/src/etc/inc/system.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/etc/inc/system.inc @ ada3eeb3

1	5b237745	Scott Ullrich	<?php
2			/*
3			system.inc
4	0f282d7a	Scott Ullrich
5	09221bc3	Renato Botelho	part of pfSense (https://www.pfsense.org)
6			Copyright (c) 2004-2016 Electric Sheep Fencing, LLC.
7			All rights reserved.
8
9			originally part of m0n0wall (http://m0n0.ch/wall)
10	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
11			All rights reserved.
12	0f282d7a	Scott Ullrich
13	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
14			modification, are permitted provided that the following conditions are met:
15	0f282d7a	Scott Ullrich
16	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
17			this list of conditions and the following disclaimer.
18	0f282d7a	Scott Ullrich
19	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
20	09221bc3	Renato Botelho	notice, this list of conditions and the following disclaimer in
21			the documentation and/or other materials provided with the
22			distribution.
23
24			3. All advertising materials mentioning features or use of this software
25			must display the following acknowledgment:
26			"This product includes software developed by the pfSense Project
27			for use in the pfSense® software distribution. (http://www.pfsense.org/).
28
29			4. The names "pfSense" and "pfSense Project" must not be used to
30			endorse or promote products derived from this software without
31			prior written permission. For written permission, please contact
32			coreteam@pfsense.org.
33
34			5. Products derived from this software may not be called "pfSense"
35			nor may "pfSense" appear in their names without prior written
36			permission of the Electric Sheep Fencing, LLC.
37
38			6. Redistributions of any form whatsoever must retain the following
39			acknowledgment:
40
41			"This product includes software developed by the pfSense Project
42			for use in the pfSense software distribution (http://www.pfsense.org/).
43
44			THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
45			EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
46			IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
47			PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
48			ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
49			SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
50			NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
51			LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52			HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
53			STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
54			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
55			OF THE POSSIBILITY OF SUCH DAMAGE.
56	5b237745	Scott Ullrich	*/
57
58	8e9fa41d	Scott Ullrich	function activate_powerd() {
59			global $config, $g;
60	6fa9f38c	Renato Botelho
61	61e047a5	Phil Davis	if (is_process_running("powerd")) {
62	53c210dd	Cristian Feldman	exec("/usr/bin/killall powerd");
63	61e047a5	Phil Davis	}
64			if (isset($config['system']['powerd_enable'])) {
65			if ($g["platform"] == "nanobsd") {
66	c3b13d60	jim-p	exec("/sbin/kldload cpufreq");
67	61e047a5	Phil Davis	}
68	a358eec2	N0YB
69			$ac_mode = "hadp";
70	61e047a5	Phil Davis	if (!empty($config['system']['powerd_ac_mode'])) {
71	a358eec2	N0YB	$ac_mode = $config['system']['powerd_ac_mode'];
72	61e047a5	Phil Davis	}
73	a358eec2	N0YB
74			$battery_mode = "hadp";
75	61e047a5	Phil Davis	if (!empty($config['system']['powerd_battery_mode'])) {
76	a358eec2	N0YB	$battery_mode = $config['system']['powerd_battery_mode'];
77	61e047a5	Phil Davis	}
78	a358eec2	N0YB
79	3d77cc35	Steven Selph	$normal_mode = "hadp";
80	61e047a5	Phil Davis	if (!empty($config['system']['powerd_normal_mode'])) {
81	3d77cc35	Steven Selph	$normal_mode = $config['system']['powerd_normal_mode'];
82	61e047a5	Phil Davis	}
83	3d77cc35	Steven Selph
84			mwexec("/usr/sbin/powerd -b $battery_mode -a $ac_mode -n $normal_mode");
85	8e9fa41d	Scott Ullrich	}
86			}
87
88	3a35f55f	Scott Ullrich	function get_default_sysctl_value($id) {
89			global $sysctls;
90	f3c91cb5	Erik Fonnesbeck
91	61e047a5	Phil Davis	if (isset($sysctls[$id])) {
92	f3c91cb5	Erik Fonnesbeck	return $sysctls[$id];
93	61e047a5	Phil Davis	}
94	3a35f55f	Scott Ullrich	}
95
96	d87fcac9	Ermal	function get_sysctl_descr($sysctl) {
97			unset($output);
98			$_gb = exec("/sbin/sysctl -nd {$sysctl}", $output);
99
100			return $output[0];
101			}
102
103			function system_get_sysctls() {
104			global $config, $sysctls;
105
106			$disp_sysctl = array();
107			$disp_cache = array();
108			if (is_array($config['sysctl']) && is_array($config['sysctl']['item'])) {
109	61e047a5	Phil Davis	foreach ($config['sysctl']['item'] as $id => $tunable) {
110			if ($tunable['value'] == "default") {
111	d87fcac9	Ermal	$value = get_default_sysctl_value($tunable['tunable']);
112	61e047a5	Phil Davis	} else {
113	d87fcac9	Ermal	$value = $tunable['value'];
114	61e047a5	Phil Davis	}
115	d87fcac9	Ermal
116			$disp_sysctl[$id] = $tunable;
117			$disp_sysctl[$id]['modified'] = true;
118			$disp_cache[$tunable['tunable']] = 'set';
119			}
120			}
121
122			foreach ($sysctls as $sysctl => $value) {
123	61e047a5	Phil Davis	if (isset($disp_cache[$sysctl])) {
124	d87fcac9	Ermal	continue;
125	61e047a5	Phil Davis	}
126	d87fcac9	Ermal
127			$disp_sysctl[$sysctl] = array('tunable' => $sysctl, 'value' => $value, 'descr' => get_sysctl_descr($sysctl));
128			}
129			unset($disp_cache);
130			return $disp_sysctl;
131			}
132
133	6df9d7e3	Scott Ullrich	function activate_sysctls() {
134	c46f9695	Ermal	global $config, $g, $sysctls;
135	971de1f9	Renato Botelho
136	d87fcac9	Ermal	if (is_array($config['sysctl']) && is_array($config['sysctl']['item'])) {
137	61e047a5	Phil Davis	foreach ($config['sysctl']['item'] as $tunable) {
138			if ($tunable['value'] == "default") {
139	b2d0140c	Scott Ullrich	$value = get_default_sysctl_value($tunable['tunable']);
140	61e047a5	Phil Davis	} else {
141	971de1f9	Renato Botelho	$value = $tunable['value'];
142	61e047a5	Phil Davis	}
143	971de1f9	Renato Botelho
144			$sysctls[$tunable['tunable']] = $value;
145	d0b461f5	sullrich	}
146			}
147	971de1f9	Renato Botelho
148			set_sysctl($sysctls);
149	6df9d7e3	Scott Ullrich	}
150
151	5b237745	Scott Ullrich	function system_resolvconf_generate($dynupdate = false) {
152	c3f535c0	Seth Mos	global $config, $g;
153
154	61e047a5	Phil Davis	if (isset($config['system']['developerspew'])) {
155	c3f535c0	Seth Mos	$mt = microtime();
156			echo "system_resolvconf_generate() being called $mt\n";
157			}
158	ef217c69	Scott Ullrich
159	30cee7b2	Scott Ullrich	$syscfg = $config['system'];
160	ef217c69	Scott Ullrich
161	61e047a5	Phil Davis	if ((((isset($config['dnsmasq']['enable'])) &&
162	e163952f	jim-p	(empty($config['dnsmasq']['port']) \|\| $config['dnsmasq']['port'] == "53") &&
163	61e047a5	Phil Davis	(empty($config['dnsmasq']['interface']) \|\|
164			in_array("lo0", explode(",", $config['dnsmasq']['interface'])))) \|\|
165			((isset($config['unbound']['enable'])) &&
166	e163952f	jim-p	(empty($config['unbound']['port']) \|\| $config['unbound']['port'] == "53") &&
167	61e047a5	Phil Davis	(empty($config['unbound']['active_interface']) \|\|
168			in_array("lo0", explode(",", $config['unbound']['active_interface'])) \|\|
169			in_array("all", explode(",", $config['unbound']['active_interface']), true)))) &&
170			(!isset($config['system']['dnslocalhost']))) {
171	6c86a39f	Ermal	$resolvconf .= "nameserver 127.0.0.1\n";
172	61e047a5	Phil Davis	}
173	8ac329da	Ermal
174	30cee7b2	Scott Ullrich	if (isset($syscfg['dnsallowoverride'])) {
175	c3f535c0	Seth Mos	/* get dynamically assigned DNS servers (if any) */
176	86dcdfc9	Ermal	$ns = array_unique(get_searchdomains());
177	61e047a5	Phil Davis	foreach ($ns as $searchserver) {
178			if ($searchserver) {
179	86dcdfc9	Ermal	$resolvconf .= "search {$searchserver}\n";
180	61e047a5	Phil Davis	}
181	86dcdfc9	Ermal	}
182	c3f535c0	Seth Mos	$ns = array_unique(get_nameservers());
183	61e047a5	Phil Davis	foreach ($ns as $nameserver) {
184			if ($nameserver) {
185	c3f535c0	Seth Mos	$resolvconf .= "nameserver $nameserver\n";
186	61e047a5	Phil Davis	}
187	c3f535c0	Seth Mos	}
188	e8b5f724	Chris Buechler	} else {
189	4ad1ddf2	Phil Davis	$ns = array();
190	e8b5f724	Chris Buechler	// Do not create blank search/domain lines, it can break tools like dig.
191	61e047a5	Phil Davis	if ($syscfg['domain']) {
192	97383d2b	Chris Buechler	$resolvconf .= "search {$syscfg['domain']}\n";
193	61e047a5	Phil Davis	}
194	30cee7b2	Scott Ullrich	}
195	8e866217	Ermal	if (is_array($syscfg['dnsserver'])) {
196	4ad1ddf2	Phil Davis	foreach ($syscfg['dnsserver'] as $sys_dnsserver) {
197	14a6c356	Phil Davis	if ($sys_dnsserver && (!in_array($sys_dnsserver, $ns))) {
198	4ad1ddf2	Phil Davis	$resolvconf .= "nameserver $sys_dnsserver\n";
199	61e047a5	Phil Davis	}
200	e180a6e3	Scott Ullrich	}
201	c3f535c0	Seth Mos	}
202	0f282d7a	Scott Ullrich
203	3b95d9ec	Warren Baker	// Add EDNS support
204	61e047a5	Phil Davis	if (isset($config['unbound']['enable']) && isset($config['unbound']['edns'])) {
205	3b95d9ec	Warren Baker	$resolvconf .= "options edns0\n";
206	61e047a5	Phil Davis	}
207	3b95d9ec	Warren Baker
208	d97ff036	Ermal	$dnslock = lock('resolvconf', LOCK_EX);
209
210	e1daff07	Ermal	$fd = fopen("{$g['varetc_path']}/resolv.conf", "w");
211			if (!$fd) {
212			printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n");
213	d97ff036	Ermal	unlock($dnslock);
214	e1daff07	Ermal	return 1;
215			}
216
217	30cee7b2	Scott Ullrich	fwrite($fd, $resolvconf);
218			fclose($fd);
219	0f282d7a	Scott Ullrich
220	30501526	Warren Baker	// Prevent resolvconf(8) from rewriting our resolv.conf
221			$fd = fopen("{$g['varetc_path']}/resolvconf.conf", "w");
222			if (!$fd) {
223			printf("Error: cannot open resolvconf.conf in system_resolvconf_generate().\n");
224			return 1;
225			}
226			fwrite($fd, "resolv_conf=\"/dev/null\"\n");
227			fclose($fd);
228
229	285ef132	Ermal LUÇI	if (!platform_booting()) {
230	c3f535c0	Seth Mos	/* restart dhcpd (nameservers may have changed) */
231	61e047a5	Phil Davis	if (!$dynupdate) {
232	c3f535c0	Seth Mos	services_dhcpd_configure();
233	61e047a5	Phil Davis	}
234	30cee7b2	Scott Ullrich	}
235	ef217c69	Scott Ullrich
236	c3f535c0	Seth Mos	/* setup static routes for DNS servers. */
237			for ($dnscounter=1; $dnscounter<5; $dnscounter++) {
238			/* setup static routes for dns servers */
239	c935003d	Seth Mos	$dnsgw = "dns{$dnscounter}gw";
240	c3f535c0	Seth Mos	if (isset($config['system'][$dnsgw])) {
241	c6079517	Renato Botelho	if (empty($config['system'][$dnsgw]) \|\|
242			$config['system'][$dnsgw] == "none") {
243			continue;
244			}
245	c935003d	Seth Mos	$gwname = $config['system'][$dnsgw];
246	c6079517	Renato Botelho	$gatewayip = lookup_gateway_ip_by_name($gwname);
247	138e4140	Renato Botelho	$inet6 = is_ipaddrv6($gatewayip) ? '-inet6 ' : '';
248			/* dns server array starts at 0 */
249			$dnsserver = $syscfg['dnsserver'][$dnscounter - 1];
250	c6079517	Renato Botelho
251			if (is_ipaddr($gatewayip)) {
252	138e4140	Renato Botelho	$cmd = 'change';
253			} else {
254			/* Remove old route when disable gw */
255			$cmd = 'delete';
256			$gatewayip = '';
257			}
258
259			mwexec("/sbin/route {$cmd} -host {$inet6}{$dnsserver} {$gatewayip}");
260			if (isset($config['system']['route-debug'])) {
261			$mt = microtime();
262			log_error("ROUTING debug: $mt - route {$cmd} -host {$inet6}{$dnsserver} {$gatewayip}");
263	b875f306	Scott Ullrich	}
264	e180a6e3	Scott Ullrich	}
265	c3f535c0	Seth Mos	}
266	d97ff036	Ermal
267			unlock($dnslock);
268
269	c3f535c0	Seth Mos	return 0;
270	5b237745	Scott Ullrich	}
271
272	86dcdfc9	Ermal	function get_searchdomains() {
273			global $config, $g;
274
275			$master_list = array();
276	61e047a5	Phil Davis
277	86dcdfc9	Ermal	// Read in dhclient nameservers
278	e1daff07	Ermal	$search_list = glob("/var/etc/searchdomain_*");
279	f4a4bcbc	Renato Botelho	if (is_array($search_list)) {
280	61e047a5	Phil Davis	foreach ($search_list as $fdns) {
281	807fd6cd	Ermal	$contents = file($fdns, FILE_IGNORE_NEW_LINES \| FILE_SKIP_EMPTY_LINES);
282	61e047a5	Phil Davis	if (!is_array($contents)) {
283	807fd6cd	Ermal	continue;
284	61e047a5	Phil Davis	}
285	807fd6cd	Ermal	foreach ($contents as $dns) {
286	61e047a5	Phil Davis	if (is_hostname($dns)) {
287	807fd6cd	Ermal	$master_list[] = $dns;
288	61e047a5	Phil Davis	}
289	807fd6cd	Ermal	}
290	86dcdfc9	Ermal	}
291			}
292
293			return $master_list;
294			}
295
296	3d00ccaa	Scott Ullrich	function get_nameservers() {
297			global $config, $g;
298			$master_list = array();
299	61e047a5	Phil Davis
300	2a1226ad	Scott Ullrich	// Read in dhclient nameservers
301	e1daff07	Ermal	$dns_lists = glob("/var/etc/nameserver_*");
302	1033de74	Ermal	if (is_array($dns_lists)) {
303	61e047a5	Phil Davis	foreach ($dns_lists as $fdns) {
304	807fd6cd	Ermal	$contents = file($fdns, FILE_IGNORE_NEW_LINES \| FILE_SKIP_EMPTY_LINES);
305	61e047a5	Phil Davis	if (!is_array($contents)) {
306	807fd6cd	Ermal	continue;
307	61e047a5	Phil Davis	}
308	807fd6cd	Ermal	foreach ($contents as $dns) {
309	61e047a5	Phil Davis	if (is_ipaddr($dns)) {
310	807fd6cd	Ermal	$master_list[] = $dns;
311	61e047a5	Phil Davis	}
312	807fd6cd	Ermal	}
313	60951398	Scott Ullrich	}
314	3d00ccaa	Scott Ullrich	}
315	2a1226ad	Scott Ullrich
316			// Read in any extra nameservers
317	61e047a5	Phil Davis	if (file_exists("/var/etc/nameservers.conf")) {
318	33818198	Ermal	$dns_s = file("/var/etc/nameservers.conf", FILE_IGNORE_NEW_LINES \| FILE_SKIP_EMPTY_LINES);
319	61e047a5	Phil Davis	if (is_array($dns_s)) {
320			foreach ($dns_s as $dns) {
321			if (is_ipaddr($dns)) {
322	1033de74	Ermal	$master_list[] = $dns;
323	61e047a5	Phil Davis	}
324			}
325	e1daff07	Ermal	}
326	2a1226ad	Scott Ullrich	}
327
328	3d00ccaa	Scott Ullrich	return $master_list;
329			}
330
331	5b237745	Scott Ullrich	function system_hosts_generate() {
332	f19d3b7a	Scott Ullrich	global $config, $g;
333	f6248774	Warren Baker	if (isset($config['system']['developerspew'])) {
334	58c7450e	Scott Ullrich	$mt = microtime();
335	dcf0598e	Scott Ullrich	echo "system_hosts_generate() being called $mt\n";
336	f19d3b7a	Scott Ullrich	}
337	0f282d7a	Scott Ullrich
338	5b237745	Scott Ullrich	$syscfg = $config['system'];
339	d6fa0b47	Chris Buechler	// prefer dnsmasq for hosts generation where it's enabled. It relies
340			// on hosts for name resolution of its overrides, unbound does not.
341			if (isset($config['dnsmasq']) && isset($config['dnsmasq']['enable'])) {
342	21713b25	Renato Botelho	$dnsmasqcfg = $config['dnsmasq'];
343	d6fa0b47	Chris Buechler	} else {
344			$dnsmasqcfg = $config['unbound'];
345	61e047a5	Phil Davis	}
346	5b237745	Scott Ullrich
347	6c07db48	Phil Davis	$hosts = "127.0.0.1 localhost localhost.{$syscfg['domain']}\n";
348	21713b25	Renato Botelho	$hosts .= "::1 localhost localhost.{$syscfg['domain']}\n";
349	aa994814	Andrew Thompson	$lhosts = "";
350			$dhosts = "";
351	a55e9c70	Ermal Lu?i
352	e5995f9d	Ermal	if ($config['interfaces']['lan']) {
353			$cfgip = get_interface_ip("lan");
354	61e047a5	Phil Davis	if (is_ipaddr($cfgip)) {
355	f38f8062	Ermal	$hosts .= "{$cfgip} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}\n";
356	61e047a5	Phil Davis	}
357	f7dddc86	Chris Buechler	$cfgipv6 = get_interface_ipv6("lan");
358	61e047a5	Phil Davis	if (is_ipaddrv6($cfgipv6)) {
359	f7dddc86	Chris Buechler	$hosts .= "{$cfgipv6} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}\n";
360	61e047a5	Phil Davis	}
361	e5995f9d	Ermal	} else {
362			$sysiflist = get_configured_interface_list();
363	f7dddc86	Chris Buechler	$hosts_if_found = false;
364	e5995f9d	Ermal	foreach ($sysiflist as $sysif) {
365			if (!interface_has_gateway($sysif)) {
366			$cfgip = get_interface_ip($sysif);
367			if (is_ipaddr($cfgip)) {
368			$hosts .= "{$cfgip} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}\n";
369	f7dddc86	Chris Buechler	$hosts_if_found = true;
370			}
371			$cfgipv6 = get_interface_ipv6($sysif);
372			if (is_ipaddrv6($cfgipv6)) {
373			$hosts .= "{$cfgipv6} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}\n";
374			$hosts_if_found = true;
375	e5995f9d	Ermal	}
376	61e047a5	Phil Davis	if ($hosts_if_found == true) {
377	f7dddc86	Chris Buechler	break;
378	61e047a5	Phil Davis	}
379	e5995f9d	Ermal	}
380			}
381	f38f8062	Ermal	}
382	0f282d7a	Scott Ullrich
383	a80cb9ca	PiBa-NL	if (isset($dnsmasqcfg['enable'])) {
384	61e047a5	Phil Davis	if (!is_array($dnsmasqcfg['hosts'])) {
385	ea1aca13	Renato Botelho	$dnsmasqcfg['hosts'] = array();
386	61e047a5	Phil Davis	}
387	ea1aca13	Renato Botelho
388			foreach ($dnsmasqcfg['hosts'] as $host) {
389	6d457361	Chris Buechler	if ($host['host'] \|\| $host['host'] == "0") {
390	ea1aca13	Renato Botelho	$lhosts .= "{$host['ip']} {$host['host']}.{$host['domain']} {$host['host']}\n";
391	61e047a5	Phil Davis	} else {
392	ea1aca13	Renato Botelho	$lhosts .= "{$host['ip']} {$host['domain']}\n";
393	61e047a5	Phil Davis	}
394			if (!is_array($host['aliases']) \|\| !is_array($host['aliases']['item'])) {
395	ea1aca13	Renato Botelho	continue;
396	61e047a5	Phil Davis	}
397	ea1aca13	Renato Botelho	foreach ($host['aliases']['item'] as $alias) {
398	6d457361	Chris Buechler	if ($alias['host'] \|\| $alias['host'] == "0") {
399	ea1aca13	Renato Botelho	$lhosts .= "{$host['ip']} {$alias['host']}.{$alias['domain']} {$alias['host']}\n";
400	61e047a5	Phil Davis	} else {
401	ea1aca13	Renato Botelho	$lhosts .= "{$host['ip']} {$alias['domain']}\n";
402	61e047a5	Phil Davis	}
403	ea1aca13	Renato Botelho	}
404			}
405			if (isset($dnsmasqcfg['regdhcpstatic']) && is_array($config['dhcpd'])) {
406	61e047a5	Phil Davis	foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) {
407			if (is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable'])) {
408			foreach ($dhcpifconf['staticmap'] as $host) {
409			if ($host['ipaddr'] && $host['hostname'] && $host['domain']) {
410			$dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$host['domain']} {$host['hostname']}\n";
411			} else if ($host['ipaddr'] && $host['hostname'] && $dhcpifconf['domain']) {
412			$dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$dhcpifconf['domain']} {$host['hostname']}\n";
413			} else if ($host['ipaddr'] && $host['hostname']) {
414			$dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
415			}
416			}
417			}
418			}
419	ea1aca13	Renato Botelho	}
420			if (isset($dnsmasqcfg['regdhcpstatic']) && is_array($config['dhcpdv6'])) {
421	61e047a5	Phil Davis	foreach ($config['dhcpdv6'] as $dhcpif => $dhcpifconf) {
422			if (is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable'])) {
423	2bf455ca	Renato Botelho	$isdelegated = $config['interfaces'][$dhcpif]['ipaddrv6'] == 'track6';
424	61e047a5	Phil Davis	foreach ($dhcpifconf['staticmap'] as $host) {
425	2bf455ca	Renato Botelho	$ipaddrv6 = $host['ipaddrv6'];
426			if ($ipaddrv6 && $host['hostname']) {
427			if ($isdelegated) {
428	ada3eeb3	Renato Botelho	$trackifname = $config['interfaces'][$dhcpif]['track6-interface'];
429			$trackcfg = $config['interfaces'][$trackifname];
430			$pdlen = 64 - $trackcfg['dhcp6-ia-pd-len'];
431			$ipaddrv6 = merge_ipv6_delegated_prefix(get_interface_ipv6($dhcpif), $ipaddrv6, $pdlen);
432	2bf455ca	Renato Botelho	}
433			if ($host['domain']) {
434			$dhosts .= "{$ipaddrv6} {$host['hostname']}.{$host['domain']} {$host['hostname']}\n";
435			} else if ($dhcpifconf['domain']) {
436			$dhosts .= "{$ipaddrv6} {$host['hostname']}.{$dhcpifconf['domain']} {$host['hostname']}\n";
437			} else {
438			$dhosts .= "{$ipaddrv6} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
439			}
440	61e047a5	Phil Davis	}
441			}
442			}
443			}
444			}
445
446			if (isset($dnsmasqcfg['dhcpfirst'])) {
447	ea1aca13	Renato Botelho	$hosts .= $dhosts . $lhosts;
448	61e047a5	Phil Davis	} else {
449	ea1aca13	Renato Botelho	$hosts .= $lhosts . $dhosts;
450	61e047a5	Phil Davis	}
451	ea1aca13	Renato Botelho	}
452	aa994814	Andrew Thompson
453	58db1fc4	Ermal	/*
454	61e047a5	Phil Davis	* Do not remove this because dhcpleases monitors with kqueue it needs to be
455	58db1fc4	Ermal	* killed before writing to hosts files.
456			*/
457			if (file_exists("{$g['varrun_path']}/dhcpleases.pid")) {
458			sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM");
459	ea1aca13	Renato Botelho	@unlink("{$g['varrun_path']}/dhcpleases.pid");
460	58db1fc4	Ermal	}
461			$fd = fopen("{$g['varetc_path']}/hosts", "w");
462			if (!$fd) {
463	e8c516a0	Phil Davis	log_error(gettext("Error: cannot open hosts file in system_hosts_generate()."));
464	58db1fc4	Ermal	return 1;
465			}
466	5b237745	Scott Ullrich	fwrite($fd, $hosts);
467			fclose($fd);
468	0f282d7a	Scott Ullrich
469	3f06e538	Warren Baker	if (isset($config['unbound']['enable'])) {
470			require_once("unbound.inc");
471	f6248774	Warren Baker	unbound_hosts_generate();
472	3f06e538	Warren Baker	}
473	f6248774	Warren Baker
474	24d619f5	Ermal	return 0;
475			}
476
477			function system_dhcpleases_configure() {
478	15d456b9	gnhb	global $config, $g;
479	61e047a5	Phil Davis
480	956950de	Ermal	/* Start the monitoring process for dynamic dhcpclients. */
481	61e047a5	Phil Davis	if ((isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcp'])) \|\|
482			(isset($config['unbound']['enable']) && isset($config['unbound']['regdhcp']))) {
483	956950de	Ermal	/* Make sure we do not error out */
484	abdd01f5	Ermal	mwexec("/bin/mkdir -p {$g['dhcpd_chroot_path']}/var/db");
485	61e047a5	Phil Davis	if (!file_exists("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases")) {
486	abdd01f5	Ermal	@touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases");
487	61e047a5	Phil Davis	}
488	4dbcf2fb	Renato Botelho
489	21713b25	Renato Botelho	if (isset($config['unbound']['enable'])) {
490	4dbcf2fb	Renato Botelho	$dns_pid = "unbound.pid";
491	21713b25	Renato Botelho	$unbound_conf = "-u {$g['unbound_chroot_path']}/dhcpleases_entries.conf";
492			} else {
493	4dbcf2fb	Renato Botelho	$dns_pid = "dnsmasq.pid";
494	21713b25	Renato Botelho	$unbound_conf = "";
495			}
496	4dbcf2fb	Renato Botelho
497			$pidfile = "{$g['varrun_path']}/dhcpleases.pid";
498			if (isvalidpid($pidfile)) {
499			/* Make sure dhcpleases is using correct unbound or dnsmasq */
500			$_gb = exec("/bin/pgrep -F {$pidfile} -f {$dns_pid}", $output, $retval);
501			if (intval($retval) == 0) {
502			sigkillbypid($pidfile, "HUP");
503			return;
504	61e047a5	Phil Davis	} else {
505	4dbcf2fb	Renato Botelho	sigkillbypid($pidfile, "TERM");
506	61e047a5	Phil Davis	}
507	69e593c1	jim-p	}
508	4dbcf2fb	Renato Botelho
509			/* To ensure we do not start multiple instances of dhcpleases, perform some clean-up first. */
510	61e047a5	Phil Davis	if (is_process_running("dhcpleases")) {
511	21713b25	Renato Botelho	sigkillbyname('dhcpleases', "TERM");
512	61e047a5	Phil Davis	}
513	21713b25	Renato Botelho	@unlink($pidfile);
514			mwexec("/usr/local/sbin/dhcpleases -l {$g['dhcpd_chroot_path']}/var/db/dhcpd.leases -d {$config['system']['domain']} -p {$g['varrun_path']}/{$dns_pid} {$unbound_conf} -h {$g['varetc_path']}/hosts");
515	15d456b9	gnhb	} else {
516	21713b25	Renato Botelho	sigkillbypid($pidfile, "TERM");
517			@unlink($pidfile);
518	15d456b9	gnhb	}
519	5b237745	Scott Ullrich	}
520
521			function system_hostname_configure() {
522	f19d3b7a	Scott Ullrich	global $config, $g;
523	61e047a5	Phil Davis	if (isset($config['system']['developerspew'])) {
524	58c7450e	Scott Ullrich	$mt = microtime();
525	dcf0598e	Scott Ullrich	echo "system_hostname_configure() being called $mt\n";
526	333f8ef0	Scott Ullrich	}
527	0f282d7a	Scott Ullrich
528	5b237745	Scott Ullrich	$syscfg = $config['system'];
529	0f282d7a	Scott Ullrich
530	5b237745	Scott Ullrich	/* set hostname */
531	6bfccde7	Scott Ullrich	$status = mwexec("/bin/hostname " .
532	5b237745	Scott Ullrich	escapeshellarg("{$syscfg['hostname']}.{$syscfg['domain']}"));
533	6bfccde7	Scott Ullrich
534	61e047a5	Phil Davis	/* Setup host GUID ID. This is used by ZFS. */
535	6bfccde7	Scott Ullrich	mwexec("/etc/rc.d/hostid start");
536
537			return $status;
538	5b237745	Scott Ullrich	}
539
540	1ea67f2e	Ermal	function system_routing_configure($interface = "") {
541	962625aa	Ermal	global $config, $g;
542	6fa9f38c	Renato Botelho
543	61e047a5	Phil Davis	if (isset($config['system']['developerspew'])) {
544	58c7450e	Scott Ullrich	$mt = microtime();
545	dcf0598e	Scott Ullrich	echo "system_routing_configure() being called $mt\n";
546	58c7450e	Scott Ullrich	}
547	333f8ef0	Scott Ullrich
548	a529aced	Ermal	$gatewayip = "";
549			$interfacegw = "";
550	5a5413bb	Seth Mos	$gatewayipv6 = "";
551			$interfacegwv6 = "";
552	d35dfaae	Ermal	$foundgw = false;
553	5a5413bb	Seth Mos	$foundgwv6 = false;
554	a529aced	Ermal	/* tack on all the hard defined gateways as well */
555			if (is_array($config['gateways']['gateway_item'])) {
556	873c1701	Renato Botelho	array_map('unlink', glob("{$g['tmp_path']}/*_defaultgw{,v6}", GLOB_BRACE));
557	a529aced	Ermal	foreach ($config['gateways']['gateway_item'] as $gateway) {
558	f934af33	Ermal	if (isset($gateway['defaultgw'])) {
559	d35dfaae	Ermal	if ($foundgw == false && ($gateway['ipprotocol'] != "inet6" && (is_ipaddrv4($gateway['gateway']) \|\| $gateway['gateway'] == "dynamic"))) {
560	61e047a5	Phil Davis	if (strpos($gateway['gateway'], ":")) {
561	f934af33	Ermal	continue;
562	61e047a5	Phil Davis	}
563			if ($gateway['gateway'] == "dynamic") {
564	f934af33	Ermal	$gateway['gateway'] = get_interface_gateway($gateway['interface']);
565	61e047a5	Phil Davis	}
566	9d595f6a	Ermal	$gatewayip = $gateway['gateway'];
567	03e96afb	Renato Botelho	$interfacegw = $gateway['interface'];
568	f934af33	Ermal	if (!empty($gateway['interface'])) {
569			$defaultif = get_real_interface($gateway['interface']);
570	61e047a5	Phil Davis	if ($defaultif) {
571	f934af33	Ermal	@file_put_contents("{$g['tmp_path']}/{$defaultif}_defaultgw", $gateway['gateway']);
572	61e047a5	Phil Davis	}
573	f934af33	Ermal	}
574			$foundgw = true;
575	d35dfaae	Ermal	} else if ($foundgwv6 == false && ($gateway['ipprotocol'] == "inet6" && (is_ipaddrv6($gateway['gateway']) \|\| $gateway['gateway'] == "dynamic"))) {
576	61e047a5	Phil Davis	if ($gateway['gateway'] == "dynamic") {
577	f934af33	Ermal	$gateway['gateway'] = get_interface_gateway_v6($gateway['interface']);
578	61e047a5	Phil Davis	}
579	9d595f6a	Ermal	$gatewayipv6 = $gateway['gateway'];
580	03e96afb	Renato Botelho	$interfacegwv6 = $gateway['interface'];
581	f934af33	Ermal	if (!empty($gateway['interface'])) {
582	c79f717a	Ermal	$defaultifv6 = get_real_interface($gateway['interface']);
583	61e047a5	Phil Davis	if ($defaultifv6) {
584	f934af33	Ermal	@file_put_contents("{$g['tmp_path']}/{$defaultifv6}_defaultgwv6", $gateway['gateway']);
585	61e047a5	Phil Davis	}
586	f934af33	Ermal	}
587			$foundgwv6 = true;
588	924f202e	Ermal	}
589	a529aced	Ermal	}
590	61e047a5	Phil Davis	if ($foundgw === true && $foundgwv6 === true) {
591	5a5413bb	Seth Mos	break;
592	61e047a5	Phil Davis	}
593	5a5413bb	Seth Mos	}
594	b24bda08	Scott Ullrich	}
595	3cc07282	Ermal	if ($foundgw == false) {
596			$defaultif = get_real_interface("wan");
597			$interfacegw = "wan";
598			$gatewayip = get_interface_gateway("wan");
599	d35dfaae	Ermal	@file_put_contents("{$g['tmp_path']}/{$defaultif}_defaultgw", $gatewayip);
600	61e047a5	Phil Davis	}
601	5a5413bb	Seth Mos	if ($foundgwv6 == false) {
602	c79f717a	Ermal	$defaultifv6 = get_real_interface("wan");
603	4f332466	Seth Mos	$interfacegwv6 = "wan";
604			$gatewayipv6 = get_interface_gateway_v6("wan");
605	d35dfaae	Ermal	@file_put_contents("{$g['tmp_path']}/{$defaultifv6}_defaultgwv6", $gatewayipv6);
606	17a5b095	Seth Mos	}
607	d173230c	Seth Mos	$dont_add_route = false;
608			/* if OLSRD is enabled, allow WAN to house DHCP. */
609	f934af33	Ermal	if (is_array($config['installedpackages']['olsrd'])) {
610	61e047a5	Phil Davis	foreach ($config['installedpackages']['olsrd']['config'] as $olsrd) {
611			if (($olsrd['enabledyngw'] == "on") && ($olsrd['enable'] == "on")) {
612	d173230c	Seth Mos	$dont_add_route = true;
613	e8c516a0	Phil Davis	log_error(gettext("Not adding default route because OLSR dynamic gateway is enabled."));
614	6e17413e	Ermal Lu?i	break;
615	d173230c	Seth Mos	}
616			}
617			}
618	07b54e8c	smos
619	de34f1fc	PiBa-NL	$gateways_arr = return_gateways_array(false, true);
620	4e322e2c	Phil Davis	foreach ($gateways_arr as $gateway) {
621	de34f1fc	PiBa-NL	// setup static interface routes for nonlocal gateways
622			if (isset($gateway["nonlocalgateway"])) {
623			$srgatewayip = $gateway['gateway'];
624			$srinterfacegw = $gateway['interface'];
625			if (is_ipaddr($srgatewayip) && !empty($srinterfacegw)) {
626			$inet = (!is_ipaddrv4($srgatewayip) ? "-inet6" : "-inet");
627			$cmd = "/sbin/route change {$inet} " . escapeshellarg($srgatewayip) . " ";
628			mwexec($cmd . "-iface " . escapeshellarg($srinterfacegw));
629			if (isset($config['system']['route-debug'])) {
630			$mt = microtime();
631			log_error("ROUTING debug: $mt - $cmd -iface $srinterfacegw ");
632			}
633			}
634			}
635			}
636
637	61e047a5	Phil Davis	if ($dont_add_route == false) {
638			if (!empty($interface) && $interface != $interfacegw) {
639	1ea67f2e	Ermal	;
640	61e047a5	Phil Davis	} else if (is_ipaddrv4($gatewayip)) {
641	e8c516a0	Phil Davis	log_error(sprintf(gettext("ROUTING: setting default route to %s"), $gatewayip));
642	b368b35a	Ermal	mwexec("/sbin/route change -inet default " . escapeshellarg($gatewayip));
643	d173230c	Seth Mos	}
644
645	61e047a5	Phil Davis	if (!empty($interface) && $interface != $interfacegwv6) {
646	5a5413bb	Seth Mos	;
647	61e047a5	Phil Davis	} else if (is_ipaddrv6($gatewayipv6)) {
648	8be135cd	Ermal	$ifscope = "";
649	61e047a5	Phil Davis	if (is_linklocal($gatewayipv6) && !strpos($gatewayipv6, '%')) {
650	26ecc19c	smos	$ifscope = "%{$defaultifv6}";
651	61e047a5	Phil Davis	}
652	e8c516a0	Phil Davis	log_error(sprintf(gettext("ROUTING: setting IPv6 default route to %s"), $gatewayipv6 . $ifscope));
653	ef74c9e4	Renato Botelho	mwexec("/sbin/route change -inet6 default " . escapeshellarg("{$gatewayipv6}{$ifscope}"));
654	5a5413bb	Seth Mos	}
655			}
656
657	2a2b9eea	Renato Botelho	system_staticroutes_configure($interface, false);
658
659			return 0;
660			}
661
662			function system_staticroutes_configure($interface = "", $update_dns = false) {
663			global $config, $g, $aliastable;
664
665	356e86d4	Renato Botelho	$filterdns_list = array();
666
667	e47d24e4	Renato Botelho	$static_routes = get_staticroutes(false, true);
668	f898c1a9	jim-p	if (count($static_routes)) {
669	6fdea6a2	smos	$gateways_arr = return_gateways_array(false, true);
670	0f282d7a	Scott Ullrich
671	f898c1a9	jim-p	foreach ($static_routes as $rtent) {
672	a02708b1	Ermal	if (empty($gateways_arr[$rtent['gateway']])) {
673	4a896b86	Carlos Eduardo Ramos	log_error(sprintf(gettext("Static Routes: Gateway IP could not be found for %s"), $rtent['network']));
674	a529aced	Ermal	continue;
675			}
676	a02708b1	Ermal	$gateway = $gateways_arr[$rtent['gateway']];
677	61e047a5	Phil Davis	if (!empty($interface) && $interface != $gateway['friendlyiface']) {
678	a02708b1	Ermal	continue;
679	61e047a5	Phil Davis	}
680	9740fad8	Seth Mos
681	a02708b1	Ermal	$gatewayip = $gateway['gateway'];
682			$interfacegw = $gateway['interface'];
683	a529aced	Ermal
684	1e5f47bb	smos	$blackhole = "";
685	61e047a5	Phil Davis	if (!strcasecmp("Null", substr($rtent['gateway'], 0, 3))) {
686	1e5f47bb	smos	$blackhole = "-blackhole";
687	61e047a5	Phil Davis	}
688	1e5f47bb	smos
689	61e047a5	Phil Davis	if (!is_fqdn($rtent['network']) && !is_subnet($rtent['network'])) {
690	2a2b9eea	Renato Botelho	continue;
691	61e047a5	Phil Davis	}
692	046583c3	Renato Botelho
693	e47d24e4	Renato Botelho	$dnscache = array();
694			if ($update_dns === true) {
695	61e047a5	Phil Davis	if (is_subnet($rtent['network'])) {
696	2a2b9eea	Renato Botelho	continue;
697	61e047a5	Phil Davis	}
698	e47d24e4	Renato Botelho	$dnscache = explode("\n", trim(compare_hostname_to_dnscache($rtent['network'])));
699	61e047a5	Phil Davis	if (empty($dnscache)) {
700	e47d24e4	Renato Botelho	continue;
701	61e047a5	Phil Davis	}
702	e47d24e4	Renato Botelho	}
703	046583c3	Renato Botelho
704	61e047a5	Phil Davis	if (is_subnet($rtent['network'])) {
705	e47d24e4	Renato Botelho	$ips = array($rtent['network']);
706	61e047a5	Phil Davis	} else {
707			if (!isset($rtent['disabled'])) {
708	e47d24e4	Renato Botelho	$filterdns_list[] = $rtent['network'];
709	61e047a5	Phil Davis	}
710	e47d24e4	Renato Botelho	$ips = add_hostname_to_watch($rtent['network']);
711			}
712	2a2b9eea	Renato Botelho
713	e47d24e4	Renato Botelho	foreach ($dnscache as $ip) {
714	61e047a5	Phil Davis	if (in_array($ip, $ips)) {
715	e47d24e4	Renato Botelho	continue;
716	61e047a5	Phil Davis	}
717	e47d24e4	Renato Botelho	mwexec("/sbin/route delete " . escapeshellarg($ip), true);
718	7bd413eb	Chris Buechler	if (isset($config['system']['route-debug'])) {
719			$mt = microtime();
720			log_error("ROUTING debug: $mt - route delete $ip ");
721			}
722	e47d24e4	Renato Botelho	}
723	2a2b9eea	Renato Botelho
724	e47d24e4	Renato Botelho	if (isset($rtent['disabled'])) {
725	1f4ad8f4	Chris Buechler	/* XXX: This can break things by deleting routes that shouldn't be deleted - OpenVPN, dynamic routing scenarios, etc. redmine #3709 */
726	7bd413eb	Chris Buechler	foreach ($ips as $ip) {
727	2a2b9eea	Renato Botelho	mwexec("/sbin/route delete " . escapeshellarg($ip), true);
728	7bd413eb	Chris Buechler	if (isset($config['system']['route-debug'])) {
729			$mt = microtime();
730			log_error("ROUTING debug: $mt - route delete $ip ");
731			}
732			}
733	e47d24e4	Renato Botelho	continue;
734			}
735	2a2b9eea	Renato Botelho
736	e47d24e4	Renato Botelho	foreach ($ips as $ip) {
737	61e047a5	Phil Davis	if (is_ipaddrv4($ip)) {
738	e47d24e4	Renato Botelho	$ip .= "/32";
739	61e047a5	Phil Davis	}
740	e78509cc	Chris Buechler	// do NOT do the same check here on v6, is_ipaddrv6 returns true when including the CIDR mask. doing so breaks v6 routes
741	61e047a5	Phil Davis
742	e47d24e4	Renato Botelho	$inet = (is_subnetv6($ip) ? "-inet6" : "-inet");
743	2a2b9eea	Renato Botelho
744	e47d24e4	Renato Botelho	$cmd = "/sbin/route change {$inet} {$blackhole} " . escapeshellarg($ip) . " ";
745
746	61e047a5	Phil Davis	if (is_subnet($ip)) {
747	7bd413eb	Chris Buechler	if (is_ipaddr($gatewayip)) {
748	e47d24e4	Renato Botelho	mwexec($cmd . escapeshellarg($gatewayip));
749	7bd413eb	Chris Buechler	if (isset($config['system']['route-debug'])) {
750			$mt = microtime();
751			log_error("ROUTING debug: $mt - $cmd $gatewayip");
752			}
753			} else if (!empty($interfacegw)) {
754	e47d24e4	Renato Botelho	mwexec($cmd . "-iface " . escapeshellarg($interfacegw));
755	7bd413eb	Chris Buechler	if (isset($config['system']['route-debug'])) {
756			$mt = microtime();
757			log_error("ROUTING debug: $mt - $cmd -iface $interfacegw ");
758			}
759			}
760	61e047a5	Phil Davis	}
761	2a2b9eea	Renato Botelho	}
762	5b237745	Scott Ullrich	}
763	6a205b6a	Ermal	unset($gateways_arr);
764	5b237745	Scott Ullrich	}
765	6a205b6a	Ermal	unset($static_routes);
766	67ee1ec5	Ermal Luçi
767	e47d24e4	Renato Botelho	if ($update_dns === false) {
768			if (count($filterdns_list)) {
769			$interval = 60;
770			$hostnames = "";
771			array_unique($filterdns_list);
772	61e047a5	Phil Davis	foreach ($filterdns_list as $hostname) {
773	e47d24e4	Renato Botelho	$hostnames .= "cmd {$hostname} '/usr/local/sbin/pfSctl -c \"service reload routedns\"'\n";
774	61e047a5	Phil Davis	}
775	e47d24e4	Renato Botelho	file_put_contents("{$g['varetc_path']}/filterdns-route.hosts", $hostnames);
776			unset($hostnames);
777
778	61e047a5	Phil Davis	if (isvalidpid("{$g['varrun_path']}/filterdns-route.pid")) {
779	e47d24e4	Renato Botelho	sigkillbypid("{$g['varrun_path']}/filterdns-route.pid", "HUP");
780	61e047a5	Phil Davis	} else {
781	e47d24e4	Renato Botelho	mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns-route.pid -i {$interval} -c {$g['varetc_path']}/filterdns-route.hosts -d 1");
782	61e047a5	Phil Davis	}
783	e47d24e4	Renato Botelho	} else {
784			killbypid("{$g['varrun_path']}/filterdns-route.pid");
785			@unlink("{$g['varrun_path']}/filterdns-route.pid");
786			}
787	356e86d4	Renato Botelho	}
788	e47d24e4	Renato Botelho	unset($filterdns_list);
789	356e86d4	Renato Botelho
790	b9c501ea	Seth Mos	return 0;
791	5b237745	Scott Ullrich	}
792
793			function system_routing_enable() {
794	f19d3b7a	Scott Ullrich	global $config, $g;
795	61e047a5	Phil Davis	if (isset($config['system']['developerspew'])) {
796	58c7450e	Scott Ullrich	$mt = microtime();
797	dcf0598e	Scott Ullrich	echo "system_routing_enable() being called $mt\n";
798	58c7450e	Scott Ullrich	}
799	0f282d7a	Scott Ullrich
800	971de1f9	Renato Botelho	set_sysctl(array(
801			"net.inet.ip.forwarding" => "1",
802			"net.inet6.ip6.forwarding" => "1"
803			));
804
805	6da3df4e	Seth Mos	return;
806	5b237745	Scott Ullrich	}
807
808	bd29bb7b	jim-p	function system_syslogd_fixup_server($server) {
809			/* If it's an IPv6 IP alone, encase it in brackets */
810	61e047a5	Phil Davis	if (is_ipaddrv6($server)) {
811	bd29bb7b	jim-p	return "[$server]";
812	61e047a5	Phil Davis	} else {
813	bd29bb7b	jim-p	return $server;
814	61e047a5	Phil Davis	}
815	bd29bb7b	jim-p	}
816
817	236524c2	jim-p	function system_syslogd_get_remote_servers($syslogcfg, $facility = ".") {
818			// Rather than repeatedly use the same code, use this function to build a list of remote servers.
819			$facility .= " ".
820			$remote_servers = "";
821	7d4d7822	Phil Davis	$pad_to = max(strlen($facility), 56);
822	236524c2	jim-p	$padding = ceil(($pad_to - strlen($facility))/8)+1;
823	6c301424	Chris Buechler	if (isset($syslogcfg['enable'])) {
824			if ($syslogcfg['remoteserver']) {
825			$remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver']) . "\n";
826			}
827			if ($syslogcfg['remoteserver2']) {
828			$remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver2']) . "\n";
829			}
830			if ($syslogcfg['remoteserver3']) {
831			$remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver3']) . "\n";
832			}
833	61e047a5	Phil Davis	}
834	236524c2	jim-p	return $remote_servers;
835			}
836
837	41df62c1	jim-p	function clear_log_file($logfile = "/var/log/system.log", $restart_syslogd = true) {
838			global $config, $g;
839			if ($restart_syslogd) {
840			exec("/usr/bin/killall syslogd");
841			}
842			if (isset($config['system']['disablesyslogclog'])) {
843			unlink($logfile);
844			touch($logfile);
845			} else {
846			$log_size = isset($config['syslog']['logfilesize']) ? $config['syslog']['logfilesize'] : "511488";
847			$log_size = isset($config['syslog'][basename($logfile, '.log') . '_settings']['logfilesize']) ? $config['syslog'][basename($logfile, '.log') . '_settings']['logfilesize'] : $log_size;
848			exec("/usr/local/sbin/clog -i -s {$log_size} " . escapeshellarg($logfile));
849			}
850			if ($restart_syslogd) {
851			system_syslogd_start();
852			}
853			}
854
855			function clear_all_log_files($restart = false) {
856			global $g;
857			exec("/usr/bin/killall syslogd");
858
859	1e8599e5	Chris Buechler	$log_files = array("system", "filter", "dhcpd", "vpn", "pptps", "poes", "l2tps", "openvpn", "portalauth", "ipsec", "ppp", "relayd", "wireless", "nginx", "ntpd", "gateways", "resolver", "routing");
860	41df62c1	jim-p	foreach ($log_files as $lfile) {
861			clear_log_file("{$g['varlog_path']}/{$lfile}.log", false);
862			}
863
864			if ($restart) {
865			system_syslogd_start();
866			killbyname("dhcpd");
867			services_dhcpd_configure();
868			}
869			return;
870			}
871
872	5b237745	Scott Ullrich	function system_syslogd_start() {
873	f19d3b7a	Scott Ullrich	global $config, $g;
874	61e047a5	Phil Davis	if (isset($config['system']['developerspew'])) {
875	58c7450e	Scott Ullrich	$mt = microtime();
876	dcf0598e	Scott Ullrich	echo "system_syslogd_start() being called $mt\n";
877	58c7450e	Scott Ullrich	}
878	0f282d7a	Scott Ullrich
879	1fd3fe31	Scott Ullrich	mwexec("/etc/rc.d/hostid start");
880
881	5b237745	Scott Ullrich	$syslogcfg = $config['syslog'];
882
883	61e047a5	Phil Davis	if (platform_booting()) {
884	4a896b86	Carlos Eduardo Ramos	echo gettext("Starting syslog...");
885	61e047a5	Phil Davis	}
886	0f282d7a	Scott Ullrich
887	7ee97cb3	Scott Ullrich	// Which logging type are we using this week??
888	100f3e71	Ermal	if (isset($config['system']['disablesyslogclog'])) {
889			$log_directive = "";
890			$log_create_directive = "/usr/bin/touch ";
891			$log_size = "";
892	7ee97cb3	Scott Ullrich	} else { // Defaults to CLOG
893	100f3e71	Ermal	$log_directive = "%";
894	c7a3356e	jim-p	$log_size = isset($config['syslog']['logfilesize']) ? $config['syslog']['logfilesize'] : "10240";
895	2a50fd8a	Renato Botelho	$log_create_directive = "/usr/local/sbin/clog -i -s ";
896	7ee97cb3	Scott Ullrich	}
897	66201c96	Ermal
898			$syslogd_extra = "";
899	88ebd635	Scott Ullrich	if (isset($syslogcfg)) {
900	69eefb50	Renato Botelho	$separatelogfacilities = array('ntp', 'ntpd', 'ntpdate', 'charon', 'ipsec_starter', 'openvpn', 'pptps', 'poes', 'l2tps', 'relayd', 'hostapd', 'dnsmasq', 'filterdns', 'unbound', 'dhcpd', 'dhcrelay', 'dhclient', 'dhcp6c', 'dpinger', 'radvd', 'routed', 'olsrd', 'zebra', 'ospfd', 'bgpd', 'miniupnpd', 'filterlog');
901	344016a8	Ermal	$syslogconf = "";
902	61e047a5	Phil Davis	if ($config['installedpackages']['package']) {
903			foreach ($config['installedpackages']['package'] as $package) {
904			if ($package['logging']) {
905	d589cccf	Warren Baker	array_push($separatelogfacilities, $package['logging']['facilityname']);
906	086cf944	Phil Davis	if (!is_file($g['varlog_path'].'/'.$package['logging']['logfilename'])) {
907	6587e2af	Robert Nelson	mwexec("{$log_create_directive} {$log_size} {$g['varlog_path']}/{$package['logging']['logfilename']}");
908	086cf944	Phil Davis	}
909	eeb52fea	Warren Baker	$syslogconf .= "!{$package['logging']['facilityname']}\n.\t\t\t\t\t\t {$log_directive}{$g['varlog_path']}/{$package['logging']['logfilename']}\n";
910	a728d2ea	Colin Smith	}
911	0d9d2a1b	Scott Ullrich	}
912			}
913	d2834563	Scott Ullrich	$facilitylist = implode(',', array_unique($separatelogfacilities));
914	5c8cbb26	jim-p	$syslogconf .= "!radvd,routed,olsrd,zebra,ospfd,bgpd,miniupnpd\n";
915	61e047a5	Phil Davis	if (!isset($syslogcfg['disablelocallogging'])) {
916	e0c45357	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/routing.log\n";
917	61e047a5	Phil Davis	}
918	e0c45357	jim-p
919			$syslogconf .= "!ntp,ntpd,ntpdate\n";
920	61e047a5	Phil Davis	if (!isset($syslogcfg['disablelocallogging'])) {
921	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ntpd.log\n";
922	61e047a5	Phil Davis	}
923	236524c2	jim-p
924	295e19dd	Scott Ullrich	$syslogconf .= "!ppp\n";
925	61e047a5	Phil Davis	if (!isset($syslogcfg['disablelocallogging'])) {
926	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ppp.log\n";
927	61e047a5	Phil Davis	}
928	236524c2	jim-p
929	a6607b5f	jim-p	$syslogconf .= "!pptps\n";
930	61e047a5	Phil Davis	if (!isset($syslogcfg['disablelocallogging'])) {
931	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/pptps.log\n";
932	61e047a5	Phil Davis	}
933	236524c2	jim-p
934	a6607b5f	jim-p	$syslogconf .= "!poes\n";
935	61e047a5	Phil Davis	if (!isset($syslogcfg['disablelocallogging'])) {
936	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/poes.log\n";
937	61e047a5	Phil Davis	}
938	236524c2	jim-p
939	a6607b5f	jim-p	$syslogconf .= "!l2tps\n";
940	61e047a5	Phil Davis	if (!isset($syslogcfg['disablelocallogging'])) {
941	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/l2tps.log\n";
942	61e047a5	Phil Davis	}
943	236524c2	jim-p
944	20a95904	Ermal	$syslogconf .= "!charon,ipsec_starter\n";
945	61e047a5	Phil Davis	if (!isset($syslogcfg['disablelocallogging'])) {
946	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ipsec.log\n";
947	61e047a5	Phil Davis	}
948			if (isset($syslogcfg['vpn'])) {
949	236524c2	jim-p	$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
950	61e047a5	Phil Davis	}
951	236524c2	jim-p
952	d2834563	Scott Ullrich	$syslogconf .= "!openvpn\n";
953	61e047a5	Phil Davis	if (!isset($syslogcfg['disablelocallogging'])) {
954	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/openvpn.log\n";
955	61e047a5	Phil Davis	}
956			if (isset($syslogcfg['vpn'])) {
957	236524c2	jim-p	$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
958	61e047a5	Phil Davis	}
959	236524c2	jim-p
960	69eefb50	Renato Botelho	$syslogconf .= "!dpinger\n";
961	61e047a5	Phil Davis	if (!isset($syslogcfg['disablelocallogging'])) {
962	e0977fed	smos	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/gateways.log\n";
963	61e047a5	Phil Davis	}
964	69eefb50	Renato Botelho	if (isset($syslogcfg['dpinger'])) {
965	e0977fed	smos	$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
966	61e047a5	Phil Davis	}
967	e0977fed	smos
968	a89b7342	jim-p	$syslogconf .= "!dnsmasq,filterdns,unbound\n";
969	61e047a5	Phil Davis	if (!isset($syslogcfg['disablelocallogging'])) {
970	e0977fed	smos	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/resolver.log\n";
971	61e047a5	Phil Davis	}
972	e0977fed	smos
973	b462fc5e	Renato Botelho	$syslogconf .= "!dhcpd,dhcrelay,dhclient,dhcp6c\n";
974	61e047a5	Phil Davis	if (!isset($syslogcfg['disablelocallogging'])) {
975	e0977fed	smos	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/dhcpd.log\n";
976	61e047a5	Phil Davis	}
977			if (isset($syslogcfg['dhcp'])) {
978	236524c2	jim-p	$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
979	61e047a5	Phil Davis	}
980	236524c2	jim-p
981	087a89f8	Chris Buechler	$syslogconf .= "!relayd\n";
982	61e047a5	Phil Davis	if (!isset($syslogcfg['disablelocallogging'])) {
983	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/relayd.log\n";
984	61e047a5	Phil Davis	}
985			if (isset($syslogcfg['relayd'])) {
986	236524c2	jim-p	$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
987	61e047a5	Phil Davis	}
988	236524c2	jim-p
989	689eaa4d	jim-p	$syslogconf .= "!hostapd\n";
990	61e047a5	Phil Davis	if (!isset($syslogcfg['disablelocallogging'])) {
991	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/wireless.log\n";
992	61e047a5	Phil Davis	}
993			if (isset($syslogcfg['hostapd'])) {
994	236524c2	jim-p	$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
995	61e047a5	Phil Davis	}
996	236524c2	jim-p
997	686777c4	Ermal	$syslogconf .= "!filterlog\n";
998			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/filter.log\n";
999	61e047a5	Phil Davis	if (isset($syslogcfg['filter'])) {
1000	686777c4	Ermal	$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
1001	61e047a5	Phil Davis	}
1002	686777c4	Ermal
1003	d2834563	Scott Ullrich	$syslogconf .= "!-{$facilitylist}\n";
1004	61e047a5	Phil Davis	if (!isset($syslogcfg['disablelocallogging'])) {
1005	5b237745	Scott Ullrich	$syslogconf .= <<<EOD
1006	236524c2	jim-p	local3.* {$log_directive}{$g['varlog_path']}/vpn.log
1007			local4.* {$log_directive}{$g['varlog_path']}/portalauth.log
1008	be6da8a4	Chris Buechler	local5.* {$log_directive}{$g['varlog_path']}/nginx.log
1009	236524c2	jim-p	local7.* {$log_directive}{$g['varlog_path']}/dhcpd.log
1010	7d4d7822	Phil Davis	.notice;kern.debug;lpr.info;mail.crit;daemon.none;news.err;local0.none;local3.none;local4.none;local7.none;security.;auth.info;authpriv.info;daemon.info {$log_directive}{$g['varlog_path']}/system.log
1011	236524c2	jim-p	auth.info;authpriv.info \|exec /usr/local/sbin/sshlockout_pf 15
1012			.emerg
1013	be5d59d7	Scott Ullrich
1014			EOD;
1015	61e047a5	Phil Davis	}
1016			if (isset($syslogcfg['vpn'])) {
1017	236524c2	jim-p	$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local3.*");
1018	61e047a5	Phil Davis	}
1019			if (isset($syslogcfg['portalauth'])) {
1020	236524c2	jim-p	$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local4.*");
1021	61e047a5	Phil Davis	}
1022			if (isset($syslogcfg['dhcp'])) {
1023	236524c2	jim-p	$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local7.*");
1024	61e047a5	Phil Davis	}
1025	be5d59d7	Scott Ullrich	if (isset($syslogcfg['system'])) {
1026	7d4d7822	Phil Davis	$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".emerg;.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local3.none;local7.none;security.*;auth.info;authpriv.info;daemon.info");
1027	236524c2	jim-p	}
1028	4ef2d703	Chris Buechler	if (isset($syslogcfg['logall'])) {
1029	236524c2	jim-p	// Make everything mean everything, including facilities excluded above.
1030			$syslogconf .= "!*\n";
1031			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
1032			}
1033	be5d59d7	Scott Ullrich
1034	a213ad18	Andrew Thompson	if (isset($syslogcfg['zmqserver'])) {
1035			$syslogconf .= <<<EOD
1036			. ^{$syslogcfg['zmqserver']}
1037
1038			EOD;
1039			}
1040	61e047a5	Phil Davis	/* write syslog.conf */
1041	344016a8	Ermal	if (!@file_put_contents("{$g['varetc_path']}/syslog.conf", $syslogconf)) {
1042			printf(gettext("Error: cannot open syslog.conf in system_syslogd_start().%s"), "\n");
1043			unset($syslogconf);
1044			return 1;
1045			}
1046			unset($syslogconf);
1047	42ee8bde	Scott Ullrich
1048			// Ensure that the log directory exists
1049	61e047a5	Phil Davis	if (!is_dir("{$g['dhcpd_chroot_path']}/var/run")) {
1050	42ee8bde	Scott Ullrich	exec("/bin/mkdir -p {$g['dhcpd_chroot_path']}/var/run");
1051	61e047a5	Phil Davis	}
1052	42ee8bde	Scott Ullrich
1053	cbe12b8d	jim-p	$sourceip = "";
1054			if (!empty($syslogcfg['sourceip'])) {
1055			if ($syslogcfg['ipproto'] == "ipv6") {
1056			$ifaddr = is_ipaddr($syslogcfg['sourceip']) ? $syslogcfg['sourceip'] : get_interface_ipv6($syslogcfg['sourceip']);
1057	61e047a5	Phil Davis	if (!is_ipaddr($ifaddr)) {
1058	cbe12b8d	jim-p	$ifaddr = get_interface_ip($syslogcfg['sourceip']);
1059	61e047a5	Phil Davis	}
1060	cbe12b8d	jim-p	} else {
1061			$ifaddr = is_ipaddr($syslogcfg['sourceip']) ? $syslogcfg['sourceip'] : get_interface_ip($syslogcfg['sourceip']);
1062	61e047a5	Phil Davis	if (!is_ipaddr($ifaddr)) {
1063	cbe12b8d	jim-p	$ifaddr = get_interface_ipv6($syslogcfg['sourceip']);
1064	61e047a5	Phil Davis	}
1065	cbe12b8d	jim-p	}
1066			if (is_ipaddr($ifaddr)) {
1067			$sourceip = "-b {$ifaddr}";
1068			}
1069			}
1070
1071	66201c96	Ermal	$syslogd_extra = "-f {$g['varetc_path']}/syslog.conf {$sourceip}";
1072	5b237745	Scott Ullrich	}
1073	0f282d7a	Scott Ullrich
1074	209ba3aa	Chris Buechler	if (isvalidpid("{$g['varrun_path']}/syslog.pid")) {
1075	f1905a3e	Chris Buechler	sigkillbypid("{$g['varrun_path']}/syslog.pid", "TERM");
1076	209ba3aa	Chris Buechler	usleep(100000); // syslogd often doesn't respond to a TERM quickly enough for the starting of syslogd below to be successful
1077			}
1078	61e047a5	Phil Davis
1079	209ba3aa	Chris Buechler	if (isvalidpid("{$g['varrun_path']}/syslog.pid")) {
1080	61e047a5	Phil Davis	// if it still hasn't responded to the TERM, KILL it.
1081	209ba3aa	Chris Buechler	sigkillbypid("{$g['varrun_path']}/syslog.pid", "KILL");
1082	61e047a5	Phil Davis	usleep(100000);
1083	209ba3aa	Chris Buechler	}
1084
1085	61e047a5	Phil Davis
1086	f1905a3e	Chris Buechler	$retval = mwexec_bg("/usr/sbin/syslogd -s -c -c -l {$g['dhcpd_chroot_path']}/var/run/log -P {$g['varrun_path']}/syslog.pid {$syslogd_extra}");
1087	66201c96	Ermal
1088	61e047a5	Phil Davis	if (platform_booting()) {
1089	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
1090	61e047a5	Phil Davis	}
1091	0f282d7a	Scott Ullrich
1092	5b237745	Scott Ullrich	return $retval;
1093			}
1094
1095	7c4c77ee	jim-p	function system_webgui_create_certificate() {
1096			global $config, $g;
1097
1098	61e047a5	Phil Davis	if (!is_array($config['ca'])) {
1099	7c4c77ee	jim-p	$config['ca'] = array();
1100	61e047a5	Phil Davis	}
1101	7c4c77ee	jim-p	$a_ca =& $config['ca'];
1102	61e047a5	Phil Davis	if (!is_array($config['cert'])) {
1103	7c4c77ee	jim-p	$config['cert'] = array();
1104	61e047a5	Phil Davis	}
1105	7c4c77ee	jim-p	$a_cert =& $config['cert'];
1106	e8c516a0	Phil Davis	log_error(gettext("Creating SSL Certificate for this host"));
1107	7c4c77ee	jim-p
1108			$cert = array();
1109			$cert['refid'] = uniqid();
1110	e8c516a0	Phil Davis	$cert['descr'] = sprintf(gettext("webConfigurator default (%s)"), $cert['refid']);
1111	7c4c77ee	jim-p
1112			$dn = array(
1113			'countryName' => "US",
1114			'stateOrProvinceName' => "State",
1115			'localityName' => "Locality",
1116			'organizationName' => "{$g['product_name']} webConfigurator Self-Signed Certificate",
1117			'emailAddress' => "admin@{$config['system']['hostname']}.{$config['system']['domain']}",
1118	2cf2c62b	jim-p	'commonName' => "{$config['system']['hostname']}-{$cert['refid']}");
1119	f416763b	Phil Davis	$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */
1120	61e047a5	Phil Davis	if (!cert_create($cert, null, 2048, 2000, $dn, "self-signed", "sha256")) {
1121			while ($ssl_err = openssl_error_string()) {
1122	e8c516a0	Phil Davis	log_error(sprintf(gettext("Error creating WebGUI Certificate: openssl library returns: %s"), $ssl_err));
1123	7c4c77ee	jim-p	}
1124			error_reporting($old_err_level);
1125			return null;
1126			}
1127			error_reporting($old_err_level);
1128
1129			$a_cert[] = $cert;
1130			$config['system']['webgui']['ssl-certref'] = $cert['refid'];
1131	e8c516a0	Phil Davis	write_config(sprintf(gettext("Generated new self-signed HTTPS certificate (%s)"), $cert['refid']));
1132	7c4c77ee	jim-p	return $cert;
1133			}
1134
1135	5b237745	Scott Ullrich	function system_webgui_start() {
1136	f19d3b7a	Scott Ullrich	global $config, $g;
1137	877ac35d	Scott Ullrich
1138	61e047a5	Phil Davis	if (platform_booting()) {
1139	4a896b86	Carlos Eduardo Ramos	echo gettext("Starting webConfigurator...");
1140	61e047a5	Phil Davis	}
1141	877ac35d	Scott Ullrich
1142			chdir($g['www_path']);
1143
1144	fb1266d3	Matthew Grooms	/* defaults */
1145			$portarg = "80";
1146			$crt = "";
1147			$key = "";
1148	2cf6ddcb	Nigel Graham	$ca = "";
1149	fb1266d3	Matthew Grooms
1150	877ac35d	Scott Ullrich	/* non-standard port? */
1151	61e047a5	Phil Davis	if (isset($config['system']['webgui']['port']) && $config['system']['webgui']['port'] <> "") {
1152	528df9a7	Scott Ullrich	$portarg = "{$config['system']['webgui']['port']}";
1153	61e047a5	Phil Davis	}
1154	877ac35d	Scott Ullrich
1155			if ($config['system']['webgui']['protocol'] == "https") {
1156	02b383fe	sullrich	// Ensure that we have a webConfigurator CERT
1157	fb1266d3	Matthew Grooms	$cert =& lookup_cert($config['system']['webgui']['ssl-certref']);
1158	61e047a5	Phil Davis	if (!is_array($cert) \|\| !$cert['crt'] \|\| !$cert['prv']) {
1159	7c4c77ee	jim-p	$cert = system_webgui_create_certificate();
1160	61e047a5	Phil Davis	}
1161	0a8dd27b	Renato Botelho	$crt = base64_decode($cert['crt']);
1162			$key = base64_decode($cert['prv']);
1163	7c4c77ee	jim-p
1164	61e047a5	Phil Davis	if (!$config['system']['webgui']['port']) {
1165	7c4c77ee	jim-p	$portarg = "443";
1166	61e047a5	Phil Davis	}
1167	6c07db48	Phil Davis	$ca = ca_chain($cert);
1168	877ac35d	Scott Ullrich	}
1169
1170	1e8599e5	Chris Buechler	/* generate nginx configuration */
1171			system_generate_nginx_config("{$g['varetc_path']}/nginx-webConfigurator.conf",
1172	257fdefe	Chris Buechler	$crt, $key, $ca, "nginx-webConfigurator.pid", $portarg, "/usr/local/www/",
1173	1e8599e5	Chris Buechler	"cert.crt", "cert.key");
1174	877ac35d	Scott Ullrich
1175	1e8599e5	Chris Buechler	/* kill any running nginx */
1176			killbypid("{$g['varrun_path']}/nginx-webConfigurator.pid");
1177	a11bc497	Ermal
1178			sleep(1);
1179
1180	1e8599e5	Chris Buechler	@unlink("{$g['varrun_path']}/nginx-webConfigurator.pid");
1181	a11bc497	Ermal
1182	1e8599e5	Chris Buechler	/* start nginx */
1183			$res = mwexec("/usr/local/sbin/nginx -c {$g['varetc_path']}/nginx-webConfigurator.conf");
1184	877ac35d	Scott Ullrich
1185	285ef132	Ermal LUÇI	if (platform_booting()) {
1186	61e047a5	Phil Davis	if ($res == 0) {
1187	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
1188	61e047a5	Phil Davis	} else {
1189	4a896b86	Carlos Eduardo Ramos	echo gettext("failed!") . "\n";
1190	61e047a5	Phil Davis	}
1191	877ac35d	Scott Ullrich	}
1192
1193			return $res;
1194			}
1195
1196	1e8599e5	Chris Buechler	function system_generate_nginx_config($filename,
1197	eb0f441c	Scott Ullrich	$cert,
1198			$key,
1199	257fdefe	Chris Buechler	$ca,
1200	eb0f441c	Scott Ullrich	$pid_file,
1201			$port = 80,
1202			$document_root = "/usr/local/www/",
1203	1e8599e5	Chris Buechler	$cert_location = "cert.crt",
1204			$key_location = "cert.key",
1205	eb0f441c	Scott Ullrich	$captive_portal = false) {
1206	58c7450e	Scott Ullrich
1207	f19d3b7a	Scott Ullrich	global $config, $g;
1208
1209	61e047a5	Phil Davis	if (isset($config['system']['developerspew'])) {
1210	58c7450e	Scott Ullrich	$mt = microtime();
1211	1e8599e5	Chris Buechler	echo "system_generate_nginx_config() being called $mt\n";
1212	58c7450e	Scott Ullrich	}
1213
1214	6c07db48	Phil Davis	if ($captive_portal !== false) {
1215	1d0c3a10	Chris Buechler	$cp_interfaces = explode(",", $config['captiveportal'][$captive_portal]['interface']);
1216			$cp_hostcheck = "";
1217			foreach ($cp_interfaces as $cpint) {
1218			$cpint_ip = get_interface_ip($cpint);
1219			if (is_ipaddr($cpint_ip)) {
1220	8f10bc95	Chris Buechler	$cp_hostcheck .= "\t\tif (\$http_host ~* $cpint_ip) {\n";
1221	1d0c3a10	Chris Buechler	$cp_hostcheck .= "\t\t\tset \$cp_redirect no;\n";
1222	d1f9426a	Renato Botelho	$cp_hostcheck .= "\t\t}\n";
1223	1d0c3a10	Chris Buechler	}
1224			}
1225	716d10e0	Renato Botelho	if (isset($config['captiveportal'][$captive_portal]['httpsname']) &&
1226			is_domain($config['captiveportal'][$captive_portal]['httpsname'])) {
1227	8f10bc95	Chris Buechler	$cp_hostcheck .= "\t\tif (\$http_host ~* {$config['captiveportal'][$captive_portal]['httpsname']}) {\n";
1228	1d0c3a10	Chris Buechler	$cp_hostcheck .= "\t\t\tset \$cp_redirect no;\n";
1229			$cp_hostcheck .= "\t\t}\n";
1230			}
1231			$cp_rewrite = "\t\tif (\$cp_redirect = '') {\n";
1232	d47fe949	Chris Buechler	$cp_rewrite .= "\t\t\trewrite ^ /index.php?zone=$captive_portal&redirurl=\$request_uri break;\n";
1233	1d0c3a10	Chris Buechler	$cp_rewrite .= "\t\t}\n";
1234
1235	6844896c	bcyrill	$maxprocperip = $config['captiveportal'][$captive_portal]['maxprocperip'];
1236	61e047a5	Phil Davis	if (empty($maxprocperip)) {
1237	f7bddb24	Ermal	$maxprocperip = 10;
1238	61e047a5	Phil Davis	}
1239	f225cb92	Chris Buechler	$captive_portal_maxprocperip = "\t\tlimit_conn addr $maxprocperip;\n";
1240	74a4edc3	Ermal
1241	d1f9426a	Renato Botelho	}
1242	61e047a5	Phil Davis
1243			if (empty($port)) {
1244	1e8599e5	Chris Buechler	$nginx_port = "80";
1245	61e047a5	Phil Davis	} else {
1246	1e8599e5	Chris Buechler	$nginx_port = $port;
1247	61e047a5	Phil Davis	}
1248	3d77d4c4	Scott Ullrich
1249			$memory = get_memory();
1250	6b0739ac	Phil Davis	$realmem = $memory[1];
1251	3d77d4c4	Scott Ullrich
1252	98f20e35	Irving Popovetsky	// Determine web GUI process settings and take into account low memory systems
1253	61e047a5	Phil Davis	if ($realmem < 255) {
1254	a96f2d3d	Ermal	$max_procs = 1;
1255	61e047a5	Phil Davis	} else {
1256	98f20e35	Irving Popovetsky	$max_procs = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2;
1257	61e047a5	Phil Davis	}
1258	f4ebc84a	Scott Ullrich
1259	61e047a5	Phil Davis	// Ramp up captive portal max procs, assuming each PHP process can consume up to 64MB RAM
1260	6c07db48	Phil Davis	if ($captive_portal !== false) {
1261	6b0739ac	Phil Davis	if ($realmem > 135 and $realmem < 256) {
1262	98f20e35	Irving Popovetsky	$max_procs += 1; // 2 worker processes
1263	6b0739ac	Phil Davis	} else if ($realmem > 255 and $realmem < 513) {
1264	a96f2d3d	Ermal	$max_procs += 2; // 3 worker processes
1265	6b0739ac	Phil Davis	} else if ($realmem > 512) {
1266	98f20e35	Irving Popovetsky	$max_procs += 4; // 6 worker processes
1267	70cc6249	Scott Ullrich	}
1268	d1f9426a	Renato Botelho	}
1269	980df75c	Scott Ullrich
1270	1e8599e5	Chris Buechler	$nginx_config = <<<EOD
1271	28cae949	Scott Ullrich	#
1272	1e8599e5	Chris Buechler	# nginx configuration file
1273	a632cf43	Scott Ullrich
1274	1e8599e5	Chris Buechler	pid {$g['varrun_path']}/{$pid_file};
1275	096261af	Scott Ullrich
1276	1e8599e5	Chris Buechler	user root wheel;
1277			worker_processes {$max_procs};
1278	28cae949	Scott Ullrich
1279	f77f43ff	Chris Buechler	EOD;
1280
1281			if (!isset($config['syslog']['nolognginx'])) {
1282			$nginx_config .= "error_log syslog:server=unix:/var/run/log,facility=local5;\n";
1283			}
1284
1285			$nginx_config .= <<<EOD
1286	1e8599e5	Chris Buechler
1287			events {
1288			worker_connections 1024;
1289			}
1290	a632cf43	Scott Ullrich
1291	1e8599e5	Chris Buechler	http {
1292			include /usr/local/etc/nginx/mime.types;
1293			default_type application/octet-stream;
1294			add_header X-Frame-Options SAMEORIGIN;
1295			server_tokens off;
1296	a632cf43	Scott Ullrich
1297	1e8599e5	Chris Buechler	sendfile on;
1298			keepalive_timeout 65;
1299	a632cf43	Scott Ullrich
1300	be6da8a4	Chris Buechler	access_log syslog:server=unix:/var/run/log,facility=local5 combined;
1301	2400f545	Jose Luis Duran
1302	f225cb92	Chris Buechler	EOD;
1303
1304			if ($captive_portal !== false) {
1305			$nginx_config .= "\tlimit_conn_zone \$binary_remote_addr zone=addr:10m;\n";
1306			}
1307
1308			$nginx_config .= <<<EOD
1309
1310	1e8599e5	Chris Buechler	server {
1311			listen {$nginx_port};
1312			listen [::]:{$nginx_port};
1313	f6a65ccb	Chris Buechler	client_max_body_size 200m;
1314	9cb94dd4	Ermal
1315	c4da754d	Chris Buechler	gzip on;
1316			gzip_types text/html text/plain text/css text/javascript;
1317
1318	9cb94dd4	Ermal	EOD;
1319
1320	61e047a5	Phil Davis	if ($cert <> "" and $key <> "") {
1321	1e8599e5	Chris Buechler	$nginx_config .= "\t\tssl on;\n";
1322			$nginx_config .= "\t\tssl_certificate {$g['varetc_path']}/{$cert_location};\n";
1323			$nginx_config .= "\t\tssl_certificate_key {$g['varetc_path']}/{$key_location};\n";
1324	d1f9426a	Renato Botelho	$nginx_config .= "\t\tssl_session_timeout 10m;\n";
1325			$nginx_config .= "\t\tkeepalive_timeout 70;\n";
1326	66a962cb	Chris Buechler	$nginx_config .= "\t\tssl_session_cache shared:SSL:10m;\n";
1327	d1f9426a	Renato Botelho	$nginx_config .= "\t\tssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n";
1328	1e8599e5	Chris Buechler	$nginx_config .= "\t\tssl_ciphers \"EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH\";\n";
1329			$nginx_config .= "\t\tssl_prefer_server_ciphers on;\n";
1330	657cb0db	Jose Luis Duran	$nginx_config .= "\t\tadd_header Strict-Transport-Security \"max-age=31536000\";\n";
1331	1e8599e5	Chris Buechler	$nginx_config .= "\t\tadd_header X-Content-Type-Options nosniff;\n";
1332			$nginx_config .= "\t\tssl_session_tickets off;\n";
1333			$nginx_config .= "\t\tssl_stapling on;\n";
1334			$nginx_config .= "\t\tssl_stapling_verify on;\n";
1335	02ba2c97	Chris Buechler	$nginx_config .= "\t\tssl_dhparam /etc/dh-parameters.4096;\n";
1336	1e8599e5	Chris Buechler	$nginx_config .= "\n";
1337			}
1338
1339	1d0c3a10	Chris Buechler	if ($captive_portal !== false) {
1340			$nginx_config .= <<<EOD
1341	f225cb92	Chris Buechler	$captive_portal_maxprocperip
1342	1d0c3a10	Chris Buechler	$cp_hostcheck
1343			$cp_rewrite
1344
1345			EOD;
1346
1347			}
1348
1349	1e8599e5	Chris Buechler	$nginx_config .= <<<EOD
1350			root "{$document_root}";
1351			location / {
1352			index index.html index.htm index.php;
1353			}
1354
1355			location ~ \.php$ {
1356			try_files \$uri =404; # This line closes a potential security hole
1357	d1f9426a	Renato Botelho	# ensuring users can't execute uploaded files
1358			# see: http://forum.nginx.org/read.php?2,88845,page=3
1359	1e8599e5	Chris Buechler	fastcgi_pass unix:{$g['varrun_path']}/php-fpm.socket;
1360			fastcgi_index index.php;
1361			fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
1362	3fafb89b	Chris Buechler	fastcgi_read_timeout 180;
1363	1e8599e5	Chris Buechler	include /usr/local/etc/nginx/fastcgi_params;
1364	61e047a5	Phil Davis	}
1365	543ecd59	Seth Mos	}
1366	569f47e9	Scott Ullrich
1367	a632cf43	Scott Ullrich	EOD;
1368
1369	7aae518a	Scott Ullrich	$cert = str_replace("\r", "", $cert);
1370	333f8ef0	Scott Ullrich	$key = str_replace("\r", "", $key);
1371	7aae518a	Scott Ullrich
1372			$cert = str_replace("\n\n", "\n", $cert);
1373	333f8ef0	Scott Ullrich	$key = str_replace("\n\n", "\n", $key);
1374	7aae518a	Scott Ullrich
1375	61e047a5	Phil Davis	if ($cert <> "" and $key <> "") {
1376	3a66b621	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/{$cert_location}", "w");
1377	5b237745	Scott Ullrich	if (!$fd) {
1378	1e8599e5	Chris Buechler	printf(gettext("Error: cannot open certificate file in system_webgui_start().%s"), "\n");
1379	5b237745	Scott Ullrich	return 1;
1380			}
1381	3a66b621	Scott Ullrich	chmod("{$g['varetc_path']}/{$cert_location}", 0600);
1382	32818dd9	Chris Buechler	if ($ca <> "") {
1383			$cert_chain = $cert . "\n" . $ca;
1384			} else {
1385			$cert_chain = $cert;
1386			}
1387			fwrite($fd, $cert_chain);
1388	5b237745	Scott Ullrich	fclose($fd);
1389	1e8599e5	Chris Buechler	$fd = fopen("{$g['varetc_path']}/{$key_location}", "w");
1390			if (!$fd) {
1391			printf(gettext("Error: cannot open certificate key file in system_webgui_start().%s"), "\n");
1392			return 1;
1393	61e047a5	Phil Davis	}
1394	1e8599e5	Chris Buechler	chmod("{$g['varetc_path']}/{$key_location}", 0600);
1395			fwrite($fd, $key);
1396			fclose($fd);
1397	5b237745	Scott Ullrich	}
1398	a978a0ff	Chris Buechler
1399	61e047a5	Phil Davis	// Add HTTP to HTTPS redirect
1400	6839a678	Ermal	if ($captive_portal === false && $config['system']['webgui']['protocol'] == "https" && !isset($config['system']['webgui']['disablehttpredirect'])) {
1401	1e8599e5	Chris Buechler	if ($nginx_port != "443") {
1402			$redirectport = ":{$nginx_port}";
1403	61e047a5	Phil Davis	}
1404	1e8599e5	Chris Buechler	$nginx_config .= <<<EOD
1405			server {
1406			listen 80;
1407			listen [::]:80;
1408			rewrite ^ https://\$http_host$redirectport\$request_uri? permanent;
1409	64a2da80	Chris Buechler	}
1410	1e8599e5	Chris Buechler
1411	d7e230ae	Chris Buechler	EOD;
1412			}
1413	d1f9426a	Renato Botelho
1414	1e8599e5	Chris Buechler	$nginx_config .= "}\n";
1415	0f282d7a	Scott Ullrich
1416	4f3756f3	Scott Ullrich	$fd = fopen("{$filename}", "w");
1417	a632cf43	Scott Ullrich	if (!$fd) {
1418	1e8599e5	Chris Buechler	printf(gettext("Error: cannot open %s in system_generate_nginx_config().%s"), $filename, "\n");
1419	a632cf43	Scott Ullrich	return 1;
1420	5b237745	Scott Ullrich	}
1421	1e8599e5	Chris Buechler	fwrite($fd, $nginx_config);
1422	a632cf43	Scott Ullrich	fclose($fd);
1423
1424	ab4e9539	jim-p	/* nginx will fail to start if this directory does not exist. */
1425			safe_mkdir("/var/tmp/nginx/");
1426
1427	a632cf43	Scott Ullrich	return 0;
1428	0f282d7a	Scott Ullrich
1429	5b237745	Scott Ullrich	}
1430
1431	60ff91f1	Renato Botelho	function system_get_timezone_list() {
1432			global $g;
1433
1434	fc3bec29	Renato Botelho	$file_list = array_merge(
1435			glob("/usr/share/zoneinfo/[A-Z]*"),
1436	97433447	jim-p	glob("/usr/share/zoneinfo//"),
1437			glob("/usr/share/zoneinfo///*")
1438	fc3bec29	Renato Botelho	);
1439	60ff91f1	Renato Botelho
1440			if (empty($file_list)) {
1441			$file_list[] = $g['default_timezone'];
1442	fc3bec29	Renato Botelho	} else {
1443			/* Remove directories from list */
1444			$file_list = array_filter($file_list, function($v) {
1445			return !is_dir($v);
1446			});
1447	60ff91f1	Renato Botelho	}
1448
1449	fc3bec29	Renato Botelho	/* Remove directory prefix */
1450			$file_list = str_replace('/usr/share/zoneinfo/', '', $file_list);
1451
1452			sort($file_list);
1453
1454			return $file_list;
1455	60ff91f1	Renato Botelho	}
1456
1457	5b237745	Scott Ullrich	function system_timezone_configure() {
1458	f19d3b7a	Scott Ullrich	global $config, $g;
1459	61e047a5	Phil Davis	if (isset($config['system']['developerspew'])) {
1460	58c7450e	Scott Ullrich	$mt = microtime();
1461	dcf0598e	Scott Ullrich	echo "system_timezone_configure() being called $mt\n";
1462	333f8ef0	Scott Ullrich	}
1463	5b237745	Scott Ullrich
1464			$syscfg = $config['system'];
1465
1466	61e047a5	Phil Davis	if (platform_booting()) {
1467	4a896b86	Carlos Eduardo Ramos	echo gettext("Setting timezone...");
1468	61e047a5	Phil Davis	}
1469	5b237745	Scott Ullrich
1470			/* extract appropriate timezone file */
1471	60ff91f1	Renato Botelho	$timezone = (isset($syscfg['timezone']) ? $syscfg['timezone'] : $g['default_timezone']);
1472	34febcde	Scott Ullrich	conf_mount_rw();
1473	c9ab2622	Chris Buechler	/* DO NOT remove \n otherwise tzsetup will fail */
1474	60ff91f1	Renato Botelho	@file_put_contents("/var/db/zoneinfo", $timezone . "\n");
1475			mwexec("/usr/sbin/tzsetup -r");
1476	27150275	Scott Ullrich	conf_mount_ro();
1477	34febcde	Scott Ullrich
1478	61e047a5	Phil Davis	if (platform_booting()) {
1479	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
1480	61e047a5	Phil Davis	}
1481	5b237745	Scott Ullrich	}
1482
1483	5c8843d5	jim-p	function system_ntp_setup_gps($serialport) {
1484	142f7393	nagyrobi	global $config, $g;
1485	5c8843d5	jim-p	$gps_device = '/dev/gps0';
1486			$serialport = '/dev/'.$serialport;
1487
1488	61e047a5	Phil Davis	if (!file_exists($serialport)) {
1489	5c8843d5	jim-p	return false;
1490	61e047a5	Phil Davis	}
1491	5c8843d5	jim-p
1492			conf_mount_rw();
1493			// Create symlink that ntpd requires
1494			unlink_if_exists($gps_device);
1495	11caacf6	Ermal LUÇI	@symlink($serialport, $gps_device);
1496	5c8843d5	jim-p
1497	1e329241	Robert Noland	$gpsbaud = '4800';
1498			if (is_array($config['ntpd']) && is_array($config['ntpd']['gps']) && !empty($config['ntpd']['gps']['speed'])) {
1499			switch ($config['ntpd']['gps']['speed']) {
1500			case '16':
1501			$gpsbaud = '9600';
1502			break;
1503			case '32':
1504			$gpsbaud = '19200';
1505			break;
1506			case '48':
1507			$gpsbaud = '38400';
1508			break;
1509			case '64':
1510			$gpsbaud = '57600';
1511			break;
1512			case '80':
1513			$gpsbaud = '115200';
1514			break;
1515			}
1516			}
1517
1518			/* Configure the serial port for raw IO and set the speed */
1519	417008f7	Renato Botelho	mwexec("stty -f {$serialport}.init raw speed {$gpsbaud}");
1520	1e329241	Robert Noland
1521	5c8843d5	jim-p	/* Send the following to the GPS port to initialize the GPS */
1522	ec7bc948	Ermal	if (is_array($config['ntpd']) && is_array($config['ntpd']['gps']) && !empty($config['ntpd']['gps']['type'])) {
1523	142f7393	nagyrobi	$gps_init = base64_decode($config['ntpd']['gps']['initcmd']);
1524	61e047a5	Phil Davis	} else {
1525	142f7393	nagyrobi	$gps_init = base64_decode('JFBVQlgsNDAsR1NWLDAsMCwwLDAqNTkNCiRQVUJYLDQwLEdMTCwwLDAsMCwwKjVDDQokUFVCWCw0MCxaREEsMCwwLDAsMCo0NA0KJFBVQlgsNDAsVlRHLDAsMCwwLDAqNUUNCiRQVUJYLDQwLEdTViwwLDAsMCwwKjU5DQokUFVCWCw0MCxHU0EsMCwwLDAsMCo0RQ0KJFBVQlgsNDAsR0dBLDAsMCwwLDANCiRQVUJYLDQwLFRYVCwwLDAsMCwwDQokUFVCWCw0MCxSTUMsMCwwLDAsMCo0Ng0KJFBVQlgsNDEsMSwwMDA3LDAwMDMsNDgwMCwwDQokUFVCWCw0MCxaREEsMSwxLDEsMQ==');
1526			}
1527	ec7bc948	Ermal
1528			/* XXX: Why not file_put_contents to the device */
1529			@file_put_contents('/tmp/gps.init', $gps_init);
1530	417008f7	Renato Botelho	mwexec("cat /tmp/gps.init > {$serialport}");
1531	5c8843d5	jim-p
1532			/* Add /etc/remote entry in case we need to read from the GPS with tip */
1533	ec7bc948	Ermal	if (intval(`grep -c '^gps0' /etc/remote`) == 0) {
1534			@file_put_contents("/etc/remote", "gps0:dv={$serialport}:br#{$gpsbaud}:pa=none:", FILE_APPEND);
1535			}
1536	5c8843d5	jim-p
1537			conf_mount_ro();
1538
1539			return true;
1540			}
1541
1542	142f7393	nagyrobi	function system_ntp_setup_pps($serialport) {
1543			global $config, $g;
1544	ec7bc948	Ermal
1545	142f7393	nagyrobi	$pps_device = '/dev/pps0';
1546			$serialport = '/dev/'.$serialport;
1547
1548	61e047a5	Phil Davis	if (!file_exists($serialport)) {
1549	142f7393	nagyrobi	return false;
1550	61e047a5	Phil Davis	}
1551	142f7393	nagyrobi
1552			conf_mount_rw();
1553			// Create symlink that ntpd requires
1554			unlink_if_exists($pps_device);
1555	ec7bc948	Ermal	@symlink($serialport, $pps_device);
1556	142f7393	nagyrobi
1557			conf_mount_ro();
1558
1559			return true;
1560			}
1561
1562
1563	0b8e9d38	jim-p	function system_ntp_configure($start_ntpd=true) {
1564	f19d3b7a	Scott Ullrich	global $config, $g;
1565	ec7bc948	Ermal
1566	42135f07	jim-p	$driftfile = "/var/db/ntpd.drift";
1567	5c8843d5	jim-p	$statsdir = "/var/log/ntp";
1568			$gps_device = '/dev/gps0';
1569	5b237745	Scott Ullrich
1570	5c8843d5	jim-p	safe_mkdir($statsdir);
1571
1572	61e047a5	Phil Davis	if (!is_array($config['ntpd'])) {
1573	ec7bc948	Ermal	$config['ntpd'] = array();
1574	61e047a5	Phil Davis	}
1575	ec7bc948	Ermal
1576	b2305621	Ermal	$ntpcfg = "# \n";
1577	42135f07	jim-p	$ntpcfg .= "# pfSense ntp configuration file \n";
1578	b2305621	Ermal	$ntpcfg .= "# \n\n";
1579	362c9bb0	jim-p	$ntpcfg .= "tinker panic 0 \n";
1580	0f282d7a	Scott Ullrich
1581	142f7393	nagyrobi	/* Add Orphan mode */
1582			$ntpcfg .= "# Orphan mode stratum\n";
1583			$ntpcfg .= 'tos orphan ';
1584			if (!empty($config['ntpd']['orphan'])) {
1585			$ntpcfg .= $config['ntpd']['orphan'];
1586	61e047a5	Phil Davis	} else {
1587	142f7393	nagyrobi	$ntpcfg .= '12';
1588			}
1589			$ntpcfg .= "\n";
1590
1591			/* Add PPS configuration */
1592	61e047a5	Phil Davis	if (is_array($config['ntpd']['pps']) && !empty($config['ntpd']['pps']['port']) &&
1593			file_exists('/dev/'.$config['ntpd']['pps']['port']) &&
1594			system_ntp_setup_pps($config['ntpd']['pps']['port'])) {
1595	142f7393	nagyrobi	$ntpcfg .= "\n";
1596			$ntpcfg .= "# PPS Setup\n";
1597			$ntpcfg .= 'server 127.127.22.0';
1598			$ntpcfg .= ' minpoll 4 maxpoll 4';
1599			if (empty($config['ntpd']['pps']['prefer'])) { /note: this one works backwards /
1600	61e047a5	Phil Davis	$ntpcfg .= ' prefer';
1601	142f7393	nagyrobi	}
1602			if (!empty($config['ntpd']['pps']['noselect'])) {
1603			$ntpcfg .= ' noselect ';
1604			}
1605			$ntpcfg .= "\n";
1606			$ntpcfg .= 'fudge 127.127.22.0';
1607			if (!empty($config['ntpd']['pps']['fudge1'])) {
1608			$ntpcfg .= ' time1 ';
1609			$ntpcfg .= $config['ntpd']['pps']['fudge1'];
1610			}
1611			if (!empty($config['ntpd']['pps']['flag2'])) {
1612			$ntpcfg .= ' flag2 1';
1613			}
1614			if (!empty($config['ntpd']['pps']['flag3'])) {
1615			$ntpcfg .= ' flag3 1';
1616	61e047a5	Phil Davis	} else {
1617	142f7393	nagyrobi	$ntpcfg .= ' flag3 0';
1618			}
1619			if (!empty($config['ntpd']['pps']['flag4'])) {
1620			$ntpcfg .= ' flag4 1';
1621			}
1622			if (!empty($config['ntpd']['pps']['refid'])) {
1623			$ntpcfg .= ' refid ';
1624			$ntpcfg .= $config['ntpd']['pps']['refid'];
1625			}
1626			$ntpcfg .= "\n";
1627			}
1628			/* End PPS configuration */
1629
1630			/* Add GPS configuration */
1631	61e047a5	Phil Davis	if (is_array($config['ntpd']['gps']) && !empty($config['ntpd']['gps']['port']) &&
1632			file_exists('/dev/'.$config['ntpd']['gps']['port']) &&
1633			system_ntp_setup_gps($config['ntpd']['gps']['port'])) {
1634	142f7393	nagyrobi	$ntpcfg .= "\n";
1635			$ntpcfg .= "# GPS Setup\n";
1636			$ntpcfg .= 'server 127.127.20.0 mode ';
1637			if (!empty($config['ntpd']['gps']['nmea']) \|\| !empty($config['ntpd']['gps']['speed']) \|\| !empty($config['ntpd']['gps']['subsec'])) {
1638			if (!empty($config['ntpd']['gps']['nmea'])) {
1639			$ntpmode = (int) $config['ntpd']['gps']['nmea'];
1640			}
1641			if (!empty($config['ntpd']['gps']['speed'])) {
1642			$ntpmode += (int) $config['ntpd']['gps']['speed'];
1643			}
1644			if (!empty($config['ntpd']['gps']['subsec'])) {
1645			$ntpmode += 128;
1646			}
1647			$ntpcfg .= (string) $ntpmode;
1648	61e047a5	Phil Davis	} else {
1649	142f7393	nagyrobi	$ntpcfg .= '0';
1650			}
1651			$ntpcfg .= ' minpoll 4 maxpoll 4';
1652			if (empty($config['ntpd']['gps']['prefer'])) { /note: this one works backwards /
1653	61e047a5	Phil Davis	$ntpcfg .= ' prefer';
1654	142f7393	nagyrobi	}
1655			if (!empty($config['ntpd']['gps']['noselect'])) {
1656			$ntpcfg .= ' noselect ';
1657			}
1658			$ntpcfg .= "\n";
1659			$ntpcfg .= 'fudge 127.127.20.0';
1660			if (!empty($config['ntpd']['gps']['fudge1'])) {
1661			$ntpcfg .= ' time1 ';
1662			$ntpcfg .= $config['ntpd']['gps']['fudge1'];
1663			}
1664			if (!empty($config['ntpd']['gps']['fudge2'])) {
1665			$ntpcfg .= ' time2 ';
1666			$ntpcfg .= $config['ntpd']['gps']['fudge2'];
1667			}
1668			if (!empty($config['ntpd']['gps']['flag1'])) {
1669			$ntpcfg .= ' flag1 1';
1670	61e047a5	Phil Davis	} else {
1671	142f7393	nagyrobi	$ntpcfg .= ' flag1 0';
1672			}
1673			if (!empty($config['ntpd']['gps']['flag2'])) {
1674			$ntpcfg .= ' flag2 1';
1675			}
1676			if (!empty($config['ntpd']['gps']['flag3'])) {
1677			$ntpcfg .= ' flag3 1';
1678	61e047a5	Phil Davis	} else {
1679	142f7393	nagyrobi	$ntpcfg .= ' flag3 0';
1680			}
1681			if (!empty($config['ntpd']['gps']['flag4'])) {
1682			$ntpcfg .= ' flag4 1';
1683			}
1684			if (!empty($config['ntpd']['gps']['refid'])) {
1685			$ntpcfg .= ' refid ';
1686			$ntpcfg .= $config['ntpd']['gps']['refid'];
1687			}
1688	66937f5c	Jean Cyr	if (!empty($config['ntpd']['gps']['stratum'])) {
1689			$ntpcfg .= ' stratum ';
1690			$ntpcfg .= $config['ntpd']['gps']['stratum'];
1691			}
1692	142f7393	nagyrobi	$ntpcfg .= "\n";
1693	61e047a5	Phil Davis	} elseif (is_array($config['ntpd']) && !empty($config['ntpd']['gpsport']) &&
1694			file_exists('/dev/'.$config['ntpd']['gpsport']) &&
1695			system_ntp_setup_gps($config['ntpd']['gpsport'])) {
1696	142f7393	nagyrobi	/* This handles a 2.1 and earlier config */
1697	5c8843d5	jim-p	$ntpcfg .= "# GPS Setup\n";
1698			$ntpcfg .= "server 127.127.20.0 mode 0 minpoll 4 maxpoll 4 prefer\n";
1699			$ntpcfg .= "fudge 127.127.20.0 time1 0.155 time2 0.000 flag1 1 flag2 0 flag3 1\n";
1700			// Fall back to local clock if GPS is out of sync?
1701			$ntpcfg .= "server 127.127.1.0\n";
1702			$ntpcfg .= "fudge 127.127.1.0 stratum 12\n";
1703			}
1704	142f7393	nagyrobi	/* End GPS configuration */
1705	61e047a5	Phil Davis
1706	5c8843d5	jim-p	$ntpcfg .= "\n\n# Upstream Servers\n";
1707	142f7393	nagyrobi	/* foreach through ntp servers and write out to ntpd.conf */
1708			foreach (explode(' ', $config['system']['timeservers']) as $ts) {
1709			$ntpcfg .= "server {$ts} iburst maxpoll 9";
1710	61e047a5	Phil Davis	if (substr_count($config['ntpd']['prefer'], $ts)) {
1711			$ntpcfg .= ' prefer';
1712			}
1713			if (substr_count($config['ntpd']['noselect'], $ts)) {
1714			$ntpcfg .= ' noselect';
1715			}
1716	142f7393	nagyrobi	$ntpcfg .= "\n";
1717			}
1718			unset($ts);
1719
1720			$ntpcfg .= "\n\n";
1721	e1a456e6	Chris Buechler	$ntpcfg .= "disable monitor\n"; //prevent NTP reflection attack, see https://forum.pfsense.org/index.php/topic,67189.msg389132.html#msg389132
1722	142f7393	nagyrobi	if (!empty($config['ntpd']['clockstats']) \|\| !empty($config['ntpd']['loopstats']) \|\| !empty($config['ntpd']['peerstats'])) {
1723			$ntpcfg .= "enable stats\n";
1724			$ntpcfg .= 'statistics';
1725			if (!empty($config['ntpd']['clockstats'])) {
1726			$ntpcfg .= ' clockstats';
1727			}
1728			if (!empty($config['ntpd']['loopstats'])) {
1729			$ntpcfg .= ' loopstats';
1730			}
1731			if (!empty($config['ntpd']['peerstats'])) {
1732			$ntpcfg .= ' peerstats';
1733			}
1734			$ntpcfg .= "\n";
1735			}
1736	5c8843d5	jim-p	$ntpcfg .= "statsdir {$statsdir}\n";
1737	142f7393	nagyrobi	$ntpcfg .= 'logconfig =syncall +clockall';
1738			if (!empty($config['ntpd']['logpeer'])) {
1739			$ntpcfg .= ' +peerall';
1740			}
1741			if (!empty($config['ntpd']['logsys'])) {
1742			$ntpcfg .= ' +sysall';
1743			}
1744			$ntpcfg .= "\n";
1745	42135f07	jim-p	$ntpcfg .= "driftfile {$driftfile}\n";
1746	142f7393	nagyrobi	/* Access restrictions */
1747			$ntpcfg .= 'restrict default';
1748			if (empty($config['ntpd']['kod'])) { /note: this one works backwards /
1749	61e047a5	Phil Davis	$ntpcfg .= ' kod limited';
1750	142f7393	nagyrobi	}
1751			if (empty($config['ntpd']['nomodify'])) { /note: this one works backwards /
1752	61e047a5	Phil Davis	$ntpcfg .= ' nomodify';
1753	142f7393	nagyrobi	}
1754			if (!empty($config['ntpd']['noquery'])) {
1755			$ntpcfg .= ' noquery';
1756			}
1757			if (empty($config['ntpd']['nopeer'])) { /note: this one works backwards /
1758	61e047a5	Phil Davis	$ntpcfg .= ' nopeer';
1759	142f7393	nagyrobi	}
1760			if (empty($config['ntpd']['notrap'])) { /note: this one works backwards /
1761	61e047a5	Phil Davis	$ntpcfg .= ' notrap';
1762	142f7393	nagyrobi	}
1763			if (!empty($config['ntpd']['noserve'])) {
1764			$ntpcfg .= ' noserve';
1765			}
1766			$ntpcfg .= "\nrestrict -6 default";
1767			if (empty($config['ntpd']['kod'])) { /note: this one works backwards /
1768	61e047a5	Phil Davis	$ntpcfg .= ' kod limited';
1769	142f7393	nagyrobi	}
1770			if (empty($config['ntpd']['nomodify'])) { /note: this one works backwards /
1771	61e047a5	Phil Davis	$ntpcfg .= ' nomodify';
1772	142f7393	nagyrobi	}
1773			if (!empty($config['ntpd']['noquery'])) {
1774			$ntpcfg .= ' noquery';
1775			}
1776			if (empty($config['ntpd']['nopeer'])) { /note: this one works backwards /
1777	61e047a5	Phil Davis	$ntpcfg .= ' nopeer';
1778	142f7393	nagyrobi	}
1779			if (!empty($config['ntpd']['noserve'])) {
1780			$ntpcfg .= ' noserve';
1781			}
1782			if (empty($config['ntpd']['notrap'])) { /note: this one works backwards /
1783	61e047a5	Phil Davis	$ntpcfg .= ' notrap';
1784	142f7393	nagyrobi	}
1785			$ntpcfg .= "\n";
1786
1787			/* A leapseconds file is really only useful if this clock is stratum 1 */
1788			$ntpcfg .= "\n";
1789			if (!empty($config['ntpd']['leapsec'])) {
1790			$leapsec .= base64_decode($config['ntpd']['leapsec']);
1791			file_put_contents('/var/db/leap-seconds', $leapsec);
1792			$ntpcfg .= "leapfile /var/db/leap-seconds\n";
1793			}
1794	61e047a5	Phil Davis
1795	95594e5a	Scott Ullrich
1796	51e76899	Ermal LUÇI	if (empty($config['ntpd']['interface'])) {
1797	61e047a5	Phil Davis	if (is_array($config['installedpackages']['openntpd']) && !empty($config['installedpackages']['openntpd']['config'][0]['interface'])) {
1798	cf180ccc	jim-p	$interfaces = explode(",", $config['installedpackages']['openntpd']['config'][0]['interface']);
1799	61e047a5	Phil Davis	} else {
1800	cf180ccc	jim-p	$interfaces = array();
1801	61e047a5	Phil Davis	}
1802			} else {
1803	cf180ccc	jim-p	$interfaces = explode(",", $config['ntpd']['interface']);
1804	61e047a5	Phil Davis	}
1805	cf180ccc	jim-p
1806			if (is_array($interfaces) && count($interfaces)) {
1807	2a5960b0	Luiz Otavio O Souza	$finterfaces = array();
1808	cf180ccc	jim-p	$ntpcfg .= "interface ignore all\n";
1809			foreach ($interfaces as $interface) {
1810	2a5960b0	Luiz Otavio O Souza	$interface = get_real_interface($interface);
1811	d9901ff4	Chris Buechler	if (!empty($interface)) {
1812	2a5960b0	Luiz Otavio O Souza	$finterfaces[] = $interface;
1813	d9901ff4	Chris Buechler	}
1814	2a5960b0	Luiz Otavio O Souza	}
1815			foreach ($finterfaces as $interface) {
1816			$ntpcfg .= "interface listen {$interface}\n";
1817	cf180ccc	jim-p	}
1818			}
1819
1820	f416763b	Phil Davis	/* open configuration for writing or bail */
1821	b9f29f84	Ermal	if (!@file_put_contents("{$g['varetc_path']}/ntpd.conf", $ntpcfg)) {
1822	e8c516a0	Phil Davis	log_error(sprintf(gettext("Could not open %s/ntpd.conf for writing"), $g['varetc_path']));
1823	b2305621	Ermal	return;
1824			}
1825	20b90e0a	Scott Ullrich
1826	0b8e9d38	jim-p	/* At bootup we just want to write out the config. */
1827	61e047a5	Phil Davis	if (!$start_ntpd) {
1828	0b8e9d38	jim-p	return;
1829	61e047a5	Phil Davis	}
1830	0b8e9d38	jim-p
1831	42135f07	jim-p	/* if ntpd is running, kill it */
1832	df40755d	Ermal	while (isvalidpid("{$g['varrun_path']}/ntpd.pid")) {
1833	b9f29f84	Ermal	killbypid("{$g['varrun_path']}/ntpd.pid");
1834	5f3e1f12	Scott Ullrich	}
1835	b9f29f84	Ermal	@unlink("{$g['varrun_path']}/ntpd.pid");
1836	5f3e1f12	Scott Ullrich
1837			/* if /var/empty does not exist, create it */
1838	61e047a5	Phil Davis	if (!is_dir("/var/empty")) {
1839	0fd64e94	nagyrobi	mkdir("/var/empty", 0775, true);
1840	61e047a5	Phil Davis	}
1841	5f3e1f12	Scott Ullrich
1842	20b90e0a	Scott Ullrich	/* start opentpd, set time now and use /var/etc/ntpd.conf */
1843	0fd64e94	nagyrobi	mwexec("/usr/local/sbin/ntpd -g -c {$g['varetc_path']}/ntpd.conf -p {$g['varrun_path']}/ntpd.pid", false, true);
1844	61e047a5	Phil Davis
1845	83eb4567	Scott Ullrich	// Note that we are starting up
1846	42135f07	jim-p	log_error("NTPD is starting up.");
1847	0b8e9d38	jim-p	return;
1848	5b237745	Scott Ullrich	}
1849
1850	652cf082	Seth Mos	function sync_system_time() {
1851			global $config, $g;
1852
1853	61e047a5	Phil Davis	if (platform_booting()) {
1854	4a896b86	Carlos Eduardo Ramos	echo gettext("Syncing system time before startup...");
1855	61e047a5	Phil Davis	}
1856	652cf082	Seth Mos
1857			/* foreach through servers and write out to ntpd.conf */
1858	b2305621	Ermal	foreach (explode(' ', $config['system']['timeservers']) as $ts) {
1859	fdfa8f43	jim-p	mwexec("/usr/local/sbin/ntpdate -s $ts");
1860	652cf082	Seth Mos	}
1861	61e047a5	Phil Davis
1862			if (platform_booting()) {
1863	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
1864	61e047a5	Phil Davis	}
1865
1866	652cf082	Seth Mos	}
1867
1868	405e5de0	Scott Ullrich	function system_halt() {
1869			global $g;
1870
1871			system_reboot_cleanup();
1872
1873	523855b0	Scott Ullrich	mwexec("/usr/bin/nohup /etc/rc.halt > /dev/null 2>&1 &");
1874	405e5de0	Scott Ullrich	}
1875
1876	5b237745	Scott Ullrich	function system_reboot() {
1877			global $g;
1878	0f282d7a	Scott Ullrich
1879	5b237745	Scott Ullrich	system_reboot_cleanup();
1880	0f282d7a	Scott Ullrich
1881	5b237745	Scott Ullrich	mwexec("nohup /etc/rc.reboot > /dev/null 2>&1 &");
1882			}
1883
1884			function system_reboot_sync() {
1885			global $g;
1886	0f282d7a	Scott Ullrich
1887	5b237745	Scott Ullrich	system_reboot_cleanup();
1888	0f282d7a	Scott Ullrich
1889	5b237745	Scott Ullrich	mwexec("/etc/rc.reboot > /dev/null 2>&1");
1890			}
1891
1892			function system_reboot_cleanup() {
1893	62f20eab	Michael Newton	global $config, $cpzone;
1894
1895	97d4e30b	Seth Mos	mwexec("/usr/local/bin/beep.sh stop");
1896	04967d99	jim-p	require_once("captiveportal.inc");
1897	52034432	Renato Botelho	if (is_array($config['captiveportal'])) {
1898	34cb8645	Jean Cyr	foreach ($config['captiveportal'] as $cpzone=>$cp) {
1899			captiveportal_radius_stop_all();
1900			captiveportal_send_server_accounting(true);
1901			}
1902	62f20eab	Michael Newton	}
1903	336e3c1c	Charlie	require_once("voucher.inc");
1904			voucher_save_db_to_config();
1905	60dd7649	jim-p	require_once("pkg-utils.inc");
1906			stop_packages();
1907	5b237745	Scott Ullrich	}
1908
1909			function system_do_shell_commands($early = 0) {
1910	f19d3b7a	Scott Ullrich	global $config, $g;
1911	61e047a5	Phil Davis	if (isset($config['system']['developerspew'])) {
1912	58c7450e	Scott Ullrich	$mt = microtime();
1913	dcf0598e	Scott Ullrich	echo "system_do_shell_commands() being called $mt\n";
1914	58c7450e	Scott Ullrich	}
1915	0f282d7a	Scott Ullrich
1916	61e047a5	Phil Davis	if ($early) {
1917	5b237745	Scott Ullrich	$cmdn = "earlyshellcmd";
1918	61e047a5	Phil Davis	} else {
1919	5b237745	Scott Ullrich	$cmdn = "shellcmd";
1920	61e047a5	Phil Davis	}
1921	0f282d7a	Scott Ullrich
1922	5b237745	Scott Ullrich	if (is_array($config['system'][$cmdn])) {
1923	333f8ef0	Scott Ullrich
1924	245388b4	Scott Ullrich	/* cmd is an array, loop through /
1925	5b237745	Scott Ullrich	foreach ($config['system'][$cmdn] as $cmd) {
1926			exec($cmd);
1927			}
1928	245388b4	Scott Ullrich
1929	61e047a5	Phil Davis	} elseif ($config['system'][$cmdn] <> "") {
1930	333f8ef0	Scott Ullrich
1931	245388b4	Scott Ullrich	/* execute single item */
1932			exec($config['system'][$cmdn]);
1933
1934	5b237745	Scott Ullrich	}
1935			}
1936
1937			function system_console_configure() {
1938	f19d3b7a	Scott Ullrich	global $config, $g;
1939	61e047a5	Phil Davis	if (isset($config['system']['developerspew'])) {
1940	58c7450e	Scott Ullrich	$mt = microtime();
1941	dcf0598e	Scott Ullrich	echo "system_console_configure() being called $mt\n";
1942	333f8ef0	Scott Ullrich	}
1943	0f282d7a	Scott Ullrich
1944	5b237745	Scott Ullrich	if (isset($config['system']['disableconsolemenu'])) {
1945			touch("{$g['varetc_path']}/disableconsole");
1946			} else {
1947			unlink_if_exists("{$g['varetc_path']}/disableconsole");
1948			}
1949			}
1950
1951			function system_dmesg_save() {
1952	f19d3b7a	Scott Ullrich	global $g;
1953	61e047a5	Phil Davis	if (isset($config['system']['developerspew'])) {
1954	58c7450e	Scott Ullrich	$mt = microtime();
1955	dcf0598e	Scott Ullrich	echo "system_dmesg_save() being called $mt\n";
1956	f19d3b7a	Scott Ullrich	}
1957	0f282d7a	Scott Ullrich
1958	767a716e	Scott Ullrich	$dmesg = "";
1959	703b1ce1	Ermal	$_gb = exec("/sbin/dmesg", $dmesg);
1960	0f282d7a	Scott Ullrich
1961	5b237745	Scott Ullrich	/* find last copyright line (output from previous boots may be present) */
1962			$lastcpline = 0;
1963	0f282d7a	Scott Ullrich
1964	5b237745	Scott Ullrich	for ($i = 0; $i < count($dmesg); $i++) {
1965	61e047a5	Phil Davis	if (strstr($dmesg[$i], "Copyright (c) 1992-")) {
1966	5b237745	Scott Ullrich	$lastcpline = $i;
1967	61e047a5	Phil Davis	}
1968	5b237745	Scott Ullrich	}
1969	0f282d7a	Scott Ullrich
1970	5b237745	Scott Ullrich	$fd = fopen("{$g['varlog_path']}/dmesg.boot", "w");
1971			if (!$fd) {
1972	4a896b86	Carlos Eduardo Ramos	printf(gettext("Error: cannot open dmesg.boot in system_dmesg_save().%s"), "\n");
1973	5b237745	Scott Ullrich	return 1;
1974			}
1975	0f282d7a	Scott Ullrich
1976	61e047a5	Phil Davis	for ($i = $lastcpline; $i < count($dmesg); $i++) {
1977	5b237745	Scott Ullrich	fwrite($fd, $dmesg[$i] . "\n");
1978	61e047a5	Phil Davis	}
1979	0f282d7a	Scott Ullrich
1980	5b237745	Scott Ullrich	fclose($fd);
1981	703b1ce1	Ermal	unset($dmesg);
1982	0f282d7a	Scott Ullrich
1983	5b237745	Scott Ullrich	return 0;
1984			}
1985
1986			function system_set_harddisk_standby() {
1987	f19d3b7a	Scott Ullrich	global $g, $config;
1988	3e4f8fc4	doktornotor
1989	61e047a5	Phil Davis	if (isset($config['system']['developerspew'])) {
1990	58c7450e	Scott Ullrich	$mt = microtime();
1991	dcf0598e	Scott Ullrich	echo "system_set_harddisk_standby() being called $mt\n";
1992	58c7450e	Scott Ullrich	}
1993	5b237745	Scott Ullrich
1994			if (isset($config['system']['harddiskstandby'])) {
1995	285ef132	Ermal LUÇI	if (platform_booting()) {
1996	4a896b86	Carlos Eduardo Ramos	echo gettext('Setting hard disk standby... ');
1997	5b237745	Scott Ullrich	}
1998
1999			$standby = $config['system']['harddiskstandby'];
2000			// Check for a numeric value
2001			if (is_numeric($standby)) {
2002	0357ecfc	doktornotor	// Get only suitable candidates for standby; using get_smart_drive_list()
2003			// from utils.inc to get the list of drives.
2004			$harddisks = get_smart_drive_list();
2005
2006	3e4f8fc4	doktornotor	// Since get_smart_drive_list() only matches ad\|da\|ada; lets put the check below
2007			// just in case of some weird pfSense platform installs.
2008			if (count($harddisks) > 0) {
2009			// Iterate disks and run the camcontrol command for each
2010			foreach ($harddisks as $harddisk) {
2011			mwexec("/sbin/camcontrol standby {$harddisk} -t {$standby}");
2012			}
2013	285ef132	Ermal LUÇI	if (platform_booting()) {
2014	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
2015	5b237745	Scott Ullrich	}
2016	285ef132	Ermal LUÇI	} else if (platform_booting()) {
2017	4a896b86	Carlos Eduardo Ramos	echo gettext("failed!") . "\n";
2018	5b237745	Scott Ullrich	}
2019	285ef132	Ermal LUÇI	} else if (platform_booting()) {
2020	4a896b86	Carlos Eduardo Ramos	echo gettext("failed!") . "\n";
2021	5b237745	Scott Ullrich	}
2022			}
2023			}
2024
2025	3ff9d424	Scott Ullrich	function system_setup_sysctl() {
2026	f19d3b7a	Scott Ullrich	global $config;
2027	61e047a5	Phil Davis	if (isset($config['system']['developerspew'])) {
2028	58c7450e	Scott Ullrich	$mt = microtime();
2029	dcf0598e	Scott Ullrich	echo "system_setup_sysctl() being called $mt\n";
2030	58c7450e	Scott Ullrich	}
2031	243aa7b9	Scott Ullrich
2032	61e047a5	Phil Davis	activate_sysctls();
2033	6df9d7e3	Scott Ullrich
2034	243aa7b9	Scott Ullrich	if (isset($config['system']['sharednet'])) {
2035			system_disable_arp_wrong_if();
2036			}
2037			}
2038
2039			function system_disable_arp_wrong_if() {
2040	f19d3b7a	Scott Ullrich	global $config;
2041	61e047a5	Phil Davis	if (isset($config['system']['developerspew'])) {
2042	58c7450e	Scott Ullrich	$mt = microtime();
2043	dcf0598e	Scott Ullrich	echo "system_disable_arp_wrong_if() being called $mt\n";
2044	333f8ef0	Scott Ullrich	}
2045	971de1f9	Renato Botelho	set_sysctl(array(
2046			"net.link.ether.inet.log_arp_wrong_iface" => "0",
2047			"net.link.ether.inet.log_arp_movements" => "0"
2048			));
2049	3ff9d424	Scott Ullrich	}
2050
2051	243aa7b9	Scott Ullrich	function system_enable_arp_wrong_if() {
2052	f19d3b7a	Scott Ullrich	global $config;
2053	61e047a5	Phil Davis	if (isset($config['system']['developerspew'])) {
2054	58c7450e	Scott Ullrich	$mt = microtime();
2055	dcf0598e	Scott Ullrich	echo "system_enable_arp_wrong_if() being called $mt\n";
2056	58c7450e	Scott Ullrich	}
2057	971de1f9	Renato Botelho	set_sysctl(array(
2058			"net.link.ether.inet.log_arp_wrong_iface" => "1",
2059			"net.link.ether.inet.log_arp_movements" => "1"
2060			));
2061	243aa7b9	Scott Ullrich	}
2062
2063	a199b93e	Scott Ullrich	function enable_watchdog() {
2064			global $config;
2065	1a479479	Scott Ullrich	return;
2066	a199b93e	Scott Ullrich	$install_watchdog = false;
2067			$supported_watchdogs = array("Geode");
2068			$file = file_get_contents("/var/log/dmesg.boot");
2069	61e047a5	Phil Davis	foreach ($supported_watchdogs as $sd) {
2070			if (stristr($file, "Geode")) {
2071	a199b93e	Scott Ullrich	$install_watchdog = true;
2072			}
2073			}
2074	61e047a5	Phil Davis	if ($install_watchdog == true) {
2075			if (is_process_running("watchdogd")) {
2076	e0b4e47f	Seth Mos	mwexec("/usr/bin/killall watchdogd", true);
2077	61e047a5	Phil Davis	}
2078	333f8ef0	Scott Ullrich	exec("/usr/sbin/watchdogd");
2079	a199b93e	Scott Ullrich	}
2080			}
2081	15f14889	Scott Ullrich
2082			function system_check_reset_button() {
2083	fa83737d	Scott Ullrich	global $g;
2084	15f14889	Scott Ullrich
2085	31c9379c	Scott Ullrich	$specplatform = system_identify_specific_platform();
2086
2087	365fc95d	Renato Botelho	switch ($specplatform['name']) {
2088	61e047a5	Phil Davis	case 'alix':
2089			case 'wrap':
2090			case 'FW7541':
2091			case 'APU':
2092	80e47bb0	Chris Buechler	case 'RCC-VE':
2093	ba8c6e37	Renato Botelho	case 'RCC-DFF':
2094	61e047a5	Phil Davis	break;
2095			default:
2096			return 0;
2097	365fc95d	Renato Botelho	}
2098	15f14889	Scott Ullrich
2099			$retval = mwexec("/usr/local/sbin/" . $specplatform['name'] . "resetbtn");
2100
2101			if ($retval == 99) {
2102	61e047a5	Phil Davis	/* user has pressed reset button for 2 seconds -
2103	15f14889	Scott Ullrich	reset to factory defaults */
2104			echo <<<EOD
2105
2106			***********************************************************************
2107			* Reset button pressed - resetting configuration to factory defaults. *
2108	7222324e	Renato Botelho	* All additional packages installed will be removed *
2109	15f14889	Scott Ullrich	* The system will reboot after this completes. *
2110			***********************************************************************
2111
2112
2113			EOD;
2114	61e047a5	Phil Davis
2115	15f14889	Scott Ullrich	reset_factory_defaults();
2116			system_reboot_sync();
2117			exit(0);
2118			}
2119
2120			return 0;
2121			}
2122
2123	d1f9426a	Renato Botelho	/*
2124			* attempt to identify the specific platform (for embedded systems)
2125			* Returns an array with two elements:
2126			* name => platform string (e.g. 'wrap', 'alix' etc.)
2127			* descr => human-readable description (e.g. "PC Engines WRAP")
2128			*/
2129	31c9379c	Scott Ullrich	function system_identify_specific_platform() {
2130			global $g;
2131	61e047a5	Phil Davis
2132			if ($g['platform'] == 'generic-pc') {
2133	4a896b86	Carlos Eduardo Ramos	return array('name' => 'generic-pc', 'descr' => gettext("Generic PC"));
2134	61e047a5	Phil Davis	}
2135
2136			if ($g['platform'] == 'generic-pc-cdrom') {
2137	4a896b86	Carlos Eduardo Ramos	return array('name' => 'generic-pc-cdrom', 'descr' => gettext("Generic PC (CD-ROM)"));
2138	61e047a5	Phil Davis	}
2139
2140	5a8519bb	Chris Buechler	/* Try to guess from smbios strings */
2141			unset($output);
2142	7e36f71c	Renato Botelho	$_gb = exec('/bin/kenv smbios.system.product 2>/dev/null', $output);
2143	5a8519bb	Chris Buechler	switch ($output[0]) {
2144	61e047a5	Phil Davis	case 'FW7541':
2145			return (array('name' => 'FW7541', 'descr' => 'Netgate FW7541'));
2146			break;
2147			case 'APU':
2148			return (array('name' => 'APU', 'descr' => 'Netgate APU'));
2149			break;
2150			case 'RCC-VE':
2151	80e47bb0	Chris Buechler	return (array('name' => 'RCC-VE', 'descr' => 'Netgate RCC-VE'));
2152	61e047a5	Phil Davis	break;
2153	ba8c6e37	Renato Botelho	case 'DFFv2':
2154			return (array('name' => 'RCC-DFF', 'descr' => 'Netgate RCC-DFF'));
2155			break;
2156	be2191af	Jeremy Porter	case 'SYS-5018A-FTN4':
2157	bc09b90a	Renato Botelho	case 'A1SAi':
2158			return (array('name' => 'C2758', 'descr' => 'Super Micro C2758'));
2159			break;
2160	47b09af7	Matt Smith	case 'SYS-5018D-FN4T':
2161			return (array('name' => 'D1540-XG', 'descr' => 'Super Micro D1540-XG'));
2162			break;
2163	5a8519bb	Chris Buechler	}
2164
2165	31c9379c	Scott Ullrich	/* the rest of the code only deals with 'embedded' platforms */
2166	61e047a5	Phil Davis	if ($g['platform'] != 'nanobsd') {
2167	31c9379c	Scott Ullrich	return array('name' => $g['platform'], 'descr' => $g['platform']);
2168	61e047a5	Phil Davis	}
2169	f0014c64	Ermal
2170	971de1f9	Renato Botelho	$dmesg = get_single_sysctl('hw.model');
2171	f0014c64	Ermal
2172	61e047a5	Phil Davis	if (strpos($dmesg, "PC Engines WRAP") !== false) {
2173	4a896b86	Carlos Eduardo Ramos	return array('name' => 'wrap', 'descr' => gettext('PC Engines WRAP'));
2174	61e047a5	Phil Davis	}
2175
2176			if (strpos($dmesg, "PC Engines ALIX") !== false) {
2177	4a896b86	Carlos Eduardo Ramos	return array('name' => 'alix', 'descr' => gettext('PC Engines ALIX'));
2178	61e047a5	Phil Davis	}
2179	31c9379c	Scott Ullrich
2180	61e047a5	Phil Davis	if (preg_match("/Soekris net45../", $dmesg, $matches)) {
2181	31c9379c	Scott Ullrich	return array('name' => 'net45xx', 'descr' => $matches[0]);
2182	61e047a5	Phil Davis	}
2183
2184			if (preg_match("/Soekris net48../", $dmesg, $matches)) {
2185	31c9379c	Scott Ullrich	return array('name' => 'net48xx', 'descr' => $matches[0]);
2186	61e047a5	Phil Davis	}
2187
2188			if (preg_match("/Soekris net55../", $dmesg, $matches)) {
2189	31c9379c	Scott Ullrich	return array('name' => 'net55xx', 'descr' => $matches[0]);
2190	61e047a5	Phil Davis	}
2191	1f97f379	Renato Botelho
2192			unset($dmesg);
2193
2194			$dmesg_boot = system_get_dmesg_boot();
2195	61e047a5	Phil Davis	if (strpos($dmesg_boot, "PC Engines ALIX") !== false) {
2196	1f97f379	Renato Botelho	return array('name' => 'alix', 'descr' => gettext('PC Engines ALIX'));
2197	61e047a5	Phil Davis	}
2198	1f97f379	Renato Botelho	unset($dmesg_boot);
2199
2200	31c9379c	Scott Ullrich	/* unknown embedded platform */
2201	4a896b86	Carlos Eduardo Ramos	return array('name' => 'embedded', 'descr' => gettext('embedded (unknown)'));
2202	31c9379c	Scott Ullrich	}
2203
2204			function system_get_dmesg_boot() {
2205			global $g;
2206	61e047a5	Phil Davis
2207	31c9379c	Scott Ullrich	return file_get_contents("{$g['varlog_path']}/dmesg.boot");
2208			}
2209
2210	bc09b90a	Renato Botelho	?>

Project

General

Profile

pfSense