/src/etc/inc/gwlb.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/etc/inc/gwlb.inc @ b887348c

1	17623ab5	Bill Marquette	<?php
2			/*
3	ac24dc24	Renato Botelho	* gwlb.inc
4			*
5			* part of pfSense (https://www.pfsense.org)
6	c5d81585	Renato Botelho	* Copyright (c) 2008 Bill Marquette, Seth Mos
7	b8f91b7c	Luiz Souza	* Copyright (c) 2008-2018 Rubicon Communications, LLC (Netgate)
8	ac24dc24	Renato Botelho	* All rights reserved.
9			*
10	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
11			* you may not use this file except in compliance with the License.
12			* You may obtain a copy of the License at
13	ac24dc24	Renato Botelho	*
14	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
15	ac24dc24	Renato Botelho	*
16	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
17			* distributed under the License is distributed on an "AS IS" BASIS,
18			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19			* See the License for the specific language governing permissions and
20			* limitations under the License.
21	c1191d5b	Ermal	*/
22	6aa3723a	Renato Botelho
23	c5e53ee6	jim-p	require_once("config.inc");
24	d55cba63	N0YB	require_once("rrd.inc");
25	bd4c337c	jim-p	require_once("ipsec.inc");
26	17623ab5	Bill Marquette
27	69eefb50	Renato Botelho	/* Returns an array of default values used for dpinger */
28			function return_dpinger_defaults() {
29	14661668	Phil Davis	return array(
30			"latencylow" => "200",
31			"latencyhigh" => "500",
32			"losslow" => "10",
33			"losshigh" => "20",
34	d711fbbc	Denny Page	"interval" => "500",
35			"loss_interval" => "2000",
36			"time_period" => "60000",
37	85a2b065	Renato Botelho	"alert_interval" => "1000",
38			"data_payload" => "0");
39	a99547e4	Ermal	}
40	14661668	Phil Davis
41	69eefb50	Renato Botelho	function running_dpinger_processes() {
42			global $g;
43	ffe76308	Seth Mos
44	69eefb50	Renato Botelho	$pidfiles = glob("{$g['varrun_path']}/dpinger_*.pid");
45	cdcea13f	Seth Mos
46	69eefb50	Renato Botelho	$result = array();
47			if ($pidfiles === FALSE) {
48			return $result;
49	9ba87997	Phil Davis	}
50	a99547e4	Ermal
51	69eefb50	Renato Botelho	foreach ($pidfiles as $pidfile) {
52	b225d003	Daniel Hoffend	if (preg_match('/^dpinger_(.+)~([^~]+)~([^~]+)\.pid$/',
53	73e3aa21	Renato Botelho	basename($pidfile), $matches)) {
54			$socket_file = preg_replace('/\.pid$/', '.sock',
55			$pidfile);
56			$result[$matches[1]] = array(
57			'srcip' => $matches[2],
58			'targetip' => $matches[3],
59	b76cb978	Renato Botelho	'pidfile' => $pidfile,
60	73e3aa21	Renato Botelho	'socket' => $socket_file
61			);
62			unset($gwinfo);
63			}
64	69eefb50	Renato Botelho	}
65	cdcea13f	Seth Mos
66	69eefb50	Renato Botelho	return $result;
67	cdcea13f	Seth Mos	}
68
69	69eefb50	Renato Botelho	/*
70			* Stop one or more dpinger process
71			* default parameter $gwname is '*' that will kill all running sessions
72			* If a gateway name is passed, only this one will be killed
73			*/
74	73e3aa21	Renato Botelho	function stop_dpinger($gwname = '') {
75	69eefb50	Renato Botelho	global $g;
76	cdcea13f	Seth Mos
77	73e3aa21	Renato Botelho	$running_processes = running_dpinger_processes();
78	cdcea13f	Seth Mos
79	73e3aa21	Renato Botelho	foreach ($running_processes as $running_gwname => $process) {
80			if ($gwname != '' && $running_gwname != $gwname) {
81			continue;
82			}
83	cdcea13f	Seth Mos
84	73e3aa21	Renato Botelho	if (isvalidpid($process['pidfile'])) {
85			killbypid($process['pidfile']);
86	69eefb50	Renato Botelho	} else {
87	73e3aa21	Renato Botelho	@unlink($process['pidfile']);
88	69eefb50	Renato Botelho	}
89			}
90	cdcea13f	Seth Mos	}
91
92	69eefb50	Renato Botelho	function start_dpinger($gateway) {
93			global $g;
94
95	73e3aa21	Renato Botelho	if (!isset($gateway['gwifip'])) {
96	363a5c4c	Luiz Souza	return (false);
97	73e3aa21	Renato Botelho	}
98
99	69eefb50	Renato Botelho	$dpinger_defaults = return_dpinger_defaults();
100
101	40588fc4	Daniel Hoffend	$prefix = "{$g['varrun_path']}/dpinger_{$gateway['name']}~" .
102			"{$gateway['gwifip']}~{$gateway['monitor']}";
103			# dpinger socket path should not be longer then uaddr.sun_path
104	4aaf3874	Daniel Hoffend	if (strlen($prefix) > 95) {
105	40588fc4	Daniel Hoffend	$prefix = "{$g['varrun_path']}/dpinger_{$gateway['name']}~" .
106			substr(md5($gateway['gwifip']),0,8) . "~" .
107			$gateway['monitor'];
108			}
109			$pidfile = $prefix . ".pid";
110			$socket = $prefix . ".sock";
111	73e3aa21	Renato Botelho	$alarm_cmd = "{$g['etc_path']}/rc.gateway_alarm";
112	69eefb50	Renato Botelho
113	73e3aa21	Renato Botelho	$params = "-S "; /* Log warnings via syslog */
114	7e1d7724	Renato Botelho	$params .= "-r 0 "; /* Disable unused reporting thread */
115	73e3aa21	Renato Botelho	$params .= "-i {$gateway['name']} "; /* Identifier */
116			$params .= "-B {$gateway['gwifip']} "; /* Bind src address */
117			$params .= "-p {$pidfile} "; /* PID filename */
118			$params .= "-u {$socket} "; /* Status Socket */
119	f396d2b7	Phil Davis	if (!$gateway['action_disable']) {
120			$params .= "-C \"{$alarm_cmd}\" "; /* Command to run on alarm */
121			}
122	69eefb50	Renato Botelho
123	85a2b065	Renato Botelho	$params .= "-d " .
124			(isset($gateway['data_payload']) && is_numeric($gateway['data_payload'])
125			? $gateway['data_payload']
126			: $dpinger_defaults['data_payload']
127			) . " ";
128
129	69eefb50	Renato Botelho	$params .= "-s " .
130			(isset($gateway['interval']) && is_numeric($gateway['interval'])
131			? $gateway['interval']
132			: $dpinger_defaults['interval']
133			) . " ";
134
135			$params .= "-l " .
136	0aeb97d2	Phil Davis	(isset($gateway['loss_interval']) && is_numeric($gateway['loss_interval'])
137	69eefb50	Renato Botelho	? $gateway['loss_interval']
138			: $dpinger_defaults['loss_interval']
139			) . " ";
140
141			$params .= "-t " .
142			(isset($gateway['time_period']) && is_numeric($gateway['time_period'])
143			? $gateway['time_period']
144			: $dpinger_defaults['time_period']
145			) . " ";
146
147			$params .= "-A " .
148			(isset($gateway['alert_interval']) && is_numeric($gateway['alert_interval'])
149			? $gateway['alert_interval']
150			: $dpinger_defaults['alert_interval']
151			) . " ";
152
153			$params .= "-D " .
154			(isset($gateway['latencyhigh']) && is_numeric($gateway['latencyhigh'])
155			? $gateway['latencyhigh']
156			: $dpinger_defaults['latencyhigh']
157			) . " ";
158
159			$params .= "-L " .
160			(isset($gateway['losshigh']) && is_numeric($gateway['losshigh'])
161			? $gateway['losshigh']
162			: $dpinger_defaults['losshigh']
163			) . " ";
164
165	4fc47b2f	Renato Botelho	/* Make sure we don't end up with 2 process for the same GW */
166			stop_dpinger($gateway['name']);
167
168	269677a9	Renato Botelho	/* Do not try to bind IPv6 where interface is in tentative state */
169			if (is_ipaddrv6($gateway['gwifip'])) {
170	363a5c4c	Luiz Souza	$err = interface_wait_tentative(get_real_interface(
171	269677a9	Renato Botelho	$gateway['interface']));
172	363a5c4c	Luiz Souza	if ($err == false) {
173			log_error(gettext("Timeout waiting for IPv6 address in tentative state. dpinger will not run."));
174			return (false);
175			}
176	269677a9	Renato Botelho	}
177
178	61c45d84	Renato Botelho	/* Redirect stdout to /dev/null to avoid exec() to wait for dpinger */
179			return mwexec("/usr/local/bin/dpinger {$params} {$gateway['monitor']} >/dev/null");
180	cdcea13f	Seth Mos	}
181
182	69eefb50	Renato Botelho	/*
183	99c1e285	Chris Buechler	* Starts dpinger processes and adds appropriate static routes for monitor IPs
184	69eefb50	Renato Botelho	*/
185			function setup_gateways_monitor() {
186			global $config, $g;
187	cdcea13f	Seth Mos
188	69eefb50	Renato Botelho	$gateways_arr = return_gateways_array();
189			if (!is_array($gateways_arr)) {
190	d18f3f6e	Phil Davis	log_error(gettext("No gateways to monitor. dpinger will not run."));
191	69eefb50	Renato Botelho	stop_dpinger();
192			return;
193			}
194	cdcea13f	Seth Mos
195	74c834f1	smos	$monitor_ips = array();
196	69eefb50	Renato Botelho	foreach ($gateways_arr as $gwname => $gateway) {
197	33c06ef7	Ermal	/* Do not monitor if such was requested */
198	9ba87997	Phil Davis	if (isset($gateway['monitor_disable'])) {
199	33c06ef7	Ermal	continue;
200	9ba87997	Phil Davis	}
201	3d471a14	Ermal	if (empty($gateway['monitor']) \|\| !is_ipaddr($gateway['monitor'])) {
202	9ba87997	Phil Davis	if (is_ipaddr($gateway['gateway'])) {
203	3f4e6035	Renato Botelho	$gateways_arr[$gwname]['monitor'] = $gateway['gateway'];
204	9ba87997	Phil Davis	} else { /* No chance to get an ip to monitor skip target. */
205	f31ab121	Ermal	continue;
206	9ba87997	Phil Davis	}
207	3d471a14	Ermal	}
208	f31ab121	Ermal
209	f040882c	Renato Botelho	/* if the monitor address is already used before, skip */
210	9ba87997	Phil Davis	if (in_array($gateway['monitor'], $monitor_ips)) {
211	74c834f1	smos	continue;
212	9ba87997	Phil Davis	}
213	f040882c	Renato Botelho
214	69eefb50	Renato Botelho	/* Interface ip is needed since dpinger will bind a socket to it.
215	9ba87997	Phil Davis	* However the config GUI should already have checked this and when
216	99c1e285	Chris Buechler	* PPPoE is used the IP address is set to "dynamic". So using is_ipaddrv4
217	8c7e38ff	Camlin	* or is_ipaddrv6 to identify packet type would be wrong, especially as
218			* further checks (that can cope with the "dynamic" case) are present inside
219			* the if block. So using $gateway['ipprotocol'] is the better option.
220			*/
221			if ($gateway['ipprotocol'] == "inet") { // This is an IPv4 gateway...
222	640b3a9a	Seth Mos	$gwifip = find_interface_ip($gateway['interface'], true);
223	9ba87997	Phil Davis	if (!is_ipaddrv4($gwifip)) {
224	e9d156fd	Ermal	continue; //Skip this target
225	9ba87997	Phil Davis	}
226	32a9eb18	Ermal
227	9ba87997	Phil Davis	if ($gwifip == "0.0.0.0") {
228	2d793d01	Phil Davis	continue; //Skip this target - the gateway is still waiting for DHCP
229	9ba87997	Phil Davis	}
230	2d793d01	Phil Davis
231	32a9eb18	Ermal	/*
232			* If the gateway is the same as the monitor we do not add a
233			* route as this will break the routing table.
234			* Add static routes for each gateway with their monitor IP
235			* not strictly necessary but is a added level of protection.
236			*/
237			if (is_ipaddrv4($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) {
238	d18f3f6e	Phil Davis	log_error(sprintf(gettext('Removing static route for monitor %1$s and adding a new route through %2$s'), $gateway['monitor'], $gateway['gateway']));
239	94bd7fb3	Renato Botelho	$route_to = "-host {$gateway['monitor']}";
240	9ba87997	Phil Davis	if (interface_isppp_type($gateway['friendlyiface'])) {
241	94bd7fb3	Renato Botelho	route_add_or_change("{$route_to} -iface {$gateway['interface']}");
242	9ba87997	Phil Davis	} else {
243	94bd7fb3	Renato Botelho	route_add_or_change("{$route_to} {$gateway['gateway']}");
244	9ba87997	Phil Davis	}
245	7a63d5d0	Ermal LUÇI
246			pfSense_kill_states("0.0.0.0/0", $gateway['monitor'], $gateway['interface'], "icmp");
247	32a9eb18	Ermal	}
248	8c7e38ff	Camlin	} else if ($gateway['ipprotocol'] == "inet6") { // This is an IPv6 gateway...
249	3f4e6035	Renato Botelho	if (is_linklocal($gateway['gateway']) &&
250			get_ll_scope($gateway['gateway']) == '') {
251	a4b55d11	Chris Buechler	$gateway['gateway'] .= '%' . $gateway['interface'];
252	3f4e6035	Renato Botelho	}
253
254			if (is_linklocal($gateway['monitor'])) {
255			if (get_ll_scope($gateway['monitor']) == '') {
256			$gateways_arr[$gwname]['monitor'] .= '%' . $gateway['interface'];
257			}
258
259			$gwifip = find_interface_ipv6_ll($gateway['interface'], true);
260
261			if (get_ll_scope($gwifip) == '') {
262			$gwifip .= '%' . $gateway['interface'];
263	dd8d9bdc	Camlin	}
264	81a3b6f5	smos	} else {
265			$gwifip = find_interface_ipv6($gateway['interface'], true);
266			}
267	3f6525c1	Renato Botelho
268	9ba87997	Phil Davis	if (!is_ipaddrv6($gwifip)) {
269	e9d156fd	Ermal	continue; //Skip this target
270	9ba87997	Phil Davis	}
271	32a9eb18	Ermal
272			/*
273			* If the gateway is the same as the monitor we do not add a
274			* route as this will break the routing table.
275			* Add static routes for each gateway with their monitor IP
276			* not strictly necessary but is a added level of protection.
277			*/
278	f4443dce	Ermal	if ($gateway['gateway'] != $gateway['monitor']) {
279	d18f3f6e	Phil Davis	log_error(sprintf(gettext('Removing static route for monitor %1$s and adding a new route through %2$s'), $gateway['monitor'], $gateway['gateway']));
280	94bd7fb3	Renato Botelho	$route_to = "-host -inet6 {$gateway['monitor']}";
281	9ba87997	Phil Davis	if (interface_isppp_type($gateway['friendlyiface'])) {
282	94bd7fb3	Renato Botelho	route_add_or_change("{$route_to} -iface {$gateway['interface']}");
283	9ba87997	Phil Davis	} else {
284	94bd7fb3	Renato Botelho	route_add_or_change("{$route_to} {$gateway['gateway']}");
285	9ba87997	Phil Davis	}
286	7a63d5d0	Ermal LUÇI
287			pfSense_kill_states("::0.0.0.0/0", $gateway['monitor'], $gateway['interface'], "icmpv6");
288	32a9eb18	Ermal	}
289	9ba87997	Phil Davis	} else {
290	e9d156fd	Ermal	continue;
291	9ba87997	Phil Davis	}
292	3d471a14	Ermal
293	45eb8aeb	Renato Botelho	$monitor_ips[] = $gateway['monitor'];
294	69eefb50	Renato Botelho	$gateways_arr[$gwname]['enable_dpinger'] = true;
295			$gateways_arr[$gwname]['gwifip'] = $gwifip;
296			}
297	3c6787ed	N0YB
298	69eefb50	Renato Botelho	stop_dpinger();
299	3c6787ed	N0YB
300	69eefb50	Renato Botelho	/* Start new processes */
301			foreach ($gateways_arr as $gateway) {
302	3a335f07	Renato Botelho	if (!isset($gateway['enable_dpinger'])) {
303			continue;
304			}
305
306			if (start_dpinger($gateway) != 0) {
307	d18f3f6e	Phil Davis	log_error(sprintf(gettext("Error starting gateway monitor for %s"), $gateway['name']));
308	3c6787ed	N0YB	}
309	69eefb50	Renato Botelho	}
310	3c6787ed	N0YB
311	b42177b9	Renato Botelho	return;
312	69eefb50	Renato Botelho	}
313	3c6787ed	N0YB
314	f396d2b7	Phil Davis	function get_dpinger_status($gwname, $detailed = false) {
315	69eefb50	Renato Botelho	global $g;
316	3d471a14	Ermal
317	73e3aa21	Renato Botelho	$running_processes = running_dpinger_processes();
318
319			if (!isset($running_processes[$gwname])) {
320	0a54f116	Luiz Otavio O Souza	log_error(sprintf(gettext('dpinger: No dpinger session running for gateway %s'), $gwname));
321	73e3aa21	Renato Botelho	return false;
322			}
323
324			$proc = $running_processes[$gwname];
325			unset($running_processes);
326	81f19476	Renato Botelho
327	29fa6f0f	PiBa-NL	$timeoutcounter = 0;
328			while (true) {
329	59104a6f	jim-p	if (!file_exists($proc['socket'])) {
330			log_error("dpinger: status socket {$proc['socket']} not found");
331			return false;
332			}
333			$fp = @stream_socket_client("unix://{$proc['socket']}", $errno, $errstr, 10);
334	29fa6f0f	PiBa-NL	if (!$fp) {
335			log_error(sprintf(gettext('dpinger: cannot connect to status socket %1$s - %2$s (%3$s)'), $proc['socket'], $errstr, $errno));
336			return false;
337			}
338	3d471a14	Ermal
339	29fa6f0f	PiBa-NL	$status = '';
340			while (!feof($fp)) {
341			$status .= fgets($fp, 1024);
342			}
343			fclose($fp);
344
345			$r = array();
346			list(
347			$r['gwname'],
348			$r['latency_avg'],
349			$r['latency_stddev'],
350			$r['loss']
351			) = explode(' ', preg_replace('/\n/', '', $status));
352
353			// dpinger returns '<gwname> 0 0 0' when queried directly after it starts.
354			// while a latency of 0 and a loss of 0 would be perfect, in a real world it doesnt happen.
355			// or does it, anyone? if so we must 'detect' the initialization period differently..
356			$ready = $r['latency_stddev'] != '0' \|\| $r['loss'] != '0';
357	179377b0	robjarsen
358	29fa6f0f	PiBa-NL	if ($ready) {
359			break;
360			} else {
361			$timeoutcounter++;
362			if ($timeoutcounter > 300) {
363			log_error(sprintf(gettext('dpinger: timeout while retrieving status for gateway %s'), $gwname));
364			return false;
365			}
366			usleep(10000);
367			}
368	cdcea13f	Seth Mos	}
369
370	73e3aa21	Renato Botelho	$r['srcip'] = $proc['srcip'];
371			$r['targetip'] = $proc['targetip'];
372
373	69eefb50	Renato Botelho	$gateways_arr = return_gateways_array();
374			unset($gw);
375			if (isset($gateways_arr[$gwname])) {
376			$gw = $gateways_arr[$gwname];
377	746f0afb	Ermal	}
378	4f060616	Ermal
379	08e18c83	Renato Botelho	$r['latency_avg'] = round($r['latency_avg']/1000, 3);
380			$r['latency_stddev'] = round($r['latency_stddev']/1000, 3);
381
382	69eefb50	Renato Botelho	$r['status'] = "none";
383			if (isset($gw) && isset($gw['force_down'])) {
384			$r['status'] = "force_down";
385			} else if (isset($gw)) {
386	73e3aa21	Renato Botelho	$settings = return_dpinger_defaults();
387
388			$keys = array(
389			'latencylow',
390			'latencyhigh',
391			'losslow',
392			'losshigh'
393			);
394
395			/* Replace default values by user-defined */
396			foreach ($keys as $key) {
397			if (isset($gw[$key]) && is_numeric($gw[$key])) {
398			$settings[$key] = $gw[$key];
399			}
400	d8f89cce	Renato Botelho	}
401
402	f396d2b7	Phil Davis	if ($r['latency_avg'] > $settings['latencyhigh']) {
403			if ($detailed) {
404			$r['status'] = "highdelay";
405			} else {
406			$r['status'] = "down";
407			}
408			} else if ($r['loss'] > $settings['losshigh']) {
409			if ($detailed) {
410			$r['status'] = "highloss";
411			} else {
412			$r['status'] = "down";
413			}
414	73e3aa21	Renato Botelho	} else if ($r['latency_avg'] > $settings['latencylow']) {
415	69eefb50	Renato Botelho	$r['status'] = "delay";
416	73e3aa21	Renato Botelho	} else if ($r['loss'] > $settings['losslow']) {
417			$r['status'] = "loss";
418	69eefb50	Renato Botelho	}
419			}
420
421			return $r;
422	cdcea13f	Seth Mos	}
423
424	0aeb97d2	Phil Davis	/* return the status of the dpinger targets as an array */
425	3d471a14	Ermal	function return_gateways_status($byname = false) {
426	ae9618af	Ermal	global $config, $g;
427	cdcea13f	Seth Mos
428	69eefb50	Renato Botelho	$dpinger_gws = running_dpinger_processes();
429	67ee1ec5	Ermal Luçi	$status = array();
430	69eefb50	Renato Botelho
431			$gateways_arr = return_gateways_array();
432
433	73e3aa21	Renato Botelho	foreach ($dpinger_gws as $gwname => $gwdata) {
434	f396d2b7	Phil Davis	// If action is disabled for this gateway, then we want a detailed status.
435			// That reports "highdelay" or "highloss" rather than just "down".
436			// Because reporting the gateway down would be misleading (gateway action is disabled)
437			$detailed = $gateways_arr[$gwname]['action_disable'];
438			$dpinger_status = get_dpinger_status($gwname, $detailed);
439	69eefb50	Renato Botelho	if ($dpinger_status === false) {
440			continue;
441			}
442
443	9ba87997	Phil Davis	if ($byname == false) {
444	69eefb50	Renato Botelho	$target = $dpinger_status['targetip'];
445	9ba87997	Phil Davis	} else {
446	69eefb50	Renato Botelho	$target = $gwname;
447	9ba87997	Phil Davis	}
448	47c48e28	smos
449	dea0921d	Ermal	$status[$target] = array();
450	69eefb50	Renato Botelho	$status[$target]['monitorip'] = $dpinger_status['targetip'];
451			$status[$target]['srcip'] = $dpinger_status['srcip'];
452			$status[$target]['name'] = $gwname;
453	0aeb97d2	Phil Davis	$status[$target]['delay'] = empty($dpinger_status['latency_avg']) ? "0ms" : $dpinger_status['latency_avg'] . "ms";
454	b90e4de2	Denny Page	$status[$target]['stddev'] = empty($dpinger_status['latency_stddev']) ? "0ms" : $dpinger_status['latency_stddev'] . "ms";
455	69eefb50	Renato Botelho	$status[$target]['loss'] = empty($dpinger_status['loss']) ? "0.0%" : round($dpinger_status['loss'], 1) . "%";
456			$status[$target]['status'] = $dpinger_status['status'];
457	cdcea13f	Seth Mos	}
458	68f291ff	Ermal
459	47c48e28	smos	/* tack on any gateways that have monitoring disabled
460			* or are down, which could cause gateway groups to fail */
461	16106d2e	smos	$gateways_arr = return_gateways_array();
462	9ba87997	Phil Davis	foreach ($gateways_arr as $gwitem) {
463			if (!isset($gwitem['monitor_disable'])) {
464	fd34d6a9	Ermal	continue;
465	9ba87997	Phil Davis	}
466	69eefb50	Renato Botelho	if (!is_ipaddr($gwitem['monitor'])) {
467	fd34d6a9	Ermal	$realif = $gwitem['interface'];
468			$tgtip = get_interface_gateway($realif);
469	9ba87997	Phil Davis	if (!is_ipaddr($tgtip)) {
470	fd34d6a9	Ermal	$tgtip = "none";
471	9ba87997	Phil Davis	}
472	fd34d6a9	Ermal	$srcip = find_interface_ip($realif);
473			} else {
474	69eefb50	Renato Botelho	$tgtip = $gwitem['monitor'];
475	fd34d6a9	Ermal	$srcip = find_interface_ip($realif);
476			}
477	9ba87997	Phil Davis	if ($byname == true) {
478	fd34d6a9	Ermal	$target = $gwitem['name'];
479	9ba87997	Phil Davis	} else {
480	fd34d6a9	Ermal	$target = $tgtip;
481	9ba87997	Phil Davis	}
482	fd34d6a9	Ermal
483			/* failsafe for down interfaces */
484	9ba87997	Phil Davis	if ($target == "none") {
485	fd34d6a9	Ermal	$target = $gwitem['name'];
486			$status[$target]['name'] = $gwitem['name'];
487			$status[$target]['delay'] = "0.0ms";
488			$status[$target]['loss'] = "100.0%";
489			$status[$target]['status'] = "down";
490			} else {
491			$status[$target]['monitorip'] = $tgtip;
492			$status[$target]['srcip'] = $srcip;
493			$status[$target]['name'] = $gwitem['name'];
494	aeb87745	Chris Buechler	$status[$target]['delay'] = "";
495			$status[$target]['loss'] = "";
496	fd34d6a9	Ermal	$status[$target]['status'] = "none";
497	16106d2e	smos	}
498	0c5d4e8d	Phil Davis
499			$status[$target]['monitor_disable'] = true;
500	16106d2e	smos	}
501	cdcea13f	Seth Mos	return($status);
502	17623ab5	Bill Marquette	}
503
504	a4867a30	jim-p	function return_gateways_status_text($byname = false, $brief = false) {
505			$gwstat = return_gateways_status($byname);
506			$output = "";
507			$widths = array();
508			$col_sep = 2;
509			if ($brief) {
510			$collist = array('status' => "Status");
511			} else {
512			$collist = array('monitorip' => "Monitor",
513			'srcip' => "Source",
514			'delay' => "Delay",
515			'stddev' => "StdDev",
516			'loss' => "Loss",
517			'status' => "Status");
518			}
519			foreach ($gwstat as $gw) {
520			foreach ($gw as $gwdidx => $gwdata) {
521			if (strlen($gwdata) > $widths[$gwdidx]) {
522			$widths[$gwdidx] = strlen($gwdata);
523			}
524			}
525			}
526
527			$output .= str_pad("Name", $widths['name'] + $col_sep, " ", STR_PAD_RIGHT);
528			foreach ($collist as $hdrcol => $hdrdesc) {
529			if (strlen($hdrdesc) > $widths[$hdrcol]) {
530			$widths[$hdrcol] = strlen($hdrdesc);
531			}
532			$output .= str_pad($hdrdesc, $widths[$hdrcol] + $col_sep, " ", (substr($hdrcol, -2, 2) == "ip") ? STR_PAD_RIGHT : STR_PAD_LEFT);
533			}
534			$output .= "\n";
535
536			foreach ($gwstat as $idx => $gw) {
537			$output .= str_pad($gw['name'], $widths['name'] + $col_sep, " ", STR_PAD_RIGHT);
538			foreach (array_keys($collist) as $col) {
539			$output .= str_pad($gw[$col], $widths[$col] + $col_sep, " ", (substr($col, -2, 2) == "ip") ? STR_PAD_RIGHT : STR_PAD_LEFT);
540			}
541			$output .= "\n";
542			}
543
544			return $output;
545			}
546
547	e311cb79	PiBa-NL	function compare_gateway_order_configured($a, $b) {
548	c38de34b	Renato Botelho	/* XXX WAN always has precedence */
549			if ($a['friendlyiface'] == "wan") {
550			return -1;
551			} elseif ($b['friendlyiface'] == "wan") {
552			return 1;
553			}
554
555	e311cb79	PiBa-NL	if ($a['attribute'] === $b['attribute']) {
556			if ($a['attribute'] === 'system') {
557			$res = (($a['name'] < $b['name'])) ? -1 : 1;
558			return $res;
559			}
560			return 0;
561			}
562			if ($a['attribute'] === 'system' \|\| $b['attribute'] === 'system') {
563			$res = (($b['attribute'] === 'system')) ? -1 : 1;
564			return $res;
565			}
566			$res = ($a['attribute'] < $b['attribute']) ? -1 : 1;
567			return $res;
568			}
569
570			function order_gateways_as_configured($gateways_arr) {
571			uasort($gateways_arr, 'compare_gateway_order_configured');
572			return $gateways_arr;
573			}
574
575	161cd113	Phil Davis	/* Return all configured gateways on the system
576			$disabled = true - include gateways that are disabled
577			$localhost = true - include "Null" entries for localhost IP addresses
578			$inactive = true - include gateways on inactive interfaces
579			$integer_index = true - index the returned array by integers 0,1,2,... instead of by GW name
580			*/
581			function return_gateways_array($disabled = false, $localhost = false, $inactive = false, $integer_index = false) {
582	8d3556c2	gnhb	global $config, $g;
583	7901dff5	Ermal Luçi
584	c66b4242	Seth Mos	$gateways_arr = array();
585	8d848bdf	Phil Davis	$gateways_arr_temp = array();
586	43a9b03d	PiBa-NL	$cgw4 = getcurrentdefaultgatewayip('inet');
587			$cgw6 = getcurrentdefaultgatewayip('inet6');
588	74c834f1	smos	$found_defaultv4 = 0;
589			$found_defaultv6 = 0;
590
591	33e71f10	jim-p	// Ensure the interface cache is up to date first
592			$interfaces = get_interface_arr(true);
593	3930a9c0	smos
594	23d9f686	Renato Botelho	$i = -1;
595	3d471a14	Ermal	/* Process/add all the configured gateways. */
596	27e329ce	jim-p	if (is_array($config['gateways']) && is_array($config['gateways']['gateway_item'])) {
597	1500614c	Ermal	foreach ($config['gateways']['gateway_item'] as $gateway) {
598	a155dc5e	Steve Beaver	if (!is_array($gateway) \|\| empty($gateway)) {
599			continue;
600			}
601
602	23d9f686	Renato Botelho	/* Increment it here to do not skip items */
603			$i++;
604	27e329ce	jim-p	if (isset($gateway['defaultgw'])) {
605			unset($gateway['defaultgw']);
606			}
607	23d9f686	Renato Botelho
608	06b8d43c	Renato Botelho	if (empty($config['interfaces'][$gateway['interface']])) {
609	9ba87997	Phil Davis	if ($inactive === false) {
610	06b8d43c	Renato Botelho	continue;
611	9ba87997	Phil Davis	} else {
612	06b8d43c	Renato Botelho	$gateway['inactive'] = true;
613	9ba87997	Phil Davis	}
614	06b8d43c	Renato Botelho	}
615	3930a9c0	smos	$wancfg = $config['interfaces'][$gateway['interface']];
616	1500614c	Ermal
617			/* skip disabled interfaces */
618	9ba87997	Phil Davis	if ($disabled === false && (!isset($wancfg['enable']))) {
619	1500614c	Ermal	continue;
620	9ba87997	Phil Davis	}
621	c1d36d26	smos
622	3930a9c0	smos	/* if the gateway is dynamic and we can find the IPv4, Great! */
623	d07bc322	Renato Botelho	if (empty($gateway['gateway']) \|\| $gateway['gateway'] == "dynamic") {
624	1500614c	Ermal	if ($gateway['ipprotocol'] == "inet") {
625			/* we know which interfaces is dynamic, this should be made a function */
626	65cfd0ca	Renato Botelho	$gateway['gateway'] = get_interface_gateway($gateway['interface']);
627			/* no IP address found, set to dynamic */
628	9ba87997	Phil Davis	if (!is_ipaddrv4($gateway['gateway'])) {
629	65cfd0ca	Renato Botelho	$gateway['gateway'] = "dynamic";
630	9ba87997	Phil Davis	}
631	65cfd0ca	Renato Botelho	$gateway['dynamic'] = true;
632	74c834f1	smos	}
633	c1d36d26	smos
634	d07bc322	Renato Botelho	/* if the gateway is dynamic and we can find the IPv6, Great! */
635	8e78c82c	Renato Botelho	else if ($gateway['ipprotocol'] == "inet6") {
636	1500614c	Ermal	/* we know which interfaces is dynamic, this should be made a function, and for v6 too */
637	65cfd0ca	Renato Botelho	$gateway['gateway'] = get_interface_gateway_v6($gateway['interface']);
638	d07bc322	Renato Botelho	/* no IPv6 address found, set to dynamic */
639	9ba87997	Phil Davis	if (!is_ipaddrv6($gateway['gateway'])) {
640	d07bc322	Renato Botelho	$gateway['gateway'] = "dynamic";
641	9ba87997	Phil Davis	}
642	65cfd0ca	Renato Botelho	$gateway['dynamic'] = true;
643	7671c940	Seth Mos	}
644	1500614c	Ermal	} else {
645			/* getting this detection right is hard at this point because we still don't
646			* store the address family in the gateway item */
647	9ba87997	Phil Davis	if (is_ipaddrv4($gateway['gateway'])) {
648	1500614c	Ermal	$gateway['ipprotocol'] = "inet";
649	9ba87997	Phil Davis	} else if (is_ipaddrv6($gateway['gateway'])) {
650	1500614c	Ermal	$gateway['ipprotocol'] = "inet6";
651	9ba87997	Phil Davis	}
652	2328dcc5	Seth Mos	}
653	c1d36d26	smos
654	9ba87997	Phil Davis	if (isset($gateway['monitor_disable'])) {
655	33c06ef7	Ermal	$gateway['monitor_disable'] = true;
656	9ba87997	Phil Davis	} else if (empty($gateway['monitor'])) {
657	2328dcc5	Seth Mos	$gateway['monitor'] = $gateway['gateway'];
658	9ba87997	Phil Davis	}
659	3d471a14	Ermal
660	f396d2b7	Phil Davis	if (isset($gateway['action_disable'])) {
661			$gateway['action_disable'] = true;
662			}
663
664	883c53c9	Ermal Lu?i	$gateway['friendlyiface'] = $gateway['interface'];
665	c1d36d26	smos
666			/* special treatment for tunnel interfaces */
667	1500614c	Ermal	if ($gateway['ipprotocol'] == "inet6") {
668	33e71f10	jim-p	$gateway['interface'] = get_real_interface($gateway['interface'], "inet6", false, false);
669	1500614c	Ermal	} else {
670	2a5960b0	Luiz Otavio O Souza	$gateway['interface'] = get_real_interface($gateway['interface'], "inet", false, false);
671	1500614c	Ermal	}
672	74c834f1	smos
673	35298a2f	Steve Beaver	if ($gateway['ipprotocol'] == "inet" &&
674	43a9b03d	PiBa-NL	($config['gateways']['defaultgw4'] == $gateway['name'] \|\| $gateway['gateway'] == $cgw4)) {
675			$gateway['isdefaultgw'] = true;
676			$found_defaultv4 = 1;
677	35298a2f	Steve Beaver	} else if ($gateway['ipprotocol'] == "inet6" &&
678	43a9b03d	PiBa-NL	($config['gateways']['defaultgw6'] == $gateway['name'] \|\| $gateway['gateway'] == $cgw6)) {
679			$gateway['isdefaultgw'] = true;
680			$found_defaultv6 = 1;
681	74c834f1	smos	}
682	3d471a14	Ermal	/* include the gateway index as the attribute */
683			$gateway['attribute'] = $i;
684	2328dcc5	Seth Mos
685	8d848bdf	Phil Davis	/* Remember all the gateway names, even ones to be skipped because they are disabled. */
686			/* Then we can easily know and match them later when attempting to add dynamic gateways to the list. */
687			$gateways_arr_temp[$gateway['name']] = $gateway;
688
689			/* skip disabled gateways if the caller has not asked for them to be returned. */
690	9ba87997	Phil Davis	if (!($disabled === false && isset($gateway['disabled']))) {
691	8d848bdf	Phil Davis	$gateways_arr[$gateway['name']] = $gateway;
692	9ba87997	Phil Davis	}
693	2328dcc5	Seth Mos	}
694	c1d36d26	smos	}
695	1500614c	Ermal	unset($gateway);
696	179377b0	robjarsen
697	065bd33d	Chris Rowe	//Sort the array by GW name before moving on.
698			ksort($gateways_arr, SORT_STRING \| SORT_FLAG_CASE);
699	883c53c9	Ermal Lu?i
700	ef05ae5f	Ermal	/* Loop through all interfaces with a gateway and add it to a array */
701	9ba87997	Phil Davis	if ($disabled == false) {
702	ef05ae5f	Ermal	$iflist = get_configured_interface_with_descr();
703	9ba87997	Phil Davis	} else {
704	f593f80b	Phil Davis	$iflist = get_configured_interface_with_descr(true);
705	9ba87997	Phil Davis	}
706	ef05ae5f	Ermal
707	c3a0d2a5	Seth Mos	/* Process/add dynamic v4 gateways. */
708	086cf944	Phil Davis	foreach ($iflist as $ifname => $friendly) {
709			if (!interface_has_gateway($ifname)) {
710	883c53c9	Ermal Lu?i	continue;
711	9ba87997	Phil Davis	}
712	3d471a14	Ermal
713	9ba87997	Phil Davis	if (empty($config['interfaces'][$ifname])) {
714	86df2846	jim-p	continue;
715	9ba87997	Phil Davis	}
716	86df2846	jim-p
717			$ifcfg = &$config['interfaces'][$ifname];
718	9ba87997	Phil Davis	if (!isset($ifcfg['enable'])) {
719	e62fe748	Ermal	continue;
720	9ba87997	Phil Davis	}
721	e62fe748	Ermal
722	9ba87997	Phil Davis	if (!empty($ifcfg['ipaddr']) && is_ipaddrv4($ifcfg['ipaddr'])) {
723	74c834f1	smos	continue;
724	9ba87997	Phil Davis	}
725	3930a9c0	smos
726	74c834f1	smos	$ctype = "";
727	9ba87997	Phil Davis	switch ($ifcfg['ipaddr']) {
728	74c834f1	smos	case "dhcp":
729			case "pppoe":
730	3343571b	jim-p	case "l2tp":
731	74c834f1	smos	case "pptp":
732	b2ff5d17	smos	case "ppp":
733	74c834f1	smos	$ctype = strtoupper($ifcfg['ipaddr']);
734			break;
735	daac437f	jim-p	default:
736	11fb4543	Chris Buechler	$tunnelif = substr($ifcfg['if'], 0, 3);
737	6c07db48	Phil Davis	if (substr($ifcfg['if'], 0, 4) == "ovpn") {
738	4f62b7c0	luckman212	switch (substr($ifcfg['if'], 4, 1)) {
739			case "c":
740			$ovpntype = "openvpn-client";
741			break;
742			case "s":
743			$ovpntype = "openvpn-server";
744			break;
745			default:
746			// unknown ovpn type
747			continue 2;
748			}
749			$ovpnid = substr($ifcfg['if'], 5);
750			if (is_array($config['openvpn'][$ovpntype])) {
751			foreach ($config['openvpn'][$ovpntype] as & $ovpnconf) {
752			if ($ovpnconf['vpnid'] == $ovpnid) {
753			// skip IPv6-only interfaces
754			if ($ovpnconf['create_gw'] == "v6only") {
755			continue 3;
756			}
757			// skip tap interfaces
758			if ($ovpnconf['dev_mode'] == "tap") {
759			continue 3;
760	687ff78c	Chris Buechler	}
761			}
762			}
763			}
764	daac437f	jim-p	$ctype = "VPNv4";
765	bd4c337c	jim-p	} elseif (substr($ifcfg['if'], 0, 5) == "ipsec") {
766			$ikeid = substr($ifcfg['if'], 5);
767			if (is_array($config['ipsec']) && is_array($config['ipsec']['phase1']) && is_array($config['ipsec']['phase2'])) {
768			foreach ($config['ipsec']['phase1'] as $ph1ent) {
769	aea2a0c3	jim-p	if ($ph1ent['disabled']) {
770	bd4c337c	jim-p	continue;
771			}
772	aea2a0c3	jim-p	$vtisubnet_spec = ipsec_vti($ph1ent, true);
773	bd4c337c	jim-p	// Skip non-VTI tunnels
774	aea2a0c3	jim-p	if (!$vtisubnet_spec \|\| !is_array($vtisubnet_spec)) {
775	bd4c337c	jim-p	continue;
776			}
777	aea2a0c3	jim-p	if (!isset($ph1ent['mobile']) && ($keyexchange == 'ikev1' \|\| isset($ph1ent['splitconn']))) {
778			foreach ($vtisubnet_spec as $idx => $vtisub) {
779			if ($ifcfg['if'] == "ipsec{$ph1ent['ikeid']}00{$idx}") {
780			// If this specific VTI remote is v4, then we can make a v4 gw
781			if (is_ipaddrv4($vtisub['right'])) {
782			$ctype = "VTIv4";
783			}
784			}
785			}
786			} else {
787			if ($ifcfg['if'] == "ipsec{$ph1ent['ikeid']}000") {
788			// If any of the VTI remotes are v4, then we can make a v4 gw
789			foreach ($vtisubnet_spec as $vtisub) {
790			if (is_ipaddrv4($vtisub['right'])) {
791			$ctype = "VTIv4";
792			}
793			}
794	bd4c337c	jim-p	}
795			}
796			}
797			if (empty($ctype)) {
798			continue 2;
799			}
800			}
801			} elseif ($tunnelif == "gif" \|\| $tunnelif == "gre") {
802	bac17444	Chris Buechler	$ctype = "TUNNELv4";
803	9ba87997	Phil Davis	}
804	daac437f	jim-p	break;
805	74c834f1	smos	}
806			$ctype = "_". strtoupper($ctype);
807
808	883c53c9	Ermal Lu?i	$gateway = array();
809			$gateway['dynamic'] = false;
810	c3a0d2a5	Seth Mos	$gateway['ipprotocol'] = "inet";
811	883c53c9	Ermal Lu?i	$gateway['gateway'] = get_interface_gateway($ifname, $gateway['dynamic']);
812			$gateway['interface'] = get_real_interface($ifname);
813			$gateway['friendlyiface'] = $ifname;
814	74c834f1	smos	$gateway['name'] = "{$friendly}{$ctype}";
815	883c53c9	Ermal Lu?i	$gateway['attribute'] = "system";
816	f040882c	Renato Botelho
817	74c834f1	smos	if (($gateway['dynamic'] === "default") && ($found_defaultv4 == 0)) {
818	43a9b03d	PiBa-NL	$gateway['isdefaultgw'] = true;
819	999111cb	Ermal	$gateway['dynamic'] = true;
820	74c834f1	smos	$found_defaultv4 = 1;
821	999111cb	Ermal	}
822	43a9b03d	PiBa-NL
823	883c53c9	Ermal Lu?i	/* Loopback dummy for dynamic interfaces without a IP */
824	9ba87997	Phil Davis	if (!is_ipaddrv4($gateway['gateway']) && $gateway['dynamic'] == true) {
825	999111cb	Ermal	$gateway['gateway'] = "dynamic";
826	9ba87997	Phil Davis	}
827	3439b033	Seth Mos
828	8d848bdf	Phil Davis	/* automatically skip known static and dynamic gateways that were previously processed */
829	9ba87997	Phil Davis	foreach ($gateways_arr_temp as $gateway_item) {
830	c3a0d2a5	Seth Mos	if ((($ifname == $gateway_item['friendlyiface'] && $friendly == $gateway_item['name'])&& ($gateway['ipprotocol'] == $gateway_item['ipprotocol'])) \|\|
831	918bdf0d	Phil Davis	(($ifname == $gateway_item['friendlyiface'] && $gateway_item['dynamic'] == true) && ($gateway['ipprotocol'] == $gateway_item['ipprotocol']))) {
832	9ba87997	Phil Davis	continue 2;
833			}
834	883c53c9	Ermal Lu?i	}
835	c66b4242	Seth Mos
836	9ba87997	Phil Davis	if (is_ipaddrv4($gateway['gateway'])) {
837	883c53c9	Ermal Lu?i	$gateway['monitor'] = $gateway['gateway'];
838	9ba87997	Phil Davis	}
839	c65e1e0d	Ermal
840	74c834f1	smos	$gateway['descr'] = "Interface {$friendly}{$ctype} Gateway";
841	c3a0d2a5	Seth Mos	$gateways_arr[$gateway['name']] = $gateway;
842			}
843	1500614c	Ermal	unset($gateway);
844	c3a0d2a5	Seth Mos
845			/* Process/add dynamic v6 gateways. */
846	086cf944	Phil Davis	foreach ($iflist as $ifname => $friendly) {
847	0715ad50	jim-p	/* If the user has disabled IPv6, they probably don't want any IPv6 gateways. */
848	9ba87997	Phil Davis	if (!isset($config['system']['ipv6allow'])) {
849	0715ad50	jim-p	break;
850	9ba87997	Phil Davis	}
851	0715ad50	jim-p
852	086cf944	Phil Davis	if (!interface_has_gatewayv6($ifname)) {
853	c3a0d2a5	Seth Mos	continue;
854	9ba87997	Phil Davis	}
855	c3a0d2a5	Seth Mos
856	9ba87997	Phil Davis	if (empty($config['interfaces'][$ifname])) {
857	c3a0d2a5	Seth Mos	continue;
858	9ba87997	Phil Davis	}
859	c3a0d2a5	Seth Mos
860			$ifcfg = &$config['interfaces'][$ifname];
861	9ba87997	Phil Davis	if (!isset($ifcfg['enable'])) {
862	74c834f1	smos	continue;
863	9ba87997	Phil Davis	}
864	74c834f1	smos
865	9ba87997	Phil Davis	if (!empty($ifcfg['ipaddrv6']) && is_ipaddrv6($ifcfg['ipaddrv6'])) {
866	1500614c	Ermal	continue;
867	9ba87997	Phil Davis	}
868	f040882c	Renato Botelho
869	74c834f1	smos	$ctype = "";
870	9ba87997	Phil Davis	switch ($ifcfg['ipaddrv6']) {
871	c0b1bc81	smos	case "slaac":
872	74c834f1	smos	case "dhcp6":
873			case "6to4":
874			case "6rd":
875			$ctype = strtoupper($ifcfg['ipaddrv6']);
876			break;
877	daac437f	jim-p	default:
878	bf36dafa	Renato Botelho	$tunnelif = substr($ifcfg['if'], 0, 3);
879	6c07db48	Phil Davis	if (substr($ifcfg['if'], 0, 4) == "ovpn") {
880	4f62b7c0	luckman212	switch (substr($ifcfg['if'], 4, 1)) {
881			case "c":
882			$ovpntype = "openvpn-client";
883			break;
884			case "s":
885			$ovpntype = "openvpn-server";
886			break;
887			default:
888			// unknown ovpn type
889			continue 2;
890			}
891			$ovpnid = substr($ifcfg['if'], 5);
892			if (is_array($config['openvpn'][$ovpntype])) {
893			foreach ($config['openvpn'][$ovpntype] as & $ovpnconf) {
894			if ($ovpnconf['vpnid'] == $ovpnid) {
895			// skip IPv4-only interfaces
896			if ($ovpnconf['create_gw'] == "v4only") {
897			continue 3;
898			}
899			// skip tap interfaces
900			if ($ovpnconf['dev_mode'] == "tap") {
901			continue 3;
902	687ff78c	Chris Buechler	}
903			}
904			}
905			}
906	daac437f	jim-p	$ctype = "VPNv6";
907	bd4c337c	jim-p	} elseif (substr($ifcfg['if'], 0, 5) == "ipsec") {
908			$ikeid = substr($ifcfg['if'], 5);
909			if (is_array($config['ipsec']) && is_array($config['ipsec']['phase1']) && is_array($config['ipsec']['phase2'])) {
910			foreach ($config['ipsec']['phase1'] as $ph1ent) {
911	aea2a0c3	jim-p	if ($ph1ent['disabled']) {
912	bd4c337c	jim-p	continue;
913			}
914	aea2a0c3	jim-p	$vtisubnet_spec = ipsec_vti($ph1ent, true);
915	bd4c337c	jim-p	// Skip non-VTI tunnels
916	aea2a0c3	jim-p	if (!$vtisubnet_spec \|\| !is_array($vtisubnet_spec)) {
917	bd4c337c	jim-p	continue;
918			}
919	aea2a0c3	jim-p	if (!isset($ph1ent['mobile']) && ($keyexchange == 'ikev1' \|\| isset($ph1ent['splitconn']))) {
920			foreach ($vtisubnet_spec as $idx => $vtisub) {
921			if ($ifcfg['if'] == "ipsec{$ph1ent['ikeid']}00{$idx}") {
922			// If this specific VTI remote is v6, then we can make a v6 gw
923			if (is_ipaddrv6($vtisub['right'])) {
924			$ctype = "VTIv6";
925			}
926			}
927			}
928			} else {
929			if ($ifcfg['if'] == "ipsec{$ph1ent['ikeid']}000") {
930			// If any of the VTI remotes are v6, then we can make a v6 gw
931			foreach ($vtisubnet_spec as $vtisub) {
932			if (is_ipaddrv6($vtisub['right'])) {
933			$ctype = "VTIv6";
934			}
935			}
936	bd4c337c	jim-p	}
937			}
938			}
939			if (empty($ctype)) {
940			continue 2;
941			}
942			}
943	9ba87997	Phil Davis	} else if ($tunnelif == "gif" \|\| $tunnelif == "gre") {
944	c32a6b82	Ermal	$ctype = "TUNNELv6";
945	9ba87997	Phil Davis	}
946	daac437f	jim-p	break;
947	74c834f1	smos	}
948			$ctype = "_". strtoupper($ctype);
949	c3a0d2a5	Seth Mos
950			$gateway = array();
951			$gateway['dynamic'] = false;
952			$gateway['ipprotocol'] = "inet6";
953			$gateway['gateway'] = get_interface_gateway_v6($ifname, $gateway['dynamic']);
954	909de400	Ermal	$gateway['interface'] = get_real_interface($ifname, "inet6");
955	9ba87997	Phil Davis	switch ($ifcfg['ipaddrv6']) {
956	d500e296	smos	case "6rd":
957	909de400	Ermal	case "6to4":
958	d500e296	smos	$gateway['dynamic'] = "default";
959			break;
960			}
961	c3a0d2a5	Seth Mos	$gateway['friendlyiface'] = $ifname;
962	74c834f1	smos	$gateway['name'] = "{$friendly}{$ctype}";
963	c3a0d2a5	Seth Mos	$gateway['attribute'] = "system";
964	f040882c	Renato Botelho
965	6c07db48	Phil Davis	if (($gateway['dynamic'] === "default") && ($found_defaultv6 == 0)) {
966	43a9b03d	PiBa-NL	$gateway['isdefaultgw'] = true;
967	c3a0d2a5	Seth Mos	$gateway['dynamic'] = true;
968	74c834f1	smos	$found_defaultv6 = 1;
969	c3a0d2a5	Seth Mos	}
970
971			/* Loopback dummy for dynamic interfaces without a IP */
972	9ba87997	Phil Davis	if (!is_ipaddrv6($gateway['gateway']) && $gateway['dynamic'] == true) {
973	d07bc322	Renato Botelho	$gateway['gateway'] = "dynamic";
974	9ba87997	Phil Davis	}
975	c3a0d2a5	Seth Mos
976	8d848bdf	Phil Davis	/* automatically skip known static and dynamic gateways that were previously processed */
977	9ba87997	Phil Davis	foreach ($gateways_arr_temp as $gateway_item) {
978	c3a0d2a5	Seth Mos	if ((($ifname == $gateway_item['friendlyiface'] && $friendly == $gateway_item['name']) && ($gateway['ipprotocol'] == $gateway_item['ipprotocol'])) \|\|
979	918bdf0d	Phil Davis	(($ifname == $gateway_item['friendlyiface'] && $gateway_item['dynamic'] == true) && ($gateway['ipprotocol'] == $gateway_item['ipprotocol']))) {
980	9ba87997	Phil Davis	continue 2;
981			}
982	c3a0d2a5	Seth Mos	}
983
984	9ba87997	Phil Davis	if (is_ipaddrv6($gateway['gateway'])) {
985	c3a0d2a5	Seth Mos	$gateway['monitor'] = $gateway['gateway'];
986	9ba87997	Phil Davis	}
987	c3a0d2a5	Seth Mos
988	74c834f1	smos	$gateway['descr'] = "Interface {$friendly}{$ctype} Gateway";
989	c3a0d2a5	Seth Mos	$gateways_arr[$gateway['name']] = $gateway;
990	c66b4242	Seth Mos	}
991	1500614c	Ermal	unset($gateway);
992	6fdea6a2	smos
993	08c3810c	Renato Botelho	/* FIXME: Should this be enabled.
994			* Some interface like wan might be default but have no info recorded
995			* the config. */
996			/* this is a fallback if all else fails and we want to get packets out @smos */
997			if ($found_defaultv4 == 0 \|\| $found_defaultv6 == 0) {
998			foreach ($gateways_arr as &$gateway) {
999			if (($gateway['friendlyiface'] == "wan") && ($found_defaultv4 == 0) && (!isset($gateway['ipprotocol']) \|\| ($gateway['ipprotocol'] == "inet"))) {
1000			if (file_exists("{$g['tmp_path']}/{$gateway['interface']}_defaultgw")) {
1001	43a9b03d	PiBa-NL	$gateway['isdefaultgw'] = true;
1002	08c3810c	Renato Botelho	$found_defaultv4 = 1;
1003			}
1004			}
1005	6704590b	Ermal	else if (($gateway['friendlyiface'] == "wan") && ($found_defaultv6 == 0) && ($gateway['ipprotocol'] == "inet6")) {
1006	08c3810c	Renato Botelho	if (file_exists("{$g['tmp_path']}/{$gateway['interface']}_defaultgwv6")) {
1007	43a9b03d	PiBa-NL	$gateway['isdefaultgw'] = true;
1008	08c3810c	Renato Botelho	$found_defaultv6 = 1;
1009			}
1010			}
1011			}
1012			}
1013
1014	9ba87997	Phil Davis	if ($localhost === true) {
1015	6fdea6a2	smos	/* attach localhost for Null routes */
1016			$gwlo4 = array();
1017			$gwlo4['name'] = "Null4";
1018			$gwlo4['interface'] = "lo0";
1019			$gwlo4['ipprotocol'] = "inet";
1020			$gwlo4['gateway'] = "127.0.0.1";
1021	e311cb79	PiBa-NL	$gwlo4['attribute'] = "system";
1022	6fdea6a2	smos	$gwlo6 = array();
1023			$gwlo6['name'] = "Null6";
1024			$gwlo6['interface'] = "lo0";
1025			$gwlo6['ipprotocol'] = "inet6";
1026			$gwlo6['gateway'] = "::1";
1027	e311cb79	PiBa-NL	$gwlo6['attribute'] = "system";
1028	6fdea6a2	smos	$gateways_arr['Null4'] = $gwlo4;
1029			$gateways_arr['Null6'] = $gwlo6;
1030			}
1031	161cd113	Phil Davis
1032			if ($integer_index) {
1033	a8bee7cc	Phil Davis	$gateways_arr = array_values($gateways_arr);
1034	161cd113	Phil Davis	}
1035
1036	43a9b03d	PiBa-NL	if ($found_defaultv4 != 1 && is_ipaddr($cgw4)) {
1037			foreach($gateways_arr as &$gw) {
1038			if ($gw['gateway'] == $cgw4) {
1039			$gw['isdefaultgw'] = true;
1040			}
1041			}
1042			}
1043			if ($found_defaultv6 != 1 && is_ipaddr($cgw6)) {
1044			foreach($gateways_arr as &$gw) {
1045			if ($gw['gateway'] == $cgw6) {
1046			$gw['isdefaultgw'] = true;
1047			}
1048			}
1049			}
1050	e311cb79	PiBa-NL	return order_gateways_as_configured($gateways_arr);
1051	c66b4242	Seth Mos	}
1052
1053	fd3515f2	jim-p	function fixup_default_gateway($ipprotocol, $gateways_status, $gateways_arr) {
1054			global $config, $g;
1055			/*
1056			* NOTE: The code below is meant to replace the default gateway when it goes down.
1057			* This facilitates services running on pfSense itself and are not handled by a PBR to continue working.
1058			*/
1059	e311cb79	PiBa-NL	$set_dfltgwname = '';
1060	1303150b	Stephen Jones
1061	43a9b03d	PiBa-NL	if ($ipprotocol == 'inet') {
1062			$gwdefault = $config['gateways']['defaultgw4'];
1063			} else {
1064			$gwdefault = $config['gateways']['defaultgw6'];
1065			}
1066	e311cb79	PiBa-NL	if ($gwdefault == "-") {
1067			// 'none', dont set the default gateway, useful if routes are managed by frr/bgp/ospf or similar
1068			return;
1069			}
1070	96b15e44	PiBa-NL	if (isset($gateways_arr[$gwdefault])) {
1071	43a9b03d	PiBa-NL	// the configured gateway is a regular one. (not a gwgroup) use it as is..
1072	e311cb79	PiBa-NL	$set_dfltgwname = $gwdefault;
1073			} elseif (empty($gwdefault)) {
1074			// 'automatic' mode, pick the first one thats 'up' or 'unmonitored' which is always considered up
1075			$gateways_arr = order_gateways_as_configured($gateways_arr);
1076	742cc9ae	PiBa-NL	$fallback = "";
1077	e311cb79	PiBa-NL	foreach($gateways_arr as $gwname => $gwsttng) {
1078			if ($gwsttng['ipprotocol'] != $ipprotocol) {
1079			continue;
1080			}
1081	f37dd1a9	Stephen Jones
1082	e311cb79	PiBa-NL	if ((isset($gwsttng['monitor_disable']) \|\| isset($gwsttng['action_disable']) \|\| $gateways_status[$gwname]['status'] == "none")) {
1083			$set_dfltgwname = $gwname;
1084			break;
1085			}
1086	742cc9ae	PiBa-NL	if (empty($fallback) && $gwsttng['interface'] != 'lo0') {
1087			$fallback = $gwname;
1088			}
1089			}
1090			if (empty($set_dfltgwname)) {
1091			log_error(sprintf("Gateway, none 'available' for %s, use the first one configured. '%s'", $ipprotocol, $fallback));
1092			$set_dfltgwname = $fallback;
1093	e311cb79	PiBa-NL	}
1094	43a9b03d	PiBa-NL	} else {
1095	e311cb79	PiBa-NL	// a gwgroup is selected
1096	43a9b03d	PiBa-NL	// find the best available gateway given options available..
1097	e311cb79	PiBa-NL	$gwg_members = array();
1098			$viplist = get_configured_vip_list();
1099			if (is_array($config['gateways']['gateway_group'])) {
1100			foreach ($config['gateways']['gateway_group'] as $group) {
1101			if ($group['name'] == $gwdefault) {
1102			// finds the gw members of the best available tier for this group.
1103			$gwg_members = get_gwgroup_members_inner($group, $gateways_status, $gateways_arr, $viplist);
1104	43a9b03d	PiBa-NL	}
1105			}
1106			}
1107	e311cb79	PiBa-NL
1108			if (count($gwg_members) > 0) {
1109			$currentdefaultgwip = getcurrentdefaultgatewayip($ipprotocol);
1110			$found_current = false;
1111			foreach($gwg_members as $gwgroupitem) {
1112			if ($gwgroupitem['gwip'] == $currentdefaultgwip) {
1113			$set_dfltgwname = $gwgroupitem['gw'];
1114			$found_current = true;
1115	f406f896	luckman212	if (isset($config['system']['gw-debug'])) {
1116			log_error("Keep current gateway, its already part of the group members.");
1117			}
1118	43a9b03d	PiBa-NL	break;
1119			}
1120			}
1121	e311cb79	PiBa-NL	if (!$found_current) {
1122			$set_dfltgwname = $gwg_members[0]['gw'];
1123			log_error(sprintf("Gateway, switch to: %s", $set_dfltgwname));
1124	9ba87997	Phil Davis	}
1125	e311cb79	PiBa-NL	} else {
1126			log_error("Gateway, NONE AVAILABLE");
1127	fd3515f2	jim-p	}
1128	43a9b03d	PiBa-NL	}
1129	e311cb79	PiBa-NL	if (!empty($set_dfltgwname) && isset($gateways_arr[$set_dfltgwname])) {
1130			setdefaultgateway($gateways_arr[$set_dfltgwname]);
1131	43a9b03d	PiBa-NL	}
1132			}
1133
1134			function getcurrentdefaultgatewayip($ipprotocol) {
1135	fecb8603	jim-p	return trim(exec("/sbin/route -n get -{$ipprotocol} default 2>/dev/null \| /usr/bin/awk '/gateway:/ {print $2}'"), " \n");
1136	43a9b03d	PiBa-NL	}
1137
1138			function setdefaultgateway($gw) {
1139	e311cb79	PiBa-NL	global $g, $config;
1140	fecb8603	jim-p	if (isset($config['system']['route-debug'])) {
1141			file_put_contents("/dev/console", "\n[".getmypid()."] SET DEF GW: {$gw['name']}");
1142			}
1143	43a9b03d	PiBa-NL	$ipprotocol = $gw['ipprotocol'];
1144			if ($gw['gateway'] == "dynamic") {
1145			if ($ipprotocol == 'inet') {
1146			$gw['gateway'] = get_interface_gateway($gw['friendlyiface']);
1147			} else {
1148			$gw['gateway'] = get_interface_gateway_v6($$gw['friendlyiface']);
1149	9ba87997	Phil Davis	}
1150	43a9b03d	PiBa-NL	}
1151			if ($ipprotocol == 'inet6' && !is_ipaddrv6($gw['gateway'])) {
1152			return;
1153			}
1154			if ($ipprotocol == 'inet' && !is_ipaddrv4($gw['gateway'])) {
1155			return;
1156			}
1157			if ($ipprotocol == 'inet6') {
1158			if (is_linklocal($gw['gateway']) && get_ll_scope($gw['gateway']) == '') {
1159			$gw['gateway'] .= "%" . $gw['interface'];
1160	9ba87997	Phil Davis	}
1161	fd3515f2	jim-p	}
1162	43a9b03d	PiBa-NL	$currentdefaultgwip = getcurrentdefaultgatewayip($ipprotocol);
1163			if ($currentdefaultgwip != $gw['gateway']) {
1164			log_error("Default gateway setting {$gw['descr']} as default.");
1165	35298a2f	Steve Beaver
1166	43a9b03d	PiBa-NL	if ($ipprotocol == 'inet') {
1167			array_map('unlink', glob("{$g['tmp_path']}/*_defaultgw", GLOB_BRACE));
1168			} else {
1169			array_map('unlink', glob("{$g['tmp_path']}/*_defaultgwv6", GLOB_BRACE));
1170			}
1171			$defaultif = get_real_interface($gw['interface']);
1172			if ($defaultif) {
1173			@file_put_contents("{$g['tmp_path']}/{$defaultif}_defaultgw", $gw['gateway']);
1174	9ba87997	Phil Davis	}
1175	35298a2f	Steve Beaver
1176	43a9b03d	PiBa-NL	if (isset($gw["nonlocalgateway"])) {
1177			if (is_ipaddr($gw['gateway']) && !empty($gw['interface'])) {
1178			route_add_or_change("-{$ipprotocol} {$gw['gateway']} -iface {$gw['interface']}");
1179			}
1180			}
1181	fecb8603	jim-p	if (isset($config['system']['route-debug'])) {
1182			file_put_contents("/dev/console", "\n[".getmypid()."] SET DEF GW: {$gw['name']} ({$gw['gateway']})");
1183			}
1184	43a9b03d	PiBa-NL	route_add_or_change("-{$ipprotocol} default {$gw['gateway']}");
1185			return true;
1186	fd3515f2	jim-p	}
1187	43a9b03d	PiBa-NL	}
1188
1189			function get_gwgroup_members_inner($group, $gateways_status, $gateways_arr, $viplist){
1190			$result = array();
1191			/* create array with group gateways members separated by tier */
1192			$tiers = array();
1193			$backupplan = array();
1194			$gwvip_arr = array();
1195			foreach ($group['item'] as $item) {
1196			list($gwname, $tier, $vipname) = explode("\|", $item);
1197
1198			if (is_ipaddr($viplist[$vipname])) {
1199			if (!is_array($gwvip_arr[$group['name']])) {
1200			$gwvip_arr[$group['name']] = array();
1201			}
1202			$gwvip_arr[$group['name']][$gwname] = $vipname;
1203			}
1204
1205			/* Do it here rather than reiterating again the group in case no member is up. */
1206			if (!is_array($backupplan[$tier])) {
1207			$backupplan[$tier] = array();
1208			}
1209			$backupplan[$tier][] = $gwname;
1210
1211			/* check if the gateway is available before adding it to the array */
1212			if (is_array($gateways_status[$gwname])) {
1213			$status = $gateways_status[$gwname];
1214			$gwdown = false;
1215			if (stristr($status['status'], "down")) {
1216			$msg = sprintf(gettext('MONITOR: %1$s is down, omitting from routing group %2$s'), $gwname, $group['name']);
1217			$gwdown = true;
1218			} else if (stristr($status['status'], "loss") && strstr($group['trigger'], "loss")) {
1219			/* packet loss */
1220			$msg = sprintf(gettext('MONITOR: %1$s has packet loss, omitting from routing group %2$s'), $gwname, $group['name']);
1221			$gwdown = true;
1222			} else if (stristr($status['status'], "delay") && strstr($group['trigger'] , "latency")) {
1223			/* high latency */
1224			$msg = sprintf(gettext('MONITOR: %1$s has high latency, omitting from routing group %2$s'), $gwname, $group['name']);
1225			$gwdown = true;
1226			}
1227			$statuschanged = false;
1228			$pluginparams = array();
1229			$pluginparams['type'] = 'gateway';
1230	b5e93be6	Stephen Jones	$pluginparams['name'] = $gwname;
1231	43a9b03d	PiBa-NL	if ($gwdown == true) {
1232			if (!file_exists("/tmp/.down.{$gwname}")) {
1233			touch("/tmp/.down.{$gwname}");
1234			$msg .= "\n".implode("\|", $status);
1235			$pluginparams['event'] = 'gateway.down';
1236			$statuschanged = true;
1237	ea940381	Chris Buechler	}
1238	fd3515f2	jim-p	} else {
1239	43a9b03d	PiBa-NL	/* Online add member */
1240			if (!is_array($tiers[$tier])) {
1241			$tiers[$tier] = array();
1242			}
1243			$tiers[$tier][] = $gwname;
1244			if (unlink_if_exists("/tmp/.down.{$gwname}")) {
1245			$msg = sprintf(getmypid () . gettext('MONITOR: %1$s is available now, adding to routing group %2$s'), $gwname, $group['name']);
1246			$msg .= "\n".implode("\|", $status);
1247			$pluginparams['event'] = 'gateway.up';
1248			$statuschanged = true;
1249			}
1250	fd3515f2	jim-p	}
1251	43a9b03d	PiBa-NL	if ($statuschanged) {
1252			log_error($msg);
1253			notify_via_growl($msg);
1254			notify_via_smtp($msg);
1255			if (isset($gateways_arr[$gwname]['interface'])) {
1256			$pluginparams['interface'] = $gateways_arr[$gwname]['interface'];
1257			}
1258			pkg_call_plugins('plugin_gateway', $pluginparams);
1259	ea940381	Chris Buechler	}
1260	43a9b03d	PiBa-NL	} else if (isset($gateways_arr[$gwname]['monitor_disable']) \|\| isset($gateways_arr[$gwname]['action_disable'])) {
1261			$tiers[$tier][] = $gwname;
1262			}
1263			}
1264			$tiers_count = count($tiers);
1265			if ($tiers_count == 0) {
1266			/* Oh dear, we have no members! Engage Plan B */
1267	b974f79a	luckman212	if (isset($config['system']['gw-debug']) && (!platform_booting())) {
1268	43a9b03d	PiBa-NL	$msg = sprintf(gettext('Gateways status could not be determined, considering all as up/active. (Group: %s)'), $group['name']);
1269			log_error($msg);
1270			notify_via_growl($msg);
1271			//notify_via_smtp($msg);
1272			}
1273			$tiers = $backupplan;
1274			}
1275			/* sort the tiers array by the tier key */
1276			ksort($tiers);
1277
1278			/* we do not really foreach the tiers as we stop after the first tier */
1279			foreach ($tiers as $tieridx => $tier) {
1280			/* process all gateways in this tier */
1281			foreach ($tier as $member) {
1282			/* determine interface gateway */
1283			if (isset($gateways_arr[$member])) {
1284			$gateway = $gateways_arr[$member];
1285			$int = $gateway['interface'];
1286			$gatewayip = "";
1287			if (is_ipaddr($gateway['gateway'])) {
1288			$gatewayip = $gateway['gateway'];
1289			} else if (!empty($int)) {
1290			$gatewayip = get_interface_gateway($gateway['friendlyiface']);
1291			}
1292
1293			if (!empty($int)) {
1294			$result['ipprotocol'] = $gateway['ipprotocol'];
1295			if (is_ipaddr($gatewayip)) {
1296			$groupmember = array();
1297			$groupmember['gw'] = $member;
1298			$groupmember['int'] = $int;
1299			$groupmember['gwip'] = $gatewayip;
1300			$groupmember['weight'] = isset($gateway['weight']) ? $gateway['weight'] : 1;
1301			if (is_array($gwvip_arr[$group['name']]) && !empty($gwvip_arr[$group['name']][$member])) {
1302			$groupmember['vip'] = $gwvip_arr[$group['name']][$member];
1303			}
1304			$result[] = $groupmember;
1305			}
1306			}
1307	ea940381	Chris Buechler	}
1308			}
1309	43a9b03d	PiBa-NL	/* we should have the 1st available tier now, exit stage left */
1310			if (count($result) > 0) {
1311			break;
1312			} else {
1313			log_error(sprintf(gettext('GATEWAYS: Group %1$s did not have any gateways up on tier %2$s!'), $group['name'], $tieridx));
1314	9ba87997	Phil Davis	}
1315	fd3515f2	jim-p	}
1316	43a9b03d	PiBa-NL	// Add description field last to not influence the count() above
1317			$result['descr'] = $group['descr'];
1318			return $result;
1319			}
1320
1321			function get_gwgroup_members($groupname) {
1322			global $config;
1323			$gateways_status = return_gateways_status(true);
1324			$gateways_arr = return_gateways_array();
1325			$viplist = get_configured_vip_list();
1326			foreach ($config['gateways']['gateway_group'] as $group) {
1327			if ($group['name'] == $groupname) {
1328			return get_gwgroup_members_inner($group, $gateways_status, $gateways_arr, $viplist);
1329			}
1330			}
1331			return array();
1332	fd3515f2	jim-p	}
1333
1334	3d471a14	Ermal	/*
1335			* Return an array with all gateway groups with name as key
1336	fd8eeda5	Seth Mos	* All gateway groups will be processed before returning the array.
1337	3d471a14	Ermal	*/
1338	43a9b03d	PiBa-NL	function return_gateway_groups_array($fixup = false) {
1339			global $config;
1340	fd8eeda5	Seth Mos
1341			/* fetch the current gateways status */
1342	3d471a14	Ermal	$gateways_status = return_gateways_status(true);
1343	fd8eeda5	Seth Mos	$gateways_arr = return_gateways_array();
1344			$gateway_groups_array = array();
1345	43a9b03d	PiBa-NL	if ($fixup == true) {
1346			$gw4 = lookup_gateway_or_group_by_name($config['gateways']['defaultgw4']);
1347			$gw6 = lookup_gateway_or_group_by_name($config['gateways']['defaultgw6']);
1348			if ($gw4 && $gw4['type'] == 'gatewaygroup') {
1349			fixup_default_gateway("inet", $gateways_status, $gateways_arr);
1350			}
1351			if ($gw6 && $gw6['type'] == 'gatewaygroup') {
1352			fixup_default_gateway("inet6", $gateways_status, $gateways_arr);
1353			}
1354	ee7f1647	Ermal	}
1355	fd8eeda5	Seth Mos	if (is_array($config['gateways']['gateway_group'])) {
1356	2a5960b0	Luiz Otavio O Souza	$viplist = get_configured_vip_list();
1357	1500614c	Ermal	foreach ($config['gateways']['gateway_group'] as $group) {
1358	43a9b03d	PiBa-NL	$gateway_groups_array[$group['name']] = get_gwgroup_members_inner($group, $gateways_status, $gateways_arr, $viplist);
1359	fd8eeda5	Seth Mos	}
1360			}
1361	1500614c	Ermal
1362	fe22a89b	Ermal	return ($gateway_groups_array);
1363	fd8eeda5	Seth Mos	}
1364
1365	2468ae76	Scott Ullrich	/* Update DHCP WAN Interface ip address in gateway group item */
1366			function dhclient_update_gateway_groups_defaultroute($interface = "wan") {
1367	6ae5d9cb	Renato Botelho	global $config;
1368
1369			if (is_array($config['gateways']['gateway_item'])) {
1370			foreach ($config['gateways']['gateway_item'] as & $gw) {
1371			if ($gw['interface'] != $interface) {
1372			continue;
1373			}
1374
1375	2468ae76	Scott Ullrich	$current_gw = get_interface_gateway($interface);
1376	9ba87997	Phil Davis	if ($gw['gateway'] <> $current_gw) {
1377	2468ae76	Scott Ullrich	$gw['gateway'] = $current_gw;
1378			$changed = true;
1379			}
1380			}
1381			}
1382	6ae5d9cb	Renato Botelho
1383	9ba87997	Phil Davis	if ($changed && $current_gw) {
1384	6ae5d9cb	Renato Botelho	write_config(sprintf(gettext(
1385			'Updating gateway group gateway for %1$s - new gateway is %2$s'),
1386			$interface, $current_gw));
1387	9ba87997	Phil Davis	}
1388	2468ae76	Scott Ullrich	}
1389	fd8eeda5	Seth Mos
1390	43a9b03d	PiBa-NL	function lookup_gateway_or_group_by_name($gwname) {
1391			global $config;
1392	1303150b	Stephen Jones
1393	092abdb6	PiBa-NL	$gateways_arr = return_gateways_array();
1394			foreach ($gateways_arr as $gw) {
1395			if ($gw['name'] == $gwname) {
1396			$gw['type'] = 'gateway';
1397			return $gw;
1398	43a9b03d	PiBa-NL	}
1399			}
1400	6ae5d9cb	Renato Botelho
1401			if (is_array($config['gateways']['gateway_group'])) {
1402			foreach ($config['gateways']['gateway_group'] as $gwg) {
1403			if ($gwg['name'] == $gwname) {
1404			$gwg['type'] = 'gatewaygroup';
1405			return $gwg;
1406			}
1407	43a9b03d	PiBa-NL	}
1408			}
1409	6ae5d9cb	Renato Botelho
1410	43a9b03d	PiBa-NL	return false;
1411			}
1412
1413	028ff8f8	Phil Davis	function lookup_gateway_ip_by_name($name, $disabled = false) {
1414	fe22a89b	Ermal
1415	028ff8f8	Phil Davis	$gateways_arr = return_gateways_array($disabled, true);
1416	f040882c	Renato Botelho	foreach ($gateways_arr as $gname => $gw) {
1417	9ba87997	Phil Davis	if ($gw['name'] === $name \|\| $gname === $name) {
1418	f040882c	Renato Botelho	return $gw['gateway'];
1419	9ba87997	Phil Davis	}
1420	f040882c	Renato Botelho	}
1421	66a96e72	Ermal
1422			return false;
1423	6dc3a5c2	Ermal Lu?i	}
1424
1425			function lookup_gateway_monitor_ip_by_name($name) {
1426	fe22a89b	Ermal
1427	f040882c	Renato Botelho	$gateways_arr = return_gateways_array(false, true);
1428	fe22a89b	Ermal	if (!empty($gateways_arr[$name])) {
1429			$gateway = $gateways_arr[$name];
1430	9ba87997	Phil Davis	if (!is_ipaddr($gateway['monitor'])) {
1431	68f291ff	Ermal	return $gateway['gateway'];
1432	9ba87997	Phil Davis	}
1433	6dc3a5c2	Ermal Lu?i
1434	9fd19334	gnhb	return $gateway['monitor'];
1435	f040882c	Renato Botelho	}
1436	fe22a89b	Ermal
1437	f040882c	Renato Botelho	return (false);
1438	6dc3a5c2	Ermal Lu?i	}
1439
1440			function lookup_gateway_interface_by_name($name) {
1441
1442	f040882c	Renato Botelho	$gateways_arr = return_gateways_array(false, true);
1443	fe22a89b	Ermal	if (!empty($gateways_arr[$name])) {
1444	be2a18bf	Phil Davis	$interfacegw = $gateways_arr[$name]['friendlyiface'];
1445	fe22a89b	Ermal	return ($interfacegw);
1446	f040882c	Renato Botelho	}
1447	fe22a89b	Ermal
1448	f040882c	Renato Botelho	return (false);
1449	6dc3a5c2	Ermal Lu?i	}
1450
1451	3290c9e6	PiBa-NL	function get_root_interface($interface) {
1452	9ba87997	Phil Davis	if (substr($interface, 0, 4) == '_vip') {
1453	2a5960b0	Luiz Otavio O Souza	$interface = get_configured_vip_interface($interface);
1454	d9901ff4	Chris Buechler	if (substr($interface, 0, 4) == '_vip') {
1455	2a5960b0	Luiz Otavio O Souza	$interface = get_configured_vip_interface($interface);
1456	d9901ff4	Chris Buechler	}
1457	9ba87997	Phil Davis	}
1458	3290c9e6	PiBa-NL	return $interface;
1459			}
1460
1461			function get_interface_gateway($interface, &$dynamic = false) {
1462			global $config, $g;
1463
1464			$interface = get_root_interface($interface);
1465	6dc3a5c2	Ermal Lu?i
1466	89f171b0	Ermal LUÇI	$gw = NULL;
1467	5a5413bb	Seth Mos	$gwcfg = $config['interfaces'][$interface];
1468			if (!empty($gwcfg['gateway']) && is_array($config['gateways']['gateway_item'])) {
1469	9ba87997	Phil Davis	foreach ($config['gateways']['gateway_item'] as $gateway) {
1470			if (($gateway['name'] == $gwcfg['gateway']) && (is_ipaddrv4($gateway['gateway']))) {
1471	5a5413bb	Seth Mos	$gw = $gateway['gateway'];
1472	66a96e72	Ermal	break;
1473			}
1474	5a5413bb	Seth Mos	}
1475	66a96e72	Ermal	}
1476	6dc3a5c2	Ermal Lu?i
1477	5a5413bb	Seth Mos	// for dynamic interfaces we handle them through the $interface_router file.
1478	d3c269d3	Ermal	if (($gw == NULL \|\| !is_ipaddrv4($gw)) && !is_ipaddrv4($gwcfg['ipaddr'])) {
1479	5a5413bb	Seth Mos	$realif = get_real_interface($interface);
1480			if (file_exists("{$g['tmp_path']}/{$realif}_router")) {
1481	9ba87997	Phil Davis	$gw = trim(file_get_contents("{$g['tmp_path']}/{$realif}_router"), " \n");
1482	5a5413bb	Seth Mos	$dynamic = true;
1483			}
1484	9ba87997	Phil Davis	if (file_exists("{$g['tmp_path']}/{$realif}_defaultgw")) {
1485	5a5413bb	Seth Mos	$dynamic = "default";
1486	9ba87997	Phil Davis	}
1487	f040882c	Renato Botelho
1488	5a5413bb	Seth Mos	}
1489
1490			/* return gateway */
1491			return ($gw);
1492			}
1493
1494			function get_interface_gateway_v6($interface, &$dynamic = false) {
1495			global $config, $g;
1496	6dc3a5c2	Ermal Lu?i
1497	3290c9e6	PiBa-NL	$interface = get_root_interface($interface);
1498	89f171b0	Ermal LUÇI
1499	5a5413bb	Seth Mos	$gw = NULL;
1500			$gwcfg = $config['interfaces'][$interface];
1501	ed5c640d	Seth Mos	if (!empty($gwcfg['gatewayv6']) && is_array($config['gateways']['gateway_item'])) {
1502	9ba87997	Phil Davis	foreach ($config['gateways']['gateway_item'] as $gateway) {
1503			if (($gateway['name'] == $gwcfg['gatewayv6']) && (is_ipaddrv6($gateway['gateway']))) {
1504	5a5413bb	Seth Mos	$gw = $gateway['gateway'];
1505			break;
1506			}
1507			}
1508			}
1509
1510			// for dynamic interfaces we handle them through the $interface_router file.
1511	d3c269d3	Ermal	if (($gw == NULL \|\| !is_ipaddrv6($gw)) && !is_ipaddrv6($gwcfg['ipaddrv6'])) {
1512	9ba87997	Phil Davis	$realif = get_real_interface($interface);
1513			if (file_exists("{$g['tmp_path']}/{$realif}_routerv6")) {
1514			$gw = trim(file_get_contents("{$g['tmp_path']}/{$realif}_routerv6"), " \n");
1515			$dynamic = true;
1516			}
1517			if (file_exists("{$g['tmp_path']}/{$realif}_defaultgwv6")) {
1518			$dynamic = "default";
1519			}
1520	5a5413bb	Seth Mos	}
1521			/* return gateway */
1522			return ($gw);
1523	6dc3a5c2	Ermal Lu?i	}
1524
1525	318189b6	smos	/* Check a IP address against a gateway IP or name
1526			* to verify it's address family */
1527	028ff8f8	Phil Davis	function validate_address_family($ipaddr, $gwname, $disabled = false) {
1528	318189b6	smos	$v4ip = false;
1529			$v6ip = false;
1530			$v4gw = false;
1531			$v6gw = false;
1532
1533	9ba87997	Phil Davis	if (is_ipaddrv4($ipaddr)) {
1534	318189b6	smos	$v4ip = true;
1535	9ba87997	Phil Davis	}
1536			if (is_ipaddrv6($ipaddr)) {
1537	318189b6	smos	$v6ip = true;
1538	9ba87997	Phil Davis	}
1539			if (is_ipaddrv4($gwname)) {
1540	318189b6	smos	$v4gw = true;
1541	9ba87997	Phil Davis	}
1542			if (is_ipaddrv6($gwname)) {
1543	318189b6	smos	$v6gw = true;
1544	9ba87997	Phil Davis	}
1545	318189b6	smos
1546	9ba87997	Phil Davis	if ($v4ip && $v4gw) {
1547	318189b6	smos	return true;
1548	9ba87997	Phil Davis	}
1549			if ($v6ip && $v6gw) {
1550	318189b6	smos	return true;
1551	9ba87997	Phil Davis	}
1552	318189b6	smos
1553			/* still no match, carry on, lookup gateways */
1554	028ff8f8	Phil Davis	if (is_ipaddrv4(lookup_gateway_ip_by_name($gwname, $disabled))) {
1555	318189b6	smos	$v4gw = true;
1556	9ba87997	Phil Davis	}
1557	028ff8f8	Phil Davis	if (is_ipaddrv6(lookup_gateway_ip_by_name($gwname, $disabled))) {
1558	318189b6	smos	$v6gw = true;
1559	9ba87997	Phil Davis	}
1560	96cd928b	smos
1561			$gw_array = return_gateways_array();
1562	9ba87997	Phil Davis	if (is_array($gw_array[$gwname])) {
1563			switch ($gw_array[$gwname]['ipprotocol']) {
1564	96cd928b	smos	case "inet":
1565			$v4gw = true;
1566			break;
1567			case "inet6":
1568			$v6gw = true;
1569			break;
1570			}
1571	748ff86f	Seth Mos	}
1572	318189b6	smos
1573	9ba87997	Phil Davis	if ($v4ip && $v4gw) {
1574	318189b6	smos	return true;
1575	9ba87997	Phil Davis	}
1576			if ($v6ip && $v6gw) {
1577	318189b6	smos	return true;
1578	9ba87997	Phil Davis	}
1579	f040882c	Renato Botelho
1580	318189b6	smos	return false;
1581			}
1582
1583	cdb0df65	smos	/* check if a interface is part of a gateway group */
1584	3b41c8f3	Pulcov	function interface_gateway_group_member($interface, $gwgroup_name = "") {
1585	cdb0df65	smos	global $config;
1586	c447a9fe	Ermal
1587	9ba87997	Phil Davis	if (is_array($config['gateways']['gateway_group'])) {
1588	cdb0df65	smos	$groups = $config['gateways']['gateway_group'];
1589	9ba87997	Phil Davis	} else {
1590	cdb0df65	smos	return false;
1591	9ba87997	Phil Davis	}
1592	cdb0df65	smos
1593	f040882c	Renato Botelho	$gateways_arr = return_gateways_array(false, true);
1594	9ba87997	Phil Davis	foreach ($groups as $group) {
1595			if (is_array($group['item'])) {
1596			foreach ($group['item'] as $item) {
1597	cdb0df65	smos	$elements = explode("\|", $item);
1598			$gwname = $elements[0];
1599	3b41c8f3	Pulcov	if ($interface == $gateways_arr[$gwname]['interface'] &&
1600			(empty($gwgroup_name) \|\| $gwgroup_name == $group['name'])) {
1601	c447a9fe	Ermal	unset($gateways_arr);
1602	017817c2	smos	return true;
1603	c447a9fe	Ermal	}
1604	cdb0df65	smos	}
1605			}
1606			}
1607	c447a9fe	Ermal	unset($gateways_arr);
1608
1609	cdb0df65	smos	return false;
1610			}
1611	318189b6	smos
1612	43a9b03d	PiBa-NL	function gateway_is_gwgroup_member($name, $detail=false) {
1613	58b1112f	Ermal	global $config;
1614
1615	9ba87997	Phil Davis	if (is_array($config['gateways']['gateway_group'])) {
1616	58b1112f	Ermal	$groups = $config['gateways']['gateway_group'];
1617	9ba87997	Phil Davis	} else {
1618	58b1112f	Ermal	return false;
1619	9ba87997	Phil Davis	}
1620	58b1112f	Ermal
1621			$members = array();
1622	9ba87997	Phil Davis	foreach ($groups as $group) {
1623	58b1112f	Ermal	if (is_array($group['item'])) {
1624	9ba87997	Phil Davis	foreach ($group['item'] as $item) {
1625	43a9b03d	PiBa-NL	list($gwname, $tier, $vipname) = explode("\|", $item);
1626			if ($name == $gwname) {
1627			if ($detail) {
1628			$newitem = array();
1629			$newitem['name'] = $group['name'];
1630			$newitem['tier'] = $tier;
1631			$newitem['vipname'] = $vipname;
1632			$members[] = $newitem;
1633			} else {
1634			$members[] = $group['name'];
1635			}
1636	9ba87997	Phil Davis	}
1637	58b1112f	Ermal	}
1638			}
1639			}
1640
1641			return $members;
1642			}
1643	f1bb5c7f	Phil Davis	/*
1644			Check the proposed gateway settings to see if they are valid.
1645			$gateway_settings - the proposed array of proposed gateway settings
1646			$id - the index of the gateway proposed to be modified (otherwise "" if adding a new gateway)
1647			$parent_ip - the IP (v4 or v6) address about to be set on the corresponding interface (if any)
1648			$parent_sn - the subnet about to be set on the corresponding interface (if any)
1649			(Note: the above 2 parameters allow gateway parameters to be validated concurrently with saving
1650			an interface, before the new interface parameters are actually saved in the config.)
1651			Return completed $input_errors array if there is any problem.
1652			Otherwise return an empty $input_errors array
1653			*/
1654			function validate_gateway($gateway_settings, $id = "", $parent_ip = "", $parent_sn = "") {
1655	161cd113	Phil Davis	global $config;
1656
1657			$a_gateways = return_gateways_array(true, false, true, true);
1658			$input_errors = array();
1659
1660			/* input validation */
1661			$reqdfields = explode(" ", "name interface");
1662			$reqdfieldsn = array(gettext("Name"), gettext("Interface"));
1663
1664			do_input_validation($gateway_settings, $reqdfields, $reqdfieldsn, $input_errors);
1665
1666			if (!isset($gateway_settings['name'])) {
1667			$input_errors[] = "A valid gateway name must be specified.";
1668			}
1669			if (!is_validaliasname($gateway_settings['name'])) {
1670			$input_errors[] = invalidaliasnamemsg($gateway_settings['name'], gettext("gateway"));
1671			} else if (isset($gateway_settings['disabled'])) {
1672			// We have a valid gateway name that the user wants to mark as disabled.
1673			// Check if the gateway name is used in any gateway group.
1674			if (is_array($config['gateways']['gateway_group'])) {
1675			foreach ($config['gateways']['gateway_group'] as $group) {
1676			foreach ($group['item'] as $item) {
1677			$items = explode("\|", $item);
1678			if ($items[0] == $gateway_settings['name']) {
1679			$input_errors[] = sprintf(gettext('Gateway "%1$s" cannot be disabled because it is in use on Gateway Group "%2$s"'), $gateway_settings['name'], $group['name']);
1680			}
1681			}
1682			}
1683			}
1684
1685			// Check if the gateway name is used in any enabled Static Route.
1686			if (is_array($config['staticroutes']['route'])) {
1687			foreach ($config['staticroutes']['route'] as $route) {
1688			if ($route['gateway'] == $gateway_settings['name']) {
1689			if (!isset($route['disabled'])) {
1690			// There is a static route that uses this gateway and is enabled (not disabled).
1691			$input_errors[] = sprintf(gettext('Gateway "%1$s" cannot be disabled because it is in use on Static Route "%2$s"'), $gateway_settings['name'], $route['network']);
1692			}
1693			}
1694			}
1695			}
1696			}
1697			/* skip system gateways which have been automatically added */
1698			if (($gateway_settings['gateway'] && (!is_ipaddr($gateway_settings['gateway'])) && ($gateway_settings['attribute'] !== "system")) && ($gateway_settings['gateway'] != "dynamic")) {
1699			$input_errors[] = gettext("A valid gateway IP address must be specified.");
1700			}
1701
1702	de145400	Phil Davis	if ($gateway_settings['gateway'] && is_ipaddr($gateway_settings['gateway'])) {
1703	161cd113	Phil Davis	if (is_ipaddrv4($gateway_settings['gateway'])) {
1704	f1bb5c7f	Phil Davis	if ($parent_ip == '') {
1705			$parent_ip = get_interface_ip($gateway_settings['interface']);
1706			$parent_sn = get_interface_subnet($gateway_settings['interface']);
1707			}
1708	161cd113	Phil Davis	if (empty($parent_ip) \|\| empty($parent_sn)) {
1709			$input_errors[] = gettext("Cannot add IPv4 Gateway Address because no IPv4 address could be found on the interface.");
1710			} elseif (!isset($gateway_settings["nonlocalgateway"])) {
1711			$subnets = array(gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn);
1712			$vips = link_interface_to_vips($gateway_settings['interface']);
1713			if (is_array($vips)) {
1714			foreach ($vips as $vip) {
1715			if (!is_ipaddrv4($vip['subnet'])) {
1716			continue;
1717			}
1718			$subnets[] = gen_subnet($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'];
1719			}
1720			}
1721
1722			$found = false;
1723			foreach ($subnets as $subnet) {
1724			if (ip_in_subnet($gateway_settings['gateway'], $subnet)) {
1725			$found = true;
1726			break;
1727			}
1728			}
1729
1730			if ($found === false) {
1731			$input_errors[] = sprintf(gettext("The gateway address %s does not lie within one of the chosen interface's subnets."), $gateway_settings['gateway']);
1732			}
1733			}
1734			} else if (is_ipaddrv6($gateway_settings['gateway'])) {
1735			/* do not do a subnet match on a link local address, it's valid */
1736			if (!is_linklocal($gateway_settings['gateway'])) {
1737	f1bb5c7f	Phil Davis	if ($parent_ip == '') {
1738			$parent_ip = get_interface_ipv6($gateway_settings['interface']);
1739			$parent_sn = get_interface_subnetv6($gateway_settings['interface']);
1740			}
1741	161cd113	Phil Davis	if (empty($parent_ip) \|\| empty($parent_sn)) {
1742			$input_errors[] = gettext("Cannot add IPv6 Gateway Address because no IPv6 address could be found on the interface.");
1743			} elseif (!isset($gateway_settings["nonlocalgateway"])) {
1744			$subnets = array(gen_subnetv6($parent_ip, $parent_sn) . "/" . $parent_sn);
1745			$vips = link_interface_to_vips($gateway_settings['interface']);
1746			if (is_array($vips)) {
1747			foreach ($vips as $vip) {
1748			if (!is_ipaddrv6($vip['subnet'])) {
1749			continue;
1750			}
1751			$subnets[] = gen_subnetv6($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'];
1752			}
1753			}
1754
1755			$found = false;
1756			foreach ($subnets as $subnet) {
1757			if (ip_in_subnet($gateway_settings['gateway'], $subnet)) {
1758			$found = true;
1759			break;
1760			}
1761			}
1762
1763			if ($found === false) {
1764			$input_errors[] = sprintf(gettext("The gateway address %s does not lie within one of the chosen interface's subnets."), $gateway_settings['gateway']);
1765			}
1766			}
1767			}
1768			}
1769
1770			if (!empty($config['interfaces'][$gateway_settings['interface']]['ipaddr'])) {
1771			if (is_ipaddr($config['interfaces'][$gateway_settings['interface']]['ipaddr']) && (empty($gateway_settings['gateway']) \|\| $gateway_settings['gateway'] == "dynamic")) {
1772			$input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv4 configuration.");
1773			}
1774			}
1775			if (!empty($config['interfaces'][$gateway_settings['interface']]['ipaddrv6'])) {
1776			if (is_ipaddr($config['interfaces'][$gateway_settings['interface']]['ipaddrv6']) && (empty($gateway_settings['gateway']) \|\| $gateway_settings['gateway'] == "dynamic")) {
1777			$input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv6 configuration.");
1778			}
1779			}
1780			}
1781			if (($gateway_settings['monitor'] != "") && ($gateway_settings['monitor'] != "dynamic")) {
1782			validateipaddr($gateway_settings['monitor'], IPV4V6, "Monitor IP", $input_errors, false);
1783			}
1784			if (isset($gateway_settings['data_payload']) && is_numeric($gateway_settings['data_payload']) && $gateway_settings['data_payload'] < 0) {
1785			$input_errors[] = gettext("A valid data payload must be specified.");
1786			}
1787			/* only allow correct IPv4 and IPv6 gateway addresses */
1788			if (($gateway_settings['gateway'] <> "") && is_ipaddr($gateway_settings['gateway']) && $gateway_settings['gateway'] != "dynamic") {
1789			if (is_ipaddrv6($gateway_settings['gateway']) && ($gateway_settings['ipprotocol'] == "inet")) {
1790			$input_errors[] = sprintf(gettext("The IPv6 gateway address '%s' can not be used as a IPv4 gateway."), $gateway_settings['gateway']);
1791			}
1792			if (is_ipaddrv4($gateway_settings['gateway']) && ($gateway_settings['ipprotocol'] == "inet6")) {
1793			$input_errors[] = sprintf(gettext("The IPv4 gateway address '%s' can not be used as a IPv6 gateway."), $gateway_settings['gateway']);
1794			}
1795			}
1796			/* only allow correct IPv4 and IPv6 monitor addresses */
1797			if (($gateway_settings['monitor'] <> "") && is_ipaddr($gateway_settings['monitor']) && $gateway_settings['monitor'] != "dynamic") {
1798			if (is_ipaddrv6($gateway_settings['monitor']) && ($gateway_settings['ipprotocol'] == "inet")) {
1799			$input_errors[] = sprintf(gettext("The IPv6 monitor address '%s' can not be used on a IPv4 gateway."), $gateway_settings['monitor']);
1800			}
1801			if (is_ipaddrv4($gateway_settings['monitor']) && ($gateway_settings['ipprotocol'] == "inet6")) {
1802			$input_errors[] = sprintf(gettext("The IPv4 monitor address '%s' can not be used on a IPv6 gateway."), $gateway_settings['monitor']);
1803			}
1804			}
1805
1806			if (isset($gateway_settings['name'])) {
1807			/* check for overlaps */
1808			foreach ($a_gateways as $gateway) {
1809			if (isset($id) && ($a_gateways[$id]) && ($a_gateways[$id] === $gateway)) {
1810			if ($gateway['name'] != $gateway_settings['name']) {
1811			$input_errors[] = gettext("Changing name on a gateway is not allowed.");
1812			}
1813			continue;
1814			}
1815			if ($gateway_settings['name'] <> "") {
1816			if (($gateway['name'] <> "") && ($gateway_settings['name'] == $gateway['name']) && ($gateway['attribute'] !== "system")) {
1817			$input_errors[] = sprintf(gettext('The gateway name "%s" already exists.'), $gateway_settings['name']);
1818			break;
1819			}
1820			}
1821			if (is_ipaddr($gateway_settings['gateway'])) {
1822			if (($gateway['gateway'] <> "") && ($gateway_settings['gateway'] == $gateway['gateway']) && ($gateway['attribute'] !== "system")) {
1823			$input_errors[] = sprintf(gettext('The gateway IP address "%s" already exists.'), $gateway_settings['gateway']);
1824			break;
1825			}
1826			}
1827			if (is_ipaddr($gateway_settings['monitor'])) {
1828			if (($gateway['monitor'] <> "") && ($gateway_settings['monitor'] == $gateway['monitor']) && ($gateway['attribute'] !== "system")) {
1829			$input_errors[] = sprintf(gettext('The monitor IP address "%s" is already in use. A different monitor IP must be chosen.'), $gateway_settings['monitor']);
1830			break;
1831			}
1832			}
1833			}
1834			}
1835
1836			/* input validation of dpinger advanced parameters */
1837
1838			$dpinger_default = return_dpinger_defaults();
1839			$latencylow = $dpinger_default['latencylow'];
1840			if ($gateway_settings['latencylow']) {
1841			if (!is_numeric($gateway_settings['latencylow'])) {
1842			$input_errors[] = gettext("The low latency threshold needs to be a numeric value.");
1843			} else if ($gateway_settings['latencylow'] < 1) {
1844			$input_errors[] = gettext("The low latency threshold needs to be positive.");
1845			} else {
1846			$latencylow = $gateway_settings['latencylow'];
1847			}
1848			}
1849
1850			$latencyhigh = $dpinger_default['latencyhigh'];
1851			if ($gateway_settings['latencyhigh']) {
1852			if (!is_numeric($gateway_settings['latencyhigh'])) {
1853			$input_errors[] = gettext("The high latency threshold needs to be a numeric value.");
1854			} else if ($gateway_settings['latencyhigh'] < 1) {
1855			$input_errors[] = gettext("The high latency threshold needs to be positive.");
1856			} else {
1857			$latencyhigh = $gateway_settings['latencyhigh'];
1858			}
1859			}
1860
1861			$losslow = $dpinger_default['losslow'];
1862			if ($gateway_settings['losslow']) {
1863			if (!is_numeric($gateway_settings['losslow'])) {
1864			$input_errors[] = gettext("The low Packet Loss threshold needs to be a numeric value.");
1865			} else if ($gateway_settings['losslow'] < 1) {
1866			$input_errors[] = gettext("The low Packet Loss threshold needs to be positive.");
1867			} else if ($gateway_settings['losslow'] >= 100) {
1868			$input_errors[] = gettext("The low Packet Loss threshold needs to be less than 100.");
1869			} else {
1870			$losslow = $gateway_settings['losslow'];
1871			}
1872			}
1873
1874			$losshigh = $dpinger_default['losshigh'];
1875			if ($gateway_settings['losshigh']) {
1876			if (!is_numeric($gateway_settings['losshigh'])) {
1877			$input_errors[] = gettext("The high Packet Loss threshold needs to be a numeric value.");
1878			} else if ($gateway_settings['losshigh'] < 1) {
1879			$input_errors[] = gettext("The high Packet Loss threshold needs to be positive.");
1880			} else if ($gateway_settings['losshigh'] > 100) {
1881			$input_errors[] = gettext("The high Packet Loss threshold needs to be 100 or less.");
1882			} else {
1883			$losshigh = $gateway_settings['losshigh'];
1884			}
1885			}
1886
1887			$time_period = $dpinger_default['time_period'];
1888			if ($gateway_settings['time_period']) {
1889			if (!is_numeric($gateway_settings['time_period'])) {
1890			$input_errors[] = gettext("The time period over which results are averaged needs to be a numeric value.");
1891			} else if ($gateway_settings['time_period'] < 1) {
1892			$input_errors[] = gettext("The time period over which results are averaged needs to be positive.");
1893			} else {
1894			$time_period = $gateway_settings['time_period'];
1895			}
1896			}
1897
1898			$interval = $dpinger_default['interval'];
1899			if ($gateway_settings['interval']) {
1900			if (!is_numeric($gateway_settings['interval'])) {
1901			$input_errors[] = gettext("The probe interval needs to be a numeric value.");
1902			} else if ($gateway_settings['interval'] < 1) {
1903			$input_errors[] = gettext("The probe interval needs to be positive.");
1904			} else {
1905			$interval = $gateway_settings['interval'];
1906			}
1907			}
1908
1909			$loss_interval = $dpinger_default['loss_interval'];
1910			if ($gateway_settings['loss_interval']) {
1911			if (!is_numeric($gateway_settings['loss_interval'])) {
1912			$input_errors[] = gettext("The loss interval needs to be a numeric value.");
1913			} else if ($gateway_settings['loss_interval'] < 1) {
1914			$input_errors[] = gettext("The loss interval setting needs to be positive.");
1915			} else {
1916			$loss_interval = $gateway_settings['loss_interval'];
1917			}
1918			}
1919
1920			$alert_interval = $dpinger_default['alert_interval'];
1921			if ($gateway_settings['alert_interval']) {
1922			if (!is_numeric($gateway_settings['alert_interval'])) {
1923			$input_errors[] = gettext("The alert interval needs to be a numeric value.");
1924			} else if ($gateway_settings['alert_interval'] < 1) {
1925			$input_errors[] = gettext("The alert interval setting needs to be positive.");
1926			} else {
1927			$alert_interval = $gateway_settings['alert_interval'];
1928			}
1929			}
1930
1931			if ($latencylow >= $latencyhigh) {
1932			$input_errors[] = gettext(
1933			"The high latency threshold needs to be greater than the low latency threshold");
1934			}
1935
1936			if ($losslow >= $losshigh) {
1937			$input_errors[] = gettext(
1938			"The high packet loss threshold needs to be higher than the low packet loss threshold");
1939			}
1940
1941			// If the loss interval is less than latencyhigh, then high latency could never be recorded
1942			// because those high latency packets would be considered as lost. So do not allow that.
1943			if ($latencyhigh > $loss_interval) {
1944			$input_errors[] = gettext("The loss interval needs to be greater than or equal to the high latency threshold.");
1945			}
1946
1947			// Ensure that the time period is greater than 2 times the probe interval plus the loss interval.
1948			if (($interval * 2 + $loss_interval) >= $time_period) {
1949			$input_errors[] = gettext("The time period needs to be greater than twice the probe interval plus the loss interval.");
1950			}
1951
1952			// There is no point recalculating the average latency and loss more often than the probe interval.
1953			// So the alert interval needs to be >= probe interval.
1954			if ($interval > $alert_interval) {
1955			$input_errors[] = gettext("The alert interval needs to be greater than or equal to the probe interval.");
1956			}
1957
1958			return $input_errors;
1959			}
1960	7e45af77	Phil Davis
1961			// Save gateway settings.
1962			// $gateway_settings - the array of gateway setting parameters
1963			// $realid - the index of the gateway to be modified (otherwise "" if adding a new gateway)
1964
1965			// This function is responsible to:
1966			// Setup the gateway parameter structure from the gateway settings input parameter
1967			// Save the structure into the config
1968			// Remove any run-time settings from gateway parameters that are changed (e.g. remove routes to addresses that are changing)
1969
1970			// A subsequent "apply" step will implement the added/changed gateway.
1971
1972			function save_gateway($gateway_settings, $realid = "") {
1973			global $config;
1974
1975	5e3918ba	jim-p	if (!is_array($config['gateways'])) {
1976			$config['gateways'] = array();
1977			}
1978			if (!is_array($config['gateways']['gateway_item'])) {
1979			$config['gateways']['gateway_item'] = array();
1980			}
1981	7e45af77	Phil Davis	$a_gateway_item = &$config['gateways']['gateway_item'];
1982			$reloadif = "";
1983			$gateway = array();
1984
1985			if (empty($gateway_settings['interface'])) {
1986			$gateway['interface'] = $gateway_settings['friendlyiface'];
1987			} else {
1988			$gateway['interface'] = $gateway_settings['interface'];
1989			}
1990			if (is_ipaddr($gateway_settings['gateway'])) {
1991			$gateway['gateway'] = $gateway_settings['gateway'];
1992			} else {
1993			$gateway['gateway'] = "dynamic";
1994			}
1995			$gateway['name'] = $gateway_settings['name'];
1996			$gateway['weight'] = $gateway_settings['weight'];
1997			$gateway['ipprotocol'] = $gateway_settings['ipprotocol'];
1998			if ($gateway_settings['interval']) {
1999			$gateway['interval'] = $gateway_settings['interval'];
2000			}
2001
2002			if ($gateway_settings['time_period']) {
2003			$gateway['time_period'] = $gateway_settings['time_period'];
2004			}
2005			if ($gateway_settings['alert_interval']) {
2006			$gateway['alert_interval'] = $gateway_settings['alert_interval'];
2007			}
2008
2009			$gateway['descr'] = $gateway_settings['descr'];
2010			if ($gateway_settings['monitor_disable'] == "yes") {
2011			$gateway['monitor_disable'] = true;
2012			}
2013			if ($gateway_settings['action_disable'] == "yes") {
2014			$gateway['action_disable'] = true;
2015			}
2016			if ($gateway_settings['nonlocalgateway'] == "yes") {
2017			$gateway['nonlocalgateway'] = true;
2018			}
2019			if ($gateway_settings['force_down'] == "yes") {
2020			$gateway['force_down'] = true;
2021			}
2022			if (is_ipaddr($gateway_settings['monitor'])) {
2023			$gateway['monitor'] = $gateway_settings['monitor'];
2024			}
2025			if (isset($gateway_settings['data_payload']) && $gateway_settings['data_payload'] > 0) {
2026			$gateway['data_payload'] = $gateway_settings['data_payload'];
2027			}
2028
2029			/* NOTE: If gateway ip is changed need to cleanup the old static interface route */
2030			if ($gateway_settings['monitor'] != "dynamic" && !empty($a_gateway_item[$realid]) && is_ipaddr($a_gateway_item[$realid]['gateway']) &&
2031			$gateway['gateway'] != $a_gateway_item[$realid]['gateway'] &&
2032			isset($a_gateway_item[$realid]["nonlocalgateway"])) {
2033			$realif = get_real_interface($a_gateway_item[$realid]['interface']);
2034			$inet = (!is_ipaddrv4($a_gateway_item[$realid]['gateway']) ? "-inet6" : "-inet");
2035			$cmd = "/sbin/route delete $inet " . escapeshellarg($a_gateway_item[$realid]['gateway']) . " -iface " . escapeshellarg($realif);
2036			mwexec($cmd);
2037			}
2038
2039			/* NOTE: If monitor ip is changed need to cleanup the old static route */
2040			if ($gateway_settings['monitor'] != "dynamic" && !empty($a_gateway_item[$realid]) && is_ipaddr($a_gateway_item[$realid]['monitor']) &&
2041			$gateway_settings['monitor'] != $a_gateway_item[$realid]['monitor'] && $gateway['gateway'] != $a_gateway_item[$realid]['monitor']) {
2042			if (is_ipaddrv4($a_gateway_item[$realid]['monitor'])) {
2043			mwexec("/sbin/route delete " . escapeshellarg($a_gateway_item[$realid]['monitor']));
2044			} else {
2045			mwexec("/sbin/route delete -inet6 " . escapeshellarg($a_gateway_item[$realid]['monitor']));
2046			}
2047			}
2048
2049			if ($gateway_settings['defaultgw'] == "yes" \|\| $gateway_settings['defaultgw'] == "on") {
2050	43a9b03d	PiBa-NL	// a new default gateway is being saved.
2051	7e45af77	Phil Davis	$i = 0;
2052			/* remove the default gateway bits for all gateways with the same address family */
2053	d540ed34	Phil Davis	if (is_array($a_gateway_item)) {
2054			foreach ($a_gateway_item as $gw) {
2055			if ($gateway['ipprotocol'] == $gw['ipprotocol']) {
2056	35298a2f	Steve Beaver	if ($gw['interface'] != $gateway_settings['interface'] &&
2057	43a9b03d	PiBa-NL	($gw['name'] == $config['gateways']['defaultgw4'] \|\| $gw['name'] == $config['gateways']['defaultgw6'])) {
2058			// remember the old default gateway interface to call with a "interface reconfigure" event.
2059	d540ed34	Phil Davis	$reloadif = $gw['interface'];
2060			}
2061	7e45af77	Phil Davis	}
2062	d540ed34	Phil Davis	$i++;
2063	7e45af77	Phil Davis	}
2064			}
2065	43a9b03d	PiBa-NL	if ($gateway['ipprotocol'] == "inet") {
2066			$config['gateways']['defaultgw4'] = $gateway['name'];
2067			} elseif ($gateway['ipprotocol'] == "inet6") {
2068			$config['gateways']['defaultgw6'] = $gateway['name'];
2069			}
2070	7e45af77	Phil Davis	}
2071
2072			if ($gateway_settings['latencylow']) {
2073			$gateway['latencylow'] = $gateway_settings['latencylow'];
2074			}
2075			if ($gateway_settings['latencyhigh']) {
2076			$gateway['latencyhigh'] = $gateway_settings['latencyhigh'];
2077			}
2078			if ($gateway_settings['losslow']) {
2079			$gateway['losslow'] = $gateway_settings['losslow'];
2080			}
2081			if ($gateway_settings['losshigh']) {
2082			$gateway['losshigh'] = $gateway_settings['losshigh'];
2083			}
2084			if ($gateway_settings['loss_interval']) {
2085			$gateway['loss_interval'] = $gateway_settings['loss_interval'];
2086			}
2087			/* when saving the manual gateway we use the attribute which has the corresponding id */
2088			if (isset($realid) && $a_gateway_item[$realid]) {
2089	43a9b03d	PiBa-NL	$preserve_disabled = isset($a_gateway_item[$realid]['disabled']);
2090	7e45af77	Phil Davis	$a_gateway_item[$realid] = $gateway;
2091	43a9b03d	PiBa-NL	if ($preserve_disabled) {
2092			$a_gateway_item[$realid]['disabled'] = true;
2093			}
2094	7e45af77	Phil Davis	} else {
2095			$a_gateway_item[] = $gateway;
2096			}
2097	43a9b03d	PiBa-NL	gateway_set_enabled($gateway_settings['name'], !isset($gateway_settings['disabled']));
2098	7e45af77	Phil Davis
2099			mark_subsystem_dirty('staticroutes');
2100
2101			write_config();
2102
2103			if (!empty($reloadif)) {
2104			send_event("interface reconfigure {$reloadif}");
2105			}
2106			}
2107	43a9b03d	PiBa-NL
2108			function gateway_set_enabled($name, $enabled) {
2109			global $config;
2110			if (is_array($config['gateways']['gateway_item'])) {
2111			foreach($config['gateways']['gateway_item'] as &$item) {
2112			if ($item['name'] == $name) {
2113			$gateway = &$item;
2114			}
2115			}
2116			}
2117			if (!isset($gateway)) {
2118			return;
2119			}
2120			if ($enabled) {
2121			unset($gateway['disabled']);
2122			} else {
2123			/* Check if the gateway was enabled but changed to disabled. */
2124			if (!isset($gateway['disabled'])) {
2125			/* If the disabled gateway was the default route, remove the default route */
2126			if (is_ipaddr($gateway['gateway'])) {
2127			$inet = (!is_ipaddrv4($gateway['gateway']) ? 'inet6' : 'inet');
2128			if ($inet == 'inet') {
2129			$cgw = getcurrentdefaultgatewayip('inet');
2130			} else {
2131			$cgw = getcurrentdefaultgatewayip('inet6');
2132			}
2133			if ($gateway['gateway'] == $cgw) {
2134			mwexec("/sbin/route delete -{$inet} default");
2135			}
2136			}
2137			$gateway['disabled'] = true;
2138			}
2139			}
2140			}
2141
2142			function gateway_or_gwgroup_exists($name) {
2143			global $config;
2144			if (is_array($config['gateways']['gateway_item'])) {
2145			foreach($config['gateways']['gateway_item'] as $item) {
2146			if ($item['name'] == $name) {
2147			return true;
2148			}
2149			}
2150			}
2151			if (is_array($config['gateways']['gateway_group'])) {
2152			foreach($config['gateways']['gateway_group'] as $item) {
2153			if ($item['name'] == $name) {
2154			return true;
2155			}
2156			}
2157			}
2158			return false;
2159			}
2160
2161	69eefb50	Renato Botelho	?>

Project

General

Profile

pfSense