']['item'][4]['tunable'] = "net.inet.ip.redirect";
674	4816e5ca	Renato Botelho	$config['sysctl']['item'][4]['descr'] = gettext("Sending of IPv4 ICMP redirects");
675	908c4eea	sullrich	$config['sysctl']['item'][4]['value'] = "default";
676	791bcfd4	Bill Marquette
677			$config['sysctl']['item'][5]['tunable'] = "net.inet6.ip6.redirect";
678	4816e5ca	Renato Botelho	$config['sysctl']['item'][5]['descr'] = gettext("Sending of IPv6 ICMP redirects");
679	908c4eea	sullrich	$config['sysctl']['item'][5]['value'] = "default";
680	791bcfd4	Bill Marquette
681			$config['sysctl']['item'][6]['tunable'] = "net.inet.tcp.syncookies";
682	4816e5ca	Renato Botelho	$config['sysctl']['item'][6]['descr'] = gettext("Generate SYN cookies for outbound SYN-ACK packets");
683	908c4eea	sullrich	$config['sysctl']['item'][6]['value'] = "default";
684	791bcfd4	Bill Marquette
685			$config['sysctl']['item'][7]['tunable'] = "net.inet.tcp.recvspace";
686	4816e5ca	Renato Botelho	$config['sysctl']['item'][7]['descr'] = gettext("Maximum incoming TCP datagram size");
687	908c4eea	sullrich	$config['sysctl']['item'][7]['value'] = "default";
688	791bcfd4	Bill Marquette
689			$config['sysctl']['item'][8]['tunable'] = "net.inet.tcp.sendspace";
690	4816e5ca	Renato Botelho	$config['sysctl']['item'][8]['descr'] = gettext("Maximum outgoing TCP datagram size");
691	908c4eea	sullrich	$config['sysctl']['item'][8]['value'] = "default";
692	791bcfd4	Bill Marquette
693	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][9]['tunable'] = "net.inet.tcp.delayed_ack";
694			$config['sysctl']['item'][9]['descr'] = gettext("Do not delay ACK to try and piggyback it onto a data packet");
695	908c4eea	sullrich	$config['sysctl']['item'][9]['value'] = "default";
696	791bcfd4	Bill Marquette
697	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][10]['tunable'] = "net.inet.udp.maxdgram";
698			$config['sysctl']['item'][10]['descr'] = gettext("Maximum outgoing UDP datagram size");
699	908c4eea	sullrich	$config['sysctl']['item'][10]['value'] = "default";
700	791bcfd4	Bill Marquette
701	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][11]['tunable'] = "net.link.bridge.pfil_onlyip";
702			$config['sysctl']['item'][11]['descr'] = gettext("Handling of non-IP packets which are not passed to pfil (see if_bridge(4))");
703	908c4eea	sullrich	$config['sysctl']['item'][11]['value'] = "default";
704	791bcfd4	Bill Marquette
705	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][12]['tunable'] = "net.link.tap.user_open";
706			$config['sysctl']['item'][12]['descr'] = gettext("Allow unprivileged access to tap(4) device nodes");
707	908c4eea	sullrich	$config['sysctl']['item'][12]['value'] = "default";
708	791bcfd4	Bill Marquette
709	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][13]['tunable'] = "kern.randompid";
710			$config['sysctl']['item'][13]['descr'] = gettext("Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())");
711	908c4eea	sullrich	$config['sysctl']['item'][13]['value'] = "default";
712	791bcfd4	Bill Marquette
713	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][14]['tunable'] = "net.inet.tcp.inflight.enable";
714			$config['sysctl']['item'][14]['descr'] = gettext("The system will attempt to calculate the bandwidth delay product for each connection and limit the amount of data queued to the network to just the amount required to maintain optimum throughput. ");
715			$config['sysctl']['item'][14]['value'] = "default";
716
717			$config['sysctl']['item'][15]['tunable'] = "net.inet.icmp.icmplim";
718			$config['sysctl']['item'][15]['descr'] = gettext("Set ICMP Limits");
719	908c4eea	sullrich	$config['sysctl']['item'][15]['value'] = "default";
720	791bcfd4	Bill Marquette
721	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][16]['tunable'] = "net.inet.tcp.tso";
722			$config['sysctl']['item'][16]['descr'] = gettext("TCP Offload engine");
723	908c4eea	sullrich	$config['sysctl']['item'][16]['value'] = "default";
724	791bcfd4	Bill Marquette
725	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][17]['tunable'] = "net.inet.ip.portrange.first";
726			$config['sysctl']['item'][17]['descr'] = "Set the ephemeral port range starting port";
727	908c4eea	sullrich	$config['sysctl']['item'][17]['value'] = "default";
728	791bcfd4	Bill Marquette
729	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][18]['tunable'] = "hw.syscons.kbd_reboot";
730			$config['sysctl']['item'][18]['descr'] = "Enables ctrl+alt+delete";
731	908c4eea	sullrich	$config['sysctl']['item'][18]['value'] = "default";
732	2d563280	Renato Botelho
733	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][19]['tunable'] = "kern.ipc.maxsockbuf";
734			$config['sysctl']['item'][19]['descr'] = "Maximum socket buffer size";
735	558dda01	Scott Ullrich	$config['sysctl']['item'][19]['value'] = "default";
736	908c4eea	sullrich
737	791bcfd4	Bill Marquette	}
738			}
739
740
741			function upgrade_041_to_042() {
742			global $config;
743	751533a2	Phil Davis	if (isset($config['shaper'])) {
744	791bcfd4	Bill Marquette	unset($config['shaper']);
745	751533a2	Phil Davis	}
746			if (isset($config['ezshaper'])) {
747	791bcfd4	Bill Marquette	unset($config['ezshaper']);
748	751533a2	Phil Davis	}
749	791bcfd4	Bill Marquette	}
750
751
752			function upgrade_042_to_043() {
753			global $config;
754			/* migrate old interface gateway to the new gateways config */
755	80fe8369	Phil Davis	$iflist = get_configured_interface_list(true);
756	791bcfd4	Bill Marquette	$gateways = array();
757			$i = 0;
758	751533a2	Phil Davis	foreach ($iflist as $ifname => $interface) {
759	4de8f7ba	Phil Davis	if (!interface_has_gateway($ifname)) {
760	fc85edaf	Seth Mos	continue;
761			}
762	b314ab72	Ermal	$config['gateways']['gateway_item'][$i] = array();
763	751533a2	Phil Davis	if (is_ipaddr($config['interfaces'][$ifname]['gateway'])) {
764	3240836a	Seth Mos	$config['gateways']['gateway_item'][$i]['gateway'] = $config['interfaces'][$ifname]['gateway'];
765	4d511e5b	Renato Botelho	$config['gateways']['gateway_item'][$i]['descr'] = sprintf(gettext("Interface %s Static Gateway"), $ifname);
766	2328dcc5	Seth Mos	} else {
767			$config['gateways']['gateway_item'][$i]['gateway'] = "dynamic";
768	4d511e5b	Renato Botelho	$config['gateways']['gateway_item'][$i]['descr'] = sprintf(gettext("Interface %s Dynamic Gateway"), $ifname);
769	2328dcc5	Seth Mos	}
770			$config['gateways']['gateway_item'][$i]['interface'] = $ifname;
771			$config['gateways']['gateway_item'][$i]['name'] = "GW_" . strtoupper($ifname);
772			/* add default gateway bit for wan on upgrade */
773	751533a2	Phil Davis	if ($ifname == "wan") {
774	2d563280	Renato Botelho	$config['gateways']['gateway_item'][$i]['defaultgw'] = true;
775	2328dcc5	Seth Mos	}
776	751533a2	Phil Davis	if (is_ipaddr($config['interfaces'][$ifname]['use_rrd_gateway'])) {
777	2328dcc5	Seth Mos	$config['gateways']['gateway_item'][$i]['monitor'] = $config['interfaces'][$ifname]['use_rrd_gateway'];
778			unset($config['interfaces'][$ifname]['use_rrd_gateway']);
779			}
780			$config['interfaces'][$ifname]['gateway'] = $config['gateways']['gateway_item'][$i]['name'];
781	3240836a	Seth Mos
782	2328dcc5	Seth Mos	/* Update all filter rules which might reference this gateway */
783			$j = 0;
784	751533a2	Phil Davis	foreach ($config['filter']['rule'] as $rule) {
785			if (is_ipaddr($rule['gateway'])) {
786			if ($rule['gateway'] == $config['gateways']['gateway_item'][$i]['gateway']) {
787	6364b88b	Ermal	$config['filter']['rule'][$j]['gateway'] = $config['gateways']['gateway_item'][$i]['name'];
788	751533a2	Phil Davis	} else if ($rule['gateway'] == $ifname) {
789	6364b88b	Ermal	$config['filter']['rule'][$j]['gateway'] = $config['gateways']['gateway_item'][$i]['name'];
790	751533a2	Phil Davis	}
791	3240836a	Seth Mos	}
792	2328dcc5	Seth Mos	$j++;
793	791bcfd4	Bill Marquette	}
794	c9ba2835	smos
795			/* rename old Quality RRD files in the process */
796			$rrddbpath = "/var/db/rrd";
797			$gwname = "GW_" . strtoupper($ifname);
798	751533a2	Phil Davis	if (is_readable("{$rrddbpath}/{$ifname}-quality.rrd")) {
799	c9ba2835	smos	rename("{$rrddbpath}/{$ifname}-quality.rrd", "{$rrddbpath}/{$gwname}-quality.rrd");
800			}
801	2328dcc5	Seth Mos	$i++;
802	791bcfd4	Bill Marquette	}
803			}
804
805
806			function upgrade_043_to_044() {
807			global $config;
808	a842e988	Ermal
809			/* migrate static routes to the new gateways config */
810			$gateways = return_gateways_array(true);
811	6cae2c44	Ermal	$i = 0;
812	a842e988	Ermal	if (is_array($config['staticroutes']['route'])) {
813	323f3f9c	smos	$gwmap = array();
814	a842e988	Ermal	foreach ($config['staticroutes']['route'] as $idx => $sroute) {
815			$found = false;
816			foreach ($gateways as $gwname => $gw) {
817			if ($gw['gateway'] == $sroute['gateway']) {
818			$config['staticroutes']['route'][$idx]['gateway'] = $gwname;
819			$found = true;
820			break;
821			}
822			}
823	751533a2	Phil Davis	if ($gwmap[$sroute['gateway']]) {
824	323f3f9c	smos	/* We already added a gateway name for this IP */
825			$config['staticroutes']['route'][$idx]['gateway'] = "{$gwmap[$sroute['gateway']]}";
826			$found = true;
827	2d563280	Renato Botelho	}
828
829	a842e988	Ermal	if ($found == false) {
830			$gateway = array();
831	323f3f9c	smos	$gateway['name'] = "SROUTE{$i}";
832			$gwmap[$sroute['gateway']] = $gateway['name'];
833	a842e988	Ermal	$gateway['gateway'] = $sroute['gateway'];
834			$gateway['interface'] = $sroute['interface'];
835	4d511e5b	Renato Botelho	$gateway['descr'] = sprintf(gettext("Upgraded static route for %s"), $sroute['network']);
836	751533a2	Phil Davis	if (!is_array($config['gateways']['gateway_item'])) {
837	a842e988	Ermal	$config['gateways']['gateway_item'] = array();
838	751533a2	Phil Davis	}
839	a842e988	Ermal	$config['gateways']['gateway_item'][] = $gateway;
840			$config['staticroutes']['route'][$idx]['gateway'] = $gateway['name'];
841	6cae2c44	Ermal	$i++;
842	a842e988	Ermal	}
843			}
844			}
845	791bcfd4	Bill Marquette	}
846
847
848			function upgrade_044_to_045() {
849			global $config;
850	80fe8369	Phil Davis	$iflist = get_configured_interface_list(true);
851	791bcfd4	Bill Marquette	if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) {
852	3d039701	smos	$i = 0;
853	da74e673	Seth Mos	foreach ($config['vlans']['vlan'] as $id => $vlan) {
854			/* Make sure to update the interfaces section with the right name */
855	62958eae	smos	$vlan_name = "{$vlan['if']}_vlan{$vlan['tag']}";
856	751533a2	Phil Davis	foreach ($iflist as $ifname) {
857			if ($config['interfaces'][$ifname]['if'] == "vlan{$i}") {
858	62958eae	smos	$config['interfaces'][$ifname]['if'] = $vlan_name;
859			continue;
860	da74e673	Seth Mos	}
861			}
862	62958eae	smos	$config['vlans']['vlan'][$i]['vlanif'] = "{$vlan_name}";
863	2d563280	Renato Botelho	$i++;
864	da74e673	Seth Mos	}
865	791bcfd4	Bill Marquette	}
866			}
867
868
869			function upgrade_045_to_046() {
870			global $config;
871	2d563280	Renato Botelho	/* Load up monitors that are in the default config for 2.0 but not in 1.2.3
872	506514e7	jim-p	thus wouldn't be in an upgraded config. */
873			$config['load_balancer']['monitor_type'] = array (
874	751533a2	Phil Davis	array ('name' => 'ICMP',
875	506514e7	jim-p	'type' => 'icmp',
876			'descr' => 'ICMP',
877			'options' => '',
878			),
879	751533a2	Phil Davis	array ('name' => 'TCP',
880	506514e7	jim-p	'type' => 'tcp',
881			'descr' => 'Generic TCP',
882			'options' => '',
883			),
884	751533a2	Phil Davis	array ('name' => 'HTTP',
885	506514e7	jim-p	'type' => 'http',
886			'descr' => 'Generic HTTP',
887			'options' =>
888	751533a2	Phil Davis	array ('path' => '/',
889	506514e7	jim-p	'host' => '',
890			'code' => '200',
891			),
892			),
893	751533a2	Phil Davis	array ('name' => 'HTTPS',
894	506514e7	jim-p	'type' => 'https',
895			'descr' => 'Generic HTTPS',
896			'options' =>
897	751533a2	Phil Davis	array ('path' => '/',
898	506514e7	jim-p	'host' => '',
899			'code' => '200',
900			),
901			),
902	751533a2	Phil Davis	array ('name' => 'SMTP',
903	506514e7	jim-p	'type' => 'send',
904			'descr' => 'Generic SMTP',
905			'options' =>
906	751533a2	Phil Davis	array ('send' => '',
907	520d4137	jim-p	'expect' => '220 *',
908	506514e7	jim-p	),
909			),
910			);
911	791bcfd4	Bill Marquette	/* Upgrade load balancer from slb to relayd */
912			if (is_array($config['load_balancer']['virtual_server']) && count($config['load_balancer']['virtual_server'])) {
913			$vs_a = &$config['load_balancer']['virtual_server'];
914	c6c398c6	jim-p	init_config_arr(array('load_balancer', 'lbpool'));
915	791bcfd4	Bill Marquette	$pool_a = &$config['load_balancer']['lbpool'];
916			$pools = array();
917	25753b5b	sullrich	/* Index pools by name */
918	751533a2	Phil Davis	if (is_array($pool_a)) {
919	791bcfd4	Bill Marquette	for ($i = 0; isset($pool_a[$i]); $i++) {
920	751533a2	Phil Davis	if ($pool_a[$i]['type'] == "server") {
921	791bcfd4	Bill Marquette	$pools[$pool_a[$i]['name']] = $pool_a[$i];
922			}
923			}
924			}
925			/* Convert sitedown entries to pools and re-attach */
926			for ($i = 0; isset($vs_a[$i]); $i++) {
927	d30afa60	jim-p	/* Set mode while we're here. */
928			$vs_a[$i]['mode'] = "redirect_mode";
929	791bcfd4	Bill Marquette	if (isset($vs_a[$i]['sitedown'])) {
930			$pool = array();
931			$pool['type'] = 'server';
932			$pool['behaviour'] = 'balance';
933			$pool['name'] = "{$vs_a[$i]['name']}-sitedown";
934	4816e5ca	Renato Botelho	$pool['descr'] = sprintf(gettext("Sitedown pool for VS: %s"), $vs_a[$i]['name']);
935	751533a2	Phil Davis	if (is_array($vs_a[$i]['pool'])) {
936	6e9b046e	jim-p	$vs_a[$i]['pool'] = $vs_a[$i]['pool'][0];
937	751533a2	Phil Davis	}
938	791bcfd4	Bill Marquette	$pool['port'] = $pools[$vs_a[$i]['pool']]['port'];
939			$pool['servers'] = array();
940			$pool['servers'][] = $vs_a[$i]['sitedown'];
941			$pool['monitor'] = $pools[$vs_a[$i]['pool']]['monitor'];
942			$pool_a[] = $pool;
943			$vs_a[$i]['sitedown'] = $pool['name'];
944			}
945			}
946			}
947	751533a2	Phil Davis	if (count($config['load_balancer']) == 0) {
948	0b5b4f32	Seth Mos	unset($config['load_balancer']);
949			}
950	791bcfd4	Bill Marquette	}
951
952
953			function upgrade_046_to_047() {
954			global $config;
955			/* Upgrade IPsec from tunnel to phase1/phase2 */
956
957	751533a2	Phil Davis	if (is_array($config['ipsec']['tunnel'])) {
958	791bcfd4	Bill Marquette
959			$a_phase1 = array();
960			$a_phase2 = array();
961			$ikeid = 0;
962
963			foreach ($config['ipsec']['tunnel'] as $tunnel) {
964
965			unset($ph1ent);
966			unset($ph2ent);
967
968			/*
969			* attempt to locate an enabled phase1
970			* entry that matches the peer gateway
971			*/
972
973			if (!isset($tunnel['disabled'])) {
974
975			$remote_gateway = $tunnel['remote-gateway'];
976
977			foreach ($a_phase1 as $ph1tmp) {
978			if ($ph1tmp['remote-gateway'] == $remote_gateway) {
979			$ph1ent = $ph1tmp;
980			break;
981			}
982			}
983			}
984
985			/* none found, create a new one */
986
987	751533a2	Phil Davis	if (!isset($ph1ent)) {
988	791bcfd4	Bill Marquette
989			/* build new phase1 entry */
990
991			$ph1ent = array();
992
993			$ph1ent['ikeid'] = ++$ikeid;
994
995	751533a2	Phil Davis	if (isset($tunnel['disabled'])) {
996	791bcfd4	Bill Marquette	$ph1ent['disabled'] = $tunnel['disabled'];
997	751533a2	Phil Davis	}
998	791bcfd4	Bill Marquette
999	443f2e6e	smos	/* convert to the new vip[$vhid] name */
1000	751533a2	Phil Davis	if (preg_match("/^carp/", $tunnel['interface'])) {
1001	bc75a430	smos	$carpid = str_replace("carp", "", $tunnel['interface']);
1002	4aa58d46	smos	$tunnel['interface'] = "vip" . $config['virtualip']['vip'][$carpid]['vhid'];
1003	443f2e6e	smos	}
1004	791bcfd4	Bill Marquette	$ph1ent['interface'] = $tunnel['interface'];
1005			$ph1ent['remote-gateway'] = $tunnel['remote-gateway'];
1006			$ph1ent['descr'] = $tunnel['descr'];
1007
1008			$ph1ent['mode'] = $tunnel['p1']['mode'];
1009
1010	751533a2	Phil Davis	if (isset($tunnel['p1']['myident']['myaddress'])) {
1011	791bcfd4	Bill Marquette	$ph1ent['myid_type'] = "myaddress";
1012	751533a2	Phil Davis	}
1013	791bcfd4	Bill Marquette	if (isset($tunnel['p1']['myident']['address'])) {
1014			$ph1ent['myid_type'] = "address";
1015			$ph1ent['myid_data'] = $tunnel['p1']['myident']['address'];
1016			}
1017			if (isset($tunnel['p1']['myident']['fqdn'])) {
1018			$ph1ent['myid_type'] = "fqdn";
1019			$ph1ent['myid_data'] = $tunnel['p1']['myident']['fqdn'];
1020			}
1021	dfa11031	jim-p	if (isset($tunnel['p1']['myident']['ufqdn'])) {
1022	791bcfd4	Bill Marquette	$ph1ent['myid_type'] = "user_fqdn";
1023	dfa11031	jim-p	$ph1ent['myid_data'] = $tunnel['p1']['myident']['ufqdn'];
1024	791bcfd4	Bill Marquette	}
1025			if (isset($tunnel['p1']['myident']['asn1dn'])) {
1026			$ph1ent['myid_type'] = "asn1dn";
1027			$ph1ent['myid_data'] = $tunnel['p1']['myident']['asn1dn'];
1028			}
1029			if (isset($tunnel['p1']['myident']['dyn_dns'])) {
1030			$ph1ent['myid_type'] = "dyn_dns";
1031			$ph1ent['myid_data'] = $tunnel['p1']['myident']['dyn_dns'];
1032			}
1033
1034			$ph1ent['peerid_type'] = "peeraddress";
1035
1036			switch ($tunnel['p1']['encryption-algorithm']) {
1037			case "des":
1038	751533a2	Phil Davis	$ph1alg = array('name' => 'des');
1039			break;
1040	791bcfd4	Bill Marquette	case "3des":
1041	751533a2	Phil Davis	$ph1alg = array('name' => '3des');
1042			break;
1043	791bcfd4	Bill Marquette	case "blowfish":
1044	751533a2	Phil Davis	$ph1alg = array('name' => 'blowfish', 'keylen' => '128');
1045			break;
1046	791bcfd4	Bill Marquette	case "cast128":
1047	751533a2	Phil Davis	$ph1alg = array('name' => 'cast128');
1048			break;
1049	791bcfd4	Bill Marquette	case "rijndael":
1050	751533a2	Phil Davis	$ph1alg = array('name' => 'aes', 'keylen' => '128');
1051			break;
1052	791bcfd4	Bill Marquette	case "rijndael 256":
1053	a5187d43	jim-p	case "aes 256":
1054	751533a2	Phil Davis	$ph1alg = array('name' => 'aes', 'keylen' => '256');
1055			break;
1056	791bcfd4	Bill Marquette	}
1057
1058			$ph1ent['encryption-algorithm'] = $ph1alg;
1059			$ph1ent['hash-algorithm'] = $tunnel['p1']['hash-algorithm'];
1060			$ph1ent['dhgroup'] = $tunnel['p1']['dhgroup'];
1061			$ph1ent['lifetime'] = $tunnel['p1']['lifetime'];
1062			$ph1ent['authentication_method'] = $tunnel['p1']['authentication_method'];
1063
1064	751533a2	Phil Davis	if (isset($tunnel['p1']['pre-shared-key'])) {
1065	791bcfd4	Bill Marquette	$ph1ent['pre-shared-key'] = $tunnel['p1']['pre-shared-key'];
1066	751533a2	Phil Davis	}
1067			if (isset($tunnel['p1']['cert'])) {
1068	791bcfd4	Bill Marquette	$ph1ent['cert'] = $tunnel['p1']['cert'];
1069	751533a2	Phil Davis	}
1070			if (isset($tunnel['p1']['peercert'])) {
1071	791bcfd4	Bill Marquette	$ph1ent['peercert'] = $tunnel['p1']['peercert'];
1072	751533a2	Phil Davis	}
1073			if (isset($tunnel['p1']['private-key'])) {
1074	791bcfd4	Bill Marquette	$ph1ent['private-key'] = $tunnel['p1']['private-key'];
1075	751533a2	Phil Davis	}
1076	791bcfd4	Bill Marquette
1077			$ph1ent['nat_traversal'] = "on";
1078			$ph1ent['dpd_enable'] = 1;
1079			$ph1ent['dpd_delay'] = 10;
1080			$ph1ent['dpd_maxfail'] = 5;
1081
1082			$a_phase1[] = $ph1ent;
1083			}
1084
1085			/* build new phase2 entry */
1086
1087			$ph2ent = array();
1088
1089			$ph2ent['ikeid'] = $ph1ent['ikeid'];
1090
1091	751533a2	Phil Davis	if (isset($tunnel['disabled'])) {
1092	791bcfd4	Bill Marquette	$ph1ent['disabled'] = $tunnel['disabled'];
1093	751533a2	Phil Davis	}
1094	791bcfd4	Bill Marquette
1095	4d511e5b	Renato Botelho	$ph2ent['descr'] = sprintf(gettext("phase2 for %s"), $tunnel['descr']);
1096	791bcfd4	Bill Marquette
1097			$type = "lan";
1098	751533a2	Phil Davis	if ($tunnel['local-subnet']['network']) {
1099	791bcfd4	Bill Marquette	$type = $tunnel['local-subnet']['network'];
1100	751533a2	Phil Davis	}
1101	791bcfd4	Bill Marquette	if ($tunnel['local-subnet']['address']) {
1102	4de8f7ba	Phil Davis	list($address, $netbits) = explode("/", $tunnel['local-subnet']['address']);
1103	751533a2	Phil Davis	if (is_null($netbits)) {
1104	791bcfd4	Bill Marquette	$type = "address";
1105	751533a2	Phil Davis	} else {
1106	791bcfd4	Bill Marquette	$type = "network";
1107	751533a2	Phil Davis	}
1108	791bcfd4	Bill Marquette	}
1109
1110			switch ($type) {
1111			case "address":
1112	4de8f7ba	Phil Davis	$ph2ent['localid'] = array('type' => $type, 'address' => $address);
1113	751533a2	Phil Davis	break;
1114	791bcfd4	Bill Marquette	case "network":
1115	4de8f7ba	Phil Davis	$ph2ent['localid'] = array('type' => $type, 'address' => $address, 'netbits' => $netbits);
1116	751533a2	Phil Davis	break;
1117	791bcfd4	Bill Marquette	default:
1118	751533a2	Phil Davis	$ph2ent['localid'] = array('type' => $type);
1119			break;
1120	791bcfd4	Bill Marquette	}
1121
1122	4de8f7ba	Phil Davis	list($address, $netbits) = explode("/", $tunnel['remote-subnet']);
1123			$ph2ent['remoteid'] = array('type' => 'network', 'address' => $address, 'netbits' => $netbits);
1124	791bcfd4	Bill Marquette
1125			$ph2ent['protocol'] = $tunnel['p2']['protocol'];
1126
1127			$aes_count = 0;
1128	751533a2	Phil Davis	foreach ($tunnel['p2']['encryption-algorithm-option'] as $tunalg) {
1129	791bcfd4	Bill Marquette	$aes_found = false;
1130			switch ($tunalg) {
1131			case "des":
1132	751533a2	Phil Davis	$ph2alg = array('name' => 'des');
1133			break;
1134	791bcfd4	Bill Marquette	case "3des":
1135	751533a2	Phil Davis	$ph2alg = array('name' => '3des');
1136			break;
1137	791bcfd4	Bill Marquette	case "blowfish":
1138	751533a2	Phil Davis	$ph2alg = array('name' => 'blowfish', 'keylen' => 'auto');
1139			break;
1140	791bcfd4	Bill Marquette	case "cast128":
1141	751533a2	Phil Davis	$ph2alg = array('name' => 'cast128');
1142			break;
1143	791bcfd4	Bill Marquette	case "rijndael":
1144			case "rijndael 256":
1145	a5187d43	jim-p	case "aes 256":
1146	751533a2	Phil Davis	$ph2alg = array('name' => 'aes', 'keylen' => 'auto');
1147			$aes_found = true;
1148			$aes_count++;
1149			break;
1150	791bcfd4	Bill Marquette	}
1151
1152	751533a2	Phil Davis	if (!$aes_found \|\| ($aes_count < 2)) {
1153	791bcfd4	Bill Marquette	$ph2ent['encryption-algorithm-option'][] = $ph2alg;
1154	751533a2	Phil Davis	}
1155	791bcfd4	Bill Marquette	}
1156
1157			$ph2ent['hash-algorithm-option'] = $tunnel['p2']['hash-algorithm-option'];
1158			$ph2ent['pfsgroup'] = $tunnel['p2']['pfsgroup'];
1159			$ph2ent['lifetime'] = $tunnel['p2']['lifetime'];
1160
1161	751533a2	Phil Davis	if (isset($tunnel['pinghost']['pinghost'])) {
1162	87e07f52	mgrooms	$ph2ent['pinghost'] = $tunnel['pinghost'];
1163	751533a2	Phil Davis	}
1164	87e07f52	mgrooms
1165	791bcfd4	Bill Marquette	$a_phase2[] = $ph2ent;
1166			}
1167
1168			unset($config['ipsec']['tunnel']);
1169			$config['ipsec']['phase1'] = $a_phase1;
1170			$config['ipsec']['phase2'] = $a_phase2;
1171			}
1172	49bb5c07	jim-p
1173			/* Upgrade Mobile IPsec */
1174	751533a2	Phil Davis	if (isset($config['ipsec']['mobileclients']) &&
1175			is_array($config['ipsec']['mobileclients']) &&
1176			is_array($config['ipsec']['mobileclients']['p1']) &&
1177			is_array($config['ipsec']['mobileclients']['p2'])) {
1178	49bb5c07	jim-p
1179			if (isset($config['ipsec']['mobileclients']['enable'])) {
1180			$config['ipsec']['client']['enable'] = true;
1181			$config['ipsec']['client']['user_source'] = 'system';
1182			$config['ipsec']['client']['group_source'] = 'system';
1183			}
1184
1185			$mobilecfg = $config['ipsec']['mobileclients'];
1186
1187			$ph1ent = array();
1188			$ph1ent['ikeid'] = ++$ikeid;
1189
1190	751533a2	Phil Davis	if (!isset($mobilecfg['enable'])) {
1191	49bb5c07	jim-p	$ph1ent['disabled'] = true;
1192	751533a2	Phil Davis	}
1193	49bb5c07	jim-p
1194			/* Assume WAN since mobile tunnels couldn't be on a separate interface on 1.2.x */
1195			$ph1ent['interface'] = 'wan';
1196			$ph1ent['descr'] = "Mobile Clients (upgraded)";
1197			$ph1ent['mode'] = $mobilecfg['p1']['mode'];
1198
1199	751533a2	Phil Davis	if (isset($mobilecfg['p1']['myident']['myaddress'])) {
1200	49bb5c07	jim-p	$ph1ent['myid_type'] = "myaddress";
1201	751533a2	Phil Davis	}
1202	49bb5c07	jim-p	if (isset($mobilecfg['p1']['myident']['address'])) {
1203			$ph1ent['myid_type'] = "address";
1204			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['address'];
1205			}
1206			if (isset($mobilecfg['p1']['myident']['fqdn'])) {
1207			$ph1ent['myid_type'] = "fqdn";
1208			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['fqdn'];
1209			}
1210			if (isset($mobilecfg['p1']['myident']['ufqdn'])) {
1211			$ph1ent['myid_type'] = "user_fqdn";
1212			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['ufqdn'];
1213			}
1214			if (isset($mobilecfg['p1']['myident']['asn1dn'])) {
1215			$ph1ent['myid_type'] = "asn1dn";
1216			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['asn1dn'];
1217			}
1218			if (isset($mobilecfg['p1']['myident']['dyn_dns'])) {
1219			$ph1ent['myid_type'] = "dyn_dns";
1220			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['dyn_dns'];
1221			}
1222			$ph1ent['peerid_type'] = "fqdn";
1223			$ph1ent['peerid_data'] = "";
1224
1225			switch ($mobilecfg['p1']['encryption-algorithm']) {
1226			case "des":
1227	751533a2	Phil Davis	$ph1alg = array('name' => 'des');
1228			break;
1229	49bb5c07	jim-p	case "3des":
1230	751533a2	Phil Davis	$ph1alg = array('name' => '3des');
1231			break;
1232	49bb5c07	jim-p	case "blowfish":
1233	751533a2	Phil Davis	$ph1alg = array('name' => 'blowfish', 'keylen' => '128');
1234			break;
1235	49bb5c07	jim-p	case "cast128":
1236	751533a2	Phil Davis	$ph1alg = array('name' => 'cast128');
1237			break;
1238	49bb5c07	jim-p	case "rijndael":
1239	751533a2	Phil Davis	$ph1alg = array('name' => 'aes', 'keylen' => '128');
1240			break;
1241	49bb5c07	jim-p	case "rijndael 256":
1242	a5187d43	jim-p	case "aes 256":
1243	751533a2	Phil Davis	$ph1alg = array('name' => 'aes', 'keylen' => '256');
1244			break;
1245	49bb5c07	jim-p	}
1246
1247			$ph1ent['encryption-algorithm'] = $ph1alg;
1248			$ph1ent['hash-algorithm'] = $mobilecfg['p1']['hash-algorithm'];
1249			$ph1ent['dhgroup'] = $mobilecfg['p1']['dhgroup'];
1250			$ph1ent['lifetime'] = $mobilecfg['p1']['lifetime'];
1251			$ph1ent['authentication_method'] = $mobilecfg['p1']['authentication_method'];
1252
1253	751533a2	Phil Davis	if (isset($mobilecfg['p1']['cert'])) {
1254	49bb5c07	jim-p	$ph1ent['cert'] = $mobilecfg['p1']['cert'];
1255	751533a2	Phil Davis	}
1256			if (isset($mobilecfg['p1']['peercert'])) {
1257	49bb5c07	jim-p	$ph1ent['peercert'] = $mobilecfg['p1']['peercert'];
1258	751533a2	Phil Davis	}
1259			if (isset($mobilecfg['p1']['private-key'])) {
1260	49bb5c07	jim-p	$ph1ent['private-key'] = $mobilecfg['p1']['private-key'];
1261	751533a2	Phil Davis	}
1262	49bb5c07	jim-p
1263			$ph1ent['nat_traversal'] = "on";
1264			$ph1ent['dpd_enable'] = 1;
1265			$ph1ent['dpd_delay'] = 10;
1266			$ph1ent['dpd_maxfail'] = 5;
1267			$ph1ent['mobile'] = true;
1268
1269			$ph2ent = array();
1270			$ph2ent['ikeid'] = $ph1ent['ikeid'];
1271			$ph2ent['descr'] = "phase2 for ".$mobilecfg['descr'];
1272			$ph2ent['localid'] = array('type' => 'none');
1273			$ph2ent['remoteid'] = array('type' => 'mobile');
1274			$ph2ent['protocol'] = $mobilecfg['p2']['protocol'];
1275
1276			$aes_count = 0;
1277	751533a2	Phil Davis	foreach ($mobilecfg['p2']['encryption-algorithm-option'] as $tunalg) {
1278	49bb5c07	jim-p	$aes_found = false;
1279			switch ($tunalg) {
1280			case "des":
1281	751533a2	Phil Davis	$ph2alg = array('name' => 'des');
1282			break;
1283	49bb5c07	jim-p	case "3des":
1284	751533a2	Phil Davis	$ph2alg = array('name' => '3des');
1285			break;
1286	49bb5c07	jim-p	case "blowfish":
1287	751533a2	Phil Davis	$ph2alg = array('name' => 'blowfish', 'keylen' => 'auto');
1288			break;
1289	49bb5c07	jim-p	case "cast128":
1290	751533a2	Phil Davis	$ph2alg = array('name' => 'cast128');
1291			break;
1292	49bb5c07	jim-p	case "rijndael":
1293			case "rijndael 256":
1294	a5187d43	jim-p	case "aes 256":
1295	751533a2	Phil Davis	$ph2alg = array('name' => 'aes', 'keylen' => 'auto');
1296			$aes_found = true;
1297			$aes_count++;
1298			break;
1299	49bb5c07	jim-p	}
1300
1301	751533a2	Phil Davis	if (!$aes_found \|\| ($aes_count < 2)) {
1302	49bb5c07	jim-p	$ph2ent['encryption-algorithm-option'][] = $ph2alg;
1303	751533a2	Phil Davis	}
1304	49bb5c07	jim-p	}
1305			$ph2ent['hash-algorithm-option'] = $mobilecfg['p2']['hash-algorithm-option'];
1306			$ph2ent['pfsgroup'] = $mobilecfg['p2']['pfsgroup'];
1307			$ph2ent['lifetime'] = $mobilecfg['p2']['lifetime'];
1308			$ph2ent['mobile'] = true;
1309
1310			$config['ipsec']['phase1'][] = $ph1ent;
1311			$config['ipsec']['phase2'][] = $ph2ent;
1312			unset($config['ipsec']['mobileclients']);
1313			}
1314	791bcfd4	Bill Marquette	}
1315
1316
1317			function upgrade_047_to_048() {
1318			global $config;
1319	e31c90fc	Ermal	if (!empty($config['dyndns'])) {
1320			$config['dyndnses'] = array();
1321			$config['dyndnses']['dyndns'] = array();
1322	751533a2	Phil Davis	if (isset($config['dyndns'][0]['host'])) {
1323	246aceaa	smos	$tempdyn = array();
1324			$tempdyn['enable'] = isset($config['dyndns'][0]['enable']);
1325			$tempdyn['type'] = $config['dyndns'][0]['type'];
1326			$tempdyn['wildcard'] = isset($config['dyndns'][0]['wildcard']);
1327	7d62c4c8	Ermal	$tempdyn['username'] = $config['dyndns'][0]['username'];
1328			$tempdyn['password'] = $config['dyndns'][0]['password'];
1329	246aceaa	smos	$tempdyn['host'] = $config['dyndns'][0]['host'];
1330	2d563280	Renato Botelho	$tempdyn['mx'] = $config['dyndns'][0]['mx'];
1331	246aceaa	smos	$tempdyn['interface'] = "wan";
1332	4d511e5b	Renato Botelho	$tempdyn['descr'] = sprintf(gettext("Upgraded Dyndns %s"), $tempdyn['type']);
1333	246aceaa	smos	$config['dyndnses']['dyndns'][] = $tempdyn;
1334			}
1335	791bcfd4	Bill Marquette	unset($config['dyndns']);
1336	2d563280	Renato Botelho	}
1337	e31c90fc	Ermal	if (!empty($config['dnsupdate'])) {
1338	2b1b78e6	jim-p	$pconfig = $config['dnsupdate'][0];
1339	751533a2	Phil Davis	if (!$pconfig['ttl']) {
1340	2b1b78e6	jim-p	$pconfig['ttl'] = 60;
1341	751533a2	Phil Davis	}
1342			if (!$pconfig['keytype']) {
1343	2b1b78e6	jim-p	$pconfig['keytype'] = "zone";
1344	751533a2	Phil Davis	}
1345	e31c90fc	Ermal	$pconfig['interface'] = "wan";
1346	791bcfd4	Bill Marquette	$config['dnsupdates']['dnsupdate'][] = $pconfig;
1347			unset($config['dnsupdate']);
1348			}
1349
1350	1f0c76cf	jim-p	if (is_array($config['pppoe']) && is_array($config['pppoe'][0])) {
1351	791bcfd4	Bill Marquette	$pconfig = array();
1352	1f0c76cf	jim-p	$pconfig['username'] = $config['pppoe'][0]['username'];
1353			$pconfig['password'] = $config['pppoe'][0]['password'];
1354			$pconfig['provider'] = $config['pppoe'][0]['provider'];
1355			$pconfig['ondemand'] = isset($config['pppoe'][0]['ondemand']);
1356			$pconfig['timeout'] = $config['pppoe'][0]['timeout'];
1357	791bcfd4	Bill Marquette	unset($config['pppoe']);
1358			$config['interfaces']['wan']['pppoe_username'] = $pconfig['username'];
1359			$config['interfaces']['wan']['pppoe_password'] = $pconfig['password'];
1360			$config['interfaces']['wan']['provider'] = $pconfig['provider'];
1361			$config['interfaces']['wan']['ondemand'] = isset($pconfig['ondemand']);
1362			$config['interfaces']['wan']['timeout'] = $pconfig['timeout'];
1363			}
1364			if (is_array($config['pptp'])) {
1365			$pconfig = array();
1366			$pconfig['username'] = $config['pptp']['username'];
1367			$pconfig['password'] = $config['pptp']['password'];
1368			$pconfig['provider'] = $config['pptp']['provider'];
1369			$pconfig['ondemand'] = isset($config['pptp']['ondemand']);
1370			$pconfig['timeout'] = $config['pptp']['timeout'];
1371			unset($config['pptp']);
1372			$config['interfaces']['wan']['pptp_username'] = $pconfig['username'];
1373			$config['interfaces']['wan']['pptp_password'] = $pconfig['password'];
1374			$config['interfaces']['wan']['provider'] = $pconfig['provider'];
1375	751533a2	Phil Davis	$config['interfaces']['wan']['ondemand'] = isset($pconfig['ondemand']);
1376	791bcfd4	Bill Marquette	$config['interfaces']['wan']['timeout'] = $pconfig['timeout'];
1377			}
1378			}
1379
1380
1381			function upgrade_048_to_049() {
1382			global $config;
1383			/* setup new all users group */
1384			$all = array();
1385			$all['name'] = "all";
1386	4d511e5b	Renato Botelho	$all['description'] = gettext("All Users");
1387	791bcfd4	Bill Marquette	$all['scope'] = "system";
1388			$all['gid'] = 1998;
1389			$all['member'] = array();
1390
1391	751533a2	Phil Davis	if (!is_array($config['system']['user'])) {
1392	84924e76	Ermal	$config['system']['user'] = array();
1393	751533a2	Phil Davis	}
1394			if (!is_array($config['system']['group'])) {
1395	791bcfd4	Bill Marquette	$config['system']['group'] = array();
1396	751533a2	Phil Davis	}
1397	791bcfd4	Bill Marquette
1398			/* work around broken uid assignments */
1399			$config['system']['nextuid'] = 2000;
1400			foreach ($config['system']['user'] as & $user) {
1401	751533a2	Phil Davis	if (isset($user['uid']) && !$user['uid']) {
1402	791bcfd4	Bill Marquette	continue;
1403	751533a2	Phil Davis	}
1404	791bcfd4	Bill Marquette	$user['uid'] = $config['system']['nextuid']++;
1405			}
1406
1407			/* work around broken gid assignments */
1408			$config['system']['nextgid'] = 2000;
1409			foreach ($config['system']['group'] as & $group) {
1410	751533a2	Phil Davis	if ($group['name'] == $g['admin_group']) {
1411	791bcfd4	Bill Marquette	$group['gid'] = 1999;
1412	751533a2	Phil Davis	} else {
1413	791bcfd4	Bill Marquette	$group['gid'] = $config['system']['nextgid']++;
1414	751533a2	Phil Davis	}
1415	791bcfd4	Bill Marquette	}
1416
1417			/* build group membership information */
1418			foreach ($config['system']['group'] as & $group) {
1419			$group['member'] = array();
1420			foreach ($config['system']['user'] as & $user) {
1421			$groupnames = explode(",", $user['groupname']);
1422	4de8f7ba	Phil Davis	if (in_array($group['name'], $groupnames)) {
1423	791bcfd4	Bill Marquette	$group['member'][] = $user['uid'];
1424	751533a2	Phil Davis	}
1425	791bcfd4	Bill Marquette	}
1426			}
1427
1428			/* reset user group information */
1429			foreach ($config['system']['user'] as & $user) {
1430			unset($user['groupname']);
1431			$all['member'][] = $user['uid'];
1432			}
1433
1434			/* reset group scope information */
1435	751533a2	Phil Davis	foreach ($config['system']['group'] as & $group) {
1436			if ($group['name'] != $g['admin_group']) {
1437			$group['scope'] = "user";
1438			}
1439			}
1440	791bcfd4	Bill Marquette
1441			/* insert new all group */
1442			$groups = Array();
1443			$groups[] = $all;
1444	4de8f7ba	Phil Davis	$groups = array_merge($config['system']['group'], $groups);
1445	791bcfd4	Bill Marquette	$config['system']['group'] = $groups;
1446			}
1447
1448
1449			function upgrade_049_to_050() {
1450			global $config;
1451	84924e76	Ermal
1452	751533a2	Phil Davis	if (!is_array($config['system']['user'])) {
1453	84924e76	Ermal	$config['system']['user'] = array();
1454	751533a2	Phil Davis	}
1455	791bcfd4	Bill Marquette	/* update user privileges */
1456			foreach ($config['system']['user'] as & $user) {
1457			$privs = array();
1458			if (!is_array($user['priv'])) {
1459			unset($user['priv']);
1460			continue;
1461			}
1462			foreach ($user['priv'] as $priv) {
1463	751533a2	Phil Davis	switch ($priv['id']) {
1464	791bcfd4	Bill Marquette	case "hasshell":
1465	751533a2	Phil Davis	$privs[] = "user-shell-access";
1466			break;
1467	791bcfd4	Bill Marquette	case "copyfiles":
1468	751533a2	Phil Davis	$privs[] = "user-copy-files";
1469			break;
1470	791bcfd4	Bill Marquette	}
1471			}
1472			$user['priv'] = $privs;
1473			}
1474
1475			/* update group privileges */
1476			foreach ($config['system']['group'] as & $group) {
1477			$privs = array();
1478			if (!is_array($group['pages'])) {
1479			unset($group['pages']);
1480			continue;
1481			}
1482			foreach ($group['pages'] as $page) {
1483			$priv = map_page_privname($page);
1484	751533a2	Phil Davis	if ($priv) {
1485	791bcfd4	Bill Marquette	$privs[] = $priv;
1486	751533a2	Phil Davis	}
1487	791bcfd4	Bill Marquette	}
1488			unset($group['pages']);
1489			$group['priv'] = $privs;
1490			}
1491
1492			/* sync all local account information */
1493	79f7bc7f	Renato Botelho	local_reset_accounts();
1494	791bcfd4	Bill Marquette	}
1495
1496
1497			function upgrade_050_to_051() {
1498			global $config;
1499			$pconfig = array();
1500	15864861	jim-p	$pconfig['descr'] = "Set to 0 to disable filtering on the incoming and outgoing member interfaces.";
1501	791bcfd4	Bill Marquette	$pconfig['tunable'] = "net.link.bridge.pfil_member";
1502			$pconfig['value'] = "1";
1503			$config['sysctl']['item'][] = $pconfig;
1504			$pconfig = array();
1505	15864861	jim-p	$pconfig['descr'] = "Set to 1 to enable filtering on the bridge interface";
1506	791bcfd4	Bill Marquette	$pconfig['tunable'] = "net.link.bridge.pfil_bridge";
1507			$pconfig['value'] = "0";
1508			$config['sysctl']['item'][] = $pconfig;
1509
1510	fa6e5ba5	Phil Davis	if (isset($config['bridge'])) {
1511			unset($config['bridge']);
1512			}
1513	791bcfd4	Bill Marquette
1514			$convert_bridges = false;
1515	751533a2	Phil Davis	foreach ($config['interfaces'] as $intf) {
1516	791bcfd4	Bill Marquette	if (isset($intf['bridge']) && $intf['bridge'] <> "") {
1517			$config['bridges'] = array();
1518			$config['bridges']['bridged'] = array();
1519			$convert_bridges = true;
1520			break;
1521			}
1522			}
1523			if ($convert_bridges == true) {
1524			$i = 0;
1525			foreach ($config['interfaces'] as $ifr => &$intf) {
1526			if (isset($intf['bridge']) && $intf['bridge'] <> "") {
1527			$nbridge = array();
1528			$nbridge['members'] = "{$ifr},{$intf['bridge']}";
1529	4d511e5b	Renato Botelho	$nbridge['descr'] = sprintf(gettext("Converted bridged %s"), $ifr);
1530	791bcfd4	Bill Marquette	$nbridge['bridgeif'] = "bridge{$i}";
1531			$config['bridges']['bridged'][] = $nbridge;
1532			unset($intf['bridge']);
1533			$i++;
1534			}
1535			}
1536			}
1537			}
1538
1539
1540			function upgrade_051_to_052() {
1541			global $config;
1542			$config['openvpn'] = array();
1543	751533a2	Phil Davis	if (!is_array($config['ca'])) {
1544	9ad72e5e	jim-p	$config['ca'] = array();
1545	751533a2	Phil Davis	}
1546			if (!is_array($config['cert'])) {
1547	9ad72e5e	jim-p	$config['cert'] = array();
1548	751533a2	Phil Davis	}
1549	791bcfd4	Bill Marquette
1550			$vpnid = 1;
1551
1552			/* openvpn server configurations */
1553			if (is_array($config['installedpackages']['openvpnserver'])) {
1554			$config['openvpn']['openvpn-server'] = array();
1555
1556			$index = 1;
1557	751533a2	Phil Davis	foreach ($config['installedpackages']['openvpnserver']['config'] as $server) {
1558	791bcfd4	Bill Marquette
1559	751533a2	Phil Davis	if (!is_array($server)) {
1560	791bcfd4	Bill Marquette	continue;
1561	751533a2	Phil Davis	}
1562	791bcfd4	Bill Marquette
1563			if ($server['auth_method'] == "pki") {
1564
1565			/* create ca entry */
1566			$ca = array();
1567			$ca['refid'] = uniqid();
1568	f2a86ca9	jim-p	$ca['descr'] = "OpenVPN Server CA #{$index}";
1569	791bcfd4	Bill Marquette	$ca['crt'] = $server['ca_cert'];
1570	9ad72e5e	jim-p	$config['ca'][] = $ca;
1571	791bcfd4	Bill Marquette
1572			/* create ca reference */
1573			unset($server['ca_cert']);
1574			$server['caref'] = $ca['refid'];
1575
1576	47319bfb	jim-p	/* create a crl entry if needed */
1577	ab75b4ee	jim-p	if (!empty($server['crl'][0])) {
1578	47319bfb	jim-p	$crl = array();
1579			$crl['refid'] = uniqid();
1580			$crl['descr'] = "Imported OpenVPN CRL #{$index}";
1581			$crl['caref'] = $ca['refid'];
1582	ab75b4ee	jim-p	$crl['text'] = $server['crl'][0];
1583	751533a2	Phil Davis	if (!is_array($config['crl'])) {
1584	90e64fad	Warren Baker	$config['crl'] = array();
1585	751533a2	Phil Davis	}
1586	fc3e88f1	jim-p	$config['crl'][] = $crl;
1587	47319bfb	jim-p	$server['crlref'] = $crl['refid'];
1588			}
1589			unset($server['crl']);
1590
1591	791bcfd4	Bill Marquette	/* create cert entry */
1592			$cert = array();
1593			$cert['refid'] = uniqid();
1594	f2a86ca9	jim-p	$cert['descr'] = "OpenVPN Server Certificate #{$index}";
1595	791bcfd4	Bill Marquette	$cert['crt'] = $server['server_cert'];
1596			$cert['prv'] = $server['server_key'];
1597	9ad72e5e	jim-p	$config['cert'][] = $cert;
1598	791bcfd4	Bill Marquette
1599			/* create cert reference */
1600			unset($server['server_cert']);
1601			unset($server['server_key']);
1602			$server['certref'] = $cert['refid'];
1603
1604			$index++;
1605			}
1606
1607			/* determine operational mode */
1608			if ($server['auth_method'] == 'pki') {
1609	751533a2	Phil Davis	if ($server['nopool']) {
1610	791bcfd4	Bill Marquette	$server['mode'] = "p2p_tls";
1611			} else {
1612			$server['mode'] = "server_tls";
1613			}
1614			} else {
1615			$server['mode'] = "p2p_shared_key";
1616			}
1617			unset($server['auth_method']);
1618
1619			/* modify configuration values */
1620			$server['dh_length'] = 1024;
1621			unset($server['dh_params']);
1622	751533a2	Phil Davis	if (!$server['interface']) {
1623	a15a7738	jim-p	$server['interface'] = 'any';
1624	751533a2	Phil Davis	}
1625	791bcfd4	Bill Marquette	$server['tunnel_network'] = $server['addresspool'];
1626			unset($server['addresspool']);
1627	a843870d	jim-p	if (isset($server['use_lzo']) && ($server['use_lzo'] == "on")) {
1628	8b666514	jim-p	$server['compression'] = "on";
1629	da831323	Ermal Lu?i	unset($server['use_lzo']);
1630			}
1631	751533a2	Phil Davis	if ($server['nopool']) {
1632	791bcfd4	Bill Marquette	$server['pool_enable'] = false;
1633	751533a2	Phil Davis	} else {
1634	791bcfd4	Bill Marquette	$server['pool_enable'] = "yes";
1635	751533a2	Phil Davis	}
1636	791bcfd4	Bill Marquette	unset($server['nopool']);
1637			$server['dns_domain'] = $server['dhcp_domainname'];
1638			unset($server['dhcp_domainname']);
1639	c3ae41e6	jim-p
1640			$tmparr = explode(";", $server['dhcp_dns'], 4);
1641			$d=1;
1642			foreach ($tmparr as $tmpa) {
1643			$server["dns_server{$d}"] = $tmpa;
1644			$d++;
1645			}
1646	791bcfd4	Bill Marquette	unset($server['dhcp_dns']);
1647	c3ae41e6	jim-p
1648			$tmparr = explode(";", $server['dhcp_ntp'], 2);
1649			$d=1;
1650			foreach ($tmparr as $tmpa) {
1651			$server["ntp_server{$d}"] = $tmpa;
1652			$d++;
1653			}
1654	791bcfd4	Bill Marquette	unset($server['dhcp_ntp']);
1655	c3ae41e6	jim-p
1656	751533a2	Phil Davis	if ($server['dhcp_nbtdisable']) {
1657	791bcfd4	Bill Marquette	$server['netbios_enable'] = false;
1658	751533a2	Phil Davis	} else {
1659	791bcfd4	Bill Marquette	$server['netbios_enable'] = "yes";
1660	751533a2	Phil Davis	}
1661	791bcfd4	Bill Marquette	unset($server['dhcp_nbtdisable']);
1662			$server['netbios_ntype'] = $server['dhcp_nbttype'];
1663			unset($server['dhcp_nbttype']);
1664			$server['netbios_scope'] = $server['dhcp_nbtscope'];
1665			unset($server['dhcp_nbtscope']);
1666	c3ae41e6	jim-p
1667			$tmparr = explode(";", $server['dhcp_nbdd'], 2);
1668			$d=1;
1669			foreach ($tmparr as $tmpa) {
1670			$server["nbdd_server{$d}"] = $tmpa;
1671			$d++;
1672			}
1673	791bcfd4	Bill Marquette	unset($server['dhcp_nbdd']);
1674	c3ae41e6	jim-p
1675			$tmparr = explode(";", $server['dhcp_wins'], 2);
1676			$d=1;
1677			foreach ($tmparr as $tmpa) {
1678			$server["wins_server{$d}"] = $tmpa;
1679			$d++;
1680			}
1681	791bcfd4	Bill Marquette	unset($server['dhcp_wins']);
1682
1683	751533a2	Phil Davis	if (!empty($server['disable'])) {
1684	763a1b52	jim-p	$server['disable'] = true;
1685	751533a2	Phil Davis	} else {
1686	763a1b52	jim-p	unset($server['disable']);
1687	751533a2	Phil Davis	}
1688	763a1b52	jim-p
1689	791bcfd4	Bill Marquette	/* allocate vpnid */
1690			$server['vpnid'] = $vpnid++;
1691
1692	4f1ebacb	Ermal	if (!empty($server['custom_options'])) {
1693			$cstmopts = array();
1694			$tmpcstmopts = explode(";", $server['custom_options']);
1695	48e24ada	jim-p	$assigned_if = "";
1696	4f1ebacb	Ermal	$tmpstr = "";
1697			foreach ($tmpcstmopts as $tmpcstmopt) {
1698			$tmpstr = str_replace(" ", "", $tmpcstmopt);
1699	4de8f7ba	Phil Davis	if (substr($tmpstr, 0, 6) == "devtun") {
1700	48e24ada	jim-p	$assigned_if = substr($tmpstr, 3);
1701	4f1ebacb	Ermal	continue;
1702	8fd0badd	Ermal	} else if (substr($tmpstr, 0, 5) == "local") {
1703	9bc27ae5	jim-p	$localip = substr($tmpstr, 5);
1704	8fd0badd	Ermal	$server['ipaddr'] = str_replace("\n", "", $localip);
1705	751533a2	Phil Davis	} else {
1706	4f1ebacb	Ermal	$cstmopts[] = $tmpcstmopt;
1707	751533a2	Phil Davis	}
1708	4f1ebacb	Ermal	}
1709			$server['custom_options'] = implode(";", $cstmopts);
1710	48e24ada	jim-p	if (!empty($assigned_if)) {
1711	4f1ebacb	Ermal	foreach ($config['interfaces'] as $iface => $cfgif) {
1712	48e24ada	jim-p	if ($cfgif['if'] == $assigned_if) {
1713	4f1ebacb	Ermal	$config['interfaces'][$iface]['if'] = "ovpns{$server['vpnid']}";
1714			break;
1715			}
1716			}
1717			}
1718			}
1719
1720	791bcfd4	Bill Marquette	$config['openvpn']['openvpn-server'][] = $server;
1721			}
1722			unset($config['installedpackages']['openvpnserver']);
1723			}
1724
1725			/* openvpn client configurations */
1726			if (is_array($config['installedpackages']['openvpnclient'])) {
1727			$config['openvpn']['openvpn-client'] = array();
1728
1729			$index = 1;
1730	751533a2	Phil Davis	foreach ($config['installedpackages']['openvpnclient']['config'] as $client) {
1731	791bcfd4	Bill Marquette
1732	751533a2	Phil Davis	if (!is_array($client)) {
1733	791bcfd4	Bill Marquette	continue;
1734	751533a2	Phil Davis	}
1735	791bcfd4	Bill Marquette
1736			if ($client['auth_method'] == "pki") {
1737
1738			/* create ca entry */
1739			$ca = array();
1740			$ca['refid'] = uniqid();
1741	f2a86ca9	jim-p	$ca['descr'] = "OpenVPN Client CA #{$index}";
1742	791bcfd4	Bill Marquette	$ca['crt'] = $client['ca_cert'];
1743			$ca['crl'] = $client['crl'];
1744	9ad72e5e	jim-p	$config['ca'][] = $ca;
1745	791bcfd4	Bill Marquette
1746			/* create ca reference */
1747			unset($client['ca_cert']);
1748			unset($client['crl']);
1749			$client['caref'] = $ca['refid'];
1750
1751			/* create cert entry */
1752			$cert = array();
1753			$cert['refid'] = uniqid();
1754	f2a86ca9	jim-p	$cert['descr'] = "OpenVPN Client Certificate #{$index}";
1755	791bcfd4	Bill Marquette	$cert['crt'] = $client['client_cert'];
1756			$cert['prv'] = $client['client_key'];
1757	9ad72e5e	jim-p	$config['cert'][] = $cert;
1758	791bcfd4	Bill Marquette
1759			/* create cert reference */
1760			unset($client['client_cert']);
1761			unset($client['client_key']);
1762			$client['certref'] = $cert['refid'];
1763
1764			$index++;
1765			}
1766
1767			/* determine operational mode */
1768	751533a2	Phil Davis	if ($client['auth_method'] == 'pki') {
1769	791bcfd4	Bill Marquette	$client['mode'] = "p2p_tls";
1770	751533a2	Phil Davis	} else {
1771	791bcfd4	Bill Marquette	$client['mode'] = "p2p_shared_key";
1772	751533a2	Phil Davis	}
1773	791bcfd4	Bill Marquette	unset($client['auth_method']);
1774
1775			/* modify configuration values */
1776	751533a2	Phil Davis	if (!$client['interface']) {
1777	791bcfd4	Bill Marquette	$client['interface'] = 'wan';
1778	751533a2	Phil Davis	}
1779	791bcfd4	Bill Marquette	$client['tunnel_network'] = $client['interface_ip'];
1780			unset($client['interface_ip']);
1781			$client['server_addr'] = $client['serveraddr'];
1782			unset($client['serveraddr']);
1783			$client['server_port'] = $client['serverport'];
1784			unset($client['serverport']);
1785			$client['proxy_addr'] = $client['poxy_hostname'];
1786			unset($client['proxy_addr']);
1787	a843870d	jim-p	if (isset($client['use_lzo']) && ($client['use_lzo'] == "on")) {
1788	8b666514	jim-p	$client['compression'] = "on";
1789	da831323	Ermal Lu?i	unset($client['use_lzo']);
1790			}
1791	791bcfd4	Bill Marquette	$client['resolve_retry'] = $client['infiniteresolvretry'];
1792			unset($client['infiniteresolvretry']);
1793
1794			/* allocate vpnid */
1795			$client['vpnid'] = $vpnid++;
1796
1797	4f1ebacb	Ermal	if (!empty($client['custom_options'])) {
1798			$cstmopts = array();
1799			$tmpcstmopts = explode(";", $client['custom_options']);
1800	48e24ada	jim-p	$assigned_if = "";
1801	4f1ebacb	Ermal	$tmpstr = "";
1802			foreach ($tmpcstmopts as $tmpcstmopt) {
1803			$tmpstr = str_replace(" ", "", $tmpcstmopt);
1804	4de8f7ba	Phil Davis	if (substr($tmpstr, 0, 6) == "devtun") {
1805	48e24ada	jim-p	$assigned_if = substr($tmpstr, 3);
1806	4f1ebacb	Ermal	continue;
1807	8fd0badd	Ermal	} else if (substr($tmpstr, 0, 5) == "local") {
1808	2d563280	Renato Botelho	$localip = substr($tmpstr, 5);
1809			$client['ipaddr'] = str_replace("\n", "", $localip);
1810	751533a2	Phil Davis	} else {
1811	4f1ebacb	Ermal	$cstmopts[] = $tmpcstmopt;
1812	751533a2	Phil Davis	}
1813	4f1ebacb	Ermal	}
1814			$client['custom_options'] = implode(";", $cstmopts);
1815	48e24ada	jim-p	if (!empty($assigned_if)) {
1816	4f1ebacb	Ermal	foreach ($config['interfaces'] as $iface => $cfgif) {
1817	48e24ada	jim-p	if ($cfgif['if'] == $assigned_if) {
1818	4f1ebacb	Ermal	$config['interfaces'][$iface]['if'] = "ovpnc{$client['vpnid']}";
1819			break;
1820			}
1821			}
1822			}
1823			}
1824
1825	751533a2	Phil Davis	if (!empty($client['disable'])) {
1826	763a1b52	jim-p	$client['disable'] = true;
1827	751533a2	Phil Davis	} else {
1828	763a1b52	jim-p	unset($client['disable']);
1829	751533a2	Phil Davis	}
1830	763a1b52	jim-p
1831	791bcfd4	Bill Marquette	$config['openvpn']['openvpn-client'][] = $client;
1832			}
1833
1834			unset($config['installedpackages']['openvpnclient']);
1835			}
1836
1837			/* openvpn client specific configurations */
1838			if (is_array($config['installedpackages']['openvpncsc'])) {
1839			$config['openvpn']['openvpn-csc'] = array();
1840
1841	751533a2	Phil Davis	foreach ($config['installedpackages']['openvpncsc']['config'] as $csc) {
1842	791bcfd4	Bill Marquette
1843	751533a2	Phil Davis	if (!is_array($csc)) {
1844	791bcfd4	Bill Marquette	continue;
1845	751533a2	Phil Davis	}
1846	791bcfd4	Bill Marquette
1847			/* modify configuration values */
1848			$csc['common_name'] = $csc['commonname'];
1849			unset($csc['commonname']);
1850			$csc['tunnel_network'] = $csc['ifconfig_push'];
1851			unset($csc['ifconfig_push']);
1852			$csc['dns_domain'] = $csc['dhcp_domainname'];
1853			unset($csc['dhcp_domainname']);
1854	c3ae41e6	jim-p
1855			$tmparr = explode(";", $csc['dhcp_dns'], 4);
1856			$d=1;
1857			foreach ($tmparr as $tmpa) {
1858			$csc["dns_server{$d}"] = $tmpa;
1859			$d++;
1860			}
1861	791bcfd4	Bill Marquette	unset($csc['dhcp_dns']);
1862	c3ae41e6	jim-p
1863			$tmparr = explode(";", $csc['dhcp_ntp'], 2);
1864			$d=1;
1865			foreach ($tmparr as $tmpa) {
1866			$csc["ntp_server{$d}"] = $tmpa;
1867			$d++;
1868			}
1869	791bcfd4	Bill Marquette	unset($csc['dhcp_ntp']);
1870	c3ae41e6	jim-p
1871	751533a2	Phil Davis	if ($csc['dhcp_nbtdisable']) {
1872	791bcfd4	Bill Marquette	$csc['netbios_enable'] = false;
1873	751533a2	Phil Davis	} else {
1874	791bcfd4	Bill Marquette	$csc['netbios_enable'] = "yes";
1875	751533a2	Phil Davis	}
1876	791bcfd4	Bill Marquette	unset($csc['dhcp_nbtdisable']);
1877			$csc['netbios_ntype'] = $csc['dhcp_nbttype'];
1878			unset($csc['dhcp_nbttype']);
1879			$csc['netbios_scope'] = $csc['dhcp_nbtscope'];
1880			unset($csc['dhcp_nbtscope']);
1881	c3ae41e6	jim-p
1882			$tmparr = explode(";", $csc['dhcp_nbdd'], 2);
1883			$d=1;
1884			foreach ($tmparr as $tmpa) {
1885			$csc["nbdd_server{$d}"] = $tmpa;
1886			$d++;
1887			}
1888	791bcfd4	Bill Marquette	unset($csc['dhcp_nbdd']);
1889	c3ae41e6	jim-p
1890			$tmparr = explode(";", $csc['dhcp_wins'], 2);
1891			$d=1;
1892			foreach ($tmparr as $tmpa) {
1893			$csc["wins_server{$d}"] = $tmpa;
1894			$d++;
1895			}
1896	791bcfd4	Bill Marquette	unset($csc['dhcp_wins']);
1897
1898	751533a2	Phil Davis	if (!empty($csc['disable'])) {
1899	1e68a58b	jim-p	$csc['disable'] = true;
1900	751533a2	Phil Davis	} else {
1901	1e68a58b	jim-p	unset($csc['disable']);
1902	751533a2	Phil Davis	}
1903	1e68a58b	jim-p
1904	791bcfd4	Bill Marquette	$config['openvpn']['openvpn-csc'][] = $csc;
1905			}
1906
1907			unset($config['installedpackages']['openvpncsc']);
1908			}
1909
1910	c73bd8f0	Ermal Lu?i	if (count($config['openvpn']['openvpn-server']) > 0 \|\|
1911	751533a2	Phil Davis	count($config['openvpn']['openvpn-client']) > 0) {
1912	c73bd8f0	Ermal Lu?i	$ovpnrule = array();
1913	2d563280	Renato Botelho	$ovpnrule['type'] = "pass";
1914			$ovpnrule['interface'] = "openvpn";
1915			$ovpnrule['statetype'] = "keep state";
1916			$ovpnrule['source'] = array();
1917			$ovpnrule['destination'] = array();
1918			$ovpnrule['source']['any'] = true;
1919			$ovpnrule['destination']['any'] = true;
1920			$ovpnrule['descr'] = gettext("Auto added OpenVPN rule from config upgrade.");
1921	c73bd8f0	Ermal Lu?i	$config['filter']['rule'][] = $ovpnrule;
1922			}
1923
1924	791bcfd4	Bill Marquette	/*
1925			* FIXME: hack to keep things working with no installedpackages
1926			* or carp array in the configuration data.
1927			*/
1928	751533a2	Phil Davis	if (!is_array($config['installedpackages'])) {
1929	791bcfd4	Bill Marquette	$config['installedpackages'] = array();
1930	751533a2	Phil Davis	}
1931			if (!is_array($config['installedpackages']['carp'])) {
1932	791bcfd4	Bill Marquette	$config['installedpackages']['carp'] = array();
1933	751533a2	Phil Davis	}
1934	791bcfd4	Bill Marquette
1935			}
1936
1937
1938			function upgrade_052_to_053() {
1939			global $config;
1940	751533a2	Phil Davis	if (!is_array($config['ca'])) {
1941	9ad72e5e	jim-p	$config['ca'] = array();
1942	751533a2	Phil Davis	}
1943			if (!is_array($config['cert'])) {
1944	9ad72e5e	jim-p	$config['cert'] = array();
1945	751533a2	Phil Davis	}
1946	791bcfd4	Bill Marquette
1947	f416763b	Phil Davis	/* migrate advanced admin page webui ssl to certificate manager */
1948	791bcfd4	Bill Marquette	if ($config['system']['webgui']['certificate'] &&
1949	751533a2	Phil Davis	$config['system']['webgui']['private-key']) {
1950	791bcfd4	Bill Marquette
1951			/* create cert entry */
1952			$cert = array();
1953			$cert['refid'] = uniqid();
1954	f764f63a	jim-p	$cert['descr'] = "webConfigurator SSL/TLS Certificate";
1955	791bcfd4	Bill Marquette	$cert['crt'] = $config['system']['webgui']['certificate'];
1956			$cert['prv'] = $config['system']['webgui']['private-key'];
1957	9ad72e5e	jim-p	$config['cert'][] = $cert;
1958	791bcfd4	Bill Marquette
1959			/* create cert reference */
1960			unset($config['system']['webgui']['certificate']);
1961			unset($config['system']['webgui']['private-key']);
1962			$config['system']['webgui']['ssl-certref'] = $cert['refid'];
1963			}
1964
1965			/* migrate advanced admin page ssh keys to user manager */
1966			if ($config['system']['ssh']['authorizedkeys']) {
1967			$admin_user =& getUserEntryByUID(0);
1968			$admin_user['authorizedkeys'] = $config['system']['ssh']['authorizedkeys'];
1969			unset($config['system']['ssh']['authorizedkeys']);
1970			}
1971			}
1972
1973
1974			function upgrade_053_to_054() {
1975			global $config;
1976	751533a2	Phil Davis	if (is_array($config['load_balancer']['lbpool'])) {
1977	38b5beaf	sullrich	$lbpool_arr = $config['load_balancer']['lbpool'];
1978	791bcfd4	Bill Marquette	$lbpool_srv_arr = array();
1979			$gateway_group_arr = array();
1980	816a5aff	Seth Mos	$gateways = return_gateways_array();
1981	ce107ca5	jim-p	$group_name_changes = array();
1982	c6c398c6	jim-p	init_config_arr(array('gateways', 'gateway_item'));
1983			$a_gateways = &$config['gateways']['gateway_item'];
1984	751533a2	Phil Davis	foreach ($lbpool_arr as $lbpool) {
1985			if ($lbpool['type'] == "gateway") {
1986	ce107ca5	jim-p	// Gateway Groups have to have valid names in pf, old lb pools did not. Clean them up.
1987	751533a2	Phil Davis	$group_name = preg_replace("/[^A-Za-z0-9]/", "", $lbpool['name']);
1988	ce107ca5	jim-p	// If we made and changes, check for collisions and note the change.
1989			if ($group_name != $lbpool['name']) {
1990			// Make sure the name isn't already in use.
1991			foreach ($gateway_group_arr as $gwg) {
1992			// If the name is in use, add some random bits to avoid collision.
1993	751533a2	Phil Davis	if ($gwg['name'] == $group_name) {
1994	ce107ca5	jim-p	$group_name .= uniqid();
1995	751533a2	Phil Davis	}
1996	ce107ca5	jim-p	}
1997			$group_name_changes[$lbpool['name']] = $group_name;
1998			}
1999			$gateway_group['name'] = $group_name;
2000	e988813d	jim-p	$gateway_group['descr'] = $lbpool['descr'];
2001	791bcfd4	Bill Marquette	$gateway_group['trigger'] = "down";
2002			$gateway_group['item'] = array();
2003	cb945ced	sullrich	$i = 0;
2004	751533a2	Phil Davis	foreach ($lbpool['servers'] as $member) {
2005	2ce660ad	smos	$split = explode("\|", $member);
2006	791bcfd4	Bill Marquette	$interface = $split[0];
2007	d9d4c637	Seth Mos	$monitor = $split[1];
2008	2328dcc5	Seth Mos	/* on static upgraded configuration we automatically prepend GW_ */
2009			$static_name = "GW_" . strtoupper($interface);
2010	751533a2	Phil Davis	if (is_ipaddr($monitor)) {
2011			foreach ($a_gateways as & $gw) {
2012			if ($gw['name'] == $static_name) {
2013	d2b20ab6	jim-p	$gw['monitor'] = $monitor;
2014	751533a2	Phil Davis	}
2015			}
2016			}
2017	d2b20ab6	jim-p
2018	6ee1b7eb	Seth Mos	/* on failover increment tier. Else always assign 1 */
2019	751533a2	Phil Davis	if ($lbpool['behaviour'] == "failover") {
2020	6ee1b7eb	Seth Mos	$i++;
2021			} else {
2022			$i = 1;
2023			}
2024	685a26fc	smos	$gateway_group['item'][] = "$static_name\|$i";
2025	791bcfd4	Bill Marquette	}
2026			$gateway_group_arr[] = $gateway_group;
2027			} else {
2028			$lbpool_srv_arr[] = $lbpool;
2029			}
2030			}
2031	38b5beaf	sullrich	$config['load_balancer']['lbpool'] = $lbpool_srv_arr;
2032	791bcfd4	Bill Marquette	$config['gateways']['gateway_group'] = $gateway_group_arr;
2033			}
2034			// Unset lbpool if we no longer have any server pools
2035			if (count($lbpool_srv_arr) == 0) {
2036	751533a2	Phil Davis	if (empty($config['load_balancer'])) {
2037	0b5b4f32	Seth Mos	unset($config['load_balancer']);
2038	92a2ceae	Seth Mos	} else {
2039	fa6e5ba5	Phil Davis	if (isset($config['load_balancer']['lbpool'])) {
2040			unset($config['load_balancer']['lbpool']);
2041			}
2042	0b5b4f32	Seth Mos	}
2043	791bcfd4	Bill Marquette	} else {
2044			$config['load_balancer']['lbpool'] = $lbpool_srv_arr;
2045			}
2046			// Only set the gateway group array if we converted any
2047			if (count($gateway_group_arr) != 0) {
2048			$config['gateways']['gateway_group'] = $gateway_group_arr;
2049	ce107ca5	jim-p	// Update any rules that had a gateway change, if any.
2050	751533a2	Phil Davis	if (count($group_name_changes) > 0) {
2051			foreach ($config['filter']['rule'] as & $rule) {
2052			if (!empty($rule["gateway"]) && array_key_exists($rule["gateway"], $group_name_changes)) {
2053	ce107ca5	jim-p	$rule["gateway"] = $group_name_changes[$rule["gateway"]];
2054	751533a2	Phil Davis	}
2055			}
2056			}
2057	791bcfd4	Bill Marquette	}
2058			}
2059
2060
2061			function upgrade_054_to_055() {
2062			global $config;
2063	54f8bad0	Seth Mos	global $g;
2064
2065	791bcfd4	Bill Marquette	/* RRD files changed for quality, traffic and packets graphs */
2066	59cfe65d	Ermal	//ini_set("max_execution_time", "1800");
2067	791bcfd4	Bill Marquette	/* convert traffic RRD file */
2068			global $parsedcfg, $listtags;
2069			$listtags = array("ds", "v", "rra", "row");
2070
2071			$rrddbpath = "/var/db/rrd/";
2072			$rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool";
2073
2074			$rrdinterval = 60;
2075			$valid = $rrdinterval * 2;
2076
2077	f3f98e97	Phil Davis	/* Assume GigE for now */
2078	791bcfd4	Bill Marquette	$downstream = 125000000;
2079			$upstream = 125000000;
2080
2081			/* build a list of quality databases */
2082			/* roundtrip has become delay */
2083			function divide_delay($delayval) {
2084			$delayval = floatval($delayval);
2085			$delayval = ($delayval / 1000);
2086			$delayval = " ". sprintf("%1.10e", $delayval) ." ";
2087			return $delayval;
2088			}
2089			/* the roundtrip times need to be divided by 1000 to get seconds, really */
2090			$databases = array();
2091	751533a2	Phil Davis	if (!file_exists($rrddbpath)) {
2092	af0b07d3	jim-p	@mkdir($rrddbpath);
2093	751533a2	Phil Davis	}
2094	4cb9abc3	jim-p	chdir($rrddbpath);
2095			$databases = glob("*-quality.rrd");
2096	791bcfd4	Bill Marquette	rsort($databases);
2097	751533a2	Phil Davis	foreach ($databases as $database) {
2098	791bcfd4	Bill Marquette	$xmldump = "{$database}.old.xml";
2099			$xmldumpnew = "{$database}.new.xml";
2100
2101	751533a2	Phil Davis	if (platform_booting()) {
2102	9bc8b6b6	Seth Mos	echo "Migrate RRD database {$database} to new format for IPv6 \n";
2103	751533a2	Phil Davis	}
2104	791bcfd4	Bill Marquette	mwexec("$rrdtool tune {$rrddbpath}{$database} -r roundtrip:delay 2>&1");
2105
2106			dump_rrd_to_xml("{$rrddbpath}/{$database}", "{$g['tmp_path']}/{$xmldump}");
2107	1005d4bf	Seth Mos	$rrdold = xml2array(file_get_contents("{$g['tmp_path']}/{$xmldump}"), 1, "tag");
2108	791bcfd4	Bill Marquette	$rrdold = $rrdold['rrd'];
2109
2110			$i = 0;
2111	751533a2	Phil Davis	foreach ($rrdold['rra'] as $rra) {
2112	791bcfd4	Bill Marquette	$l = 0;
2113	751533a2	Phil Davis	foreach ($rra['database']['row'] as $row) {
2114	791bcfd4	Bill Marquette	$vnew = divide_delay($row['v'][1]);
2115			$rrdold['rra'][$i]['database']['row'][$l]['v'][1] = $vnew;
2116			$l++;
2117			}
2118			$i++;
2119			}
2120
2121	56ee96ed	smos	file_put_contents("{$g['tmp_path']}/{$xmldumpnew}", dump_xml_config_raw($rrdold, "rrd"));
2122	791bcfd4	Bill Marquette	mwexec("$rrdtool restore -f {$g['tmp_path']}/{$xmldumpnew} {$rrddbpath}/{$database} 2>&1");
2123
2124	1005d4bf	Seth Mos	unset($rrdold);
2125	7ceff68a	Ermal LUÇI	@unlink("{$g['tmp_path']}/{$xmldump}");
2126			@unlink("{$g['tmp_path']}/{$xmldumpnew}");
2127	791bcfd4	Bill Marquette	}
2128
2129			/* build a list of traffic and packets databases */
2130	84683e42	Renato Botelho	$databases = return_dir_as_array($rrddbpath, '/-(traffic\|packets)\.rrd$/');
2131	791bcfd4	Bill Marquette	rsort($databases);
2132	751533a2	Phil Davis	foreach ($databases as $database) {
2133	791bcfd4	Bill Marquette	$databasetmp = "{$database}.tmp";
2134			$xmldump = "{$database}.old.xml";
2135			$xmldumptmp = "{$database}.tmp.xml";
2136			$xmldumpnew = "{$database}.new.xml";
2137
2138	751533a2	Phil Davis	if (platform_booting()) {
2139	34834e7e	jim-p	echo "Migrate RRD database {$database} to new format \n";
2140	751533a2	Phil Davis	}
2141	791bcfd4	Bill Marquette	/* rename DS source */
2142			mwexec("$rrdtool tune {$rrddbpath}/{$database} -r in:inpass 2>&1");
2143			mwexec("$rrdtool tune {$rrddbpath}/{$database} -r out:outpass 2>71");
2144
2145			/* dump contents to xml and move database out of the way */
2146			dump_rrd_to_xml("{$rrddbpath}/{$database}", "{$g['tmp_path']}/{$xmldump}");
2147
2148			/* create new rrd database file */
2149			$rrdcreate = "$rrdtool create {$g['tmp_path']}/{$databasetmp} --step $rrdinterval ";
2150			$rrdcreate .= "DS:inpass:COUNTER:$valid:0:$downstream ";
2151			$rrdcreate .= "DS:outpass:COUNTER:$valid:0:$upstream ";
2152			$rrdcreate .= "DS:inblock:COUNTER:$valid:0:$downstream ";
2153			$rrdcreate .= "DS:outblock:COUNTER:$valid:0:$upstream ";
2154			$rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
2155			$rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
2156			$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
2157	eb346e0b	Seth Mos	$rrdcreate .= "RRA:AVERAGE:0.5:720:1000 ";
2158	791bcfd4	Bill Marquette
2159			create_new_rrd("$rrdcreate");
2160			/* create temporary xml from new RRD */
2161			dump_rrd_to_xml("{$g['tmp_path']}/{$databasetmp}", "{$g['tmp_path']}/{$xmldumptmp}");
2162
2163	1005d4bf	Seth Mos	$rrdold = xml2array(file_get_contents("{$g['tmp_path']}/{$xmldump}"), 1, "tag");
2164	791bcfd4	Bill Marquette	$rrdold = $rrdold['rrd'];
2165
2166	1005d4bf	Seth Mos	$rrdnew = xml2array(file_get_contents("{$g['tmp_path']}/{$xmldumptmp}"), 1, "tag");
2167	791bcfd4	Bill Marquette	$rrdnew = $rrdnew['rrd'];
2168
2169			/* remove any MAX RRA's. Not needed for traffic. */
2170			$i = 0;
2171			foreach ($rrdold['rra'] as $rra) {
2172	751533a2	Phil Davis	if (trim($rra['cf']) == "MAX") {
2173	791bcfd4	Bill Marquette	unset($rrdold['rra'][$i]);
2174			}
2175			$i++;
2176			}
2177
2178	56ee96ed	smos	file_put_contents("{$g['tmp_path']}/{$xmldumpnew}", dump_xml_config_raw(migrate_rrd_format($rrdold, $rrdnew), "rrd"));
2179	791bcfd4	Bill Marquette	mwexec("$rrdtool restore -f {$g['tmp_path']}/{$xmldumpnew} {$rrddbpath}/{$database} 2>&1");
2180	eb346e0b	Seth Mos	/* we now have the rrd with the new fields, adjust the size now. */
2181			/* RRA 2 is 60 minutes, RRA 3 is 720 minutes */
2182			mwexec("/bin/sync");
2183	12a2f395	Seth Mos	mwexec("$rrdtool resize {$rrddbpath}/{$database} 2 GROW 2000;/bin/mv resize.rrd {$rrddbpath}/{$database} 2>&1");
2184	eb346e0b	Seth Mos	mwexec("/bin/sync");
2185	12a2f395	Seth Mos	mwexec("$rrdtool resize {$rrddbpath}/{$database} 3 GROW 2000;/bin/mv resize.rrd {$rrddbpath}/{$database} 2>&1");
2186	1005d4bf	Seth Mos	unset($rrdxmlarray);
2187	7ceff68a	Ermal LUÇI	@unlink("{$g['tmp_path']}/{$xmldump}");
2188			@unlink("{$g['tmp_path']}/{$xmldumpnew}");
2189	791bcfd4	Bill Marquette	}
2190	751533a2	Phil Davis	if (!platform_booting()) {
2191	e546d2d1	Ermal LUÇI	enable_rrd_graphing();
2192	751533a2	Phil Davis	}
2193	e34cf1f6	smos	/* Let's save the RRD graphs after we run enable RRD graphing */
2194			/* The function will restore the rrd.tgz so we will save it after */
2195	1289c0c1	Renato Botelho	exec("cd /; LANG=C RRDDBPATH='{$rrddbpath}' CF_CONF_PATH='{$g['cf_conf_path']}' /etc/rc.backup_rrd.sh");
2196	e7f65689	Renato Botelho	unlink_if_exists("{$g['vardb_path']}/rrd/*.xml");
2197	751533a2	Phil Davis	if (platform_booting()) {
2198	34834e7e	jim-p	echo "Updating configuration...";
2199	751533a2	Phil Davis	}
2200	791bcfd4	Bill Marquette	}
2201
2202
2203			function upgrade_055_to_056() {
2204			global $config;
2205
2206	751533a2	Phil Davis	if (!is_array($config['ca'])) {
2207	9ad72e5e	jim-p	$config['ca'] = array();
2208	751533a2	Phil Davis	}
2209			if (!is_array($config['cert'])) {
2210	9ad72e5e	jim-p	$config['cert'] = array();
2211	751533a2	Phil Davis	}
2212	791bcfd4	Bill Marquette
2213			/* migrate ipsec ca's to cert manager */
2214			if (is_array($config['ipsec']['cacert'])) {
2215	751533a2	Phil Davis	foreach ($config['ipsec']['cacert'] as & $cacert) {
2216	791bcfd4	Bill Marquette	$ca = array();
2217			$ca['refid'] = uniqid();
2218	751533a2	Phil Davis	if (is_array($cacert['cert'])) {
2219	791bcfd4	Bill Marquette	$ca['crt'] = $cacert['cert'][0];
2220	751533a2	Phil Davis	} else {
2221	791bcfd4	Bill Marquette	$ca['crt'] = $cacert['cert'];
2222	751533a2	Phil Davis	}
2223	f2a86ca9	jim-p	$ca['descr'] = $cacert['ident'];
2224	9ad72e5e	jim-p	$config['ca'][] = $ca;
2225	791bcfd4	Bill Marquette	}
2226			unset($config['ipsec']['cacert']);
2227			}
2228
2229			/* migrate phase1 certificates to cert manager */
2230			if (is_array($config['ipsec']['phase1'])) {
2231	751533a2	Phil Davis	foreach ($config['ipsec']['phase1'] as & $ph1ent) {
2232	791bcfd4	Bill Marquette	$cert = array();
2233			$cert['refid'] = uniqid();
2234	f2a86ca9	jim-p	$cert['descr'] = "IPsec Peer {$ph1ent['remote-gateway']} Certificate";
2235	751533a2	Phil Davis	if (is_array($ph1ent['cert'])) {
2236	791bcfd4	Bill Marquette	$cert['crt'] = $ph1ent['cert'][0];
2237	751533a2	Phil Davis	} else {
2238	791bcfd4	Bill Marquette	$cert['crt'] = $ph1ent['cert'];
2239	751533a2	Phil Davis	}
2240	791bcfd4	Bill Marquette	$cert['prv'] = $ph1ent['private-key'];
2241	9ad72e5e	jim-p	$config['cert'][] = $cert;
2242	791bcfd4	Bill Marquette	$ph1ent['certref'] = $cert['refid'];
2243	751533a2	Phil Davis	if ($ph1ent['cert']) {
2244	791bcfd4	Bill Marquette	unset($ph1ent['cert']);
2245	751533a2	Phil Davis	}
2246			if ($ph1ent['private-key']) {
2247	791bcfd4	Bill Marquette	unset($ph1ent['private-key']);
2248	751533a2	Phil Davis	}
2249			if ($ph1ent['peercert']) {
2250	791bcfd4	Bill Marquette	unset($ph1ent['peercert']);
2251	751533a2	Phil Davis	}
2252	791bcfd4	Bill Marquette	}
2253			}
2254			}
2255
2256
2257			function upgrade_056_to_057() {
2258			global $config;
2259	84924e76	Ermal
2260	751533a2	Phil Davis	if (!is_array($config['system']['user'])) {
2261	4830e56a	Erik Fonnesbeck	$config['system']['user'] = array();
2262	751533a2	Phil Davis	}
2263	791bcfd4	Bill Marquette	/* migrate captivate portal to user manager */
2264			if (is_array($config['captiveportal']['user'])) {
2265	751533a2	Phil Davis	foreach ($config['captiveportal']['user'] as $user) {
2266	791bcfd4	Bill Marquette	// avoid user conflicts
2267	4830e56a	Erik Fonnesbeck	$found = false;
2268			foreach ($config['system']['user'] as $userent) {
2269			if ($userent['name'] == $user['name']) {
2270			$found = true;
2271			break;
2272			}
2273			}
2274	751533a2	Phil Davis	if ($found) {
2275	791bcfd4	Bill Marquette	continue;
2276	751533a2	Phil Davis	}
2277	791bcfd4	Bill Marquette	$user['scope'] = "user";
2278			if (isset($user['expirationdate'])) {
2279			$user['expires'] = $user['expirationdate'];
2280			unset($user['expirationdate']);
2281			}
2282			if (isset($user['password'])) {
2283			$user['md5-hash'] = $user['password'];
2284			unset($user['password']);
2285			}
2286	4830e56a	Erik Fonnesbeck	$user['uid'] = $config['system']['nextuid']++;
2287	791bcfd4	Bill Marquette	$config['system']['user'][] = $user;
2288			}
2289			unset($config['captiveportal']['user']);
2290			}
2291			}
2292	4b96b367	mgrooms
2293			function upgrade_057_to_058() {
2294			global $config;
2295			/* set all phase2 entries to tunnel mode */
2296	751533a2	Phil Davis	if (is_array($config['ipsec']['phase2'])) {
2297			foreach ($config['ipsec']['phase2'] as & $ph2ent) {
2298	4b96b367	mgrooms	$ph2ent['mode'] = 'tunnel';
2299	751533a2	Phil Davis	}
2300			}
2301	4b96b367	mgrooms	}
2302	60120e37	Ermal Lu?i
2303			function upgrade_058_to_059() {
2304			global $config;
2305
2306			if (is_array($config['schedules']['schedule'])) {
2307	751533a2	Phil Davis	foreach ($config['schedules']['schedule'] as & $schedl) {
2308	60120e37	Ermal Lu?i	$schedl['schedlabel'] = uniqid();
2309	751533a2	Phil Davis	}
2310	60120e37	Ermal Lu?i	}
2311			}
2312	2523c923	Seth Mos
2313			function upgrade_059_to_060() {
2314	fcf5afa0	Seth Mos	global $config;
2315	a0588fad	Scott Ullrich	require_once("/etc/inc/certs.inc");
2316	9ad72e5e	jim-p	if (is_array($config['ca'])) {
2317	2cf6ddcb	Nigel Graham	/* Locate issuer for all CAs */
2318	9ad72e5e	jim-p	foreach ($config['ca'] as & $ca) {
2319	2cf6ddcb	Nigel Graham	$subject = cert_get_subject($ca['crt']);
2320			$issuer = cert_get_issuer($ca['crt']);
2321	751533a2	Phil Davis	if ($issuer <> $subject) {
2322	2cf6ddcb	Nigel Graham	$issuer_crt =& lookup_ca_by_subject($issuer);
2323	751533a2	Phil Davis	if ($issuer_crt) {
2324	2cf6ddcb	Nigel Graham	$ca['caref'] = $issuer_crt['refid'];
2325	751533a2	Phil Davis	}
2326	2cf6ddcb	Nigel Graham	}
2327			}
2328	2d563280	Renato Botelho
2329	2cf6ddcb	Nigel Graham	/* Locate issuer for all certificates */
2330	9ad72e5e	jim-p	if (is_array($config['cert'])) {
2331			foreach ($config['cert'] as & $cert) {
2332	2cf6ddcb	Nigel Graham	$subject = cert_get_subject($cert['crt']);
2333			$issuer = cert_get_issuer($cert['crt']);
2334	751533a2	Phil Davis	if ($issuer <> $subject) {
2335	2cf6ddcb	Nigel Graham	$issuer_crt =& lookup_ca_by_subject($issuer);
2336	751533a2	Phil Davis	if ($issuer_crt) {
2337	2cf6ddcb	Nigel Graham	$cert['caref'] = $issuer_crt['refid'];
2338	751533a2	Phil Davis	}
2339	2cf6ddcb	Nigel Graham	}
2340			}
2341	9d3dab70	Scott Ullrich	}
2342	2cf6ddcb	Nigel Graham	}
2343			}
2344	d43ad788	Scott Ullrich
2345	6a688547	Ermal	function upgrade_060_to_061() {
2346			global $config;
2347	3cfa11c2	Scott Ullrich
2348	751533a2	Phil Davis	if (is_array($config['interfaces']['wan'])) {
2349	6a688547	Ermal	$config['interfaces']['wan']['enable'] = true;
2350	751533a2	Phil Davis	}
2351			if (is_array($config['interfaces']['lan'])) {
2352	6a688547	Ermal	$config['interfaces']['lan']['enable'] = true;
2353	751533a2	Phil Davis	}
2354	1cad6f6c	jim-p
2355			/* On 1.2.3 the "mtu" field adjusted MSS.
2356			On 2.x the "mtu" field is actually the MTU. Rename accordingly.
2357			See redmine ticket #1886
2358			*/
2359			foreach ($config['interfaces'] as $ifr => &$intf) {
2360			if (isset($intf['mtu']) && is_numeric($intf['mtu'])) {
2361			$intf['mss'] = $intf['mtu'];
2362			unset($intf['mtu']);
2363			}
2364			}
2365	6a688547	Ermal	}
2366	3cfa11c2	Scott Ullrich
2367	59ecde49	Renato Botelho	function upgrade_061_to_062() {
2368			global $config;
2369
2370			/* Convert NAT port forwarding rules */
2371			if (is_array($config['nat']['rule'])) {
2372			$a_nat = &$config['nat']['rule'];
2373
2374			foreach ($a_nat as &$natent) {
2375			$natent['disabled'] = false;
2376			$natent['nordr'] = false;
2377
2378			$natent['source'] = array(
2379			"not" => false,
2380			"any" => true,
2381			"port" => ""
2382			);
2383
2384			$natent['destination'] = array(
2385			"not" => false,
2386			"address" => $natent['external-address'],
2387			"port" => $natent['external-port']
2388			);
2389
2390	743ce9f8	Erik Fonnesbeck	if (empty($natent['destination']['address'])) {
2391	fcf4e8cd	Erik Fonnesbeck	unset($natent['destination']['address']);
2392			$natent['destination']['network'] = $natent['interface'] . 'ip';
2393	743ce9f8	Erik Fonnesbeck	} else if ($natent['destination']['address'] == 'any') {
2394			unset($natent['destination']['address']);
2395			$natent['destination']['any'] = true;
2396			}
2397
2398	59ecde49	Renato Botelho	unset($natent['external-address']);
2399			unset($natent['external-port']);
2400			}
2401
2402			unset($natent);
2403			}
2404			}
2405
2406	0f8266ed	smos	function upgrade_062_to_063() {
2407	168a1e48	smos	/* Upgrade legacy Themes to the new pfsense_ng */
2408	995df6c3	Stephen Beaver	// Not supported in 2.3+
2409	2d563280	Renato Botelho
2410	168a1e48	smos	}
2411	c2b2b571	gnhb
2412			function upgrade_063_to_064() {
2413			global $config;
2414	4de8f7ba	Phil Davis	$j = 0;
2415	c6c398c6	jim-p	init_config_arr(array('ppps', 'ppp'));
2416			init_config_arr(array('interfaces'));
2417	d09ca87e	gnhb	$ifcfg = &$config['interfaces'];
2418	2d563280	Renato Botelho
2419	c6c398c6	jim-p	if (count($config['ppps']['ppp'])) {
2420	c2b2b571	gnhb	foreach ($config['ppps']['ppp'] as $pppid => $ppp) {
2421	d09ca87e	gnhb	$config['ppps']['ppp'][$pppid]['if'] = "ppp".$j;
2422			$config['ppps']['ppp'][$pppid]['ptpid'] = $j;
2423			$j++;
2424	751533a2	Phil Davis	if (isset($ppp['port'])) {
2425	c2b2b571	gnhb	$config['ppps']['ppp'][$pppid]['ports'] = $ppp['port'];
2426			unset($config['ppps']['ppp'][$pppid]['port']);
2427			}
2428	751533a2	Phil Davis	if (!isset($ppp['type'])) {
2429	c2b2b571	gnhb	$config['ppps']['ppp'][$pppid]['type'] = "ppp";
2430			}
2431	751533a2	Phil Davis	if (isset($ppp['defaultgw'])) {
2432	6fdfa8fb	gnhb	unset($config['ppps']['ppp'][$pppid]['defaultgw']);
2433	751533a2	Phil Davis	}
2434	c2b2b571	gnhb	}
2435			}
2436	2d563280	Renato Botelho
2437	c2b2b571	gnhb	$a_ppps = &$config['ppps']['ppp'];
2438
2439			foreach ($ifcfg as $ifname => $ifinfo) {
2440			$ppp = array();
2441			// For pppoe conversion
2442	751533a2	Phil Davis	if ($ifinfo['ipaddr'] == "pppoe" \|\| $ifinfo['ipaddr'] == "pptp") {
2443			if (isset($ifinfo['ptpid'])) {
2444	c2b2b571	gnhb	continue;
2445	751533a2	Phil Davis	}
2446	4de8f7ba	Phil Davis	$ppp['ptpid'] = $j;
2447	c2b2b571	gnhb	$ppp['type'] = $ifinfo['ipaddr'];
2448	d09ca87e	gnhb	$ppp['if'] = $ifinfo['ipaddr'].$j;
2449	c2b2b571	gnhb	$ppp['ports'] = $ifinfo['if'];
2450	751533a2	Phil Davis	if ($ifinfo['ipaddr'] == "pppoe") {
2451	c2b2b571	gnhb	$ppp['username'] = $ifinfo['pppoe_username'];
2452			$ppp['password'] = base64_encode($ifinfo['pppoe_password']);
2453			}
2454	751533a2	Phil Davis	if ($ifinfo['ipaddr'] == "pptp") {
2455	c2b2b571	gnhb	$ppp['username'] = $ifinfo['pptp_username'];
2456			$ppp['password'] = base64_encode($ifinfo['pptp_password']);
2457			}
2458	2d563280	Renato Botelho
2459	751533a2	Phil Davis	if (isset($ifinfo['provider'])) {
2460	c2b2b571	gnhb	$ppp['provider'] = $ifinfo['provider'];
2461	751533a2	Phil Davis	}
2462			if (isset($ifinfo['ondemand'])) {
2463	c2b2b571	gnhb	$ppp['ondemand'] = true;
2464	751533a2	Phil Davis	}
2465			if (isset($ifinfo['timeout'])) {
2466	c2b2b571	gnhb	$ppp['idletimeout'] = $ifinfo['timeout'];
2467	751533a2	Phil Davis	}
2468			if (isset($ifinfo['pppoe']['pppoe-reset-type'])) {
2469	c2b2b571	gnhb	$ppp['pppoe-reset-type'] = $ifinfo['pppoe']['pppoe-reset-type'];
2470			if (is_array($config['cron']['item'])) {
2471			for ($i = 0; $i < count($config['cron']['item']); $i++) {
2472			$item = $config['cron']['item'][$i];
2473	751533a2	Phil Davis	if (strpos($item['command'], "/conf/pppoe{$ifname}restart") !== false) {
2474	f7480829	gnhb	$config['cron']['item'][$i]['command'] = "/var/etc/pppoe_restart_" . $ppp['if'];
2475	751533a2	Phil Davis	}
2476	c2b2b571	gnhb	}
2477			}
2478			}
2479	751533a2	Phil Davis	if (isset($ifinfo['local'])) {
2480	c2b2b571	gnhb	$ppp['localip'] = $ifinfo['local'];
2481	751533a2	Phil Davis	}
2482			if (isset($ifinfo['subnet'])) {
2483	c2b2b571	gnhb	$ppp['subnet'] = $ifinfo['subnet'];
2484	751533a2	Phil Davis	}
2485			if (isset($ifinfo['remote'])) {
2486	c2b2b571	gnhb	$ppp['gateway'] = $ifinfo['remote'];
2487	751533a2	Phil Davis	}
2488	f7480829	gnhb
2489	d09ca87e	gnhb	$ifcfg[$ifname]['if'] = $ifinfo['ipaddr'].$j;
2490			$j++;
2491	2d563280	Renato Botelho
2492	c2b2b571	gnhb	unset($ifcfg[$ifname]['pppoe_username']);
2493			unset($ifcfg[$ifname]['pppoe_password']);
2494			unset($ifcfg[$ifname]['provider']);
2495			unset($ifcfg[$ifname]['ondemand']);
2496			unset($ifcfg[$ifname]['timeout']);
2497			unset($ifcfg[$ifname]['pppoe_reset']);
2498			unset($ifcfg[$ifname]['pppoe_preset']);
2499			unset($ifcfg[$ifname]['pppoe']);
2500			unset($ifcfg[$ifname]['pptp_username']);
2501			unset($ifcfg[$ifname]['pptp_password']);
2502			unset($ifcfg[$ifname]['local']);
2503			unset($ifcfg[$ifname]['subnet']);
2504			unset($ifcfg[$ifname]['remote']);
2505	2d563280	Renato Botelho
2506	c2b2b571	gnhb	$a_ppps[] = $ppp;
2507	2d563280	Renato Botelho
2508	c2b2b571	gnhb	}
2509			}
2510			}
2511
2512	56a5a0ab	jim-p	function upgrade_064_to_065() {
2513			/* Disable TSO and LRO in upgraded configs */
2514			global $config;
2515			$config['system']['disablesegmentationoffloading'] = true;
2516			$config['system']['disablelargereceiveoffloading'] = true;
2517			}
2518
2519	2f06cc3f	Ermal	function upgrade_065_to_066() {
2520			global $config;
2521
2522	c6c398c6	jim-p	init_config_arr(array('dhcrelay'));
2523			$dhcrelaycfg = &$config['dhcrelay'];
2524	2f06cc3f	Ermal
2525	2d563280	Renato Botelho	if (is_array($dhcrelaycfg)) {
2526			$dhcrelayifs = array();
2527	2f06cc3f	Ermal	$foundifs = false;
2528	2d563280	Renato Botelho	/* DHCPRelay enabled on any interfaces? */
2529			foreach ($dhcrelaycfg as $dhcrelayif => $dhcrelayifconf) {
2530			if (isset($dhcrelayifconf['enable'])) {
2531	2f06cc3f	Ermal	$dhcrelayifs[] = $dhcrelayif;
2532			unset($dhcrelaycfg['dhcrelayif']);
2533			$foundifs = true;
2534			}
2535	2d563280	Renato Botelho	}
2536	751533a2	Phil Davis	if ($foundifs == true) {
2537	2f06cc3f	Ermal	$dhcrelaycfg['interface'] = implode(",", $dhcrelayifs);
2538	751533a2	Phil Davis	}
2539	2d563280	Renato Botelho	}
2540	2f06cc3f	Ermal	}
2541
2542	9ad72e5e	jim-p	function upgrade_066_to_067() {
2543			global $config;
2544			if (isset($config['system']['ca'])) {
2545			$config['ca'] = $config['system']['ca'];
2546	661de3e7	Phil Davis	unset($config['system']['ca']);
2547	9ad72e5e	jim-p	}
2548			if (isset($config['system']['cert'])) {
2549			$config['cert'] = $config['system']['cert'];
2550	661de3e7	Phil Davis	unset($config['system']['cert']);
2551	9ad72e5e	jim-p	}
2552			}
2553
2554	6ae9f9b7	Ermal	function upgrade_067_to_068() {
2555			global $config;
2556
2557			if (!empty($config['pppoe'])) {
2558			$config['pppoes'] = array();
2559			$config['pppoes']['pppoe'] = array();
2560			$config['pppoes']['pppoe'][] = $config['pppoe'][0];
2561	ce968051	Ermal
2562			if (is_array($config['pppoe']['user'])) {
2563	2d563280	Renato Botelho	$username = array();
2564	ce968051	Ermal	foreach ($config['pppoe']['user'] as $user) {
2565	2fc29020	Ermal	$usr = $user['name'] . ":" . base64_encode($user['password']);
2566	751533a2	Phil Davis	if ($user['ip']) {
2567	ce968051	Ermal	$usr .= ":{$user['ip']}";
2568	751533a2	Phil Davis	}
2569	ce968051	Ermal	$username[] = $usr;
2570			}
2571			$config['pppoes']['pppoe'][0]['username'] = implode(" ", $username);
2572			}
2573	6ae9f9b7	Ermal	unset($config['pppoe']);
2574			}
2575			}
2576
2577	18de0728	Ermal	function upgrade_068_to_069() {
2578	8fefb9dd	jim-p	global $config;
2579	751533a2	Phil Davis	if (!is_array($config['system']['user'])) {
2580	8fefb9dd	jim-p	return;
2581	751533a2	Phil Davis	}
2582	8fefb9dd	jim-p	foreach ($config['system']['user'] as & $user) {
2583	751533a2	Phil Davis	if (!is_array($user['cert'])) {
2584	8fefb9dd	jim-p	continue;
2585	751533a2	Phil Davis	}
2586	8fefb9dd	jim-p	$rids = array();
2587			foreach ($user['cert'] as $id => $cert) {
2588	751533a2	Phil Davis	if (!isset($cert['descr'])) {
2589	8fefb9dd	jim-p	continue;
2590	751533a2	Phil Davis	}
2591	8fefb9dd	jim-p	$tcert = $cert;
2592			// Make sure each cert gets a refid
2593	751533a2	Phil Davis	if (!isset($tcert['refid'])) {
2594	8fefb9dd	jim-p	$tcert['refid'] = uniqid();
2595	751533a2	Phil Davis	}
2596	8fefb9dd	jim-p	// Keep the cert references for this user
2597			$rids[] = $tcert['refid'];
2598			$config['cert'][] = $tcert;
2599			}
2600			// Replace user certs with cert references instead.
2601	751533a2	Phil Davis	if (count($rids) > 0) {
2602	8fefb9dd	jim-p	$user['cert'] = $rids;
2603	751533a2	Phil Davis	}
2604	8fefb9dd	jim-p	}
2605			}
2606
2607	4c5b8653	Erik Fonnesbeck	function upgrade_069_to_070() {
2608			global $config;
2609
2610			/* Convert NAT 1:1 rules */
2611			if (is_array($config['nat']['onetoone'])) {
2612	a3bac4ce	Ermal	foreach ($config['nat']['onetoone'] as $nidx => $natent) {
2613	751533a2	Phil Davis	if ($natent['subnet'] == 32) {
2614	a3bac4ce	Ermal	$config['nat']['onetoone'][$nidx]['source'] = array("address" => $natent['internal']);
2615	751533a2	Phil Davis	} else {
2616	a3bac4ce	Ermal	$config['nat']['onetoone'][$nidx]['source'] = array("address" => $natent['internal'] . "/" . $natent['subnet']);
2617	751533a2	Phil Davis	}
2618	4c5b8653	Erik Fonnesbeck
2619	a3bac4ce	Ermal	$config['nat']['onetoone'][$nidx]['destination'] = array("any" => true);
2620	4c5b8653	Erik Fonnesbeck
2621	a3bac4ce	Ermal	unset($config['nat']['onetoone'][$nidx]['internal']);
2622			unset($config['nat']['onetoone'][$nidx]['subnet']);
2623	4c5b8653	Erik Fonnesbeck	}
2624
2625			unset($natent);
2626			}
2627			}
2628
2629	65167fcc	Ermal	function upgrade_070_to_071() {
2630			global $config;
2631
2632			if (is_array($config['cron']['item'])) {
2633	751533a2	Phil Davis	foreach ($config['cron']['item'] as $idx => $cronitem) {
2634			if (stristr($cronitem['command'], "checkreload.sh")) {
2635	65167fcc	Ermal	unset($config['cron']['item'][$idx]);
2636			break;
2637			}
2638			}
2639			}
2640			}
2641	15864861	jim-p
2642	6751b3e7	jim-p	function rename_field(& $section, $oldname, $newname) {
2643	e988813d	jim-p	if (is_array($section)) {
2644	751533a2	Phil Davis	foreach ($section as & $item) {
2645			if (is_array($item) && !empty($item[$oldname])) {
2646	6751b3e7	jim-p	$item[$newname] = $item[$oldname];
2647	751533a2	Phil Davis	}
2648			if (is_array($item) && isset($item[$oldname])) {
2649	6751b3e7	jim-p	unset($item[$oldname]);
2650	751533a2	Phil Davis	}
2651	e988813d	jim-p	}
2652			}
2653			}
2654
2655	6751b3e7	jim-p	function upgrade_071_to_072() {
2656			global $config;
2657	751533a2	Phil Davis	if (is_array($config['sysctl']) && is_array($config['sysctl']['item'])) {
2658	6bef0554	jim-p	rename_field($config['sysctl']['item'], 'desc', 'descr');
2659	751533a2	Phil Davis	}
2660	6751b3e7	jim-p	}
2661
2662	e988813d	jim-p	function upgrade_072_to_073() {
2663			global $config;
2664	751533a2	Phil Davis	if (!is_array($config['load_balancer'])) {
2665	6bef0554	jim-p	return;
2666	751533a2	Phil Davis	}
2667			if (is_array($config['load_balancer']['monitor_type'])) {
2668	6bef0554	jim-p	rename_field($config['load_balancer']['monitor_type'], 'desc', 'descr');
2669	751533a2	Phil Davis	}
2670			if (is_array($config['load_balancer']['lbpool'])) {
2671	6bef0554	jim-p	rename_field($config['load_balancer']['lbpool'], 'desc', 'descr');
2672	751533a2	Phil Davis	}
2673			if (is_array($config['load_balancer']['lbaction'])) {
2674	6bef0554	jim-p	rename_field($config['load_balancer']['lbaction'], 'desc', 'descr');
2675	751533a2	Phil Davis	}
2676			if (is_array($config['load_balancer']['lbprotocol'])) {
2677	6bef0554	jim-p	rename_field($config['load_balancer']['lbprotocol'], 'desc', 'descr');
2678	751533a2	Phil Davis	}
2679			if (is_array($config['load_balancer']['virtual_server'])) {
2680	6bef0554	jim-p	rename_field($config['load_balancer']['virtual_server'], 'desc', 'descr');
2681	751533a2	Phil Davis	}
2682	e988813d	jim-p	}
2683	9ff73b79	jim-p
2684			function upgrade_073_to_074() {
2685			global $config;
2686	6751b3e7	jim-p	rename_field($config['system']['user'], 'fullname', 'descr');
2687	9ff73b79	jim-p	}
2688	f2a86ca9	jim-p
2689			function upgrade_074_to_075() {
2690			global $config;
2691	751533a2	Phil Davis	if (is_array($config['ca'])) {
2692	6bef0554	jim-p	rename_field($config['ca'], 'name', 'descr');
2693	751533a2	Phil Davis	}
2694			if (is_array($config['cert'])) {
2695	6bef0554	jim-p	rename_field($config['cert'], 'name', 'descr');
2696	751533a2	Phil Davis	}
2697			if (is_array($config['crl'])) {
2698	6bef0554	jim-p	rename_field($config['crl'], 'name', 'descr');
2699	751533a2	Phil Davis	}
2700	f2a86ca9	jim-p	}
2701	9734b054	Scott Ullrich
2702	d0dc2fd1	jim-p	function upgrade_075_to_076() {
2703	7d9b3d5e	jim-p	global $config;
2704			$cron_item = array();
2705			$cron_item['minute'] = "30";
2706			$cron_item['hour'] = "12";
2707			$cron_item['mday'] = "*";
2708			$cron_item['month'] = "*";
2709			$cron_item['wday'] = "*";
2710			$cron_item['who'] = "root";
2711			$cron_item['command'] = "/usr/bin/nice -n20 /etc/rc.update_urltables";
2712			$config['cron']['item'][] = $cron_item;
2713	d0dc2fd1	jim-p	}
2714
2715	9bc8b6b6	Seth Mos	function upgrade_076_to_077() {
2716	9956b38a	Seth Mos	global $config;
2717	751533a2	Phil Davis	foreach ($config['filter']['rule'] as & $rule) {
2718			if (isset($rule['protocol']) && !empty($rule['protocol'])) {
2719			$rule['protocol'] = strtolower($rule['protocol']);
2720			}
2721	9956b38a	Seth Mos	}
2722			}
2723
2724			function upgrade_077_to_078() {
2725	f33030aa	jim-p	global $config;
2726	751533a2	Phil Davis	if (is_array($config['pptpd']) && is_array($config['pptpd']['radius']) &&
2727			!is_array($config['pptpd']['radius']['server'])) {
2728	7171b7b6	jim-p	$radarr = array();
2729			$radsvr = array();
2730			$radsvr['ip'] = $config['pptpd']['radius']['server'];
2731			$radsvr['secret'] = $config['pptpd']['radius']['secret'];
2732			$radsvr['port'] = 1812;
2733			$radsvr['acctport'] = 1813;
2734			$radsvr['enable'] = isset($config['pptpd']['radius']['enable']);
2735			$radarr['accounting'] = isset($config['pptpd']['radius']['accounting']);
2736	751533a2	Phil Davis	if ($radarr['accounting']) {
2737	7171b7b6	jim-p	$radarr['acct_update'] = $radsvr['ip'];
2738	751533a2	Phil Davis	}
2739	7171b7b6	jim-p	$radarr['server'] = $radsvr;
2740			$config['pptpd']['radius'] = $radarr;
2741			}
2742	f7c8f633	jim-p	if (is_array($config['pptpd'])) {
2743			$config['pptpd']['n_pptp_units'] = empty($config['pptpd']['n_pptp_units']) ? 16 : $config['pptpd']['n_pptp_units'];
2744			}
2745	7171b7b6	jim-p	}
2746	27d0722d	jim-p	function upgrade_078_to_079() {
2747	838e4eb8	Warren Baker	global $g;
2748	5c723d9f	Warren Baker	/* Delete old and unused RRD file */
2749	838e4eb8	Warren Baker	unlink_if_exists("{$g['vardb_path']}/rrd/captiveportal-totalusers.rrd");
2750	5c723d9f	Warren Baker	}
2751
2752	58005e52	jim-p	function upgrade_079_to_080() {
2753	9bc8b6b6	Seth Mos	global $config;
2754	e6ee8fc6	Ermal
2755	f416763b	Phil Davis	/* Upgrade config in 1.2.3 specifying a username other than admin for syncing. */
2756	e6ee8fc6	Ermal	if (!empty($config['system']['username']) && is_array($config['installedpackages']['carpsettings']) &&
2757	751533a2	Phil Davis	is_array($config['installedpackages']['carpsettings']['config'])) {
2758	e6ee8fc6	Ermal	$config['installedpackages']['carpsettings']['config'][0]['username'] = $config['system']['username'];
2759			unset($config['system']['username']);
2760			}
2761			}
2762
2763	e49d4564	jim-p	function upgrade_080_to_081() {
2764			global $config;
2765	9bc8b6b6	Seth Mos	global $g;
2766	ff6677cf	smos	/* Welcome to the 2.1 migration path */
2767
2768			/* tag all the existing gateways as being IPv4 */
2769			$i = 0;
2770	751533a2	Phil Davis	if (is_array($config['gateways']['gateway_item'])) {
2771			foreach ($config['gateways']['gateway_item'] as $gw) {
2772	ff6677cf	smos	$config['gateways']['gateway_item'][$i]['ipprotocol'] = "inet";
2773			$i++;
2774			}
2775			}
2776	9bc8b6b6	Seth Mos
2777			/* RRD files changed for quality, traffic and packets graphs */
2778			/* convert traffic RRD file */
2779			global $parsedcfg, $listtags;
2780			$listtags = array("ds", "v", "rra", "row");
2781
2782			$rrddbpath = "/var/db/rrd/";
2783			$rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool";
2784
2785			$rrdinterval = 60;
2786			$valid = $rrdinterval * 2;
2787
2788	f3f98e97	Phil Davis	/* Assume GigE for now */
2789	9bc8b6b6	Seth Mos	$downstream = 125000000;
2790			$upstream = 125000000;
2791
2792			/* build a list of traffic and packets databases */
2793	84683e42	Renato Botelho	$databases = return_dir_as_array($rrddbpath, '/-(traffic\|packets)\.rrd$/');
2794	9bc8b6b6	Seth Mos	rsort($databases);
2795	751533a2	Phil Davis	foreach ($databases as $database) {
2796	9bc8b6b6	Seth Mos	$xmldump = "{$database}.old.xml";
2797			$xmldumpnew = "{$database}.new.xml";
2798
2799	751533a2	Phil Davis	if (platform_booting()) {
2800	d55ea970	Seth Mos	echo "Migrate RRD database {$database} to new format for IPv6.\n";
2801	751533a2	Phil Davis	}
2802	9bc8b6b6	Seth Mos
2803			/* dump contents to xml and move database out of the way */
2804			dump_rrd_to_xml("{$rrddbpath}/{$database}", "{$g['tmp_path']}/{$xmldump}");
2805
2806	fcaa56b1	smos	/* search and replace tags to add data sources */
2807			$ds_search = "<!-- Round Robin Archives -->";
2808			$ds_arr = array();
2809			$ds_arr[] = " <ds>
2810			<name> inpass6 </name>
2811			<type> COUNTER </type>
2812			<minimal_heartbeat> {$valid} </minimal_heartbeat>
2813			<min> 0.0000000000e+00 </min>
2814			<max> 1.2500000000e+08 </max>
2815
2816			<!-- PDP Status -->
2817			<last_ds> 0 </last_ds>
2818			<value> NaN </value>
2819			<unknown_sec> 3 </unknown_sec>
2820			</ds>
2821			";
2822			$ds_arr[] = " <ds>
2823			<name> outpass6 </name>
2824			<type> COUNTER </type>
2825			<minimal_heartbeat> {$valid} </minimal_heartbeat>
2826			<min> 0.0000000000e+00 </min>
2827			<max> 1.2500000000e+08 </max>
2828
2829			<!-- PDP Status -->
2830			<last_ds> 0 </last_ds>
2831			<value> NaN </value>
2832			<unknown_sec> 3 </unknown_sec>
2833			</ds>
2834			";
2835			$ds_arr[] = " <ds>
2836			<name> inblock6 </name>
2837			<type> COUNTER </type>
2838			<minimal_heartbeat> {$valid} </minimal_heartbeat>
2839			<min> 0.0000000000e+00 </min>
2840			<max> 1.2500000000e+08 </max>
2841
2842			<!-- PDP Status -->
2843			<last_ds> 0 </last_ds>
2844			<value> NaN </value>
2845			<unknown_sec> 3 </unknown_sec>
2846			</ds>
2847			";
2848			$ds_arr[] = " <ds>
2849			<name> outblock6 </name>
2850			<type> COUNTER </type>
2851			<minimal_heartbeat> {$valid} </minimal_heartbeat>
2852			<min> 0.0000000000e+00 </min>
2853			<max> 1.2500000000e+08 </max>
2854
2855			<!-- PDP Status -->
2856			<last_ds> 0 </last_ds>
2857			<value> NaN </value>
2858			<unknown_sec> 3 </unknown_sec>
2859			</ds>
2860			";
2861
2862			$cdp_search = "<\/cdp_prep>";
2863			$cdp_replace = "</cdp_prep>";
2864			$cdp_arr = array();
2865			$cdp_arr[] = " <ds>
2866			<primary_value> NaN </primary_value>
2867			<secondary_value> 0.0000000000e+00 </secondary_value>
2868			<value> NaN </value>
2869			<unknown_datapoints> 0 </unknown_datapoints>
2870			</ds>
2871			";
2872			$cdp_arr[] = " <ds>
2873			<primary_value> NaN </primary_value>
2874			<secondary_value> 0.0000000000e+00 </secondary_value>
2875			<value> NaN </value>
2876			<unknown_datapoints> 0 </unknown_datapoints>
2877			</ds>
2878			";
2879			$cdp_arr[] = " <ds>
2880			<primary_value> NaN </primary_value>
2881			<secondary_value> 0.0000000000e+00 </secondary_value>
2882			<value> NaN </value>
2883			<unknown_datapoints> 0 </unknown_datapoints>
2884			</ds>
2885			";
2886			$cdp_arr[] = " <ds>
2887			<primary_value> NaN </primary_value>
2888			<secondary_value> 0.0000000000e+00 </secondary_value>
2889			<value> NaN </value>
2890			<unknown_datapoints> 0 </unknown_datapoints>
2891			</ds>
2892			";
2893
2894			$value_search = "<\/row>";
2895			$value_replace = "</row>";
2896			$value = "<v> NaN </v>";
2897
2898			$xml = file_get_contents("{$g['tmp_path']}/{$xmldump}");
2899	751533a2	Phil Davis	foreach ($ds_arr as $ds) {
2900	fcaa56b1	smos	$xml = preg_replace("/$ds_search/s", "$ds{$ds_search}", $xml);
2901			}
2902	751533a2	Phil Davis	foreach ($cdp_arr as $cdp) {
2903	fcaa56b1	smos	$xml = preg_replace("/$cdp_search/s", "$cdp{$cdp_replace}", $xml);
2904			}
2905	751533a2	Phil Davis	foreach ($ds_arr as $ds) {
2906	fcaa56b1	smos	$xml = preg_replace("/$value_search/s", "$value{$value_replace}", $xml);
2907			}
2908	751533a2	Phil Davis
2909	fcaa56b1	smos	file_put_contents("{$g['tmp_path']}/{$xmldumpnew}", $xml);
2910			mwexec("$rrdtool restore -f {$g['tmp_path']}/{$xmldumpnew} {$rrddbpath}/{$database} 2>&1");
2911			unset($xml);
2912	73c569ea	Xon	# Default /tmp tmpfs is ~40mb, do not leave temp files around
2913	48047e3f	Renato Botelho	unlink_if_exists("{$g['tmp_path']}/{$xmldump}");
2914			unlink_if_exists("{$g['tmp_path']}/{$xmldumpnew}");
2915	9bc8b6b6	Seth Mos	}
2916	751533a2	Phil Davis	if (!platform_booting()) {
2917	e546d2d1	Ermal LUÇI	enable_rrd_graphing();
2918	751533a2	Phil Davis	}
2919	42ec9337	Renato Botelho	/* Let's save the RRD graphs after we run enable RRD graphing */
2920			/* The function will restore the rrd.tgz so we will save it after */
2921	1289c0c1	Renato Botelho	exec("cd /; LANG=C RRDDBPATH='{$rrddbpath}' CF_CONF_PATH='{$g['cf_conf_path']}' /etc/rc.backup_rrd.sh");
2922	751533a2	Phil Davis	if (platform_booting()) {
2923	9bc8b6b6	Seth Mos	echo "Updating configuration...";
2924	751533a2	Phil Davis	}
2925			foreach ($config['filter']['rule'] as & $rule) {
2926			if (isset($rule['protocol']) && !empty($rule['protocol'])) {
2927	1c1a74fa	jim-p	$rule['protocol'] = strtolower($rule['protocol']);
2928	751533a2	Phil Davis	}
2929	7ec0e6e2	jim-p	}
2930	17640b28	Ermal	unset($rule);
2931	9bc8b6b6	Seth Mos	}
2932
2933	e49d4564	jim-p	function upgrade_081_to_082() {
2934	4cdf35a4	Chris Buechler	/* don't enable the allow IPv6 toggle */
2935	1f116988	Seth Mos	}
2936	b4792bf8	Ermal
2937			function upgrade_082_to_083() {
2938			global $config;
2939	7b47bd4c	Ermal
2940	b4792bf8	Ermal	/* Upgrade captiveportal config */
2941			if (!empty($config['captiveportal'])) {
2942			$tmpcp = $config['captiveportal'];
2943			$config['captiveportal'] = array();
2944	17640b28	Ermal	$config['captiveportal']['cpzone'] = array();
2945			$config['captiveportal']['cpzone'] = $tmpcp;
2946			$config['captiveportal']['cpzone']['zoneid'] = 8000;
2947	26b6e758	jim-p	$config['captiveportal']['cpzone']['zone'] = "cpzone";
2948	751533a2	Phil Davis	if ($config['captiveportal']['cpzone']['auth_method'] == "radius") {
2949	2d72659a	Renato Botelho	$config['captiveportal']['cpzone']['radius_protocol'] = "PAP";
2950	751533a2	Phil Davis	}
2951	b4792bf8	Ermal	}
2952	67e73dcd	Ermal	if (!empty($config['voucher'])) {
2953			$tmpcp = $config['voucher'];
2954			$config['voucher'] = array();
2955	17640b28	Ermal	$config['voucher']['cpzone'] = array();
2956			$config['voucher']['cpzone'] = $tmpcp;
2957	67e73dcd	Ermal	}
2958	b4792bf8	Ermal	}
2959	67e73dcd	Ermal
2960	f97a5b04	Darren Embry	function upgrade_083_to_084() {
2961			global $config;
2962			if (!isset($config['hasync'])) {
2963			if (!empty($config['installedpackages']) &&
2964			!empty($config['installedpackages']['carpsettings']) &&
2965			!empty($config['installedpackages']['carpsettings']['config'])) {
2966			$config['hasync'] = $config['installedpackages']['carpsettings']['config'][0];
2967			unset($config['installedpackages']['carpsettings']);
2968			}
2969	fa6e5ba5	Phil Davis	if (empty($config['installedpackages']['carpsettings']) && isset($config['installedpackages']['carpsettings'])) {
2970	f97a5b04	Darren Embry	unset($config['installedpackages']['carpsettings']);
2971			}
2972	fa6e5ba5	Phil Davis	if (empty($config['installedpackages']) && isset($config['installedpackages'])) {
2973	f97a5b04	Darren Embry	unset($config['installedpackages']);
2974			}
2975			}
2976			}
2977
2978	c3ce2ece	smos	function upgrade_084_to_085() {
2979			global $config;
2980
2981			$gateway_group_arr = array();
2982			$gateways = return_gateways_array();
2983			$oldnames = array();
2984			/* setup translation array */
2985	751533a2	Phil Davis	foreach ($gateways as $name => $gw) {
2986			if (isset($gw['dynamic'])) {
2987	c3ce2ece	smos	$oldname = strtoupper($config['interfaces'][$gw['friendlyiface']]['descr']);
2988	2d563280	Renato Botelho	$oldnames[$oldname] = $name;
2989	c3ce2ece	smos	} else {
2990			$oldnames[$name] = $name;
2991			}
2992			}
2993
2994			/* process the old array */
2995	751533a2	Phil Davis	if (is_array($config['gateways']['gateway_group'])) {
2996	c3ce2ece	smos	$group_array_new = array();
2997	751533a2	Phil Davis	foreach ($config['gateways']['gateway_group'] as $name => $group) {
2998			if (is_array($group['item'])) {
2999	c3ce2ece	smos	$newlist = array();
3000	751533a2	Phil Davis	foreach ($group['item'] as $entry) {
3001	c3ce2ece	smos	$elements = explode("\|", $entry);
3002	751533a2	Phil Davis	if ($oldnames[$elements[0]] <> "") {
3003	c3ce2ece	smos	$newlist[] = "{$oldnames[$elements[0]]}\|{$elements[1]}";
3004	da12a8a4	smos	} else {
3005			$newlist[] = "{$elements[0]}\|{$elements[1]}";
3006	c3ce2ece	smos	}
3007			}
3008			$group['item'] = $newlist;
3009			$group_array_new[$name] = $group;
3010			}
3011			}
3012			$config['gateways']['gateway_group'] = $group_array_new;
3013			}
3014	d4d5f7b4	smos	/* rename old Quality RRD files in the process */
3015			$rrddbpath = "/var/db/rrd";
3016	751533a2	Phil Davis	foreach ($oldnames as $old => $new) {
3017			if (is_readable("{$rrddbpath}/{$old}-quality.rrd")) {
3018	17640b28	Ermal	@rename("{$rrddbpath}/{$old}-quality.rrd", "{$rrddbpath}/{$new}-quality.rrd");
3019	d4d5f7b4	smos	}
3020			}
3021	17640b28	Ermal	unset($gateways, $oldnames, $gateway_group_arr);
3022	c3ce2ece	smos	}
3023
3024	b22fc825	jim-p	function upgrade_085_to_086() {
3025	879f7db7	Erik Fonnesbeck	global $config, $g;
3026	b22fc825	jim-p
3027			/* XXX: Gross hacks in sight */
3028	12766374	Erik Fonnesbeck	if (is_array($config['virtualip']['vip'])) {
3029	b22fc825	jim-p	$vipchg = array();
3030	12766374	Erik Fonnesbeck	foreach ($config['virtualip']['vip'] as $vip) {
3031	751533a2	Phil Davis	if ($vip['mode'] != "carp") {
3032	fbda07b9	Ermal	continue;
3033	751533a2	Phil Davis	}
3034	f2cc3344	Renato Botelho	$config = array_replace_values_recursive(
3035			$config,
3036			'^vip' . $vip['vhid'] . '$',
3037			"{$vip['interface']}_vip{$vip['vhid']}"
3038			);
3039	fe47f1f2	Erik Fonnesbeck	}
3040	b22fc825	jim-p	}
3041			}
3042
3043	85a236e9	Ermal	function upgrade_086_to_087() {
3044			global $config, $dummynet_pipe_list;
3045
3046	751533a2	Phil Davis	if (!is_array($config['dnshaper']) \|\| !is_array($config['dnshaper']['queue'])) {
3047	85a236e9	Ermal	return;
3048	751533a2	Phil Davis	}
3049	85a236e9	Ermal
3050			$dnqueue_number = 1;
3051			$dnpipe_number = 1;
3052
3053			foreach ($config['dnshaper']['queue'] as $idx => $dnpipe) {
3054			$config['dnshaper']['queue'][$idx]['number'] = $dnpipe_number;
3055			$dnpipe_number++;
3056			if (is_array($dnpipe['queue'])) {
3057			foreach ($dnpipe['queue'] as $qidx => $dnqueue) {
3058			$config['dnshaper']['queue'][$idx]['queue'][$qidx]['number'] = $dnqueue_number;
3059			$dnqueue_number++;
3060			}
3061			}
3062			}
3063
3064			unset($dnqueue_number, $dnpipe_number, $qidx, $idx, $dnpipe, $dnqueue);
3065
3066	34823356	Phil Davis	if (!is_array($config['filter']) \|\| !is_array($config['filter']['rule'])) {
3067			return;
3068			}
3069
3070	85a236e9	Ermal	require_once("shaper.inc");
3071			read_dummynet_config();
3072
3073	628306af	Ermal	$dn_list = array();
3074	2d563280	Renato Botelho	if (is_array($dummynet_pipe_list)) {
3075			foreach ($dummynet_pipe_list as $dn) {
3076			$tmplist =& $dn->get_queue_list();
3077			foreach ($tmplist as $qname => $link) {
3078			$dn_list[$link] = $qname;
3079			}
3080			}
3081	17640b28	Ermal	unset($dummynet_pipe_list);
3082	2d563280	Renato Botelho	}
3083	628306af	Ermal
3084	85a236e9	Ermal	foreach ($config['filter']['rule'] as $idx => $rule) {
3085			if (!empty($rule['dnpipe'])) {
3086	751533a2	Phil Davis	if (!empty($dn_list[$rule['dnpipe']])) {
3087	628306af	Ermal	$config['filter']['rule'][$idx]['dnpipe'] = $dn_list[$rule['dnpipe']];
3088	751533a2	Phil Davis	}
3089	85a236e9	Ermal	}
3090			if (!empty($rule['pdnpipe'])) {
3091	751533a2	Phil Davis	if (!empty($dn_list[$rule['pdnpipe']])) {
3092	628306af	Ermal	$config['filter']['rule'][$idx]['pdnpipe'] = $dn_list[$rule['pdnpipe']];
3093	751533a2	Phil Davis	}
3094	85a236e9	Ermal	}
3095			}
3096			}
3097	7530177c	jim-p	function upgrade_087_to_088() {
3098			global $config;
3099			if (isset($config['system']['glxsb_enable'])) {
3100			unset($config['system']['glxsb_enable']);
3101			$config['system']['crypto_hardware'] = "glxsb";
3102			}
3103			}
3104	36f6ed35	bcyrill
3105			function upgrade_088_to_089() {
3106	2d563280	Renato Botelho	global $config;
3107	751533a2	Phil Davis	if (!is_array($config['ca'])) {
3108	2d563280	Renato Botelho	$config['ca'] = array();
3109	751533a2	Phil Davis	}
3110			if (!is_array($config['cert'])) {
3111	2d563280	Renato Botelho	$config['cert'] = array();
3112	751533a2	Phil Davis	}
3113	2d563280	Renato Botelho
3114	f416763b	Phil Davis	/* migrate captive portal ssl to certificate manager */
3115	2d563280	Renato Botelho	if (is_array($config['captiveportal'])) {
3116			foreach ($config['captiveportal'] as $id => &$setting) {
3117			if (isset($setting['httpslogin'])) {
3118			/* create cert entry */
3119			$cert = array();
3120			$cert['refid'] = uniqid();
3121			$cert['descr'] = "Captive Portal Cert - {$setting['zone']}";
3122			$cert['crt'] = $setting['certificate'];
3123			$cert['prv'] = $setting['private-key'];
3124
3125			if (!empty($setting['cacertificate'])) {
3126			/* create ca entry */
3127			$ca = array();
3128			$ca['refid'] = uniqid();
3129			$ca['descr'] = "Captive Portal CA - {$setting['zone']}";
3130			$ca['crt'] = $setting['cacertificate'];
3131			$config['ca'][] = $ca;
3132
3133			/* add ca reference to certificate */
3134			$cert['caref'] = $ca['refid'];
3135			}
3136
3137			$config['cert'][] = $cert;
3138
3139			/* create cert reference */
3140			$setting['certref'] = $cert['refid'];
3141
3142			unset($setting['certificate']);
3143			unset($setting['private-key']);
3144			unset($setting['cacertificate']);
3145
3146			}
3147			}
3148			}
3149	36f6ed35	bcyrill	}
3150	2d563280	Renato Botelho
3151	6e9b046e	jim-p	function upgrade_089_to_090() {
3152			global $config;
3153			if (is_array($config['load_balancer']['virtual_server']) && count($config['load_balancer']['virtual_server'])) {
3154			$vs_a = &$config['load_balancer']['virtual_server'];
3155			for ($i = 0; isset($vs_a[$i]); $i++) {
3156			if (is_array($vs_a[$i]['pool'])) {
3157			$vs_a[$i]['poolname'] = $vs_a[$i]['pool'][0];
3158			unset($vs_a[$i]['pool']);
3159			} elseif (!empty($vs_a[$i]['pool'])) {
3160			$vs_a[$i]['poolname'] = $vs_a[$i]['pool'];
3161			unset($vs_a[$i]['pool']);
3162			}
3163			}
3164			}
3165			}
3166	c9ba2f8a	Ermal
3167			function upgrade_090_to_091() {
3168			global $config;
3169
3170			if (is_array($config['dnshaper']) && is_array($config['dnshaper']['queue'])) {
3171			foreach ($config['dnshaper']['queue'] as $idx => $dnqueue) {
3172			if (!empty($dnqueue['bandwidth'])) {
3173			$bw = array();
3174			$bw['bw'] = $dnqueue['bandwidth'];
3175			$bw['bwscale'] = $dnqueue['bandwidthtype'];
3176			$bw['bwsched'] = "none";
3177			$config['dnshaper']['queue'][$idx]['bandwidth'] = array();
3178			$config['dnshaper']['queue'][$idx]['bandwidth']['item'] = array();
3179			$config['dnshaper']['queue'][$idx]['bandwidth']['item'][] = $bw;
3180			}
3181			}
3182			}
3183			}
3184	e99ba2d6	Renato Botelho
3185			function upgrade_091_to_092() {
3186			global $config;
3187
3188	c6c398c6	jim-p	if (is_array($config['nat']['advancedoutbound']['rule'])) {
3189	e99ba2d6	Renato Botelho	$nat_rules = &$config['nat']['advancedoutbound']['rule'];
3190			for ($i = 0; isset($nat_rules[$i]); $i++) {
3191			if (empty($nat_rules[$i]['interface'])) {
3192			$nat_rules[$i]['interface'] = 'wan';
3193			}
3194			}
3195			}
3196			}
3197	2d563280	Renato Botelho
3198	cba9d7d9	Renato Botelho	function upgrade_092_to_093() {
3199			global $g;
3200
3201			$suffixes = array("concurrent", "loggedin");
3202
3203	751533a2	Phil Davis	foreach ($suffixes as $suffix) {
3204			if (file_exists("{$g['vardb_path']}/rrd/captiveportal-{$suffix}.rrd")) {
3205	cba9d7d9	Renato Botelho	rename("{$g['vardb_path']}/rrd/captiveportal-{$suffix}.rrd",
3206			"{$g['vardb_path']}/rrd/captiveportal-cpZone-{$suffix}.rrd");
3207	751533a2	Phil Davis	}
3208			}
3209	cba9d7d9	Renato Botelho
3210	751533a2	Phil Davis	if (!platform_booting()) {
3211	e546d2d1	Ermal LUÇI	enable_rrd_graphing();
3212	751533a2	Phil Davis	}
3213	cba9d7d9	Renato Botelho	}
3214
3215	6015f75b	N0YB	function upgrade_093_to_094() {
3216			global $config;
3217
3218			if (isset($config['system']['powerd_mode'])) {
3219			$config['system']['powerd_ac_mode'] = $config['system']['powerd_mode'];
3220			$config['system']['powerd_battery_mode'] = $config['system']['powerd_mode'];
3221			unset($config['system']['powerd_mode']);
3222			}
3223			}
3224
3225	02203e6d	Renato Botelho	function upgrade_094_to_095() {
3226			global $config;
3227
3228	751533a2	Phil Davis	if (!isset($config['interfaces']) \|\| !is_array($config['interfaces'])) {
3229	02203e6d	Renato Botelho	return;
3230	751533a2	Phil Davis	}
3231	02203e6d	Renato Botelho
3232	751533a2	Phil Davis	foreach ($config['interfaces'] as $iface => $cfg) {
3233			if (isset($cfg['ipaddrv6']) && ($cfg['ipaddrv6'] == "track6")) {
3234			if (!isset($cfg['track6-prefix-id']) \|\| ($cfg['track6-prefix-id'] == "")) {
3235	02203e6d	Renato Botelho	$config['interfaces'][$iface]['track6-prefix-id'] = 0;
3236	751533a2	Phil Davis	}
3237			}
3238			}
3239	02203e6d	Renato Botelho	}
3240
3241	fa3b33a5	Renato Botelho	function upgrade_095_to_096() {
3242			global $config, $g;
3243
3244			$names = array("inpass", "outpass", "inblock", "outblock",
3245			"inpass6", "outpass6", "inblock6", "outblock6");
3246			$rrddbpath = "/var/db/rrd";
3247			$rrdtool = "/usr/local/bin/rrdtool";
3248
3249			/* Assume 210GigE for now /
3250			$stream = 2500000000;
3251
3252			/* build a list of traffic and packets databases */
3253			$databases = return_dir_as_array($rrddbpath, '/-(traffic\|packets)\.rrd$/');
3254			rsort($databases);
3255	751533a2	Phil Davis	foreach ($databases as $database) {
3256			if (platform_booting()) {
3257	fa3b33a5	Renato Botelho	echo "Update RRD database {$database}.\n";
3258	751533a2	Phil Davis	}
3259	fa3b33a5	Renato Botelho
3260			$cmd = "{$rrdtool} tune {$rrddbpath}/{$database}";
3261	751533a2	Phil Davis	foreach ($names as $name) {
3262	fa3b33a5	Renato Botelho	$cmd .= " -a {$name}:{$stream}";
3263	751533a2	Phil Davis	}
3264	fa3b33a5	Renato Botelho	mwexec("{$cmd} 2>&1");
3265
3266			}
3267	751533a2	Phil Davis	if (!platform_booting()) {
3268	e546d2d1	Ermal LUÇI	enable_rrd_graphing();
3269	751533a2	Phil Davis	}
3270	42ec9337	Renato Botelho	/* Let's save the RRD graphs after we run enable RRD graphing */
3271			/* The function will restore the rrd.tgz so we will save it after */
3272	1289c0c1	Renato Botelho	exec("cd /; LANG=C RRDDBPATH='{$rrddbpath}' CF_CONF_PATH='{$g['cf_conf_path']}' /etc/rc.backup_rrd.sh");
3273	fa3b33a5	Renato Botelho	}
3274
3275	1cf24f0a	jim-p	function upgrade_096_to_097() {
3276			global $config, $g;
3277			/* If the user had disabled default block rule logging before, then bogon/private network logging was already off, so respect their choice. */
3278			if (isset($config['syslog']['nologdefaultblock'])) {
3279			$config['syslog']['nologbogons'] = true;
3280			$config['syslog']['nologprivatenets'] = true;
3281			}
3282			}
3283	af0a477a	Renato Botelho
3284			function upgrade_097_to_098() {
3285	3756fd86	Chris Buechler	// no longer used (used to set kill_states)
3286			return;
3287	af0a477a	Renato Botelho	}
3288	67e5e3c6	Renato Botelho
3289			function upgrade_098_to_099() {
3290	a3cc1409	jim-p	global $config;
3291	759a6fcf	Ermal
3292	751533a2	Phil Davis	if (empty($config['dhcpd']) \|\| !is_array($config['dhcpd'])) {
3293	759a6fcf	Ermal	return;
3294	751533a2	Phil Davis	}
3295	759a6fcf	Ermal
3296	a3cc1409	jim-p	foreach ($config['dhcpd'] as & $dhcpifconf) {
3297			if (isset($dhcpifconf['next-server'])) {
3298			$dhcpifconf['nextserver'] = $dhcpifconf['next-server'];
3299	aa0753e3	jim-p	unset($dhcpifconf['next-server']);
3300	a3cc1409	jim-p	}
3301			}
3302			}
3303
3304			function upgrade_099_to_100() {
3305			require_once("/etc/inc/services.inc");
3306	b2bb4970	jim-p	/* See #7146 for detail on why the extra parameters are needed for the time being. */
3307			install_cron_job("/usr/bin/nice -n20 newsyslog", false, null, null, null, null, null, null, false);
3308	a3cc1409	jim-p	}
3309
3310	20dad315	Ermal	function upgrade_100_to_101() {
3311			global $config, $g;
3312
3313	751533a2	Phil Davis	if (!is_array($config['voucher'])) {
3314	20dad315	Ermal	return;
3315	751533a2	Phil Davis	}
3316	20dad315	Ermal
3317			foreach ($config['voucher'] as $cpzone => $cp) {
3318	751533a2	Phil Davis	if (!is_array($cp['roll'])) {
3319	20dad315	Ermal	continue;
3320	751533a2	Phil Davis	}
3321	20dad315	Ermal	foreach ($cp['roll'] as $ridx => $rcfg) {
3322	751533a2	Phil Davis	if (!empty($rcfg['comment'])) {
3323	20dad315	Ermal	$config['voucher'][$cpzone]['roll'][$ridx]['descr'] = $rcfg['comment'];
3324	751533a2	Phil Davis	}
3325	20dad315	Ermal	}
3326			}
3327			}
3328
3329	eae91304	Ermal	function upgrade_101_to_102() {
3330	67e5e3c6	Renato Botelho	global $config, $g;
3331
3332	ee34e137	Phil Davis	if (is_array($config['captiveportal'])) {
3333			foreach ($config['captiveportal'] as $cpzone => $cp) {
3334	751533a2	Phil Davis	if (!is_array($cp['passthrumac'])) {
3335	ee34e137	Phil Davis	continue;
3336	751533a2	Phil Davis	}
3337	67e5e3c6	Renato Botelho
3338	751533a2	Phil Davis	foreach ($cp['passthrumac'] as $idx => $passthrumac) {
3339	ee34e137	Phil Davis	$config['captiveportal'][$cpzone]['passthrumac'][$idx]['action'] = 'pass';
3340	751533a2	Phil Davis	}
3341	ee34e137	Phil Davis	}
3342	67e5e3c6	Renato Botelho	}
3343	edba1982	jim-p
3344	eae91304	Ermal	/* Convert OpenVPN Compression option to the new style */
3345	edba1982	jim-p	// Nothing to do if there is no OpenVPN tag
3346	ee34e137	Phil Davis	if (isset($config['openvpn']) && is_array($config['openvpn'])) {
3347			if (is_array($config['openvpn']['openvpn-server'])) {
3348			foreach ($config['openvpn']['openvpn-server'] as &$vpn) {
3349	751533a2	Phil Davis	if (!empty($vpn['compression'])) {
3350	ee34e137	Phil Davis	$vpn['compression'] = "adaptive";
3351	751533a2	Phil Davis	}
3352	ee34e137	Phil Davis	}
3353	edba1982	jim-p	}
3354	ee34e137	Phil Davis	if (is_array($config['openvpn']['openvpn-client'])) {
3355			foreach ($config['openvpn']['openvpn-client'] as &$vpn) {
3356	751533a2	Phil Davis	if (!empty($vpn['compression'])) {
3357	ee34e137	Phil Davis	$vpn['compression'] = "adaptive";
3358	751533a2	Phil Davis	}
3359	ee34e137	Phil Davis	}
3360	edba1982	jim-p	}
3361			}
3362			}
3363	eef01b14	Renato Botelho
3364			function upgrade_102_to_103() {
3365			global $config;
3366
3367			if (isset($config['nat']['advancedoutbound']['enable'])) {
3368			$config['nat']['advancedoutbound']['mode'] = "advanced";
3369			unset($config['nat']['advancedoutbound']['enable']);
3370	751533a2	Phil Davis	} else {
3371	eef01b14	Renato Botelho	$config['nat']['advancedoutbound']['mode'] = "automatic";
3372	751533a2	Phil Davis	}
3373	eef01b14	Renato Botelho
3374			$config['nat']['outbound'] = $config['nat']['advancedoutbound'];
3375
3376	fa6e5ba5	Phil Davis	if (isset($config['nat']['ipsecpassthru'])) {
3377			unset($config['nat']['ipsecpassthru']);
3378			}
3379			if (isset($config['nat']['advancedoutbound'])) {
3380			unset($config['nat']['advancedoutbound']);
3381			}
3382	eef01b14	Renato Botelho	}
3383
3384	7997ed44	Renato Botelho	function upgrade_103_to_104() {
3385			global $config;
3386
3387			$changed_privs = array(
3388			"page-diag-system-activity" => "page-diagnostics-system-activity",
3389			"page-interfacess-groups" => "page-interfaces-groups",
3390			"page-interfacess-lagg" => "page-interfaces-lagg",
3391			"page-interfacess-qinq" => "page-interfaces-qinq"
3392			);
3393
3394			/* update user privileges */
3395			foreach ($config['system']['user'] as & $user) {
3396	751533a2	Phil Davis	if (!is_array($user['priv'])) {
3397	7997ed44	Renato Botelho	continue;
3398	751533a2	Phil Davis	}
3399	7997ed44	Renato Botelho	foreach ($user['priv'] as & $priv) {
3400	751533a2	Phil Davis	if (array_key_exists($priv, $changed_privs)) {
3401	7997ed44	Renato Botelho	$priv = $changed_privs[$priv];
3402	751533a2	Phil Davis	}
3403	7997ed44	Renato Botelho	}
3404			}
3405
3406			/* update group privileges */
3407			foreach ($config['system']['group'] as & $group) {
3408	751533a2	Phil Davis	if (!is_array($group['priv'])) {
3409	7997ed44	Renato Botelho	continue;
3410	751533a2	Phil Davis	}
3411	7997ed44	Renato Botelho	foreach ($group['priv'] as & $priv) {
3412	751533a2	Phil Davis	if (array_key_exists($priv, $changed_privs)) {
3413	7997ed44	Renato Botelho	$priv = $changed_privs[$priv];
3414	751533a2	Phil Davis	}
3415	7997ed44	Renato Botelho	}
3416			}
3417
3418			/* sync all local account information */
3419	79f7bc7f	Renato Botelho	local_reset_accounts();
3420	7997ed44	Renato Botelho	}
3421
3422	0a806969	Ermal	function upgrade_104_to_105() {
3423			global $config;
3424
3425			if (is_array($config['captiveportal'])) {
3426			$zoneid = 2;
3427			foreach ($config['captiveportal'] as $cpzone => $cpcfg) {
3428	55fae310	Phil Davis	if (empty($cpcfg['zoneid'])) {
3429	0a806969	Ermal	$config['captiveportal'][$cpzone]['zoneid'] = $zoneid;
3430			$zoneid += 2;
3431			} else if ($cpcfg['zoneid'] > 4000) {
3432			$config['captiveportal'][$cpzone]['zoneid'] = $zoneid;
3433			$zoneid += 2;
3434			}
3435			}
3436			}
3437			}
3438
3439	e7d35d84	Ermal	function upgrade_105_to_106() {
3440	374f8c51	NewEraCracker	/* NOTE: This upgrade code was reverted. See redmine ticket #3967 and
3441			https://github.com/pfsense/pfsense/commit/6f55af1c25f5232ffe905a90f5f97aad4c87bdfa */
3442	e7d35d84	Ermal	}
3443
3444	31dce430	Ermal	function upgrade_106_to_107() {
3445			global $config;
3446
3447			if (is_array($config['filter']) && is_array($config['filter']['rule'])) {
3448			$tracker = (int)microtime(true);
3449			foreach ($config['filter']['rule'] as $ridx => $rule) {
3450			if (empty($rule['tracker'])) {
3451			$config['filter']['rule'][$ridx]['tracker'] = $tracker;
3452			$tracker++;
3453			}
3454			}
3455			unset($tracker, $ridx);
3456			}
3457			if (is_array($config['nat']) && is_array($config['nat']['rule'])) {
3458			$tracker = (int)microtime(true);
3459			foreach ($config['nat']['rule'] as $ridx => $rule) {
3460			if (empty($rule['tracker'])) {
3461			$config['nat']['rule'][$ridx]['tracker'] = $tracker;
3462			$tracker++;
3463			}
3464			}
3465			unset($tracker, $ridx);
3466			}
3467			}
3468
3469	08f30320	Renato Botelho	function upgrade_107_to_108() {
3470			global $config;
3471
3472	751533a2	Phil Davis	if (isset($config['system']['webgui']['noautocomplete'])) {
3473	08f30320	Renato Botelho	unset($config['system']['webgui']['noautocomplete']);
3474	751533a2	Phil Davis	} else {
3475	08f30320	Renato Botelho	$config['system']['webgui']['loginautocomplete'] = true;
3476	751533a2	Phil Davis	}
3477	08f30320	Renato Botelho	}
3478
3479	c15b5ed8	Renato Botelho	function upgrade_108_to_109() {
3480			global $config;
3481
3482	751533a2	Phil Davis	if (!isset($config['filter']['rule']) \|\| !is_array($config['filter']['rule'])) {
3483	c15b5ed8	Renato Botelho	return;
3484	751533a2	Phil Davis	}
3485	c15b5ed8	Renato Botelho
3486			foreach ($config['filter']['rule'] as &$rule) {
3487	751533a2	Phil Davis	if (!isset($rule['dscp']) \|\| empty($rule['dscp'])) {
3488	c15b5ed8	Renato Botelho	continue;
3489	751533a2	Phil Davis	}
3490	c15b5ed8	Renato Botelho
3491			$pos = strpos($rule['dscp'], ' ');
3492	751533a2	Phil Davis	if ($pos !== false) {
3493	c15b5ed8	Renato Botelho	$rule['dscp'] = substr($rule['dscp'], 0, $pos);
3494	751533a2	Phil Davis	}
3495	c15b5ed8	Renato Botelho	unset($pos);
3496			}
3497			}
3498
3499	9b915686	Ermal	function upgrade_109_to_110() {
3500			global $config;
3501
3502	751533a2	Phil Davis	if (!is_array($config['ipsec']) \|\| !is_array($config['ipsec']['phase2'])) {
3503	9b915686	Ermal	return;
3504	751533a2	Phil Davis	}
3505	9b915686	Ermal
3506			foreach ($config['ipsec']['phase2'] as &$rule) {
3507	751533a2	Phil Davis	if (!empty($rule['uniqid'])) {
3508	9b915686	Ermal	continue;
3509	751533a2	Phil Davis	}
3510	9b915686	Ermal
3511			$rule['uniqid'] = uniqid();
3512			}
3513			}
3514
3515	3f257101	Renato Botelho	function upgrade_110_to_111() {
3516			global $config;
3517
3518	bdbb4dba	Renato Botelho	/* Make sure unbound user exist */
3519			mwexec('/usr/sbin/pw groupadd -n unbound -g 59', true);
3520			mwexec('/usr/sbin/pw useradd -n unbound -c "Unbound DNS Resolver" -d /var/unbound -s /usr/sbin/nologin -u 59 -g 59', true);
3521
3522	c11b7ffe	Renato Botelho	/* cleanup old unbound package stuffs */
3523			unlink_if_exists("/usr/local/pkg/unbound.xml");
3524			unlink_if_exists("/usr/local/pkg/unbound.inc");
3525			unlink_if_exists("/usr/local/pkg/unbound_advanced.xml");
3526			unlink_if_exists("/usr/local/www/unbound_status.php");
3527			unlink_if_exists("/usr/local/www/unbound_acls.php");
3528			unlink_if_exists("/usr/local/bin/unbound_monitor.sh");
3529	b4db2d0e	Renato Botelho	unlink_if_exists("/usr/local/etc/rc.d/unbound.sh");
3530	c11b7ffe	Renato Botelho
3531			/* Remove old menu and service entries */
3532			if (isset($config['installedpackages']['menu']) && is_array($config['installedpackages']['menu'])) {
3533			foreach ($config['installedpackages']['menu'] as $idx => $menu) {
3534	751533a2	Phil Davis	if ($menu['name'] != 'Unbound DNS') {
3535	c11b7ffe	Renato Botelho	continue;
3536	751533a2	Phil Davis	}
3537	c11b7ffe	Renato Botelho
3538			unset($config['installedpackages']['menu'][$idx]);
3539			break;
3540			}
3541			}
3542
3543			if (isset($config['installedpackages']['service']) && is_array($config['installedpackages']['service'])) {
3544			foreach ($config['installedpackages']['service'] as $idx => $service) {
3545	751533a2	Phil Davis	if ($service['name'] != 'unbound') {
3546	c11b7ffe	Renato Botelho	continue;
3547	751533a2	Phil Davis	}
3548	c11b7ffe	Renato Botelho	unset($config['installedpackages']['service'][$idx]);
3549			break;
3550			}
3551			}
3552
3553	751533a2	Phil Davis	if (!isset($config['installedpackages']['unbound']['config'][0])) {
3554	3f257101	Renato Botelho	return;
3555	751533a2	Phil Davis	}
3556	3f257101	Renato Botelho
3557			$pkg = $config['installedpackages']['unbound']['config'][0];
3558
3559	751533a2	Phil Davis	if (isset($config['installedpackages']['unboundadvanced']['config'][0])) {
3560	3f257101	Renato Botelho	$pkg = array_merge($pkg, $config['installedpackages']['unboundadvanced']['config'][0]);
3561	751533a2	Phil Davis	}
3562	3f257101	Renato Botelho
3563			$new = array();
3564
3565			/* deal first with boolean fields */
3566			$fields = array(
3567			"enable" => "enable",
3568			"dnssec_status" => "dnssec",
3569			"forwarding_mode" => "forwarding",
3570			"regdhcp" => "regdhcp",
3571			"regdhcpstatic" => "regdhcpstatic",
3572			"txtsupport" => "txtsupport",
3573			"hide_id" => "hideidentity",
3574			"hide_version" => "hideversion",
3575			"prefetch" => "prefetch",
3576			"prefetch_key" => "prefetchkey",
3577			"harden_glue" => "hardenglue",
3578			"harden_dnssec_stripped" => "dnssec_stripped");
3579
3580			foreach ($fields as $oldk => $newk) {
3581			if (isset($pkg[$oldk])) {
3582	751533a2	Phil Davis	if ($pkg[$oldk] == 'on') {
3583	3f257101	Renato Botelho	$new[$newk] = true;
3584	751533a2	Phil Davis	}
3585	3f257101	Renato Botelho	unset($pkg[$oldk]);
3586			}
3587			}
3588
3589			$fields = array(
3590			"active_interface" => "network_interface",
3591			"query_interface" => "outgoing_interface",
3592			"unbound_verbosity" => "log_verbosity",
3593			"msg_cache_size" => "msgcachesize",
3594			"outgoing_num_tcp" => "outgoing_num_tcp",
3595			"incoming_num_tcp" => "incoming_num_tcp",
3596			"edns_buffer_size" => "edns_buffer_size",
3597			"num_queries_per_thread" => "num_queries_per_thread",
3598			"jostle_timeout" => "jostle_timeout",
3599			"cache_max_ttl" => "cache_max_ttl",
3600			"cache_min_ttl" => "cache_min_ttl",
3601			"infra_host_ttl" => "infra_host_ttl",
3602			"infra_cache_numhosts" => "infra_cache_numhosts",
3603			"unwanted_reply_threshold" => "unwanted_reply_threshold",
3604			"custom_options" => "custom_options");
3605
3606			foreach ($fields as $oldk => $newk) {
3607			if (isset($pkg[$oldk])) {
3608			$new[$newk] = $pkg[$oldk];
3609			unset($pkg[$oldk]);
3610			}
3611			}
3612
3613	751533a2	Phil Davis	if (isset($new['custom_options']) && !empty($new['custom_options'])) {
3614	fbf3d06e	Renato Botelho	$new['custom_options'] = str_replace("\r\n", "\n", $new['custom_options']);
3615	751533a2	Phil Davis	}
3616	c23f4d8f	Renato Botelho
3617	3f257101	Renato Botelho	/* Following options were removed, bring them as custom_options */
3618			if (isset($pkg['stats']) && $pkg['stats'] == "on") {
3619	751533a2	Phil Davis	if (isset($pkg['stats_interval'])) {
3620	387ab31a	Renato Botelho	$new['custom_options'] .= (empty($new['custom_options']) ? "" : "\n") . "statistics-interval: {$pkg['stats_interval']}";
3621	751533a2	Phil Davis	}
3622			if (isset($pkg['cumulative_stats'])) {
3623	387ab31a	Renato Botelho	$new['custom_options'] .= (empty($new['custom_options']) ? "" : "\n") . "statistics-cumulative: {$pkg['cumulative_stats']}";
3624	751533a2	Phil Davis	}
3625			if (isset($pkg['extended_stats']) && $pkg['extended_stats'] == "on") {
3626	387ab31a	Renato Botelho	$new['custom_options'] .= (empty($new['custom_options']) ? "" : "\n") . "extended-statistics: yes";
3627	751533a2	Phil Davis	} else {
3628	387ab31a	Renato Botelho	$new['custom_options'] .= (empty($new['custom_options']) ? "" : "\n") . "extended-statistics: no";
3629	751533a2	Phil Davis	}
3630	3f257101	Renato Botelho	}
3631
3632			$new['acls'] = array();
3633			if (isset($config['installedpackages']['unboundacls']['config']) &&
3634			is_array($config['installedpackages']['unboundacls']['config'])) {
3635	751533a2	Phil Davis	foreach ($config['installedpackages']['unboundacls']['config'] as $acl) {
3636	3f257101	Renato Botelho	$new['acls'][] = $acl;
3637	751533a2	Phil Davis	}
3638	3f257101	Renato Botelho	}
3639
3640			$config['unbound'] = $new;
3641
3642	751533a2	Phil Davis	if (isset($config['installedpackages']['unbound'])) {
3643	3f257101	Renato Botelho	unset($config['installedpackages']['unbound']);
3644	751533a2	Phil Davis	}
3645			if (isset($config['installedpackages']['unboundadvanced'])) {
3646	3f257101	Renato Botelho	unset($config['installedpackages']['unboundadvanced']);
3647	751533a2	Phil Davis	}
3648			if (isset($config['installedpackages']['unboundacls'])) {
3649	3f257101	Renato Botelho	unset($config['installedpackages']['unboundacls']);
3650	751533a2	Phil Davis	}
3651	3f257101	Renato Botelho
3652			unset($pkg, $new);
3653			}
3654
3655	b0885c5a	Renato Botelho	function upgrade_111_to_112() {
3656			global $config;
3657
3658			$config['cron']['item'][] = array(
3659			'minute' => '*/60',
3660			'hour' => '*',
3661			'mday' => '*',
3662			'month' => '*',
3663			'wday' => '*',
3664			'who' => 'root',
3665			'command' => '/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout'
3666			);
3667			}
3668
3669	ccf30846	Renato Botelho	function upgrade_112_to_113() {
3670			global $config;
3671
3672	fa6e5ba5	Phil Davis	if (isset($config['notifications']['smtp']['ssl'])) {
3673			if ($config['notifications']['smtp']['ssl'] == "checked") {
3674			$config['notifications']['smtp']['ssl'] = true;
3675			} else {
3676			unset($config['notifications']['smtp']['ssl']);
3677			}
3678	751533a2	Phil Davis	}
3679	ccf30846	Renato Botelho
3680	fa6e5ba5	Phil Davis	if (isset($config['notifications']['smtp']['tls'])) {
3681			if ($config['notifications']['smtp']['tls'] == "checked") {
3682			$config['notifications']['smtp']['tls'] = true;
3683			} else {
3684			unset($config['notifications']['smtp']['tls']);
3685			}
3686	751533a2	Phil Davis	}
3687	ccf30846	Renato Botelho	}
3688
3689	368d4910	Renato Botelho	function upgrade_113_to_114() {
3690			global $config;
3691
3692			if (!isset($config['ipsec']['phase1']) \|\|
3693	751533a2	Phil Davis	!is_array($config['ipsec']['phase1'])) {
3694	368d4910	Renato Botelho	return;
3695	751533a2	Phil Davis	}
3696	368d4910	Renato Botelho
3697	751533a2	Phil Davis	foreach ($config['ipsec']['phase1'] as &$ph1ent) {
3698			if (!isset($ph1ent['iketype'])) {
3699	368d4910	Renato Botelho	$ph1ent['iketype'] = 'ikev1';
3700	751533a2	Phil Davis	}
3701			}
3702	368d4910	Renato Botelho	}
3703
3704	cfb5073f	Renato Botelho	function upgrade_114_to_115() {
3705			global $config;
3706
3707	751533a2	Phil Davis	if (isset($config['unbound']['custom_options'])) {
3708	cfb5073f	Renato Botelho	$config['unbound']['custom_options'] = base64_encode($config['unbound']['custom_options']);
3709	751533a2	Phil Davis	}
3710	cfb5073f	Renato Botelho	}
3711
3712	1fe208ec	Ermal LUÇI	function upgrade_115_to_116() {
3713			global $config;
3714
3715	751533a2	Phil Davis	if (!is_array($config['ipsec']) \|\| !is_array($config['ipsec']['phase2'])) {
3716			return;
3717			}
3718	1fe208ec	Ermal LUÇI
3719	751533a2	Phil Davis	$keyid = 1;
3720			foreach ($config['ipsec']['phase2'] as $idx => $ph2) {
3721			$config['ipsec']['phase2'][$idx]['reqid'] = $keyid;
3722	1fe208ec	Ermal LUÇI	$keyid++;
3723			}
3724			}
3725
3726	b997da8b	xbipin	function upgrade_116_to_117() {
3727	751533a2	Phil Davis	global $config;
3728	b997da8b	xbipin
3729	877740ee	Renato Botelho	if (!isset($config['ipsec']['client']) \|\|
3730			!isset($config['ipsec']['client']['dns_split']) \|\|
3731			empty($config['ipsec']['client']['dns_split'])) {
3732			return;
3733			}
3734
3735			$config['ipsec']['client']['dns_split'] =
3736			preg_replace('/\s,\s/', ' ', trim($config['ipsec']['client']['dns_split']));
3737	74eaabbb	Ermal LUÇI
3738	877740ee	Renato Botelho	}
3739
3740			function upgrade_117_to_118() {
3741			global $config;
3742
3743	564f1356	Phil Davis	// Unset any old CA and Cert in the system section that might still be there from when upgrade_066_to_067 did not unset them.
3744			if (isset($config['system']['ca'])) {
3745			unset($config['system']['ca']);
3746			}
3747			if (isset($config['system']['cert'])) {
3748			unset($config['system']['cert']);
3749			}
3750
3751	c6c398c6	jim-p	init_config_arr(array('ipsec', 'phase1'));
3752			$a_phase1 = &$config['ipsec']['phase1'];
3753	faaab088	Renato Botelho
3754			foreach ($a_phase1 as &$ph1_entry) {
3755	6990ad35	Phil Davis	// update asn1dn strings from racoon's format to strongswan's
3756	faaab088	Renato Botelho	if (isset($ph1_entry['myid_type']) && $ph1_entry['myid_type'] == 'asn1dn') {
3757			$ph1_entry['myid_data'] =
3758			preg_replace('/\/\semailAddress\s=\s*/', ', E=', $ph1_entry['myid_data']);
3759			}
3760			if (isset($ph1_entry['peerid_type']) && $ph1_entry['peerid_type'] == 'asn1dn') {
3761			$ph1_entry['peerid_data'] =
3762			preg_replace('/\/\semailAddress\s=\s*/', ', E=', $ph1_entry['peerid_data']);
3763			}
3764			}
3765			}
3766
3767			function upgrade_118_to_119() {
3768			global $config;
3769
3770	0538cfa2	jim-p	if (!isset($config['ipsec']['phase1'])) {
3771			return;
3772			}
3773	2da055f0	Chris Buechler
3774	8691632c	Chris Buechler	// change peerid_type to 'any' for EAP types to retain previous behavior of omitting rightid
3775	c6c398c6	jim-p	init_config_arr(array('ipsec', 'phase1'));
3776			$a_phase1 = &$config['ipsec']['phase1'];
3777	8691632c	Chris Buechler
3778			foreach ($a_phase1 as &$ph1_entry) {
3779			if (strstr($ph1_entry['authentication_method'], 'eap')) {
3780	6990ad35	Phil Davis	$ph1_entry['peerid_type'] = "any";
3781	8691632c	Chris Buechler	}
3782			}
3783			}
3784
3785			function upgrade_119_to_120() {
3786	5d714d9c	jim-p	require_once("ipsec.inc");
3787	c53e411f	Matt Smith	global $config, $ipsec_log_cats;
3788
3789			if (!is_array($config['ipsec'])) {
3790			return;
3791			}
3792
3793			// add 1 to configured log levels as part of redmine #5340
3794			foreach ($ipsec_log_cats as $lkey => $ldescr) {
3795			if (isset($config['ipsec']["ipsec_{$lkey}"])) {
3796			$config['ipsec']["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"] + 1;
3797			}
3798			}
3799
3800			}
3801
3802
3803			function upgrade_120_to_121() {
3804	8691632c	Chris Buechler	global $config;
3805
3806	751533a2	Phil Davis	if (!isset($config['installedpackages']['miniupnpd']['config'][0])) {
3807	ee874f47	xbipin	return;
3808	751533a2	Phil Davis	}
3809	b997da8b	xbipin
3810	c6c398c6	jim-p	$miniupnpd = &$config['installedpackages']['miniupnpd']['config'][0];
3811	b997da8b	xbipin
3812	ee874f47	xbipin	$miniupnpd['row'] = array();
3813	b997da8b	xbipin
3814	ee874f47	xbipin	for ($i = 1; $i <= 4; $i++) {
3815	751533a2	Phil Davis	if (isset($miniupnpd["permuser{$i}"]) && !empty($miniupnpd["permuser{$i}"])) {
3816	ee874f47	xbipin	$miniupnpd['row'][] = array('permuser' => $miniupnpd["permuser{$i}"]);
3817	751533a2	Phil Davis	}
3818	ee874f47	xbipin	unset($miniupnpd["permuser{$i}"]);
3819			}
3820	b997da8b	xbipin	}
3821	751533a2	Phil Davis
3822	c53e411f	Matt Smith	function upgrade_121_to_122() {
3823	8e717058	Jim Thompson	global $config;
3824			foreach ($config['system']['user'] as &$user) {
3825			if (isset($user['nt-hash'])) {
3826			unset($user['nt-hash']);
3827			}
3828			}
3829			}
3830
3831	c53e411f	Matt Smith	function upgrade_122_to_123() {
3832	c9d46a8e	Renato Botelho	global $config;
3833
3834			// PPTP server was removed
3835			if (isset($config['pptpd'])) {
3836			unset($config['pptpd']);
3837			}
3838
3839			// Cleanup firewall rules
3840			if (isset($config['filter']['rule']) && is_array($config['filter']['rule'])) {
3841	c6c398c6	jim-p	$rules = &$config['filter']['rule'];
3842	c9d46a8e	Renato Botelho	$last_rule = count($rules) - 1;
3843			// Process in reverse order to be able to unset items
3844			for ($i = $last_rule; $i >= 0; $i--) {
3845	2975a608	Renato Botelho	if (isset($rules[$i]['interface']) && $rules[$i]['interface'] == 'pptp') {
3846			unset($config['filter']['rule'][$i]);
3847	c9d46a8e	Renato Botelho	continue;
3848			}
3849	2975a608	Renato Botelho	if (isset($rules[$i]['source']['network']) && $rules[$i]['source']['network'] == 'pptp') {
3850			unset($config['filter']['rule'][$i]);
3851	c9d46a8e	Renato Botelho	continue;
3852			}
3853	2975a608	Renato Botelho	if (isset($rules[$i]['destination']['network']) && $rules[$i]['destination']['network'] == 'pptp') {
3854			unset($config['filter']['rule'][$i]);
3855	c9d46a8e	Renato Botelho	continue;
3856			}
3857			}
3858			}
3859
3860			// Cleanup 1:1 NAT rules
3861			if (isset($config['nat']['onetoone']) && is_array($config['nat']['onetoone'])) {
3862	c6c398c6	jim-p	$onetoone = &$config['nat']['onetoone'];
3863	2975a608	Renato Botelho	$last_rule = count($onetoone) - 1;
3864	c9d46a8e	Renato Botelho	// Process in reverse order to be able to unset items
3865			for ($i = $last_rule; $i >= 0; $i--) {
3866	2975a608	Renato Botelho	if (isset($onetoone[$i]['interface']) && $onetoone[$i]['interface'] == 'pptp') {
3867			unset($config['nat']['onetoone'][$i]);
3868	c9d46a8e	Renato Botelho	continue;
3869			}
3870	2975a608	Renato Botelho	if (isset($onetoone[$i]['source']['network']) && $onetoone[$i]['source']['network'] == 'pptp') {
3871			unset($config['nat']['onetoone'][$i]);
3872	c9d46a8e	Renato Botelho	continue;
3873			}
3874	2975a608	Renato Botelho	if (isset($onetoone[$i]['destination']['network']) && $onetoone[$i]['destination']['network'] == 'pptp') {
3875			unset($config['nat']['onetoone'][$i]);
3876	c9d46a8e	Renato Botelho	continue;
3877			}
3878			}
3879			}
3880
3881			// Cleanup npt NAT rules
3882			if (isset($config['nat']['npt']) && is_array($config['nat']['npt'])) {
3883	c6c398c6	jim-p	$npt = &$config['nat']['npt'];
3884	c9d46a8e	Renato Botelho	$last_rule = count($npt) - 1;
3885			// Process in reverse order to be able to unset items
3886			for ($i = $last_rule; $i >= 0; $i--) {
3887	2975a608	Renato Botelho	if (isset($npt[$i]['interface']) && $npt[$i]['interface'] == 'pptp') {
3888			unset($config['nat']['npt'][$i]);
3889	c9d46a8e	Renato Botelho	continue;
3890			}
3891			}
3892			}
3893
3894			// Cleanup Port-forward NAT rules
3895			if (isset($config['nat']['rule']) && is_array($config['nat']['rule'])) {
3896	c6c398c6	jim-p	$nat_rules = &$config['nat']['rule'];
3897	c9d46a8e	Renato Botelho	$last_rule = count($nat_rules) - 1;
3898			// Process in reverse order to be able to unset items
3899			for ($i = $last_rule; $i >= 0; $i--) {
3900	2975a608	Renato Botelho	if (isset($nat_rules[$i]['interface']) && $nat_rules[$i]['interface'] == 'pptp') {
3901			unset($config['nat']['rule'][$i]);
3902	c9d46a8e	Renato Botelho	continue;
3903			}
3904	2975a608	Renato Botelho	if (isset($nat_rules[$i]['source']['network']) && $nat_rules[$i]['source']['network'] == 'pptp') {
3905			unset($config['nat']['rule'][$i]);
3906	c9d46a8e	Renato Botelho	continue;
3907			}
3908	2975a608	Renato Botelho	if (isset($nat_rules[$i]['destination']['network']) && $nat_rules[$i]['destination']['network'] == 'pptp') {
3909			unset($config['nat']['rule'][$i]);
3910	c9d46a8e	Renato Botelho	continue;
3911			}
3912			}
3913			}
3914
3915			// Cleanup Port-forward NAT rules
3916			if (isset($config['nat']['outbound']['rule']) && is_array($config['nat']['outbound']['rule'])) {
3917	c6c398c6	jim-p	$out_rules = &$config['nat']['outbound']['rule'];
3918	c9d46a8e	Renato Botelho	$last_rule = count($out_rules) - 1;
3919			// Process in reverse order to be able to unset items
3920			for ($i = $last_rule; $i >= 0; $i--) {
3921	2975a608	Renato Botelho	if (isset($out_rules[$i]['interface']) && $out_rules[$i]['interface'] == 'pptp') {
3922			unset($config['nat']['outbound']['rule'][$i]);
3923	c9d46a8e	Renato Botelho	continue;
3924			}
3925			}
3926			}
3927			}
3928
3929	c53e411f	Matt Smith	function upgrade_123_to_124() {
3930	0cdb94e1	Renato Botelho	if (isset($config['system']['altpkgrepo'])) {
3931			unset($config['system']['altpkgrepo']);
3932			}
3933	cf093b35	Renato Botelho
3934			if (isset($config['theme'])) {
3935			unset($config['theme']);
3936			}
3937	0cdb94e1	Renato Botelho	}
3938
3939	c53e411f	Matt Smith	function upgrade_124_to_125() {
3940	b061a3c6	Matt Smith	global $config;
3941
3942			/* Find interfaces with WEP configured. */
3943			foreach ($config['interfaces'] as $ifname => $intf) {
3944			if (!is_array($intf['wireless'])) {
3945			continue;
3946			}
3947
3948			/* Generate a notice, disable interface, remove WEP settings */
3949			if (isset($intf['wireless']['wep']['enable'])) {
3950	5679253c	Renato Botelho	if (!function_exists("file_notice")) {
3951			require_once("notices.inc");
3952			}
3953	51a14c58	Phil Davis	file_notice("WirelessSettings", sprintf(gettext("WEP is no longer supported. It will be disabled on the %s interface and the interface will be disabled. Please reconfigure the interface."), $ifname));
3954	b37b4034	Phil Davis	unset($config['interfaces'][$ifname]['wireless']['wep']);
3955	b061a3c6	Matt Smith	if (isset($intf['enable'])) {
3956			unset($config['interfaces'][$ifname]['enable']);
3957			}
3958			}
3959			}
3960			}
3961	b37b4034	Phil Davis
3962	c53e411f	Matt Smith	function upgrade_125_to_126() {
3963	4df73fa0	Matt Smith	require_once("ipsec.inc");
3964	c53e411f	Matt Smith	global $config, $ipsec_log_cats, $ipsec_log_sevs;
3965
3966			$def_loglevel = 1;
3967			if (!is_array($config['ipsec'])) {
3968			return;
3969			}
3970
3971			if (!isset($config['ipsec']['logging']) \|\| !is_array($config['ipsec']['logging'])) {
3972			$config['ipsec']['logging'] = array();
3973			}
3974
3975			/* subtract 2 from ipsec log levels. the value stored in the config.xml
3976			* will now match the strongswan level exactly.
3977			*/
3978	4e322e2c	Phil Davis	foreach (array_keys($ipsec_log_cats) as $cat) {
3979	c53e411f	Matt Smith	if (!isset($config['ipsec']["ipsec_{$cat}"])) {
3980			$new_level = $def_loglevel;
3981			} else {
3982			$new_level = intval($config['ipsec']["ipsec_{$cat}"]) - 2;
3983			}
3984
3985			if (in_array($new_level, array_keys($ipsec_log_sevs))) {
3986			$config['ipsec']['logging'][$cat] = $new_level;
3987			} else {
3988			$config['ipsec']['logging'][$cat] = $def_loglevel;
3989			}
3990			unset($config['ipsec']["ipsec_{$cat}"]);
3991			}
3992			}
3993
3994	1fd9322b	Stephen Beaver	// prior to v2.3 <widgets><sequence> contains a list of widgets with display types:
3995			// none, close, hide, & show
3996			// v2.3 & later uses:
3997			// close & open
3998			// widgets not in use are simply not in the list
3999			function upgrade_126_to_127() {
4000			global $config;
4001
4002			if (!isset($config['widgets']['sequence'])) {
4003			return;
4004			}
4005
4006			$cur_widgets = explode(',', trim($config['widgets']['sequence']));
4007			$new_widgets = array();
4008
4009			foreach ($cur_widgets as $widget) {
4010			list($file, $col, $display) = explode(':', $widget);
4011
4012			switch ($display) {
4013	153e3ac2	Stephen Beaver	case 'hide':
4014			$display = 'close';
4015			break;
4016			case 'show':
4017			$display = 'open';
4018			break;
4019	c8b0a653	Stephen Beaver	case 'open':
4020			break;
4021	153e3ac2	Stephen Beaver	default:
4022			continue 2;
4023	1fd9322b	Stephen Beaver	}
4024
4025			/* Remove '-container' from widget name */
4026			$file = preg_replace('/-container$/', '', $file);
4027
4028			$new_widgets[] = "{$file}:{$col}:{$display}";
4029			}
4030
4031			$config['widgets']['sequence'] = implode(',', $new_widgets);
4032
4033			}
4034	b061a3c6	Matt Smith
4035	2073c2d5	Phil Davis	function upgrade_127_to_128() {
4036			global $config;
4037
4038			// If bindip is not already specified then migrate the old SNMP bindlan flag to a bindip setting
4039			if (isset($config['snmpd']['bindlan'])) {
4040			if (!isset($config['snmpd']['bindip'])) {
4041			$config['snmpd']['bindip'] = 'lan';
4042			}
4043			unset($config['snmpd']['bindlan']);
4044			}
4045			}
4046
4047	da6f8482	Renato Botelho	function upgrade_128_to_129() {
4048			global $config;
4049
4050			/* net.inet.ip.fastforwarding does not exist in 2.3. */
4051	5540759e	Renato Botelho	if (!isset($config['sysctl']['item']) \|\|
4052			!is_array($config['sysctl']['item'])) {
4053			return;
4054			}
4055
4056			foreach ($config['sysctl']['item'] as $idx => $sysctl) {
4057			if ($sysctl['tunable'] == "net.inet.ip.fastforwarding") {
4058			unset($config['sysctl']['item'][$idx]);
4059	da6f8482	Renato Botelho	}
4060	c71d37a7	Chris Buechler	if ($sysctl['tunable'] == "net.inet.ipsec.debug") {
4061			$config['sysctl']['item'][$idx]['value'] = "0";
4062			}
4063	da6f8482	Renato Botelho	}
4064	efef9c1b	Renato Botelho
4065			/* IPSEC is always on in 2.3. */
4066	4e322e2c	Phil Davis	if (isset($config['ipsec']['enable'])) {
4067	efef9c1b	Renato Botelho	unset($config['ipsec']['enable']);
4068	33baf237	Renato Botelho	} else if (is_array($config['ipsec']['phase1'])) {
4069			/*
4070			* If IPsec was globally disabled, disable all
4071			* phase1 entries
4072			*/
4073			foreach ($config['ipsec']['phase1'] as $idx => $p1) {
4074			$config['ipsec']['phase1'][$idx]['disabled'] = true;
4075			}
4076	4e322e2c	Phil Davis	}
4077	da6f8482	Renato Botelho	}
4078
4079	9555dd35	jim-p	function upgrade_129_to_130() {
4080			global $config;
4081
4082			/* Change OpenVPN topology_subnet checkbox into topology multi-select #5526 */
4083			if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'])) {
4084			foreach ($config['openvpn']['openvpn-server'] as & $serversettings) {
4085	ccefcb00	jim-p	if (strtolower($serversettings['topology_subnet']) == "yes") {
4086	9555dd35	jim-p	unset($serversettings['topology_subnet']);
4087			$serversettings['topology'] = "subnet";
4088			} else {
4089			$serversettings['topology'] = "net30";
4090			}
4091			}
4092			}
4093			}
4094
4095	b1c2bb34	Renato Botelho	function upgrade_130_to_131() {
4096			global $config;
4097
4098	21300959	Phil Davis	// Default dpinger parameters at time of this upgrade (2.3)
4099			$default_interval = 500;
4100			$default_alert_interval = 1000;
4101			$default_loss_interval = 2000;
4102			$default_time_period = 60000;
4103
4104	b1c2bb34	Renato Botelho	if (isset($config['syslog']['apinger'])) {
4105			$config['syslog']['dpinger'] = true;
4106			unset($config['syslog']['apinger']);
4107			}
4108
4109			if (isset($config['system']['apinger_debug'])) {
4110			unset($config['system']['apinger_debug']);
4111			}
4112
4113			if (!isset($config['gateways']['gateway_item']) \|\|
4114			!is_array($config['gateways']['gateway_item'])) {
4115			return;
4116			}
4117
4118	be09e9e8	Phil Davis	if (is_array($config['gateways']['gateway_item'])) {
4119			foreach ($config['gateways']['gateway_item'] as &$gw) {
4120			// dpinger uses milliseconds
4121			if (isset($gw['interval']) &&
4122			is_numeric($gw['interval'])) {
4123			$gw['interval'] = $gw['interval'] * 1000;
4124			}
4125	21300959	Phil Davis
4126	be09e9e8	Phil Davis	if (isset($gw['interval'])) {
4127			$effective_interval = $gw['interval'];
4128			} else {
4129			$effective_interval = $default_interval;
4130			}
4131	21300959	Phil Davis
4132	be09e9e8	Phil Davis	if (isset($gw['down']) &&
4133			is_numeric($gw['down'])) {
4134			$gw['time_period'] = $gw['down'] * 1000;
4135			unset($gw['down']);
4136			}
4137	b1c2bb34	Renato Botelho
4138	be09e9e8	Phil Davis	if (isset($gw['time_period'])) {
4139			$effective_time_period = $gw['time_period'];
4140			} else {
4141			$effective_time_period = $default_time_period;
4142			}
4143	21300959	Phil Davis
4144	be09e9e8	Phil Davis	if (isset($gw['latencyhigh'])) {
4145			// Default loss_interval is 2000, but must be set
4146			// higher if latencyhigh is higher.
4147			if ($gw['latencyhigh'] > $default_loss_interval) {
4148			$gw['loss_interval'] = $gw['latencyhigh'];
4149			}
4150	21300959	Phil Davis	}
4151
4152	be09e9e8	Phil Davis	if (isset($gw['loss_interval'])) {
4153			$effective_loss_interval = $gw['loss_interval'];
4154			} else {
4155			$effective_loss_interval = $default_loss_interval;
4156			}
4157	21300959	Phil Davis
4158	be09e9e8	Phil Davis	if (isset($gw['interval'])) {
4159			// Default alert_interval is 1000, but must be set
4160			// higher if interval is higher.
4161			if ($gw['interval'] > $default_alert_interval) {
4162			$gw['alert_interval'] = $gw['interval'];
4163			}
4164	21300959	Phil Davis	}
4165
4166	be09e9e8	Phil Davis	if ((($effective_interval * 2) + $effective_loss_interval) >= $effective_time_period) {
4167			$gw['time_period'] = ($effective_interval * 2) + $effective_loss_interval + 1;
4168			}
4169	21300959	Phil Davis
4170	be09e9e8	Phil Davis	if (isset($gw['avg_delay_samples'])) {
4171			unset($gw['avg_delay_samples']);
4172			}
4173			if (isset($gw['avg_delay_samples_calculated'])) {
4174			unset($gw['avg_delay_samples_calculated']);
4175			}
4176			if (isset($gw['avg_loss_samples'])) {
4177			unset($gw['avg_loss_samples']);
4178			}
4179			if (isset($gw['avg_loss_samples_calculated'])) {
4180			unset($gw['avg_loss_samples_calculated']);
4181			}
4182			if (isset($gw['avg_loss_delay_samples'])) {
4183			unset($gw['avg_loss_delay_samples']);
4184			}
4185			if (isset($gw['avg_loss_delay_samples_calculated'])) {
4186			unset($gw['avg_loss_delay_samples_calculated']);
4187			}
4188	b1c2bb34	Renato Botelho	}
4189			}
4190			}
4191
4192	41df62c1	jim-p	function upgrade_131_to_132() {
4193			global $config;
4194			if (isset($config['system']['usefifolog'])) {
4195			unset($config['system']['usefifolog']);
4196			clear_all_log_files(false);
4197			}
4198			}
4199	f1b7a0b1	Renato Botelho
4200			function upgrade_132_to_133() {
4201			global $config;
4202
4203			if (isset($config['ipsec']['phase1']) &&
4204			is_array($config['ipsec']['phase1'])) {
4205			foreach ($config['ipsec']['phase1'] as &$p1) {
4206			if (isset($p1['encryption-algorithm']['name']) &&
4207			$p1['encryption-algorithm']['name'] == 'des') {
4208			$p1['disabled'] = true;
4209			file_notice("IPsec",
4210	51a14c58	Phil Davis	sprintf(gettext("DES is no longer supported, IPsec phase 1 item '%s' is being disabled."), $p1['descr']));
4211	f1b7a0b1	Renato Botelho	}
4212			}
4213			}
4214
4215			if (isset($config['ipsec']['phase2']) &&
4216			is_array($config['ipsec']['phase2'])) {
4217			foreach ($config['ipsec']['phase2'] as &$p2) {
4218			if (!isset($p2['encryption-algorithm-option']) \|\|
4219			!is_array($p2['encryption-algorithm-option'])) {
4220			continue;
4221			}
4222
4223			foreach ($p2['encryption-algorithm-option'] as $ealgo) {
4224			if ($ealgo['name'] == 'des') {
4225			$p2['disabled'] = true;
4226			file_notice("IPsec",
4227	51a14c58	Phil Davis	sprintf(gettext("DES is no longer supported, IPsec phase 2 item '%s' is being disabled."), $p2['descr']));
4228	f1b7a0b1	Renato Botelho	}
4229			}
4230			}
4231			}
4232			}
4233	29c0d920	Stephen Beaver
4234			// Determine the highest column number in use and set dashboardcolumns accordingly
4235			function upgrade_133_to_134() {
4236			global $config;
4237
4238			if (!isset($config['widgets']['sequence']) \|\| isset($config['system']['webgui']['dashboardcolumns'])) {
4239			return;
4240			}
4241
4242			$cur_widgets = explode(',', trim($config['widgets']['sequence']));
4243			$maxcols = 2;
4244
4245			foreach ($cur_widgets as $widget) {
4246			list($file, $col, $display) = explode(':', $widget);
4247
4248			if (($display != 'none') && ($display != 'hide')) {
4249			preg_match('#[0-9]+$#', $col, $column);
4250			if ($column[0] > $maxcols) {
4251			$maxcols = $column[0];
4252			}
4253			}
4254			}
4255
4256			$config['system']['webgui']['dashboardcolumns'] = $maxcols % 10;
4257			}
4258	c4104141	Chris Buechler
4259			function upgrade_134_to_135() {
4260			global $config;
4261
4262			if (isset($config['syslog']['nologlighttpd'])) {
4263			unset($config['syslog']['nologlighttpd']);
4264			$config['syslog']['nolognginx'] = true;
4265			}
4266			}
4267	1ac4e6ae	Chris Buechler
4268			function upgrade_135_to_136() {
4269			global $config;
4270
4271	ad9b77f9	Chris Buechler	$l7_active = false;
4272	1ac4e6ae	Chris Buechler	if (isset($config['l7shaper'])) {
4273			unset($config['l7shaper']);
4274			if (is_array($config['filter']['rule'])) {
4275			foreach ($config['filter']['rule'] as $idx => $rule) {
4276			if (isset($rule['l7container'])) {
4277			unset($config['filter']['rule'][$idx]['l7container']);
4278	ad9b77f9	Chris Buechler	$l7_active = true;
4279	1ac4e6ae	Chris Buechler	}
4280			}
4281			}
4282	ad9b77f9	Chris Buechler	if ($l7_active) {
4283			file_notice("L7shaper", gettext("Layer 7 shaping is no longer supported. Its configuration has been removed."));
4284			}
4285	1ac4e6ae	Chris Buechler	}
4286			}
4287	65cce9d7	Renato Botelho
4288			function upgrade_136_to_137() {
4289			global $config;
4290
4291			if (is_array($config['dhcpd'])) {
4292			foreach ($config['dhcpd'] as &$dhcpd) {
4293			if (!is_array($dhcpd['numberoptions']['item'])) {
4294			continue;
4295			}
4296
4297			foreach ($dhcpd['numberoptions']['item'] as &$item) {
4298			$item['value'] = base64_encode($item['value']);
4299			}
4300			}
4301			}
4302
4303			if (is_array($config['dhcpdv6'])) {
4304			foreach ($config['dhcpdv6'] as &$dhcpdv6) {
4305			if (!is_array($dhcpdv6['numberoptions']['item'])) {
4306			continue;
4307			}
4308
4309			foreach ($dhcpdv6['numberoptions']['item'] as &$item) {
4310			$item['value'] = base64_encode($item['value']);
4311			}
4312			}
4313			}
4314			}
4315
4316	d9a17eaf	Chris Buechler	function upgrade_137_to_138() {
4317			global $config;
4318
4319			// the presence of unityplugin tag used to disable loading of unity plugin
4320	b76cc978	Stephen Beaver	// it's now disabled by default, and config tag is to enable. Unset accordingly.
4321	d9a17eaf	Chris Buechler	if (is_array($config['ipsec'])) {
4322			if (isset($config['ipsec']['unityplugin'])) {
4323			unset($config['ipsec']['unityplugin']);
4324			}
4325			}
4326			}
4327
4328	3756fd86	Chris Buechler	function upgrade_138_to_139() {
4329			global $config;
4330
4331			// clean up state killing on gateway failure. having kill_states set used to mean it was disabled
4332	b76cc978	Stephen Beaver	// now set gw_down_kill_states if enabled.
4333	3756fd86	Chris Buechler	if (!isset($config['system']['kill_states'])) {
4334			$config['system']['gw_down_kill_states'] = true;
4335			} else {
4336			unset($config['system']['kill_states']);
4337			}
4338			}
4339
4340	a34c263b	Chris Buechler	function upgrade_139_to_140() {
4341			global $config;
4342
4343			if (is_array($config['virtualip']['vip'])) {
4344			foreach ($config['virtualip']['vip'] as $idx => $vip) {
4345			if ($vip['mode'] == "carp") {
4346			if (!isset($vip['uniqid'])) {
4347			$config['virtualip']['vip'][$idx]['uniqid'] = uniqid();
4348			}
4349			}
4350			}
4351			}
4352			}
4353
4354	1c1ca39b	Chris Buechler	function upgrade_140_to_141() {
4355	b76cc978	Stephen Beaver	global $config;
4356	1c1ca39b	Chris Buechler
4357	68e82ecb	Chris Buechler	// retain OpenVPN's net30 default topology for upgraded client configs so they still work
4358	ccefcb00	jim-p	// This is for 2.3 ALPHA to a later 2.3, not 2.2.x upgrades, which had no topology setting on clients
4359	1968fe40	Chris Buechler	if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'])) {
4360	1c1ca39b	Chris Buechler	foreach ($config['openvpn']['openvpn-client'] as $idx => $ovpnclient) {
4361			if (!isset($ovpnclient['topology'])) {
4362			$config['openvpn']['openvpn-client'][$idx]['topology'] = "net30";
4363			}
4364			}
4365			}
4366	1968fe40	Chris Buechler
4367			// repeat addition of filter tracker IDs from 106_to_107 where missing since associated filter rules were missing them
4368			if (is_array($config['filter']) && is_array($config['filter']['rule'])) {
4369			$tracker = (int)microtime(true);
4370			foreach ($config['filter']['rule'] as $ridx => $rule) {
4371			if (empty($rule['tracker'])) {
4372			$config['filter']['rule'][$ridx]['tracker'] = $tracker;
4373			$tracker++;
4374			}
4375			}
4376			unset($tracker, $ridx);
4377			}
4378
4379	1c1ca39b	Chris Buechler	}
4380
4381	6635aa0f	jim-p	function upgrade_141_to_142() {
4382			global $config;
4383			/* Convert Namecheap type DynDNS entries to the new split hostname and domain format */
4384
4385	c6c398c6	jim-p	init_config_arr(array('dyndnses', 'dyndns'));
4386	6635aa0f	jim-p	$a_dyndns = &$config['dyndnses']['dyndns'];
4387
4388			foreach ($a_dyndns as &$dyndns) {
4389			if ($dyndns['type'] == "namecheap") {
4390			/* Use the old style logic to split the host and domain one last time. */
4391			$dparts = explode(".", trim($dyndns['host']));
4392			$domain_part_count = ($dparts[count($dparts)-1] == "uk") ? 3 : 2;
4393			$domain_offset = count($dparts) - $domain_part_count;
4394			$dyndns['host'] = implode(".", array_slice($dparts, 0, $domain_offset));
4395			$dyndns['domainname'] = implode(".", array_slice($dparts, $domain_offset));
4396			}
4397			}
4398	a2b813bf	Chris Buechler
4399			/* unset old pppoerestart cron job if it exists. redmine 1905 */
4400			if (is_array($config['cron']['item'])) {
4401			foreach ($config['cron']['item'] as $idx => $cronitem) {
4402			if ($cronitem['command'] == "/etc/pppoerestart") {
4403			unset($config['cron']['item'][$idx]);
4404			}
4405			}
4406			}
4407	6635aa0f	jim-p	}
4408	a2b813bf	Chris Buechler
4409	032def61	Stephen Beaver	// Updated to check for empty separator definitions via is_array()
4410	fdb83ce0	NOYB	function upgrade_142_to_143() {
4411			global $config;
4412
4413	8f561183	NOYB	/* Re-index firewall rule separators per interface */
4414	032def61	Stephen Beaver	if (is_array($config['filter']['separator'])) {
4415	8f561183	NOYB	foreach ($config['filter']['separator'] as $interface => $separators) {
4416	fdb83ce0	NOYB
4417	9d3e8723	Phil Davis	if (is_array($separators)) {
4418	032def61	Stephen Beaver	foreach ($separators as $sepn => $separator) {
4419	fdb83ce0	NOYB
4420	032def61	Stephen Beaver	$seprow = substr($separator['row']['0'], 2);
4421			$sepif = $separator['if'];
4422	fdb83ce0	NOYB
4423	032def61	Stephen Beaver	// Determine position of separator within the interface rules.
4424			$i = -1; $j = 0;
4425			foreach ($config['filter']['rule'] as $rulen => $filterent) {
4426	fdb83ce0	NOYB
4427	032def61	Stephen Beaver	if ($i == $seprow) {
4428			// Set separator row to it's position within the interface rules.
4429			$config['filter']['separator'][$sepif][$sepn]['row'] = 'fr' . $j;
4430			continue 2; // Advance to next separator
4431			}
4432	fdb83ce0	NOYB
4433	032def61	Stephen Beaver	// Position within the interface rules.
4434			if (($filterent['interface'] == $sepif && !isset($filterent['floating'])) \|\| (isset($filterent['floating']) && "floatingrules" == $sepif)) {
4435			$j++;
4436			}
4437			$i++;
4438	8f561183	NOYB	}
4439	fdb83ce0	NOYB	}
4440			}
4441			}
4442			}
4443	8f561183	NOYB
4444			/* Re-index nat rule separators */
4445	032def61	Stephen Beaver	if (is_array($config['nat']['separator'])) {
4446	8f561183	NOYB	foreach ($config['nat']['separator'] as $sepn => $separator) {
4447	032def61	Stephen Beaver	if (is_array($separator)) {
4448			$seprow = substr($separator['row']['0'], 2);
4449			$config['nat']['separator'][$sepn]['row'] = 'fr' . ($seprow + 1);
4450			}
4451	8f561183	NOYB	}
4452			}
4453	fdb83ce0	NOYB	}
4454
4455	b1567b5b	Luiz Otavio O Souza	function get_vip_from_ip_alias($ipalias) {
4456			global $config;
4457
4458			foreach ($config['virtualip']['vip'] as $idx => $vip) {
4459	d9901ff4	Chris Buechler	if ($vip['mode'] != "ipalias") {
4460	b1567b5b	Luiz Otavio O Souza	continue;
4461	d9901ff4	Chris Buechler	}
4462			if ($ipalias == $vip['subnet']) {
4463	b1567b5b	Luiz Otavio O Souza	return ("_vip{$vip['uniqid']}");
4464	d9901ff4	Chris Buechler	}
4465	b1567b5b	Luiz Otavio O Souza	}
4466
4467			return ($ipalias);
4468			}
4469
4470			function get_vip_from_oldcarp($carp) {
4471			global $config;
4472
4473			foreach ($config['virtualip']['vip'] as $idx => $vip) {
4474	d9901ff4	Chris Buechler	if ($vip['mode'] != "carp") {
4475	b1567b5b	Luiz Otavio O Souza	continue;
4476	d9901ff4	Chris Buechler	}
4477			if ($carp == "{$vip['interface']}_vip{$vip['vhid']}") {
4478	b1567b5b	Luiz Otavio O Souza	return ("_vip{$vip['uniqid']}");
4479	d9901ff4	Chris Buechler	}
4480	b1567b5b	Luiz Otavio O Souza	}
4481
4482			return ($carp);
4483			}
4484
4485			function upgrade_143_to_144() {
4486			global $config;
4487
4488			if (is_array($config['virtualip']['vip'])) {
4489			foreach ($config['virtualip']['vip'] as $idx => $vip) {
4490			if ($vip['mode'] == "ipalias") {
4491			if (!isset($vip['uniqid'])) {
4492			$config['virtualip']['vip'][$idx]['uniqid'] = uniqid();
4493			}
4494			}
4495			}
4496			}
4497
4498			/* Convert IPsec phase 1 entries. */
4499			if (is_array($config['ipsec']['phase1'])) {
4500			foreach ($config['ipsec']['phase1'] as $idx => $ph1ent) {
4501	d9901ff4	Chris Buechler	if (is_ipaddr($ph1ent['interface']) \|\| is_ipaddrv6($ph1ent['interface'])) {
4502	b1567b5b	Luiz Otavio O Souza	$config['ipsec']['phase1'][$idx]['interface'] = get_vip_from_ip_alias($ph1ent['interface']);
4503	d9901ff4	Chris Buechler	} else if (strpos($ph1ent['interface'], "_vip")) {
4504	b1567b5b	Luiz Otavio O Souza	$config['ipsec']['phase1'][$idx]['interface'] = get_vip_from_oldcarp($ph1ent['interface']);
4505	d9901ff4	Chris Buechler	}
4506	b1567b5b	Luiz Otavio O Souza	}
4507			}
4508
4509			/* Convert openvpn. */
4510			if (is_array($config['openvpn']['openvpn-server'])) {
4511			foreach ($config['openvpn']['openvpn-server'] as $idx => $ovpn) {
4512	d9901ff4	Chris Buechler	if (empty($ovpn['interface'])) {
4513	b1567b5b	Luiz Otavio O Souza	continue;
4514	d9901ff4	Chris Buechler	}
4515			if (is_ipaddr($ovpn['interface']) \|\| is_ipaddrv6($ovpn['interface'])) {
4516	b1567b5b	Luiz Otavio O Souza	$config['openvpn']['openvpn-server'][$idx]['interface'] = get_vip_from_ip_alias($ovpn['interface']);
4517	d9901ff4	Chris Buechler	} else if (strpos($ovpn['interface'], "_vip")) {
4518	b1567b5b	Luiz Otavio O Souza	$config['openvpn']['openvpn-server'][$idx]['interface'] = get_vip_from_oldcarp($ovpn['interface']);
4519	d9901ff4	Chris Buechler	}
4520	b1567b5b	Luiz Otavio O Souza	}
4521			}
4522			if (is_array($config['openvpn']['openvpn-client'])) {
4523			foreach ($config['openvpn']['openvpn-client'] as $idx => $ovpn) {
4524	d9901ff4	Chris Buechler	if (empty($ovpn['interface'])) {
4525	b1567b5b	Luiz Otavio O Souza	continue;
4526	d9901ff4	Chris Buechler	}
4527			if (is_ipaddr($ovpn['interface']) \|\| is_ipaddrv6($ovpn['interface'])) {
4528	b1567b5b	Luiz Otavio O Souza	$config['openvpn']['openvpn-client'][$idx]['interface'] = get_vip_from_ip_alias($ovpn['interface']);
4529	d9901ff4	Chris Buechler	} else if (strpos($ovpn['interface'], "_vip")) {
4530	b1567b5b	Luiz Otavio O Souza	$config['openvpn']['openvpn-client'][$idx]['interface'] = get_vip_from_oldcarp($ovpn['interface']);
4531	d9901ff4	Chris Buechler	}
4532	b1567b5b	Luiz Otavio O Souza	}
4533			}
4534
4535			/* Convert unbound. */
4536			if (is_array($config['unbound']) && !empty($config['unbound']['active_interface'])) {
4537			$active_ifs = explode(",", $config['unbound']['active_interface']);
4538			$ifs = array();
4539			foreach ($active_ifs as $if) {
4540	d9901ff4	Chris Buechler	if (is_ipaddr($if) \|\| is_ipaddrv6($if)) {
4541	b1567b5b	Luiz Otavio O Souza	$ifs[] = get_vip_from_ip_alias($if);
4542	d9901ff4	Chris Buechler	} else if (strpos($if, "_vip")) {
4543	b1567b5b	Luiz Otavio O Souza	$ifs[] = get_vip_from_oldcarp($if);
4544	d9901ff4	Chris Buechler	} else {
4545	b1567b5b	Luiz Otavio O Souza	$ifs[] = $if;
4546	d9901ff4	Chris Buechler	}
4547	b1567b5b	Luiz Otavio O Souza	}
4548			$config['unbound']['active_interface'] = implode(",", $ifs);
4549			}
4550
4551			/* Convert dnsmasq. */
4552			if (is_array($config['dnsmasq']) && !empty($config['dnsmasq']['interface'])) {
4553			$active_ifs = explode(",", $config['dnsmasq']['interface']);
4554			$ifs = array();
4555			foreach ($active_ifs as $if) {
4556	d9901ff4	Chris Buechler	if (is_ipaddr($if) \|\| is_ipaddrv6($if)) {
4557	b1567b5b	Luiz Otavio O Souza	$ifs[] = get_vip_from_ip_alias($if);
4558	d9901ff4	Chris Buechler	} else if (strpos($if, "_vip")) {
4559	b1567b5b	Luiz Otavio O Souza	$ifs[] = get_vip_from_oldcarp($if);
4560	d9901ff4	Chris Buechler	} else {
4561	b1567b5b	Luiz Otavio O Souza	$ifs[] = $if;
4562	d9901ff4	Chris Buechler	}
4563	b1567b5b	Luiz Otavio O Souza	}
4564			$config['dnsmasq']['interface'] = implode(",", $ifs);
4565			}
4566			}
4567
4568	7c4c43a5	Chris Buechler	function upgrade_144_to_145() {
4569			global $config;
4570
4571	b76cc978	Stephen Beaver	// Enable DHCPv6 server and radvd config for track6 interfaces,
4572			// matching what used to be automatically enabled with no user
4573			// configurability.
4574	7c4c43a5	Chris Buechler	if (is_array($config['interfaces'])) {
4575			foreach ($config['interfaces'] as $ifname => $ifcfg) {
4576			if (isset($ifcfg['enable'])) {
4577			if ($ifcfg['ipaddrv6'] == "track6") {
4578	8e0d33ec	jim-p	init_config_arr(array('dhcpdv6', $ifname, 'range'));
4579	7c4c43a5	Chris Buechler	$config['dhcpdv6'][$ifname]['enable'] = true;
4580			$config['dhcpdv6'][$ifname]['range']['from'] = "::1000";
4581			$config['dhcpdv6'][$ifname]['range']['to'] = "::2000";
4582			$config['dhcpdv6'][$ifname]['ramode'] = "assist";
4583			$config['dhcpdv6'][$ifname]['rapriority'] = "medium";
4584			}
4585			}
4586			}
4587			}
4588			}
4589
4590	2fbac0b2	Renato Botelho	function upgrade_145_to_146() {
4591	0b3613ef	Denny Page	// Add standard deviation to the quality rrds
4592			global $config, $g;
4593
4594			$rrddbpath = "/var/db/rrd";
4595			$rrdtool = "/usr/local/bin/rrdtool";
4596
4597			$awkcmd = "/usr/bin/awk '";
4598			$awkcmd .= "{\n";
4599			$awkcmd .= " if (sub(/<\\/v><\\/row>/, \"</v><v>NaN</v></row>\") == 0)\n";
4600			$awkcmd .= " {\n";
4601			$awkcmd .= " if (/<\\/cdp_prep>/)\n";
4602			$awkcmd .= " {\n";
4603			$awkcmd .= " print \" <ds>\"\n";
4604			$awkcmd .= " print \" <primary_value> 0.0000000000e+00 </primary_value>\"\n";
4605			$awkcmd .= " print \" <secondary_value> 0.0000000000e+00 </secondary_value>\"\n";
4606			$awkcmd .= " print \" <value> NaN </value>\"\n";
4607			$awkcmd .= " print \" <unknown_datapoints> 0 </unknown_datapoints>\"\n";
4608			$awkcmd .= " print \" </ds>\"\n";
4609			$awkcmd .= " }\n";
4610			$awkcmd .= " else if (/<!-- Round Robin Archives -->/)\n";
4611			$awkcmd .= " {\n";
4612			$awkcmd .= " print \" <ds>\"\n";
4613			$awkcmd .= " print \" <name> stddev </name>\"\n";
4614			$awkcmd .= " print \" <type> GAUGE </type>\"\n";
4615			$awkcmd .= " print \" <minimal_heartbeat> 120 </minimal_heartbeat>\"\n";
4616			$awkcmd .= " print \" <min> 0.0000000000e+00 </min>\"\n";
4617			$awkcmd .= " print \" <max> 1.0000000000e+05 </max>\\n\"\n";
4618			$awkcmd .= " print \" <!-- PDP Status -->\"\n";
4619			$awkcmd .= " print \" <last_ds> 0 </last_ds>\"\n";
4620			$awkcmd .= " print \" <value> 0.0000000000e+00 </value>\"\n";
4621			$awkcmd .= " print \" <unknown_sec> 0 </unknown_sec>\"\n";
4622			$awkcmd .= " print \" </ds>\\n\"\n";
4623			$awkcmd .= " }\n";
4624			$awkcmd .= " }\n";
4625			$awkcmd .= " print;\n";
4626			$awkcmd .= "}'";
4627
4628			$databases = return_dir_as_array($rrddbpath, '/-quality\.rrd$/');
4629			foreach ($databases as $database) {
4630			$xmldump = "{$g['tmp_path']}/{$database}.xml";
4631
4632			if (platform_booting()) {
4633			echo "Update RRD database {$database}.\n";
4634			}
4635
4636			exec("$rrdtool dump {$rrddbpath}/{$database} \| {$awkcmd} > {$xmldump}");
4637			exec("$rrdtool restore -f {$xmldump} {$rrddbpath}/{$database}");
4638			@unlink("{$xmldump}");
4639			}
4640
4641			if (!platform_booting()) {
4642			enable_rrd_graphing();
4643			}
4644			/* Let's save the RRD graphs after we run enable RRD graphing */
4645			/* The function will restore the rrd.tgz so we will save it after */
4646	1289c0c1	Renato Botelho	exec("cd /; LANG=C RRDDBPATH='{$rrddbpath}' CF_CONF_PATH='{$g['cf_conf_path']}' /etc/rc.backup_rrd.sh");
4647	0b3613ef	Denny Page	}
4648
4649	67c6bab5	Luiz Otavio O Souza	function upgrade_bgpd_146_to_147() {
4650			global $config;
4651
4652			if (!isset($config['installedpackages']['openbgpd']['config']) \|\|
4653			!is_array($config['installedpackages']['openbgpd']['config'])) {
4654			return;
4655			}
4656			$openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0];
4657			if (!isset($openbgpd_conf['carpstatusip']) &&
4658			!is_ipaddr($openbgpd_conf['carpstatusip'])) {
4659			return;
4660			}
4661
4662			if (!is_array($config['virtualip']['vip']))
4663			return;
4664			foreach ($config['virtualip']['vip'] as $idx => $vip) {
4665			if ($vip['subnet'] == $openbgpd_conf['carpstatusip']) {
4666			$openbgpd_conf['carpstatusvid'] = "_vip{$vip['uniqid']}";
4667			unset($openbgpd_conf['carpstatusip']);
4668			return;
4669			}
4670			}
4671			}
4672
4673			function upgrade_quagga_146_to_147() {
4674			global $config;
4675
4676			if (!isset($config['installedpackages']['quaggaospfd']['config']) \|\|
4677			!is_array($config['installedpackages']['quaggaospfd']['config'])) {
4678			return;
4679			}
4680			$ospfd_conf = &$config['installedpackages']['quaggaospfd']['config'][0];
4681			if (!isset($ospfd_conf['carpstatusip']) &&
4682			!is_ipaddr($ospfd_conf['carpstatusip'])) {
4683			return;
4684			}
4685
4686			if (!is_array($config['virtualip']['vip']))
4687			return;
4688			foreach ($config['virtualip']['vip'] as $idx => $vip) {
4689			if ($vip['subnet'] == $ospfd_conf['carpstatusip']) {
4690			$ospfd_conf['carpstatusvid'] = "_vip{$vip['uniqid']}";
4691			unset($ospfd_conf['carpstatusip']);
4692			return;
4693			}
4694			}
4695			}
4696
4697			function upgrade_146_to_147() {
4698
4699			upgrade_bgpd_146_to_147();
4700			upgrade_quagga_146_to_147();
4701			}
4702
4703	b76cc978	Stephen Beaver	function upgrade_147_to_148() {
4704			global $config;
4705
4706			// Ensure there are no spaces in group names by
4707			// replacing spaces with underscores
4708			if (is_array($config['system']['group'])) {
4709	d3f3b75f	Chris Buechler	$cleargroups = false;
4710	e5ef7ae2	Chris Buechler	foreach ($config['system']['group'] as $idx => $grp) {
4711			if (strstr($grp['name'], " ")) {
4712	d3f3b75f	Chris Buechler	$cleargroups = true;
4713	f788b1e2	Chris Buechler	$config['system']['group'][$idx]['scope'] = "remote";
4714	1a2d6d34	Stephen Beaver	}
4715	b76cc978	Stephen Beaver	}
4716	d3f3b75f	Chris Buechler
4717			// if there was a space in a group name, there may be multiple
4718	43b3e9c3	Steve Beaver	// groups with the same name in the group file. To prevent pw
4719	d3f3b75f	Chris Buechler	// from getting into a neverending loop, delete all user-defined
4720	79f7bc7f	Renato Botelho	// groups here. local_reset_accounts will run shortly after this
4721	d3f3b75f	Chris Buechler	// and add them back. redmine #6012
4722			if ($cleargroups) {
4723			foreach ($config['system']['group'] as $grp) {
4724			mwexec("/usr/sbin/pw groupdel -g {$grp['gid']}");
4725			}
4726			}
4727	b76cc978	Stephen Beaver	}
4728			}
4729	22752ae7	Luiz Otavio O Souza
4730			function upgrade_148_to_149() {
4731			global $config;
4732			global $altq_list_queues;
4733
4734			if (!isset($config['shaper']['queue']) \|\| !is_array($config['shaper']['queue']))
4735			return;
4736
4737			read_altq_config();
4738
4739			/* Set root queue bandwidth. */
4740			foreach ($altq_list_queues as $altq) {
4741			$sum = $altq->GetTotalBw();
4742			while ($sum > get_queue_bandwidth($altq)) {
4743	bdd284c3	Chris Buechler	if (intval(($sum / 1000) * 1.2) < (1024 * 1024)) {
4744	22752ae7	Luiz Otavio O Souza	/* 1Gb where possible. */
4745			$bw = 1024 * 1024;
4746	bdd284c3	Chris Buechler	} else {
4747	22752ae7	Luiz Otavio O Souza	/* Increase by 20% until it fits. */
4748			$bw = intval(($sum / 1000) * 1.2);
4749	bdd284c3	Chris Buechler	}
4750	22752ae7	Luiz Otavio O Souza	$altq->SetBandwidth($bw);
4751			$altq->SetBwscale("Kb");
4752			$altq->wconfig();
4753			$sum = $altq->GetTotalBw();
4754			}
4755			}
4756			}
4757	c0509674	Chris Buechler
4758			function upgrade_149_to_150() {
4759			global $config;
4760
4761			if (is_array($config['dhcpdv6'])) {
4762			foreach ($config['dhcpdv6'] as &$dhcpdv6) {
4763			if (isset($dhcpdv6['rainterface'])) {
4764			if (strstr($dhcpdv6['rainterface'], "_vip")) {
4765			$dhcpdv6['rainterface'] = get_vip_from_oldcarp($dhcpdv6['rainterface']);
4766			}
4767			}
4768			}
4769			}
4770			}
4771	f8f2eae4	Phil Davis
4772			function upgrade_150_to_151() {
4773			global $config;
4774
4775			// Default dpinger parameters at time of this upgrade (2.3.1)
4776			$default_interval = 500;
4777			$default_alert_interval = 1000;
4778			$default_loss_interval = 2000;
4779			$default_time_period = 60000;
4780			$default_latencyhigh = 500;
4781
4782			// Check advanced gateway parameter relationships in case they are incorrect
4783	13dab353	Chris Buechler	if (is_array($config['gateways']['gateway_item'])) {
4784			foreach ($config['gateways']['gateway_item'] as &$gw) {
4785			if (isset($gw['interval'])) {
4786			$effective_interval = $gw['interval'];
4787			} else {
4788			$effective_interval = $default_interval;
4789			}
4790	f8f2eae4	Phil Davis
4791	13dab353	Chris Buechler	if (isset($gw['alert_interval'])) {
4792			$effective_alert_interval = $gw['alert_interval'];
4793			} else {
4794			$effective_alert_interval = $default_alert_interval;
4795			}
4796	f8f2eae4	Phil Davis
4797	13dab353	Chris Buechler	if (isset($gw['loss_interval'])) {
4798			$effective_loss_interval = $gw['loss_interval'];
4799			} else {
4800			$effective_loss_interval = $default_loss_interval;
4801			}
4802	f8f2eae4	Phil Davis
4803	13dab353	Chris Buechler	if (isset($gw['time_period'])) {
4804			$effective_time_period = $gw['time_period'];
4805			} else {
4806			$effective_time_period = $default_time_period;
4807			}
4808	f8f2eae4	Phil Davis
4809	13dab353	Chris Buechler	if (isset($gw['latencyhigh'])) {
4810			$effective_latencyhigh = $gw['latencyhigh'];
4811			} else {
4812			$effective_latencyhigh = $default_latencyhigh;
4813			}
4814	f8f2eae4	Phil Davis
4815	13dab353	Chris Buechler	// Loss interval has to be at least as big as high latency.
4816			if ($effective_latencyhigh > $effective_loss_interval) {
4817			$effective_loss_interval = $gw['loss_interval'] = $effective_latencyhigh;
4818			}
4819	f8f2eae4	Phil Davis
4820	13dab353	Chris Buechler	// Alert interval has to be at least as big as probe interval.
4821			if ($effective_interval > $effective_alert_interval) {
4822			$gw['alert_interval'] = $effective_interval;
4823			}
4824	f8f2eae4	Phil Davis
4825	13dab353	Chris Buechler	// The time period for averaging has to be more than 2 probes plus the loss interval.
4826			if ((($effective_interval * 2) + $effective_loss_interval) >= $effective_time_period) {
4827			$gw['time_period'] = ($effective_interval * 2) + $effective_loss_interval + 1;
4828			}
4829	f8f2eae4	Phil Davis	}
4830			}
4831			}
4832	53f2965e	NOYB
4833			function upgrade_151_to_152() {
4834			global $g, $config;
4835
4836			require_once("/etc/inc/services.inc");
4837
4838			// Remove these cron jobs on full install if not using ramdisk.
4839	dc61252a	Renato Botelho	if (!isset($config['system']['use_mfs_tmpvar'])) {
4840	b2bb4970	jim-p	/* See #7146 for detail on why the extra parameters are needed for the time being. */
4841			install_cron_job("/etc/rc.backup_rrd.sh", false, null, null, null, null, null, null, false);
4842			install_cron_job("/etc/rc.backup_dhcpleases.sh", false, null, null, null, null, null, null, false);
4843	53f2965e	NOYB	}
4844			}
4845	8175a2a8	Chris Buechler
4846			function upgrade_152_to_153() {
4847			global $config;
4848
4849			if (is_array($config['virtualip']['vip'])) {
4850			foreach ($config['virtualip']['vip'] as $idx => $vip) {
4851			if (substr($vip['interface'], 0, 4) == "_vip") {
4852			// using new VIP format
4853			continue;
4854			} else if (strstr($vip['interface'], "_vip")) {
4855			// using old VIP format, update
4856			$config['virtualip']['vip'][$idx]['interface'] = get_vip_from_oldcarp($vip['interface']);
4857			}
4858			}
4859			}
4860	aa31bad6	Chris Buechler
4861			// upgrade GIFs using VIP to new format
4862			if (is_array($config['gifs']['gif'])) {
4863			foreach ($config['gifs']['gif'] as $idx => $gif) {
4864			if (substr($gif['if'], 0, 4) == "_vip") {
4865			// using new VIP format
4866			continue;
4867			} else if (strstr($gif['if'], "_vip")) {
4868			// using old VIP format, update
4869			$config['gifs']['gif'][$idx]['if'] = get_vip_from_oldcarp($gif['if']);
4870			}
4871			}
4872			}
4873
4874			// upgrade GREs using VIP to new format
4875			if (is_array($config['gres']['gre'])) {
4876			foreach ($config['gres']['gre'] as $idx => $gre) {
4877			if (substr($gre['if'], 0, 4) == "_vip") {
4878			// using new VIP format
4879			continue;
4880			} else if (strstr($gre['if'], "_vip")) {
4881			// using old VIP format, update
4882			$config['gres']['gre'][$idx]['if'] = get_vip_from_oldcarp($gre['if']);
4883			}
4884			}
4885			}
4886
4887			// upgrade gateway groups using VIPs
4888			if (is_array($config['gateways']['gateway_group'])) {
4889			foreach ($config['gateways']['gateway_group'] as $idx => $gw) {
4890			if (is_array($gw['item'])) {
4891			$newitems = array();
4892			$gwvipchange = false;
4893			foreach ($gw['item'] as $item) {
4894			if (strstr($item, "\|_vip")) {
4895			// using new VIP format
4896			$newitems[] = $item;
4897			continue;
4898			} else if (strstr($item, "_vip")) {
4899			// using old VIP format, update
4900			$gwitemarr = explode("\|", $item);
4901			$gwitemarr[2] = get_vip_from_oldcarp($gwitemarr[2]);
4902			$newitems[] = implode("\|", $gwitemarr);
4903			$gwvipchange = true;
4904			} else {
4905			$newitems[] = $item;
4906			}
4907			}
4908			if ($gwvipchange) {
4909			$config['gateways']['gateway_group'][$idx]['item'] = $newitems;
4910			}
4911			}
4912			}
4913			}
4914	8175a2a8	Chris Buechler	}
4915	374f8c51	NewEraCracker
4916			function upgrade_153_to_154() {
4917			/* NOTE: This upgrade code was reverted. See redmine ticket #6118 and
4918			https://github.com/pfsense/pfsense/commit/538a3c04a6b6671151e913b06b2f340b6f8ee222 */
4919			}
4920	ee9fb7bc	jim-p
4921			/* Clean up old GRE/GIF options. See Redmine tickets #6586 and #6587 */
4922			function upgrade_154_to_155() {
4923			global $config;
4924
4925			if (is_array($config['gifs']['gif'])) {
4926			foreach ($config['gifs']['gif'] as $idx => $gif) {
4927			if (isset($gif['link0'])) {
4928			unset($config['gifs']['gif'][$idx]['link0']);
4929			}
4930			}
4931			}
4932
4933			if (is_array($config['gres']['gre'])) {
4934			foreach ($config['gres']['gre'] as $idx => $gre) {
4935			if (isset($gre['link0'])) {
4936			unset($config['gres']['gre'][$idx]['link0']);
4937			}
4938			if (isset($gre['link2'])) {
4939			unset($config['gres']['gre'][$idx]['link2']);
4940			}
4941			}
4942			}
4943			}
4944	2ce5cd33	jim-p
4945			function upgrade_155_to_156() {
4946	e030050d	Phil Davis	// Unused
4947	2ce5cd33	jim-p	}
4948	2446fffa	jim-p
4949			function upgrade_156_to_157() {
4950			global $config;
4951			/* Convert Cloudflare and GratisDNS type DynDNS entries to the new split hostname and domain format */
4952
4953	c6c398c6	jim-p	init_config_arr(array('dyndnses', 'dyndns'));
4954	2446fffa	jim-p	$a_dyndns = &$config['dyndnses']['dyndns'];
4955
4956			foreach ($a_dyndns as &$dyndns) {
4957			if (($dyndns['type'] == "cloudflare") \|\| ($dyndns['type'] == "cloudflare-v6") \|\| ($dyndns['type'] == "gratisdns")) {
4958			/* Use the old style logic to split the host and domain one last time. */
4959			$dparts = explode(".", trim($dyndns['host']));
4960			$domain_part_count = ($dparts[count($dparts)-1] == "uk") ? 3 : 2;
4961			$domain_offset = count($dparts) - $domain_part_count;
4962			$dyndns['host'] = implode(".", array_slice($dparts, 0, $domain_offset));
4963			$dyndns['domainname'] = implode(".", array_slice($dparts, $domain_offset));
4964			}
4965			}
4966
4967			/* unset old pppoerestart cron job if it exists. redmine 1905 */
4968			if (is_array($config['cron']['item'])) {
4969			foreach ($config['cron']['item'] as $idx => $cronitem) {
4970			if ($cronitem['command'] == "/etc/pppoerestart") {
4971			unset($config['cron']['item'][$idx]);
4972			}
4973			}
4974			}
4975			}
4976
4977	86584ded	jim-p	function upgrade_157_to_158() {
4978			global $config;
4979			/* Convert Dynamic DNS passwords to base64 encoding. Redmine #6688 */
4980
4981	c6c398c6	jim-p	init_config_arr(array('dyndnses', 'dyndns'));
4982	86584ded	jim-p	$a_dyndns = &$config['dyndnses']['dyndns'];
4983
4984			foreach ($a_dyndns as &$dyndns) {
4985			$dyndns['password'] = base64_encode($dyndns['password']);
4986			}
4987			}
4988
4989	e030050d	Phil Davis	/* Unset references to glxsb in the config. See #6755 */
4990			function upgrade_158_to_159() {
4991			global $config;
4992
4993			if ($config['system']['crypto_hardware'] == "glxsb") {
4994			unset($config['system']['crypto_hardware']);
4995			}
4996			}
4997
4998	ca366676	jim-p	/* Convert OpenVPN "protocol" to new style for OpenVPN 2.4, old udp/tcp was
4999			* IPv4 only, now is dual stack, so change it to udp4/tcp4
5000			*/
5001			function upgrade_159_to_160() {
5002			global $config;
5003
5004			if (isset($config['openvpn']) && is_array($config['openvpn'])) {
5005			if (is_array($config['openvpn']['openvpn-server'])) {
5006			foreach ($config['openvpn']['openvpn-server'] as &$vpn) {
5007			if ($vpn['protocol'] == "UDP") {
5008			$vpn['protocol'] = "UDP4";
5009			}
5010			if ($vpn['protocol'] == "TCP") {
5011			$vpn['protocol'] = "TCP4";
5012			}
5013			}
5014			}
5015			if (is_array($config['openvpn']['openvpn-client'])) {
5016			foreach ($config['openvpn']['openvpn-client'] as &$vpn) {
5017			if ($vpn['protocol'] == "UDP") {
5018			$vpn['protocol'] = "UDP4";
5019			}
5020			if ($vpn['protocol'] == "TCP") {
5021			$vpn['protocol'] = "TCP4";
5022			}
5023			}
5024			}
5025			}
5026			}
5027	ef5c0a3e	NOYB
5028			/* RAM Disk Management */
5029			function upgrade_160_to_161() {
5030			global $g, $config;
5031
5032			if (!isset($config['system']['use_mfs_tmpvar'])) {
5033			return;
5034			}
5035
5036			// Move existing RRD backup to the RAM Disk Store if it don't already exist there.
5037			// Restore existing RRD XML dump backup.
5038			if (file_exists("{$g['cf_conf_path']}/rrd.tgz") && !file_exists("{$g['cf_conf_path']}/RAM_Disk_Store/rrd.tgz")) {
5039			$rrddbpath = "{$g['vardb_path']}/rrd/";
5040			$rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool";
5041
5042			$rrdrestore = "";
5043			$rrdreturn = "";
5044			unlink_if_exists("{$rrddbpath}/*.xml");
5045
5046			unset($rrdrestore);
5047			$_gb = exec("LANG=C /usr/bin/tar -tf {$g['cf_conf_path']}/rrd.tgz", $rrdrestore, $rrdreturn);
5048			if ($rrdreturn != 0) {
5049			log_error(sprintf(gettext('RRD restore failed exited with %1$s, the error is: %2$s'), $rrdreturn, $rrdrestore));
5050			} else {
5051			foreach ($rrdrestore as $xml_file) {
5052			$rrd_file = '/' . substr($xml_file, 0, -4) . '.rrd';
5053	43b3e9c3	Steve Beaver	unlink_if_exists("{$rrd_file}");
5054	ef5c0a3e	NOYB
5055			file_put_contents("{$g['tmp_path']}/rrd_restore", $xml_file);
5056			$_gb = exec("LANG=C /usr/bin/tar -xf {$g['cf_conf_path']}/rrd.tgz -C / -T {$g['tmp_path']}/rrd_restore");
5057			if (!file_exists("/{$xml_file}")) {
5058			log_error(sprintf(gettext("Could not extract %s RRD xml file from archive!"), $xml_file));
5059			continue;
5060			}
5061			$_gb = exec("$rrdtool restore -f '/{$xml_file}' '{$rrd_file}'", $output, $status);
5062			if ($status) {
5063			log_error(sprintf(gettext("rrdtool restore -f '%1\$s' '%2\$s' failed returning %3\$s."), $xml_file, $rrd_file, $status));
5064			continue;
5065			}
5066			unset($output);
5067			@unlink("/{$xml_file}");
5068			}
5069			unset($rrdrestore);
5070			@unlink("{$g['tmp_path']}/rrd_restore");
5071
5072			// Create a new RRD backup to the RAM Disk Store (without RRD XML dump).
5073			exec("/etc/rc.backup_rrd.sh");
5074			$ramds_updated = true;
5075
5076			// Rename previous RRD backup so it will not restore again. Don't delete in case needed for recovery.
5077			rename("{$g['cf_conf_path']}/rrd.tgz", "{$g['cf_conf_path']}/rrd.tgz.old");
5078			}
5079			}
5080
5081			// Move existing DHCP leases backup to the RAM Disk Store if it don't already exist there.
5082			if (file_exists("{$g['cf_conf_path']}/dhcpleases.tgz") && ! file_exists("{$g['cf_conf_path']}/RAM_Disk_Store/dhcpleases.tgz")) {
5083			rename("{$g['cf_conf_path']}/dhcpleases.tgz", "{$g['cf_conf_path']}/RAM_Disk_Store/dhcpleases.tgz");
5084			$ramds_updated = true;
5085			}
5086
5087			// Move existing alias table backups to the RAM Disk Store if they don't already exist there.
5088			$dbpath = "{$g['vardb_path']}/aliastables/";
5089			$files = glob("{$g['cf_conf_path']}/RAM_Disk_Store{$dbpath}*.tgz");
5090			if (count($files)) {
5091			foreach ($files as $file) {
5092			if (! file_exists("{$g['cf_conf_path']}/RAM_Disk_Store/".basename($file))) {
5093			rename($file, "{$g['cf_conf_path']}/RAM_Disk_Store/".basename($file));
5094			$ramds_updated = true;
5095			}
5096			}
5097			// Remove existing alias table backups directory if empty.
5098			@rmdir("{$g['cf_conf_path']}/RAM_Disk_Store/var/db/aliastables");
5099			@rmdir("{$g['cf_conf_path']}/RAM_Disk_Store/var/db/");
5100			@rmdir("{$g['cf_conf_path']}/RAM_Disk_Store/var/");
5101			}
5102
5103			// Restore RAM Disk Store if updated.
5104			if ($ramds_updated) {
5105			exec("/etc/rc.restore_ramdisk_store");
5106			}
5107			}
5108
5109	2c98383f	jim-p	/* Previous versions of pfSense had cryptodev built into the kernel.
5110			* To retain the expected behavior on upgrade, load the cryptodev
5111			* module for users that did not choose a module.
5112			*/
5113			function upgrade_161_to_162() {
5114			global $config;
5115			if (empty($config['system']['crypto_hardware'])) {
5116			$config['system']['crypto_hardware'] = "cryptodev";
5117			}
5118			}
5119	6e8777f2	Phil Davis
5120			/* Traffic graphs widget settings are now stored in a layout similar
5121			* to other widgets. Migrate any old settings.
5122			*/
5123			function upgrade_162_to_163() {
5124			require_once("ipsec.inc");
5125			global $config;
5126
5127			foreach (array('refreshinterval', 'invert', 'size', 'backgroundupdate') as $setting) {
5128			if (isset($config['widgets']['trafficgraphs'][$setting])) {
5129			$config['widgets']['traffic_graphs'][$setting] = $config['widgets']['trafficgraphs'][$setting];
5130			unset($config['widgets']['trafficgraphs'][$setting]);
5131			}
5132			}
5133
5134			if (isset($config['widgets']['trafficgraphs']['shown'])) {
5135			if (is_array($config['widgets']['trafficgraphs']['shown']['item'])) {
5136			$ifdescrs = get_configured_interface_with_descr();
5137
5138			if (ipsec_enabled()) {
5139			$ifdescrs['enc0'] = "IPsec";
5140			}
5141
5142			$validNames = array();
5143
5144			foreach ($ifdescrs as $ifdescr => $ifname) {
5145			array_push($validNames, $ifdescr);
5146			}
5147
5148			$config['widgets']['traffic_graphs']['filter'] = implode(',', array_diff($validNames, $config['widgets']['trafficgraphs']['shown']['item']));
5149			}
5150
5151			unset($config['widgets']['trafficgraphs']['shown']);
5152			}
5153			}
5154	071d8a61	Phil Davis
5155			/* Dashboard widget settings config format has changed to support having possibly multiple
5156			* of a widget on the dashboard. Migrate any old settings.
5157			*/
5158			function convert_widget_164($oldname, $newname, $settings_keys) {
5159			global $config;
5160
5161			if ($newname == '') {
5162			$newname = $oldname . '-0';
5163			}
5164
5165			if ($oldname == '') {
5166			// These settings were stored directly in $config['widgets']
5167			// Move them down under their new key.
5168			// e.g. $config['widgets']['filterlogentries']
5169			// becomes $config['widgets']['log-0']['filterlogentries']
5170			foreach ($settings_keys as $oldkey => $newkey) {
5171			if ($newkey == '') {
5172			$newkey = $oldkey;
5173			}
5174
5175			// Modify the system-wide entry
5176			if (isset($config['widgets'][$oldkey])) {
5177			$config['widgets'][$newname][$newkey] = $config['widgets'][$oldkey];
5178			unset($config['widgets'][$oldkey]);
5179			}
5180
5181			// Modify any user-specific entries
5182			foreach ($config['system']['user'] as & $user) {
5183			if (isset($user['widgets'][$oldkey])) {
5184			$user['widgets'][$newname][$newkey] = $user['widgets'][$oldkey];
5185			unset($user['widgets'][$oldkey]);
5186			}
5187			}
5188			}
5189			} else {
5190			// These settings were stored in some key under 'widgets',
5191			// e.g. $config['widgets']['gateways_widget']['display_type']
5192			// becomes $config['widgets']['gateways-0']['display_type']
5193			foreach ($settings_keys as $oldkey => $newkey) {
5194			if ($newkey == '') {
5195			$newkey = $oldkey;
5196			}
5197
5198			// Modify the system-wide entry
5199			if (isset($config['widgets'][$oldname][$oldkey])) {
5200			$config['widgets'][$newname][$newkey] = $config['widgets'][$oldname][$oldkey];
5201			unset($config['widgets'][$oldname][$oldkey]);
5202			}
5203
5204			// Modify any user-specific entries
5205			foreach ($config['system']['user'] as & $user) {
5206			if (isset($user['widgets'][$oldname][$oldkey])) {
5207			$user['widgets'][$newname][$newkey] = $user['widgets'][$oldname][$oldkey];
5208			unset($user['widgets'][$oldname][$oldkey]);
5209			}
5210
5211			if (isset($user['widgets'][$oldname])) {
5212			unset($user['widgets'][$oldname]);
5213			}
5214			}
5215			}
5216
5217			if (isset($config['widgets'][$oldname])) {
5218			unset($config['widgets'][$oldname]);
5219			}
5220			}
5221			}
5222
5223			function upgrade_163_to_164() {
5224			global $config;
5225
5226			convert_widget_164('dyn_dns_status', '', array('filter' => ''));
5227			convert_widget_164('gateways_widget', 'gateways-0', array('display_type' => '', 'gatewaysfilter' => ''));
5228			convert_widget_164('interface_statistics', '', array('iffilter' => ''));
5229			convert_widget_164('interfaces', '', array('iffilter' => ''));
5230			convert_widget_164('', 'log-0',
5231			array(
5232			'filterlogentries' => '',
5233			'filterlogentriesacts' => '',
5234			'filterlogentriesinterfaces' => '',
5235			'filterlogentriesinterval' => ''));
5236			convert_widget_164('openvpn', '', array('filter' => ''));
5237			convert_widget_164('', 'picture-0', array('picturewidget' => '', 'picturewidget_filename' => ''));
5238			convert_widget_164('', 'rss-0', array('rssfeed' => '', 'rssmaxitems' => '', 'rsswidgetheight' => '', 'rsswidgettextlength' => ''));
5239			convert_widget_164('', 'services_status-0', array('servicestatusfilter' => 'filter'));
5240			convert_widget_164('smart_status', '', array('filter' => ''));
5241			convert_widget_164('system_information', '', array('filter' => ''));
5242			convert_widget_164('thermal_sensors_widget', 'thermal_sensors-0',
5243			array(
5244			'thermal_sensors_widget_zone_warning_threshold' => '',
5245			'thermal_sensors_widget_zone_critical_threshold' => '',
5246			'thermal_sensors_widget_core_warning_threshold' => '',
5247			'thermal_sensors_widget_core_critical_threshold' => '',
5248			'thermal_sensors_widget_show_raw_output' => '',
5249			'thermal_sensors_widget_show_full_sensor_name' => '',
5250			'thermal_sensors_widget_pulsate_warning' => '',
5251			'thermal_sensors_widget_pulsate_critical' => ''
5252			));
5253			convert_widget_164('wol', 'wake_on_lan-0', array('filter' => ''));
5254			}
5255	42dfffcd	jim-p
5256			/* Work around broken wizard rules. See https://redmine.pfsense.org/issues/7434 */
5257			function upgrade_164_to_165() {
5258			global $config;
5259			foreach ($config['filter']['rule'] as & $rule) {
5260			if ($rule['destination']['port'] == "137-139-137-139") {
5261			$rule['destination']['port'] = "137-139";
5262			}
5263			}
5264			}
5265
5266	f49ef559	jim-p	/* Fixup digest algorithm selection for OpenVPN clients and servers so they do not use aliased names. */
5267			function upgrade_165_to_166() {
5268			require_once('openvpn.inc');
5269			global $config;
5270
5271			if (isset($config['openvpn']) && is_array($config['openvpn'])) {
5272			if (is_array($config['openvpn']['openvpn-server'])) {
5273			foreach ($config['openvpn']['openvpn-server'] as &$vpn) {
5274			$vpn['digest'] = openvpn_remap_digest($vpn['digest']);
5275			}
5276			}
5277			if (is_array($config['openvpn']['openvpn-client'])) {
5278			foreach ($config['openvpn']['openvpn-client'] as &$vpn) {
5279			$vpn['digest'] = openvpn_remap_digest($vpn['digest']);
5280			}
5281			}
5282			}
5283			}
5284
5285	ec922197	Steve Beaver	/* Force the Netgate Services and Support widget to be active on upgrade.
5286			New widget is added at the top of column 2 */
5287	43b3e9c3	Steve Beaver	function upgrade_166_to_167() {
5288			global $config;
5289
5290	38c763aa	Renato Botelho	if (strpos($config['widgets']['sequence'],
5291			'netgate_services_and_support') === false) {
5292	ec922197	Steve Beaver	$widgets = explode(",", $config['widgets']['sequence']);
5293			$cnt = count($widgets);
5294			$col2 = $cnt;
5295			$newsequence = array();
5296
5297			// Locate the firt column 2 widget
5298			for ($idx=0;$idx<$cnt;$idx++) {
5299	38c763aa	Renato Botelho	if (strpos($widgets[$idx], 'col2') !== false) {
5300			$col2 = $idx;
5301			break;
5302	ec922197	Steve Beaver	}
5303			}
5304
5305	38c763aa	Renato Botelho	/*
5306			* Loop through the widgets inserting the new widget before
5307			* the first col2 widget
5308			*/
5309	ec922197	Steve Beaver	for ($old=0,$new=0;$old<$cnt;$old++,$new++) {
5310			$newsequence[$new] = $widgets[$old];
5311
5312	38c763aa	Renato Botelho	if ($old != ($col2 - 1)) {
5313			continue;
5314	ec922197	Steve Beaver	}
5315	38c763aa	Renato Botelho	$new++;
5316			$newsequence[$new] =
5317			"netgate_services_and_support:col2:open:0";
5318	ec922197	Steve Beaver	}
5319
5320			$config['widgets']['sequence'] = implode(",", $newsequence);
5321	43b3e9c3	Steve Beaver	}
5322			}
5323	2306b30e	Steve Beaver
5324			function upgrade_167_to_168() {
5325			upgrade_166_to_167();
5326			}
5327	e506cc8a	Renato Botelho
5328			function upgrade_168_to_169() {
5329			global $config;
5330
5331	569e55ae	Renato Botelho	/* Remove workaround added in 2.3 */
5332			unset($config['cron']['rc_update_pkg_metadata']);
5333
5334	c47f209b	Renato Botelho	$command = '/usr/bin/nice -n20 /etc/rc.update_pkg_metadata';
5335	3729b7a2	jim-p	if (!is_array($config['cron'])) {
5336			$config['cron'] = array();
5337			}
5338			if (!is_array($config['cron']['item'])) {
5339			$config['cron']['item'] = array();
5340			}
5341	c47f209b	Renato Botelho	if (is_array($config['cron']['item'])) {
5342			foreach ($config['cron']['item'] as $entry) {
5343			if ($entry['command'] == $command) {
5344			return;
5345			}
5346			}
5347			}
5348
5349	e506cc8a	Renato Botelho	$config['cron']['item'][] = array(
5350			'minute' => '1',
5351			'hour' => '0',
5352			'mday' => '*',
5353			'month' => '*',
5354			'wday' => '*',
5355			'who' => 'root',
5356	c47f209b	Renato Botelho	'command' => $command
5357	e506cc8a	Renato Botelho	);
5358			}
5359
5360	79ccd1f2	jim-p	/* Upgrade wireless interfaces to the format required for 2.4
5361			* Each wireless interface now needs to be a cloned instance, the card itself
5362			* Can no longer be assigned. https://redmine.pfsense.org/issues/6770 */
5363			function upgrade_169_to_170() {
5364			global $config;
5365			foreach ($config['interfaces'] as $friendly => & $iface) {
5366			if (is_array($iface['wireless']) && !empty($iface['wireless']['mode'])) {
5367			/* This test can only be true for one instance per card, so it is safe. */
5368			if (stristr($iface['if'], '_wlan') === false) {
5369			$wlan = array();
5370			$wlan['if'] = $iface['if'];
5371			$wlan['mode'] = $iface['wireless']['mode'];
5372			$wlan['descr'] = "Wireless interface {$friendly}";
5373			/* It was not possible to create clones of _wlan0 before, so this is safe. */
5374			$wlan['cloneif'] = "{$iface['if']}_wlan0";
5375	fc319749	jim-p	/* Make sure this entry is placed in the list of wireless interface clones. */
5376	79ccd1f2	jim-p	if (!is_array($config['wireless'])) {
5377			$config['wireless'] = array();
5378			$config['wireless']['clone'] = array();
5379			}
5380			$config['wireless']['clone'][] = $wlan;
5381			/* The interface assignment must now be the cloned interface name. */
5382			$iface['if'] = $wlan['cloneif'];
5383			}
5384			}
5385			}
5386			}
5387
5388	12bcf7e9	Luiz Souza	/* Upgrade the VLAN interface names to use $if.$tag instead of $if_vlan$tag.
5389			* This helps keep the interface names smaller than the limit.
5390			*/
5391			function upgrade_170_to_171() {
5392			global $config;
5393
5394			if (!is_array($config['vlans']['vlan']) \|\| count($config['vlans']['vlan']) == 0) {
5395			return;
5396			}
5397			$iflist = get_configured_interface_list(true);
5398			foreach ($config['vlans']['vlan'] as $id => $vlan) {
5399			/* Make sure to update the interfaces section with the new name. */
5400			$vlan_name = "{$vlan['if']}_vlan{$vlan['tag']}";
5401			foreach ($iflist as $ifname) {
5402			if ($config['interfaces'][$ifname]['if'] == $vlan_name) {
5403			$config['interfaces'][$ifname]['if'] = vlan_interface($vlan);
5404			}
5405			}
5406			$config['vlans']['vlan'][$id]['vlanif'] = vlan_interface($vlan);
5407			}
5408			}
5409
5410	0793de1a	Luiz Souza	/* Upgrade the QinQ interface names to use $if.$tag instead of $if_$tag.
5411			* This helps keep the interface names smaller than the limit (but they are still
5412			* big with the QinQ subtag).
5413			*/
5414			function upgrade_171_to_172() {
5415			global $config;
5416
5417			if (!is_array($config['qinqs']['qinqentry']) \|\| count($config['qinqs']['qinqentry']) == 0) {
5418			return;
5419			}
5420			$iflist = get_configured_interface_list(true);
5421			foreach ($config['qinqs']['qinqentry'] as $id => $qinq) {
5422			$config['qinqs']['qinqentry'][$id]['vlanif'] = vlan_interface($qinq);
5423
5424			if (!isset($qinq['members'])) {
5425			continue;
5426			}
5427			foreach (explode(" ", $qinq['members']) as $tag) {
5428			/* Make sure to update the interfaces section with the new name. */
5429			$vlan_name = "{$qinq['if']}_{$qinq['tag']}_{$tag}";
5430			foreach ($iflist as $ifname) {
5431			if ($config['interfaces'][$ifname]['if'] == $vlan_name) {
5432			$config['interfaces'][$ifname]['if'] = qinq_interface($qinq, $tag);
5433			}
5434			}
5435			}
5436			}
5437			}
5438
5439	5b460fef	Renato Botelho	/*
5440			* Upgrade the VLAN interface names to use $if.$tag on PPP items
5441			*/
5442			function upgrade_172_to_173() {
5443			global $config;
5444
5445			if (!is_array($config['ppps']['ppp']) \|\|
5446			count($config['ppps']['ppp']) == 0) {
5447			return;
5448			}
5449			$iflist = get_configured_interface_list(true);
5450			foreach ($config['ppps']['ppp'] as $id => $ppp) {
5451			if (empty($ppp['ports']) \|\|
5452			strpos($ppp['ports'], "_vlan") == false) {
5453			continue;
5454			}
5455
5456			$config['ppps']['ppp'][$id]['ports'] = str_replace('_vlan', '.',
5457			$ppp['ports']);
5458			}
5459			}
5460
5461	0ccfd70e	Joeri Capens	/*
5462	16f8df9a	Joeri Capens	* Dynamic DNS nsupdate keyfiles have been replaced with a simpler ddns-confgen style file.
5463	0ccfd70e	Joeri Capens	*/
5464			function upgrade_173_to_174() {
5465	16f8df9a	Joeri Capens	global $config;
5466	0ccfd70e	Joeri Capens
5467	88be34ad	jim-p	/* Stop if there is nothing to do. */
5468			if (!is_array($config['dnsupdates']['dnsupdate'])) {
5469			return;
5470			}
5471	16f8df9a	Joeri Capens	/* Remove unused keytype field. */
5472			foreach ($config['dnsupdates']['dnsupdate'] as $i => &$dnsupdate) {
5473			unset($dnsupdate['keytype']);
5474			}
5475	0ccfd70e	Joeri Capens	}
5476
5477	22dbacd0	PiBa-NL	/* IPsec Phase1 now supports multiple authentication ciphers to be specified from the webgui.
5478	4864d7f6	Josh Soref	* This is useful for mobile users using different OS's supporting different ciphers.
5479	22dbacd0	PiBa-NL	*/
5480	76ca1bc5	Steve Beaver	function upgrade_174_to_175() {
5481	22dbacd0	PiBa-NL	global $config;
5482	024e5de2	jim-p	init_config_arr(array('ipsec', 'phase1'));
5483	c6c398c6	jim-p	if (count($config['ipsec']['phase1'])) {
5484	22dbacd0	PiBa-NL	$a_phase1 = &$config['ipsec']['phase1'];
5485			foreach($a_phase1 as &$phase1) {
5486	ca676aa3	jim-p	if (empty($phase1) \|\| !is_array($phase1)) {
5487	024e5de2	jim-p	continue;
5488			}
5489	22dbacd0	PiBa-NL	$item = array();
5490	ca676aa3	jim-p	if (isset($phase1['encryption-algorithm']) && !empty($phase1['encryption-algorithm'])) {
5491			$item['encryption-algorithm'] = $phase1['encryption-algorithm'];
5492			unset($phase1['encryption-algorithm']);
5493			}
5494			if (isset($phase1['hash-algorithm']) && !empty($phase1['hash-algorithm'])) {
5495			$item['hash-algorithm'] = $phase1['hash-algorithm'];
5496			unset($phase1['hash-algorithm']);
5497			}
5498			if (isset($phase1['dhgroup']) && !empty($phase1['dhgroup'])) {
5499			$item['dhgroup'] = $phase1['dhgroup'];
5500			unset($phase1['dhgroup']);
5501			}
5502			if (!empty($item)) {
5503			if (!is_array($phase1['encryption'])) {
5504			$phase1['encryption'] = array();
5505			}
5506			if (!is_array($phase1['encryption']['item'])) {
5507			$phase1['encryption']['item'] = array();
5508			}
5509			$phase1['encryption']['item'][] = $item;
5510			}
5511	22dbacd0	PiBa-NL	}
5512			}
5513			}
5514	6b3e3bc5	PiBa-NL
5515			/* igmp always was enabled by default if settings were present.
5516			* So enable it once on upgrade if settings are there.
5517			* And provide the option through gui to disable it again
5518			*/
5519			function upgrade_175_to_176() {
5520			global $config;
5521			if (is_array($config['igmpproxy']['igmpentry']) && (count($config['igmpproxy']['igmpentry']) > 0)) {
5522	ca5270b6	jim-p	$config['igmpproxy']['enable'] = true;
5523	6b3e3bc5	PiBa-NL	}
5524			}
5525
5526	f6bf385e	Luiz Souza	/* Placeholder for a factory update. */
5527			function upgrade_176_to_177() {
5528			}
5529
5530	1f0bbb13	Steve Beaver	// The image displayed by the picture widget is now stored on the file system
5531			function upgrade_177_to_178() {
5532			global $config;
5533
5534			if (isset($config['widgets'])) {
5535			$idx = 0;
5536
5537			while (isset($config['widgets']['picture-' . $idx])) {
5538			file_put_contents("/conf/widget_image.picture-" . $idx, base64_decode($config['widgets']['picture-' . $idx]['picturewidget']));
5539			$config['widgets']['picture-' . $idx]['picturewidget'] = "/conf/widget_image.picture-". $idx;
5540			$idx++;
5541			}
5542			}
5543			}
5544	45b42156	Luiz Souza
5545			/* Placeholder for a factory update. */
5546			function upgrade_178_to_179() {
5547			}
5548	2d113b12	Renato Botelho
5549			function upgrade_179_to_180() {
5550			global $config, $g;
5551
5552			/* Change default to 400000 to make sure bogonsv6 works */
5553			if (empty($config['system']['maximumtableentries'])) {
5554			$config['system']['maximumtableentries'] =
5555			$g['minimumtableentries_bogonsv6'];
5556			}
5557			}
5558
5559	f87ddb3b	plumbeo	/*
5560			* Automatically enable retrieving captive portal bandwidth limits from RADIUS for each captive portal
5561			*/
5562			function upgrade_180_to_181() {
5563			global $config;
5564
5565			if (is_array($config['captiveportal'])) {
5566			foreach ($config['captiveportal'] as $cpzone => $cpcfg) {
5567			if ($cpcfg['auth_method'] == "radius") {
5568			$config['captiveportal'][$cpzone]['radiusperuserbw'] = true;
5569			}
5570			}
5571			}
5572			}
5573
5574	43a9b03d	PiBa-NL	function upgrade_181_to_182() {
5575			global $config;
5576	5b42a63c	jim-p
5577			/*
5578			* Some gateways did not have an ipprotocol set, and some configurations
5579			* did not have a default set so one was assumed. To avoid leaving the
5580			* user without a default, fix these situations first.
5581			*/
5582			$defgw_v4_found = false;
5583			$defgw_v6_found = false;
5584			$defgw_v4_candidate = array();
5585			$defgw_v6_candidate = array();
5586			if (is_array($config['gateways']) && is_array($config['gateways']['gateway_item'])) {
5587			foreach($config['gateways']['gateway_item'] as &$item) {
5588			/* Attempt to determine IP protocol for static gateways
5589			* missing the protocol definition */
5590			if (empty($item['ipprotocol'])) {
5591			if (is_ipaddrv4($item['gateway'])) {
5592			$item['ipprotocol'] = 'inet';
5593			} elseif (is_ipaddrv6($item['gateway'])) {
5594			$item['ipprotocol'] = 'inet6';
5595			}
5596			}
5597			/* Check if we have found a default gw */
5598			if (isset($item['defaultgw'])) {
5599			if ($item['ipprotocol'] == 'inet') {
5600			$defgw_v4_found = true;
5601			} elseif ($item['ipprotocol'] == 'inet6') {
5602			$defgw_v6_found = true;
5603			}
5604			} else {
5605			/* This isn't a default gateway, but could it be? */
5606			if ($item['ipprotocol'] == 'inet') {
5607			if (!$defgw_v4_found &&
5608			($item['interface'] == "wan")) {
5609			$defgw_v4_candidate = &$item;
5610			}
5611			} elseif ($item['ipprotocol'] == 'inet6') {
5612			if (!$defgw_v6_found &&
5613			($item['interface'] == "wan")) {
5614			$defgw_v6_candidate = &$item;
5615			}
5616			}
5617			}
5618			}
5619			}
5620			/* If there was no other default gateway, use the one of last resort. */
5621			if (!$defgw_v4_found && !empty($defgw_v4_candidate)) {
5622			$defgw_v4_candidate['defaultgw'] = true;
5623			}
5624			if (!$defgw_v6_found && !empty($defgw_v6_candidate)) {
5625			$defgw_v6_candidate['defaultgw'] = true;
5626			}
5627
5628	43a9b03d	PiBa-NL	if (isset($config['system']['gw_switch_default'])) {
5629			// default gateway switching was enabled, convert gatewaygroup
5630			$newgroup4 = array();
5631			$newgroup6 = array();
5632			$tiernr4 = 2;
5633			$tiernr6 = 2;
5634	5b42a63c	jim-p	if (is_array($config['gateways']) && is_array($config['gateways']['gateway_item'])) {
5635	43a9b03d	PiBa-NL	foreach($config['gateways']['gateway_item'] as &$item) {
5636			if ($item['ipprotocol'] == 'inet') {
5637			if (isset($item['defaultgw'])) {
5638			$tier = 1;
5639			unset($item['defaultgw']);
5640			} else {
5641			$tier = $tiernr4;
5642			}
5643			$newgroup4['item'][] = $item['name']."\|$tier\|address";
5644			if ($tiernr4 < 5) {
5645			$tiernr4++;
5646			}
5647			}
5648			if ($item['ipprotocol'] == 'inet6') {
5649			if (isset($item['defaultgw'])) {
5650			$tier = 1;
5651			unset($item['defaultgw']);
5652			} else {
5653			$tier = $tiernr6;
5654			}
5655			$newgroup6['item'][] = $item['name']."\|$tier\|address";
5656			if ($tiernr6 < 5) {
5657			$tiernr6++;
5658			}
5659			}
5660			}
5661			}
5662	bd670efe	jim-p	if (is_array($newgroup4['item']) && count($newgroup4['item']) > 0) {
5663	43a9b03d	PiBa-NL	$newname = "Default_Gateway_Group_ipv4";
5664			if (gateway_or_gwgroup_exists($newname)) { //make sure we create a new name
5665			$id = 2;
5666			while (gateway_or_gwgroup_exists($newname."_".$id)) {
5667			$id++;
5668			}
5669			$newname .= "_".$id;
5670			}
5671			$newgroup4['name'] = $newname;
5672			$newgroup4['trigger'] = 0;
5673			$newgroup4['descr'] = "Default gateway group IPv4";
5674			$config['gateways']['gateway_group'][] = $newgroup4;
5675			$config['gateways']['defaultgw4'] = $newname;
5676			}
5677	bd670efe	jim-p	if (is_array($newgroup6['item']) && count($newgroup6['item']) > 0) {
5678	43a9b03d	PiBa-NL	$newname = "Default_Gateway_Group_ipv6";
5679			if (gateway_or_gwgroup_exists($newname)) { //make sure we create a new name
5680			$id = 2;
5681			while (gateway_or_gwgroup_exists($newname."_".$id)) {
5682			$id++;
5683			}
5684			$newname .= "_".$id;
5685			}
5686			$newgroup6['name'] = $newname;
5687			$newgroup6['trigger'] = 0;
5688			$newgroup6['descr'] = "Default gateway group IPv6";
5689			$config['gateways']['gateway_group'][] = $newgroup6;
5690			$config['gateways']['defaultgw6'] = $newname;
5691			}
5692			unset($config['system']['gw_switch_default']);// remove old setting, if a group is used switching is already implied
5693			} else {
5694			// set new defaultgw selection boxes to old selected default
5695	5b42a63c	jim-p	if (is_array($config['gateways']) && is_array($config['gateways']['gateway_item'])) {
5696	43a9b03d	PiBa-NL	foreach($config['gateways']['gateway_item'] as &$item) {
5697			if (isset($item['defaultgw'])) {
5698			if ($item['ipprotocol'] == 'inet') {
5699			$config['gateways']['defaultgw4'] = $item['name'];
5700			} else {
5701			$config['gateways']['defaultgw6'] = $item['name'];
5702			}
5703			unset($item['defaultgw']);
5704			}
5705			}
5706			}
5707			}
5708			}
5709
5710	9fa8c7de	jim-p	/* Correct gateway group trigger level values.
5711			* See https://redmine.pfsense.org/issues/8586
5712			*/
5713			function upgrade_182_to_183() {
5714			global $config;
5715			if (!is_array($config['gateways']) \|\|
5716			!is_array($config['gateways']['gateway_group'])) {
5717			/* No gateway groups, nothing to do. */
5718			return;
5719			}
5720			foreach ($config['gateways']['gateway_group'] as &$gwg) {
5721			switch ($gwg['trigger']) {
5722			case "0":
5723			/* '0' => gettext('Member down'), */
5724			/* 'down' => gettext("Member Down"), */
5725			$gwg['trigger'] = "down";
5726			break;
5727			case "1":
5728			/* '1' => gettext('Packet Loss'), */
5729			/* 'downloss' => gettext("Packet Loss"), */
5730			$gwg['trigger'] = "downloss";
5731			break;
5732			case "2":
5733			/* '2' => gettext('High Latency'), */
5734			/* 'downlatency' => gettext("High Latency"), */
5735			$gwg['trigger'] = "downlatency";
5736			break;
5737			case "3":
5738			/* '3' => gettext('Packet Loss or High latency') */
5739			/* 'downlosslatency' => gettext("Packet Loss or High Latency")); */
5740			$gwg['trigger'] = "downlosslatency";
5741			break;
5742			}
5743			}
5744			}
5745
5746	e311cb79	PiBa-NL	function upgrade_183_to_184() {
5747			/* 'none' was kinda confusing and didnt really do none
5748			* now use the new 'automatic' mode if it was set to none. */
5749			global $config;
5750	a25e9691	Reid Linnemann	$gw4 = config_get_path('gateways/defaultgw4', "");
5751			$gw6 = config_get_path('gateways/defaultgw6', "");
5752			if ($gw4 === "-") {
5753			$gw4 = "";
5754	e311cb79	PiBa-NL	}
5755	a25e9691	Reid Linnemann	if ($gw6 === "-") {
5756			$gw6 = "";
5757	e311cb79	PiBa-NL	}
5758			}
5759
5760	4864d7f6	Josh Soref	// Migrate AutoConfigBackup package settings to integrated ACB system
5761	68048497	Steve Beaver	// and remove package
5762			function upgrade_184_to_185() {
5763			global $config;
5764
5765			if (is_array($config['installedpackages']['autoconfigbackup']['config'][0])) {
5766			$acbpkg = &$config['installedpackages']['autoconfigbackup']['config'][0];
5767
5768	c6c398c6	jim-p	init_config_arr(array('system', 'acb'));
5769	68048497	Steve Beaver	$acb = &$config['system']['acb'];
5770			$acb['enable'] = ($acbpkg['enable_acb'] != 'disabled') ? 'yes':'no';
5771			$acb['gold_encryption_password'] = $acbpkg['crypto_password'];
5772
5773			// If no encryption password has been set up yet, we might as well import the "Gold" password
5774			// The user can update it later
5775			if (!isset($acb['encryption_password'])) {
5776			$acb['encryption_password'] = $acbpkg['crypto_password'];
5777			}
5778
5779			$acb['gold_password'] = $acbpkg['password'];
5780			$acb['gold_username'] = $acbpkg['username'];
5781
5782			unset($config['installedpackages']['autoconfigbackup']['config']);
5783			}
5784			}
5785
5786	cee2c930	jim-p	function upgrade_185_to_186() {
5787			global $config;
5788
5789			/* FEC LAGG is deprecated, replace with loadbalance */
5790			if (!function_exists("file_notice")) {
5791			require_once("notices.inc");
5792			}
5793			if (is_array($config['laggs']) &&
5794			is_array($config['laggs']['lagg'])) {
5795			foreach ($config['laggs']['lagg'] as &$lagg) {
5796			if ($lagg['proto'] == 'fec') {
5797			$lagg['proto'] = 'failover';
5798			file_notice("Interfaces", sprintf(gettext("The FEC LAGG protocol is deprecated. The %s LAGG interface has been set to failover."), $lagg['laggif']));
5799			}
5800			}
5801			}
5802			}
5803
5804	e4d4aa92	Augustin FL	function generate_usermanager_radius_config($cpzone, $counter, $protocol, $ip, $key, $port, $radiussrcip_attribute, $is_accounting=false, $accounting_port=false) {
5805			global $config;
5806			$pconfig = array();
5807	f3f98e97	Phil Davis
5808	e4d4aa92	Augustin FL	if (!is_array($config['system']['authserver'])) {
5809			$config['system']['authserver'] = array();
5810			}
5811	f3f98e97	Phil Davis
5812	e4d4aa92	Augustin FL	$pconfig['name'] = "Auto generated from Captive Portal {$cpzone}";
5813			if ($counter != 1) {
5814			$pconfig['name'] .= " {$counter}";
5815			}
5816			$pconfig['radius_srvcs'] = "auth";
5817			$pconfig['type'] = 'radius';
5818			$pconfig['radius_protocol'] = $protocol;
5819			$pconfig['host'] = $ip;
5820			$pconfig['radius_secret'] = $key;
5821			$pconfig['radius_timeout'] = 3;
5822			$pconfig['radius_auth_port'] = $port;
5823			$pconfig['radius_nasip_attribute'] = $radiussrcip_attribute;
5824	f3f98e97	Phil Davis
5825	e4d4aa92	Augustin FL	if($is_accounting) {
5826			$pconfig['radius_srvcs'] = "both";
5827			$pconfig['radius_acct_port'] = $accounting_port;
5828			}
5829	f3f98e97	Phil Davis
5830	e4d4aa92	Augustin FL	$config['system']['authserver'][] = $pconfig;
5831	f3f98e97	Phil Davis
5832	e4d4aa92	Augustin FL	return 'radius - '.$pconfig['name'];
5833			}
5834
5835			function upgrade_186_to_187() {
5836			global $config;
5837			global $g;
5838
5839			if (is_array($config['captiveportal'])) {
5840			foreach ($config['captiveportal'] as $cpzone => $cp) {
5841	f3f98e97	Phil Davis	// we flush any existing sqlite3 db.
5842	e4d4aa92	Augustin FL	// It will be automatically re-generated on next captiveportal_readdb()/captiveportal_writedb()
5843			$db_path = "{$g['vardb_path']}/captiveportal{$cpzone}.db";
5844			unlink_if_exists($db_path);
5845	f3f98e97	Phil Davis
5846			if ($cp['auth_method'] === 'radius') { // Radius Auth
5847	e4d4aa92	Augustin FL	$auth_servers = array();
5848			$auth_servers2 = array();
5849			$radiuscounter = 1;
5850	f3f98e97	Phil Davis
5851	e4d4aa92	Augustin FL	if (intval($cp['radiusport']) == 0) {
5852			$cp['radiusport'] = 1812;
5853			}
5854			if (intval($cp['radiusacctport']) == 0) {
5855			$cp['radiusacctport'] = 1813;
5856			}
5857			if (!isset($cp['radiussrcip_attribute'])) {
5858			$cp['radiussrcip_attribute'] = 'wan';
5859			}
5860			$auth_servers[] = generate_usermanager_radius_config($cpzone, $radiuscounter, $cp['radius_protocol'], $cp['radiusip'], $cp['radiuskey'], $cp['radiusport'], $cp['radiussrcip_attribute'], isset($cp['radacct_enable']), $cp['radiusacctport']);
5861	f3f98e97	Phil Davis
5862	e4d4aa92	Augustin FL	if (!empty($cp['radiusip2'])) {
5863			$radiuscounter++;
5864			if (intval($cp['radiusport2']) == 0) {
5865			$cp['radiusport2'] = 1812;
5866	f3f98e97	Phil Davis	}
5867			$auth_servers[] = generate_usermanager_radius_config($cpzone, $radiuscounter, $cp['radius_protocol'], $cp['radiusip2'], $cp['radiuskey2'], $cp['radiusport2'], $cp['radiussrcip_attribute'], false, 0);
5868	e4d4aa92	Augustin FL	}
5869			if (!empty($cp['radiusip3'])) {
5870			$radiuscounter++;
5871			if (intval($cp['radiusport3']) == 0) {
5872			$cp['radiusport3'] = 1812;
5873			}
5874	f3f98e97	Phil Davis	$auth_servers2[] = generate_usermanager_radius_config($cpzone, $radiuscounter, $cp['radius_protocol'], $cp['radiusip3'], $cp['radiuskey3'], $cp['radiusport3'], $cp['radiussrcip_attribute'], false, 0);
5875	e4d4aa92	Augustin FL	}
5876			if (!empty($cp['radiusip4'])) {
5877			$radiuscounter++;
5878			if (intval($cp['radiusport4']) == 0) {
5879			$cp['radiusport4'] = 1812;
5880			}
5881	f3f98e97	Phil Davis	$auth_servers2[] = generate_usermanager_radius_config($cpzone, $radiuscounter, $cp['radius_protocol'], $cp['radiusip4'], $cp['radiuskey4'], $cp['radiusport4'], $cp['radiussrcip_attribute'], false, 0);
5882	e4d4aa92	Augustin FL	}
5883	f3f98e97	Phil Davis
5884	e4d4aa92	Augustin FL	$cp['auth_method'] = 'authserver';
5885			$cp['auth_server'] = implode(",", $auth_servers);
5886			$cp['auth_server2'] = implode(",", $auth_servers2);
5887
5888			if (isset($cp['radmac_enable'])) { // RadMac
5889			$cp['auth_method'] = 'radmac';
5890			}
5891			if (isset($cp['radacct_enable'])) { // If accounting was enabled : we select the primary radius server for accounting
5892			$cp['radacct_server'] = "Auto generated from Captive Portal {$cpzone}";
5893			if ($cp['reauthenticateacct'] === "") {
5894			$cp['reauthenticateacct'] = 'none';
5895			}
5896			}
5897			} elseif ($cp['auth_method'] === 'local') { // Local Auth
5898			$cp['auth_method'] = 'authserver';
5899			$cp['auth_server'] = "Local Auth - Local Database";
5900	f3f98e97	Phil Davis	}
5901	e4d4aa92	Augustin FL	// we don't need to update anything when "none" auth method is selected
5902	f3f98e97	Phil Davis
5903	e4d4aa92	Augustin FL	$config['captiveportal'][$cpzone] = $cp;
5904			}
5905			}
5906			}
5907
5908	b89270b7	Renato Botelho	function upgrade_187_to_188() {
5909			global $config;
5910
5911			$old_cmd = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout";
5912			$new_cmd = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard";
5913			if (!is_array($config['cron'])) {
5914			$config['cron'] = array();
5915			}
5916			if (!is_array($config['cron']['item'])) {
5917			$config['cron']['item'] = array();
5918			}
5919			if (is_array($config['cron']['item'])) {
5920			foreach ($config['cron']['item'] as $idx => $entry) {
5921			if ($entry['command'] == $old_cmd) {
5922			$config['cron']['item'][$idx]['command'] = $new_cmd;
5923			break;
5924			}
5925			}
5926			}
5927			}
5928
5929	ec439957	jim-p	function upgrade_188_to_189() {
5930			global $config;
5931
5932			/* Migrate ssh setting to new location */
5933			if (isset($config['system']['enablesshd'])) {
5934	72b7b9a2	jim-p	init_config_arr(array('system', 'ssh'));
5935	ec439957	jim-p	$config['system']['ssh']['enable'] = "enabled";
5936			unset($config['system']['enablesshd']);
5937			}
5938			/* Remove accidentally duplicated ssh config
5939			* See https://redmine.pfsense.org/issues/8974 */
5940			if (isset($config['system']['sshd'])) {
5941	72b7b9a2	jim-p	unset($config['system']['sshd']);
5942	ec439957	jim-p	}
5943			}
5944
5945	4864d7f6	Josh Soref	/* Older preexisting IPsec P1 entries may not have had the protocol explicitly
5946	d188b725	jim-p	* defined. Fill in the default value of 'inet'.
5947			* https://redmine.pfsense.org/issues/9207 */
5948			function upgrade_189_to_190() {
5949			global $config;
5950			init_config_arr(array('ipsec', 'phase1'));
5951			foreach ($config['ipsec']['phase1'] as & $ph1ent) {
5952	d2abe7c9	jim-p	if (empty($ph1ent)) {
5953			continue;
5954			}
5955			if (!isset($ph1ent['protocol']) \|\| empty($ph1ent['protocol'])) {
5956	d188b725	jim-p	$ph1ent['protocol'] = 'inet';
5957			}
5958			}
5959			}
5960
5961	397d9fff	jim-p	/* sshguard cron jobs are not necessary.
5962			* See https://redmine.pfsense.org/issues/9223 */
5963			function upgrade_190_to_191() {
5964			global $config;
5965			install_cron_job("/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard", false, null, null, null, null, null, null, false);
5966			install_cron_job("/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout", false, null, null, null, null, null, null, false);
5967			}
5968
5969	586c623a	jim-p	/* Deprecate relayd Load Balancer
5970			* See https://redmine.pfsense.org/issues/9386 */
5971			function upgrade_191_to_192() {
5972			global $config;
5973
5974			/* Backup LB config */
5975			$backup_file = "/conf/deprecated_load_balancer.xml";
5976			unlink_if_exists($backup_file);
5977			file_put_contents($backup_file, backup_config_section('load_balancer'));
5978
5979			/* Determine if LB was active and notify (or log if not) */
5980			$deprecation_notice = sprintf(gettext("The built-in Load Balancer service has been deprecated. The active Load Balancer configuration has been stored in %s. Consider migrating to the HAProxy package."), $backup_file);
5981			if (is_array($config['load_balancer']['virtual_server']) &&
5982			count($config['load_balancer']['virtual_server']) &&
5983			count($config['load_balancer']['lbpool'])) {
5984
5985			if (!function_exists("file_notice")) {
5986			require_once("notices.inc");
5987			}
5988			file_notice("Load Balancer", $deprecation_notice);
5989			} else {
5990			log_error("INFO: {$deprecation_notice}");
5991			}
5992
5993			/* Clear old config */
5994			unset($config['load_balancer']);
5995
5996			/* Remove LB HA Sync Config */
5997			if (isset($config['hasync']) &&
5998			is_array($config['hasync']) &&
5999			isset($config['hasync']['synchronizelb'])) {
6000			unset($config['hasync']['synchronizelb']);
6001			}
6002	f3f98e97	Phil Davis
6003	586c623a	jim-p	/* If the LB widget is present, remove it*/
6004			if (isset($config['widgets']) &&
6005			isset($config['widgets']['sequence']) &&
6006			(strpos($config['widgets']['sequence'], 'load_balancer_status') !== false)) {
6007			$widgets = explode(',', trim($config['widgets']['sequence']));
6008			foreach ($widgets as $idx => &$widget) {
6009			if (substr( $widget, 0, 20 ) === "load_balancer_status") {
6010			unset($widgets[$idx]);
6011			}
6012			}
6013			$config['widgets']['sequence'] = implode(',', $widgets);
6014			}
6015
6016			/* Per-log settings */
6017			if (isset($config['syslog']) &&
6018			is_array($config['syslog']) &&
6019			isset($config['syslog']['relayd_settings'])) {
6020			unset($config['syslog']['relayd_settings']);
6021			}
6022			}
6023
6024	1ead3516	Renato Botelho	/* Deprecate growl notifications */
6025			function upgrade_192_to_193() {
6026			global $config;
6027
6028			if (isset($config['notifications']['growl'])) {
6029			unset($config['notifications']['growl']);
6030			}
6031			}
6032
6033	1d8a8f66	Augustin-FL	function upgrade_193_to_194() {
6034			global $config, $g;
6035
6036			if (is_array($config['captiveportal'])) {
6037			foreach ($config['captiveportal'] as $cpzone => $cp) {
6038			unlink_if_exists("{$g['vardb_path']}/captiveportal{$cpzone}.db");
6039			}
6040			}
6041			}
6042
6043	f9e8c833	jim-p	/*
6044			* Reset all log files, including package logs, on upgrade since old logs are in
6045			* binary clog format.
6046			* Conversion is not possible since the clog binary will not be present.
6047			* https://redmine.pfsense.org/issues/8350
6048			*/
6049			function upgrade_194_to_195() {
6050			global $g;
6051
6052			$logfiles = system_syslogd_get_all_logfilenames();
6053
6054			foreach ($logfiles as $logfile) {
6055	24b1410a	jim-p	if (substr($logfile, -4) != '.log') {
6056			$logfile .= ".log";
6057			}
6058			$logpath = "{$g['varlog_path']}/{$logfile}";
6059	f9e8c833	jim-p	exec("/usr/bin/truncate -s 0 " . escapeshellarg($logpath));
6060			}
6061			}
6062
6063	55beed7e	jim-p	/* Skipped. See https://redmine.pfsense.org/issues/9730 */
6064	f9e8c833	jim-p	function upgrade_195_to_196() {
6065	55beed7e	jim-p	}
6066
6067			/* Add newsyslog cron job */
6068			function upgrade_196_to_197() {
6069	f9e8c833	jim-p	global $g, $config;
6070
6071	55beed7e	jim-p	install_cron_job('/usr/sbin/newsyslog', true, "/1", '', '', '', '*', 'root', false);
6072	f9e8c833	jim-p	}
6073
6074	4bbdd9b0	jim-p	/* Add periodic cron jobs */
6075			function upgrade_197_to_198() {
6076			global $g, $config;
6077
6078			install_cron_job('/etc/rc.periodic daily', true, "1", '3', '', '', '*', 'root', false);
6079			install_cron_job('/etc/rc.periodic weekly', true, "15", '4', '', '', '6', 'root', false);
6080			install_cron_job('/etc/rc.periodic monthly', true, "30", '5', '1', '', '', 'root', false);
6081			}
6082
6083	d1f5587d	jim-p	/* Update IPsec authentication method names
6084			* https://redmine.pfsense.org/issues/9903 */
6085			function upgrade_198_to_199() {
6086			global $config;
6087			/* "RSA" methods changed to the more generic "cert" since they are not only RSA. */
6088			$namechanges = array(
6089			'hybrid_rsa_server' => 'hybrid_cert_server',
6090			'xauth_rsa_server' => 'xauth_cert_server',
6091			'rsasig' => 'cert',
6092			);
6093			init_config_arr(array('ipsec', 'phase1'));
6094			foreach ($config['ipsec']['phase1'] as & $ph1ent) {
6095			/* If the auth method for this P1 is in the list to change, change it */
6096			if (array_key_exists($ph1ent['authentication_method'], $namechanges)) {
6097			$ph1ent['authentication_method'] = $namechanges[$ph1ent['authentication_method']];
6098			}
6099			}
6100			}
6101
6102	391591ef	jim-p	/* Superceded. See https://redmine.pfsense.org/issues/11219 and upgrade_212_to_213() */
6103	9701089e	jim-p	function upgrade_199_to_200() {
6104			global $config;
6105			}
6106
6107	f764f63a	jim-p	/* Update LDAP transport values */
6108			function upgrade_200_to_201() {
6109			global $config;
6110			/* Normalize/correct names (All are TCP) */
6111			$namechanges = array(
6112			'TCP - Standard' => 'Standard TCP',
6113			'TCP - STARTTLS' => 'STARTTLS Encrypted',
6114			'SSL - Encrypted' => 'SSL/TLS Encrypted',
6115			);
6116			init_config_arr(array('system', 'authserver'));
6117			foreach ($config['system']['authserver'] as & $authserver) {
6118			if (array_key_exists($authserver['ldap_urltype'], $namechanges)) {
6119			$authserver['ldap_urltype'] = $namechanges[$authserver['ldap_urltype']];
6120			}
6121			}
6122			}
6123
6124	88f3d1a3	Renato Botelho do Couto	/* #10525: Handle Chinese (HongKong / Taiwan) locale rename */
6125			function upgrade_201_to_202() {
6126			global $config;
6127
6128			if (!empty($config['system']['language'])) {
6129			if ($config['system']['language'] == 'zh_HK') {
6130			$config['system']['language'] = 'zh_Hans_HK';
6131			} elseif ($config['system']['language'] == 'zh_TW') {
6132			$config['system']['language'] = 'zh_Hant_TW';
6133			}
6134			}
6135			}
6136
6137	491217a6	Sebastian	function upgrade_202_to_203() {
6138	e8e3fd22	Sebastian	global $config;
6139	491217a6	Sebastian	// Upgrade GREs with IPv6 tunnel networks to new dual stack format
6140	e8e3fd22	Sebastian	if (is_array($config['gres']['gre'])) {
6141	491217a6	Sebastian	foreach ($config['gres']['gre'] as $idx => &$gre) {
6142			if (is_ipaddrv6($gre['tunnel-local-addr'])) {
6143	e8e3fd22	Sebastian	$gre['tunnel-local-addr6'] = $gre['tunnel-local-addr'];
6144			$gre['tunnel-remote-addr6'] = $gre['tunnel-remote-addr'];
6145	491217a6	Sebastian	$gre['tunnel-remote-net6'] = $gre['tunnel-remote-net'];
6146	e8e3fd22	Sebastian	$gre['tunnel-local-addr'] = '';
6147			$gre['tunnel-remote-addr'] = '';
6148	491217a6	Sebastian	$gre['tunnel-remote-net'] = '';
6149	e8e3fd22	Sebastian	} else {
6150			$gre['tunnel-local-addr6'] = '';
6151			$gre['tunnel-remote-addr6'] = '';
6152	491217a6	Sebastian	$gre['tunnel-remote-net6'] = '';
6153	e8e3fd22	Sebastian	}
6154			}
6155			}
6156			}
6157
6158	31a6bd5e	jim-p	/*
6159	21568e75	jim-p	* Change IPsec close_action values
6160	31a6bd5e	jim-p	* See https://redmine.pfsense.org/issues/10632
6161			*/
6162
6163			function upgrade_203_to_204() {
6164			global $config;
6165			init_config_arr(array('ipsec', 'phase1'));
6166			foreach ($config['ipsec']['phase1'] as & $ph1ent) {
6167			if (empty($ph1ent)) {
6168			continue;
6169			}
6170	21568e75	jim-p	if (isset($ph1ent['closeaction'])) {
6171			switch ($ph1ent['closeaction']) {
6172			case 'clear':
6173			/* swanctl.conf combined "clear" and "none" */
6174			$ph1ent['closeaction'] = "none";
6175			break;
6176			case 'restart':
6177			/* swanctl.conf uses "start" not "restart" */
6178			$ph1ent['closeaction'] = "start";
6179			break;
6180			case 'hold':
6181			/* swanctl.conf uses "trap" not "hold" */
6182			$ph1ent['closeaction'] = "trap";
6183			break;
6184			default:
6185			/* "none" does not need changed. */
6186			}
6187	31a6bd5e	jim-p	}
6188			}
6189			}
6190
6191	7e4e04ef	jim-p	function upgrade_204_to_205() {
6192			global $config, $g;
6193
6194			if (is_array($config['captiveportal'])) {
6195			foreach ($config['captiveportal'] as $cpzone => $cp) {
6196			unlink_if_exists("{$g['vardb_path']}/captiveportal{$cpzone}.db");
6197
6198			if (is_array($config['voucher'][$cpzone])) {
6199			if (!empty($config['voucher'][$cpzone]['vouchersyncdbip'])) {
6200			$config['captiveportal'][$cpzone]['enablebackwardsync'] = '';
6201			$config['captiveportal'][$cpzone]['backwardsyncip'] = $config['voucher'][$cpzone]['vouchersyncdbip'];
6202			$config['captiveportal'][$cpzone]['backwardsyncuser'] = $config['voucher'][$cpzone]['vouchersyncusername'];
6203			$config['captiveportal'][$cpzone]['backwardsyncpassword'] = $config['voucher'][$cpzone]['vouchersyncpass'];
6204			}
6205			}
6206			}
6207			}
6208			}
6209
6210	51e2d459	Luiz Souza	function upgrade_205_to_206() {
6211			/*
6212			* Trigger a boot loader settings update to make sure the contents will
6213			* be updated before the reboot.
6214			*/
6215			console_configure();
6216			}
6217
6218	6b9f638a	jim-p	function upgrade_206_to_207() {
6219	2360abcc	Luiz Souza	/*
6220			* Trigger a boot loader settings update to make sure the contents will
6221			* be updated before the reboot.
6222			*/
6223			console_configure();
6224			}
6225
6226	14d2f872	Luiz Souza	function upgrade_207_to_208() {
6227			global $config;
6228
6229			$config['system']['hn_altq_enable'] = true;
6230			}
6231
6232	3b85b43b	Viktor G	/* Update IPsec VTI to new VTIMAP format
6233			* https://redmine.pfsense.org/issues/9592
6234			*/
6235			function upgrade_208_to_209() {
6236			require_once("interfaces.inc");
6237			global $config;
6238
6239			init_config_arr(array('ipsec', 'vtimaps', 'item'));
6240	8cfc4ab9	Renato Botelho do Couto
6241			if (!is_array($config['ipsec']['phase1']) \|\|
6242			!is_array($config['ipsec']['phase2'])) {
6243			return;
6244			}
6245
6246			foreach ($config['ipsec']['phase1'] as $ph1ent) {
6247			if (!isset($ph1ent['mobile']) &&
6248			($ph1ent['iketype'] == 'ikev1' \|\|
6249			isset($ph1ent['splitconn']))) {
6250			$vtisubnet_spec = ipsec_vti($ph1ent, true, false);
6251			if (empty($vtisubnet_spec)) {
6252			continue;
6253			}
6254			foreach ($vtisubnet_spec as $idx => $vtisub) {
6255	3b85b43b	Viktor G	$config['ipsec']['vtimaps']['item'][] = array(
6256			"reqid" => $ph1ent['ikeid'],
6257	8cfc4ab9	Renato Botelho do Couto	"index" => $idx,
6258			"ifnum" => "{$ph1ent['ikeid']}00{$idx}"
6259	3b85b43b	Viktor G	);
6260			}
6261	8cfc4ab9	Renato Botelho do Couto	} else {
6262			$config['ipsec']['vtimaps']['item'][] = array(
6263			"reqid" => $ph1ent['ikeid'],
6264			"index" => "0",
6265			"ifnum" => "{$ph1ent['ikeid']}000"
6266			);
6267	3b85b43b	Viktor G	}
6268			}
6269			}
6270
6271	f0c51530	jim-p	function upgrade_209_to_210() {
6272			global $config;
6273			if (isset($config['system']['dnslocalhost'])) {
6274			$config['system']['dnslocalhost'] = 'remote';
6275			}
6276			}
6277	189edaf3	jim-p
6278			/* OpenVPN Data Cipher changes
6279			* https://redmine.pfsense.org/issues/10919 */
6280			function upgrade_210_to_211() {
6281			global $config;
6282			init_config_arr(array('openvpn', 'openvpn-server'));
6283			init_config_arr(array('openvpn', 'openvpn-client'));
6284			foreach(array('server', 'client') as $mode) {
6285			foreach ($config['openvpn']["openvpn-{$mode}"] as & $settings) {
6286			/* Rename ncp-ciphers to data_ciphers */
6287			if (!empty($settings['ncp-ciphers'])) {
6288			$settings['data_ciphers'] = $settings['ncp-ciphers'];
6289			} elseif ($settings['crypto'] == 'none') {
6290			$settings['data_ciphers'] = 'none';
6291			} else {
6292			$settings['data_ciphers'] = 'AES-256-GCM,AES-128-GCM,CHACHA20-POLY1305';
6293			}
6294			if (isset($settings['ncp-ciphers'])) {
6295			unset($settings['ncp-ciphers']);
6296			}
6297			/* Add crypto to data_ciphers */
6298			if (!empty($settings['crypto']) &&
6299			($settings['crypto'] != 'none') &&
6300			!in_array($settings['crypto'], explode(',', $settings['data_ciphers']))) {
6301			$settings['data_ciphers'] .= ',' . $settings['crypto'];
6302			}
6303			/* Rename crypto to data_ciphers_fallback */
6304			if (isset($settings['crypto'])) {
6305			$settings['data_ciphers_fallback'] = $settings['crypto'];
6306			unset($settings['crypto']);
6307			}
6308			/* Forcefully enable data cipher negotiation since
6309			* disabling negotiation is now deprecated */
6310			$settings['ncp_enable'] = "enabled";
6311			}
6312			}
6313			}
6314
6315	298df54d	Viktor G	function upgrade_211_to_212() {
6316			global $config;
6317			if (isset($config['unbound']['sslport'])) {
6318			$config['unbound']['tlsport'] = $config['unbound']['sslport'];
6319			unset($config['unbound']['sslport']);
6320			}
6321			}
6322
6323	391591ef	jim-p	/* IPsec Expiration and Replacement values which need updated for swanctl format
6324			* https://redmine.pfsense.org/issues/11219
6325			* https://redmine.pfsense.org/issues/9983
6326			*/
6327			function upgrade_212_to_213() {
6328			global $config;
6329			init_config_arr(array('ipsec', 'phase1'));
6330			foreach ($config['ipsec']['phase1'] as & $ph1ent) {
6331			if (empty($ph1ent)) {
6332			continue;
6333			}
6334
6335			if (isset($ph1ent['reauth_enable'])) {
6336			/* Disable reauth */
6337			$ph1ent['reauth_time'] = "0";
6338			} elseif (!empty($ph1ent['margintime'])) {
6339			/* If margintime is set, use that to calculte reauth_time */
6340			$ph1ent['reauth_time'] = ($ph1ent['lifetime'] - $ph1ent['margintime']);
6341			}
6342			/* Auto or IKEv2, rekey items */
6343			if (($ph1ent['iketype'] == 'ikev2') \|\| ($ph1ent['iketype'] == 'auto')) {
6344			if (isset($ph1ent['rekey_enable'])) {
6345			/* Disable rekey */
6346			$ph1ent['rekey_time'] = "0";
6347			$ph1ent['reauth_time'] = "0";
6348			} elseif (!empty($ph1ent['margintime'])) {
6349			/* If margintime is set, use that to calculate rekey_time */
6350			$ph1ent['rekey_time'] = ($ph1ent['lifetime'] - $ph1ent['margintime']);
6351			}
6352			}
6353
6354			if (!empty($ph1ent['margintime'])) {
6355			$ph1ent['rand_time'] = $ph1ent['margintime'];
6356			}
6357
6358			/* Older snaps had over_time, now need lifetime back. */
6359			if (!empty($ph1ent['over_time']) && empty($ph1ent['lifetime'])) {
6360			$ph1ent['lifetime'] = $ph1ent['over_time'] + max($ph1ent['rekey_time'], $ph1ent['reauth_time']);
6361			}
6362
6363	a6edfe27	jim-p	if (isset($ph1ent['reauth_enable'])) {
6364			unset($ph1ent['reauth_enable']);
6365			}
6366			if (isset($ph1ent['rekey_enable'])) {
6367			unset($ph1ent['rekey_enable']);
6368			}
6369			if (isset($ph1ent['margintime'])) {
6370			unset($ph1ent['margintime']);
6371			}
6372			if (isset($ph1ent['over_time'])) {
6373			unset($ph1ent['over_time']);
6374			}
6375	391591ef	jim-p	}
6376			}
6377
6378	3856366b	Renato Botelho do Couto	/* VXLAN support was removed */
6379			function upgrade_213_to_214() {
6380			global $config;
6381
6382			if (isset($config['vxlans'])) {
6383			unset($config['vxlans']);
6384			}
6385			}
6386
6387	d60c59fe	Renato Botelho do Couto	/* WireGuard support was removed */
6388			function upgrade_214_to_215() {
6389			global $config;
6390
6391			if (isset($config['wireguard'])) {
6392			unset($config['wireguard']);
6393			}
6394			}
6395
6396	53b87a4c	Renato Botelho do Couto	/* Fix VTI interface numbers */
6397			function upgrade_215_to_216() {
6398			global $config;
6399
6400			init_config_arr(array('ipsec', 'vtimaps', 'item'));
6401
6402			if (count($config['ipsec']['vtimaps']['item']) == 0) {
6403			return;
6404			}
6405
6406	9dc881fd	Christopher	/* Deprecated method. */
6407			function upgrade216_ipsec_create_vtimap($ikeid, $idx) {
6408			$assigned = array_column($config['ipsec']['vtimaps']['item'], 'ifnum');
6409			asort($assigned, SORT_NUMERIC);
6410			$new = 1;
6411			foreach ($assigned as $ipsecifnum) {
6412			if ($ipsecifnum != $new) {
6413			break;
6414			}
6415			if ($new++ > 32767) {
6416			return(NULL);
6417			}
6418			}
6419			return array(
6420			"reqid" => $ikeid,
6421			"index" => $idx,
6422			"ifnum" => $new
6423			);
6424			}
6425
6426	53b87a4c	Renato Botelho do Couto	$iflist = get_configured_interface_list_by_realif(true);
6427
6428			foreach ($config['ipsec']['vtimaps']['item'] as $idx => $vtimap) {
6429			if ($vtimap['ifnum'] <= 32767) {
6430			continue;
6431			}
6432
6433	9dc881fd	Christopher	$new_vtimap = upgrade216_ipsec_create_vtimap($vtimap['reqid'],
6434	53b87a4c	Renato Botelho do Couto	$vtimap['index']);
6435
6436			/*
6437			* NULL means 32767 limit was reached. It should never hit
6438			* this
6439			*/
6440			if ($new_vtimap == NULL) {
6441			break;
6442			}
6443
6444			$old_if = 'ipsec' . $vtimap['ifnum'];
6445
6446			/* Interface is assigned */
6447			if (isset($iflist[$old_if])) {
6448			$config['interfaces'][$iflist[$old_if]]['if'] =
6449			'ipsec' . $new_vtimap['ifnum'];
6450			}
6451
6452			$config['ipsec']['vtimaps']['item'][$idx] = $new_vtimap;
6453			}
6454			}
6455
6456	a8ccdf50	jim-p	/*
6457			* Child SA Start Action has replaced the Responder Only option. Update P1
6458			* to match.
6459			* https://redmine.pfsense.org/issues/11576
6460			*/
6461			function upgrade_216_to_217() {
6462			global $config;
6463			init_config_arr(array('ipsec', 'phase1'));
6464			foreach ($config['ipsec']['phase1'] as & $ph1ent) {
6465			if (empty($ph1ent)) {
6466			continue;
6467			}
6468			if (isset($ph1ent['responderonly'])) {
6469			$ph1ent['startaction'] = 'none';
6470			unset($ph1ent['responderonly']);
6471			}
6472			}
6473			}
6474
6475	afcc0e9c	Viktor G	/*
6476			* Disable PC/SC Smart Card Daemon if PKCS#11 authentication is not used
6477			* https://redmine.pfsense.org/issues/11933
6478			*/
6479			function upgrade_217_to_218() {
6480			global $config;
6481			init_config_arr(array('ipsec', 'phase1'));
6482			foreach ($config['ipsec']['phase1'] as $ph1ent) {
6483			if (empty($ph1ent)) {
6484			continue;
6485			}
6486			if (($ph1ent['authentication_method'] == 'pkcs11') &&
6487			!isset($ph1ent['disabled'])) {
6488			$config['ipsec']['pkcs11support'] = true;
6489			break;
6490			}
6491			}
6492			}
6493
6494	bec6dcfb	jim-p	/*
6495			* Convert VTI interface names to new format
6496			*/
6497			function upgrade_218_to_219() {
6498			global $config;
6499			init_config_arr(array('ipsec', 'phase1'));
6500			init_config_arr(array('ipsec', 'phase2'));
6501			init_config_arr(array('ipsec', 'vtimaps', 'item'));
6502
6503			/* Deprecated method.
6504			* $ipsecifnum = get_ipsecifnum($ikeid, $idx);
6505			* locates and returns an ipsecifnum in the config.
6506			*/
6507			function upgrade219_get_ipsecifnum($ikeid, $idx) {
6508			global $config;
6509			foreach ($config['ipsec']['vtimaps']['item'] as $vtimap) {
6510			if (($vtimap['reqid'] == $ikeid) &&
6511			($vtimap['index'] == $idx)) {
6512			return $vtimap['ifnum'];
6513			}
6514			}
6515			return false;
6516			}
6517
6518			/* If IPsec is disabled or there are no P1 or P2 entries, there cannot
6519			* be any current assignments, so bail early */
6520			if (!ipsec_enabled() \|\|
6521			empty($config['ipsec']['phase1']) \|\|
6522			empty($config['ipsec']['phase2'])) {
6523			return false;
6524			}
6525
6526			/* Make an associative array with old name as key and new name as value for all VTI tunnels */
6527			$ipsecifs = array();
6528			foreach ($config['ipsec']['phase1'] as $ph1ent) {
6529			if (empty($ph1ent) \|\| !is_array($ph1ent)) {
6530			continue;
6531			}
6532			$ifent = array();
6533			/* If there is data here, then it's a VTI tunnel */
6534			$vtisubnet_spec = ipsec_vti($ph1ent, true);
6535			if (!$vtisubnet_spec \|\| !is_array($vtisubnet_spec)) {
6536			/* Not VTI, so skip it. */
6537			continue;
6538			}
6539			if (!isset($ph1ent['mobile']) && ($ph1ent['iketype'] == 'ikev1' \|\| isset($ph1ent['splitconn']))) {
6540			foreach ($vtisubnet_spec as $idx => $vtisub) {
6541			/* Determine old name */
6542			$old = "ipsec" . upgrade219_get_ipsecifnum($ph1ent['ikeid'], $idx);
6543			/* Determine new name */
6544			$new = ipsec_get_ifname($ph1ent, $vtisub['reqid']);
6545			$ipsecifs[$old] = $new;
6546			}
6547			} else {
6548			/* For IKEv2, only create one interface with additional addresses as aliases */
6549			/* Determine old name */
6550			$old = "ipsec" . upgrade219_get_ipsecifnum($ph1ent['ikeid'], 0);
6551			/* Determine new name */
6552			$new = ipsec_get_ifname($ph1ent);
6553			$ipsecifs[$old] = $new;
6554			}
6555			}
6556
6557			/* If there are no VTI interfaces, we have nothing to do */
6558			if (empty($ipsecifs)) {
6559			return null;
6560			}
6561
6562			foreach ($config['interfaces'] as $ifname => &$ifcfg) {
6563			/* Check current interface assignments and see if any match a value we want */
6564			if (array_key_exists($ifcfg['if'], $ipsecifs)) {
6565			/* Update assignment to new name */
6566			$ifcfg['if'] = $ipsecifs[$ifcfg['if']];
6567			}
6568			}
6569			unset($config['ipsec']['vtimaps']);
6570			}
6571
6572	1dd1832f	Steve Beaver	/*
6573			* Ensure the ACB cron job is installed after upgrade if ACB is enabled
6574			* If the cron job already exists, no harm is done
6575			*/
6576			function upgrade_219_to_220() {
6577			global $config;
6578
6579	dafe25ea	Steve Beaver	init_config_arr(array('system', 'acb'));
6580
6581	1dd1832f	Steve Beaver	if ($config['system']['acb']['enable'] == "yes" && file_exists("/usr/local/sbin/acbupload.php")) {
6582			install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php /usr/local/sbin/acbupload.php", true, "*");
6583			}
6584			}
6585
6586	2de8b1f5	Christian McDonald	/*
6587			* Add new disk widget to dashboard if user already had the system information
6588			* wiget configured to show disk usage stats.
6589			*/
6590			function upgrade_220_to_221() {
6591			global $config;
6592
6593			$widgets = explode(',', $config['widgets']['sequence']);
6594
6595			foreach ($widgets as $idx => $widget) {
6596			[$name, $col, $state, $index] = explode(':', $widget);
6597
6598			if ($name === 'system_information') {
6599			$widget_settings_key = "{$name}-{$index}";
6600
6601			$filter = explode(',', $config['widgets'][$widget_settings_key]['filter']);
6602
6603			if (!in_array('disk_usage', $filter)) {
6604	454cfb43	Christian McDonald	$disk_widget = implode(':', array_filter(['disks', $col, $state, $index]));
6605	2de8b1f5	Christian McDonald
6606			if (!in_array($disk_widget, $widgets)) {
6607			array_splice($widgets, ($idx + 1), 0, $disk_widget);
6608			}
6609			}
6610			}
6611			}
6612
6613			$config['widgets']['sequence'] = implode(',', $widgets);
6614			}
6615
6616	b9885720	Luiz Otavio O Souza	/* No functional changes. */
6617			function upgrade_221_to_222() {
6618			}
6619
6620	52f152e1	Viktor G	function upgrade_222_to_223() {
6621	af3320b2	Viktor G	global $config;
6622
6623	52f152e1	Viktor G	foreach ($config['system']['user'] as & $user) {
6624			if ($user['name'] == 'admin') {
6625			$user_home = "/root";
6626			} else {
6627			$user_home = "/home/{$user_name}";
6628			}
6629	82a6f401	jim-p	$fn = "{$user_home}/.keephistory";
6630			if (file_exists($fn)) {
6631	52f152e1	Viktor G	$user['keephistory'] = true;
6632	82a6f401	jim-p	@unlink($fn);
6633	52f152e1	Viktor G	}
6634			}
6635			}
6636
6637	af3320b2	Viktor G	function upgrade_223_to_224() {
6638			global $config;
6639
6640			init_config_arr(array('filter', 'rule'));
6641			foreach ($config['filter']['rule'] as & $rule) {
6642			if (isset($rule['floating']) && !isset($rule['interface'])) {
6643			$rule['interface'] = 'any';
6644			}
6645			}
6646			}
6647
6648	dd3d48af	Viktor G	function upgrade_224_to_225() {
6649			global $config;
6650
6651			/* DHCP6 now uses single config for all interfaces
6652			* see https://redmine.pfsense.org/issues/6880 */
6653			foreach ($config['interfaces'] as & $inf) {
6654			if (isset($inf['dhcp6debug'])) {
6655			$config['system']['dhcp6debug'] = true;
6656			unset($inf['dhcp6debug']);
6657			}
6658			if (isset($inf['dhcp6norelease'])) {
6659			$config['system']['dhcp6norelease'] = true;
6660			unset($inf['dhcp6norelease']);
6661			}
6662			}
6663			}
6664
6665	c5d0d75d	Jim Pingle	function upgrade_225_to_226() {
6666			global $config;
6667
6668			/* Update value of state killing on gateway failure.
6669			* https://redmine.pfsense.org/issues/12092
6670			*/
6671			if (isset($config['system']['gw_down_kill_states'])) {
6672			$config['system']['gw_down_kill_states'] = 'all';
6673			}
6674			}
6675
6676	94151cf2	luckman212	function upgrade_226_to_227() {
6677			global $config;
6678
6679			/* Convert dnsmasq (forwarder) custom options to base64.
6680			* https://redmine.pfsense.org/issues/13105
6681			*/
6682			if (is_array($config['dnsmasq']) && !empty($config['dnsmasq']['custom_options'])) {
6683			$config['dnsmasq']['custom_options'] = base64_encode($config['dnsmasq']['custom_options']);
6684			}
6685			}
6686
6687	ee9bbad1	Kristof Provost	function upgrade_227_to_228() {
6688			global $config;
6689
6690	599742b0	Jim Pingle	$any_removed = false;
6691	ee9bbad1	Kristof Provost	/* We no longer support 3des, blowfish, cast128 or md5 and sha1
6692			* authentication for IPSec. */
6693			if (is_array($config['ipsec'])) {
6694			if (is_array($config['ipsec']['phase1'])) {
6695			foreach ($config['ipsec']['phase1'] as & $phase1) {
6696			if (! isset($phase1['encryption']) \|\| !is_array($phase1['encryption']['item']))
6697			continue;
6698
6699	599742b0	Jim Pingle	$bad_count = 0;
6700			foreach ($phase1['encryption']['item'] as $k => $enc) {
6701			$bad = false;
6702	ee9bbad1	Kristof Provost	if (isset($enc['encryption-algorithm']['name']) &&
6703			in_array($enc['encryption-algorithm']['name'],
6704			array("blowfish", "3des", "cast128"))) {
6705	599742b0	Jim Pingle	$bad = true;
6706	ee9bbad1	Kristof Provost	}
6707			if (isset($enc['hash-algorithm']) && $enc['hash-algorithm'] == "md5") {
6708	599742b0	Jim Pingle	$bad = true;
6709			}
6710			if ($bad) {
6711			/* Remove this item as it contains deprecated encryption or hashing */
6712			unset($phase1['encryption']['item'][$k]);
6713			$bad_count++;
6714			}
6715			}
6716			if ($bad_count > 0) {
6717			$any_removed = true;
6718			/* Only notify once per P1 */
6719			if (count($phase1['encryption']['item']) == 0) {
6720			/* Only disable P1 if there are no valid encryption options left. */
6721	ee9bbad1	Kristof Provost	$phase1['disabled'] = true;
6722	599742b0	Jim Pingle	file_notice("IPsec", sprintf(gettext("IPsec Phase 1 '%s' disabled after removing deprecated encryption and hashing algorithms as it has no remaining valid entries."), $phase1['descr']));
6723			} else {
6724			/* Let the user know that the P1 was adjusted */
6725			file_notice("IPsec", sprintf(gettext("Removed deprecated encryption options from IPsec Phase 1 '%s'."), $phase1['descr']));
6726	ee9bbad1	Kristof Provost	}
6727			}
6728			}
6729			}
6730			if (is_array($config['ipsec']['phase2'])) {
6731			foreach ($config['ipsec']['phase2'] as & $phase2) {
6732	599742b0	Jim Pingle
6733			$bad_count = 0;
6734	ee9bbad1	Kristof Provost	if (is_array($phase2['encryption-algorithm-option'])) {
6735	599742b0	Jim Pingle	foreach ($phase2['encryption-algorithm-option'] as $k => $opt) {
6736	ee9bbad1	Kristof Provost	if (in_array($opt['name'], array("blowfish", "3des", "cast128"))) {
6737	599742b0	Jim Pingle	/* Remove this item as it contains deprecated encryption */
6738			unset($phase2['encryption-algorithm-option'][$k]);
6739			$bad_count++;
6740	ee9bbad1	Kristof Provost	}
6741			}
6742			}
6743			if (is_array($phase2['hash-algorithm-option'])) {
6744	599742b0	Jim Pingle	foreach ($phase2['hash-algorithm-option'] as $k => $opt) {
6745	ee9bbad1	Kristof Provost	if ($opt == "hmac_md5") {
6746	599742b0	Jim Pingle	/* Remove this item as it contains deprecated hashing */
6747			unset($phase2['hash-algorithm-option'][$k]);
6748			$bad_count++;
6749	ee9bbad1	Kristof Provost	}
6750			}
6751			}
6752	599742b0	Jim Pingle
6753			if ($bad_count > 0) {
6754			$any_removed = true;
6755			/* Only notify once per P2 */
6756			if ((count($phase2['encryption-algorithm-option']) == 0) \|\|
6757			(count($phase2['hash-algorithm-option']) == 0)) {
6758			/* Only disable P2 if there are no valid encryption options left. */
6759			$phase2['disabled'] = true;
6760			file_notice("IPsec", sprintf(gettext("IPsec Phase 2 '%s' disabled after removing deprecated encryption and hashing algorithms as it has no remaining valid combinations of options."), $phase2['descr']));
6761			} else {
6762			/* Let the user know that the P2 was adjusted */
6763			file_notice("IPsec", sprintf(gettext("Removed deprecated encryption options from IPsec Phase 2 '%s'."), $phase2['descr']));
6764			}
6765			}
6766	ee9bbad1	Kristof Provost	}
6767			}
6768			}
6769	599742b0	Jim Pingle
6770			/* Only list deprecated types once */
6771			if ($any_removed) {
6772			file_notice("IPsec", gettext("One or more IPsec entries contained deprecated algorithms. The following are no longer supported: 3DES encryption, Blowfish encryption, CAST128 encryption, MD5 hashing."));
6773			}
6774	ee9bbad1	Kristof Provost	}
6775
6776	f87ddb3b	plumbeo	/*
6777			* Special function that is called independent of current config version. It's
6778			* a workaround to have config_upgrade running on older versions after next
6779			* config version was already taken by newer pfSense.
6780			*
6781			* XXX Change the way we handle config version to make it based on product
6782			* version
6783			*/
6784			function additional_config_upgrade() {
6785			}
6786
6787	faaab088	Renato Botelho	?>

Project

General

Profile

pfSense