Project

General

Profile

« Previous | Next » 

Revision 31a5f13c

Added by Ermal LUÇI over 12 years ago

Unset some vars to free space and also gather the error from pfctl since the first run of the command no need to run again. Also merge 3 exec() into one to avoid forking to much

View differences:

etc/inc/filter.inc
223 223 

  		




  224
  224
  
    
	// Copy rules.debug to rules.debug.old


  		




  225
  225
  
    
	if(file_exists("{$g['tmp_path']}/rules.debug"))


  		




  226
  
  
    
		copy("{$g['tmp_path']}/rules.debug", "{$g['tmp_path']}/rules.debug.old");


  		




  
  226
  
    
		@copy("{$g['tmp_path']}/rules.debug", "{$g['tmp_path']}/rules.debug.old");


  		




  227
  227
  
    

  		




  228
  228
  
    
	$limitrules = "";


  		




  229
  229
  
    
	/* Define the maximum number of tables the system can handle (should be at least aliases*2+some spare) */


  		




  ......




  288
  288
  
    
	$rules .= discover_pkg_rules("filter");


  		




  289
  289
  
    

  		




  290
  290
  
    
	@file_put_contents("{$g['tmp_path']}/rules.limits", $limitrules);


  		




  291
  
  
    
	mwexec("/sbin/pfctl -O -f {$g['tmp_path']}/rules.limits");


  		




  
  291
  
    
	mwexec("/sbin/pfctl -o basic -f {$g['tmp_path']}/rules.limits");


  		




  292
  292
  
    
	


  		




  293
  
  
    
	if(!file_put_contents("{$g['tmp_path']}/rules.debug", $rules, LOCK_EX)) {


  		




  
  293
  
    
	if (!@file_put_contents("{$g['tmp_path']}/rules.debug", $rules, LOCK_EX)) {


  		




  294
  294
  
    
		log_error("WARNING: Could not write new rules!");


  		




  295
  295
  
    
		unlock($filterlck);


  		




  296
  296
  
    
		return;


  		




  297
  297
  
    
	}


  		




  298
  298
  
    

  		




  299
  
  
    
	/*


  		




  300
  
  
    
	 * XXX: This are not being used for now so just comment them out.


  		




  301
  
  
    
	$rules = "1"; // force to be diff from oldrules


  		




  302
  
  
    
	$oldrules = "2"; // force to be diff from rules


  		




  
  299
  
    
	unset($rules, $limitrules);


  		




  303
  300
  
    

  		




  304
  
  
    
	if(file_exists("{$g['tmp_path']}/rules.debug"))


  		




  305
  
  
    
		$rules = file_get_contents("{$g['tmp_path']}/rules.debug");


  		




  306
  
  
    
	if(file_exists("{$g['tmp_path']}/rules.debug.old"))


  		




  307
  
  
    
		$oldrules = file_get_contents("{$g['tmp_path']}/rules.debug.old");


  		




  308
  
  
    
	 *


  		




  309
  
  
    
	 */


  		




  310
  301
  
    
	if(isset($config['system']['developerspew'])) {


  		




  311
  302
  
    
		$mt = microtime();


  		




  312
  303
  
    
		echo "pfctl being called at $mt\n";


  		




  313
  304
  
    
	}


  		




  314
  
  
    
	$rules_loading = mwexec("/sbin/pfctl -o basic -f {$g['tmp_path']}/rules.debug");


  		




  
  305
  
    
	unset($rules_loading, $rules_error);


  		




  
  306
  
    
	exec("/sbin/pfctl -o basic -f {$g['tmp_path']}/rules.debug", $rules_error, $rules_loading);


  		




  315
  307
  
    
	if(isset($config['system']['developerspew'])) {


  		




  316
  308
  
    
		$mt = microtime();


  		




  317
  309
  
    
		echo "pfctl done at $mt\n";


  		




  ......




  320
  312
  
    
	 * then output the contents of the error to the caller


  		




  321
  313
  
    
	 */


  		




  322
  314
  
    
	if($rules_loading <> 0) {


  		




  323
  
  
    
		$rules_error = exec_command("/sbin/pfctl -f {$g['tmp_path']}/rules.debug");


  		




  324
  315
  
    
		$line_error = explode(":", $rules_error);


  		




  325
  316
  
    
		$line_number = $line_error[1];


  		




  326
  317
  
    
		$line_split = file("{$g['tmp_path']}/rules.debug");


  		




  327
  318
  
    
		if(is_array($line_split))


  		




  328
  319
  
    
			$line_error = sprintf(gettext('The line in question reads [%1$d]: %2$s'), $line_number, $line_split[$line_number-1]);


  		




  329
  
  
    
		if($line_error and $line_number) {


  		




  
  320
  
    
		unset($line_split);


  		




  
  321
  
    
		if ($line_error and $line_number) {


  		




  330
  322
  
    
			file_notice("filter_load", sprintf(gettext('There were error(s) loading the rules: %1$s - %2$s'), $rules_error, $line_error), "Filter Reload", "");


  		




  331
  323
  
    
			log_error("There were error(s) loading the rules: {$rules_error} - {$line_error}");


  		




  332
  324
  
    
			update_filter_reload_status(sprintf(gettext('There were error(s) loading the rules: %1$s - %2$s'), $rules_error, $line_error));


  		




  ......




  334
  326
  
    
			return;


  		




  335
  327
  
    
		}


  		




  336
  328
  
    
		/* Brutal ugly hack but required -- PF is stuck, unwedge */


  		




  337
  
  
    
		if(strstr("$rules_error", "busy")) {


  		




  338
  
  
    
			exec("/sbin/pfctl -d");


  		




  339
  
  
    
			exec("/sbin/pfctl -e");


  		




  340
  
  
    
			exec("/sbin/pfctl -f {$g['tmp_path']}/rules.debug");


  		




  
  329
  
    
		if (strstr("$rules_error", "busy")) {


  		




  
  330
  
    
			exec("/sbin/pfctl -d; /sbin/pfctl -e; /sbin/pfctl -f {$g['tmp_path']}/rules.debug");


  		




  341
  331
  
    
			$error_msg = gettext("PF was wedged/busy and has been reset.");


  		




  342
  332
  
    
			file_notice("pf_busy", $error_msg, "pf_busy", "");


  		




  343
  333
  
    
			log_error($error_msg);


  		




  ......




  349
  339
  
    

  		




  350
  340
  
    
	if(!empty($filterdns)) {


  		




  351
  341
  
    
		@file_put_contents("{$g['varetc_path']}/filterdns.conf", $filterdns);


  		




  
  342
  
    
		unset($filterdns);


  		




  352
  343
  
    
		if (isvalidpid("{$g['varrun_path']}/filterdns.pid"))


  		




  353
  344
  
    
			sigkillbypid("{$g['varrun_path']}/filterdns.pid", "HUP");


  		




  354
  345
  
    
		else {


  		












Also available in:  Unified diff