Revision 5898a649
Added by Steve Beaver over 4 years ago
| src/etc/inc/web/system_advanced.inc | ||
|---|---|---|
| 925 | 925 |
|
| 926 | 926 |
return $json ? json_encode($rv) : $rv; |
| 927 | 927 |
} |
| 928 |
|
|
| 929 |
// Functions included by system_advanced_misc.php ============================= |
|
| 930 |
function getSystemAdvancedMisc($json = false) {
|
|
| 931 |
global $config; |
|
| 932 |
|
|
| 933 |
$pconfig = array(); |
|
| 934 |
$pconfig['proxyurl'] = $config['system']['proxyurl']; |
|
| 935 |
$pconfig['proxyport'] = $config['system']['proxyport']; |
|
| 936 |
$pconfig['proxyuser'] = $config['system']['proxyuser']; |
|
| 937 |
$pconfig['proxypass'] = $config['system']['proxypass']; |
|
| 938 |
$pconfig['harddiskstandby'] = $config['system']['harddiskstandby']; |
|
| 939 |
$pconfig['lb_use_sticky'] = isset($config['system']['lb_use_sticky']); |
|
| 940 |
$pconfig['srctrack'] = $config['system']['srctrack']; |
|
| 941 |
$pconfig['powerd_enable'] = isset($config['system']['powerd_enable']); |
|
| 942 |
$pconfig['crypto_hardware'] = $config['system']['crypto_hardware']; |
|
| 943 |
$pconfig['thermal_hardware'] = $config['system']['thermal_hardware']; |
|
| 944 |
$pconfig['pti_disabled'] = isset($config['system']['pti_disabled']); |
|
| 945 |
$pconfig['mds_disable'] = $config['system']['mds_disable']; |
|
| 946 |
$pconfig['schedule_states'] = isset($config['system']['schedule_states']); |
|
| 947 |
$pconfig['gw_down_kill_states'] = isset($config['system']['gw_down_kill_states']); |
|
| 948 |
$pconfig['skip_rules_gw_down'] = isset($config['system']['skip_rules_gw_down']); |
|
| 949 |
$pconfig['use_mfs_tmpvar'] = isset($config['system']['use_mfs_tmpvar']); |
|
| 950 |
$pconfig['use_mfs_tmp_size'] = $config['system']['use_mfs_tmp_size']; |
|
| 951 |
$pconfig['use_mfs_var_size'] = $config['system']['use_mfs_var_size']; |
|
| 952 |
$pconfig['do_not_send_uniqueid'] = isset($config['system']['do_not_send_uniqueid']); |
|
| 953 |
$pconfig['available_kernel_memory'] = get_single_sysctl("vm.kmem_map_free");
|
|
| 954 |
$pconfig['pti'] = get_single_sysctl('vm.pmap.pti');
|
|
| 955 |
$pconfig['mds']= get_single_sysctl('hw.mds_disable_state');
|
|
| 956 |
|
|
| 957 |
/* Adjust available kernel memory to account for existing RAM disks |
|
| 958 |
* https://redmine.pfsense.org/issues/10420 */ |
|
| 959 |
if (isset($config['system']['use_mfs_tmpvar'])) {
|
|
| 960 |
/* Get current RAM disk sizes */ |
|
| 961 |
$pconfig['available_kernel_memory'] += ((int) trim(exec("/bin/df -k /tmp /var | /usr/bin/awk '/\/dev\/md/ {sum += \$2 * 1024} END {print sum}'")));
|
|
| 962 |
} |
|
| 963 |
|
|
| 964 |
$pconfig['powerd_ac_mode'] = "hadp"; |
|
| 965 |
if (!empty($config['system']['powerd_ac_mode'])) {
|
|
| 966 |
$pconfig['powerd_ac_mode'] = $config['system']['powerd_ac_mode']; |
|
| 967 |
} |
|
| 968 |
|
|
| 969 |
$pconfig['powerd_battery_mode'] = "hadp"; |
|
| 970 |
if (!empty($config['system']['powerd_battery_mode'])) {
|
|
| 971 |
$pconfig['powerd_battery_mode'] = $config['system']['powerd_battery_mode']; |
|
| 972 |
} |
|
| 973 |
|
|
| 974 |
$pconfig['powerd_normal_mode'] = "hadp"; |
|
| 975 |
if (!empty($config['system']['powerd_normal_mode'])) {
|
|
| 976 |
$pconfig['powerd_normal_mode'] = $config['system']['powerd_normal_mode']; |
|
| 977 |
} |
|
| 978 |
|
|
| 979 |
return $json ? json_encode($pconfig) : $pconfig; |
|
| 980 |
} |
|
| 981 |
|
|
| 982 |
function saveSystemAdvancedMisc($post, $json = false) {
|
|
| 983 |
global $config; |
|
| 984 |
|
|
| 985 |
$rv = array(); |
|
| 986 |
|
|
| 987 |
$powerd_modes = array( |
|
| 988 |
'hadp' => gettext('Hiadaptive'),
|
|
| 989 |
'adp' => gettext('Adaptive'),
|
|
| 990 |
'min' => gettext('Minimum'),
|
|
| 991 |
'max' => gettext('Maximum'),
|
|
| 992 |
); |
|
| 993 |
|
|
| 994 |
$mds_modes = array( |
|
| 995 |
'' => gettext('Default'),
|
|
| 996 |
0 => gettext('Mitigation disabled'),
|
|
| 997 |
1 => gettext('VERW instruction (microcode) mitigation enabled'),
|
|
| 998 |
2 => gettext('Software sequence mitigation enabled (not recommended)'),
|
|
| 999 |
3 => gettext('Automatic VERW or Software selection'),
|
|
| 1000 |
); |
|
| 1001 |
|
|
| 1002 |
$crypto_modules = array( |
|
| 1003 |
'aesni' => gettext("AES-NI CPU-based Acceleration"),
|
|
| 1004 |
'cryptodev' => gettext("BSD Crypto Device (cryptodev)"),
|
|
| 1005 |
'aesni_cryptodev' => gettext("AES-NI and BSD Crypto Device (aesni, cryptodev)"),
|
|
| 1006 |
); |
|
| 1007 |
|
|
| 1008 |
$thermal_hardware_modules = array( |
|
| 1009 |
'coretemp' => gettext("Intel Core* CPU on-die thermal sensor"),
|
|
| 1010 |
'amdtemp' => gettext("AMD K8, K10 and K11 CPU on-die thermal sensor")
|
|
| 1011 |
); |
|
| 1012 |
|
|
| 1013 |
if (!empty($post['crypto_hardware']) && !array_key_exists($post['crypto_hardware'], $crypto_modules)) {
|
|
| 1014 |
$input_errors[] = gettext("Please select a valid Cryptographic Accelerator.");
|
|
| 1015 |
} |
|
| 1016 |
|
|
| 1017 |
if (!empty($post['thermal_hardware']) && !array_key_exists($post['thermal_hardware'], $thermal_hardware_modules)) {
|
|
| 1018 |
$input_errors[] = gettext("Please select a valid Thermal Hardware Sensor.");
|
|
| 1019 |
} |
|
| 1020 |
|
|
| 1021 |
if (!empty($post['use_mfs_tmp_size']) && (!is_numeric($post['use_mfs_tmp_size']) || ($post['use_mfs_tmp_size'] < 40))) {
|
|
| 1022 |
$input_errors[] = gettext("/tmp Size must be numeric and should not be less than 40MiB.");
|
|
| 1023 |
} |
|
| 1024 |
|
|
| 1025 |
if (!empty($post['use_mfs_var_size']) && (!is_numeric($post['use_mfs_var_size']) || ($post['use_mfs_var_size'] < 60))) {
|
|
| 1026 |
$input_errors[] = gettext("/var Size must be numeric and should not be less than 60MiB.");
|
|
| 1027 |
} |
|
| 1028 |
|
|
| 1029 |
if (is_numericint($post['use_mfs_tmp_size']) && is_numericint($post['use_mfs_var_size']) && |
|
| 1030 |
((($post['use_mfs_tmp_size'] + $post['use_mfs_var_size']) * 1024 * 1024) > $post['available_kernel_memory'])) {
|
|
| 1031 |
$input_errors[] = gettext("Combined size of /tmp and /var RAM disks would exceed available kernel memory.");
|
|
| 1032 |
} |
|
| 1033 |
|
|
| 1034 |
if (!empty($post['proxyport']) && !is_port($post['proxyport'])) {
|
|
| 1035 |
$input_errors[] = gettext("Proxy port must be a valid port number, 1-65535.");
|
|
| 1036 |
} |
|
| 1037 |
|
|
| 1038 |
if (!empty($post['proxyurl']) && !is_fqdn($post['proxyurl']) && !is_ipaddr($post['proxyurl'])) {
|
|
| 1039 |
$input_errors[] = gettext("Proxy URL must be a valid IP address or FQDN.");
|
|
| 1040 |
} |
|
| 1041 |
|
|
| 1042 |
if (!empty($post['proxyuser']) && preg_match("/[^a-zA-Z0-9\.\-_@]/", $post['proxyuser'])) {
|
|
| 1043 |
$input_errors[] = gettext("The proxy username contains invalid characters.");
|
|
| 1044 |
} |
|
| 1045 |
|
|
| 1046 |
if ($post['proxypass'] != $post['proxypass_confirm']) {
|
|
| 1047 |
$input_errors[] = gettext("Proxy password and confirmation must match.");
|
|
| 1048 |
} |
|
| 1049 |
|
|
| 1050 |
if (!in_array($post['powerd_ac_mode'], array_keys($powerd_modes))) {
|
|
| 1051 |
$input_errors[] = gettext("Invalid AC Power mode.");
|
|
| 1052 |
} |
|
| 1053 |
|
|
| 1054 |
if (!in_array($post['powerd_battery_mode'], array_keys($powerd_modes))) {
|
|
| 1055 |
$input_errors[] = gettext("Invalid Battery Power mode.");
|
|
| 1056 |
} |
|
| 1057 |
|
|
| 1058 |
if (!in_array($post['powerd_normal_mode'], array_keys($powerd_modes))) {
|
|
| 1059 |
$input_errors[] = gettext("Invalid Unknown Power mode.");
|
|
| 1060 |
} |
|
| 1061 |
|
|
| 1062 |
if (!in_array($post['mds_disable'], array_keys($mds_modes))) {
|
|
| 1063 |
$input_errors[] = gettext("Invalid MDS Mode.");
|
|
| 1064 |
} |
|
| 1065 |
|
|
| 1066 |
if (!$input_errors) {
|
|
| 1067 |
|
|
| 1068 |
if ($post['harddiskstandby'] <> "") {
|
|
| 1069 |
$config['system']['harddiskstandby'] = $post['harddiskstandby']; |
|
| 1070 |
system_set_harddisk_standby(); |
|
| 1071 |
} else {
|
|
| 1072 |
unset($config['system']['harddiskstandby']); |
|
| 1073 |
} |
|
| 1074 |
|
|
| 1075 |
if ($post['proxyurl'] <> "") {
|
|
| 1076 |
$config['system']['proxyurl'] = $post['proxyurl']; |
|
| 1077 |
} else {
|
|
| 1078 |
unset($config['system']['proxyurl']); |
|
| 1079 |
} |
|
| 1080 |
|
|
| 1081 |
if ($post['proxyport'] <> "") {
|
|
| 1082 |
$config['system']['proxyport'] = $post['proxyport']; |
|
| 1083 |
} else {
|
|
| 1084 |
unset($config['system']['proxyport']); |
|
| 1085 |
} |
|
| 1086 |
|
|
| 1087 |
if ($post['proxyuser'] <> "") {
|
|
| 1088 |
$config['system']['proxyuser'] = $post['proxyuser']; |
|
| 1089 |
} else {
|
|
| 1090 |
unset($config['system']['proxyuser']); |
|
| 1091 |
} |
|
| 1092 |
|
|
| 1093 |
if ($post['proxypass'] <> "") {
|
|
| 1094 |
if ($post['proxypass'] != DMYPWD) {
|
|
| 1095 |
$config['system']['proxypass'] = $post['proxypass']; |
|
| 1096 |
} |
|
| 1097 |
} else {
|
|
| 1098 |
unset($config['system']['proxypass']); |
|
| 1099 |
} |
|
| 1100 |
|
|
| 1101 |
if ($post['lb_use_sticky'] == "yes") {
|
|
| 1102 |
if (!isset($config['system']['lb_use_sticky'])) {
|
|
| 1103 |
$config['system']['lb_use_sticky'] = true; |
|
| 1104 |
} |
|
| 1105 |
if ($config['system']['srctrack'] != $post['srctrack']) {
|
|
| 1106 |
$config['system']['srctrack'] = $post['srctrack']; |
|
| 1107 |
} |
|
| 1108 |
} else {
|
|
| 1109 |
if (isset($config['system']['lb_use_sticky'])) {
|
|
| 1110 |
unset($config['system']['lb_use_sticky']); |
|
| 1111 |
} |
|
| 1112 |
} |
|
| 1113 |
|
|
| 1114 |
if ($post['pkg_nochecksig'] == "yes") {
|
|
| 1115 |
$config['system']['pkg_nochecksig'] = true; |
|
| 1116 |
} elseif (isset($config['system']['pkg_nochecksig'])) {
|
|
| 1117 |
unset($config['system']['pkg_nochecksig']); |
|
| 1118 |
} |
|
| 1119 |
|
|
| 1120 |
if ($post['do_not_send_uniqueid'] == "yes") {
|
|
| 1121 |
$config['system']['do_not_send_uniqueid'] = true; |
|
| 1122 |
} else {
|
|
| 1123 |
unset($config['system']['do_not_send_uniqueid']); |
|
| 1124 |
} |
|
| 1125 |
|
|
| 1126 |
if ($post['powerd_enable'] == "yes") {
|
|
| 1127 |
$config['system']['powerd_enable'] = true; |
|
| 1128 |
} else {
|
|
| 1129 |
unset($config['system']['powerd_enable']); |
|
| 1130 |
} |
|
| 1131 |
|
|
| 1132 |
$config['system']['powerd_ac_mode'] = $post['powerd_ac_mode']; |
|
| 1133 |
$config['system']['powerd_battery_mode'] = $post['powerd_battery_mode']; |
|
| 1134 |
$config['system']['powerd_normal_mode'] = $post['powerd_normal_mode']; |
|
| 1135 |
|
|
| 1136 |
if ($post['crypto_hardware']) {
|
|
| 1137 |
$config['system']['crypto_hardware'] = $post['crypto_hardware']; |
|
| 1138 |
} else {
|
|
| 1139 |
unset($config['system']['crypto_hardware']); |
|
| 1140 |
} |
|
| 1141 |
|
|
| 1142 |
if ($post['thermal_hardware']) {
|
|
| 1143 |
$config['system']['thermal_hardware'] = $post['thermal_hardware']; |
|
| 1144 |
} else {
|
|
| 1145 |
unset($config['system']['thermal_hardware']); |
|
| 1146 |
} |
|
| 1147 |
|
|
| 1148 |
$old_pti_state = isset($config['system']['pti_disabled']); |
|
| 1149 |
if ($post['pti_disabled'] == "yes") {
|
|
| 1150 |
$config['system']['pti_disabled'] = true; |
|
| 1151 |
} else {
|
|
| 1152 |
unset($config['system']['pti_disabled']); |
|
| 1153 |
} |
|
| 1154 |
|
|
| 1155 |
if (isset($post['mds_disable']) && (strlen($post['mds_disable']) > 0)) {
|
|
| 1156 |
$config['system']['mds_disable'] = $post['mds_disable']; |
|
| 1157 |
} else {
|
|
| 1158 |
unset($config['system']['mds_disable']); |
|
| 1159 |
} |
|
| 1160 |
|
|
| 1161 |
if ($post['schedule_states'] == "yes") {
|
|
| 1162 |
$config['system']['schedule_states'] = true; |
|
| 1163 |
} else {
|
|
| 1164 |
unset($config['system']['schedule_states']); |
|
| 1165 |
} |
|
| 1166 |
|
|
| 1167 |
if ($post['gw_down_kill_states'] == "yes") {
|
|
| 1168 |
$config['system']['gw_down_kill_states'] = true; |
|
| 1169 |
} else {
|
|
| 1170 |
unset($config['system']['gw_down_kill_states']); |
|
| 1171 |
} |
|
| 1172 |
|
|
| 1173 |
if ($post['skip_rules_gw_down'] == "yes") {
|
|
| 1174 |
$config['system']['skip_rules_gw_down'] = true; |
|
| 1175 |
} else {
|
|
| 1176 |
unset($config['system']['skip_rules_gw_down']); |
|
| 1177 |
} |
|
| 1178 |
|
|
| 1179 |
$tmpvar_set = (isset($config['system']['use_mfs_tmpvar']) ? true:false); |
|
| 1180 |
|
|
| 1181 |
if ($post['use_mfs_tmpvar'] == "yes") {
|
|
| 1182 |
$config['system']['use_mfs_tmpvar'] = true; |
|
| 1183 |
$tmpvar_enabled = true; |
|
| 1184 |
} else {
|
|
| 1185 |
unset($config['system']['use_mfs_tmpvar']); |
|
| 1186 |
$tmpvar_enabled = false; |
|
| 1187 |
} |
|
| 1188 |
|
|
| 1189 |
// If the "use ramdisk" setting has changed, or if it is being enabled while an |
|
| 1190 |
// error is present, indicate that a reboot will be needed. |
|
| 1191 |
$rv['reboot'] = ($tmpvar_enabled != $tmpvar_set) || |
|
| 1192 |
(file_exists('/conf/ram_disks_failed') && $post['use_mfs_tmpvar'] == "yes");
|
|
| 1193 |
|
|
| 1194 |
$config['system']['use_mfs_tmp_size'] = $post['use_mfs_tmp_size']; |
|
| 1195 |
$config['system']['use_mfs_var_size'] = $post['use_mfs_var_size']; |
|
| 1196 |
|
|
| 1197 |
if (isset($post['rrdbackup'])) {
|
|
| 1198 |
if (($post['rrdbackup'] > 0) && ($post['rrdbackup'] <= 24)) {
|
|
| 1199 |
$config['system']['rrdbackup'] = intval($post['rrdbackup']); |
|
| 1200 |
} else {
|
|
| 1201 |
unset($config['system']['rrdbackup']); |
|
| 1202 |
} |
|
| 1203 |
} |
|
| 1204 |
|
|
| 1205 |
if (isset($post['dhcpbackup'])) {
|
|
| 1206 |
if (($post['dhcpbackup'] > 0) && ($post['dhcpbackup'] <= 24)) {
|
|
| 1207 |
$config['system']['dhcpbackup'] = intval($post['dhcpbackup']); |
|
| 1208 |
} else {
|
|
| 1209 |
unset($config['system']['dhcpbackup']); |
|
| 1210 |
} |
|
| 1211 |
} |
|
| 1212 |
|
|
| 1213 |
if (isset($post['logsbackup'])) {
|
|
| 1214 |
if (($post['logsbackup'] > 0) && ($post['logsbackup'] <= 24)) {
|
|
| 1215 |
$config['system']['logsbackup'] = intval($post['logsbackup']); |
|
| 1216 |
} else {
|
|
| 1217 |
unset($config['system']['logsbackup']); |
|
| 1218 |
} |
|
| 1219 |
} |
|
| 1220 |
|
|
| 1221 |
// Add/Remove RAM disk periodic backup cron jobs according to settings and installation type. |
|
| 1222 |
// Remove the cron jobs on full install if not using RAM disk. |
|
| 1223 |
// Add the cron jobs on all others if the periodic backup option is set. Otherwise the cron job is removed. |
|
| 1224 |
if (!isset($config['system']['use_mfs_tmpvar'])) {
|
|
| 1225 |
/* See #7146 for detail on why the extra parameters are needed for the time being. */ |
|
| 1226 |
install_cron_job("/etc/rc.backup_rrd.sh", false, null, null, null, null, null, null, false);
|
|
| 1227 |
install_cron_job("/etc/rc.backup_dhcpleases.sh", false, null, null, null, null, null, null, false);
|
|
| 1228 |
install_cron_job("/etc/rc.backup_logs.sh", false, null, null, null, null, null, null, false);
|
|
| 1229 |
} else {
|
|
| 1230 |
/* See #7146 for detail on why the extra parameters are needed for the time being. */ |
|
| 1231 |
install_cron_job("/etc/rc.backup_rrd.sh", ($config['system']['rrdbackup'] > 0), $minute="0", "*/{$config['system']['rrdbackup']}", '*', '*', '*', 'root', false);
|
|
| 1232 |
install_cron_job("/etc/rc.backup_dhcpleases.sh", ($config['system']['dhcpbackup'] > 0), $minute="0", "*/{$config['system']['dhcpbackup']}", '*', '*', '*', 'root', false);
|
|
| 1233 |
install_cron_job("/etc/rc.backup_logs.sh", ($config['system']['logsbackup'] > 0), $minute="0", "*/{$config['system']['logsbackup']}", '*', '*', '*', 'root', false);
|
|
| 1234 |
} |
|
| 1235 |
|
|
| 1236 |
write_config("Miscellaneous Advanced Settings saved");
|
|
| 1237 |
|
|
| 1238 |
$changes_applied = true; |
|
| 1239 |
$retval = 0; |
|
| 1240 |
system_resolvconf_generate(true); |
|
| 1241 |
$retval |= filter_configure(); |
|
| 1242 |
|
|
| 1243 |
if ($old_pti_state != isset($config['system']['pti_disabled'])) {
|
|
| 1244 |
setup_loader_settings(); |
|
| 1245 |
} |
|
| 1246 |
|
|
| 1247 |
if (isset($config['system']['mds_disable']) && |
|
| 1248 |
(strlen($config['system']['mds_disable']) > 0)) {
|
|
| 1249 |
set_single_sysctl("hw.mds_disable" , (int)$config['system']['mds_disable']);
|
|
| 1250 |
} |
|
| 1251 |
|
|
| 1252 |
activate_powerd(); |
|
| 1253 |
load_crypto(); |
|
| 1254 |
load_thermal_hardware(); |
|
| 1255 |
} |
|
| 1256 |
|
|
| 1257 |
// Compose the structure to retuen |
|
| 1258 |
$rv['input_errors'] = $input_errors; |
|
| 1259 |
$post['available_kernel_memory'] = get_single_sysctl("vm.kmem_map_free");
|
|
| 1260 |
$post['pti'] = get_single_sysctl('vm.pmap.pti');
|
|
| 1261 |
$post['mds']= get_single_sysctl('hw.mds_disable_state');
|
|
| 1262 |
|
|
| 1263 |
if (!$json) {
|
|
| 1264 |
$rv['post'] = $post; |
|
| 1265 |
$rv['retval'] = $retval; |
|
| 1266 |
$rv['changes_applied'] = $changes_applied; |
|
| 1267 |
} |
|
| 1268 |
|
|
| 1269 |
return $json ? json_encode($rv) : $rv; |
|
| 1270 |
} |
|
| 928 | 1271 |
?> |
| src/usr/local/www/system_advanced_misc.php | ||
|---|---|---|
| 38 | 38 |
require_once("filter.inc");
|
| 39 | 39 |
require_once("shaper.inc");
|
| 40 | 40 |
require_once("vpn.inc");
|
| 41 |
include_once("system_advanced.inc");
|
|
| 41 | 42 |
|
| 42 | 43 |
$powerd_modes = array( |
| 43 | 44 |
'hadp' => gettext('Hiadaptive'),
|
| ... | ... | |
| 53 | 54 |
3 => gettext('Automatic VERW or Software selection'),
|
| 54 | 55 |
); |
| 55 | 56 |
|
| 56 |
$available_kernel_memory = get_single_sysctl("vm.kmem_map_free");
|
|
| 57 |
|
|
| 58 |
$pconfig['proxyurl'] = $config['system']['proxyurl']; |
|
| 59 |
$pconfig['proxyport'] = $config['system']['proxyport']; |
|
| 60 |
$pconfig['proxyuser'] = $config['system']['proxyuser']; |
|
| 61 |
$pconfig['proxypass'] = $config['system']['proxypass']; |
|
| 62 |
$pconfig['harddiskstandby'] = $config['system']['harddiskstandby']; |
|
| 63 |
$pconfig['lb_use_sticky'] = isset($config['system']['lb_use_sticky']); |
|
| 64 |
$pconfig['srctrack'] = $config['system']['srctrack']; |
|
| 65 |
$pconfig['powerd_enable'] = isset($config['system']['powerd_enable']); |
|
| 66 |
$pconfig['crypto_hardware'] = $config['system']['crypto_hardware']; |
|
| 67 |
$pconfig['thermal_hardware'] = $config['system']['thermal_hardware']; |
|
| 68 |
$pconfig['pti_disabled'] = isset($config['system']['pti_disabled']); |
|
| 69 |
$pconfig['mds_disable'] = $config['system']['mds_disable']; |
|
| 70 |
$pconfig['schedule_states'] = isset($config['system']['schedule_states']); |
|
| 71 |
$pconfig['gw_down_kill_states'] = isset($config['system']['gw_down_kill_states']); |
|
| 72 |
$pconfig['skip_rules_gw_down'] = isset($config['system']['skip_rules_gw_down']); |
|
| 73 |
$pconfig['use_mfs_tmpvar'] = isset($config['system']['use_mfs_tmpvar']); |
|
| 74 |
$pconfig['use_mfs_tmp_size'] = $config['system']['use_mfs_tmp_size']; |
|
| 75 |
$pconfig['use_mfs_var_size'] = $config['system']['use_mfs_var_size']; |
|
| 76 |
$pconfig['do_not_send_uniqueid'] = isset($config['system']['do_not_send_uniqueid']); |
|
| 77 |
|
|
| 78 |
$use_mfs_tmpvar_before = isset($config['system']['use_mfs_tmpvar']) ? true : false; |
|
| 79 |
$use_mfs_tmpvar_after = $use_mfs_tmpvar_before; |
|
| 80 |
|
|
| 81 |
/* Adjust available kernel memory to account for existing RAM disks |
|
| 82 |
* https://redmine.pfsense.org/issues/10420 */ |
|
| 83 |
if ($use_mfs_tmpvar_before) {
|
|
| 84 |
/* Get current RAM disk sizes */ |
|
| 85 |
$current_ram_disk_size = (int) trim(exec("/bin/df -k /tmp /var | /usr/bin/awk '/\/dev\/md/ {sum += \$2 * 1024} END {print sum}'"));
|
|
| 86 |
$available_kernel_memory += $current_ram_disk_size; |
|
| 87 |
} |
|
| 88 |
|
|
| 89 |
$pconfig['powerd_ac_mode'] = "hadp"; |
|
| 90 |
if (!empty($config['system']['powerd_ac_mode'])) {
|
|
| 91 |
$pconfig['powerd_ac_mode'] = $config['system']['powerd_ac_mode']; |
|
| 92 |
} |
|
| 93 |
|
|
| 94 |
$pconfig['powerd_battery_mode'] = "hadp"; |
|
| 95 |
if (!empty($config['system']['powerd_battery_mode'])) {
|
|
| 96 |
$pconfig['powerd_battery_mode'] = $config['system']['powerd_battery_mode']; |
|
| 97 |
} |
|
| 98 |
|
|
| 99 |
$pconfig['powerd_normal_mode'] = "hadp"; |
|
| 100 |
if (!empty($config['system']['powerd_normal_mode'])) {
|
|
| 101 |
$pconfig['powerd_normal_mode'] = $config['system']['powerd_normal_mode']; |
|
| 102 |
} |
|
| 57 |
$pconfig = getSystemAdvancedMisc(); |
|
| 103 | 58 |
|
| 104 | 59 |
$crypto_modules = array( |
| 105 | 60 |
'aesni' => gettext("AES-NI CPU-based Acceleration"),
|
| ... | ... | |
| 109 | 64 |
|
| 110 | 65 |
$thermal_hardware_modules = array( |
| 111 | 66 |
'coretemp' => gettext("Intel Core* CPU on-die thermal sensor"),
|
| 112 |
'amdtemp' => gettext("AMD K8, K10 and K11 CPU on-die thermal sensor"));
|
|
| 67 |
'amdtemp' => gettext("AMD K8, K10 and K11 CPU on-die thermal sensor")
|
|
| 68 |
); |
|
| 113 | 69 |
|
| 114 |
if ($_POST) {
|
|
| 115 |
unset($input_errors); |
|
| 116 |
$pconfig = $_POST; |
|
| 70 |
$rebootneeded = false; |
|
| 117 | 71 |
|
| 72 |
if ($_POST) {
|
|
| 118 | 73 |
ob_flush(); |
| 119 | 74 |
flush(); |
| 120 | 75 |
|
| 121 |
if (!empty($_POST['crypto_hardware']) && !array_key_exists($_POST['crypto_hardware'], $crypto_modules)) {
|
|
| 122 |
$input_errors[] = gettext("Please select a valid Cryptographic Accelerator.");
|
|
| 123 |
} |
|
| 124 |
|
|
| 125 |
if (!empty($_POST['thermal_hardware']) && !array_key_exists($_POST['thermal_hardware'], $thermal_hardware_modules)) {
|
|
| 126 |
$input_errors[] = gettext("Please select a valid Thermal Hardware Sensor.");
|
|
| 127 |
} |
|
| 128 |
|
|
| 129 |
if (!empty($_POST['use_mfs_tmp_size']) && (!is_numeric($_POST['use_mfs_tmp_size']) || ($_POST['use_mfs_tmp_size'] < 40))) {
|
|
| 130 |
$input_errors[] = gettext("/tmp Size must be numeric and should not be less than 40MiB.");
|
|
| 131 |
} |
|
| 132 |
|
|
| 133 |
if (!empty($_POST['use_mfs_var_size']) && (!is_numeric($_POST['use_mfs_var_size']) || ($_POST['use_mfs_var_size'] < 60))) {
|
|
| 134 |
$input_errors[] = gettext("/var Size must be numeric and should not be less than 60MiB.");
|
|
| 135 |
} |
|
| 136 |
|
|
| 137 |
if (is_numericint($_POST['use_mfs_tmp_size']) && is_numericint($_POST['use_mfs_var_size']) && |
|
| 138 |
((($_POST['use_mfs_tmp_size'] + $_POST['use_mfs_var_size']) * 1024 * 1024) > $available_kernel_memory)) {
|
|
| 139 |
$input_errors[] = gettext("Combined size of /tmp and /var RAM disks would exceed available kernel memory.");
|
|
| 140 |
} |
|
| 76 |
$rv = saveSystemAdvancedMisc($_POST); |
|
| 141 | 77 |
|
| 142 |
if (!empty($_POST['proxyport']) && !is_port($_POST['proxyport'])) {
|
|
| 143 |
$input_errors[] = gettext("Proxy port must be a valid port number, 1-65535.");
|
|
| 144 |
} |
|
| 145 |
|
|
| 146 |
if (!empty($_POST['proxyurl']) && !is_fqdn($_POST['proxyurl']) && !is_ipaddr($_POST['proxyurl'])) {
|
|
| 147 |
$input_errors[] = gettext("Proxy URL must be a valid IP address or FQDN.");
|
|
| 148 |
} |
|
| 149 |
|
|
| 150 |
if (!empty($_POST['proxyuser']) && preg_match("/[^a-zA-Z0-9\.\-_@]/", $_POST['proxyuser'])) {
|
|
| 151 |
$input_errors[] = gettext("The proxy username contains invalid characters.");
|
|
| 152 |
} |
|
| 153 |
|
|
| 154 |
if ($_POST['proxypass'] != $_POST['proxypass_confirm']) {
|
|
| 155 |
$input_errors[] = gettext("Proxy password and confirmation must match.");
|
|
| 156 |
} |
|
| 157 |
|
|
| 158 |
if (!in_array($_POST['powerd_ac_mode'], array_keys($powerd_modes))) {
|
|
| 159 |
$input_errors[] = gettext("Invalid AC Power mode.");
|
|
| 160 |
} |
|
| 161 |
if (!in_array($_POST['powerd_battery_mode'], array_keys($powerd_modes))) {
|
|
| 162 |
$input_errors[] = gettext("Invalid Battery Power mode.");
|
|
| 163 |
} |
|
| 164 |
if (!in_array($_POST['powerd_normal_mode'], array_keys($powerd_modes))) {
|
|
| 165 |
$input_errors[] = gettext("Invalid Unknown Power mode.");
|
|
| 166 |
} |
|
| 167 |
if (!in_array($_POST['mds_disable'], array_keys($mds_modes))) {
|
|
| 168 |
$input_errors[] = gettext("Invalid MDS Mode.");
|
|
| 169 |
} |
|
| 170 |
|
|
| 171 |
if (!$input_errors) {
|
|
| 172 |
|
|
| 173 |
if ($_POST['harddiskstandby'] <> "") {
|
|
| 174 |
$config['system']['harddiskstandby'] = $_POST['harddiskstandby']; |
|
| 175 |
system_set_harddisk_standby(); |
|
| 176 |
} else {
|
|
| 177 |
unset($config['system']['harddiskstandby']); |
|
| 178 |
} |
|
| 179 |
|
|
| 180 |
if ($_POST['proxyurl'] <> "") {
|
|
| 181 |
$config['system']['proxyurl'] = $_POST['proxyurl']; |
|
| 182 |
} else {
|
|
| 183 |
unset($config['system']['proxyurl']); |
|
| 184 |
} |
|
| 185 |
|
|
| 186 |
if ($_POST['proxyport'] <> "") {
|
|
| 187 |
$config['system']['proxyport'] = $_POST['proxyport']; |
|
| 188 |
} else {
|
|
| 189 |
unset($config['system']['proxyport']); |
|
| 190 |
} |
|
| 191 |
|
|
| 192 |
if ($_POST['proxyuser'] <> "") {
|
|
| 193 |
$config['system']['proxyuser'] = $_POST['proxyuser']; |
|
| 194 |
} else {
|
|
| 195 |
unset($config['system']['proxyuser']); |
|
| 196 |
} |
|
| 197 |
|
|
| 198 |
if ($_POST['proxypass'] <> "") {
|
|
| 199 |
if ($_POST['proxypass'] != DMYPWD) {
|
|
| 200 |
$config['system']['proxypass'] = $_POST['proxypass']; |
|
| 201 |
} |
|
| 202 |
} else {
|
|
| 203 |
unset($config['system']['proxypass']); |
|
| 204 |
} |
|
| 205 |
|
|
| 206 |
if ($_POST['lb_use_sticky'] == "yes") {
|
|
| 207 |
if (!isset($config['system']['lb_use_sticky'])) {
|
|
| 208 |
$config['system']['lb_use_sticky'] = true; |
|
| 209 |
} |
|
| 210 |
if ($config['system']['srctrack'] != $_POST['srctrack']) {
|
|
| 211 |
$config['system']['srctrack'] = $_POST['srctrack']; |
|
| 212 |
} |
|
| 213 |
} else {
|
|
| 214 |
if (isset($config['system']['lb_use_sticky'])) {
|
|
| 215 |
unset($config['system']['lb_use_sticky']); |
|
| 216 |
} |
|
| 217 |
} |
|
| 218 |
|
|
| 219 |
if ($_POST['pkg_nochecksig'] == "yes") {
|
|
| 220 |
$config['system']['pkg_nochecksig'] = true; |
|
| 221 |
} elseif (isset($config['system']['pkg_nochecksig'])) {
|
|
| 222 |
unset($config['system']['pkg_nochecksig']); |
|
| 223 |
} |
|
| 224 |
|
|
| 225 |
if ($_POST['do_not_send_uniqueid'] == "yes") {
|
|
| 226 |
$config['system']['do_not_send_uniqueid'] = true; |
|
| 227 |
} else {
|
|
| 228 |
unset($config['system']['do_not_send_uniqueid']); |
|
| 229 |
} |
|
| 230 |
|
|
| 231 |
if ($_POST['powerd_enable'] == "yes") {
|
|
| 232 |
$config['system']['powerd_enable'] = true; |
|
| 233 |
} else {
|
|
| 234 |
unset($config['system']['powerd_enable']); |
|
| 235 |
} |
|
| 236 |
|
|
| 237 |
$config['system']['powerd_ac_mode'] = $_POST['powerd_ac_mode']; |
|
| 238 |
$config['system']['powerd_battery_mode'] = $_POST['powerd_battery_mode']; |
|
| 239 |
$config['system']['powerd_normal_mode'] = $_POST['powerd_normal_mode']; |
|
| 240 |
|
|
| 241 |
if ($_POST['crypto_hardware']) {
|
|
| 242 |
$config['system']['crypto_hardware'] = $_POST['crypto_hardware']; |
|
| 243 |
} else {
|
|
| 244 |
unset($config['system']['crypto_hardware']); |
|
| 245 |
} |
|
| 246 |
|
|
| 247 |
if ($_POST['thermal_hardware']) {
|
|
| 248 |
$config['system']['thermal_hardware'] = $_POST['thermal_hardware']; |
|
| 249 |
} else {
|
|
| 250 |
unset($config['system']['thermal_hardware']); |
|
| 251 |
} |
|
| 252 |
|
|
| 253 |
$old_pti_state = isset($config['system']['pti_disabled']); |
|
| 254 |
if ($_POST['pti_disabled'] == "yes") {
|
|
| 255 |
$config['system']['pti_disabled'] = true; |
|
| 256 |
} else {
|
|
| 257 |
unset($config['system']['pti_disabled']); |
|
| 258 |
} |
|
| 259 |
if (isset($_POST['mds_disable']) && (strlen($_POST['mds_disable']) > 0)) {
|
|
| 260 |
$config['system']['mds_disable'] = $_POST['mds_disable']; |
|
| 261 |
} else {
|
|
| 262 |
unset($config['system']['mds_disable']); |
|
| 263 |
} |
|
| 264 |
|
|
| 265 |
if ($_POST['schedule_states'] == "yes") {
|
|
| 266 |
$config['system']['schedule_states'] = true; |
|
| 267 |
} else {
|
|
| 268 |
unset($config['system']['schedule_states']); |
|
| 269 |
} |
|
| 270 |
|
|
| 271 |
if ($_POST['gw_down_kill_states'] == "yes") {
|
|
| 272 |
$config['system']['gw_down_kill_states'] = true; |
|
| 273 |
} else {
|
|
| 274 |
unset($config['system']['gw_down_kill_states']); |
|
| 275 |
} |
|
| 276 |
|
|
| 277 |
if ($_POST['skip_rules_gw_down'] == "yes") {
|
|
| 278 |
$config['system']['skip_rules_gw_down'] = true; |
|
| 279 |
} else {
|
|
| 280 |
unset($config['system']['skip_rules_gw_down']); |
|
| 281 |
} |
|
| 282 |
|
|
| 283 |
if ($_POST['use_mfs_tmpvar'] == "yes") {
|
|
| 284 |
$config['system']['use_mfs_tmpvar'] = true; |
|
| 285 |
$use_mfs_tmpvar_after = true; |
|
| 286 |
} else {
|
|
| 287 |
unset($config['system']['use_mfs_tmpvar']); |
|
| 288 |
$use_mfs_tmpvar_after = false; |
|
| 289 |
} |
|
| 290 |
|
|
| 291 |
$config['system']['use_mfs_tmp_size'] = $_POST['use_mfs_tmp_size']; |
|
| 292 |
$config['system']['use_mfs_var_size'] = $_POST['use_mfs_var_size']; |
|
| 293 |
|
|
| 294 |
if (isset($_POST['rrdbackup'])) {
|
|
| 295 |
if (($_POST['rrdbackup'] > 0) && ($_POST['rrdbackup'] <= 24)) {
|
|
| 296 |
$config['system']['rrdbackup'] = intval($_POST['rrdbackup']); |
|
| 297 |
} else {
|
|
| 298 |
unset($config['system']['rrdbackup']); |
|
| 299 |
} |
|
| 300 |
} |
|
| 301 |
if (isset($_POST['dhcpbackup'])) {
|
|
| 302 |
if (($_POST['dhcpbackup'] > 0) && ($_POST['dhcpbackup'] <= 24)) {
|
|
| 303 |
$config['system']['dhcpbackup'] = intval($_POST['dhcpbackup']); |
|
| 304 |
} else {
|
|
| 305 |
unset($config['system']['dhcpbackup']); |
|
| 306 |
} |
|
| 307 |
} |
|
| 308 |
if (isset($_POST['logsbackup'])) {
|
|
| 309 |
if (($_POST['logsbackup'] > 0) && ($_POST['logsbackup'] <= 24)) {
|
|
| 310 |
$config['system']['logsbackup'] = intval($_POST['logsbackup']); |
|
| 311 |
} else {
|
|
| 312 |
unset($config['system']['logsbackup']); |
|
| 313 |
} |
|
| 314 |
} |
|
| 315 |
|
|
| 316 |
// Add/Remove RAM disk periodic backup cron jobs according to settings and installation type. |
|
| 317 |
// Remove the cron jobs on full install if not using RAM disk. |
|
| 318 |
// Add the cron jobs on all others if the periodic backup option is set. Otherwise the cron job is removed. |
|
| 319 |
if (!isset($config['system']['use_mfs_tmpvar'])) {
|
|
| 320 |
/* See #7146 for detail on why the extra parameters are needed for the time being. */ |
|
| 321 |
install_cron_job("/etc/rc.backup_rrd.sh", false, null, null, null, null, null, null, false);
|
|
| 322 |
install_cron_job("/etc/rc.backup_dhcpleases.sh", false, null, null, null, null, null, null, false);
|
|
| 323 |
install_cron_job("/etc/rc.backup_logs.sh", false, null, null, null, null, null, null, false);
|
|
| 324 |
} else {
|
|
| 325 |
/* See #7146 for detail on why the extra parameters are needed for the time being. */ |
|
| 326 |
install_cron_job("/etc/rc.backup_rrd.sh", ($config['system']['rrdbackup'] > 0), $minute="0", "*/{$config['system']['rrdbackup']}", '*', '*', '*', 'root', false);
|
|
| 327 |
install_cron_job("/etc/rc.backup_dhcpleases.sh", ($config['system']['dhcpbackup'] > 0), $minute="0", "*/{$config['system']['dhcpbackup']}", '*', '*', '*', 'root', false);
|
|
| 328 |
install_cron_job("/etc/rc.backup_logs.sh", ($config['system']['logsbackup'] > 0), $minute="0", "*/{$config['system']['logsbackup']}", '*', '*', '*', 'root', false);
|
|
| 329 |
} |
|
| 330 |
|
|
| 331 |
write_config("Miscellaneous Advanced Settings saved");
|
|
| 332 |
|
|
| 333 |
$changes_applied = true; |
|
| 334 |
$retval = 0; |
|
| 335 |
system_resolvconf_generate(true); |
|
| 336 |
$retval |= filter_configure(); |
|
| 337 |
|
|
| 338 |
if ($old_pti_state != isset($config['system']['pti_disabled'])) {
|
|
| 339 |
setup_loader_settings(); |
|
| 340 |
} |
|
| 341 |
if (isset($config['system']['mds_disable']) && |
|
| 342 |
(strlen($config['system']['mds_disable']) > 0)) {
|
|
| 343 |
set_single_sysctl("hw.mds_disable" , (int)$config['system']['mds_disable']);
|
|
| 344 |
} |
|
| 345 |
activate_powerd(); |
|
| 346 |
load_crypto(); |
|
| 347 |
load_thermal_hardware(); |
|
| 348 |
} |
|
| 78 |
$pconfig = $rv['post']; |
|
| 79 |
$input_errors = $rv['input_errors']; |
|
| 80 |
$retval = $rv['retval']; |
|
| 81 |
$changes_applied = $rv['changes_applied']; |
|
| 82 |
$rebootneeded = $rv['reboot']; |
|
| 83 |
} else {
|
|
| 84 |
$pconfig = getSystemAdvancedMisc(); |
|
| 349 | 85 |
} |
| 350 | 86 |
|
| 87 |
|
|
| 351 | 88 |
$pgtitle = array(gettext("System"), gettext("Advanced"), gettext("Miscellaneous"));
|
| 352 | 89 |
$pglinks = array("", "system_advanced_admin.php", "@self");
|
| 353 | 90 |
include("head.inc");
|
| ... | ... | |
| 506 | 243 |
|
| 507 | 244 |
$form->add($section); |
| 508 | 245 |
|
| 509 |
$pti = get_single_sysctl('vm.pmap.pti');
|
|
| 246 |
$pti = $pconfig['pti'];
|
|
| 510 | 247 |
if (strlen($pti) > 0) {
|
| 511 | 248 |
$section = new Form_Section('Kernel Page Table Isolation');
|
| 512 | 249 |
$section->addInput(new Form_Checkbox( |
| ... | ... | |
| 521 | 258 |
$form->add($section); |
| 522 | 259 |
} |
| 523 | 260 |
|
| 524 |
$mds = get_single_sysctl('hw.mds_disable_state');
|
|
| 261 |
$mds = $pconfig['mds'];
|
|
| 525 | 262 |
if (strlen($mds) > 0) {
|
| 526 | 263 |
$section = new Form_Section('Microarchitectural Data Sampling Mitigation');
|
| 527 | 264 |
$section->addInput(new Form_Select( |
| ... | ... | |
| 600 | 337 |
$group->setHelp('Sets the size, in MiB, for the RAM disks. ' .
|
| 601 | 338 |
'Ensure each RAM disk is large enough to contain the current contents of the directories in question. %s' . |
| 602 | 339 |
'Maximum total size of all RAM disks cannot exceed available kernel memory: %s', |
| 603 |
'<br/>', format_bytes( $available_kernel_memory ));
|
|
| 340 |
'<br/>', format_bytes( $pconfig['available_kernel_memory'] ));
|
|
| 604 | 341 |
|
| 605 | 342 |
$section->add($group); |
| 606 | 343 |
|
| ... | ... | |
| 667 | 404 |
print $form; |
| 668 | 405 |
|
| 669 | 406 |
$ramdisk_msg = gettext('The \"Use Ramdisk\" setting has been changed. This requires the firewall\nto reboot.\n\nReboot now ?');
|
| 670 |
$use_mfs_tmpvar_changed = ((($use_mfs_tmpvar_before !== $use_mfs_tmpvar_after) || |
|
| 671 |
(!empty($_POST) && $use_mfs_tmpvar_after && file_exists('/conf/ram_disks_failed'))) && !$input_errors);
|
|
| 672 | 407 |
?> |
| 673 | 408 |
|
| 674 | 409 |
<script type="text/javascript"> |
| 675 | 410 |
//<![CDATA[ |
| 676 | 411 |
events.push(function() {
|
| 677 | 412 |
// Has the Use ramdisk checkbox changed state? |
| 678 |
if (<?=(int)$use_mfs_tmpvar_changed?> && confirm("<?=$ramdisk_msg?>")) {
|
|
| 413 |
if (<?=(int)$rebootneeded?> && confirm("<?=$ramdisk_msg?>")) {
|
|
| 679 | 414 |
postSubmit({override : 'yes'}, 'diag_reboot.php')
|
| 680 | 415 |
} |
| 681 | 416 |
|
Also available in: Unified diff
Refactor system_advanced_misc for MVC