/src/usr/local/pkg/miniupnpd.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/pkg/miniupnpd.inc @ 4ebc299b

1	c38fee60	Scott Ullrich	<?php
2	2816f43f	Ermal	require_once("util.inc");
3	c38fee60	Scott Ullrich	require_once("config.inc");
4			require_once("functions.inc");
5	1729ace8	jim-p	require_once("shaper.inc");
6	c38fee60	Scott Ullrich
7	fdad935f	jim-p	$shortcut_section = "upnp";
8
9	422e039b	Scott Ullrich	/* MiniUPnPd */
10	c38fee60	Scott Ullrich
11	7d61beba	Phil Davis	function upnp_notice($msg) {
12			log_error("miniupnpd: {$msg}");
13			}
14
15			function upnp_warn($msg) {
16			log_error("miniupnpd: {$msg}");
17			}
18	422e039b	Scott Ullrich
19	d86002ec	Ryan Wagoner	function upnp_running () {
20	7d61beba	Phil Davis	if ((int)exec('/bin/pgrep -a miniupnpd \| /usr/bin/wc -l') > 0) {
21	d86002ec	Ryan Wagoner	return true;
22	7d61beba	Phil Davis	}
23	966f579e	Ryan Wagoner	return false;
24	2816f43f	Ermal	}
25	d86002ec	Ryan Wagoner
26	d05e1b9f	Ryan Wagoner	function upnp_write_config($file, $text) {
27			$handle = fopen($file, 'w');
28	7d61beba	Phil Davis	if (!$handle) {
29	d05e1b9f	Ryan Wagoner	upnp_warn("Could not open {$file} for writing.");
30	cf46a14f	Ermal	return;
31	d86002ec	Ryan Wagoner	}
32	d05e1b9f	Ryan Wagoner	fwrite($handle, $text);
33			fclose($handle);
34	966f579e	Ryan Wagoner	}
35
36			function upnp_uuid() {
37			/* md5 hash of wan mac */
38	8df14984	Ermal	$uuid = md5(get_interface_mac(get_real_interface("wan")));
39	966f579e	Ryan Wagoner	/* put uuid in correct format 8-4-4-4-12 */
40	6c07db48	Phil Davis	return substr($uuid, 0, 8) . '-' . substr($uuid, 9, 4) . '-' . substr($uuid, 13, 4) . '-' . substr($uuid, 17, 4) . '-' . substr($uuid, 21, 12);
41	966f579e	Ryan Wagoner	}
42	d86002ec	Ryan Wagoner
43	1729ace8	jim-p	function upnp_validate_queue($qname) {
44			read_altq_config();
45			$qlist = get_altq_name_list();
46	02afa684	jim-p	if (is_array($qlist)) {
47			return in_array($qname, $qlist);
48			} else {
49			return false;
50			}
51	1729ace8	jim-p	}
52
53	d05e1b9f	Ryan Wagoner	function upnp_validate_ip($ip, $check_cdir) {
54	7d61beba	Phil Davis	/* validate cidr */
55	539d5973	Ermal	$ip_array = array();
56	7d61beba	Phil Davis	if ($check_cdir) {
57	d05e1b9f	Ryan Wagoner	$ip_array = explode('/', $ip);
58	7d61beba	Phil Davis	if (count($ip_array) == 2) {
59			if ($ip_array[1] < 1 \|\| $ip_array[1] > 32) {
60	d86002ec	Ryan Wagoner	return false;
61	7d61beba	Phil Davis	}
62			} else {
63			if (count($ip_array) != 1) {
64	d86002ec	Ryan Wagoner	return false;
65	7d61beba	Phil Davis	}
66			}
67			} else {
68	d86002ec	Ryan Wagoner	$ip_array[] = $ip;
69	7d61beba	Phil Davis	}
70	d86002ec	Ryan Wagoner
71			/* validate ip */
72	7d61beba	Phil Davis	if (!is_ipaddr($ip_array[0])) {
73	d86002ec	Ryan Wagoner	return false;
74	7d61beba	Phil Davis	}
75	d86002ec	Ryan Wagoner	return true;
76			}
77
78			function upnp_validate_port($port) {
79	7d61beba	Phil Davis	foreach (explode('-', $port) as $sub) {
80			if ($sub < 0 \|\| $sub > 65535) {
81	d86002ec	Ryan Wagoner	return false;
82	7d61beba	Phil Davis	}
83			}
84			return true;
85	c38fee60	Scott Ullrich	}
86	02d777de	Scott Ullrich
87	cf4e473b	jim-p	function before_form_miniupnpd(&$pkg) {
88	c38fee60	Scott Ullrich	global $config;
89	02d777de	Scott Ullrich
90	c38fee60	Scott Ullrich	}
91
92	cf4e473b	jim-p	function validate_form_miniupnpd($post, &$input_errors) {
93	7d61beba	Phil Davis	if ($post['enable'] && (!$post['enable_upnp'] && !$post['enable_natpmp'])) {
94	93b2c459	jim-p	$input_errors[] = 'At least one of \'UPnP\' or \'NAT-PMP\' must be allowed';
95	7d61beba	Phil Davis	}
96			if ($post['iface_array']) {
97			foreach ($post['iface_array'] as $iface) {
98			if ($iface == 'wan') {
99	c38fee60	Scott Ullrich	$input_errors[] = 'It is a security risk to specify WAN in the \'Interface\' field';
100	7d61beba	Phil Davis	} elseif ($iface == $post['ext_iface']) {
101	f8466c36	jim-p	$input_errors[] = 'You cannot select the external interface as an internal interface.';
102	7d61beba	Phil Davis	}
103	f8466c36	jim-p	}
104	7d61beba	Phil Davis	}
105	6c07db48	Phil Davis	if ($post['overridewanip'] && !upnp_validate_ip($post['overridewanip'], false)) {
106	c38fee60	Scott Ullrich	$input_errors[] = 'You must specify a valid ip address in the \'Override WAN address\' field';
107	7d61beba	Phil Davis	}
108			if (($post['download'] && !$post['upload']) \|\| ($post['upload'] && !$post['download'])) {
109	c38fee60	Scott Ullrich	$input_errors[] = 'You must fill in both \'Maximum Download Speed\' and \'Maximum Upload Speed\' fields';
110	7d61beba	Phil Davis	}
111			if ($post['download'] && $post['download'] <= 0) {
112	c38fee60	Scott Ullrich	$input_errors[] = 'You must specify a value greater than 0 in the \'Maximum Download Speed\' field';
113	7d61beba	Phil Davis	}
114			if ($post['upload'] && $post['upload'] <= 0) {
115	c38fee60	Scott Ullrich	$input_errors[] = 'You must specify a value greater than 0 in the \'Maximum Upload Speed\' field';
116	7d61beba	Phil Davis	}
117			if ($post['upnpqueue'] && !upnp_validate_queue($post['upnpqueue'])) {
118	1729ace8	jim-p	$input_errors[] = 'You must specify a valid traffic shaping queue.';
119	7d61beba	Phil Davis	}
120	d86002ec	Ryan Wagoner
121	4ebc299b	Viktor G	if ($post['enable_stun']) {
122			if (!$post['stun_host'] \|\| (!is_ipaddrv4($post['stun_host']) && !is_hostname($post['stun_host']))) {
123			$input_errors[] = 'A valid IP address or hostname for \'STUN Server\' must be specified';
124			}
125			if (!$post['stun_port'] \|\| !is_port($post['stun_port'])) {
126			$input_errors[] = 'A valid port number for \'STUN Port\' must be specified';
127			}
128			}
129
130	d86002ec	Ryan Wagoner	/* user permissions validation */
131	04a893de	xbipin	$j = substr_count(implode(array_keys($post)), "permuser");
132	6c07db48	Phil Davis	for ($i = 0; $i < $j; $i++) {
133	7d61beba	Phil Davis	if ($post["permuser{$i}"]) {
134	6c07db48	Phil Davis	$perm = explode(' ', $post["permuser{$i}"]);
135	d86002ec	Ryan Wagoner	/* should explode to 4 args */
136	7d61beba	Phil Davis	if (count($perm) != 4) {
137	d86002ec	Ryan Wagoner	$input_errors[] = "You must follow the specified format in the 'User specified permissions {$i}' field";
138			} else {
139			/* must with allow or deny */
140	7d61beba	Phil Davis	if (!($perm[0] == 'allow' \|\| $perm[0] == 'deny')) {
141	d86002ec	Ryan Wagoner	$input_errors[] = "You must begin with allow or deny in the 'User specified permissions {$i}' field";
142	7d61beba	Phil Davis	}
143	d86002ec	Ryan Wagoner	/* verify port or port range */
144	7d61beba	Phil Davis	if (!upnp_validate_port($perm[1]) \|\| !upnp_validate_port($perm[3])) {
145			$input_errors[] = "You must specify a port or port range between 0 and 65535 in the 'User specified permissions {$i}' field";
146			}
147	d86002ec	Ryan Wagoner	/* verify ip address */
148	6c07db48	Phil Davis	if (!upnp_validate_ip($perm[2], true)) {
149	d86002ec	Ryan Wagoner	$input_errors[] = "You must specify a valid ip address in the 'User specified permissions {$i}' field";
150	7d61beba	Phil Davis	}
151	d86002ec	Ryan Wagoner	}
152			}
153	7d61beba	Phil Davis	}
154	c38fee60	Scott Ullrich	}
155
156			function sync_package_miniupnpd() {
157	5779ade6	Renato Botelho	global $g, $config;
158	c38fee60	Scott Ullrich	global $input_errors;
159
160	d05e1b9f	Ryan Wagoner	$upnp_config = $config['installedpackages']['miniupnpd']['config'][0];
161			$config_file = '/var/etc/miniupnpd.conf';
162	d86002ec	Ryan Wagoner
163	7d61beba	Phil Davis	if (!isset($upnp_config['ext_iface']) \|\| empty($upnp_config['ext_iface'])) {
164	f8466c36	jim-p	$ext_ifname = get_real_interface();
165	7d61beba	Phil Davis	} else {
166	f8466c36	jim-p	$if = convert_friendly_interface_to_real_interface_name($upnp_config['ext_iface']);
167	7d61beba	Phil Davis	if ($if != $upnp_config['ext_iface']) {
168	f8466c36	jim-p	$ext_ifname = $if;
169	7d61beba	Phil Davis	} else {
170	f8466c36	jim-p	$ext_ifname = get_real_interface();
171			upnp_warn("Could not resolve real interface for {$upnp_config['ext_iface']}, defaulting to WAN");
172			}
173			}
174
175			$config_text = "ext_ifname={$ext_ifname}\n";
176	d05e1b9f	Ryan Wagoner	$config_text .= "port=2189\n";
177	c38fee60	Scott Ullrich
178	d05e1b9f	Ryan Wagoner	$ifaces_active = '';
179	cf97af9a	Scott Ullrich
180	7d61beba	Phil Davis	/* since config is written before this file is invoked we don't need to read post data */
181			if ($upnp_config['enable'] && !empty($upnp_config['iface_array'])) {
182	d05e1b9f	Ryan Wagoner	$iface_array = explode(',', $upnp_config['iface_array']);
183	c38fee60	Scott Ullrich
184	7d61beba	Phil Davis	foreach ($iface_array as $iface) {
185	f8466c36	jim-p	/* Setting the same internal and external interface is not allowed. */
186	7d61beba	Phil Davis	if ($iface == $upnp_config['ext_iface']) {
187	f8466c36	jim-p	continue;
188	7d61beba	Phil Davis	}
189	c38fee60	Scott Ullrich	$if = convert_friendly_interface_to_real_interface_name($iface);
190			/* above function returns iface if fail */
191	6c07db48	Phil Davis	if ($if != $iface) {
192	c38fee60	Scott Ullrich	$addr = find_interface_ip($if);
193	81acbdd7	Daniel Becker	$bits = find_interface_subnet($if);
194	c38fee60	Scott Ullrich	/* check that the interface has an ip address before adding parameters */
195	88cbd62a	Ermal	if (is_ipaddr($addr)) {
196	8718669c	Renato Botelho	$config_text .= "listening_ip={$if}\n";
197	7d61beba	Phil Davis	if (!$ifaces_active) {
198	7fae6598	Ryan Wagoner	$webgui_ip = $addr;
199	422e039b	Scott Ullrich	$ifaces_active = $iface;
200	7d61beba	Phil Davis	} else {
201	422e039b	Scott Ullrich	$ifaces_active .= ", {$iface}";
202	7d61beba	Phil Davis	}
203			} else {
204	422e039b	Scott Ullrich	upnp_warn("Interface {$iface} has no ip address, ignoring");
205	7d61beba	Phil Davis	}
206			} else {
207	422e039b	Scott Ullrich	upnp_warn("Could not resolve real interface for {$iface}");
208	7d61beba	Phil Davis	}
209	c38fee60	Scott Ullrich	}
210
211	88cbd62a	Ermal	if (!empty($ifaces_active)) {
212	d86002ec	Ryan Wagoner	/* override wan ip address, common for carp, etc */
213	7d61beba	Phil Davis	if ($upnp_config['overridewanip']) {
214	d05e1b9f	Ryan Wagoner	$config_text .= "ext_ip={$upnp_config['overridewanip']}\n";
215	7d61beba	Phil Davis	}
216	02d777de	Scott Ullrich
217	9025112e	jim-p	$download = (int)$upnp_config['download'] * 1000;
218			$upload = (int)$upnp_config['upload'] * 1000;
219	d86002ec	Ryan Wagoner
220			/* set upload and download bitrates */
221	7d61beba	Phil Davis	if (!empty($download) && !empty($upload)) {
222	d05e1b9f	Ryan Wagoner	$config_text .= "bitrate_down={$download}\n";
223			$config_text .= "bitrate_up={$upload}\n";
224	d86002ec	Ryan Wagoner	}
225	7d61beba	Phil Davis
226	d86002ec	Ryan Wagoner	/* enable logging of packets handled by miniupnpd rules */
227	7d61beba	Phil Davis	if ($upnp_config['logpackets']) {
228	d05e1b9f	Ryan Wagoner	$config_text .= "packet_log=yes\n";
229	7d61beba	Phil Davis	}
230
231	d86002ec	Ryan Wagoner	/* enable system uptime instead of miniupnpd uptime */
232	7d61beba	Phil Davis	if ($upnp_config['sysuptime']) {
233	d05e1b9f	Ryan Wagoner	$config_text .= "system_uptime=yes\n";
234	7d61beba	Phil Davis	}
235	d86002ec	Ryan Wagoner
236	b93bb38c	Chris Buechler	/* set secure_mode */
237			$config_text .= "secure_mode=yes\n";
238
239	7fae6598	Ryan Wagoner	/* set webgui url */
240	c3a74b4e	Josh Galvez (zevlag)	if (!empty($upnp_config['presentationurl'])){
241			$config_text .= "presentation_url=" . $upnp_config['presentationurl'] . "\n";
242			} elseif (!empty($config['system']['webgui']['protocol'])) {
243	d05e1b9f	Ryan Wagoner	$config_text .= "presentation_url={$config['system']['webgui']['protocol']}://{$webgui_ip}";
244	7d61beba	Phil Davis	if (!empty($config['system']['webgui']['port'])) {
245	d05e1b9f	Ryan Wagoner	$config_text .= ":{$config['system']['webgui']['port']}";
246	7d61beba	Phil Davis	}
247	d05e1b9f	Ryan Wagoner	$config_text .= "/\n";
248	7fae6598	Ryan Wagoner	}
249	966f579e	Ryan Wagoner
250			/* set uuid and serial */
251	d05e1b9f	Ryan Wagoner	$config_text .= "uuid=".upnp_uuid()."\n";
252	6c07db48	Phil Davis	$config_text .= "serial=".strtoupper(substr(upnp_uuid(), 0, 8))."\n";
253	966f579e	Ryan Wagoner
254			/* set model number */
255	0748e493	Josh Galvez (zevlag)	if (!empty($upnp_config['modelnumber'])){
256			$config_text .= "model_number=" . $upnp_config['modelnumber'] . "\n";
257	c401e41e	Josh Galvez (zevlag)	} else {
258			$config_text .= "model_number=" . $g['product_version'] . "\n";
259			}
260	d86002ec	Ryan Wagoner	/* upnp access restrictions */
261	7ca5be34	jim-p	if (is_array($upnp_config['row'])) {
262			foreach ($upnp_config['row'] as $row) {
263			if ($row['permuser']) {
264			$config_text .= "{$row["permuser"]}\n";
265			}
266	7d61beba	Phil Davis	}
267	02d777de	Scott Ullrich	}
268
269	7d61beba	Phil Davis	if ($upnp_config['permdefault']) {
270	d05e1b9f	Ryan Wagoner	$config_text .= "deny 0-65535 0.0.0.0/0 0-65535\n";
271	7d61beba	Phil Davis	}
272	02d777de	Scott Ullrich
273	1729ace8	jim-p	/* Recheck if queue is valid */
274	7d61beba	Phil Davis	if (!upnp_validate_queue($upnp_config['upnpqueue'])) {
275	1729ace8	jim-p	unset($upnp_config['upnpqueue']);
276	7d61beba	Phil Davis	}
277	1729ace8	jim-p
278			/* Add shaper queue */
279	6c07db48	Phil Davis	if ($upnp_config['upnpqueue']) {
280	1729ace8	jim-p	$config_text .= "queue={$upnp_config['upnpqueue']}\n";
281	7d61beba	Phil Davis	}
282	1729ace8	jim-p
283	93b2c459	jim-p	/* Allow UPnP or NAT-PMP as requested */
284	6c07db48	Phil Davis	$config_text .= "enable_upnp=" . ($upnp_config['enable_upnp'] ? "yes\n" : "no\n");
285			$config_text .= "enable_natpmp=" . ($upnp_config['enable_natpmp'] ? "yes\n" : "no\n");
286	93b2c459	jim-p
287	4ebc299b	Viktor G	/* STUN configuration */
288			if ($upnp_config['enable_stun']) {
289			$config_text .= "ext_perform_stun=yes\n";
290			$config_text .= "ext_stun_host={$upnp_config['stun_host']}\n";
291			$config_text .= "ext_stun_port={$upnp_config['stun_port']}\n";
292			}
293
294	e80df06e	Scott Ullrich	/* write out the configuration */
295	d05e1b9f	Ryan Wagoner	upnp_write_config($config_file, $config_text);
296	7d61beba	Phil Davis
297	422e039b	Scott Ullrich	/* if miniupnpd not running start it */
298	7d61beba	Phil Davis	if (!upnp_running()) {
299	422e039b	Scott Ullrich	upnp_notice("Starting service on interface: {$ifaces_active}");
300	7d61beba	Phil Davis	upnp_action('start');
301			} else {
302			/* restart miniupnpd if settings were changed */
303	422e039b	Scott Ullrich	upnp_notice("Restarting service on interface: {$ifaces_active}");
304	d86002ec	Ryan Wagoner	upnp_action('restart');
305	02d777de	Scott Ullrich	}
306			}
307	88cbd62a	Ermal	} else {
308			/* user does not want miniupnpd running */
309	c38fee60	Scott Ullrich	/* lets stop the service and remove the rc file */
310	02d777de	Scott Ullrich
311	88cbd62a	Ermal	if (file_exists($config_file)) {
312	7d61beba	Phil Davis	if (!$upnp_config['enable']) {
313	d86002ec	Ryan Wagoner	upnp_notice('Stopping service: miniupnpd disabled');
314	7d61beba	Phil Davis	} else {
315			upnp_notice('Stopping service: no interfaces selected');
316			}
317	422e039b	Scott Ullrich
318	431484c8	Ryan Wagoner	upnp_action('stop');
319	88cbd62a	Ermal	@unlink($config_file);
320	422e039b	Scott Ullrich	}
321	c38fee60	Scott Ullrich	}
322			}
323	422e039b	Scott Ullrich	?>

Project

General

Profile

pfSense