pfSense

<?php

/*

 * interfaces.php

 *

 * part of pfSense (https://www.pfsense.org)

 * Copyright (c) 2004-2016 Electric Sheep Fencing, LLC

 * Copyright (c) 2006 Daniel S. Haischt

 * All rights reserved.

 *

 * originally based on m0n0wall (http://m0n0.ch/wall)

 * Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.

 * All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions are met:

 *

 * 1. Redistributions of source code must retain the above copyright notice,

 *    this list of conditions and the following disclaimer.

 *

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * 3. All advertising materials mentioning features or use of this software

 *    must display the following acknowledgment:

 *    "This product includes software developed by the pfSense Project

 *    for use in the pfSense® software distribution. (http://www.pfsense.org/).

 *

 * 4. The names "pfSense" and "pfSense Project" must not be used to

 *    endorse or promote products derived from this software without

 *    prior written permission. For written permission, please contact

 *    coreteam@pfsense.org.

 *

 * 5. Products derived from this software may not be called "pfSense"

 *    nor may "pfSense" appear in their names without prior written

 *    permission of the Electric Sheep Fencing, LLC.

 *

 * 6. Redistributions of any form whatsoever must retain the following

 *    acknowledgment:

 *

 * "This product includes software developed by the pfSense Project

 * for use in the pfSense software distribution (http://www.pfsense.org/).

 *

 * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY

 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR

 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

 * OF THE POSSIBILITY OF SUCH DAMAGE.

 */

##|+PRIV

##|*IDENT=page-interfaces

##|*NAME=Interfaces: WAN

##|*DESCR=Allow access to the 'Interfaces' page.

##|*MATCH=interfaces.php*

##|-PRIV

require_once("guiconfig.inc");

require_once("ipsec.inc");

require_once("functions.inc");

require_once("captiveportal.inc");

require_once("filter.inc");

require_once("shaper.inc");

require_once("rrd.inc");

require_once("vpn.inc");

require_once("xmlparse_attr.inc");

define("ANTENNAS", false);

if (isset($_POST['referer'])) {

	$referer = $_POST['referer'];

} else {

	$referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/interfaces.php');

}

// Get configured interface list

$ifdescrs = get_configured_interface_with_descr(false, true);

$if = "wan";

if ($_REQUEST['if']) {

	$if = $_REQUEST['if'];

}

if (empty($ifdescrs[$if])) {

	header("Location: interfaces.php");

	exit;

}

define("CRON_MONTHLY_PATTERN", "0 0 1 * *");

define("CRON_WEEKLY_PATTERN", "0 0 * * 0");

define("CRON_DAILY_PATTERN", "0 0 * * *");

define("CRON_HOURLY_PATTERN", "0 * * * *");

if (!is_array($pconfig)) {

	$pconfig = array();

}

if (!is_array($config['ppps'])) {

	$config['ppps'] = array();

}

if (!is_array($config['ppps']['ppp'])) {

	$config['ppps']['ppp'] = array();

}

$a_ppps = &$config['ppps']['ppp'];

function remove_bad_chars($string) {

	return preg_replace('/[^a-z_0-9]/i', '', $string);

}

if (!is_array($config['gateways']['gateway_item'])) {

	$config['gateways']['gateway_item'] = array();

}

$a_gateways = &$config['gateways']['gateway_item'];

$wancfg = &$config['interfaces'][$if];

$old_wancfg = $wancfg;

$old_wancfg['realif'] = get_real_interface($if);

$old_ppps = $a_ppps;

// Populate page descr if it does not exist.

if ($if == "wan" && !$wancfg['descr']) {

	$wancfg['descr'] = "WAN";

} else if ($if == "lan" && !$wancfg['descr']) {

	$wancfg['descr'] = "LAN";

}

/* NOTE: The code here is used to set the $pppid for the curious */

foreach ($a_ppps as $pppid => $ppp) {

	if ($wancfg['if'] == $ppp['if']) {

		break;

	}

}

$type_disabled = (substr($wancfg['if'], 0, 3) == 'gre') ? 'disabled' : '';

if ($wancfg['if'] == $a_ppps[$pppid]['if']) {

	$pconfig['pppid'] = $pppid;

	$pconfig['ptpid'] = $a_ppps[$pppid]['ptpid'];

	$pconfig['port'] = $a_ppps[$pppid]['ports'];

	if ($a_ppps[$pppid]['type'] == "ppp") {

		$pconfig['ppp_username'] = $a_ppps[$pppid]['username'];

		$pconfig['ppp_password'] = base64_decode($a_ppps[$pppid]['password']);

		$pconfig['phone'] = $a_ppps[$pppid]['phone'];

		$pconfig['apn'] = $a_ppps[$pppid]['apn'];

	} else if ($a_ppps[$pppid]['type'] == "pppoe") {

		$pconfig['pppoe_username'] = $a_ppps[$pppid]['username'];

		$pconfig['pppoe_password'] = base64_decode($a_ppps[$pppid]['password']);

		$pconfig['provider'] = $a_ppps[$pppid]['provider'];

		$pconfig['pppoe_dialondemand'] = isset($a_ppps[$pppid]['ondemand']);

		$pconfig['pppoe_idletimeout'] = $a_ppps[$pppid]['idletimeout'];

		/* ================================================ */

		/* = force a connection reset at a specific time? = */

		/* ================================================ */

		if (isset($a_ppps[$pppid]['pppoe-reset-type'])) {

			$pconfig['pppoe-reset-type'] = $a_ppps[$pppid]['pppoe-reset-type'];

			$itemhash = getMPDCRONSettings($a_ppps[$pppid]['if']);

			if ($itemhash) {

				$cronitem = $itemhash['ITEM'];

			}

			if (isset($cronitem)) {

				$resetTime = "{$cronitem['minute']} {$cronitem['hour']} {$cronitem['mday']} {$cronitem['month']} {$cronitem['wday']}";

			} else {

				$resetTime = NULL;

			}

			//log_error("ResetTime:".$resetTime);

			if ($a_ppps[$pppid]['pppoe-reset-type'] == "custom") {

				if ($cronitem) {

					$pconfig['pppoe_pr_custom'] = true;

					$pconfig['pppoe_resetminute'] = $cronitem['minute'];

					$pconfig['pppoe_resethour'] = $cronitem['hour'];

					if ($cronitem['mday'] != "*" && $cronitem['month'] != "*") {

						$pconfig['pppoe_resetdate'] = "{$cronitem['month']}/{$cronitem['mday']}/" . date("Y");

					}

				}

			} else if ($a_ppps[$pppid]['pppoe-reset-type'] == "preset") {

				$pconfig['pppoe_pr_preset'] = true;

				switch ($resetTime) {

					case CRON_MONTHLY_PATTERN:

						$pconfig['pppoe_monthly'] = true;

						break;

					case CRON_WEEKLY_PATTERN:

						$pconfig['pppoe_weekly'] = true;

						break;

					case CRON_DAILY_PATTERN:

						$pconfig['pppoe_daily'] = true;

						break;

					case CRON_HOURLY_PATTERN:

						$pconfig['pppoe_hourly'] = true;

						break;

				}

			}

		} // End force pppoe reset at specific time

		// End if type == pppoe

	} else if ($a_ppps[$pppid]['type'] == "pptp" || $a_ppps[$pppid]['type'] == "l2tp") {

		$pconfig['pptp_username'] = $a_ppps[$pppid]['username'];

		$pconfig['pptp_password'] = base64_decode($a_ppps[$pppid]['password']);

		$pconfig['pptp_localip'] = explode(",", $a_ppps[$pppid]['localip']);

		$pconfig['pptp_subnet'] = explode(",", $a_ppps[$pppid]['subnet']);

		$pconfig['pptp_remote'] = explode(",", $a_ppps[$pppid]['gateway']);

		$pconfig['pptp_dialondemand'] = isset($a_ppps[$pppid]['ondemand']);

		$pconfig['pptp_idletimeout'] = $a_ppps[$pppid]['timeout'];

	}

} else {

	$pconfig['ptpid'] = interfaces_ptpid_next();

	$pppid = count($a_ppps);

}

$pconfig['dhcphostname'] = $wancfg['dhcphostname'];

$pconfig['alias-address'] = $wancfg['alias-address'];

$pconfig['alias-subnet'] = $wancfg['alias-subnet'];

$pconfig['dhcprejectfrom'] = $wancfg['dhcprejectfrom'];

$pconfig['adv_dhcp_pt_timeout'] = $wancfg['adv_dhcp_pt_timeout'];

$pconfig['adv_dhcp_pt_retry'] = $wancfg['adv_dhcp_pt_retry'];

$pconfig['adv_dhcp_pt_select_timeout'] = $wancfg['adv_dhcp_pt_select_timeout'];

$pconfig['adv_dhcp_pt_reboot'] = $wancfg['adv_dhcp_pt_reboot'];

$pconfig['adv_dhcp_pt_backoff_cutoff'] = $wancfg['adv_dhcp_pt_backoff_cutoff'];

$pconfig['adv_dhcp_pt_initial_interval'] = $wancfg['adv_dhcp_pt_initial_interval'];

$pconfig['adv_dhcp_pt_values'] = $wancfg['adv_dhcp_pt_values'];

$pconfig['adv_dhcp_send_options'] = $wancfg['adv_dhcp_send_options'];

$pconfig['adv_dhcp_request_options'] = $wancfg['adv_dhcp_request_options'];

$pconfig['adv_dhcp_required_options'] = $wancfg['adv_dhcp_required_options'];

$pconfig['adv_dhcp_option_modifiers'] = $wancfg['adv_dhcp_option_modifiers'];

$pconfig['adv_dhcp_config_advanced'] = $wancfg['adv_dhcp_config_advanced'];

$pconfig['adv_dhcp_config_file_override'] = $wancfg['adv_dhcp_config_file_override'];

$pconfig['adv_dhcp_config_file_override_path'] = $wancfg['adv_dhcp_config_file_override_path'];

$pconfig['adv_dhcp6_interface_statement_send_options'] = $wancfg['adv_dhcp6_interface_statement_send_options'];

$pconfig['adv_dhcp6_interface_statement_request_options'] = $wancfg['adv_dhcp6_interface_statement_request_options'];

$pconfig['adv_dhcp6_interface_statement_information_only_enable'] = $wancfg['adv_dhcp6_interface_statement_information_only_enable'];

$pconfig['adv_dhcp6_interface_statement_script'] = $wancfg['adv_dhcp6_interface_statement_script'];

$pconfig['adv_dhcp6_id_assoc_statement_address_enable'] = $wancfg['adv_dhcp6_id_assoc_statement_address_enable'];

$pconfig['adv_dhcp6_id_assoc_statement_address'] = $wancfg['adv_dhcp6_id_assoc_statement_address'];

$pconfig['adv_dhcp6_id_assoc_statement_address_id'] = $wancfg['adv_dhcp6_id_assoc_statement_address_id'];

$pconfig['adv_dhcp6_id_assoc_statement_address_pltime'] = $wancfg['adv_dhcp6_id_assoc_statement_address_pltime'];

$pconfig['adv_dhcp6_id_assoc_statement_address_vltime'] = $wancfg['adv_dhcp6_id_assoc_statement_address_vltime'];

$pconfig['adv_dhcp6_id_assoc_statement_prefix_enable'] = $wancfg['adv_dhcp6_id_assoc_statement_prefix_enable'];

$pconfig['adv_dhcp6_id_assoc_statement_prefix'] = $wancfg['adv_dhcp6_id_assoc_statement_prefix'];

$pconfig['adv_dhcp6_id_assoc_statement_prefix_id'] = $wancfg['adv_dhcp6_id_assoc_statement_prefix_id'];

$pconfig['adv_dhcp6_id_assoc_statement_prefix_pltime'] = $wancfg['adv_dhcp6_id_assoc_statement_prefix_pltime'];

$pconfig['adv_dhcp6_id_assoc_statement_prefix_vltime'] = $wancfg['adv_dhcp6_id_assoc_statement_prefix_vltime'];

$pconfig['adv_dhcp6_prefix_interface_statement_sla_id'] = $wancfg['adv_dhcp6_prefix_interface_statement_sla_id'];

$pconfig['adv_dhcp6_prefix_interface_statement_sla_len'] = $wancfg['adv_dhcp6_prefix_interface_statement_sla_len'];

$pconfig['adv_dhcp6_authentication_statement_authname'] = $wancfg['adv_dhcp6_authentication_statement_authname'];

$pconfig['adv_dhcp6_authentication_statement_protocol'] = $wancfg['adv_dhcp6_authentication_statement_protocol'];

$pconfig['adv_dhcp6_authentication_statement_algorithm'] = $wancfg['adv_dhcp6_authentication_statement_algorithm'];

$pconfig['adv_dhcp6_authentication_statement_rdm'] = $wancfg['adv_dhcp6_authentication_statement_rdm'];

$pconfig['adv_dhcp6_key_info_statement_keyname'] = $wancfg['adv_dhcp6_key_info_statement_keyname'];

$pconfig['adv_dhcp6_key_info_statement_realm'] = $wancfg['adv_dhcp6_key_info_statement_realm'];

$pconfig['adv_dhcp6_key_info_statement_keyid'] = $wancfg['adv_dhcp6_key_info_statement_keyid'];

$pconfig['adv_dhcp6_key_info_statement_secret'] = $wancfg['adv_dhcp6_key_info_statement_secret'];

$pconfig['adv_dhcp6_key_info_statement_expire'] = $wancfg['adv_dhcp6_key_info_statement_expire'];

$pconfig['adv_dhcp6_config_advanced'] = $wancfg['adv_dhcp6_config_advanced'];

$pconfig['adv_dhcp6_config_file_override'] = $wancfg['adv_dhcp6_config_file_override'];

$pconfig['adv_dhcp6_config_file_override_path'] = $wancfg['adv_dhcp6_config_file_override_path'];

$pconfig['dhcp_plus'] = isset($wancfg['dhcp_plus']);

$pconfig['descr'] = remove_bad_chars($wancfg['descr']);

$pconfig['enable'] = isset($wancfg['enable']);

switch ($wancfg['ipaddr']) {

	case "dhcp":

		$pconfig['type'] = "dhcp";

		break;

	case "pppoe":

	case "pptp":

	case "l2tp":

	case "ppp":

		$pconfig['type'] = $wancfg['ipaddr'];

		break;

	default:

		if (is_ipaddrv4($wancfg['ipaddr'])) {

			$pconfig['type'] = "staticv4";

			$pconfig['ipaddr'] = $wancfg['ipaddr'];

			$pconfig['subnet'] = $wancfg['subnet'];

			$pconfig['gateway'] = $wancfg['gateway'];

		} else {

			$pconfig['type'] = "none";

		}

		break;

}

switch ($wancfg['ipaddrv6']) {

	case "slaac":

		$pconfig['type6'] = "slaac";

		break;

	case "dhcp6":

		$pconfig['dhcp6-duid'] = $wancfg['dhcp6-duid'];

		if (!isset($wancfg['dhcp6-ia-pd-len'])) {

			$wancfg['dhcp6-ia-pd-len'] = "none";

		}

		$pconfig['dhcp6-ia-pd-len'] = $wancfg['dhcp6-ia-pd-len'];

		$pconfig['dhcp6-ia-pd-send-hint'] = isset($wancfg['dhcp6-ia-pd-send-hint']);

		$pconfig['type6'] = "dhcp6";

		$pconfig['dhcp6prefixonly'] = isset($wancfg['dhcp6prefixonly']);

		$pconfig['dhcp6usev4iface'] = isset($wancfg['dhcp6usev4iface']);

		$pconfig['dhcp6debug'] = isset($wancfg['dhcp6debug']);

		$pconfig['dhcp6withoutra'] = isset($wancfg['dhcp6withoutra']);

		break;

	case "6to4":

		$pconfig['type6'] = "6to4";

		break;

	case "track6":

		$pconfig['type6'] = "track6";

		$pconfig['track6-interface'] = $wancfg['track6-interface'];

		if ($wancfg['track6-prefix-id'] == "") {

			$pconfig['track6-prefix-id'] = 0;

		} else {

			$pconfig['track6-prefix-id'] = $wancfg['track6-prefix-id'];

		}

		$pconfig['track6-prefix-id--hex'] = sprintf("%x", $pconfig['track6-prefix-id']);

		break;

	case "6rd":

		$pconfig['prefix-6rd'] = $wancfg['prefix-6rd'];

		if ($wancfg['prefix-6rd-v4plen'] == "") {

			$wancfg['prefix-6rd-v4plen'] = "0";

		}

		$pconfig['prefix-6rd-v4plen'] = $wancfg['prefix-6rd-v4plen'];

		$pconfig['type6'] = "6rd";

		$pconfig['gateway-6rd'] = $wancfg['gateway-6rd'];

		break;

	default:

		if (is_ipaddrv6($wancfg['ipaddrv6'])) {

			$pconfig['type6'] = "staticv6";

			$pconfig['ipaddrv6'] = $wancfg['ipaddrv6'];

			$pconfig['subnetv6'] = $wancfg['subnetv6'];

			$pconfig['gatewayv6'] = $wancfg['gatewayv6'];

		} else {

			$pconfig['type6'] = "none";

		}

		break;

}

$pconfig['blockpriv'] = isset($wancfg['blockpriv']);

$pconfig['blockbogons'] = isset($wancfg['blockbogons']);

$pconfig['spoofmac'] = $wancfg['spoofmac'];

$pconfig['mtu'] = $wancfg['mtu'];

$pconfig['mss'] = $wancfg['mss'];

/* Wireless interface? */

if (isset($wancfg['wireless'])) {

	/* Sync first to be sure it displays the actual settings that will be used */

	interface_sync_wireless_clones($wancfg, false);

	/* Get wireless modes */

	$wlanif = get_real_interface($if);

	if (!does_interface_exist($wlanif)) {

		interface_wireless_clone($wlanif, $wancfg);

	}

	$wlanbaseif = interface_get_wireless_base($wancfg['if']);

	preg_match("/^(.*?)([0-9]*)$/", $wlanbaseif, $wlanbaseif_split);

	$wl_modes = get_wireless_modes($if);

	$wl_chaninfo = get_wireless_channel_info($if);

	$wl_sysctl_prefix = 'dev.' . $wlanbaseif_split[1] . '.' . $wlanbaseif_split[2];

	$wl_sysctl = get_sysctl(

		array(

			"{$wl_sysctl_prefix}.diversity",

			"{$wl_sysctl_prefix}.txantenna",

			"{$wl_sysctl_prefix}.rxantenna",

			"{$wl_sysctl_prefix}.slottime",

			"{$wl_sysctl_prefix}.acktimeout",

			"{$wl_sysctl_prefix}.ctstimeout"));

	$wl_regdomain_xml_attr = array();

	$wl_regdomain_xml = parse_xml_regdomain($wl_regdomain_xml_attr);

	$wl_regdomains = &$wl_regdomain_xml['regulatory-domains']['rd'];

	$wl_regdomains_attr = &$wl_regdomain_xml_attr['regulatory-domains']['rd'];

	$wl_countries = &$wl_regdomain_xml['country-codes']['country'];

	$wl_countries_attr = &$wl_regdomain_xml_attr['country-codes']['country'];

	$pconfig['persistcommonwireless'] = isset($config['wireless']['interfaces'][$wlanbaseif]);

	$pconfig['standard'] = $wancfg['wireless']['standard'];

	$pconfig['mode'] = $wancfg['wireless']['mode'];

	$pconfig['protmode'] = $wancfg['wireless']['protmode'];

	$pconfig['ssid'] = $wancfg['wireless']['ssid'];

	$pconfig['channel'] = $wancfg['wireless']['channel'];

	$pconfig['txpower'] = $wancfg['wireless']['txpower'];

	$pconfig['diversity'] = $wancfg['wireless']['diversity'];

	$pconfig['txantenna'] = $wancfg['wireless']['txantenna'];

	$pconfig['rxantenna'] = $wancfg['wireless']['rxantenna'];

	$pconfig['distance'] = $wancfg['wireless']['distance'];

	$pconfig['regdomain'] = $wancfg['wireless']['regdomain'];

	$pconfig['regcountry'] = $wancfg['wireless']['regcountry'];

	$pconfig['reglocation'] = $wancfg['wireless']['reglocation'];

	$pconfig['wme_enable'] = isset($wancfg['wireless']['wme']['enable']);

	if (isset($wancfg['wireless']['puren']['enable'])) {

		$pconfig['puremode'] = '11n';

	} else if (isset($wancfg['wireless']['pureg']['enable'])) {

		$pconfig['puremode'] = '11g';

	} else {

		$pconfig['puremode'] = 'any';

	}

	$pconfig['apbridge_enable'] = isset($wancfg['wireless']['apbridge']['enable']);

	$pconfig['authmode'] = $wancfg['wireless']['authmode'];

	$pconfig['hidessid_enable'] = isset($wancfg['wireless']['hidessid']['enable']);

	$pconfig['auth_server_addr'] = $wancfg['wireless']['auth_server_addr'];

	$pconfig['auth_server_port'] = $wancfg['wireless']['auth_server_port'];

	$pconfig['auth_server_shared_secret'] = $wancfg['wireless']['auth_server_shared_secret'];

	$pconfig['auth_server_addr2'] = $wancfg['wireless']['auth_server_addr2'];

	$pconfig['auth_server_port2'] = $wancfg['wireless']['auth_server_port2'];

	$pconfig['auth_server_shared_secret2'] = $wancfg['wireless']['auth_server_shared_secret2'];

	if (is_array($wancfg['wireless']['wpa'])) {

		$pconfig['debug_mode'] = $wancfg['wireless']['wpa']['debug_mode'];

		$pconfig['macaddr_acl'] = $wancfg['wireless']['wpa']['macaddr_acl'];

		$pconfig['mac_acl_enable'] = isset($wancfg['wireless']['wpa']['mac_acl_enable']);

		$pconfig['wpa_mode'] = $wancfg['wireless']['wpa']['wpa_mode'];

		$pconfig['wpa_key_mgmt'] = $wancfg['wireless']['wpa']['wpa_key_mgmt'];

		$pconfig['wpa_pairwise'] = $wancfg['wireless']['wpa']['wpa_pairwise'];

		$pconfig['wpa_group_rekey'] = $wancfg['wireless']['wpa']['wpa_group_rekey'];

		$pconfig['wpa_gmk_rekey'] = $wancfg['wireless']['wpa']['wpa_gmk_rekey'];

		$pconfig['wpa_strict_rekey'] = isset($wancfg['wireless']['wpa']['wpa_strict_rekey']);

		$pconfig['passphrase'] = $wancfg['wireless']['wpa']['passphrase'];

		$pconfig['ieee8021x'] = isset($wancfg['wireless']['wpa']['ieee8021x']['enable']);

		$pconfig['rsn_preauth'] = isset($wancfg['wireless']['wpa']['rsn_preauth']);

		$pconfig['ext_wpa_sw'] = $wancfg['wireless']['wpa']['ext_wpa_sw'];

		$pconfig['wpa_enable'] = isset($wancfg['wireless']['wpa']['enable']);

	}

	$pconfig['mac_acl'] = $wancfg['wireless']['mac_acl'];

}

if ($_POST['apply']) {

	unset($input_errors);

	if (!is_subsystem_dirty('interfaces')) {

		$input_errors[] = gettext("The settings have already been applied!");

	} else {

		unlink_if_exists("{$g['tmp_path']}/config.cache");

		clear_subsystem_dirty('interfaces');

		if (file_exists("{$g['tmp_path']}/.interfaces.apply")) {

			$toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.interfaces.apply"));

			foreach ($toapplylist as $ifapply => $ifcfgo) {

				if (isset($config['interfaces'][$ifapply]['enable'])) {

					interface_bring_down($ifapply, false, $ifcfgo);

					interface_configure($ifapply, true);

					if ($config['interfaces'][$ifapply]['ipaddrv6'] == "track6") {

						/* call interface_track6_configure with linkup true so

						   IPv6 IPs are added back. dhcp6c needs a HUP. Can't

						   just call interface_configure with linkup true as

						   that skips bridge membership addition.

						*/

						$wancfg = $config['interfaces'][$ifapply];

						interface_track6_configure($ifapply, $wancfg, true);

					}

				} else {

					interface_bring_down($ifapply, true, $ifcfgo);

					if (isset($config['dhcpd'][$ifapply]['enable']) ||

					    isset($config['dhcpdv6'][$ifapply]['enable'])) {

						services_dhcpd_configure();

					}

				}

			}

		}

		/* restart snmp so that it binds to correct address */

		services_snmpd_configure();

		/* sync filter configuration */

		setup_gateways_monitor();

		clear_subsystem_dirty('interfaces');

		filter_configure();

		enable_rrd_graphing();

		if (is_subsystem_dirty('staticroutes') && (system_routing_configure() == 0)) {

			clear_subsystem_dirty('staticroutes');

		}

	}

	@unlink("{$g['tmp_path']}/.interfaces.apply");

	header("Location: interfaces.php?if={$if}");

	exit;

} else if ($_POST) {

	unset($input_errors);

	$pconfig = $_POST;

	if (is_numeric("0x" . $_POST['track6-prefix-id--hex'])) {

		$pconfig['track6-prefix-id'] = intval($_POST['track6-prefix-id--hex'], 16);

	} else {

		$pconfig['track6-prefix-id'] = 0;

	}

	conf_mount_rw();

	/* filter out spaces from descriptions */

	$_POST['descr'] = remove_bad_chars($_POST['descr']);

	/* okay first of all, cause we are just hiding the PPPoE HTML

	 * fields related to PPPoE resets, we are going to unset $_POST

	 * vars, if the reset feature should not be used. Otherwise the

	 * data validation procedure below, may trigger a false error

	 * message.

	 */

	if (empty($_POST['pppoe-reset-type'])) {

		unset($_POST['pppoe_pr_type']);

		unset($_POST['pppoe_resethour']);

		unset($_POST['pppoe_resetminute']);

		unset($_POST['pppoe_resetdate']);

		unset($_POST['pppoe_pr_preset_val']);

	}

	/* description unique? */

	foreach ($ifdescrs as $ifent => $ifdescr) {

		if ($if != $ifent && $ifdescr == $_POST['descr']) {

			$input_errors[] = gettext("An interface with the specified description already exists.");

			break;

		}

	}

	/* Is the description already used as an alias name? */

	if (is_array($config['aliases']['alias'])) {

		foreach ($config['aliases']['alias'] as $alias) {

			if ($alias['name'] == $_POST['descr']) {

				$input_errors[] = sprintf(gettext("Sorry, an alias with the name %s already exists."), $_POST['descr']);

			}

		}

	}

	/* Is the description already used as an interface group name? */

	if (is_array($config['ifgroups']['ifgroupentry'])) {

		foreach ($config['ifgroups']['ifgroupentry'] as $ifgroupentry) {

			if ($ifgroupentry['ifname'] == $_POST['descr']) {

				$input_errors[] = sprintf(gettext("Sorry, an interface group with the name %s already exists."), $wancfg['descr']);

			}

		}

	}

	if (is_numeric($_POST['descr'])) {

		$input_errors[] = gettext("The interface description cannot contain only numbers.");

	}

	/* input validation */

	if (isset($config['dhcpd']) && isset($config['dhcpd'][$if]['enable']) && (!preg_match("/^staticv4/", $_POST['type']))) {

		$input_errors[] = gettext("The DHCP Server is active on this interface and it can be used only with a static IP configuration. Please disable the DHCP Server service on this interface first, then change the interface configuration.");

	}

	if (isset($config['dhcpdv6']) && isset($config['dhcpdv6'][$if]['enable']) && ($_POST['type6'] != "staticv6" && $_POST['type6'] != "track6")) {

		$input_errors[] = gettext("The DHCP6 Server is active on this interface and it can be used only with a static IPv6 configuration. Please disable the DHCPv6 Server service on this interface first, then change the interface configuration.");

	}

	switch (strtolower($_POST['type'])) {

		case "staticv4":

			$reqdfields = explode(" ", "ipaddr subnet gateway");

			$reqdfieldsn = array(gettext("IPv4 address"), gettext("Subnet bit count"), gettext("Gateway"));

			do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);

			break;

		case "none":

			if (is_array($config['virtualip']['vip'])) {

				foreach ($config['virtualip']['vip'] as $vip) {

					if (is_ipaddrv4($vip['subnet']) && $vip['interface'] == $if) {

						$input_errors[] = gettext("This interface is referenced by IPv4 VIPs. Please delete those before setting the interface to 'none' configuration.");

					}

				}

			}

			break;

		case "ppp":

			$reqdfields = explode(" ", "port phone");

			$reqdfieldsn = array(gettext("Modem Port"), gettext("Phone Number"));

			do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);

			break;

		case "pppoe":

			if ($_POST['pppoe_dialondemand']) {

				$reqdfields = explode(" ", "pppoe_username pppoe_password pppoe_dialondemand pppoe_idletimeout");

				$reqdfieldsn = array(gettext("PPPoE username"), gettext("PPPoE password"), gettext("Dial on demand"), gettext("Idle timeout value"));

			} else {

				$reqdfields = explode(" ", "pppoe_username pppoe_password");

				$reqdfieldsn = array(gettext("PPPoE username"), gettext("PPPoE password"));

			}

			do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);

			break;

		case "pptp":

			if ($_POST['pptp_dialondemand']) {

				$reqdfields = explode(" ", "pptp_username pptp_password pptp_local0 pptp_subnet0 pptp_remote0 pptp_dialondemand pptp_idletimeout");

				$reqdfieldsn = array(gettext("PPTP username"), gettext("PPTP password"), gettext("PPTP local IP address"), gettext("PPTP subnet"), gettext("PPTP remote IP address"), gettext("Dial on demand"), gettext("Idle timeout value"));

			} else {

				$reqdfields = explode(" ", "pptp_username pptp_password pptp_local0 pptp_subnet0 pptp_remote0");

				$reqdfieldsn = array(gettext("PPTP username"), gettext("PPTP password"), gettext("PPTP local IP address"), gettext("PPTP subnet"), gettext("PPTP remote IP address"));

			}

			do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);

			break;

		case "l2tp":

			if ($_POST['pptp_dialondemand']) {

				$reqdfields = explode(" ", "pptp_username pptp_password pptp_remote0 pptp_dialondemand pptp_idletimeout");

				$reqdfieldsn = array(gettext("L2TP username"), gettext("L2TP password"), gettext("L2TP remote IP address"), gettext("Dial on demand"), gettext("Idle timeout value"));

			} else {

				$reqdfields = explode(" ", "pptp_username pptp_password pptp_remote0");

				$reqdfieldsn = array(gettext("L2TP username"), gettext("L2TP password"), gettext("L2TP remote IP address"));

			}

			do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);

			break;

	}

	switch (strtolower($_POST['type6'])) {

		case "staticv6":

			$reqdfields = explode(" ", "ipaddrv6 subnetv6 gatewayv6");

			$reqdfieldsn = array(gettext("IPv6 address"), gettext("Subnet bit count"), gettext("Gateway"));

			do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);

			break;

		case "none":

			if (is_array($config['virtualip']['vip'])) {

				foreach ($config['virtualip']['vip'] as $vip) {

					if (is_ipaddrv6($vip['subnet']) && $vip['interface'] == $if) {

						$input_errors[] = gettext("This interface is referenced by IPv6 VIPs. Please delete those before setting the interface to 'none' configuration.");

					}

				}

			}

			break;

		case "dhcp6":

			if (in_array($wancfg['ipaddrv6'], array())) {

				$input_errors[] = sprintf(gettext("The interface must be reassigned to configure as %s."), $_POST['type6']);

			}

			if ($_POST['dhcp6-ia-pd-send-hint'] && strtolower($_POST['dhcp6-ia-pd-len']) == 'none') {

				$input_errors[] = gettext('DHCPv6 Prefix Delegation size must be provided when Send IPv6 prefix hint flag is checked');

			}

			break;

		case "6rd":

			foreach ($ifdescrs as $ifent => $ifdescr) {

				if ($if != $ifent && ($config[interfaces][$ifent]['ipaddrv6'] == $_POST['type6'])) {

					if ($config[interfaces][$ifent]['prefix-6rd'] == $_POST['prefix-6rd']) {

						$input_errors[] = gettext("Only one interface can be configured within a single 6rd prefix.");

						break;

					}

				}

			}

			if (!is_ipaddrv4($_POST['gateway-6rd'])) {

				$input_errors[] = gettext("6RD Border Gateway must be an IPv4 address.");

			}

			if (in_array($wancfg['ipaddrv6'], array())) {

				$input_errors[] = sprintf(gettext("The interface must be reassigned to configure as %s."), $_POST['type6']);

			}

			break;

		case "6to4":

			foreach ($ifdescrs as $ifent => $ifdescr) {

				if ($if != $ifent && ($config[interfaces][$ifent]['ipaddrv6'] == $_POST['type6'])) {

					$input_errors[] = sprintf(gettext("Only one interface can be configured as 6to4."), $_POST['type6']);

					break;

				}

			}

			if (in_array($wancfg['ipaddrv6'], array())) {

				$input_errors[] = sprintf(gettext("The interface must be reassigned to configure as %s."), $_POST['type6']);

			}

			break;

		case "track6":

			/* needs to check if $track6-prefix-id is used on another interface */

			if (in_array($wancfg['ipaddrv6'], array())) {

				$input_errors[] = sprintf(gettext("The interface must be reassigned to configure as %s."), $_POST['type6']);

			}

			if (empty($_POST['track6-interface'])) {

				$input_errors[] = gettext("A valid interface to track must be selected.");

			}

			if ($_POST['track6-prefix-id--hex'] != "" && !is_numeric("0x" . $_POST['track6-prefix-id--hex'])) {

				$input_errors[] = gettext("A valid hexadecimal number must be entered for the IPv6 prefix ID.");

			} else {

				$track6_prefix_id = intval($_POST['track6-prefix-id--hex'], 16);

				if ($track6_prefix_id < 0 || $track6_prefix_id > $_POST['ipv6-num-prefix-ids-' . $_POST['track6-interface']]) {

					$input_errors[] = gettext("The specified IPv6 Prefix ID is out of range.") .

						" ({$_POST['track6-interface']}) - (0) - (" . sprintf('%x', $_POST['ipv6-num-prefix-ids-' . $_POST['track6-interface']]) . ")";

				} else {

					foreach ($ifdescrs as $ifent => $ifdescr) {

						if ($if == $ifent) {

							continue;

						}

						if ($config['interfaces'][$ifent]['ipaddrv6'] == 'track6' &&

						    $config['interfaces'][$ifent]['track6-interface'] == $_POST['track6-interface'] &&

						    $config['interfaces'][$ifent]['track6-prefix-id'] == $track6_prefix_id) {

							$input_errors[] = sprintf(gettext("This track6 prefix ID is already being used in %s."), $ifdescr);

						}

					}

				}

			}

			break;

	}

	/* normalize MAC addresses - lowercase and convert Windows-ized hyphenated MACs to colon delimited */

	$staticroutes = get_staticroutes(true);

	$_POST['spoofmac'] = strtolower(str_replace("-", ":", $_POST['spoofmac']));

	if ($_POST['ipaddr']) {

		if (!is_ipaddrv4($_POST['ipaddr'])) {

			$input_errors[] = gettext("A valid IPv4 address must be specified.");

		} else {

			$where_ipaddr_configured = where_is_ipaddr_configured($_POST['ipaddr'], $if, true, true, $_POST['subnet']);

			if (count($where_ipaddr_configured)) {

				$subnet_conflict_text = sprintf(gettext("IPv4 address %s is being used by or overlaps with:"), $_POST['ipaddr'] . "/" . $_POST['subnet']);

				foreach ($where_ipaddr_configured as $subnet_conflict) {

					$subnet_conflict_text .= " " . convert_friendly_interface_to_friendly_descr($subnet_conflict['if']) . " (" . $subnet_conflict['ip_or_subnet'] . ")";