/src/etc/inc/globals.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/etc/inc/globals.inc @ c9706433

1	5b237745	Scott Ullrich	<?php
2	ac24dc24	Renato Botelho	/*
3			* globals.inc
4	2af1b0c7	Stephen Beaver	*
5	ac24dc24	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	8f585441	Luiz Souza	* Copyright (c) 2014-2021 Rubicon Communications, LLC (Netgate)
9	ac24dc24	Renato Botelho	* All rights reserved.
10	2af1b0c7	Stephen Beaver	*
11	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
12			* you may not use this file except in compliance with the License.
13			* You may obtain a copy of the License at
14	2af1b0c7	Stephen Beaver	*
15	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
16	2af1b0c7	Stephen Beaver	*
17	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
18			* distributed under the License is distributed on an "AS IS" BASIS,
19			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20			* See the License for the specific language governing permissions and
21			* limitations under the License.
22	2af1b0c7	Stephen Beaver	*/
23	9ba87997	Phil Davis
24	43c83997	Phil Davis	// Global defines
25	523855b0	Scott Ullrich
26	43c83997	Phil Davis	// Automatic panel collapse
27	820562e8	NewEraCracker	define('COLLAPSIBLE', 0x08);
28			define('SEC_CLOSED', 0x04);
29			define('SEC_OPEN', 0x00);
30	5b237745	Scott Ullrich
31	77a8a7d6	Steve Beaver	// IP address types
32	ca86de04	Steve Beaver	define("IPV4", 4);
33			define("IPV6", 6);
34			define("IPV4V6", 2);
35			define("ALIAS", 1);
36	77a8a7d6	Steve Beaver
37	0793de1a	Luiz Souza	// Interface Name Size
38			define("IF_NAMESIZE", 15); /* 16 minus the terminating NULL */
39
40	5ea90990	Stephen Beaver	// AddPassword method defines
41	820562e8	NewEraCracker	define('DMYPWD', "********");
42	5ea90990	Stephen Beaver
43	8346b5c4	jim-p	global $g;
44	5b237745	Scott Ullrich	$g = array(
45	0ae6daf8	Ermal	"event_address" => "unix:///var/run/check_reload_status",
46	4b96b367	mgrooms	"factory_shipped_username" => "admin",
47	46974905	Chris Buechler	"factory_shipped_password" => "pfsense",
48	1ef7b568	Scott Ullrich	"upload_path" => "/root",
49	e9e7d501	Matthew Grooms	"dhcpd_chroot_path" => "/var/dhcpd",
50	6671b7cd	Warren Baker	"unbound_chroot_path" => "/var/unbound",
51	563771b1	Renato Botelho	"var_path" => "/var",
52	e9e7d501	Matthew Grooms	"varrun_path" => "/var/run",
53			"varetc_path" => "/var/etc",
54			"vardb_path" => "/var/db",
55			"varlog_path" => "/var/log",
56			"etc_path" => "/etc",
57			"tmp_path" => "/tmp",
58	8d80a771	stilez	"tmp_path_user_code" => "/tmp/user_code",
59	e9e7d501	Matthew Grooms	"conf_path" => "/conf",
60			"conf_default_path" => "/conf.default",
61			"cf_path" => "/cf",
62			"cf_conf_path" => "/cf/conf",
63			"www_path" => "/usr/local/www",
64			"xml_rootobj" => "pfsense",
65			"admin_group" => "admins",
66	36d0358b	Scott Ullrich	"product_name" => "pfSense",
67	573ec19d	Renato Botelho do Couto	"product_label" => "pfSense",
68	70497688	Renato Botelho	"product_version" => trim(file_get_contents("/etc/version"), " \n"),
69	2bb93345	Tuyan Ozipek	"product_copyright_years" => "2004 - ".date("Y"),
70	3b29612f	Chris Buechler	"disablehelpmenu" => false,
71	28181237	Renato Botelho	"disablehelpicon" => false,
72	36365f49	Scott Ullrich	"disablecrashreporter" => false,
73	e9e7d501	Matthew Grooms	"debug" => false,
74	391591ef	jim-p	"latest_config" => "21.3",
75	67b0ed57	Chris Buechler	"minimum_ram_warning" => "101",
76	9f274393	Chris Buechler	"minimum_ram_warning_text" => "128 MB",
77	1180e4f0	Sjon Hortensius	"wan_interface_name" => "wan",
78	e9e7d501	Matthew Grooms	"captiveportal_path" => "/usr/local/captiveportal",
79			"captiveportal_element_path" => "/var/db/cpelements",
80	c2d0699f	Scott Ullrich	"captiveportal_element_sizelimit" => 1048576,
81	517b893e	Renato Botelho	"captiveportal_rules_interval" => 50,
82	e3a13b00	Scott Ullrich	"services_dhcp_server_enable" => true,
83	38a65678	Viktor G	"wireless_regex" => "/^(ath\|athp\|bwi\|bwn\|ipw\|iwi\|iwm\|iwn\|malo\|mwl\|ral\|rsu\|rtwn\|rum\|run\|uath\|upgt\|ural\|urtw\|urtwn\|wi\|wpi\|wtap\|zyd)[0-9]+/",
84	0bd239d9	Renato Botelho	"help_base_url" => "/help.php",
85	60ff91f1	Renato Botelho	"pkg_prefix" => "pfSense-pkg-",
86	ceecd29b	Renato Botelho	"default_timezone" => "Etc/UTC",
87	0c2dffb0	Renato Botelho	"language" => "en_US",
88	2d113b12	Renato Botelho	"default_config_backup_count" => 30,
89	62bac37e	jim-p	"default_cert_expiredays" => 27,
90	f9d9d054	jim-p	"default_log_entries" => 500,
91			"default_log_size" => 512000,
92	b395c4f2	Renato Botelho	"minimumtableentries_bogonsv6" => 400000,
93	1b75667c	Viktor G	"alternativemetaports" => array("vmware", "php72", "php73", "php74"),
94			"backuppath" => array(
95			'captiveportal' => "/var/db/captiveportal*.db",
96			'dhcpd' => "/var/dhcpd/var/db/dhcpd.leases",
97			'dhcpdv6' => "/var/dhcpd/var/db/dhcpd6.leases",
98			'voucher' => "/var/db/voucher_*.db"
99	c6cdaad1	Steve Beaver	),
100	0f674c32	Luiz Souza	"wg_conf_path" => "/etc/wg"
101	5b237745	Scott Ullrich	);
102
103	a03e3c1f	Bill Marquette	/* IP TOS flags */
104	ec6adc21	Bill Marquette	$iptos = array("lowdelay", "throughput", "reliability");
105	a03e3c1f	Bill Marquette
106			/* TCP flags */
107	79cc9e6b	bcyrill	$tcpflags = array("syn", "ack", "fin", "rst", "psh", "urg", "ece", "cwr");
108	a03e3c1f	Bill Marquette
109	5a0235ca	Renato Botelho	if (file_exists("/etc/version.patch")) {
110			$g["product_version_patch"] = trim(file_get_contents("/etc/version.patch"), " \n");
111			} else {
112			$g["product_version_patch"] = "0";
113			}
114
115			$g['product_version_string'] = $g['product_version'];
116			if (is_numeric($g["product_version_patch"]) && $g["product_version_patch"] != "0") {
117			$g['product_version_string'] .= "-p{$g['product_version_patch']}";
118			}
119
120	630326d4	Renato Botelho	if (file_exists("{$g['etc_path']}/default-config-flavor")) {
121			$flavor_array = file("{$g['etc_path']}/default-config-flavor");
122			$g['default-config-flavor'] = chop($flavor_array[0]);
123			} else {
124			$g['default-config-flavor'] = '';
125			}
126
127	348c2af1	jim-p	$g['openvpn_base'] = "{$g['varetc_path']}/openvpn";
128
129	3a35f55f	Scott Ullrich	/* Default sysctls */
130	1180e4f0	Sjon Hortensius	$sysctls = array("net.inet.ip.portrange.first" => "1024",
131			"net.inet.tcp.blackhole" => "2",
132			"net.inet.udp.blackhole" => "1",
133			"net.inet.ip.random_id" => "1",
134			"net.inet.tcp.drop_synfin" => "1",
135			"net.inet.ip.redirect" => "1",
136			"net.inet6.ip6.redirect" => "1",
137	20a3b436	Renato Botelho	"net.inet6.ip6.use_tempaddr" => "0",
138			"net.inet6.ip6.prefer_tempaddr" => "0",
139	1180e4f0	Sjon Hortensius	"net.inet.tcp.syncookies" => "1",
140			"net.inet.tcp.recvspace" => "65228",
141			"net.inet.tcp.sendspace" => "65228",
142			"net.inet.tcp.delayed_ack" => "0",
143			"net.inet.udp.maxdgram" => "57344",
144			"net.link.bridge.pfil_onlyip" => "0",
145			"net.link.bridge.pfil_member" => "1",
146			"net.link.bridge.pfil_bridge" => "0",
147			"net.link.tap.user_open" => "1",
148	c2a14eec	Luiz Souza	"net.link.vlan.mtag_pcp" => "1",
149	1180e4f0	Sjon Hortensius	"kern.randompid" => "347",
150			"net.inet.ip.intr_queue_maxlen" => "1000",
151			"hw.syscons.kbd_reboot" => "0",
152			"net.inet.tcp.log_debug" => "0",
153			"net.inet.tcp.tso" => "1",
154	feae85bc	Scott Ullrich	"net.inet.icmp.icmplim" => "0",
155	abe7607f	Scott Ullrich	"vfs.read_max" => "32",
156	2b7ca9b2	Ermal	"kern.ipc.maxsockbuf" => "4262144",
157	c06240db	Ermal	"net.inet.ip.process_options" => 0,
158	c3938c16	Luiz Souza	"kern.random.harvest.mask" => "351",
159	7d8b75ab	Ermal	"net.route.netisr_maxqlen" => 1024,
160	a3a1b24e	Ermal	"net.inet.udp.checksum" => 1,
161	2f5488df	Ermal	"net.inet.icmp.reply_from_interface" => 1,
162	ec5753e7	Ermal LUÇI	"net.inet6.ip6.rfc6204w3" => 1,
163	c46f9695	Ermal	"net.enc.out.ipsec_bpf_mask" => "0x0001",
164			"net.enc.out.ipsec_filter_mask" => "0x0001",
165	8e068605	Chris Buechler	"net.enc.in.ipsec_bpf_mask" => "0x0002",
166			"net.enc.in.ipsec_filter_mask" => "0x0002",
167	62dc93d1	Chris Buechler	"net.key.preferred_oldsa" => "0",
168	1dbe220c	jim-p	"net.inet.carp.senderr_demotion_factor" => 0, /* Do not demote CARP for interface send errors */
169	c81678f4	Chris Buechler	"net.pfsync.carp_demotion_factor" => 0, /* Do not demote CARP for pfsync errors */
170			"net.raw.recvspace" => 65536,
171	48a8235e	Chris Buechler	"net.raw.sendspace" => 65536,
172			"net.inet.raw.recvspace" => 131072,
173	a08208f8	jim-p	"net.inet.raw.maxdgram" => 131072,
174			"kern.corefile" => "/root/%N.core" /* Write all core files to /root/ so they do not consume space on other slices */
175	feae85bc	Scott Ullrich	);
176	3a35f55f	Scott Ullrich
177	545d0b46	Dave Cornejo	$machine_type = php_uname('m');
178			if (($machine_type == 'arm') \|\| ($machine_type == 'arm64')) {
179			$sysctls['kern.shutdown.secure_halt'] = 1;
180			}
181
182	8346b5c4	jim-p	/* Include override values for the above if needed. If the file doesn't exist, don't try to load it. */
183	9ba87997	Phil Davis	if (file_exists("/etc/inc/globals_override.inc")) {
184	86573bb9	Phil Davis	@include_once("globals_override.inc");
185	9ba87997	Phil Davis	}
186	8346b5c4	jim-p
187	ae04affe	Renato Botelho	/* Read all XML files in following dir and load menu entries */
188			$g["ext_menu_path"] = "/usr/local/share/{$g['product_name']}/menu";
189
190	e8f8aeb6	Renato Botelho	/* Cache file used to store pfSense version */
191			$g["version_cache_file"] = "{$g['varrun_path']}/{$g['product_name']}_version";
192	e0e922da	Renato Botelho	$g['version_cache_refresh'] = 2 * 60 * 60; /* 2h */
193	e8f8aeb6	Renato Botelho
194	16d6c1df	Renato Botelho	function platform_booting($on_console = false) {
195	285ef132	Ermal LUÇI	global $g;
196
197	9ba87997	Phil Davis	if ($g['booting'] \|\| file_exists("{$g['varrun_path']}/booting")) {
198			if ($on_console == false \|\| php_sapi_name() != 'fpm-fcgi') {
199	16d6c1df	Renato Botelho	return true;
200	9ba87997	Phil Davis	}
201			}
202	285ef132	Ermal LUÇI
203			return false;
204			}
205	b8d09280	Ermal LUÇI
206	9ba87997	Phil Davis	if (file_exists("{$g['cf_conf_path']}/enableserial_force")) {
207	719db60e	Ermal LUÇI	$g['enableserial_force'] = true;
208	9ba87997	Phil Davis	}
209	719db60e	Ermal LUÇI
210	1883455a	Ermal	$config_parsed = false;
211	9734b054	Scott Ullrich
212	39d2f39d	NOYB	/* Factory default check IP service. */
213			$factory_default_checkipservice = array(
214			"enable" => true,
215			"name" => 'Default',
216			"url" => 'http://checkip.dyndns.org',
217			// "username" => '',
218			// "password" => '',
219			// "verifysslpeer" => true,
220			"descr" => 'Default Check IP Service'
221			);
222
223	b923a825	Tom Embt	$dyndns_split_domain_types = array("namecheap", "cloudflare", "cloudflare-v6", "gratisdns", "cloudns", "godaddy", "godaddy-v6", "linode", "linode-v6");
224	b20cfb55	jim-p
225			/* pf tokens from FreeBSD source sbin/pfctl/parse.y (plus our custom entries at the end)*/
226			global $pf_reserved_keywords;
227			$pf_reserved_keywords = array(
228			"pass", "block", "scrub", "return", "in", "os", "out", "log", "quick", "on", "from", "to", "flags", "returnrst",
229			"returnicmp", "returnicmp6", "proto", "inet", "inet6", "all", "any", "icmptype", "icmp6type", "code", "keep",
230			"modulate", "state", "port", "rdr", "nat", "binat", "arrow", "nodf", "minttl", "error", "allowopts", "fastroute",
231			"filename", "routeto", "dupto", "replyto", "no", "label", "noroute", "urpffailed", "fragment", "user", "group",
232			"maxmss", "maximum", "ttl", "tos", "drop", "table", "reassemble", "fragdrop", "fragcrop", "anchor", "natanchor",
233			"rdranchor", "binatanchor", "set", "optimization", "timeout", "limit", "loginterface", "blockpolicy", "randomid",
234			"requireorder", "synproxy", "fingerprints", "nosync", "debug", "skip", "hostid", "antispoof", "for", "include",
235			"bitmask", "random", "sourcehash", "roundrobin", "staticport", "probability", "altq", "cbq", "codel", "priq",
236			"hfsc", "fairq", "bandwidth", "tbrsize", "linkshare", "realtime", "upperlimit", "queue", "priority", "qlimit",
237			"hogs", "buckets", "rtable", "target", "interval", "load", "ruleset_optimization", "prio", "stickyaddress",
238			"maxsrcstates", "maxsrcnodes", "sourcetrack", "global", "rule", "maxsrcconn", "maxsrcconnrate", "overload",
239			"flush", "sloppy", "tagged", "tag", "ifbound", "floating", "statepolicy", "statedefaults", "route", "settos",
240			"divertto", "divertreply", "max", "min", "pptp", "pppoe", "L2TP", "OpenVPN", "IPsec");
241	62ed56dc	Luiz Souza
242	7997506f	vktg	/* Reserved table names to avoid collision */
243	783e9a2a	vktg	global $reserved_table_names;
244			$reserved_table_names = array(
245			"bogons",
246			"bogonsv6",
247			"negate_networks",
248			"snort2c",
249			"sshguard",
250			"tonatsubnets",
251			"virusprot",
252			"vpn_networks",
253			);
254
255	62ed56dc	Luiz Souza	/* VLAN Prio values. */
256			$vlanprio_values = array(
257			"bk" => 0,
258			"be" => 1,
259			"ee" => 2,
260			"ca" => 3,
261			"vi" => 4,
262			"vo" => 5,
263			"ic" => 6,
264			"nc" => 7
265			);
266
267			$vlanprio = array(
268			"bk" => "Background (BK, 0)",
269			"be" => "Best Effort (BE, 1)",
270			"ee" => "Excellent Effort (EE, 2)",
271			"ca" => "Critical Applications (CA, 3)",
272			"vi" => "Video (VI, 4)",
273			"vo" => "Voice (VO, 5)",
274			"ic" => "Internetwork Control (IC, 6)",
275			"nc" => "Network Control (NC, 7)"
276			);
277
278	f9e8c833	jim-p	global $system_log_files;
279			$system_log_files = array(
280			"system", "filter", "dhcpd", "vpn", "poes", "l2tps", "openvpn",
281			"portalauth", "ipsec", "ppp", "wireless", "nginx", "ntpd", "gateways",
282	49967ae7	jim-p	"resolver", "routing", "auth");
283	f9e8c833	jim-p
284	eacc805e	jim-p	global $system_log_non_syslog_files;
285			$system_log_non_syslog_files = array('dmesg.boot', 'utx.log', 'userlog');
286
287	03cdd6ad	jim-p	global $system_log_compression_types;
288			$system_log_compression_types = array(
289			'bzip2' => array(
290			'flag' => 'J',
291	87fb98b9	jim-p	'cat' => '/usr/bin/bzcat -qf',
292	03cdd6ad	jim-p	'ext' => 'bz2',
293			),
294			'gzip' => array(
295			'flag' => 'Z',
296	87fb98b9	jim-p	'cat' => '/usr/bin/zcat -qf',
297	03cdd6ad	jim-p	'ext' => 'gz',
298			),
299			'xz' => array(
300			'flag' => 'X',
301	87fb98b9	jim-p	'cat' => '/usr/bin/xzcat -qf',
302	03cdd6ad	jim-p	'ext' => 'xz',
303			),
304			'zstd' => array(
305			'flag' => 'Y',
306	87fb98b9	jim-p	'cat' => '/usr/bin/zstdcat -qqf',
307	03cdd6ad	jim-p	'ext' => 'zst',
308			),
309			'none' => array(
310			'flag' => '',
311	a62b14a7	Viktor G	'cat' => '/bin/cat',
312	03cdd6ad	jim-p	'ext' => '',
313			),
314			);
315
316	e5eba380	Viktor G	global $ddnsdomainkeyalgorithms;
317			$ddnsdomainkeyalgorithms = array(
318			'hmac-md5' => 'HMAC-MD5 (legacy default)',
319			'hmac-sha1' => 'HMAC-SHA1',
320			'hmac-sha224' => 'HMAC-SHA224',
321			'hmac-sha256' => 'HMAC-SHA256 (current bind9 default)',
322			'hmac-sha384' => 'HMAC-SHA384',
323			'hmac-sha512' => 'HMAC-SHA512 (most secure)');
324
325	2b7ca9b2	Ermal	?>

Project

General

Profile

pfSense