/src/etc/inc/globals.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/etc/inc/globals.inc @ 3f8e09a5

1	5b237745	Scott Ullrich	<?php
2	ac24dc24	Renato Botelho	/*
3			* globals.inc
4	2af1b0c7	Stephen Beaver	*
5	ac24dc24	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	8f2f85c3	Luiz Otavio O Souza	* Copyright (c) 2014-2022 Rubicon Communications, LLC (Netgate)
9	ac24dc24	Renato Botelho	* All rights reserved.
10	2af1b0c7	Stephen Beaver	*
11	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
12			* you may not use this file except in compliance with the License.
13			* You may obtain a copy of the License at
14	2af1b0c7	Stephen Beaver	*
15	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
16	2af1b0c7	Stephen Beaver	*
17	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
18			* distributed under the License is distributed on an "AS IS" BASIS,
19			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20			* See the License for the specific language governing permissions and
21			* limitations under the License.
22	2af1b0c7	Stephen Beaver	*/
23	9ba87997	Phil Davis
24	43c83997	Phil Davis	// Global defines
25	523855b0	Scott Ullrich
26	43c83997	Phil Davis	// Automatic panel collapse
27	820562e8	NewEraCracker	define('COLLAPSIBLE', 0x08);
28			define('SEC_CLOSED', 0x04);
29			define('SEC_OPEN', 0x00);
30	5b237745	Scott Ullrich
31	77a8a7d6	Steve Beaver	// IP address types
32	ca86de04	Steve Beaver	define("IPV4", 4);
33			define("IPV6", 6);
34			define("IPV4V6", 2);
35			define("ALIAS", 1);
36	77a8a7d6	Steve Beaver
37	0793de1a	Luiz Souza	// Interface Name Size
38			define("IF_NAMESIZE", 15); /* 16 minus the terminating NULL */
39
40	5ea90990	Stephen Beaver	// AddPassword method defines
41	820562e8	NewEraCracker	define('DMYPWD', "********");
42	5ea90990	Stephen Beaver
43	7c2468c5	Viktor G	// Captive Portal aliases prefix
44			define('CPPREFIX', "cpzoneid_");
45
46	8346b5c4	jim-p	global $g;
47	5b237745	Scott Ullrich	$g = array(
48	0a74e0dd	Steve Beaver	"acbbackuppath" => "/cf/conf/acb/",
49	0ae6daf8	Ermal	"event_address" => "unix:///var/run/check_reload_status",
50	4b96b367	mgrooms	"factory_shipped_username" => "admin",
51	46974905	Chris Buechler	"factory_shipped_password" => "pfsense",
52	1ef7b568	Scott Ullrich	"upload_path" => "/root",
53	e9e7d501	Matthew Grooms	"dhcpd_chroot_path" => "/var/dhcpd",
54	6671b7cd	Warren Baker	"unbound_chroot_path" => "/var/unbound",
55	563771b1	Renato Botelho	"var_path" => "/var",
56	e9e7d501	Matthew Grooms	"varrun_path" => "/var/run",
57			"varetc_path" => "/var/etc",
58			"vardb_path" => "/var/db",
59			"varlog_path" => "/var/log",
60			"etc_path" => "/etc",
61			"tmp_path" => "/tmp",
62	8d80a771	stilez	"tmp_path_user_code" => "/tmp/user_code",
63	e9e7d501	Matthew Grooms	"conf_path" => "/conf",
64			"conf_default_path" => "/conf.default",
65			"cf_path" => "/cf",
66			"cf_conf_path" => "/cf/conf",
67			"www_path" => "/usr/local/www",
68			"xml_rootobj" => "pfsense",
69			"admin_group" => "admins",
70	36d0358b	Scott Ullrich	"product_name" => "pfSense",
71	573ec19d	Renato Botelho do Couto	"product_label" => "pfSense",
72	1965b431	Steve Beaver	"product_label_html" => "Netgate pfSense<sup>®</sup>",
73	70497688	Renato Botelho	"product_version" => trim(file_get_contents("/etc/version"), " \n"),
74	2bb93345	Tuyan Ozipek	"product_copyright_years" => "2004 - ".date("Y"),
75	3b29612f	Chris Buechler	"disablehelpmenu" => false,
76	28181237	Renato Botelho	"disablehelpicon" => false,
77	36365f49	Scott Ullrich	"disablecrashreporter" => false,
78	e9e7d501	Matthew Grooms	"debug" => false,
79	94151cf2	luckman212	"latest_config" => "22.7",
80	67b0ed57	Chris Buechler	"minimum_ram_warning" => "101",
81	9f274393	Chris Buechler	"minimum_ram_warning_text" => "128 MB",
82	1180e4f0	Sjon Hortensius	"wan_interface_name" => "wan",
83	e9e7d501	Matthew Grooms	"captiveportal_path" => "/usr/local/captiveportal",
84			"captiveportal_element_path" => "/var/db/cpelements",
85	c2d0699f	Scott Ullrich	"captiveportal_element_sizelimit" => 1048576,
86	517b893e	Renato Botelho	"captiveportal_rules_interval" => 50,
87	e3a13b00	Scott Ullrich	"services_dhcp_server_enable" => true,
88	38a65678	Viktor G	"wireless_regex" => "/^(ath\|athp\|bwi\|bwn\|ipw\|iwi\|iwm\|iwn\|malo\|mwl\|ral\|rsu\|rtwn\|rum\|run\|uath\|upgt\|ural\|urtw\|urtwn\|wi\|wpi\|wtap\|zyd)[0-9]+/",
89	0bd239d9	Renato Botelho	"help_base_url" => "/help.php",
90	60ff91f1	Renato Botelho	"pkg_prefix" => "pfSense-pkg-",
91	ceecd29b	Renato Botelho	"default_timezone" => "Etc/UTC",
92	0c2dffb0	Renato Botelho	"language" => "en_US",
93	2d113b12	Renato Botelho	"default_config_backup_count" => 30,
94	62bac37e	jim-p	"default_cert_expiredays" => 27,
95	f9d9d054	jim-p	"default_log_entries" => 500,
96			"default_log_size" => 512000,
97	b395c4f2	Renato Botelho	"minimumtableentries_bogonsv6" => 400000,
98	1b75667c	Viktor G	"alternativemetaports" => array("vmware", "php72", "php73", "php74"),
99			"backuppath" => array(
100			'captiveportal' => "/var/db/captiveportal*.db",
101			'dhcpd' => "/var/dhcpd/var/db/dhcpd.leases",
102			'dhcpdv6' => "/var/dhcpd/var/db/dhcpd6.leases",
103			'voucher' => "/var/db/voucher_*.db"
104	7c2468c5	Viktor G	),
105	ddf7b2db	Reid Linnemann	"cp_prefix" => 'cpzoneid',
106			"booting" => false
107	5b237745	Scott Ullrich	);
108
109	a03e3c1f	Bill Marquette	/* IP TOS flags */
110	ec6adc21	Bill Marquette	$iptos = array("lowdelay", "throughput", "reliability");
111	a03e3c1f	Bill Marquette
112			/* TCP flags */
113	79cc9e6b	bcyrill	$tcpflags = array("syn", "ack", "fin", "rst", "psh", "urg", "ece", "cwr");
114	a03e3c1f	Bill Marquette
115	5a0235ca	Renato Botelho	if (file_exists("/etc/version.patch")) {
116			$g["product_version_patch"] = trim(file_get_contents("/etc/version.patch"), " \n");
117			} else {
118			$g["product_version_patch"] = "0";
119			}
120
121			$g['product_version_string'] = $g['product_version'];
122			if (is_numeric($g["product_version_patch"]) && $g["product_version_patch"] != "0") {
123			$g['product_version_string'] .= "-p{$g['product_version_patch']}";
124			}
125
126	630326d4	Renato Botelho	if (file_exists("{$g['etc_path']}/default-config-flavor")) {
127			$flavor_array = file("{$g['etc_path']}/default-config-flavor");
128			$g['default-config-flavor'] = chop($flavor_array[0]);
129			} else {
130			$g['default-config-flavor'] = '';
131			}
132
133	348c2af1	jim-p	$g['openvpn_base'] = "{$g['varetc_path']}/openvpn";
134
135	3a35f55f	Scott Ullrich	/* Default sysctls */
136	1180e4f0	Sjon Hortensius	$sysctls = array("net.inet.ip.portrange.first" => "1024",
137			"net.inet.tcp.blackhole" => "2",
138			"net.inet.udp.blackhole" => "1",
139			"net.inet.ip.random_id" => "1",
140			"net.inet.tcp.drop_synfin" => "1",
141			"net.inet.ip.redirect" => "1",
142			"net.inet6.ip6.redirect" => "1",
143	20a3b436	Renato Botelho	"net.inet6.ip6.use_tempaddr" => "0",
144			"net.inet6.ip6.prefer_tempaddr" => "0",
145	1180e4f0	Sjon Hortensius	"net.inet.tcp.syncookies" => "1",
146			"net.inet.tcp.recvspace" => "65228",
147			"net.inet.tcp.sendspace" => "65228",
148			"net.inet.tcp.delayed_ack" => "0",
149			"net.inet.udp.maxdgram" => "57344",
150			"net.link.bridge.pfil_onlyip" => "0",
151			"net.link.bridge.pfil_member" => "1",
152			"net.link.bridge.pfil_bridge" => "0",
153			"net.link.tap.user_open" => "1",
154	c2a14eec	Luiz Souza	"net.link.vlan.mtag_pcp" => "1",
155	1180e4f0	Sjon Hortensius	"kern.randompid" => "347",
156			"net.inet.ip.intr_queue_maxlen" => "1000",
157			"hw.syscons.kbd_reboot" => "0",
158			"net.inet.tcp.log_debug" => "0",
159			"net.inet.tcp.tso" => "1",
160	feae85bc	Scott Ullrich	"net.inet.icmp.icmplim" => "0",
161	abe7607f	Scott Ullrich	"vfs.read_max" => "32",
162	2b7ca9b2	Ermal	"kern.ipc.maxsockbuf" => "4262144",
163	c06240db	Ermal	"net.inet.ip.process_options" => 0,
164	c3938c16	Luiz Souza	"kern.random.harvest.mask" => "351",
165	7d8b75ab	Ermal	"net.route.netisr_maxqlen" => 1024,
166	a3a1b24e	Ermal	"net.inet.udp.checksum" => 1,
167	2f5488df	Ermal	"net.inet.icmp.reply_from_interface" => 1,
168	ec5753e7	Ermal LUÇI	"net.inet6.ip6.rfc6204w3" => 1,
169	62dc93d1	Chris Buechler	"net.key.preferred_oldsa" => "0",
170	1dbe220c	jim-p	"net.inet.carp.senderr_demotion_factor" => 0, /* Do not demote CARP for interface send errors */
171	c81678f4	Chris Buechler	"net.pfsync.carp_demotion_factor" => 0, /* Do not demote CARP for pfsync errors */
172			"net.raw.recvspace" => 65536,
173	48a8235e	Chris Buechler	"net.raw.sendspace" => 65536,
174			"net.inet.raw.recvspace" => 131072,
175	a08208f8	jim-p	"net.inet.raw.maxdgram" => 131072,
176			"kern.corefile" => "/root/%N.core" /* Write all core files to /root/ so they do not consume space on other slices */
177	feae85bc	Scott Ullrich	);
178	3a35f55f	Scott Ullrich
179	545d0b46	Dave Cornejo	$machine_type = php_uname('m');
180			if (($machine_type == 'arm') \|\| ($machine_type == 'arm64')) {
181			$sysctls['kern.shutdown.secure_halt'] = 1;
182			}
183
184	8346b5c4	jim-p	/* Include override values for the above if needed. If the file doesn't exist, don't try to load it. */
185	9ba87997	Phil Davis	if (file_exists("/etc/inc/globals_override.inc")) {
186	86573bb9	Phil Davis	@include_once("globals_override.inc");
187	9ba87997	Phil Davis	}
188	8346b5c4	jim-p
189	ae04affe	Renato Botelho	/* Read all XML files in following dir and load menu entries */
190			$g["ext_menu_path"] = "/usr/local/share/{$g['product_name']}/menu";
191
192	e8f8aeb6	Renato Botelho	/* Cache file used to store pfSense version */
193			$g["version_cache_file"] = "{$g['varrun_path']}/{$g['product_name']}_version";
194	e0e922da	Renato Botelho	$g['version_cache_refresh'] = 2 * 60 * 60; /* 2h */
195	e8f8aeb6	Renato Botelho
196	16d6c1df	Renato Botelho	function platform_booting($on_console = false) {
197	285ef132	Ermal LUÇI	global $g;
198
199	9ba87997	Phil Davis	if ($g['booting'] \|\| file_exists("{$g['varrun_path']}/booting")) {
200			if ($on_console == false \|\| php_sapi_name() != 'fpm-fcgi') {
201	16d6c1df	Renato Botelho	return true;
202	9ba87997	Phil Davis	}
203			}
204	285ef132	Ermal LUÇI
205			return false;
206			}
207	b8d09280	Ermal LUÇI
208	9ba87997	Phil Davis	if (file_exists("{$g['cf_conf_path']}/enableserial_force")) {
209	719db60e	Ermal LUÇI	$g['enableserial_force'] = true;
210	9ba87997	Phil Davis	}
211	719db60e	Ermal LUÇI
212	1883455a	Ermal	$config_parsed = false;
213	9734b054	Scott Ullrich
214	39d2f39d	NOYB	/* Factory default check IP service. */
215			$factory_default_checkipservice = array(
216			"enable" => true,
217			"name" => 'Default',
218			"url" => 'http://checkip.dyndns.org',
219			// "username" => '',
220			// "password" => '',
221			// "verifysslpeer" => true,
222			"descr" => 'Default Check IP Service'
223			);
224
225	b923a825	Tom Embt	$dyndns_split_domain_types = array("namecheap", "cloudflare", "cloudflare-v6", "gratisdns", "cloudns", "godaddy", "godaddy-v6", "linode", "linode-v6");
226	b20cfb55	jim-p
227			/* pf tokens from FreeBSD source sbin/pfctl/parse.y (plus our custom entries at the end)*/
228			global $pf_reserved_keywords;
229			$pf_reserved_keywords = array(
230			"pass", "block", "scrub", "return", "in", "os", "out", "log", "quick", "on", "from", "to", "flags", "returnrst",
231			"returnicmp", "returnicmp6", "proto", "inet", "inet6", "all", "any", "icmptype", "icmp6type", "code", "keep",
232			"modulate", "state", "port", "rdr", "nat", "binat", "arrow", "nodf", "minttl", "error", "allowopts", "fastroute",
233			"filename", "routeto", "dupto", "replyto", "no", "label", "noroute", "urpffailed", "fragment", "user", "group",
234			"maxmss", "maximum", "ttl", "tos", "drop", "table", "reassemble", "fragdrop", "fragcrop", "anchor", "natanchor",
235			"rdranchor", "binatanchor", "set", "optimization", "timeout", "limit", "loginterface", "blockpolicy", "randomid",
236			"requireorder", "synproxy", "fingerprints", "nosync", "debug", "skip", "hostid", "antispoof", "for", "include",
237			"bitmask", "random", "sourcehash", "roundrobin", "staticport", "probability", "altq", "cbq", "codel", "priq",
238			"hfsc", "fairq", "bandwidth", "tbrsize", "linkshare", "realtime", "upperlimit", "queue", "priority", "qlimit",
239			"hogs", "buckets", "rtable", "target", "interval", "load", "ruleset_optimization", "prio", "stickyaddress",
240			"maxsrcstates", "maxsrcnodes", "sourcetrack", "global", "rule", "maxsrcconn", "maxsrcconnrate", "overload",
241			"flush", "sloppy", "tagged", "tag", "ifbound", "floating", "statepolicy", "statedefaults", "route", "settos",
242			"divertto", "divertreply", "max", "min", "pptp", "pppoe", "L2TP", "OpenVPN", "IPsec");
243	62ed56dc	Luiz Souza
244	7997506f	vktg	/* Reserved table names to avoid collision */
245	783e9a2a	vktg	global $reserved_table_names;
246			$reserved_table_names = array(
247			"bogons",
248			"bogonsv6",
249			"negate_networks",
250			"snort2c",
251			"sshguard",
252			"tonatsubnets",
253			"virusprot",
254			"vpn_networks",
255			);
256
257	62ed56dc	Luiz Souza	/* VLAN Prio values. */
258			$vlanprio_values = array(
259			"bk" => 0,
260			"be" => 1,
261			"ee" => 2,
262			"ca" => 3,
263			"vi" => 4,
264			"vo" => 5,
265			"ic" => 6,
266			"nc" => 7
267			);
268
269			$vlanprio = array(
270			"bk" => "Background (BK, 0)",
271			"be" => "Best Effort (BE, 1)",
272			"ee" => "Excellent Effort (EE, 2)",
273			"ca" => "Critical Applications (CA, 3)",
274			"vi" => "Video (VI, 4)",
275			"vo" => "Voice (VO, 5)",
276			"ic" => "Internetwork Control (IC, 6)",
277			"nc" => "Network Control (NC, 7)"
278			);
279
280	f9e8c833	jim-p	global $system_log_files;
281			$system_log_files = array(
282			"system", "filter", "dhcpd", "vpn", "poes", "l2tps", "openvpn",
283			"portalauth", "ipsec", "ppp", "wireless", "nginx", "ntpd", "gateways",
284	49967ae7	jim-p	"resolver", "routing", "auth");
285	f9e8c833	jim-p
286	eacc805e	jim-p	global $system_log_non_syslog_files;
287			$system_log_non_syslog_files = array('dmesg.boot', 'utx.log', 'userlog');
288
289	03cdd6ad	jim-p	global $system_log_compression_types;
290			$system_log_compression_types = array(
291			'bzip2' => array(
292			'flag' => 'J',
293	87fb98b9	jim-p	'cat' => '/usr/bin/bzcat -qf',
294	03cdd6ad	jim-p	'ext' => 'bz2',
295			),
296			'gzip' => array(
297			'flag' => 'Z',
298	87fb98b9	jim-p	'cat' => '/usr/bin/zcat -qf',
299	03cdd6ad	jim-p	'ext' => 'gz',
300			),
301			'xz' => array(
302			'flag' => 'X',
303	87fb98b9	jim-p	'cat' => '/usr/bin/xzcat -qf',
304	03cdd6ad	jim-p	'ext' => 'xz',
305			),
306			'zstd' => array(
307			'flag' => 'Y',
308	87fb98b9	jim-p	'cat' => '/usr/bin/zstdcat -qqf',
309	03cdd6ad	jim-p	'ext' => 'zst',
310			),
311			'none' => array(
312			'flag' => '',
313	a62b14a7	Viktor G	'cat' => '/bin/cat',
314	03cdd6ad	jim-p	'ext' => '',
315			),
316			);
317
318	e5eba380	Viktor G	global $ddnsdomainkeyalgorithms;
319			$ddnsdomainkeyalgorithms = array(
320			'hmac-md5' => 'HMAC-MD5 (legacy default)',
321			'hmac-sha1' => 'HMAC-SHA1',
322			'hmac-sha224' => 'HMAC-SHA224',
323			'hmac-sha256' => 'HMAC-SHA256 (current bind9 default)',
324			'hmac-sha384' => 'HMAC-SHA384',
325			'hmac-sha512' => 'HMAC-SHA512 (most secure)');
326
327	cb0a23f2	jim-p	global $ipsec_filtermodes;
328			$ipsec_filtermodes = array(
329	f873a4ef	jim-p	'enc' => 'Filter IPsec Tunnel, Transport, and VTI on IPsec tab (enc0)',
330			'if_ipsec' => 'Filter IPsec VTI and Transport on assigned interfaces, block all tunnel mode traffic'
331	cb0a23f2	jim-p	);
332
333			global $ipsec_filter_sysctl;
334			$ipsec_filter_sysctl = array(
335			'enc' => array(
336			"net.inet.ipsec.filtertunnel" => "0x0000",
337			"net.inet6.ipsec6.filtertunnel" => "0x0000",
338			"net.enc.out.ipsec_bpf_mask" => "0x0001",
339			"net.enc.out.ipsec_filter_mask" => "0x0001",
340			"net.enc.in.ipsec_bpf_mask" => "0x0002",
341			"net.enc.in.ipsec_filter_mask" => "0x0002"
342			),
343			'if_ipsec' => array(
344			"net.inet.ipsec.filtertunnel" => "0x0001",
345			"net.inet6.ipsec6.filtertunnel" => "0x0001",
346			"net.enc.out.ipsec_bpf_mask" => "0x0000",
347			"net.enc.out.ipsec_filter_mask" => "0x0000",
348			"net.enc.in.ipsec_bpf_mask" => "0x0000",
349			"net.enc.in.ipsec_filter_mask" => "0x0000"
350			),
351			);
352
353	6d98e931	Viktor G	global $vpn_and_ppp_ifs;
354			$vpn_and_ppp_ifs = array("l2tp", "pppoe", "enc0", "openvpn");
355	dc22e511	Viktor G
356			global $ssh_keys;
357			$ssh_keys = array(
358			array('type' => 'rsa', 'suffix' => 'rsa_'),
359			array('type' => 'ed25519', 'suffix' => 'ed25519_')
360			);
361
362			global $sshConfigDir;
363			$sshConfigDir = "/etc/ssh";
364
365	47eecb16	Viktor G	global $lagg_hash_list;
366			$lagg_hash_list = array(
367			'l2,l3,l4' => 'Layer 2/3/4 (default)',
368			'l2' => 'Layer 2 (MAC Address)',
369			'l3' => 'Layer 3 (IP Address)',
370			'l4' => 'Layer 4 (Port Number)',
371			'l2,l3' => 'Layer 2/3 (MAC + IP)',
372			'l3,l4' => 'Layer 3/4 (IP + Port)',
373			'l2,l4' => 'Layer 2/4 (MAC + Port)'
374			);
375
376	2b7ca9b2	Ermal	?>

Project

General

Profile

pfSense