Project

General

Profile

Download (51.6 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/* $Id$ */
3
/*
4
	system.inc
5
	part of m0n0wall (http://m0n0.ch/wall)
6

    
7
	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8
	All rights reserved.
9

    
10
	Redistribution and use in source and binary forms, with or without
11
	modification, are permitted provided that the following conditions are met:
12

    
13
	1. Redistributions of source code must retain the above copyright notice,
14
	   this list of conditions and the following disclaimer.
15

    
16
	2. Redistributions in binary form must reproduce the above copyright
17
	   notice, this list of conditions and the following disclaimer in the
18
	   documentation and/or other materials provided with the distribution.
19

    
20
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29
	POSSIBILITY OF SUCH DAMAGE.
30
*/
31

    
32
/*
33
	pfSense_BUILDER_BINARIES:	/usr/sbin/powerd	/usr/bin/killall	/sbin/sysctl	/sbin/route
34
	pfSense_BUILDER_BINARIES:	/bin/hostname	/bin/ls	/usr/sbin/syslogd	
35
	pfSense_BUILDER_BINARIES:	/usr/sbin/pccardd	/usr/local/sbin/lighttpd	/bin/chmod 	/bin/mkdir
36
	pfSense_BUILDER_BINARIES:	/usr/bin/tar		/usr/local/bin/ntpd	/usr/sbin/ntpdate
37
	pfSense_BUILDER_BINARIES:	/usr/bin/nohup	/sbin/dmesg	/usr/local/sbin/atareinit	/sbin/kldload
38
	pfSense_MODULE:	utils
39
*/
40

    
41
function activate_powerd() {
42
	global $config, $g;
43
	if ($g['platform'] == 'jail')
44
		return;
45
	if(is_process_running("powerd"))
46
		exec("/usr/bin/killall powerd");
47
	if(isset($config['system']['powerd_enable'])) {
48
		if ($g["platform"] == "nanobsd")
49
			exec("/sbin/kldload cpufreq");
50
		$mode = "hadp";
51
		if (!empty($config['system']['powerd_mode']))
52
			$mode = $config['system']['powerd_mode'];
53
		mwexec("/usr/sbin/powerd -b $mode -a $mode");
54
	}
55
}
56

    
57
function get_default_sysctl_value($id) {
58
	global $sysctls;
59

    
60
	if (isset($sysctls[$id]))
61
		return $sysctls[$id];
62
}
63

    
64
function activate_sysctls() {
65
	global $config, $g;
66
	if ($g['platform'] == 'jail')
67
		return;
68
	exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x0001");
69
	exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x0001");
70
	exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x0002");
71
	exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x0002");
72

    
73
	if(is_array($config['sysctl'])) {
74
		foreach($config['sysctl']['item'] as $tunable) {
75
			if($tunable['value'] == "default") {
76
				$value = get_default_sysctl_value($tunable['tunable']);
77
				mwexec("/sbin/sysctl " . $tunable['tunable'] . "=\"" . $value .  "\"");
78
			} else { 
79
				mwexec("/sbin/sysctl " . $tunable['tunable'] . "=\"" . $tunable['value'] .  "\"");
80
			}
81
		}
82
	}
83
}
84

    
85
function system_resolvconf_generate($dynupdate = false) {
86
	global $config, $g;
87

    
88
	if(isset($config['system']['developerspew'])) {
89
		$mt = microtime();
90
		echo "system_resolvconf_generate() being called $mt\n";
91
	}
92

    
93
	$syscfg = $config['system'];
94

    
95
	// Do not create blank domain lines, it breaks tools like dig.
96
	if($syscfg['domain'])
97
		$resolvconf = "domain {$syscfg['domain']}\n";
98

    
99
	if (isset($config['dnsmasq']['enable']) && !isset($config['system']['dnslocalhost']))
100
		$resolvconf .= "nameserver 127.0.0.1\n";
101

    
102
	if (isset($syscfg['dnsallowoverride'])) {
103
		/* get dynamically assigned DNS servers (if any) */
104
		$ns = array_unique(get_searchdomains());
105
		foreach($ns as $searchserver) {
106
			if($searchserver)
107
				$resolvconf .= "search {$searchserver}\n";
108
		}
109
		$ns = array_unique(get_nameservers());
110
		foreach($ns as $nameserver) {
111
			if($nameserver)
112
				$resolvconf .= "nameserver $nameserver\n";
113
		}
114
	}
115
	if (is_array($syscfg['dnsserver'])) {
116
		foreach ($syscfg['dnsserver'] as $ns) {
117
			if ($ns)
118
				$resolvconf .= "nameserver $ns\n";
119
		}
120
	}
121

    
122
	$dnslock = lock('resolvconf', LOCK_EX);
123

    
124
	$fd = fopen("{$g['varetc_path']}/resolv.conf", "w");
125
	if (!$fd) {
126
		printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n");
127
		unlock($dnslock);
128
		return 1;
129
	}
130

    
131
	fwrite($fd, $resolvconf);
132
	fclose($fd);
133

    
134
	if (!$g['booting']) {
135
		/* restart dhcpd (nameservers may have changed) */
136
		if (!$dynupdate)
137
			services_dhcpd_configure();
138
	}
139

    
140
	/* setup static routes for DNS servers. */
141
	for ($dnscounter=1; $dnscounter<5; $dnscounter++) {
142
		/* setup static routes for dns servers */
143
		$dnsgw = "dns{$dnscounter}gw";
144
		if (isset($config['system'][$dnsgw])) {
145
			$gwname = $config['system'][$dnsgw];
146
			if (($gwname <> "") && ($gwname <> "none")) {
147
				$gatewayip = lookup_gateway_ip_by_name($gwname);
148
				if (is_ipaddrv4($gatewayip)) {
149
					/* dns server array starts at 0 */
150
					$dnscountermo = $dnscounter - 1;
151
					mwexec("route change -host " . $syscfg['dnsserver'][$dnscountermo] . " {$gatewayip}");
152
				}
153
				if (is_ipaddrv6($gatewayip)) {
154
					/* dns server array starts at 0 */
155
					$dnscountermo = $dnscounter - 1;
156
					mwexec("route change -host -inet6 " . $syscfg['dnsserver'][$dnscountermo] . " {$gatewayip}");
157
				}
158
			}
159
		}
160
	}
161

    
162
	unlock($dnslock);
163

    
164
	return 0;
165
}
166

    
167
function get_searchdomains() {
168
	global $config, $g;
169

    
170
	$master_list = array();
171
	
172
	// Read in dhclient nameservers
173
	$search_list = glob("/var/etc/searchdomain_*");
174
	if (is_array($search_lists)) {
175
		foreach($search_lists as $fdns) {
176
			$contents = file($fdns, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
177
			if (!is_array($contents))
178
				continue;
179
			foreach ($contents as $dns) {
180
				if(is_hostname($dns)) 
181
					$master_list[] = $dns;
182
			}
183
		}
184
	}
185

    
186
	return $master_list;
187
}
188

    
189
function get_nameservers() {
190
	global $config, $g;
191
	$master_list = array();
192
	
193
	// Read in dhclient nameservers
194
	$dns_lists = glob("/var/etc/nameserver_*");
195
	if (is_array($dns_lists)) {
196
		foreach($dns_lists as $fdns) {
197
			$contents = file($fdns, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
198
			if (!is_array($contents))
199
				continue;
200
			foreach ($contents as $dns) {
201
				if(is_ipaddr($dns)) 
202
					$master_list[] = $dns;
203
			}
204
		}
205
	}
206

    
207
	// Read in any extra nameservers
208
	if(file_exists("/var/etc/nameservers.conf")) {
209
		$dns_s = file("/var/etc/nameservers.conf", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
210
		if(is_array($dns_s)) {
211
			foreach($dns_s as $dns)
212
				if (is_ipaddr($dns))
213
					$master_list[] = $dns;
214
		}
215
	}
216

    
217
	return $master_list;
218
}
219

    
220
function system_hosts_generate() {
221
	global $config, $g;
222
	if(isset($config['system']['developerspew'])) {
223
		$mt = microtime();
224
		echo "system_hosts_generate() being called $mt\n";
225
	}
226

    
227
	$syscfg = $config['system'];
228
	$dnsmasqcfg = $config['dnsmasq'];
229

    
230
	if (!is_array($dnsmasqcfg['hosts'])) {
231
		$dnsmasqcfg['hosts'] = array();
232
	}
233
	$hostscfg = $dnsmasqcfg['hosts'];
234

    
235
	$hosts = "127.0.0.1	localhost localhost.{$syscfg['domain']}\n";
236
	$lhosts = "";
237
	$dhosts = "";
238

    
239
	if ($config['interfaces']['lan']) {
240
		$cfgip = get_interface_ip("lan");
241
		if (is_ipaddr($cfgip))
242
			$hosts .= "{$cfgip}	{$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}\n";
243
	} else {
244
		$sysiflist = get_configured_interface_list();
245
		foreach ($sysiflist as $sysif) {
246
			if (!interface_has_gateway($sysif)) {
247
				$cfgip = get_interface_ip($sysif);
248
				if (is_ipaddr($cfgip)) {
249
					$hosts .= "{$cfgip}	{$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}\n";
250
					break;
251
				}
252
			}
253
		}
254
	}
255

    
256
	foreach ($hostscfg as $host) {
257
		if ($host['host'])
258
			$lhosts .= "{$host['ip']}	{$host['host']}.{$host['domain']} {$host['host']}\n";
259
		else
260
			$lhosts .= "{$host['ip']}	{$host['domain']}\n";
261
		if (!is_array($host['aliases']) || !is_array($host['aliases']['item']))
262
			continue;
263
		foreach ($host['aliases']['item'] as $alias) {
264
			if ($alias['host'])
265
				$lhosts .= "{$host['ip']}	{$alias['host']}.{$alias['domain']} {$alias['host']}\n";
266
			else
267
				$lhosts .= "{$host['ip']}	{$alias['domain']}\n";
268
		}
269
	}
270
	if (isset($dnsmasqcfg['regdhcpstatic']) && is_array($config['dhcpd'])) {
271
		foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf)
272
			if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable']))
273
					foreach ($dhcpifconf['staticmap'] as $host)
274
						if ($host['ipaddr'] && $host['hostname'])
275
							$dhosts .= "{$host['ipaddr']}	{$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
276
	}
277
	if (isset($dnsmasqcfg['regdhcpstatic']) && is_array($config['dhcpdv6'])) {
278
		foreach ($config['dhcpdv6'] as $dhcpif => $dhcpifconf)
279
			if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable']))
280
					foreach ($dhcpifconf['staticmap'] as $host)
281
						if ($host['ipaddrv6'] && $host['hostname'])
282
							$dhosts .= "{$host['ipaddrv6']}	{$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
283
	}
284

    
285
	if (isset($dnsmasqcfg['dhcpfirst']))
286
		$hosts .= $dhosts . $lhosts;
287
	else
288
		$hosts .= $lhosts . $dhosts;
289

    
290
	/*
291
	 * Do not remove this because dhcpleases monitors with kqueue it needs to be 
292
	 * killed before writing to hosts files.
293
	 */
294
	if (file_exists("{$g['varrun_path']}/dhcpleases.pid")) {
295
		sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM");
296
                @unlink("{$g['varrun_path']}/dhcpleases.pid");
297
	}
298
	$fd = fopen("{$g['varetc_path']}/hosts", "w");
299
	if (!$fd) {
300
		log_error("Error: cannot open hosts file in system_hosts_generate().\n");
301
		return 1;
302
	}
303
	fwrite($fd, $hosts);
304
	fclose($fd);
305

    
306
	system_dhcpleases_configure();
307

    
308
	return 0;
309
}
310

    
311
function system_dhcpleases_configure() {
312
	global $config, $g;
313
	
314
	if ($g['platform'] == 'jail')
315
		return;
316
	/* Start the monitoring process for dynamic dhcpclients. */
317
	if (isset($config['dnsmasq']['regdhcp'])) {
318
		/* Make sure we do not error out */
319
		@touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases");
320
		if (file_exists("{$g['varrun_path']}/dhcpleases.pid"))
321
				sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "HUP");
322
		else
323
			mwexec("/usr/local/sbin/dhcpleases -l {$g['dhcpd_chroot_path']}/var/db/dhcpd.leases -d {$config['system']['domain']} -p {$g['varrun_path']}/dnsmasq.pid -h {$g['varetc_path']}/hosts");
324
	} else {
325
		sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM");
326
		@unlink("{$g['varrun_path']}/dhcpleases.pid");
327
	}
328
}
329

    
330
function system_hostname_configure() {
331
	global $config, $g;
332
	if(isset($config['system']['developerspew'])) {
333
		$mt = microtime();
334
		echo "system_hostname_configure() being called $mt\n";
335
	}
336

    
337
	$syscfg = $config['system'];
338

    
339
	/* set hostname */
340
	$status = mwexec("/bin/hostname " .
341
		escapeshellarg("{$syscfg['hostname']}.{$syscfg['domain']}"));
342

    
343
    /* Setup host GUID ID.  This is used by ZFS. */
344
	mwexec("/etc/rc.d/hostid start");
345

    
346
	return $status;
347
}
348

    
349
function system_routing_configure($interface = "") {
350
	global $config, $g;
351
	if ($g['platform'] == 'jail')
352
		return;
353
	if(isset($config['system']['developerspew'])) {
354
		$mt = microtime();
355
		echo "system_routing_configure() being called $mt\n";
356
	}
357

    
358
	$gatewayip = "";
359
	$interfacegw = "";
360
	$foundgw = false;
361
	$gatewayipv6 = "";
362
	$interfacegwv6 = "";
363
	$foundgwv6 = false;
364
	/* tack on all the hard defined gateways as well */
365
	if (is_array($config['gateways']['gateway_item'])) {
366
		mwexec("/bin/rm {$g['tmp_path']}/*_defaultgw", true);
367
		foreach	($config['gateways']['gateway_item'] as $gateway) {
368
			if (isset($gateway['defaultgw']) && ((is_ipaddrv4($gateway['gateway'])) || ($gateway['gateway'] == "dynamic"))) {
369
				if(strstr($gateway['gateway'], ":"))
370
					break;
371
				if ($gateway['gateway'] == "dynamic")
372
					$gateway['gateway'] = get_interface_gateway($gateway['interface']);
373
				$gatewayip = $gateway['gateway'];
374
				$interfacegw = $gateway['interface'];
375
				if (!empty($interfacegw)) {
376
					$defaultif = get_real_interface($gateway['interface']);
377
					if ($defaultif)
378
						@file_put_contents("{$g['tmp_path']}/{$defaultif}_defaultgw", $gatewayip);
379
				}
380
				$foundgw = true;
381
				break;
382
			}
383
		}
384
		foreach	($config['gateways']['gateway_item'] as $gateway) {
385
			if (isset($gateway['defaultgw']) && ((is_ipaddrv6($gateway['gateway'])) || ($gateway['gateway'] == "dynamic6"))) {
386
				if ($gateway['gateway'] == "dynamic6")
387
					$gateway['gateway'] = get_interface_gateway_v6($gateway['interface']);
388
				$gatewayipv6 = $gateway['gateway'];
389
				$interfacegwv6 = $gateway['interface'];
390
				if (!empty($interfacegwv6)) {
391
					$defaultifv6 = get_real_interface($gateway['interface']);
392
					if ($defaultifv6)
393
						@file_put_contents("{$g['tmp_path']}/{$defaultifv6}_defaultgwv6", $gatewayipv6);
394
				}
395
				$foundgwv6 = true;
396
				break;
397
			}
398
		}
399
	}
400
	if ($foundgw == false) {
401
		$defaultif = get_real_interface("wan");
402
		$interfacegw = "wan";
403
		$gatewayip = get_interface_gateway("wan");
404
		@touch("{$g['tmp_path']}/{$defaultif}_defaultgw");
405
	}	
406
	if ($foundgwv6 == false) {
407
		$defaultifv6 = get_real_interface("wan");
408
		$interfacegwv6 = "wan";
409
		$gatewayipv6 = get_interface_gateway_v6("wan");
410
		@touch("{$g['tmp_path']}/{$defaultif}_defaultgwv6");
411
	}
412
	$dont_add_route = false;
413
	/* if OLSRD is enabled, allow WAN to house DHCP. */
414
	if($config['installedpackages']['olsrd']) {
415
		foreach($config['installedpackages']['olsrd']['config'] as $olsrd) {
416
			if(($olsrd['enabledyngw'] == "on") && ($olsrd['enable'] == "on")) {
417
				$dont_add_route = true;
418
				log_error(sprintf(gettext("Not adding default route because OLSR dynamic gateway is enabled.")));
419
				break;
420
			}
421
		}
422
	}
423

    
424
	if ($dont_add_route == false ) {
425
		if (!empty($interface) && $interface != $interfacegw)
426
			;
427
		else if (($interfacegw <> "bgpd") && (is_ipaddrv4($gatewayip))) {
428
			log_error("ROUTING: setting default route to $gatewayip");
429
			mwexec("/sbin/route change -inet default " . escapeshellarg($gatewayip));
430
		}
431

    
432
		if (!empty($interface) && $interface != $interfacegwv6)
433
			;
434
		else if (($interfacegwv6 <> "bgpd") && (is_ipaddrv6($gatewayipv6))) {
435
			if(preg_match("/fe80::/i", $gatewayipv6))
436
				$ifscope = "%{$defaultifv6}";
437
			log_error("ROUTING: setting IPv6 default route to {$gatewayipv6}{$ifscope}");
438
			mwexec("/sbin/route change -inet6 default " . escapeshellarg($gatewayipv6) ."{$ifscope}");
439
		}
440
	}
441

    
442
	$static_routes = get_staticroutes();
443
	if (count($static_routes)) {
444
		$gateways_arr = return_gateways_array(false, true);
445

    
446
		foreach ($static_routes as $rtent) {
447
			$gatewayip = "";
448
			if (empty($gateways_arr[$rtent['gateway']])) {
449
				log_error(sprintf(gettext("Static Routes: Gateway IP could not be found for %s"), $rtent['network']));
450
				continue;
451
			}
452
			$gateway = $gateways_arr[$rtent['gateway']];
453
			if (!empty($interface) && $interface != $gateway['friendlyiface'])
454
				continue;
455

    
456
			if(isset($rtent['disabled'])) {
457
				mwexec("/sbin/route delete " . escapeshellarg($rtent['network']), true);
458
				continue;
459
			}
460

    
461
			$gatewayip = $gateway['gateway'];
462
			$interfacegw = $gateway['interface'];
463

    
464
			if(is_ipaddrv6($gatewayip)) {
465
				$inetfamily = "-inet6";
466
			} else {
467
				$inetfamily = "-inet";
468
			}
469
			$blackhole = "";
470
			if(preg_match("/^Null/i", $rtent['gateway']))
471
				$blackhole = "-blackhole";
472

    
473
			if (is_ipaddr($gatewayip) && ((is_ipaddrv6($gatewayip) && is_subnetv6($rtent['network'])) || (is_ipaddrv4($gatewayip) && is_subnetv4($rtent['network'])))) {
474
				mwexec("/sbin/route change {$inetfamily} {$blackhole} " . escapeshellarg($rtent['network']) .
475
					" " . escapeshellarg($gatewayip));
476
			} else if (!empty($interfacegw) &&  ((is_ipaddrv6($gatewayip) && is_subnetv6($rtent['network'])) || (is_ipaddrv4($gatewayip) && is_subnetv4($rtent['network'])))) {
477
				mwexec("/sbin/route change {$inetfamily} {$blackhole} " . escapeshellarg($rtent['network']) .
478
					" -iface " . escapeshellarg($interfacegw));
479
			}
480
		}
481
	}
482

    
483
	return 0;
484
}
485

    
486
function system_routing_enable() {
487
	global $config, $g;
488
	if(isset($config['system']['developerspew'])) {
489
		$mt = microtime();
490
		echo "system_routing_enable() being called $mt\n";
491
	}
492

    
493
	mwexec("/sbin/sysctl net.inet.ip.forwarding=1");
494
	mwexec("/sbin/sysctl net.inet6.ip6.forwarding=1");
495
	return;
496
}
497

    
498
function system_syslogd_fixup_server($server) {
499
	/* If it's an IPv6 IP alone, encase it in brackets */
500
	if (is_ipaddrv6($server))
501
		return "[$server]";
502
	else
503
		return $server;
504
}
505

    
506
function system_syslogd_get_remote_servers($syslogcfg, $facility = "*.*") {
507
	// Rather than repeatedly use the same code, use this function to build a list of remote servers.
508
	$facility .= " ".
509
	$remote_servers = "";
510
	$pad_to  = 56;
511
	$padding = ceil(($pad_to - strlen($facility))/8)+1;
512
	if($syslogcfg['remoteserver'])
513
		$remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver']) . "\n";
514
	if($syslogcfg['remoteserver2'])
515
		$remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver2']) . "\n";
516
	if($syslogcfg['remoteserver3'])
517
		$remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver3']) . "\n";
518
	return $remote_servers;
519
}
520

    
521
function system_syslogd_start() {
522
	global $config, $g;
523
	if(isset($config['system']['developerspew'])) {
524
		$mt = microtime();
525
		echo "system_syslogd_start() being called $mt\n";
526
	}
527

    
528
	mwexec("/etc/rc.d/hostid start");
529

    
530
	$syslogcfg = $config['syslog'];
531

    
532
	if ($g['booting'])
533
		echo gettext("Starting syslog...");
534
	else
535
		killbypid("{$g['varrun_path']}/syslog.pid");
536

    
537
	if(is_process_running("syslogd"))
538
		mwexec('/bin/pkill syslogd');
539
	if(is_process_running("fifolog_writer"))
540
		mwexec('/bin/pkill fifolog_writer');
541
	
542
	// Define carious commands for logging
543
	$fifolog_create = "/usr/sbin/fifolog_create -s ";
544
	$fifolog_log = "|/usr/sbin/fifolog_writer ";
545
	$clog_create = "/usr/sbin/clog -i -s ";
546
	$clog_log = "%";
547

    
548
	// Which logging type are we using this week??
549
	if(isset($config['system']['usefifolog'])) {
550
		$log_directive = $fifolog_log;
551
		$log_create_directive = $fifolog_create;
552
	} else { // Defaults to CLOG
553
		$log_directive = $clog_log;
554
		$log_create_directive = $clog_create;
555
	}
556
	
557
	if (isset($syslogcfg)) {
558
		$separatelogfacilities = array('ntp','ntpd','ntpdate','racoon','openvpn','pptps','poes','l2tps','relayd','hostapd','dnsmasq','unbound','dhcpd','dhcrelay','apinger','radvd','routed','olsrd','zebra','ospfd','bgpd');
559
		$syslogconf = "";
560
		if($config['installedpackages']['package']) {
561
			foreach($config['installedpackages']['package'] as $package) {
562
				if($package['logging']) {
563
					array_push($separatelogfacilities, $package['logging']['facilityname']);
564
					mwexec("{$log_create_directive} 10240 {$g['varlog_path']}/{$package['logging']['logfilename']}");
565
					$syslogconf .= "!{$package['logging']['facilityname']}\n*.*\t\t\t\t\t\t {$log_directive}{$g['varlog_path']}/{$package['logging']['logfilename']}\n";
566
				}
567
			}
568
		}
569
		$facilitylist = implode(',', array_unique($separatelogfacilities));
570
		$syslogconf .= "!radvd,routed,olsrd,zebra,ospfd,bgpd\n";
571
		if (!isset($syslogcfg['disablelocallogging']))
572
			$syslogconf .= "*.*								{$log_directive}{$g['varlog_path']}/routing.log\n";
573

    
574
		$syslogconf .= "!ntp,ntpd,ntpdate\n";
575
		if (!isset($syslogcfg['disablelocallogging'])) 
576
			$syslogconf .= "*.*								{$log_directive}{$g['varlog_path']}/ntpd.log\n";
577

    
578
		$syslogconf .= "!ppp\n";
579
		if (!isset($syslogcfg['disablelocallogging'])) 
580
			$syslogconf .= "*.*								{$log_directive}{$g['varlog_path']}/ppp.log\n";
581

    
582
		$syslogconf .= "!pptps\n";
583
		if (!isset($syslogcfg['disablelocallogging'])) 
584
			$syslogconf .= "*.*								{$log_directive}{$g['varlog_path']}/pptps.log\n";
585

    
586
		$syslogconf .= "!poes\n";
587
		if (!isset($syslogcfg['disablelocallogging'])) 
588
			$syslogconf .= "*.*								{$log_directive}{$g['varlog_path']}/poes.log\n";
589

    
590
		$syslogconf .= "!l2tps\n";
591
		if (!isset($syslogcfg['disablelocallogging'])) 
592
			$syslogconf .= "*.*								{$log_directive}{$g['varlog_path']}/l2tps.log\n";
593

    
594
		$syslogconf .= "!racoon\n";
595
		if (!isset($syslogcfg['disablelocallogging'])) 
596
			$syslogconf .= "*.*								{$log_directive}{$g['varlog_path']}/ipsec.log\n";
597
		if (isset($syslogcfg['vpn']))
598
			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*");
599

    
600
		$syslogconf .= "!openvpn\n";
601
		if (!isset($syslogcfg['disablelocallogging'])) 
602
			$syslogconf .= "*.*								{$log_directive}{$g['varlog_path']}/openvpn.log\n";
603
		if (isset($syslogcfg['vpn']))
604
			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*");
605

    
606
		$syslogconf .= "!apinger\n";
607
		if (!isset($syslogcfg['disablelocallogging']))
608
			$syslogconf .= "*.*								{$log_directive}{$g['varlog_path']}/gateways.log\n";
609
		if (isset($syslogcfg['apinger']))
610
			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*");
611

    
612
		$syslogconf .= "!dnsmasq,unbound\n";
613
		if (!isset($syslogcfg['disablelocallogging']))
614
			$syslogconf .= "*.*								{$log_directive}{$g['varlog_path']}/resolver.log\n";
615
		if (isset($syslogcfg['apinger']))
616
			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*");
617

    
618
		$syslogconf .= "!dhcpd,dhcrelay\n";
619
		if (!isset($syslogcfg['disablelocallogging']))
620
			$syslogconf .= "*.*								{$log_directive}{$g['varlog_path']}/dhcpd.log\n";
621
		if (isset($syslogcfg['apinger']))
622
			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*");
623

    
624
		$syslogconf .= "!relayd\n";
625
		if (!isset($syslogcfg['disablelocallogging']))
626
			$syslogconf .= "*.* 								{$log_directive}{$g['varlog_path']}/relayd.log\n";
627
		if (isset($syslogcfg['relayd']))
628
			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*");
629

    
630
		$syslogconf .= "!hostapd\n";
631
		if (!isset($syslogcfg['disablelocallogging']))
632
			$syslogconf .= "*.* 								{$log_directive}{$g['varlog_path']}/wireless.log\n";
633
		if (isset($syslogcfg['hostapd']))
634
			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*");
635

    
636
		$syslogconf .= "!-{$facilitylist}\n";
637
		if (!isset($syslogcfg['disablelocallogging'])) 
638
			$syslogconf .= <<<EOD
639
local0.*							{$log_directive}{$g['varlog_path']}/filter.log
640
local3.*							{$log_directive}{$g['varlog_path']}/vpn.log
641
local4.*							{$log_directive}{$g['varlog_path']}/portalauth.log
642
local7.*							{$log_directive}{$g['varlog_path']}/dhcpd.log
643
*.notice;kern.debug;lpr.info;mail.crit;				{$log_directive}{$g['varlog_path']}/system.log
644
news.err;local0.none;local3.none;local4.none;			{$log_directive}{$g['varlog_path']}/system.log
645
local7.none							{$log_directive}{$g['varlog_path']}/system.log
646
security.*							{$log_directive}{$g['varlog_path']}/system.log
647
auth.info;authpriv.info;daemon.info				{$log_directive}{$g['varlog_path']}/system.log
648
auth.info;authpriv.info 					|exec /usr/local/sbin/sshlockout_pf 15
649
*.emerg								*
650

    
651
EOD;
652
		if (isset($syslogcfg['filter']))
653
			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local0.*");
654
		if (isset($syslogcfg['vpn']))
655
			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local3.*");
656
		if (isset($syslogcfg['portalauth']))
657
			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local4.*");
658
		if (isset($syslogcfg['dhcp']))
659
			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local7.*");
660
		if (isset($syslogcfg['system'])) {
661
			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.notice;kern.debug;lpr.info;mail.crit;");
662
			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "news.err;local0.none;local3.none;local7.none");
663
			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "security.*");
664
			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "auth.info;authpriv.info;daemon.info");
665
			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.emerg");
666
		}
667
		if (isset($syslogcfg['logall'])) {
668
			// Make everything mean everything, including facilities excluded above.
669
			$syslogconf .= "!*\n";
670
			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*");
671
		}
672

    
673
		if (isset($syslogcfg['zmqserver'])) {
674
				$syslogconf .= <<<EOD
675
*.*								^{$syslogcfg['zmqserver']}
676

    
677
EOD;
678
		}
679
		/* write syslog.conf */		
680
		if (!@file_put_contents("{$g['varetc_path']}/syslog.conf", $syslogconf)) {
681
			printf(gettext("Error: cannot open syslog.conf in system_syslogd_start().%s"), "\n");
682
			unset($syslogconf);
683
			return 1;
684
		}
685
		unset($syslogconf);
686

    
687
		// Ensure that the log directory exists
688
		if (!is_dir("{$g['dhcpd_chroot_path']}/var/run"))
689
			exec("/bin/mkdir -p {$g['dhcpd_chroot_path']}/var/run");
690

    
691
		$retval = mwexec_bg("/usr/sbin/syslogd -c -c -l {$g['dhcpd_chroot_path']}/var/run/log -f {$g['varetc_path']}/syslog.conf");
692

    
693
	} else {
694
		$retval = mwexec_bg("/usr/sbin/syslogd -c -c -l {$g['dhcpd_chroot_path']}/var/run/log");
695
	}
696

    
697
	if ($g['booting'])
698
		echo gettext("done.") . "\n";
699

    
700
	return $retval;
701
}
702

    
703
function system_pccard_start() {
704
	global $config, $g;
705
	if(isset($config['system']['developerspew'])) {
706
		$mt = microtime();
707
		echo "system_pccard_start() being called $mt\n";
708
	}
709

    
710
	if ($g['booting'])
711
		echo gettext("Initializing PCMCIA...");
712

    
713
	/* kill any running pccardd */
714
	killbypid("{$g['varrun_path']}/pccardd.pid");
715

    
716
	/* fire up pccardd */
717
	$res = mwexec("/usr/sbin/pccardd -z -f {$g['etc_path']}/pccard.conf");
718

    
719
	if ($g['booting']) {
720
		if ($res == 0)
721
			echo gettext("done.") . "\n";
722
		else
723
			echo gettext("failed!") . "\n";
724
	}
725

    
726
	return $res;
727
}
728

    
729

    
730
function system_webgui_start() {
731
	global $config, $g;
732

    
733
	if ($g['booting'])
734
		echo gettext("Starting webConfigurator...");
735

    
736
	/* kill any running lighttpd */
737
	killbypid("{$g['varrun_path']}/lighty-webConfigurator.pid");
738

    
739
	sleep(1);
740

    
741
	chdir($g['www_path']);
742

    
743
	/* defaults */
744
	$portarg = "80";
745
	$crt = "";
746
	$key = "";
747
	$ca = "";
748

    
749
	/* non-standard port? */
750
	if (isset($config['system']['webgui']['port']) && $config['system']['webgui']['port'] <> "")
751
		$portarg = "{$config['system']['webgui']['port']}";
752

    
753
	if ($config['system']['webgui']['protocol'] == "https") {
754
		// Ensure that we have a webConfigurator CERT
755
		$cert =& lookup_cert($config['system']['webgui']['ssl-certref']);
756
		if(!is_array($cert) && !$cert['crt'] && !$cert['prv']) {
757
			if (!is_array($config['ca']))
758
				$config['ca'] = array();
759
			$a_ca =& $config['ca'];
760
			if (!is_array($config['cert']))
761
				$config['cert'] = array();
762
			$a_cert =& $config['cert'];
763
			log_error("Creating SSL Certificate for this host");
764
			$cert = array();
765
			$cert['refid'] = uniqid();
766
			$cert['descr'] = gettext("webConfigurator default");
767
			mwexec("/usr/bin/openssl genrsa 1024 > {$g['tmp_path']}/ssl.key");
768
			mwexec("/usr/bin/openssl req -new -x509 -nodes -sha1 -days 2000 -key {$g['tmp_path']}/ssl.key > {$g['tmp_path']}/ssl.crt");
769
			$crt = file_get_contents("{$g['tmp_path']}/ssl.crt");
770
			$key = file_get_contents("{$g['tmp_path']}/ssl.key");
771
			unlink("{$g['tmp_path']}/ssl.key");
772
			unlink("{$g['tmp_path']}/ssl.crt");
773
			cert_import($cert, $crt, $key);
774
			$a_cert[] = $cert;
775
			$config['system']['webgui']['ssl-certref'] = $cert['refid'];
776
			write_config(gettext("Importing HTTPS certificate"));
777
			if(!$config['system']['webgui']['port'])
778
				$portarg = "443";
779
			$ca = ca_chain($cert);
780
		} else {
781
			$crt = base64_decode($cert['crt']);
782
			$key = base64_decode($cert['prv']);
783
			if(!$config['system']['webgui']['port'])
784
				$portarg = "443";
785
			$ca = ca_chain($cert);
786
		}
787
	}
788

    
789
	/* generate lighttpd configuration */
790
	system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf",
791
		$crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/",
792
		"cert.pem", "ca.pem");
793

    
794
	/* attempt to start lighthttpd */
795
	$res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf");
796

    
797
	if ($g['booting']) {
798
		if ($res == 0)
799
			echo gettext("done.") . "\n";
800
		else
801
			echo gettext("failed!") . "\n";
802
	}
803

    
804
	return $res;
805
}
806

    
807
function system_generate_lighty_config($filename,
808
	$cert,
809
	$key,
810
	$ca,
811
	$pid_file,
812
	$port = 80,
813
	$document_root = "/usr/local/www/",
814
	$cert_location = "cert.pem",
815
	$ca_location = "ca.pem",
816
	$max_requests = "2",
817
	$fast_cgi_enable = true,
818
	$captive_portal = false) {
819

    
820
	global $config, $g;
821

    
822
	if(!is_dir("{$g['tmp_path']}/lighttpdcompress"))
823
		mkdir("{$g['tmp_path']}/lighttpdcompress");
824

    
825
	if(isset($config['system']['developerspew'])) {
826
		$mt = microtime();
827
		echo "system_generate_lighty_config() being called $mt\n";
828
	}
829

    
830
	if($captive_portal !== false)  {
831
		$captiveportal = ",\"mod_rewrite\"";
832
		$captive_portal_rewrite = "url.rewrite-once = ( \"(.*captiveportal.*)\" => \"$1\", \"(.*)\" => \"/index.php?zone={$captive_portal}&redirurl=$1\" )\n";
833
		$captive_portal_module = "";
834

    
835
		$maxprocperip = $config['captiveportal'][$captive_portal]['maxprocperip'];
836
		if(empty($maxprocperip))
837
			$maxprocperip = 4;
838
		$captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}";
839

    
840
		$server_upload_dirs = "server.upload-dirs = ( \"{$g['tmp_path']}/captiveportal/\" )\n";
841
		exec("mkdir -p {$g['tmp_path']}/captiveportal");
842
		exec("chmod a-w {$g['tmp_path']}/captiveportal");
843
		$server_max_request_size = "server.max-request-size    = 384";
844
	} else {
845
		$captiveportal = "";
846
		$captive_portal_rewrite = "";
847
		$captive_portal_module = "";
848
		$captive_portal_mod_evasive = "";
849
		$server_upload_dirs = "server.upload-dirs = ( \"{$g['upload_path']}/\", \"{$g['tmp_path']}/\", \"/var/\" )\n";
850
		$server_max_request_size = "server.max-request-size    = 2097152";
851
	}
852
	
853
	if($port <> "")
854
		$lighty_port = $port;
855
	else
856
		$lighty_port = "80";
857

    
858
	$memory = get_memory();
859
	$avail = $memory[0];
860

    
861
	// Determine web GUI process settings and take into account low memory systems
862
	if($avail > 0 and $avail < 65) {
863
		$fast_cgi_enable = false;
864
	}
865
	if($avail > 64 and $avail < 256) {
866
		$max_procs = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 1;
867
	}
868
	if($avail > 255 ) {
869
		$max_procs = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2;
870
	}
871

    
872
	// Ramp up captive portal max procs, assuming each PHP process can consume up to 64MB RAM 
873
	if($captive_portal !== false)  {
874
		if($avail > 107 and $avail < 256) {
875
			$max_procs += 1; // 2 worker processes
876
		}
877
		if($avail > 255 and $avail < 320) {
878
			$max_procs += 1; // 3 worker processes
879
		}
880
		if($avail > 319 and $avail < 384) {
881
			$max_procs += 2; // 4 worker processes
882
		}
883
		if($avail > 383 and $avail < 448) {
884
			$max_procs += 3; // 5 worker processes
885
		}
886
		if($avail > 447) {
887
			$max_procs += 4; // 6 worker processes
888
		}
889
		$bin_environment =  <<<EOC
890
			"bin-environment" => (
891
				"PHP_FCGI_CHILDREN" => "0",
892
				"PHP_FCGI_MAX_REQUESTS" => "500"
893
			),
894
EOC;
895

    
896
	} else if ($avail > 0 and $avail < 128) {
897
		$bin_environment = <<<EOC
898
			"bin-environment" => (
899
				"PHP_FCGI_CHILDREN" => "0",
900
				"PHP_FCGI_MAX_REQUESTS" => "2",
901
			),
902

    
903
EOC;
904
	} else
905
		$bin_environment =  <<<EOC
906
			"bin-environment" => (
907
				"PHP_FCGI_CHILDREN" => "0",
908
				"PHP_FCGI_MAX_REQUESTS" => "500"
909
			),
910
EOC;
911

    
912
	if($fast_cgi_enable == true) {
913
		$module = "\"mod_fastcgi\", \"mod_cgi\"";
914
		if ($captive_portal !== false)
915
			$fast_cgi_path = "{$g['tmp_path']}/php-fastcgi-{$captive_portal}.socket";
916
		else
917
			$fast_cgi_path = "{$g['tmp_path']}/php-fastcgi.socket";
918
		$cgi_config = "";
919
		$fastcgi_config = <<<EOD
920
#### fastcgi module
921
## read fastcgi.txt for more info
922
fastcgi.server = ( ".php" =>
923
	( "localhost" =>
924
		(
925
			"socket" => "{$fast_cgi_path}",
926
			"min-procs" => 0,
927
			"max-procs" => {$max_procs},
928
{$bin_environment}
929
			"bin-path" => "/usr/local/bin/php"
930
		)
931
	)
932
)
933

    
934
#### CGI module
935
cgi.assign                 = ( ".cgi" => "" )
936

    
937
EOD;
938
	} else {
939
		$fastcgi_config = "";
940
		$module = "\"mod_cgi\"";
941
		$cgi_config = <<<EOD
942
#### CGI module
943
cgi.assign                 = ( ".php"  => "/usr/local/bin/php",
944
                               ".cgi" => "" )
945

    
946
EOD;
947
	}
948

    
949
	$lighty_config = "";
950
	$lighty_config .= <<<EOD
951
#
952
# lighttpd configuration file
953
#
954
# use a it as base for lighttpd 1.0.0 and above
955
#
956
############ Options you really have to take care of ####################
957

    
958
## FreeBSD!
959
server.event-handler	= "freebsd-kqueue"
960
server.network-backend 	= "writev"
961
#server.use-ipv6 = "enable"
962

    
963
## modules to load
964
server.modules              =   (
965
	{$captive_portal_module}
966
	"mod_access", "mod_accesslog", "mod_expire", "mod_compress", "mod_redirect",
967
	{$module}{$captiveportal}
968
)
969

    
970
## Unused modules
971
#                               "mod_setenv",
972
#                               "mod_rewrite",
973
#                               "mod_ssi",
974
#                               "mod_usertrack",
975
#                               "mod_expire",
976
#                               "mod_secdownload",
977
#                               "mod_rrdtool",
978
#                               "mod_auth",
979
#                               "mod_status",
980
#                               "mod_alias",
981
#                               "mod_proxy",
982
#                               "mod_simple_vhost",
983
#                               "mod_evhost",
984
#                               "mod_userdir",
985
#                               "mod_cgi",
986

    
987
server.max-keep-alive-requests = 15
988
server.max-keep-alive-idle = 30
989

    
990
## a static document-root, for virtual-hosting take look at the
991
## server.virtual-* options
992
server.document-root        = "{$document_root}"
993
{$captive_portal_rewrite}
994

    
995
# Maximum idle time with nothing being written (php downloading)
996
server.max-write-idle = 999
997

    
998
## where to send error-messages to
999
server.errorlog             = "/var/log/lighttpd.error.log"
1000

    
1001
# files to check for if .../ is requested
1002
server.indexfiles           = ( "index.php", "index.html",
1003
                                "index.htm", "default.htm" )
1004

    
1005
# mimetype mapping
1006
mimetype.assign             = (
1007
  ".pdf"          =>      "application/pdf",
1008
  ".sig"          =>      "application/pgp-signature",
1009
  ".spl"          =>      "application/futuresplash",
1010
  ".class"        =>      "application/octet-stream",
1011
  ".ps"           =>      "application/postscript",
1012
  ".torrent"      =>      "application/x-bittorrent",
1013
  ".dvi"          =>      "application/x-dvi",
1014
  ".gz"           =>      "application/x-gzip",
1015
  ".pac"          =>      "application/x-ns-proxy-autoconfig",
1016
  ".swf"          =>      "application/x-shockwave-flash",
1017
  ".tar.gz"       =>      "application/x-tgz",
1018
  ".tgz"          =>      "application/x-tgz",
1019
  ".tar"          =>      "application/x-tar",
1020
  ".zip"          =>      "application/zip",
1021
  ".mp3"          =>      "audio/mpeg",
1022
  ".m3u"          =>      "audio/x-mpegurl",
1023
  ".wma"          =>      "audio/x-ms-wma",
1024
  ".wax"          =>      "audio/x-ms-wax",
1025
  ".ogg"          =>      "audio/x-wav",
1026
  ".wav"          =>      "audio/x-wav",
1027
  ".gif"          =>      "image/gif",
1028
  ".jpg"          =>      "image/jpeg",
1029
  ".jpeg"         =>      "image/jpeg",
1030
  ".png"          =>      "image/png",
1031
  ".xbm"          =>      "image/x-xbitmap",
1032
  ".xpm"          =>      "image/x-xpixmap",
1033
  ".xwd"          =>      "image/x-xwindowdump",
1034
  ".css"          =>      "text/css",
1035
  ".html"         =>      "text/html",
1036
  ".htm"          =>      "text/html",
1037
  ".js"           =>      "text/javascript",
1038
  ".asc"          =>      "text/plain",
1039
  ".c"            =>      "text/plain",
1040
  ".conf"         =>      "text/plain",
1041
  ".text"         =>      "text/plain",
1042
  ".txt"          =>      "text/plain",
1043
  ".dtd"          =>      "text/xml",
1044
  ".xml"          =>      "text/xml",
1045
  ".mpeg"         =>      "video/mpeg",
1046
  ".mpg"          =>      "video/mpeg",
1047
  ".mov"          =>      "video/quicktime",
1048
  ".qt"           =>      "video/quicktime",
1049
  ".avi"          =>      "video/x-msvideo",
1050
  ".asf"          =>      "video/x-ms-asf",
1051
  ".asx"          =>      "video/x-ms-asf",
1052
  ".wmv"          =>      "video/x-ms-wmv",
1053
  ".bz2"          =>      "application/x-bzip",
1054
  ".tbz"          =>      "application/x-bzip-compressed-tar",
1055
  ".tar.bz2"      =>      "application/x-bzip-compressed-tar"
1056
 )
1057

    
1058
# Use the "Content-Type" extended attribute to obtain mime type if possible
1059
#mimetypes.use-xattr        = "enable"
1060

    
1061
#### accesslog module
1062
#accesslog.filename          = "/dev/null"
1063

    
1064
## deny access the file-extensions
1065
#
1066
# ~    is for backupfiles from vi, emacs, joe, ...
1067
# .inc is often used for code includes which should in general not be part
1068
#      of the document-root
1069
url.access-deny             = ( "~", ".inc" )
1070

    
1071

    
1072
######### Options that are good to be but not neccesary to be changed #######
1073

    
1074
## bind to port (default: 80)
1075

    
1076
EOD;
1077

    
1078
	$lighty_config .= "server.bind  = \"0.0.0.0\"\n";
1079
	$lighty_config .= "server.port  = {$lighty_port}\n";
1080
	$lighty_config .= "\$SERVER[\"socket\"]  == \"0.0.0.0:{$lighty_port}\" { }\n";
1081
	$lighty_config .= "\$SERVER[\"socket\"]  == \"[::]:{$lighty_port}\" { \n";
1082
	if($cert <> "" and $key <> "") {
1083
		$lighty_config .= "\n";
1084
		$lighty_config .= "## ssl configuration\n";
1085
		$lighty_config .= "ssl.engine = \"enable\"\n";
1086
		$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
1087
		if($ca <> "")
1088
			$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
1089
	}
1090
	$lighty_config .= " }\n";
1091

    
1092

    
1093
	$lighty_config .= <<<EOD
1094

    
1095
## error-handler for status 404
1096
#server.error-handler-404   = "/error-handler.html"
1097
#server.error-handler-404   = "/error-handler.php"
1098

    
1099
## to help the rc.scripts
1100
server.pid-file            = "/var/run/{$pid_file}"
1101

    
1102
## virtual directory listings
1103
server.dir-listing         = "disable"
1104

    
1105
## enable debugging
1106
debug.log-request-header   = "disable"
1107
debug.log-response-header  = "disable"
1108
debug.log-request-handling = "disable"
1109
debug.log-file-not-found   = "disable"
1110

    
1111
# gzip compression
1112
compress.cache-dir = "{$g['tmp_path']}/lighttpdcompress/"
1113
compress.filetype  = ("text/plain","text/css", "text/xml", "text/javascript" )
1114

    
1115
{$server_upload_dirs}
1116

    
1117
{$server_max_request_size}
1118

    
1119
{$fastcgi_config}
1120

    
1121
{$cgi_config}
1122

    
1123
{$captive_portal_mod_evasive}
1124

    
1125
expire.url = (
1126
				"" => "access 50 hours",	
1127
        )
1128

    
1129
EOD;
1130

    
1131
	$cert = str_replace("\r", "", $cert);
1132
	$key = str_replace("\r", "", $key);
1133
	$ca = str_replace("\r", "", $ca);
1134

    
1135
	$cert = str_replace("\n\n", "\n", $cert);
1136
	$key = str_replace("\n\n", "\n", $key);
1137
	$ca = str_replace("\n\n", "\n", $ca);
1138

    
1139
	if($cert <> "" and $key <> "") {
1140
		$fd = fopen("{$g['varetc_path']}/{$cert_location}", "w");
1141
		if (!$fd) {
1142
			printf(gettext("Error: cannot open cert.pem in system_webgui_start().%s"), "\n");
1143
			return 1;
1144
		}
1145
		chmod("{$g['varetc_path']}/{$cert_location}", 0600);
1146
		fwrite($fd, $cert);
1147
		fwrite($fd, "\n");
1148
		fwrite($fd, $key);
1149
		fclose($fd);
1150
		if(!(empty($ca) || (strlen(trim($ca)) == 0))) {
1151
			$fd = fopen("{$g['varetc_path']}/{$ca_location}", "w");
1152
			if (!$fd) {
1153
				printf(gettext("Error: cannot open ca.pem in system_webgui_start().%s"), "\n");
1154
				return 1;
1155
			}
1156
			chmod("{$g['varetc_path']}/{$ca_location}", 0600);
1157
			fwrite($fd, $ca);
1158
			fclose($fd);
1159
		}
1160
		$lighty_config .= "\n";
1161
		$lighty_config .= "## " . gettext("ssl configuration") . "\n";
1162
		$lighty_config .= "ssl.engine = \"enable\"\n";
1163
		$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
1164

    
1165
		// Harden SSL a bit for PCI conformance testing
1166
		$lighty_config .= "ssl.use-sslv2 = \"disable\"\n";
1167
		$lighty_config .= "ssl.cipher-list = \"DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:!aNULL:!eNULL:!3DES:@STRENGTH\"\n";
1168

    
1169
		if(!(empty($ca) || (strlen(trim($ca)) == 0)))
1170
			$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
1171
	}
1172

    
1173
	// Add HTTP to HTTPS redirect	
1174
	if ($captive_portal === false && $config['system']['webgui']['protocol'] == "https" && !isset($config['system']['webgui']['disablehttpredirect'])) {
1175
		if($lighty_port != "443") 
1176
			$redirectport = ":{$lighty_port}";
1177
		$lighty_config .= <<<EOD
1178
\$SERVER["socket"] == ":80" {
1179
	\$HTTP["host"] =~ "(.*)" {
1180
		url.redirect = ( "^/(.*)" => "https://%1{$redirectport}/$1" )
1181
	}
1182
}
1183
EOD;
1184
	}
1185

    
1186
	$fd = fopen("{$filename}", "w");
1187
	if (!$fd) {
1188
		printf(gettext("Error: cannot open %s in system_generate_lighty_config().%s"), $filename, "\n");
1189
		return 1;
1190
	}
1191
	fwrite($fd, $lighty_config);
1192
	fclose($fd);
1193

    
1194
	return 0;
1195

    
1196
}
1197

    
1198
function system_timezone_configure() {
1199
	global $config, $g;
1200
	if(isset($config['system']['developerspew'])) {
1201
		$mt = microtime();
1202
		echo "system_timezone_configure() being called $mt\n";
1203
	}
1204

    
1205
	$syscfg = $config['system'];
1206

    
1207
	if ($g['booting'])
1208
		echo gettext("Setting timezone...");
1209

    
1210
	/* extract appropriate timezone file */
1211
	$timezone = $syscfg['timezone'];
1212
	if (!$timezone)
1213
		$timezone = "Etc/UTC";
1214

    
1215
	conf_mount_rw();
1216

    
1217
	exec("LANG=C /usr/bin/tar xzfO /usr/share/zoneinfo.tgz " .
1218
		escapeshellarg($timezone) . " > /etc/localtime");
1219

    
1220
	mwexec("sync");
1221
	conf_mount_ro();
1222

    
1223
	if ($g['booting'])
1224
		echo gettext("done.") . "\n";
1225
}
1226

    
1227
function system_ntp_setup_gps($serialport) {
1228
	$gps_device = '/dev/gps0';
1229
	$serialport = '/dev/'.$serialport;
1230

    
1231
	if (!file_exists($serialport))
1232
		return false;
1233

    
1234
	conf_mount_rw();
1235
	// Create symlink that ntpd requires
1236
	unlink_if_exists($gps_device);
1237
	symlink($serialport, $gps_device);
1238

    
1239
	/* Send the following to the GPS port to initialize the GPS */
1240
	$gps_init = <<<EOF
1241
\$PUBX,40,GSV,0,0,0,0*59
1242
\$PUBX,40,GLL,0,0,0,0*5C
1243
\$PUBX,40,ZDA,0,0,0,0*44
1244
\$PUBX,40,VTG,0,0,0,0*5E
1245
\$PUBX,40,GSV,0,0,0,0*59
1246
\$PUBX,40,GSA,0,0,0,0*4E
1247
\$PUBX,40,GGA,0,0,0,0
1248
\$PUBX,40,TXT,0,0,0,0
1249
\$PUBX,40,RMC,0,0,0,0*46
1250
\$PUBX,41,1,0007,0003,4800,0
1251
\$PUBX,40,ZDA,1,1,1,1
1252
EOF;
1253
	file_put_contents("/tmp/gps.init", $gps_init);
1254
	`cat /tmp/gps.init > $serialport`;
1255

    
1256
	/* Add /etc/remote entry in case we need to read from the GPS with tip */
1257
	if (intval(`grep -c '^gps0' /etc/remote`) == 0)
1258
		`echo "gps0:dv={$serialport}:br#4800:pa=none:" >> /etc/remote`;
1259

    
1260
	conf_mount_ro();
1261

    
1262
	return true;
1263
}
1264

    
1265
function system_ntp_configure($start_ntpd=true) {
1266
	global $config, $g;
1267
	$driftfile = "/var/db/ntpd.drift";
1268
	$statsdir = "/var/log/ntp";
1269
	$gps_device = '/dev/gps0';
1270

    
1271
	if ($g['platform'] == 'jail')
1272
		return;
1273

    
1274
	safe_mkdir($statsdir);
1275

    
1276
	$ntpcfg = "# \n";
1277
	$ntpcfg .= "# pfSense ntp configuration file \n";
1278
	$ntpcfg .= "# \n\n";
1279
	$ntpcfg .= "tinker panic 0 \n";
1280

    
1281
	if (!empty($config['ntpd']['gpsport'])
1282
		&& file_exists('/dev/'.$config['ntpd']['gpsport'])
1283
		&& system_ntp_setup_gps($config['ntpd']['gpsport'])) {
1284
		$ntpcfg .= "# GPS Setup\n";
1285
		$ntpcfg .= "server 127.127.20.0 mode 0 minpoll 4 maxpoll 4 prefer\n";
1286
		$ntpcfg .= "fudge 127.127.20.0 time1 0.155 time2 0.000 flag1 1 flag2 0 flag3 1\n";
1287
		// Fall back to local clock if GPS is out of sync?
1288
		$ntpcfg .= "server 127.127.1.0\n";
1289
		$ntpcfg .= "fudge 127.127.1.0 stratum 12\n";
1290
	}
1291

    
1292
	$ntpcfg .= "\n\n# Upstream Servers\n";
1293
	/* foreach through servers and write out to ntpd.conf */
1294
	foreach (explode(' ', $config['system']['timeservers']) as $ts)
1295
		$ntpcfg .= "server {$ts} iburst maxpoll 9\n";
1296

    
1297
	$ntpcfg .= "enable monitor\n";
1298
	$ntpcfg .= "enable stats\n";
1299
	$ntpcfg .= "statistics clockstats\n";
1300
	$ntpcfg .= "statsdir {$statsdir}\n";
1301
	$ntpcfg .= "logconfig =syncall +clockall\n";
1302
	$ntpcfg .= "driftfile {$driftfile}\n";
1303
	$ntpcfg .= "restrict default kod nomodify notrap nopeer\n";
1304
	$ntpcfg .= "restrict -6 default kod nomodify notrap nopeer\n";
1305

    
1306
	if (empty($config['ntpd']['interface']))
1307
		if (is_array($config['installedpackages']['openntpd']) && !empty($config['installedpackages']['openntpd']['config'][0]['interface']))
1308
			$interfaces = explode(",", $config['installedpackages']['openntpd']['config'][0]['interface']);
1309
		else
1310
			$interfaces = array();
1311
	else
1312
		$interfaces = explode(",", $config['ntpd']['interface']);
1313

    
1314
	if (is_array($interfaces) && count($interfaces)) {
1315
		$ntpcfg .= "interface ignore all\n";
1316
		foreach ($interfaces as $interface) {
1317
			if (!is_ipaddr($interface)) {
1318
				$interface = get_real_interface($interface);
1319
			}
1320
			$ntpcfg .= "interface listen {$interface}\n";
1321
		}
1322
	}
1323

    
1324
	/* open configuration for wrting or bail */
1325
	$fd = fopen("{$g['varetc_path']}/ntpd.conf","w");
1326
	if(!$fd) {
1327
		log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing");
1328
		return;
1329
	}
1330
	fwrite($fd, $ntpcfg);
1331

    
1332
	/* slurp! */
1333
	fclose($fd);
1334

    
1335
	/* At bootup we just want to write out the config. */
1336
	if (!$start_ntpd)
1337
		return;
1338

    
1339
	/* if ntpd is running, kill it */
1340
	while(is_process_running("ntpd")) {
1341
		killbyname("ntpd");
1342
	}
1343

    
1344
	/* if /var/empty does not exist, create it */
1345
	if(!is_dir("/var/empty"))
1346
		exec("/bin/mkdir -p /var/empty && chmod ug+rw /var/empty/.");
1347

    
1348
	/* start opentpd, set time now and use /var/etc/ntpd.conf */
1349
	$oldset = array();
1350
	pcntl_sigprocmask(SIG_SETMASK, array(), $oldset);
1351
	exec("/usr/local/bin/ntpd -g -c {$g['varetc_path']}/ntpd.conf");
1352
	pcntl_sigprocmask(SIG_SETMASK, $oldset);
1353
	
1354
	// Note that we are starting up
1355
	log_error("NTPD is starting up.");
1356
	return;
1357
}
1358

    
1359
function sync_system_time() {
1360
	global $config, $g;
1361

    
1362
	if ($g['booting'])
1363
		echo gettext("Syncing system time before startup...");
1364

    
1365
	/* foreach through servers and write out to ntpd.conf */
1366
	foreach (explode(' ', $config['system']['timeservers']) as $ts) {
1367
		mwexec("/usr/sbin/ntpdate -s $ts");
1368
	}
1369
	
1370
	if ($g['booting'])
1371
		echo gettext("done.") . "\n";
1372
	
1373
}
1374

    
1375
function system_halt() {
1376
	global $g;
1377

    
1378
	system_reboot_cleanup();
1379

    
1380
	mwexec("/usr/bin/nohup /etc/rc.halt > /dev/null 2>&1 &");
1381
}
1382

    
1383
function system_reboot() {
1384
	global $g;
1385

    
1386
	system_reboot_cleanup();
1387

    
1388
	mwexec("nohup /etc/rc.reboot > /dev/null 2>&1 &");
1389
}
1390

    
1391
function system_reboot_sync() {
1392
	global $g;
1393

    
1394
	system_reboot_cleanup();
1395

    
1396
	mwexec("/etc/rc.reboot > /dev/null 2>&1");
1397
}
1398

    
1399
function system_reboot_cleanup() {
1400
	mwexec("/usr/local/bin/beep.sh stop");
1401
	require_once("captiveportal.inc");
1402
	captiveportal_radius_stop_all();
1403
	require_once("voucher.inc");
1404
	voucher_save_db_to_config();
1405
	require_once("pkg-utils.inc");
1406
	stop_packages();
1407
}
1408

    
1409
function system_do_shell_commands($early = 0) {
1410
	global $config, $g;
1411
	if(isset($config['system']['developerspew'])) {
1412
		$mt = microtime();
1413
		echo "system_do_shell_commands() being called $mt\n";
1414
	}
1415

    
1416
	if ($early)
1417
		$cmdn = "earlyshellcmd";
1418
	else
1419
		$cmdn = "shellcmd";
1420

    
1421
	if (is_array($config['system'][$cmdn])) {
1422

    
1423
		/* *cmd is an array, loop through */
1424
		foreach ($config['system'][$cmdn] as $cmd) {
1425
			exec($cmd);
1426
		}
1427

    
1428
	} elseif($config['system'][$cmdn] <> "") {
1429

    
1430
		/* execute single item */
1431
		exec($config['system'][$cmdn]);
1432

    
1433
	}
1434
}
1435

    
1436
function system_console_configure() {
1437
	global $config, $g;
1438
	if(isset($config['system']['developerspew'])) {
1439
		$mt = microtime();
1440
		echo "system_console_configure() being called $mt\n";
1441
	}
1442

    
1443
	if (isset($config['system']['disableconsolemenu'])) {
1444
		touch("{$g['varetc_path']}/disableconsole");
1445
	} else {
1446
		unlink_if_exists("{$g['varetc_path']}/disableconsole");
1447
	}
1448
}
1449

    
1450
function system_dmesg_save() {
1451
	global $g;
1452
	if(isset($config['system']['developerspew'])) {
1453
		$mt = microtime();
1454
		echo "system_dmesg_save() being called $mt\n";
1455
	}
1456

    
1457
	$dmesg = "";
1458
	exec("/sbin/dmesg", $dmesg);
1459

    
1460
	/* find last copyright line (output from previous boots may be present) */
1461
	$lastcpline = 0;
1462

    
1463
	for ($i = 0; $i < count($dmesg); $i++) {
1464
		if (strstr($dmesg[$i], "Copyright (c) 1992-"))
1465
			$lastcpline = $i;
1466
	}
1467

    
1468
	$fd = fopen("{$g['varlog_path']}/dmesg.boot", "w");
1469
	if (!$fd) {
1470
		printf(gettext("Error: cannot open dmesg.boot in system_dmesg_save().%s"), "\n");
1471
		return 1;
1472
	}
1473

    
1474
	for ($i = $lastcpline; $i < count($dmesg); $i++)
1475
		fwrite($fd, $dmesg[$i] . "\n");
1476

    
1477
	fclose($fd);
1478

    
1479
	return 0;
1480
}
1481

    
1482
function system_set_harddisk_standby() {
1483
	global $g, $config;
1484
	if(isset($config['system']['developerspew'])) {
1485
		$mt = microtime();
1486
		echo "system_set_harddisk_standby() being called $mt\n";
1487
	}
1488

    
1489
	if (isset($config['system']['harddiskstandby'])) {
1490
		if ($g['booting']) {
1491
			echo gettext('Setting hard disk standby... ');
1492
		}
1493

    
1494
		$standby = $config['system']['harddiskstandby'];
1495
		// Check for a numeric value
1496
		if (is_numeric($standby)) {
1497
			// Sync the disk(s)
1498
			pfSense_sync();
1499
			if (!mwexec('/sbin/sysctl hw.ata.standby=' . ((int)$standby))) {
1500
				// Reinitialize ATA-drives
1501
				mwexec('/usr/local/sbin/atareinit');
1502
				if ($g['booting']) {
1503
					echo gettext("done.") . "\n";
1504
				}
1505
			} else if ($g['booting']) {
1506
				echo gettext("failed!") . "\n";
1507
			}
1508
		} else if ($g['booting']) {
1509
			echo gettext("failed!") . "\n";
1510
		}
1511
	}
1512
}
1513

    
1514
function system_setup_sysctl() {
1515
	global $config;
1516
	if(isset($config['system']['developerspew'])) {
1517
		$mt = microtime();
1518
		echo "system_setup_sysctl() being called $mt\n";
1519
	}
1520

    
1521
	activate_sysctls();	
1522

    
1523
	if (isset($config['system']['sharednet'])) {
1524
		system_disable_arp_wrong_if();
1525
	}
1526
}
1527

    
1528
function system_disable_arp_wrong_if() {
1529
	global $config;
1530
	if(isset($config['system']['developerspew'])) {
1531
		$mt = microtime();
1532
		echo "system_disable_arp_wrong_if() being called $mt\n";
1533
	}
1534
	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=0");
1535
	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=0");
1536
}
1537

    
1538
function system_enable_arp_wrong_if() {
1539
	global $config;
1540
	if(isset($config['system']['developerspew'])) {
1541
		$mt = microtime();
1542
		echo "system_enable_arp_wrong_if() being called $mt\n";
1543
	}
1544
	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=1");
1545
	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=1");
1546
}
1547

    
1548
function enable_watchdog() {
1549
	global $config;
1550
	return;
1551
	$install_watchdog = false;
1552
	$supported_watchdogs = array("Geode");
1553
	$file = file_get_contents("/var/log/dmesg.boot");
1554
	foreach($supported_watchdogs as $sd) {
1555
		if(stristr($file, "Geode")) {
1556
			$install_watchdog = true;
1557
		}
1558
	}
1559
	if($install_watchdog == true) {
1560
		if(is_process_running("watchdogd"))
1561
			mwexec("/usr/bin/killall watchdogd", true);
1562
		exec("/usr/sbin/watchdogd");
1563
	}
1564
}
1565

    
1566
function system_check_reset_button() {
1567
	global $g;
1568
	if($g['platform'] != "nanobsd")
1569
		return 0;
1570

    
1571
	$specplatform = system_identify_specific_platform();
1572

    
1573
	if ($specplatform['name'] != "wrap" && $specplatform['name'] != "alix")
1574
		return 0;
1575

    
1576
	$retval = mwexec("/usr/local/sbin/" . $specplatform['name'] . "resetbtn");
1577

    
1578
	if ($retval == 99) {
1579
		/* user has pressed reset button for 2 seconds - 
1580
		   reset to factory defaults */
1581
		echo <<<EOD
1582

    
1583
***********************************************************************
1584
* Reset button pressed - resetting configuration to factory defaults. *
1585
* The system will reboot after this completes.                        *
1586
***********************************************************************
1587

    
1588

    
1589
EOD;
1590
		
1591
		reset_factory_defaults();
1592
		system_reboot_sync();
1593
		exit(0);
1594
	}
1595

    
1596
	return 0;
1597
}
1598

    
1599
/* attempt to identify the specific platform (for embedded systems)
1600
   Returns an array with two elements:
1601
	name => platform string (e.g. 'wrap', 'alix' etc.)
1602
	descr => human-readable description (e.g. "PC Engines WRAP")
1603
*/
1604
function system_identify_specific_platform() {
1605
	global $g;
1606
	
1607
	if ($g['platform'] == 'generic-pc')
1608
		return array('name' => 'generic-pc', 'descr' => gettext("Generic PC"));
1609
	
1610
	if ($g['platform'] == 'generic-pc-cdrom')
1611
		return array('name' => 'generic-pc-cdrom', 'descr' => gettext("Generic PC (CD-ROM)"));
1612
	
1613
	/* the rest of the code only deals with 'embedded' platforms */
1614
	if ($g['platform'] != 'nanobsd')
1615
		return array('name' => $g['platform'], 'descr' => $g['platform']);
1616
	
1617
	$dmesg = system_get_dmesg_boot();
1618
	
1619
	if (strpos($dmesg, "PC Engines WRAP") !== false)
1620
		return array('name' => 'wrap', 'descr' => gettext('PC Engines WRAP'));
1621
	
1622
	if (strpos($dmesg, "PC Engines ALIX") !== false)
1623
		return array('name' => 'alix', 'descr' => gettext('PC Engines ALIX'));
1624

    
1625
	if (preg_match("/Soekris net45../", $dmesg, $matches))
1626
		return array('name' => 'net45xx', 'descr' => $matches[0]);
1627
	
1628
	if (preg_match("/Soekris net48../", $dmesg, $matches))
1629
		return array('name' => 'net48xx', 'descr' => $matches[0]);
1630
		
1631
	if (preg_match("/Soekris net55../", $dmesg, $matches))
1632
		return array('name' => 'net55xx', 'descr' => $matches[0]);
1633
	
1634
	/* unknown embedded platform */
1635
	return array('name' => 'embedded', 'descr' => gettext('embedded (unknown)'));
1636
}
1637

    
1638
function system_get_dmesg_boot() {
1639
	global $g;
1640
		
1641
	return file_get_contents("{$g['varlog_path']}/dmesg.boot");
1642
}
1643

    
1644
function get_possible_listen_ips() {
1645
	$interfaces = get_configured_interface_with_descr();
1646
	$carplist = get_configured_carp_interface_list();
1647
	$listenips = array();
1648
	foreach ($carplist as $cif => $carpip)
1649
		$interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")";
1650
	$aliaslist = get_configured_ip_aliases_list();
1651
	foreach ($aliaslist as $aliasip => $aliasif)
1652
		$interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
1653
	foreach ($interfaces as $iface => $ifacename) {
1654
		$tmp["name"]  = $ifacename;
1655
		$tmp["value"] = $iface;
1656
		$listenips[] = $tmp;
1657
	}
1658
	$tmp["name"]  = "Localhost";
1659
	$tmp["value"] = "lo0";
1660
	$listenips[] = $tmp;
1661
	return $listenips;
1662
}
1663

    
1664
/* Pick up IPv6 router advertisements on the interface */
1665
function pickup_ipv6_router_advertisement($interface) {
1666
	global $g;
1667
	$realif = get_real_interface($interface);
1668
	exec("/sbin/rtsol -d {$realif} 2>&1", $out, $ret);
1669
	if(!empty($out)) {
1670
		foreach($out as $line) {
1671
			if((stristr($line, "received")) && (!stristr($line, "unexpected"))) {
1672
				$parts = explode(" ", $line);
1673
				if(is_ipaddrv6($parts[3])) {
1674
					log_error("Found IPv6 default gateway '{$parts[3]}' on interface {$realif} by RA.");
1675
					file_put_contents("{$g['tmp_path']}/{$realif}_routerv6", "{$parts[3]}\n");
1676
					file_put_contents("{$g['tmp_path']}/{$realif}_defaultgwv6", "{$parts[3]}\n");
1677
					break;
1678
				}
1679
			}
1680
		}
1681
	}
1682
}
1683

    
1684
?>
(53-53/68)