pfSense

#!/usr/local/bin/php-cgi -f

<?php

/*

 * rc.bootup

 *

 * originally based on m0n0wall (http://m0n0.ch/wall)

 * Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.

 * Copyright (c) 2009 Erik Kristensen

 * Copyright (c) 2005-2016 Electric Sheep Fencing, LLC. All rights reserved.

 * All rights reserved.

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 * http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

require_once("pkg-utils.inc");

function rescue_detect_keypress() {

	// How long do you want the script to wait before moving on (in seconds)

	$timeout=9;

	echo "\n";

	echo "[ Press R to enter recovery mode or ]\n";

	echo "[  press I to launch the installer  ]\n\n";

	echo "(R)ecovery mode can assist by rescuing config.xml\n";

	echo "from a broken hard disk installation, etc.\n\n";

	echo "(I)nstaller will be invoked\n\n";

	echo "Timeout before auto boot continues (seconds): {$timeout}";

	$key = null;

	exec("/bin/stty erase " . chr(8));

	while (!in_array($key, array("r", "R", "i", "I"))) {

		echo chr(8) . "{$timeout}";

		`/bin/stty -icanon min 0 time 25`;

		$key = trim(`KEY=\`dd count=1 2>/dev/null\`; echo \$KEY`);

		`/bin/stty icanon`;

		// Decrement our timeout value

		$timeout--;

		// If we have reached 0 exit and continue on

		if ($timeout == 0) {

			break;

		}

	}

	// If R or I was pressed do our logic here

	if (in_array($key, array("r", "R"))) {

		putenv("TERM=xterm");

		echo "\n\nRecovery mode selected...\n";

		passthru("/usr/bin/env TERM=xterm /bin/tcsh");

	} else {

		putenv("TERM=xterm");

		echo "\n\nInstaller mode selected...\n";

		passthru("/usr/bin/env TERM=xterm /bin/tcsh -c /scripts/lua_installer");

	}

	passthru("/etc/rc.reboot");

	exit;

}

echo " done.\n";

echo "Initializing...";

echo ".";

require_once("/etc/inc/globals.inc");

echo ".";

require_once("/etc/inc/led.inc");

led_normalize();

echo ".";

if (led_count() >= 3) {

	led_kitt();

}

/* let the other functions know we're booting */

$pkg_interface = 'console';

$g['booting'] = true;

/* parse the configuration and include all functions used below */

require_once("/etc/inc/config.inc");

echo ".";

require_once("/etc/inc/config.console.inc");

echo ".";

require_once("/etc/inc/auth.inc");

echo ".";

require_once("/etc/inc/functions.inc");

echo ".";

require_once("/etc/inc/filter.inc");

echo ".";

require_once("/etc/inc/shaper.inc");

echo ".";

require_once("/etc/inc/ipsec.inc");

echo ".";

require_once("/etc/inc/vpn.inc");

echo ".";

require_once("/etc/inc/openvpn.inc");

echo ".";

require_once("/etc/inc/captiveportal.inc");

echo ".";

require_once("/etc/inc/rrd.inc");

echo ".";

require_once("/etc/inc/pfsense-utils.inc");

echo ".";

/* get system memory amount */

$memory = get_memory();

$physmem = $memory[0];

$realmem = $memory[1];

echo " done.\n";

conf_mount_rw();

/* save dmesg output to file */

system_dmesg_save();

/* check whether config reset is desired (via hardware button on WRAP/ALIX) */

system_check_reset_button();

/* remove previous firmware upgrade if present */

if (file_exists("/root/firmware.tgz")) {

	unlink("/root/firmware.tgz");

}

/* Reinstall of packages after reboot has been requested */

if (file_exists('/conf/needs_package_sync_after_reboot')) {

	touch('/conf/needs_package_sync');

	@unlink('/conf/needs_package_sync_after_reboot');

}

/* Triggering of the initial setup wizard after reboot has been requested */

if (file_exists('/conf/trigger_initial_wizard_after_reboot')) {

	touch('/conf/trigger_initial_wizard');

	@unlink('/conf/trigger_initial_wizard_after_reboot');

}

/* start devd (dhclient now uses it) */

echo "Starting device manager (devd)...";

mute_kernel_msgs();

start_devd();

set_device_perms();

unmute_kernel_msgs();

echo "done.\n";

// Display rescue configuration option

if ($g['platform'] == "cdrom") {

	rescue_detect_keypress();

}

echo "Loading configuration...";

parse_config_bootup();

echo "done.\n";

/* run any early shell commands specified in config.xml */

system_do_shell_commands(1);

if (file_exists("/conf/trigger_initial_wizard")) {

	check_for_alternate_interfaces();

}

/*

 *	Determine if we need to throw a interface exception

 *	and ask the user to reassign interfaces.  This will

 *	avoid a reboot and that is a good thing.

 */

while (is_interface_mismatch() == true) {

	led_assigninterfaces();

	if (isset($config['revision'])) {

		if (file_exists("{$g['tmp_path']}/missing_interfaces")) {

			echo "Warning: Configuration references interfaces that do not exist: " . file_get_contents("{$g['tmp_path']}/missing_interfaces") . "\n";

		}

		echo "\nNetwork interface mismatch -- Running interface assignment option.\n";

	} else {

		echo "\nDefault interfaces not found -- Running interface assignment option.\n";

	}

	$ifaces = get_interface_list();

	if (is_array($ifaces)) {

		foreach ($ifaces as $iface => $ifdata) {

			interfaces_bring_up($iface);

		}

	}

	set_networking_interfaces_ports();

	led_kitt();

}

/* convert config and clean backups */

echo "Updating configuration...";

convert_config();

echo "done.\n";

echo "Cleaning backup cache...";

cleanup_backupcache(true);

echo "done.\n";

/* read in /etc/sysctl.conf and set values if needed */

echo "Setting up extended sysctls...";

system_setup_sysctl();

echo "done.\n";

/* enable optional crypto modules */

load_crypto();

/* enable optional thermal sensor modules */

load_thermal_hardware();

/* set up our timezone */

system_timezone_configure();

/* set up our hostname */

system_hostname_configure();

/* make hosts file */

system_hosts_generate();

/* configure loopback interface */

interfaces_loopback_configure();

/* start syslogd */

system_syslogd_start();

/* restore alias tables */

restore_aliastables();

echo "Starting Secure Shell Services...";

send_event("service reload sshd");

echo "done.\n";

/* setup polling */

echo "Setting up polling defaults...";

setup_polling();

echo "done.\n";

/* setup interface microcode which improves tcp/ip speed */

echo "Setting up interfaces microcode...";

setup_microcode();

echo "done.\n";

/* set up interfaces */

if (!$debugging) {

	mute_kernel_msgs();

}

interfaces_configure();

interfaces_sync_setup();

if (!$debugging) {

	unmute_kernel_msgs();

}

/* re-make hosts file after configuring interfaces */

system_hosts_generate();

/* start OpenVPN server & clients */

echo "Syncing OpenVPN settings...";

openvpn_resync_all();

echo "done.\n";

/* generate resolv.conf */

system_resolvconf_generate();

/* setup altq + pf */

filter_configure_sync();

/* start pflog */

echo "Starting PFLOG...";

filter_pflog_start();

echo "done.\n";

/* reconfigure our gateway monitor */

echo "Setting up gateway monitors...";

setup_gateways_monitor();

echo "done.\n";

echo "Synchronizing user settings...";

local_sync_accounts();

echo "done.\n";

if ($realmem > 0 and $realmem < 65) {

	echo "System has less than 65 megabytes of ram {$realmem}.  Delaying webConfigurator startup.\n";

	/* start webConfigurator up on final pass */

	mwexec("/usr/local/sbin/pfSctl -c 'service restart webgui'");

} else {

	/* start web server */

	system_webgui_start();

}

/* configure cron service */

echo "Configuring CRON...";

configure_cron();

echo "done.\n";

/* set up static routes */

system_routing_configure();

/* enable routing */

system_routing_enable();

/* start dnsmasq service */

services_dnsmasq_configure();

/* start unbound service */

services_unbound_configure();

/* Enable ntpd */

echo "Starting NTP time client...";

system_ntp_configure();

echo "done.\n";

/* start load balancer daemon */

relayd_configure();

/* configure console menu and serial port*/

setup_serial_port();

/* start DHCP service */

services_dhcpd_configure();

/* start dhcpleases dhcp hosts leases program */

system_dhcpleases_configure();

/* start DHCP relay */

services_dhcrelay_configure();

/* start DHCP6 relay */

services_dhcrelay6_configure();

/* dyndns service updates */

send_event("service reload dyndnsall");

/* Run a filter configure now that most all services have started */

filter_configure_sync();

/* setup pppoe and pptp */

vpn_setup();

/* start the captive portal */

captiveportal_configure();

/* start Voucher support */

voucher_configure();

/* run any shell commands specified in config.xml */

system_do_shell_commands();

/* start IPsec tunnels */

$ipsec_dynamic_hosts = vpn_ipsec_configure();

/* start SNMP service */

services_snmpd_configure();

/* power down hard drive if needed/set */

system_set_harddisk_standby();

/* lock down console if necessary */

reload_ttys();

/* load graphing functions */

enable_rrd_graphing();

/* enable watchdog if supported */

enable_watchdog();

/* if <system><afterbootupshellcmd> exists, execute the command */

if ($config['system']['afterbootupshellcmd'] <> "") {

	echo "Running afterbootupshellcmd {$config['system']['afterbootupshellcmd']}\n";

	mwexec($config['system']['afterbootupshellcmd']);

}

if ($physmem < $g['minimum_ram_warning']) {

	require_once("/etc/inc/notices.inc");

	file_notice("{$g['product_name']}MemoryRequirements", "{$g['product_name']} requires at least {$g['minimum_ram_warning_text']} of RAM.  Expect unusual performance.  This platform is not supported.", "Memory", "", 1);

	set_sysctl(array(

		"net.inet.tcp.recvspace" => "4096",

		"net.inet.tcp.sendspace" => "4096"

	));

}

/* if we are operating at 1000 then increase timeouts.

   this was never accounted for after moving to 1000 hz */

$kern_hz = get_single_sysctl('kern.clockrate');

$kern_hz = substr($kern_hz, strpos($kern_hz, "hz = ") + 5);

$kern_hz = substr($kern_hz, 0, strpos($kern_hz, ","));

if ($kern_hz == "1000") {

	set_single_sysctl("net.inet.tcp.rexmit_min" , "30");

}

/* start the igmpproxy daemon */

services_igmpproxy_configure();

/* start the upnp daemon if it is enabled */

upnp_start();

/* If powerd is enabled, lets launch it */

activate_powerd();

/* Set preferred protocol */

prefer_ipv4_or_ipv6();

/* Remove the old shutdown binary if we kept it. */

if (file_exists("/sbin/shutdown.old")) {

	@unlink("/sbin/shutdown.old");

}

/* Resync / Reinstall packages if need be */

if (file_exists('/conf/needs_package_sync') &&

    ($g['platform'] == $g['product_name'] || $g['platform'] == "nanobsd")) {

	mark_subsystem_dirty('packagelock');

	if (package_reinstall_all()) {

		@unlink('/conf/needs_package_sync');

	}

	clear_subsystem_dirty('packagelock');

}

/* Detect installed binary pkgs that are not registered in the system */

if ($g['platform'] != "cdrom") {

	register_all_installed_packages();

}

/* Give syslogd a kick after everything else has been initialized, otherwise it can occasionally

   fail to route syslog messages properly on both IPv4 and IPv6 */

system_syslogd_start();

/* done */

unset($g['booting']);

@unlink("{$g['varrun_path']}/booting");

/* If there are ipsec dynamic hosts try again to reload the tunnels as rc.newipsecdns does */

if ($ipsec_dynamic_hosts) {

	vpn_ipsec_configure();

}

if ($ipsec_dynamic_hosts || !empty($filterdns)) {

	filter_configure();

}

led_normalize();

conf_mount_ro();

?>