Project

General

Profile

Download (73.2 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/*
3
 * gwlb.inc
4
 *
5
 * part of pfSense (https://www.pfsense.org)
6
 * Copyright (c) 2008 Bill Marquette, Seth Mos
7
 * Copyright (c) 2008-2013 BSD Perimeter
8
 * Copyright (c) 2013-2016 Electric Sheep Fencing
9
 * Copyright (c) 2014-2020 Rubicon Communications, LLC (Netgate)
10
 * All rights reserved.
11
 *
12
 * Licensed under the Apache License, Version 2.0 (the "License");
13
 * you may not use this file except in compliance with the License.
14
 * You may obtain a copy of the License at
15
 *
16
 * http://www.apache.org/licenses/LICENSE-2.0
17
 *
18
 * Unless required by applicable law or agreed to in writing, software
19
 * distributed under the License is distributed on an "AS IS" BASIS,
20
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21
 * See the License for the specific language governing permissions and
22
 * limitations under the License.
23
 */
24

    
25
require_once("config.inc");
26
require_once("rrd.inc");
27
require_once("ipsec.inc");
28
require_once("interfaces.inc");
29

    
30
/* Returns an array of default values used for dpinger */
31
function return_dpinger_defaults() {
32
	return array(
33
		"latencylow" => "200",
34
		"latencyhigh" => "500",
35
		"losslow" => "10",
36
		"losshigh" => "20",
37
		"interval" => "500",
38
		"loss_interval" => "2000",
39
		"time_period" => "60000",
40
		"alert_interval" => "1000",
41
		"data_payload" => "1");
42
}
43

    
44
function running_dpinger_processes() {
45
	global $g;
46

    
47
	$pidfiles = glob("{$g['varrun_path']}/dpinger_*.pid");
48

    
49
	$result = array();
50
	if ($pidfiles === FALSE) {
51
		return $result;
52
	}
53

    
54
	foreach ($pidfiles as $pidfile) {
55
		if (preg_match('/^dpinger_(.+)~([^~]+)~([^~]+)\.pid$/',
56
		    basename($pidfile), $matches)) {
57
			$socket_file = preg_replace('/\.pid$/', '.sock',
58
			    $pidfile);
59
			$result[$matches[1]] = array(
60
			    'srcip'    => $matches[2],
61
			    'targetip' => $matches[3],
62
			    'pidfile'  => $pidfile,
63
			    'socket'   => $socket_file
64
			);
65
			unset($gwinfo);
66
		}
67
	}
68

    
69
	return $result;
70
}
71

    
72
/*
73
 * Stop one or more dpinger process
74
 * default parameter $gwname is '*' that will kill all running sessions
75
 * If a gateway name is passed, only this one will be killed
76
 */
77
function stop_dpinger($gwname = '') {
78
	global $g;
79

    
80
	$running_processes = running_dpinger_processes();
81

    
82
	foreach ($running_processes as $running_gwname => $process) {
83
		if ($gwname != '' && $running_gwname != $gwname) {
84
			continue;
85
		}
86

    
87
		if (isvalidpid($process['pidfile'])) {
88
			killbypid($process['pidfile'], 3);
89
		} else {
90
			@unlink($process['pidfile']);
91
		}
92
	}
93
}
94

    
95
function start_dpinger($gateway) {
96
	global $g;
97

    
98
	if (!isset($gateway['gwifip'])) {
99
		return (false);
100
	}
101

    
102
	$dpinger_defaults = return_dpinger_defaults();
103

    
104
	$prefix = "{$g['varrun_path']}/dpinger_{$gateway['name']}~" .
105
	    "{$gateway['gwifip']}~{$gateway['monitor']}";
106
	# dpinger socket path should not be longer then uaddr.sun_path
107
	if (strlen($prefix) > 95) {
108
		$prefix = "{$g['varrun_path']}/dpinger_{$gateway['name']}~" .
109
		    substr(md5($gateway['gwifip']),0,8) . "~" .
110
		    $gateway['monitor'];
111
	}
112
	$pidfile = $prefix . ".pid";
113
	$socket = $prefix . ".sock";
114
	$alarm_cmd = "{$g['etc_path']}/rc.gateway_alarm";
115

    
116
	$params  = "-S ";			/* Log warnings via syslog */
117
	$params .= "-r 0 ";			/* Disable unused reporting thread */
118
	$params .= "-i {$gateway['name']} ";	/* Identifier */
119
	$params .= "-B {$gateway['gwifip']} ";	/* Bind src address */
120
	$params .= "-p {$pidfile} ";		/* PID filename */
121
	$params .= "-u {$socket} ";		/* Status Socket */
122
	if (!$gateway['action_disable']) {
123
		$params .= "-C \"{$alarm_cmd}\" ";	/* Command to run on alarm */
124
	}
125

    
126
	$params .= "-d " .
127
	    (isset($gateway['data_payload']) && is_numeric($gateway['data_payload'])
128
	    ? $gateway['data_payload']
129
	    : $dpinger_defaults['data_payload']
130
	    ) . " ";
131

    
132
	$params .= "-s " .
133
	    (isset($gateway['interval']) && is_numeric($gateway['interval'])
134
	    ? $gateway['interval']
135
	    : $dpinger_defaults['interval']
136
	    ) . " ";
137

    
138
	$params .= "-l " .
139
	    (isset($gateway['loss_interval']) && is_numeric($gateway['loss_interval'])
140
	    ?  $gateway['loss_interval']
141
	    : $dpinger_defaults['loss_interval']
142
	    ) . " ";
143

    
144
	$params .= "-t " .
145
	    (isset($gateway['time_period']) && is_numeric($gateway['time_period'])
146
	    ?  $gateway['time_period']
147
	    : $dpinger_defaults['time_period']
148
	    ) . " ";
149

    
150
	$params .= "-A " .
151
	    (isset($gateway['alert_interval']) && is_numeric($gateway['alert_interval'])
152
	    ?  $gateway['alert_interval']
153
	    : $dpinger_defaults['alert_interval']
154
	    ) . " ";
155

    
156
	$params .= "-D " .
157
	    (isset($gateway['latencyhigh']) && is_numeric($gateway['latencyhigh'])
158
	    ?  $gateway['latencyhigh']
159
	    : $dpinger_defaults['latencyhigh']
160
	    ) . " ";
161

    
162
	$params .= "-L " .
163
	    (isset($gateway['losshigh']) && is_numeric($gateway['losshigh'])
164
	    ?  $gateway['losshigh']
165
	    : $dpinger_defaults['losshigh']
166
	    ) . " ";
167

    
168
	/* Make sure we don't end up with 2 process for the same GW */
169
	stop_dpinger($gateway['name']);
170

    
171
	/* Do not try to bind IPv6 where interface is in tentative state */
172
	if (is_ipaddrv6($gateway['gwifip'])) {
173
		$err = interface_wait_tentative(get_real_interface(
174
		    $gateway['interface']));
175
		if ($err == false) {
176
			log_error(gettext("Timeout waiting for IPv6 address in tentative state.  dpinger will not run."));
177
			return (false);
178
		}
179
	}
180

    
181
	/* Redirect stdout to /dev/null to avoid exec() to wait for dpinger */
182
	return mwexec("/usr/local/bin/dpinger {$params} {$gateway['monitor']} >/dev/null");
183
}
184

    
185
/*
186
 * Starts dpinger processes and adds appropriate static routes for monitor IPs
187
 */
188
function setup_gateways_monitor() {
189
	global $config, $g;
190

    
191
	$gateways_arr = return_gateways_array();
192
	if (!is_array($gateways_arr)) {
193
		log_error(gettext("No gateways to monitor. dpinger will not run."));
194
		stop_dpinger();
195
		return;
196
	}
197

    
198
	$monitor_ips = array();
199
	foreach ($gateways_arr as $gwname => $gateway) {
200
		/* Do not monitor if such was requested */
201
		if (isset($gateway['monitor_disable'])) {
202
			continue;
203
		}
204
		if (empty($gateway['monitor']) || !is_ipaddr($gateway['monitor'])) {
205
			if (is_ipaddr($gateway['gateway'])) {
206
				$gateways_arr[$gwname]['monitor'] = $gateway['gateway'];
207
			} else { /* No chance to get an ip to monitor skip target. */
208
				continue;
209
			}
210
		}
211

    
212
		/* if the monitor address is already used before, skip */
213
		if (in_array($gateway['monitor'], $monitor_ips)) {
214
			continue;
215
		}
216

    
217
		/* Interface ip is needed since dpinger will bind a socket to it.
218
		 * However the config GUI should already have checked this and when
219
		 * PPPoE is used the IP address is set to "dynamic". So using is_ipaddrv4
220
		 * or is_ipaddrv6 to identify packet type would be wrong, especially as
221
		 * further checks (that can cope with the "dynamic" case) are present inside
222
		 * the if block. So using $gateway['ipprotocol'] is the better option.
223
		 */
224
		if ($gateway['ipprotocol'] == "inet") { // This is an IPv4 gateway...
225
			$gwifip = find_interface_ip($gateway['interface'], true);
226
			if (!is_ipaddrv4($gwifip)) {
227
				continue; //Skip this target
228
			}
229

    
230
			if ($gwifip == "0.0.0.0") {
231
				continue; //Skip this target - the gateway is still waiting for DHCP
232
			}
233

    
234
			/*
235
			 * If the gateway is the same as the monitor we do not add a
236
			 * route as this will break the routing table.
237
			 * Add static routes for each gateway with their monitor IP
238
			 * not strictly necessary but is a added level of protection.
239
			 */
240
			if (is_ipaddrv4($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) {
241
				log_error(sprintf(gettext('Removing static route for monitor %1$s and adding a new route through %2$s'), $gateway['monitor'], $gateway['gateway']));
242
				if (interface_isppp_type($gateway['friendlyiface'])) {
243
					route_add_or_change($gateway['monitor'],
244
					    '', $gateway['interface']);
245
					system_staticroutes_configure($gateway['friendlyiface']);
246
				} else {
247
					route_add_or_change($gateway['monitor'],
248
					    $gateway['gateway']);
249
				}
250

    
251
				pfSense_kill_states("0.0.0.0/0", $gateway['monitor'], $gateway['interface'], "icmp");
252
			}
253
		} else if ($gateway['ipprotocol'] == "inet6") { // This is an IPv6 gateway...
254
			if (is_linklocal($gateway['gateway']) &&
255
			    get_ll_scope($gateway['gateway']) == '') {
256
				$gateway['gateway'] .= '%' . $gateway['interface'];
257
			}
258

    
259
			if (is_linklocal($gateway['monitor'])) {
260
				if (get_ll_scope($gateway['monitor']) == '') {
261
					$gateways_arr[$gwname]['monitor'] .= '%' . $gateway['interface'];
262
				}
263

    
264
				$gwifip = find_interface_ipv6_ll($gateway['interface'], true);
265

    
266
				if (get_ll_scope($gwifip) == '') {
267
					$gwifip .= '%' . $gateway['interface'];
268
				}
269
			} else {
270
				$gwifip = find_interface_ipv6($gateway['interface'], true);
271
			}
272

    
273
			if (!is_ipaddrv6($gwifip)) {
274
				continue; //Skip this target
275
			}
276

    
277
			/*
278
			 * If the gateway is the same as the monitor we do not add a
279
			 * route as this will break the routing table.
280
			 * Add static routes for each gateway with their monitor IP
281
			 * not strictly necessary but is a added level of protection.
282
			 */
283
			if ($gateway['gateway'] != $gateways_arr[$gwname]['monitor']) {
284
				log_error(sprintf(gettext('Removing static route for monitor %1$s and adding a new route through %2$s'), $gateway['monitor'], $gateway['gateway']));
285
				if (interface_isppp_type($gateway['friendlyiface'])) {
286
					route_add_or_change($gateway['monitor'],
287
					    '', $gateway['interface']);
288
					system_staticroutes_configure($gateway['friendlyiface']);
289
				} else {
290
					route_add_or_change($gateway['monitor'],
291
					    $gateway['gateway']);
292
				}
293

    
294
				pfSense_kill_states("::0.0.0.0/0", $gateway['monitor'], $gateway['interface'], "icmpv6");
295
			}
296
		} else {
297
			continue;
298
		}
299

    
300
		$monitor_ips[] = $gateway['monitor'];
301
		$gateways_arr[$gwname]['enable_dpinger'] = true;
302
		$gateways_arr[$gwname]['gwifip'] = $gwifip;
303
	}
304

    
305
	stop_dpinger();
306

    
307
	/* Start new processes */
308
	foreach ($gateways_arr as $gateway) {
309
		if (!isset($gateway['enable_dpinger'])) {
310
			continue;
311
		}
312

    
313
		if (start_dpinger($gateway) != 0) {
314
			log_error(sprintf(gettext("Error starting gateway monitor for %s"), $gateway['name']));
315
		}
316
	}
317

    
318
	return;
319
}
320

    
321
function get_dpinger_status($gwname, $gways = false, $action_disable = false) {
322
	global $g;
323

    
324
	$running_processes = running_dpinger_processes();
325

    
326
	if (!isset($running_processes[$gwname])) {
327
		log_error(sprintf(gettext(
328
		    'dpinger: No dpinger session running for gateway %s'),
329
		    $gwname));
330
		return false;
331
	}
332

    
333
	$proc = $running_processes[$gwname];
334
	unset($running_processes);
335

    
336
	$timeoutcounter = 0;
337
	while (true) {
338
		if (!file_exists($proc['socket'])) {
339
			log_error("dpinger: status socket {$proc['socket']} not found");
340
			return false;
341
		}
342
		$fp = @stream_socket_client("unix://{$proc['socket']}", $errno, $errstr, 10);
343
		if (!$fp) {
344
			log_error(sprintf(gettext('dpinger: cannot connect to status socket %1$s - %2$s (%3$s)'), $proc['socket'], $errstr, $errno));
345
			return false;
346
		}
347

    
348
		$status = '';
349
		while (!feof($fp)) {
350
			$status .= fgets($fp, 1024);
351
		}
352
		fclose($fp);
353

    
354
		$r = array();
355
		list(
356
			$r['gwname'],
357
			$r['latency_avg'],
358
			$r['latency_stddev'],
359
			$r['loss']
360
		) = explode(' ', preg_replace('/\n/', '', $status));
361

    
362
		// dpinger returns '<gwname> 0 0 0' when queried directly after it starts.
363
		// while a latency of 0 and a loss of 0 would be perfect, in a real world it doesnt happen.
364
		// or does it, anyone? if so we must 'detect' the initialization period differently..
365
		$ready = $r['latency_stddev'] != '0' || $r['loss'] != '0';
366

    
367
		if ($ready) {
368
			break;
369
		} else {
370
			$timeoutcounter++;
371
			if ($timeoutcounter > 300) {
372
				log_error(sprintf(gettext('dpinger: timeout while retrieving status for gateway %s'), $gwname));
373
				return false;
374
			}
375
			usleep(10000);
376
		}
377
	}
378

    
379
	$r['srcip'] = $proc['srcip'];
380
	$r['targetip'] = $proc['targetip'];
381

    
382
	if (is_array($gways)) {
383
		$gateways_arr = $gways;
384
	} else {
385
		$gateways_arr = return_gateways_array();
386
	}
387

    
388
	unset($gw);
389
	if (isset($gateways_arr[$gwname])) {
390
		$gw = $gateways_arr[$gwname];
391
	}
392

    
393
	$r['latency_avg'] = round($r['latency_avg']/1000, 3);
394
	$r['latency_stddev'] = round($r['latency_stddev']/1000, 3);
395

    
396
	$r['status'] = "online";
397
	$r['substatus'] = "none";
398
	if (isset($gw) && isset($gw['force_down'])) {
399
		$r['status'] = "down";
400
		$r['substatus'] = "force_down";
401
	} else if (isset($gw)) {
402
		$settings = return_dpinger_defaults();
403

    
404
		$keys = array(
405
		    'latencylow',
406
		    'latencyhigh',
407
		    'losslow',
408
		    'losshigh'
409
		);
410

    
411
		/* Replace default values by user-defined */
412
		foreach ($keys as $key) {
413
			if (isset($gw[$key]) && is_numeric($gw[$key])) {
414
				$settings[$key] = $gw[$key];
415
			}
416
		}
417

    
418
		if ($r['latency_avg'] > $settings['latencyhigh']) {
419
			if (!$action_disable) {
420
				$r['status'] = "down";
421
			}
422
			$r['substatus'] = "highdelay";
423
		} else if ($r['loss'] > $settings['losshigh']) {
424
			if (!$action_disable) {
425
				$r['status'] = "down";
426
			}
427
			$r['substatus'] = "highloss";
428
		} else if ($r['latency_avg'] > $settings['latencylow']) {
429
			$r['substatus'] = "delay";
430
		} else if ($r['loss'] > $settings['losslow']) {
431
			$r['substatus'] = "loss";
432
		}
433
	}
434

    
435
	return $r;
436
}
437

    
438
/* return the status of the dpinger targets as an array */
439
function return_gateways_status($byname = false, $gways = false) {
440
	global $config, $g;
441

    
442
	$dpinger_gws = running_dpinger_processes();
443
	$status = array();
444

    
445
	if (is_array($gways)) {
446
		$gateways_arr = $gways;
447
	} else {
448
		$gateways_arr = return_gateways_array();
449
	}
450

    
451
	foreach ($dpinger_gws as $gwname => $gwdata) {
452
		/*
453
		 * If action is disabled for this gateway, then we want a
454
		 * detailed status.  That reports "highdelay" or "highloss"
455
		 * rather than just "down".  Because reporting the gateway
456
		 * down would be misleading (gateway action is disabled)
457
		 */
458
		$action_disable = $gateways_arr[$gwname]['action_disable'];
459
		$dpinger_status = get_dpinger_status($gwname, $action_disable);
460
		if ($dpinger_status === false) {
461
			continue;
462
		}
463

    
464
		if ($byname == false) {
465
			$target = $dpinger_status['targetip'];
466
		} else {
467
			$target = $gwname;
468
		}
469

    
470
		$status[$target] = array();
471
		$status[$target]['monitorip'] = $dpinger_status['targetip'];
472
		$status[$target]['srcip'] = $dpinger_status['srcip'];
473
		$status[$target]['name'] = $gwname;
474
		$status[$target]['delay'] =
475
		    empty($dpinger_status['latency_avg'])
476
		    ? "0ms"
477
		    : $dpinger_status['latency_avg'] . "ms";
478
		$status[$target]['stddev'] =
479
		    empty($dpinger_status['latency_stddev'])
480
		    ? "0ms"
481
		    : $dpinger_status['latency_stddev'] . "ms";
482
		$status[$target]['loss'] = empty($dpinger_status['loss'])
483
		    ? "0.0%"
484
		    : round($dpinger_status['loss'], 1) . "%";
485
		$status[$target]['status'] = $dpinger_status['status'];
486
		$status[$target]['substatus'] = $dpinger_status['substatus'];
487
	}
488

    
489
	/* tack on any gateways that have monitoring disabled
490
	 * or are down, which could cause gateway groups to fail */
491
	$gateways_arr = return_gateways_array();
492
	foreach ($gateways_arr as $gwitem) {
493
		if (!isset($gwitem['monitor_disable'])) {
494
			continue;
495
		}
496
		if (!is_ipaddr($gwitem['monitor'])) {
497
			$realif = $gwitem['interface'];
498
			$tgtip = get_interface_gateway($realif);
499
			if (!is_ipaddr($tgtip)) {
500
				$tgtip = "none";
501
			}
502
			$srcip = find_interface_ip($realif);
503
		} else {
504
			$tgtip = $gwitem['monitor'];
505
			$srcip = find_interface_ip($realif);
506
		}
507
		if ($byname == true) {
508
			$target = $gwitem['name'];
509
		} else {
510
			$target = $tgtip;
511
		}
512

    
513
		/* failsafe for down interfaces */
514
		if ($target == "none") {
515
			$target = $gwitem['name'];
516
			$status[$target]['name'] = $gwitem['name'];
517
			$status[$target]['delay'] = "0.0ms";
518
			$status[$target]['loss'] = "100.0%";
519
			$status[$target]['status'] = "down";
520
			$status[$target]['substatus'] = "down";
521
		} else {
522
			$status[$target]['monitorip'] = $tgtip;
523
			$status[$target]['srcip'] = $srcip;
524
			$status[$target]['name'] = $gwitem['name'];
525
			$status[$target]['delay'] = "";
526
			$status[$target]['loss'] = "";
527
			$status[$target]['status'] = "online";
528
			$status[$target]['substatus'] = "none";
529
		}
530

    
531
		$status[$target]['monitor_disable'] = true;
532
	}
533
	return($status);
534
}
535

    
536
function return_gateways_status_text($byname = false, $brief = false) {
537
	$gwstat = return_gateways_status($byname);
538
	$output = "";
539
	$widths = array();
540
	$col_sep = 2;
541
	if ($brief) {
542
		$collist = array('status' => "Status");
543
	} else {
544
		$collist = array('monitorip' => "Monitor",
545
				'srcip' => "Source",
546
				'delay' => "Delay",
547
				'stddev' => "StdDev",
548
				'loss' => "Loss",
549
				'status' => "Status",
550
				'substatus' => "Substatus");
551
	}
552
	foreach ($gwstat as $gw) {
553
		foreach ($gw as $gwdidx => $gwdata) {
554
			if (strlen($gwdata) > $widths[$gwdidx]) {
555
				$widths[$gwdidx] = strlen($gwdata);
556
			}
557
		}
558
	}
559

    
560
	$output .= str_pad("Name", $widths['name'] + $col_sep, " ", STR_PAD_RIGHT);
561
	foreach ($collist as $hdrcol => $hdrdesc) {
562
		if (strlen($hdrdesc) > $widths[$hdrcol]) {
563
			$widths[$hdrcol] = strlen($hdrdesc);
564
		}
565
		$output .= str_pad($hdrdesc, $widths[$hdrcol] + $col_sep, " ", (substr($hdrcol, -2, 2) == "ip") ? STR_PAD_RIGHT : STR_PAD_LEFT);
566
	}
567
	$output .= "\n";
568

    
569
	foreach ($gwstat as $idx => $gw) {
570
		$output .= str_pad($gw['name'], $widths['name'] + $col_sep, " ", STR_PAD_RIGHT);
571
		foreach (array_keys($collist) as $col) {
572
			$output .= str_pad($gw[$col], $widths[$col] + $col_sep, " ", (substr($col, -2, 2) == "ip") ? STR_PAD_RIGHT : STR_PAD_LEFT);
573
		}
574
		$output .= "\n";
575
	}
576

    
577
	return $output;
578
}
579

    
580
function compare_gateway_order_configured($a, $b) {
581
	/* XXX WAN always has precedence */
582
	if ($a['friendlyiface'] == "wan") {
583
		return -1;
584
	} elseif ($b['friendlyiface'] == "wan") {
585
		return 1;
586
	}
587

    
588
	if ($a['attribute'] === $b['attribute']) {
589
		if ($a['attribute'] === 'system') {
590
			$res = (($a['name'] < $b['name'])) ? -1 : 1;
591
			return $res;
592
		}
593
		return 0;
594
	}
595
	if ($a['attribute'] === 'system' || $b['attribute'] === 'system') {
596
		$res = (($b['attribute'] === 'system')) ? -1 : 1;
597
		return $res;
598
	}
599
	$res = ($a['attribute'] < $b['attribute']) ? -1 : 1;
600
	return $res;
601
}
602

    
603
function order_gateways_as_configured($gateways_arr) {
604
	uasort($gateways_arr, 'compare_gateway_order_configured');
605
	return $gateways_arr;
606
}
607

    
608
/* Return all configured gateways on the system
609
   $disabled = true - include gateways that are disabled
610
   $localhost = true - include "Null" entries for localhost IP addresses
611
   $inactive = true - include gateways on inactive interfaces
612
   $integer_index = true - index the returned array by integers 0,1,2,... instead of by GW name
613
*/
614
function return_gateways_array($disabled = false, $localhost = false, $inactive = false, $integer_index = false) {
615
	global $config, $g;
616

    
617
	$gateways_arr = array();
618
	$gateways_arr_temp = array();
619
	$cgw4 = route_get_default('inet');
620
	$cgw6 = route_get_default('inet6');
621
	$found_defaultv4 = 0;
622
	$found_defaultv6 = 0;
623

    
624
	// Ensure the interface cache is up to date first
625
	$interfaces = get_interface_arr(true);
626

    
627
	$i = -1;
628
	/* Process/add all the configured gateways. */
629
	if (is_array($config['gateways']) && is_array($config['gateways']['gateway_item'])) {
630
		foreach ($config['gateways']['gateway_item'] as $gateway) {
631
			if (!is_array($gateway) || empty($gateway)) {
632
				continue;
633
			}
634

    
635
			/* Increment it here to do not skip items */
636
			$i++;
637
			if (isset($gateway['defaultgw'])) {
638
				unset($gateway['defaultgw']);
639
			}
640

    
641
			if (empty($config['interfaces'][$gateway['interface']])) {
642
				if ($inactive === false) {
643
					continue;
644
				} else {
645
					$gateway['inactive'] = true;
646
				}
647
			}
648
			$wancfg = $config['interfaces'][$gateway['interface']];
649

    
650
			/* skip disabled interfaces */
651
			if ($disabled === false && (!isset($wancfg['enable']))) {
652
				continue;
653
			}
654

    
655
			/* if the gateway is dynamic and we can find the IPv4, Great! */
656
			if (empty($gateway['gateway']) || $gateway['gateway'] == "dynamic") {
657
				if ($gateway['ipprotocol'] == "inet") {
658
					/* we know which interfaces is dynamic, this should be made a function */
659
					$gateway['gateway'] = get_interface_gateway($gateway['interface']);
660
					/* no IP address found, set to dynamic */
661
					if (!is_ipaddrv4($gateway['gateway'])) {
662
						$gateway['gateway'] = "dynamic";
663
					}
664
					$gateway['dynamic'] = true;
665
				}
666

    
667
				/* if the gateway is dynamic and we can find the IPv6, Great! */
668
				else if ($gateway['ipprotocol'] == "inet6") {
669
					/* we know which interfaces is dynamic, this should be made a function, and for v6 too */
670
					$gateway['gateway'] = get_interface_gateway_v6($gateway['interface']);
671
					/* no IPv6 address found, set to dynamic */
672
					if (!is_ipaddrv6($gateway['gateway'])) {
673
						$gateway['gateway'] = "dynamic";
674
					}
675
					$gateway['dynamic'] = true;
676
				}
677
			} else {
678
				/* getting this detection right is hard at this point because we still don't
679
				 * store the address family in the gateway item */
680
				if (is_ipaddrv4($gateway['gateway'])) {
681
					$gateway['ipprotocol'] = "inet";
682
				} else if (is_ipaddrv6($gateway['gateway'])) {
683
					$gateway['ipprotocol'] = "inet6";
684
				}
685
			}
686

    
687
			if (isset($gateway['monitor_disable'])) {
688
				$gateway['monitor_disable'] = true;
689
			} else if (empty($gateway['monitor'])) {
690
				$gateway['monitor'] = $gateway['gateway'];
691
			}
692

    
693
			if (isset($gateway['action_disable'])) {
694
				$gateway['action_disable'] = true;
695
			}
696

    
697
			$gateway['friendlyiface'] = $gateway['interface'];
698
			$gateway['friendlyifdescr'] = convert_friendly_interface_to_friendly_descr($gateway['interface']);
699

    
700
			/* special treatment for tunnel interfaces */
701
			if ($gateway['ipprotocol'] == "inet6") {
702
				$gateway['interface'] = get_real_interface($gateway['interface'], "inet6", false, false);
703
			} else {
704
				$gateway['interface'] = get_real_interface($gateway['interface'], "inet", false, false);
705
			}
706

    
707
			if ($gateway['ipprotocol'] == "inet" &&
708
					($gateway['gateway'] == $cgw4)) {
709
				$gateway['isdefaultgw'] = true;
710
				$found_defaultv4 = 1;
711
			} else if ($gateway['ipprotocol'] == "inet6" &&
712
					($gateway['gateway'] == $cgw6)) {
713
				$gateway['isdefaultgw'] = true;
714
				$found_defaultv6 = 1;
715
			}
716
			/* include the gateway index as the attribute */
717
			$gateway['attribute'] = $i;
718

    
719
			/* Remember all the gateway names, even ones to be skipped because they are disabled. */
720
			/* Then we can easily know and match them later when attempting to add dynamic gateways to the list. */
721
			$gateways_arr_temp[$gateway['name']] = $gateway;
722

    
723
			/* skip disabled gateways if the caller has not asked for them to be returned. */
724
			if (!($disabled === false && isset($gateway['disabled']))) {
725
				$gateways_arr[$gateway['name']] = $gateway;
726
			}
727
		}
728
	}
729
	unset($gateway);
730

    
731
	//Sort the array by GW name before moving on.
732
	ksort($gateways_arr, SORT_STRING | SORT_FLAG_CASE);
733

    
734
	/* Loop through all interfaces with a gateway and add it to a array */
735
	if ($disabled == false) {
736
		$iflist = get_configured_interface_with_descr();
737
	} else {
738
		$iflist = get_configured_interface_with_descr(true);
739
	}
740

    
741
	/* Process/add dynamic v4 gateways. */
742
	foreach ($iflist as $ifname => $friendly) {
743
		if (!interface_has_gateway($ifname)) {
744
			continue;
745
		}
746

    
747
		if (empty($config['interfaces'][$ifname])) {
748
			continue;
749
		}
750

    
751
		$ifcfg = &$config['interfaces'][$ifname];
752
		if (!isset($ifcfg['enable'])) {
753
			continue;
754
		}
755

    
756
		if (!empty($ifcfg['ipaddr']) && is_ipaddrv4($ifcfg['ipaddr'])) {
757
			continue;
758
		}
759

    
760
		$ctype = "";
761
		switch ($ifcfg['ipaddr']) {
762
			case "dhcp":
763
			case "pppoe":
764
			case "l2tp":
765
			case "pptp":
766
			case "ppp":
767
				$ctype = strtoupper($ifcfg['ipaddr']);
768
				break;
769
			default:
770
				$tunnelif = substr($ifcfg['if'], 0, 3);
771
				if (substr($ifcfg['if'], 0, 4) == "ovpn") {
772
					switch (substr($ifcfg['if'], 4, 1)) {
773
						case "c":
774
							$ovpntype = "openvpn-client";
775
							break;
776
						case "s":
777
							$ovpntype = "openvpn-server";
778
							break;
779
						default:
780
							// unknown ovpn type
781
							continue 3;
782
					}
783
					$ovpnid = substr($ifcfg['if'], 5);
784
					if (is_array($config['openvpn'][$ovpntype])) {
785
						foreach ($config['openvpn'][$ovpntype] as & $ovpnconf) {
786
							if ($ovpnconf['vpnid'] == $ovpnid) {
787
								// skip IPv6-only interfaces
788
								if ($ovpnconf['create_gw'] == "v6only") {
789
									continue 3;
790
								}
791
								// skip tap interfaces
792
								if ($ovpnconf['dev_mode'] == "tap") {
793
									continue 3;
794
								}
795
							}
796
						}
797
					}
798
					$ctype = "VPNv4";
799
				} elseif (substr($ifcfg['if'], 0, 5) == "ipsec") {
800
					$ikeid = substr($ifcfg['if'], 5);
801
					if (is_array($config['ipsec']) && is_array($config['ipsec']['phase1']) && is_array($config['ipsec']['phase2'])) {
802
						foreach ($config['ipsec']['phase1'] as $ph1ent) {
803
							if ($ph1ent['disabled']) {
804
								continue;
805
							}
806
							$vtisubnet_spec = ipsec_vti($ph1ent, true);
807
							// Skip non-VTI tunnels
808
							if (!$vtisubnet_spec || !is_array($vtisubnet_spec)) {
809
								continue;
810
							}
811
							if (!isset($ph1ent['mobile']) && ($keyexchange == 'ikev1' || isset($ph1ent['splitconn']))) {
812
								foreach ($vtisubnet_spec as $idx => $vtisub) {
813
									if ($ifcfg['if'] == ("ipsec" . get_ipsecifnum($ph1ent['ikeid'], $idx))) {
814
										// If this specific VTI remote is v4, then we can make a v4 gw
815
										if (is_ipaddrv4($vtisub['right'])) {
816
											$ctype = "VTIv4";
817
										}
818
									}
819
								}
820
							} else {
821
								if ($ifcfg['if'] == ("ipsec" . get_ipsecifnum($ph1ent['ikeid'], 0))) {
822
									// If any of the VTI remotes are v4, then we can make a v4 gw
823
									foreach ($vtisubnet_spec as $vtisub) {
824
										if (is_ipaddrv4($vtisub['right'])) {
825
											$ctype = "VTIv4";
826
										}
827
									}
828
								}
829
							}
830
						}
831
						if (empty($ctype)) {
832
							continue 2;
833
						}
834
					}
835
				} elseif ($tunnelif == "gif" || $tunnelif == "gre") {
836
					$ctype = "TUNNELv4";
837
				}
838
				break;
839
		}
840
		$ctype = "_". strtoupper($ctype);
841

    
842
		$gateway = array();
843
		$gateway['dynamic'] = false;
844
		$gateway['ipprotocol'] = "inet";
845
		$gateway['gateway'] = get_interface_gateway($ifname, $gateway['dynamic']);
846
		$gateway['interface'] = get_real_interface($ifname);
847
		$gateway['friendlyiface'] = $ifname;
848
		$gateway['friendlyifdescr'] = convert_friendly_interface_to_friendly_descr($ifname);
849
		$gateway['name'] = "{$friendly}{$ctype}";
850
		$gateway['attribute'] = "system";
851

    
852
		if (($gateway['dynamic'] === "default") && ($found_defaultv4 == 0)) {
853
			$gateway['isdefaultgw'] = true;
854
			$gateway['dynamic'] = true;
855
			$found_defaultv4 = 1;
856
		}
857

    
858
		/* Loopback dummy for dynamic interfaces without a IP */
859
		if (!is_ipaddrv4($gateway['gateway']) && $gateway['dynamic'] == true) {
860
			$gateway['gateway'] = "dynamic";
861
		}
862

    
863
		/* automatically skip known static and dynamic gateways that were previously processed */
864
		foreach ($gateways_arr_temp as $gateway_item) {
865
			if ((($ifname == $gateway_item['friendlyiface'] && $friendly == $gateway_item['name'])&& ($gateway['ipprotocol'] == $gateway_item['ipprotocol'])) ||
866
			    (($ifname == $gateway_item['friendlyiface'] && $gateway_item['dynamic'] == true) && ($gateway['ipprotocol'] == $gateway_item['ipprotocol']))) {
867
				continue 2;
868
			}
869
		}
870

    
871
		if (is_ipaddrv4($gateway['gateway'])) {
872
			$gateway['monitor'] = $gateway['gateway'];
873
		}
874

    
875
		$gateway['descr'] = "Interface {$friendly}{$ctype} Gateway";
876
		$gateways_arr[$gateway['name']] = $gateway;
877
	}
878
	unset($gateway);
879

    
880
	/* Process/add dynamic v6 gateways. */
881
	foreach ($iflist as $ifname => $friendly) {
882
		/* If the user has disabled IPv6, they probably don't want any IPv6 gateways. */
883
		if (!isset($config['system']['ipv6allow'])) {
884
			break;
885
		}
886

    
887
		if (!interface_has_gatewayv6($ifname)) {
888
			continue;
889
		}
890

    
891
		if (empty($config['interfaces'][$ifname])) {
892
			continue;
893
		}
894

    
895
		$ifcfg = &$config['interfaces'][$ifname];
896
		if (!isset($ifcfg['enable'])) {
897
			continue;
898
		}
899

    
900
		if (!empty($ifcfg['ipaddrv6']) && is_ipaddrv6($ifcfg['ipaddrv6'])) {
901
			continue;
902
		}
903

    
904
		$ctype = "";
905
		switch ($ifcfg['ipaddrv6']) {
906
			case "slaac":
907
			case "dhcp6":
908
			case "6to4":
909
			case "6rd":
910
				$ctype = strtoupper($ifcfg['ipaddrv6']);
911
				break;
912
			default:
913
				$tunnelif = substr($ifcfg['if'], 0, 3);
914
				if (substr($ifcfg['if'], 0, 4) == "ovpn") {
915
					switch (substr($ifcfg['if'], 4, 1)) {
916
						case "c":
917
							$ovpntype = "openvpn-client";
918
							break;
919
						case "s":
920
							$ovpntype = "openvpn-server";
921
							break;
922
						default:
923
							// unknown ovpn type
924
							continue 3;
925
					}
926
					$ovpnid = substr($ifcfg['if'], 5);
927
					if (is_array($config['openvpn'][$ovpntype])) {
928
						foreach ($config['openvpn'][$ovpntype] as & $ovpnconf) {
929
							if ($ovpnconf['vpnid'] == $ovpnid) {
930
								// skip IPv4-only interfaces
931
								if ($ovpnconf['create_gw'] == "v4only") {
932
									continue 3;
933
								}
934
								// skip tap interfaces
935
								if ($ovpnconf['dev_mode'] == "tap") {
936
									continue 3;
937
								}
938
							}
939
						}
940
					}
941
					$ctype = "VPNv6";
942
				} elseif (substr($ifcfg['if'], 0, 5) == "ipsec") {
943
					$ikeid = substr($ifcfg['if'], 5);
944
					if (is_array($config['ipsec']) && is_array($config['ipsec']['phase1']) && is_array($config['ipsec']['phase2'])) {
945
						foreach ($config['ipsec']['phase1'] as $ph1ent) {
946
							if ($ph1ent['disabled']) {
947
								continue;
948
							}
949
							$vtisubnet_spec = ipsec_vti($ph1ent, true);
950
							// Skip non-VTI tunnels
951
							if (!$vtisubnet_spec || !is_array($vtisubnet_spec)) {
952
								continue;
953
							}
954
							if (!isset($ph1ent['mobile']) && ($keyexchange == 'ikev1' || isset($ph1ent['splitconn']))) {
955
								foreach ($vtisubnet_spec as $idx => $vtisub) {
956
									if ($ifcfg['if'] == ("ipsec" . get_ipsecifnum($ph1ent['ikeid'], $idx))) {
957
										// If this specific VTI remote is v6, then we can make a v6 gw
958
										if (is_ipaddrv6($vtisub['right'])) {
959
											$ctype = "VTIv6";
960
										}
961
									}
962
								}
963
							} else {
964
								if ($ifcfg['if'] == ("ipsec" . get_ipsecifnum($ph1ent['ikeid'], 0))) {
965
									// If any of the VTI remotes are v6, then we can make a v6 gw
966
									foreach ($vtisubnet_spec as $vtisub) {
967
										if (is_ipaddrv6($vtisub['right'])) {
968
											$ctype = "VTIv6";
969
										}
970
									}
971
								}
972
							}
973
						}
974
						if (empty($ctype)) {
975
							continue 2;
976
						}
977
					}
978
				} else if ($tunnelif == "gif" || $tunnelif == "gre") {
979
					$ctype = "TUNNELv6";
980
				}
981
				break;
982
		}
983
		$ctype = "_". strtoupper($ctype);
984

    
985
		$gateway = array();
986
		$gateway['dynamic'] = false;
987
		$gateway['ipprotocol'] = "inet6";
988
		$gateway['gateway'] = get_interface_gateway_v6($ifname, $gateway['dynamic']);
989
		$gateway['interface'] = get_real_interface($ifname, "inet6");
990
		switch ($ifcfg['ipaddrv6']) {
991
			case "6rd":
992
			case "6to4":
993
				$gateway['dynamic'] = "default";
994
				break;
995
		}
996
		$gateway['friendlyiface'] = $ifname;
997
		$gateway['friendlyifdescr'] = convert_friendly_interface_to_friendly_descr($ifname);
998
		$gateway['name'] = "{$friendly}{$ctype}";
999
		$gateway['attribute'] = "system";
1000

    
1001
		if (($gateway['dynamic'] === "default") && ($found_defaultv6 == 0)) {
1002
			$gateway['isdefaultgw'] = true;
1003
			$gateway['dynamic'] = true;
1004
			$found_defaultv6 = 1;
1005
		}
1006

    
1007
		/* Loopback dummy for dynamic interfaces without a IP */
1008
		if (!is_ipaddrv6($gateway['gateway']) && $gateway['dynamic'] == true) {
1009
			$gateway['gateway'] = "dynamic";
1010
		}
1011

    
1012
		/* automatically skip known static and dynamic gateways that were previously processed */
1013
		foreach ($gateways_arr_temp as $gateway_item) {
1014
			if ((($ifname == $gateway_item['friendlyiface'] && $friendly == $gateway_item['name']) && ($gateway['ipprotocol'] == $gateway_item['ipprotocol'])) ||
1015
			    (($ifname == $gateway_item['friendlyiface'] && $gateway_item['dynamic'] == true) && ($gateway['ipprotocol'] == $gateway_item['ipprotocol']))) {
1016
				continue 2;
1017
			}
1018
		}
1019

    
1020
		if (is_ipaddrv6($gateway['gateway'])) {
1021
			$gateway['monitor'] = $gateway['gateway'];
1022
		}
1023

    
1024
		$gateway['descr'] = "Interface {$friendly}{$ctype} Gateway";
1025
		$gateways_arr[$gateway['name']] = $gateway;
1026
	}
1027
	unset($gateway);
1028

    
1029
	/* FIXME: Should this be enabled.
1030
	 * Some interface like wan might be default but have no info recorded
1031
	 * the config. */
1032
	/* this is a fallback if all else fails and we want to get packets out @smos */
1033
	if ($found_defaultv4 == 0 || $found_defaultv6 == 0) {
1034
		foreach ($gateways_arr as &$gateway) {
1035
			if (($gateway['friendlyiface'] == "wan") && ($found_defaultv4 == 0) && (!isset($gateway['ipprotocol']) || ($gateway['ipprotocol'] == "inet"))) {
1036
				if (file_exists("{$g['tmp_path']}/{$gateway['interface']}_defaultgw")) {
1037
					$gateway['isdefaultgw'] = true;
1038
					$found_defaultv4 = 1;
1039
				}
1040
			}
1041
			else if (($gateway['friendlyiface'] == "wan") && ($found_defaultv6 == 0) && ($gateway['ipprotocol'] == "inet6")) {
1042
				if (file_exists("{$g['tmp_path']}/{$gateway['interface']}_defaultgwv6")) {
1043
					$gateway['isdefaultgw'] = true;
1044
					$found_defaultv6 = 1;
1045
				}
1046
			}
1047
		}
1048
	}
1049

    
1050
	if ($localhost === true) {
1051
		/* attach localhost for Null routes */
1052
		$gwlo4 = array();
1053
		$gwlo4['name'] = "Null4";
1054
		$gwlo4['interface'] = "lo0";
1055
		$gwlo4['ipprotocol'] = "inet";
1056
		$gwlo4['gateway'] = "127.0.0.1";
1057
		$gwlo4['attribute'] = "system";
1058
		$gwlo6 = array();
1059
		$gwlo6['name'] = "Null6";
1060
		$gwlo6['interface'] = "lo0";
1061
		$gwlo6['ipprotocol'] = "inet6";
1062
		$gwlo6['gateway'] = "::1";
1063
		$gwlo6['attribute'] = "system";
1064
		$gateways_arr['Null4'] = $gwlo4;
1065
		$gateways_arr['Null6'] = $gwlo6;
1066
	}
1067

    
1068
	if ($integer_index) {
1069
		$gateways_arr = array_values($gateways_arr);
1070
	}
1071

    
1072
	if ($found_defaultv4 != 1 && is_ipaddr($cgw4)) {
1073
		foreach($gateways_arr as &$gw) {
1074
			if ($gw['gateway'] == $cgw4) {
1075
				$gw['isdefaultgw'] = true;
1076
			}
1077
		}
1078
	}
1079
	if ($found_defaultv6 != 1 && is_ipaddr($cgw6)) {
1080
		foreach($gateways_arr as &$gw) {
1081
			if ($gw['gateway'] == $cgw6) {
1082
				$gw['isdefaultgw'] = true;
1083
			}
1084
		}
1085
	}
1086

    
1087
	$gways = order_gateways_as_configured($gateways_arr);
1088

    
1089
	// Add the tier names here so that system_gateways.php doesn't need to
1090
	foreach ($gways as $idx => $gway) {
1091
		$gways[$idx]['tiername'] = gateway_getgwtiername($gways, $idx);
1092
	}
1093

    
1094
	return $gways;
1095
}
1096

    
1097
function fixup_default_gateway($ipprotocol, $gateways_status, $gateways_arr) {
1098
	global $config, $g;
1099
	/*
1100
	 * NOTE: The code below is meant to replace the default gateway when it goes down.
1101
	 *	This facilitates services running on pfSense itself and are not handled by a PBR to continue working.
1102
	 */
1103
	$set_dfltgwname = '';
1104

    
1105
	if ($ipprotocol == 'inet') {
1106
		$gwdefault = $config['gateways']['defaultgw4'];
1107
	} else {
1108
		$gwdefault = $config['gateways']['defaultgw6'];
1109
	}
1110
	if ($gwdefault == "-") {
1111
		// 'none', dont set the default gateway, useful if routes are managed by frr/bgp/ospf or similar
1112
		return;
1113
	}
1114
	if (isset($gateways_arr[$gwdefault])) {
1115
		// the configured gateway is a regular one. (not a gwgroup) use it as is..
1116
		$set_dfltgwname = $gwdefault;
1117
	} elseif (empty($gwdefault)) {
1118
		// 'automatic' mode, pick the first one thats 'up' or 'unmonitored' which is always considered up
1119
		$gateways_arr = order_gateways_as_configured($gateways_arr);
1120
		$fallback = "";
1121
		foreach($gateways_arr as $gwname => $gwsttng) {
1122
			if ($gwsttng['ipprotocol'] != $ipprotocol) {
1123
				continue;
1124
			}
1125

    
1126
			if ((isset($gwsttng['monitor_disable']) || isset($gwsttng['action_disable']) || $gateways_status[$gwname]['status'] == "none")) {
1127
				$set_dfltgwname = $gwname;
1128
				break;
1129
			}
1130
			if (empty($fallback) && $gwsttng['interface'] != 'lo0') {
1131
				$fallback = $gwname;
1132
			}
1133
		}
1134
		if (empty($set_dfltgwname)) {
1135
			log_error(sprintf("Gateway, none 'available' for %s, use the first one configured. '%s'", $ipprotocol, $fallback));
1136
			$set_dfltgwname = $fallback;
1137
		}
1138
	} else {
1139
		// a gwgroup is selected
1140
		// find the best available gateway given options available..
1141
		$gwg_members = array();
1142
		$viplist = get_configured_vip_list();
1143
		if (is_array($config['gateways']['gateway_group'])) {
1144
			foreach ($config['gateways']['gateway_group'] as $group) {
1145
				if ($group['name'] == $gwdefault) {
1146
					// finds the gw members of the best available tier for this group.
1147
					$gwg_members = get_gwgroup_members_inner($group, $gateways_status, $gateways_arr, $viplist);
1148
				}
1149
			}
1150
		}
1151

    
1152
		if (count($gwg_members) > 0) {
1153
			$currentdefaultgwip = route_get_default($ipprotocol);
1154
			$found_current = false;
1155
			foreach($gwg_members as $gwgroupitem) {
1156
				if (!empty($currentdefaultgwip) && ($gwgroupitem['gwip'] == $currentdefaultgwip)) {
1157
					$set_dfltgwname = $gwgroupitem['gw'];
1158
					$found_current = true;
1159
					if (isset($config['system']['gw-debug'])) {
1160
						log_error("Keep current gateway, its already part of the group members.");
1161
					}
1162
					break;
1163
				}
1164
			}
1165
			if (!$found_current) {
1166
				$set_dfltgwname = $gwg_members[0]['gw'];
1167
				log_error(sprintf("Gateway, switch to: %s", $set_dfltgwname));
1168
			}
1169
		} else {
1170
			log_error("Gateway, NONE AVAILABLE");
1171
		}
1172
	}
1173
	if (!empty($set_dfltgwname) && isset($gateways_arr[$set_dfltgwname])) {
1174
		setdefaultgateway($gateways_arr[$set_dfltgwname]);
1175
	}
1176
}
1177

    
1178
function setdefaultgateway($gw) {
1179
	global $g, $config;
1180
	if (isset($config['system']['route-debug'])) {
1181
		file_put_contents("/dev/console", "\n[".getmypid()."] SET DEF GW: {$gw['name']}");
1182
	}
1183
	$ipprotocol = $gw['ipprotocol'];
1184
	if ($gw['gateway'] == "dynamic") {
1185
		if ($ipprotocol == 'inet') {
1186
			$gw['gateway'] = get_interface_gateway($gw['friendlyiface']);
1187
		} else {
1188
			$gw['gateway'] = get_interface_gateway_v6($$gw['friendlyiface']);
1189
		}
1190
	}
1191
	if ($ipprotocol == 'inet6' && !is_ipaddrv6($gw['gateway'])) {
1192
		return;
1193
	}
1194
	if ($ipprotocol == 'inet' && !is_ipaddrv4($gw['gateway'])) {
1195
		return;
1196
	}
1197
	if ($ipprotocol == 'inet6') {
1198
		if (is_linklocal($gw['gateway']) && get_ll_scope($gw['gateway']) == '') {
1199
			$gw['gateway'] .= "%" . $gw['interface'];
1200
		}
1201
	}
1202
	$currentdefaultgwip = route_get_default($ipprotocol);
1203
	if ($currentdefaultgwip != $gw['gateway']) {
1204
		log_error("Default gateway setting {$gw['descr']} as default.");
1205

    
1206
		if ($ipprotocol == 'inet') {
1207
			array_map('unlink', glob("{$g['tmp_path']}/*_defaultgw", GLOB_BRACE));
1208
		} else {
1209
			array_map('unlink', glob("{$g['tmp_path']}/*_defaultgwv6", GLOB_BRACE));
1210
		}
1211
		$defaultif = get_real_interface($gw['interface']);
1212
		if ($defaultif) {
1213
			@file_put_contents("{$g['tmp_path']}/{$defaultif}_defaultgw", $gw['gateway']);
1214
		}
1215

    
1216
		if (isset($gw["nonlocalgateway"])) {
1217
			if (is_ipaddr($gw['gateway']) && !empty($gw['interface'])) {
1218
				route_add_or_change($gw['gateway'], '',
1219
				    $gw['interface']);
1220
			}
1221
		}
1222
		if (isset($config['system']['route-debug'])) {
1223
			file_put_contents("/dev/console", "\n[".getmypid()."] SET DEF GW: {$gw['name']} ({$gw['gateway']})");
1224
		}
1225
		route_add_or_change("default", $gw['gateway'], '', '',
1226
		    $ipprotocol);
1227
		return true;
1228
	}
1229
}
1230

    
1231
function get_gwgroup_members_inner($group, $gateways_status, $gateways_arr, $viplist){
1232
	$result = array();
1233
	/* create array with group gateways members separated by tier */
1234
	$tiers = array();
1235
	$backupplan = array();
1236
	$gwvip_arr = array();
1237
	foreach ($group['item'] as $item) {
1238
		list($gwname, $tier, $vipname) = explode("|", $item);
1239

    
1240
		if (is_ipaddr($viplist[$vipname])) {
1241
			if (!is_array($gwvip_arr[$group['name']])) {
1242
				$gwvip_arr[$group['name']] = array();
1243
			}
1244
			$gwvip_arr[$group['name']][$gwname] = $vipname;
1245
		}
1246

    
1247
		/* Do it here rather than reiterating again the group in case no member is up. */
1248
		if (!is_array($backupplan[$tier])) {
1249
			$backupplan[$tier] = array();
1250
		}
1251
		$backupplan[$tier][] = $gwname;
1252

    
1253
		/* check if the gateway is available before adding it to the array */
1254
		if (is_array($gateways_status[$gwname])) {
1255
			$status = $gateways_status[$gwname];
1256
			$gwdown = false;
1257
			if (stristr($status['status'], "down")) {
1258
				$gwdown = true;
1259
				switch ($status['substatus']) {
1260
					case "highloss":
1261
						$msg = sprintf(gettext('MONITOR: %1$s has packet loss, omitting from routing group %2$s'), $gwname, $group['name']);
1262
						break;
1263
					case "highdelay":
1264
						$msg = sprintf(gettext('MONITOR: %1$s has high latency, omitting from routing group %2$s'), $gwname, $group['name']);
1265
						break;
1266
					default:
1267
						$msg = sprintf(gettext('MONITOR: %1$s is down, omitting from routing group %2$s'), $gwname, $group['name']);
1268
				}
1269
			}
1270
			$statuschanged = false;
1271
			$pluginparams = array();
1272
			$pluginparams['type'] = 'gateway';
1273
			$pluginparams['name'] = $gwname;
1274
			if ($gwdown == true) {
1275
				if (!file_exists("/tmp/.down.{$gwname}")) {
1276
					@touch("/tmp/.down.{$gwname}");
1277
					$msg .= "\n".implode("|", $status);
1278
					$pluginparams['event'] = 'gateway.down';
1279
					$statuschanged = true;
1280
				}
1281
			} else {
1282
				/* Online add member */
1283
				if (!is_array($tiers[$tier])) {
1284
					$tiers[$tier] = array();
1285
				}
1286
				$tiers[$tier][] = $gwname;
1287
				if (unlink_if_exists("/tmp/.down.{$gwname}")) {
1288
					$msg = sprintf(gettext('MONITOR: %1$s is available now, adding to routing group %2$s'), $gwname, $group['name']);
1289
					$msg .= "\n".implode("|", $status);
1290
					$pluginparams['event'] = 'gateway.up';
1291
					$statuschanged = true;
1292
				}
1293
			}
1294
			if ($statuschanged) {
1295
				log_error($msg);
1296
				notify_all_remote($msg);
1297
				if (isset($gateways_arr[$gwname]['interface'])) {
1298
					$pluginparams['interface'] = $gateways_arr[$gwname]['interface'];
1299
				}
1300
				pkg_call_plugins('plugin_gateway', $pluginparams);
1301
			}
1302
		} else if (isset($gateways_arr[$gwname]['monitor_disable']) || isset($gateways_arr[$gwname]['action_disable'])) {
1303
			$tiers[$tier][] = $gwname;
1304
		}
1305
	}
1306
	$tiers_count = count($tiers);
1307
	if ($tiers_count == 0) {
1308
		/* Oh dear, we have no members! Engage Plan B */
1309
		if (isset($config['system']['gw-debug']) && (!platform_booting())) {
1310
			$msg = sprintf(gettext('Gateways status could not be determined, considering all as up/active. (Group: %s)'), $group['name']);
1311
			log_error($msg);
1312
		}
1313
		$tiers = $backupplan;
1314
	}
1315
	/* sort the tiers array by the tier key */
1316
	ksort($tiers);
1317

    
1318
	/* we do not really foreach the tiers as we stop after the first tier */
1319
	foreach ($tiers as $tieridx => $tier) {
1320
		/* process all gateways in this tier */
1321
		foreach ($tier as $member) {
1322
			/* determine interface gateway */
1323
			if (isset($gateways_arr[$member])) {
1324
				$gateway = $gateways_arr[$member];
1325
				$int = $gateway['interface'];
1326
				$gatewayip = "";
1327
				if (is_ipaddr($gateway['gateway'])) {
1328
					$gatewayip = $gateway['gateway'];
1329
				} else if (!empty($int)) {
1330
					$gatewayip = get_interface_gateway($gateway['friendlyiface']);
1331
				}
1332

    
1333
				if (!empty($int)) {
1334
					$result['ipprotocol'] = $gateway['ipprotocol'];
1335
					if (is_ipaddr($gatewayip)) {
1336
						$groupmember = array();
1337
						$groupmember['gw'] = $member;
1338
						$groupmember['int'] = $int;
1339
						$groupmember['gwip'] = $gatewayip;
1340
						$groupmember['weight'] = isset($gateway['weight']) ? $gateway['weight'] : 1;
1341
						if (is_array($gwvip_arr[$group['name']]) && !empty($gwvip_arr[$group['name']][$member])) {
1342
							$groupmember['vip'] = $gwvip_arr[$group['name']][$member];
1343
						}
1344
						$result[] = $groupmember;
1345
					}
1346
				}
1347
			}
1348
		}
1349
		/* we should have the 1st available tier now, exit stage left */
1350
		if (count($result) > 0) {
1351
			break;
1352
		} else {
1353
			log_error(sprintf(gettext('GATEWAYS: Group %1$s did not have any gateways up on tier %2$s!'), $group['name'], $tieridx));
1354
		}
1355
	}
1356
	// Add description field last to not influence the count() above
1357
	$result['descr'] = $group['descr'];
1358
	return $result;
1359
}
1360

    
1361
function get_gwgroup_members($groupname) {
1362
	global $config;
1363
	$gateways_status = return_gateways_status(true);
1364
	$gateways_arr = return_gateways_array();
1365
	$viplist = get_configured_vip_list();
1366
	foreach ($config['gateways']['gateway_group'] as $group) {
1367
		if ($group['name'] == $groupname) {
1368
			return get_gwgroup_members_inner($group, $gateways_status, $gateways_arr, $viplist);
1369
		}
1370
	}
1371
	return array();
1372
}
1373

    
1374
/*
1375
 * Return an array with all gateway groups with name as key
1376
 * All gateway groups will be processed before returning the array.
1377
 */
1378
function return_gateway_groups_array($fixup = false, $gways = false) {
1379
	global $config;
1380

    
1381
	/* fetch the current gateways status */
1382
	if (is_array($gways)) {
1383
		$gateways_status = $gways;
1384
	} else {
1385
		$gateways_status = return_gateways_status(true);
1386
	}
1387

    
1388
	$gateways_arr = return_gateways_array();
1389
	$gateway_groups_array = array();
1390
	if ($fixup == true) {
1391
		$gw4 = lookup_gateway_or_group_by_name($config['gateways']['defaultgw4'], $gways);
1392
		$gw6 = lookup_gateway_or_group_by_name($config['gateways']['defaultgw6'], $gways);
1393
		if ($gw4 && $gw4['type'] == 'gatewaygroup') {
1394
			fixup_default_gateway("inet", $gateways_status, $gateways_arr);
1395
		}
1396
		if ($gw6 && $gw6['type'] == 'gatewaygroup') {
1397
			fixup_default_gateway("inet6", $gateways_status, $gateways_arr);
1398
		}
1399
	}
1400
	init_config_arr(array('gateways', 'gateway_group'));
1401
	if (!empty($config['gateways']['gateway_group'])) {
1402
		$viplist = get_configured_vip_list();
1403
		foreach ($config['gateways']['gateway_group'] as $group) {
1404
			$gateway_groups_array[$group['name']] = get_gwgroup_members_inner($group, $gateways_status, $gateways_arr, $viplist);
1405
		}
1406
	}
1407

    
1408
	return ($gateway_groups_array);
1409
}
1410

    
1411
/* Update DHCP WAN Interface ip address in gateway group item */
1412
function dhclient_update_gateway_groups_defaultroute($interface = "wan") {
1413
	global $config;
1414

    
1415
	if (is_array($config['gateways']['gateway_item'])) {
1416
		foreach ($config['gateways']['gateway_item'] as & $gw) {
1417
			if ($gw['interface'] != $interface) {
1418
				continue;
1419
			}
1420

    
1421
			$current_gw = get_interface_gateway($interface);
1422
			if ($gw['gateway'] <> $current_gw) {
1423
				$gw['gateway'] = $current_gw;
1424
				$changed = true;
1425
			}
1426
		}
1427
	}
1428

    
1429
	if ($changed && $current_gw) {
1430
		write_config(sprintf(gettext(
1431
		    'Updating gateway group gateway for %1$s - new gateway is %2$s'),
1432
		    $interface, $current_gw));
1433
	}
1434
}
1435

    
1436
function lookup_gateway_or_group_by_name($gwname, $gways = false) {
1437
	global $config;
1438

    
1439
	if (is_array($gways)) {
1440
		$gateways_arr = $gways;
1441
	} else {
1442
		$gateways_arr = return_gateways_array();
1443
	}
1444

    
1445
	foreach ($gateways_arr as $gw) {
1446
		if ($gw['name'] == $gwname) {
1447
			$gw['type'] = 'gateway';
1448
			return $gw;
1449
		}
1450
	}
1451

    
1452
	init_config_arr(array('gateways', 'gateway_group'));
1453
	foreach ($config['gateways']['gateway_group'] as $gwg) {
1454
		if ($gwg['name'] == $gwname) {
1455
			$gwg['type'] = 'gatewaygroup';
1456
			return $gwg;
1457
		}
1458
	}
1459

    
1460
	return false;
1461
}
1462

    
1463
function lookup_gateway_ip_by_name($name, $disabled = false) {
1464

    
1465
	$gateways_arr = return_gateways_array($disabled, true);
1466
	foreach ($gateways_arr as $gname => $gw) {
1467
		if ($gw['name'] === $name || $gname === $name) {
1468
			return $gw['gateway'];
1469
		}
1470
	}
1471

    
1472
	return false;
1473
}
1474

    
1475
function lookup_gateway_monitor_ip_by_name($name) {
1476

    
1477
	$gateways_arr = return_gateways_array(false, true);
1478
	if (!empty($gateways_arr[$name])) {
1479
		$gateway = $gateways_arr[$name];
1480
		if (!is_ipaddr($gateway['monitor'])) {
1481
			return $gateway['gateway'];
1482
		}
1483

    
1484
		return $gateway['monitor'];
1485
	}
1486

    
1487
	return (false);
1488
}
1489

    
1490
function lookup_gateway_interface_by_name($name) {
1491

    
1492
	$gateways_arr = return_gateways_array(false, true);
1493
	if (!empty($gateways_arr[$name])) {
1494
		$interfacegw = $gateways_arr[$name]['friendlyiface'];
1495
		return ($interfacegw);
1496
	}
1497

    
1498
	return (false);
1499
}
1500

    
1501
function get_root_interface($interface) {
1502
	if (substr($interface, 0, 4) == '_vip') {
1503
		$interface = get_configured_vip_interface($interface);
1504
		if (substr($interface, 0, 4) == '_vip') {
1505
			$interface = get_configured_vip_interface($interface);
1506
		}
1507
	}
1508
	return $interface;
1509
}
1510

    
1511
function get_interface_gateway($interface, &$dynamic = false) {
1512
	global $config, $g;
1513

    
1514
	$interface = get_root_interface($interface);
1515

    
1516
	$gw = NULL;
1517
	$gwcfg = $config['interfaces'][$interface];
1518
	if (!empty($gwcfg['gateway']) && is_array($config['gateways']['gateway_item'])) {
1519
		foreach ($config['gateways']['gateway_item'] as $gateway) {
1520
			if (($gateway['name'] == $gwcfg['gateway']) && (is_ipaddrv4($gateway['gateway']))) {
1521
				$gw = $gateway['gateway'];
1522
				break;
1523
			}
1524
		}
1525
	}
1526

    
1527
	// for dynamic interfaces we handle them through the $interface_router file.
1528
	if (($gw == NULL || !is_ipaddrv4($gw)) && !is_ipaddrv4($gwcfg['ipaddr'])) {
1529
		$realif = get_real_interface($interface);
1530
		if (file_exists("{$g['tmp_path']}/{$realif}_router")) {
1531
			$gw = trim(file_get_contents("{$g['tmp_path']}/{$realif}_router"), " \n");
1532
			$dynamic = true;
1533
		}
1534
		if (file_exists("{$g['tmp_path']}/{$realif}_defaultgw")) {
1535
			$dynamic = "default";
1536
		}
1537

    
1538
	}
1539

    
1540
	/* return gateway */
1541
	return ($gw);
1542
}
1543

    
1544
function get_interface_gateway_v6($interface, &$dynamic = false) {
1545
	global $config, $g;
1546

    
1547
	$interface = get_root_interface($interface);
1548

    
1549
	$gw = NULL;
1550
	$gwcfg = $config['interfaces'][$interface];
1551
	if (!empty($gwcfg['gatewayv6']) && is_array($config['gateways']['gateway_item'])) {
1552
		foreach ($config['gateways']['gateway_item'] as $gateway) {
1553
			if (($gateway['name'] == $gwcfg['gatewayv6']) && (is_ipaddrv6($gateway['gateway']))) {
1554
				$gw = $gateway['gateway'];
1555
				break;
1556
			}
1557
		}
1558
	}
1559

    
1560
	// for dynamic interfaces we handle them through the $interface_router file.
1561
	if (($gw == NULL || !is_ipaddrv6($gw)) && !is_ipaddrv6($gwcfg['ipaddrv6'])) {
1562
		$realif = get_real_interface($interface);
1563
		if (file_exists("{$g['tmp_path']}/{$realif}_routerv6")) {
1564
			$gw = trim(file_get_contents("{$g['tmp_path']}/{$realif}_routerv6"), " \n");
1565
			$dynamic = true;
1566
		}
1567
		if (file_exists("{$g['tmp_path']}/{$realif}_defaultgwv6")) {
1568
			$dynamic = "default";
1569
		}
1570
	}
1571
	/* return gateway */
1572
	return ($gw);
1573
}
1574

    
1575
/* Check a IP address against a gateway IP or name
1576
 * to verify it's address family */
1577
function validate_address_family($ipaddr, $gwname, $disabled = false) {
1578
	$v4ip = false;
1579
	$v6ip = false;
1580
	$v4gw = false;
1581
	$v6gw = false;
1582

    
1583
	if (is_ipaddrv4($ipaddr)) {
1584
		$v4ip = true;
1585
	}
1586
	if (is_ipaddrv6($ipaddr)) {
1587
		$v6ip = true;
1588
	}
1589
	if (is_ipaddrv4($gwname)) {
1590
		$v4gw = true;
1591
	}
1592
	if (is_ipaddrv6($gwname)) {
1593
		$v6gw = true;
1594
	}
1595

    
1596
	if ($v4ip && $v4gw) {
1597
		return true;
1598
	}
1599
	if ($v6ip && $v6gw) {
1600
		return true;
1601
	}
1602

    
1603
	/* still no match, carry on, lookup gateways */
1604
	if (is_ipaddrv4(lookup_gateway_ip_by_name($gwname, $disabled))) {
1605
		$v4gw = true;
1606
	}
1607
	if (is_ipaddrv6(lookup_gateway_ip_by_name($gwname, $disabled))) {
1608
		$v6gw = true;
1609
	}
1610

    
1611
	$gw_array = return_gateways_array();
1612
	if (is_array($gw_array[$gwname])) {
1613
		switch ($gw_array[$gwname]['ipprotocol']) {
1614
			case "inet":
1615
				$v4gw = true;
1616
				break;
1617
			case "inet6":
1618
				$v6gw = true;
1619
				break;
1620
		}
1621
	}
1622

    
1623
	if ($v4ip && $v4gw) {
1624
		return true;
1625
	}
1626
	if ($v6ip && $v6gw) {
1627
		return true;
1628
	}
1629

    
1630
	return false;
1631
}
1632

    
1633
/* check if a interface is part of a gateway group */
1634
function interface_gateway_group_member($interface, $gwgroup_name = "") {
1635
	global $config;
1636

    
1637
	if (is_array($config['gateways']['gateway_group'])) {
1638
		$groups = $config['gateways']['gateway_group'];
1639
	} else {
1640
		return false;
1641
	}
1642

    
1643
	$gateways_arr = return_gateways_array(false, true);
1644
	foreach ($groups as $group) {
1645
		if (is_array($group['item'])) {
1646
			foreach ($group['item'] as $item) {
1647
				$elements = explode("|", $item);
1648
				$gwname = $elements[0];
1649
				if ($interface == $gateways_arr[$gwname]['interface'] &&
1650
				    (empty($gwgroup_name) || $gwgroup_name == $group['name'])) {
1651
					unset($gateways_arr);
1652
					return true;
1653
				}
1654
			}
1655
		}
1656
	}
1657
	unset($gateways_arr);
1658

    
1659
	return false;
1660
}
1661

    
1662
function gateway_is_gwgroup_member($name, $detail=false) {
1663
	global $config;
1664

    
1665
	if (is_array($config['gateways']['gateway_group'])) {
1666
		$groups = $config['gateways']['gateway_group'];
1667
	} else {
1668
		return false;
1669
	}
1670

    
1671
	$members = array();
1672
	foreach ($groups as $group) {
1673
		if (is_array($group['item'])) {
1674
			foreach ($group['item'] as $item) {
1675
				list($gwname, $tier, $vipname) = explode("|", $item);
1676
				if ($name == $gwname) {
1677
					if ($detail) {
1678
						$newitem = array();
1679
						$newitem['name'] = $group['name'];
1680
						$newitem['tier'] = $tier;
1681
						$newitem['vipname'] = $vipname;
1682
						$members[] = $newitem;
1683
					} else {
1684
						$members[] = $group['name'];
1685
					}
1686
				}
1687
			}
1688
		}
1689
	}
1690

    
1691
	return $members;
1692
}
1693
/*
1694
  Check the proposed gateway settings to see if they are valid.
1695
  $gateway_settings - the proposed array of proposed gateway settings
1696
  $id - the index of the gateway proposed to be modified (otherwise "" if adding a new gateway)
1697
  $parent_ip - the IP (v4 or v6) address about to be set on the corresponding interface (if any)
1698
  $parent_sn - the subnet about to be set on the corresponding interface (if any)
1699
  (Note: the above 2 parameters allow gateway parameters to be validated concurrently with saving
1700
   an interface, before the new interface parameters are actually saved in the config.)
1701
  Return completed $input_errors array if there is any problem.
1702
  Otherwise return an empty $input_errors array
1703
*/
1704
function validate_gateway($gateway_settings, $id = "", $parent_ip = "", $parent_sn = "") {
1705
	global $config;
1706

    
1707
	$a_gateways = return_gateways_array(true, false, true, true);
1708
	$input_errors = array();
1709

    
1710
	/* input validation */
1711
	$reqdfields = explode(" ", "name interface");
1712
	$reqdfieldsn = array(gettext("Name"), gettext("Interface"));
1713

    
1714
	do_input_validation($gateway_settings, $reqdfields, $reqdfieldsn, $input_errors);
1715

    
1716
	if (!isset($gateway_settings['name'])) {
1717
		$input_errors[] = "A valid gateway name must be specified.";
1718
	}
1719
	if (!is_validaliasname($gateway_settings['name'])) {
1720
		$input_errors[] = invalidaliasnamemsg($gateway_settings['name'], gettext("gateway"));
1721
	} else if (isset($gateway_settings['disabled'])) {
1722
		// We have a valid gateway name that the user wants to mark as disabled.
1723
		// Check if the gateway name is used in any gateway group.
1724
		if (is_array($config['gateways']['gateway_group'])) {
1725
			foreach ($config['gateways']['gateway_group'] as $group) {
1726
				foreach ($group['item'] as $item) {
1727
					$items = explode("|", $item);
1728
					if ($items[0] == $gateway_settings['name']) {
1729
						$input_errors[] = sprintf(gettext('Gateway "%1$s" cannot be disabled because it is in use on Gateway Group "%2$s"'), $gateway_settings['name'], $group['name']);
1730
					}
1731
				}
1732
			}
1733
		}
1734

    
1735
		// Check if the gateway name is used in any enabled Static Route.
1736
		if (is_array($config['staticroutes']['route'])) {
1737
			foreach ($config['staticroutes']['route'] as $route) {
1738
				if ($route['gateway'] == $gateway_settings['name']) {
1739
					if (!isset($route['disabled'])) {
1740
						// There is a static route that uses this gateway and is enabled (not disabled).
1741
						$input_errors[] = sprintf(gettext('Gateway "%1$s" cannot be disabled because it is in use on Static Route "%2$s"'), $gateway_settings['name'], $route['network']);
1742
					}
1743
				}
1744
			}
1745
		}
1746
	}
1747
	/* skip system gateways which have been automatically added */
1748
	if (($gateway_settings['gateway'] && (!is_ipaddr($gateway_settings['gateway'])) && ($gateway_settings['attribute'] !== "system")) && ($gateway_settings['gateway'] != "dynamic")) {
1749
		$input_errors[] = gettext("A valid gateway IP address must be specified.");
1750
	}
1751

    
1752
	if ($gateway_settings['gateway'] && is_ipaddr($gateway_settings['gateway'])) {
1753
		if (is_ipaddrv4($gateway_settings['gateway'])) {
1754
			if ($parent_ip == '') {
1755
				$parent_ip = get_interface_ip($gateway_settings['interface']);
1756
				$parent_sn = get_interface_subnet($gateway_settings['interface']);
1757
			}
1758
			if (empty($parent_ip) || empty($parent_sn)) {
1759
				$input_errors[] = gettext("Cannot add IPv4 Gateway Address because no IPv4 address could be found on the interface.");
1760
			} elseif (!isset($gateway_settings["nonlocalgateway"])) {
1761
				$subnets = array(gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn);
1762
				$vips = link_interface_to_vips($gateway_settings['interface']);
1763
				if (is_array($vips)) {
1764
					foreach ($vips as $vip) {
1765
						if (!is_ipaddrv4($vip['subnet'])) {
1766
							continue;
1767
						}
1768
						$subnets[] = gen_subnet($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'];
1769
					}
1770
				}
1771

    
1772
				$found = false;
1773
				foreach ($subnets as $subnet) {
1774
					if (ip_in_subnet($gateway_settings['gateway'], $subnet)) {
1775
						$found = true;
1776
						break;
1777
					}
1778
				}
1779

    
1780
				if ($found === false) {
1781
					$input_errors[] = sprintf(gettext("The gateway address %s does not lie within one of the chosen interface's subnets."), $gateway_settings['gateway']);
1782
				}
1783
			}
1784
		} else if (is_ipaddrv6($gateway_settings['gateway'])) {
1785
			/* do not do a subnet match on a link local address, it's valid */
1786
			if (!is_linklocal($gateway_settings['gateway'])) {
1787
				if ($parent_ip == '') {
1788
					$parent_ip = get_interface_ipv6($gateway_settings['interface']);
1789
					$parent_sn = get_interface_subnetv6($gateway_settings['interface']);
1790
				}
1791
				if (empty($parent_ip) || empty($parent_sn)) {
1792
					$input_errors[] = gettext("Cannot add IPv6 Gateway Address because no IPv6 address could be found on the interface.");
1793
				} elseif (!isset($gateway_settings["nonlocalgateway"])) {
1794
					$subnets = array(gen_subnetv6($parent_ip, $parent_sn) . "/" . $parent_sn);
1795
					$vips = link_interface_to_vips($gateway_settings['interface']);
1796
					if (is_array($vips)) {
1797
						foreach ($vips as $vip) {
1798
							if (!is_ipaddrv6($vip['subnet'])) {
1799
								continue;
1800
							}
1801
							$subnets[] = gen_subnetv6($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'];
1802
						}
1803
					}
1804

    
1805
					$found = false;
1806
					foreach ($subnets as $subnet) {
1807
						if (ip_in_subnet($gateway_settings['gateway'], $subnet)) {
1808
							$found = true;
1809
							break;
1810
						}
1811
					}
1812

    
1813
					if ($found === false) {
1814
						$input_errors[] = sprintf(gettext("The gateway address %s does not lie within one of the chosen interface's subnets."), $gateway_settings['gateway']);
1815
					}
1816
				}
1817
			}
1818
		}
1819

    
1820
		if (!empty($config['interfaces'][$gateway_settings['interface']]['ipaddr'])) {
1821
			if (is_ipaddr($config['interfaces'][$gateway_settings['interface']]['ipaddr']) && (empty($gateway_settings['gateway']) || $gateway_settings['gateway'] == "dynamic")) {
1822
				$input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv4 configuration.");
1823
			}
1824
		}
1825
		if (!empty($config['interfaces'][$gateway_settings['interface']]['ipaddrv6'])) {
1826
			if (is_ipaddr($config['interfaces'][$gateway_settings['interface']]['ipaddrv6']) && (empty($gateway_settings['gateway']) || $gateway_settings['gateway'] == "dynamic")) {
1827
				$input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv6 configuration.");
1828
			}
1829
		}
1830
	}
1831
	if (($gateway_settings['monitor'] != "") && ($gateway_settings['monitor'] != "dynamic")) {
1832
		validateipaddr($gateway_settings['monitor'], IPV4V6, "Monitor IP", $input_errors, false);
1833
	}
1834
	if (isset($gateway_settings['data_payload']) && is_numeric($gateway_settings['data_payload']) && $gateway_settings['data_payload'] < 0) {
1835
		$input_errors[] = gettext("A valid data payload must be specified.");
1836
	}
1837
	/* only allow correct IPv4 and IPv6 gateway addresses */
1838
	if (($gateway_settings['gateway'] <> "") && is_ipaddr($gateway_settings['gateway']) && $gateway_settings['gateway'] != "dynamic") {
1839
		if (is_ipaddrv6($gateway_settings['gateway']) && ($gateway_settings['ipprotocol'] == "inet")) {
1840
			$input_errors[] = sprintf(gettext("The IPv6 gateway address '%s' can not be used as a IPv4 gateway."), $gateway_settings['gateway']);
1841
		}
1842
		if (is_ipaddrv4($gateway_settings['gateway']) && ($gateway_settings['ipprotocol'] == "inet6")) {
1843
			$input_errors[] = sprintf(gettext("The IPv4 gateway address '%s' can not be used as a IPv6 gateway."), $gateway_settings['gateway']);
1844
		}
1845
	}
1846
	/* only allow correct IPv4 and IPv6 monitor addresses */
1847
	if (($gateway_settings['monitor'] <> "") && is_ipaddr($gateway_settings['monitor']) && $gateway_settings['monitor'] != "dynamic") {
1848
		if (is_ipaddrv6($gateway_settings['monitor']) && ($gateway_settings['ipprotocol'] == "inet")) {
1849
			$input_errors[] = sprintf(gettext("The IPv6 monitor address '%s' can not be used on a IPv4 gateway."), $gateway_settings['monitor']);
1850
		}
1851
		if (is_ipaddrv4($gateway_settings['monitor']) && ($gateway_settings['ipprotocol'] == "inet6")) {
1852
			$input_errors[] = sprintf(gettext("The IPv4 monitor address '%s' can not be used on a IPv6 gateway."), $gateway_settings['monitor']);
1853
		}
1854
	}
1855

    
1856
	if (isset($gateway_settings['name'])) {
1857
		/* check for overlaps */
1858
		foreach ($a_gateways as $gateway) {
1859
			if (isset($id) && ($a_gateways[$id]) && ($a_gateways[$id] === $gateway)) {
1860
				if ($gateway['name'] != $gateway_settings['name']) {
1861
					$input_errors[] = gettext("Changing name on a gateway is not allowed.");
1862
				}
1863
				continue;
1864
			}
1865
			if ($gateway_settings['name'] <> "") {
1866
				if (($gateway['name'] <> "") && ($gateway_settings['name'] == $gateway['name']) && ($gateway['attribute'] !== "system")) {
1867
					$input_errors[] = sprintf(gettext('The gateway name "%s" already exists.'), $gateway_settings['name']);
1868
					break;
1869
				}
1870
			}
1871
			if (is_ipaddr($gateway_settings['gateway'])) {
1872
				if (($gateway['gateway'] <> "") && ($gateway_settings['gateway'] == $gateway['gateway']) && ($gateway['attribute'] !== "system")) {
1873
					$input_errors[] = sprintf(gettext('The gateway IP address "%s" already exists.'), $gateway_settings['gateway']);
1874
					break;
1875
				}
1876
			}
1877
			if (is_ipaddr($gateway_settings['monitor'])) {
1878
				if (($gateway['monitor'] <> "") && ($gateway_settings['monitor'] == $gateway['monitor']) && ($gateway['attribute'] !== "system")) {
1879
					$input_errors[] = sprintf(gettext('The monitor IP address "%s" is already in use. A different monitor IP must be chosen.'), $gateway_settings['monitor']);
1880
					break;
1881
				}
1882
			}
1883
		}
1884
	}
1885

    
1886
	/* input validation of dpinger advanced parameters */
1887

    
1888
	$dpinger_default = return_dpinger_defaults();
1889
	$latencylow = $dpinger_default['latencylow'];
1890
	if ($gateway_settings['latencylow']) {
1891
		if (!is_numeric($gateway_settings['latencylow'])) {
1892
			$input_errors[] = gettext("The low latency threshold needs to be a numeric value.");
1893
		} else if ($gateway_settings['latencylow'] < 1) {
1894
			$input_errors[] = gettext("The low latency threshold needs to be positive.");
1895
		} else {
1896
			$latencylow = $gateway_settings['latencylow'];
1897
		}
1898
	}
1899

    
1900
	$latencyhigh = $dpinger_default['latencyhigh'];
1901
	if ($gateway_settings['latencyhigh']) {
1902
		if (!is_numeric($gateway_settings['latencyhigh'])) {
1903
			$input_errors[] = gettext("The high latency threshold needs to be a numeric value.");
1904
		} else if ($gateway_settings['latencyhigh'] < 1) {
1905
			$input_errors[] = gettext("The high latency threshold needs to be positive.");
1906
		} else {
1907
			$latencyhigh = $gateway_settings['latencyhigh'];
1908
		}
1909
	}
1910

    
1911
	$losslow = $dpinger_default['losslow'];
1912
	if ($gateway_settings['losslow']) {
1913
		if (!is_numeric($gateway_settings['losslow'])) {
1914
			$input_errors[] = gettext("The low Packet Loss threshold needs to be a numeric value.");
1915
		} else if ($gateway_settings['losslow'] < 1) {
1916
			$input_errors[] = gettext("The low Packet Loss threshold needs to be positive.");
1917
		} else if ($gateway_settings['losslow'] >= 100) {
1918
			$input_errors[] = gettext("The low Packet Loss threshold needs to be less than 100.");
1919
		} else {
1920
			$losslow = $gateway_settings['losslow'];
1921
		}
1922
	}
1923

    
1924
	$losshigh = $dpinger_default['losshigh'];
1925
	if ($gateway_settings['losshigh']) {
1926
		if (!is_numeric($gateway_settings['losshigh'])) {
1927
			$input_errors[] = gettext("The high Packet Loss threshold needs to be a numeric value.");
1928
		} else if ($gateway_settings['losshigh'] < 1) {
1929
			$input_errors[] = gettext("The high Packet Loss threshold needs to be positive.");
1930
		} else if ($gateway_settings['losshigh'] > 100) {
1931
			$input_errors[] = gettext("The high Packet Loss threshold needs to be 100 or less.");
1932
		} else {
1933
			$losshigh = $gateway_settings['losshigh'];
1934
		}
1935
	}
1936

    
1937
	$time_period = $dpinger_default['time_period'];
1938
	if ($gateway_settings['time_period']) {
1939
		if (!is_numeric($gateway_settings['time_period'])) {
1940
			$input_errors[] = gettext("The time period over which results are averaged needs to be a numeric value.");
1941
		} else if ($gateway_settings['time_period'] < 1) {
1942
			$input_errors[] = gettext("The time period over which results are averaged needs to be positive.");
1943
		} else {
1944
			$time_period = $gateway_settings['time_period'];
1945
		}
1946
	}
1947

    
1948
	$interval = $dpinger_default['interval'];
1949
	if ($gateway_settings['interval']) {
1950
		if (!is_numeric($gateway_settings['interval'])) {
1951
			$input_errors[] = gettext("The probe interval needs to be a numeric value.");
1952
		} else if ($gateway_settings['interval'] < 1) {
1953
			$input_errors[] = gettext("The probe interval needs to be positive.");
1954
		} else {
1955
			$interval = $gateway_settings['interval'];
1956
		}
1957
	}
1958

    
1959
	$loss_interval = $dpinger_default['loss_interval'];
1960
	if ($gateway_settings['loss_interval']) {
1961
		if (!is_numeric($gateway_settings['loss_interval'])) {
1962
			$input_errors[] = gettext("The loss interval needs to be a numeric value.");
1963
		} else if ($gateway_settings['loss_interval'] < 1) {
1964
			$input_errors[] = gettext("The loss interval setting needs to be positive.");
1965
		} else {
1966
			$loss_interval = $gateway_settings['loss_interval'];
1967
		}
1968
	}
1969

    
1970
	$alert_interval = $dpinger_default['alert_interval'];
1971
	if ($gateway_settings['alert_interval']) {
1972
		if (!is_numeric($gateway_settings['alert_interval'])) {
1973
			$input_errors[] = gettext("The alert interval needs to be a numeric value.");
1974
		} else if ($gateway_settings['alert_interval'] < 1) {
1975
			$input_errors[] = gettext("The alert interval setting needs to be positive.");
1976
		} else {
1977
			$alert_interval = $gateway_settings['alert_interval'];
1978
		}
1979
	}
1980

    
1981
	if ($latencylow >= $latencyhigh) {
1982
		$input_errors[] = gettext(
1983
		    "The high latency threshold needs to be greater than the low latency threshold");
1984
	}
1985

    
1986
	if ($losslow >= $losshigh) {
1987
		$input_errors[] = gettext(
1988
		    "The high packet loss threshold needs to be higher than the low packet loss threshold");
1989
	}
1990

    
1991
	// If the loss interval is less than latencyhigh, then high latency could never be recorded
1992
	// because those high latency packets would be considered as lost. So do not allow that.
1993
	if ($latencyhigh > $loss_interval) {
1994
		$input_errors[] = gettext("The loss interval needs to be greater than or equal to the high latency threshold.");
1995
	}
1996

    
1997
	// Ensure that the time period is greater than 2 times the probe interval plus the loss interval.
1998
	if (($interval * 2 + $loss_interval) >= $time_period) {
1999
		$input_errors[] = gettext("The time period needs to be greater than twice the probe interval plus the loss interval.");
2000
	}
2001

    
2002
	// There is no point recalculating the average latency and loss more often than the probe interval.
2003
	// So the alert interval needs to be >= probe interval.
2004
	if ($interval > $alert_interval) {
2005
		$input_errors[] = gettext("The alert interval needs to be greater than or equal to the probe interval.");
2006
	}
2007

    
2008
	return $input_errors;
2009
}
2010

    
2011
// Save gateway settings.
2012
// $gateway_settings - the array of gateway setting parameters
2013
// $realid - the index of the gateway to be modified (otherwise "" if adding a new gateway)
2014

    
2015
// This function is responsible to:
2016
//   Setup the gateway parameter structure from the gateway settings input parameter
2017
//   Save the structure into the config
2018
//   Remove any run-time settings from gateway parameters that are changed (e.g. remove routes to addresses that are changing)
2019

    
2020
// A subsequent "apply" step will implement the added/changed gateway.
2021

    
2022
function save_gateway($gateway_settings, $realid = "") {
2023
	global $config;
2024

    
2025
	init_config_arr(array('gateways', 'gateway_item'));
2026
	$a_gateway_item = &$config['gateways']['gateway_item'];
2027
	$reloadif = "";
2028
	$gateway = array();
2029

    
2030
	if (empty($gateway_settings['interface'])) {
2031
		$gateway['interface'] = $gateway_settings['friendlyiface'];
2032
	} else {
2033
		$gateway['interface'] = $gateway_settings['interface'];
2034
	}
2035
	if (is_ipaddr($gateway_settings['gateway'])) {
2036
		$gateway['gateway'] = $gateway_settings['gateway'];
2037
	} else {
2038
		$gateway['gateway'] = "dynamic";
2039
	}
2040
	$gateway['name'] = $gateway_settings['name'];
2041
	$gateway['weight'] = $gateway_settings['weight'];
2042
	$gateway['ipprotocol'] = $gateway_settings['ipprotocol'];
2043
	if ($gateway_settings['interval']) {
2044
		$gateway['interval'] = $gateway_settings['interval'];
2045
	}
2046

    
2047
	if ($gateway_settings['time_period']) {
2048
		$gateway['time_period'] = $gateway_settings['time_period'];
2049
	}
2050
	if ($gateway_settings['alert_interval']) {
2051
		$gateway['alert_interval'] = $gateway_settings['alert_interval'];
2052
	}
2053

    
2054
	$gateway['descr'] = $gateway_settings['descr'];
2055
	if ($gateway_settings['monitor_disable'] == "yes") {
2056
		$gateway['monitor_disable'] = true;
2057
	}
2058
	if ($gateway_settings['action_disable'] == "yes") {
2059
		$gateway['action_disable'] = true;
2060
	}
2061
	if ($gateway_settings['nonlocalgateway'] == "yes") {
2062
		$gateway['nonlocalgateway'] = true;
2063
	}
2064
	if ($gateway_settings['force_down'] == "yes") {
2065
		$gateway['force_down'] = true;
2066
	}
2067
	if (is_ipaddr($gateway_settings['monitor'])) {
2068
		$gateway['monitor'] = $gateway_settings['monitor'];
2069
	}
2070
	if (isset($gateway_settings['data_payload']) && is_numeric($gateway_settings['data_payload']) && $gateway_settings['data_payload'] >= 0) {
2071
		$gateway['data_payload'] = $gateway_settings['data_payload'];
2072
	}
2073

    
2074
	/* NOTE: If gateway ip is changed need to cleanup the old static interface route */
2075
	if ($gateway_settings['monitor'] != "dynamic" &&
2076
	    !empty($a_gateway_item[$realid]) &&
2077
	    is_ipaddr($a_gateway_item[$realid]['gateway']) &&
2078
	    $gateway['gateway'] != $a_gateway_item[$realid]['gateway'] &&
2079
	    isset($a_gateway_item[$realid]["nonlocalgateway"])) {
2080
		route_del($a_gateway_item[$realid]['gateway']);
2081
	}
2082

    
2083
	/* NOTE: If monitor ip is changed need to cleanup the old static route */
2084
	if ($gateway_settings['monitor'] != "dynamic" &&
2085
	    !empty($a_gateway_item[$realid]) &&
2086
	    is_ipaddr($a_gateway_item[$realid]['monitor']) &&
2087
	    $gateway_settings['monitor'] != $a_gateway_item[$realid]['monitor'] &&
2088
	    $gateway['gateway'] != $a_gateway_item[$realid]['monitor']) {
2089
		route_del($a_gateway_item[$realid]['monitor']);
2090
	}
2091

    
2092
	if ($gateway_settings['defaultgw'] == "yes" || $gateway_settings['defaultgw'] == "on") {
2093
		// a new default gateway is being saved.
2094
		$i = 0;
2095
		/* remove the default gateway bits for all gateways with the same address family */
2096
		if (is_array($a_gateway_item)) {
2097
			foreach ($a_gateway_item as $gw) {
2098
				if ($gateway['ipprotocol'] == $gw['ipprotocol']) {
2099
					if ($gw['interface'] != $gateway_settings['interface'] &&
2100
						($gw['name'] == $config['gateways']['defaultgw4'] || $gw['name'] == $config['gateways']['defaultgw6'])) {
2101
						// remember the old default gateway interface to call with a "interface reconfigure" event.
2102
						$reloadif = $gw['interface'];
2103
					}
2104
				}
2105
				$i++;
2106
			}
2107
		}
2108
		if ($gateway['ipprotocol'] == "inet") {
2109
			$config['gateways']['defaultgw4'] = $gateway['name'];
2110
		} elseif ($gateway['ipprotocol'] == "inet6") {
2111
			$config['gateways']['defaultgw6'] = $gateway['name'];
2112
		}
2113
	}
2114

    
2115
	if ($gateway_settings['latencylow']) {
2116
		$gateway['latencylow'] = $gateway_settings['latencylow'];
2117
	}
2118
	if ($gateway_settings['latencyhigh']) {
2119
		$gateway['latencyhigh'] = $gateway_settings['latencyhigh'];
2120
	}
2121
	if ($gateway_settings['losslow']) {
2122
		$gateway['losslow'] = $gateway_settings['losslow'];
2123
	}
2124
	if ($gateway_settings['losshigh']) {
2125
		$gateway['losshigh'] = $gateway_settings['losshigh'];
2126
	}
2127
	if ($gateway_settings['loss_interval']) {
2128
		$gateway['loss_interval'] = $gateway_settings['loss_interval'];
2129
	}
2130
	/* when saving the manual gateway we use the attribute which has the corresponding id */
2131
	if (isset($realid) && $a_gateway_item[$realid]) {
2132
		$preserve_disabled = isset($a_gateway_item[$realid]['disabled']);
2133
		$a_gateway_item[$realid] = $gateway;
2134
		if ($preserve_disabled) {
2135
			$a_gateway_item[$realid]['disabled'] = true;
2136
		}
2137
	} else {
2138
		$a_gateway_item[] = $gateway;
2139
	}
2140
	gateway_set_enabled($gateway_settings['name'], !isset($gateway_settings['disabled']));
2141

    
2142
	mark_subsystem_dirty('staticroutes');
2143

    
2144
	write_config("Gateway settings changed");
2145

    
2146
	if (!empty($reloadif)) {
2147
		send_event("interface reconfigure {$reloadif}");
2148
	}
2149
}
2150

    
2151
function gateway_set_enabled($name, $enabled) {
2152
	global $config;
2153
	if (is_array($config['gateways']['gateway_item'])) {
2154
		foreach($config['gateways']['gateway_item'] as &$item) {
2155
			if ($item['name'] == $name) {
2156
				$gateway = &$item;
2157
			}
2158
		}
2159
	}
2160
	if (!isset($gateway)) {
2161
		return;
2162
	}
2163
	if ($enabled) {
2164
		unset($gateway['disabled']);
2165
	} else {
2166
		/* Check if the gateway was enabled but changed to disabled. */
2167
		if (!isset($gateway['disabled'])) {
2168
			/*  If the disabled gateway was the default route, remove the default route */
2169
			if (is_ipaddr($gateway['gateway'])) {
2170
				$inet = (!is_ipaddrv4($gateway['gateway']) ? 'inet6' : 'inet');
2171
				if ($inet == 'inet') {
2172
					$cgw = route_get_default('inet');
2173
				} else {
2174
					$cgw = route_get_default('inet6');
2175
				}
2176
				if ($gateway['gateway'] == $cgw) {
2177
					route_del("default", $inet);
2178
				}
2179
			}
2180
			$gateway['disabled'] = true;
2181
		}
2182
	}
2183
}
2184

    
2185
function gateway_or_gwgroup_exists($name) {
2186
	global $config;
2187
	if (is_array($config['gateways']['gateway_item'])) {
2188
		foreach($config['gateways']['gateway_item'] as $item) {
2189
			if ($item['name'] == $name) {
2190
				return true;
2191
			}
2192
		}
2193
	}
2194
	if (is_array($config['gateways']['gateway_group'])) {
2195
		foreach($config['gateways']['gateway_group'] as $item) {
2196
			if ($item['name'] == $name) {
2197
				return true;
2198
			}
2199
		}
2200
	}
2201
	return false;
2202
}
2203

    
2204
// These two replacement functions avoid the need to call return_gateways_array() multiple times and
2205
// allow system_gateways.php to get everything it needs in a single function call
2206
function gateway_getgwtiername($gways, $idx) {
2207
	global $config;
2208

    
2209
	$result = "";
2210
	$gwname = $gways[$idx]['name'];
2211

    
2212
	$gw = get_gateway_or_group_by_name($gwname, $gways);
2213
	init_config_arr(array('gateways'));
2214
	if ($config['gateways']['defaultgw4'] == $gwname || $config['gateways']['defaultgw6'] == $gwname) {
2215
		$result = "Default";
2216
	} else {
2217
		if ($gw['ipprotocol'] == 'inet') {
2218
			$defgw = get_gateway_or_group_by_name($config['gateways']['defaultgw4'], $gways);
2219
		} else {
2220
			$defgw = get_gateway_or_group_by_name($config['gateways']['defaultgw6'], $gways);
2221
		}
2222

    
2223
		if ($defgw['type'] == "gatewaygroup") {
2224
			$detail = gateway_is_gwgroup_member($gwname, true);
2225
			foreach($detail as $gwitem) {
2226
				if ($gwitem['name'] == $defgw['name']) {
2227
					if (isset($gwitem['tier'])) {
2228
						$result = "Tier " . $gwitem['tier'];
2229
						break;
2230
					}
2231
				}
2232
			}
2233
		}
2234
    }
2235

    
2236
	if (!empty($result)) {
2237
		if ($gw['ipprotocol'] == "inet") {
2238
			$result .= " (IPv4)";
2239
		} elseif ($gw['ipprotocol'] == "inet6") {
2240
			$result .= " (IPv6)";
2241
		}
2242
	}
2243

    
2244
	return $result;
2245
}
2246

    
2247
function get_gateway_or_group_by_name($gwname, $gateways_arr) {
2248
	global $config;
2249

    
2250
	foreach ($gateways_arr as $gw) {
2251
		if ($gw['name'] == $gwname) {
2252
			$gw['type'] = 'gateway';
2253
			return $gw;
2254
		}
2255
	}
2256

    
2257
	init_config_arr(array('gateways', 'gateway_group'));
2258
	foreach ($config['gateways']['gateway_group'] as $gwg) {
2259
		if ($gwg['name'] == $gwname) {
2260
			$gwg['type'] = 'gatewaygroup';
2261
			return $gwg;
2262
		}
2263
	}
2264

    
2265
	return false;
2266
}
2267

    
2268
// Compose a list of available gateways but without the need to call return_gateways_array() multiple times
2269
// Previously that function could be called eight times per gateway!
2270
function available_default_gateways() {
2271
	global $config;
2272

    
2273
	$gways = return_gateways_array(true, false, true, true);
2274

    
2275
	$items4 = array();
2276
	$items6 = array();
2277
	$items4[''] = "Automatic";
2278
	$items6[''] = "Automatic";
2279
	foreach($gways as $gw) {
2280
		$gwn = $gw['name'];
2281
		if ($gw['ipprotocol'] == "inet6") {
2282
			$items6[$gwn] = $gwn;
2283
		} else {
2284
			$items4[$gwn] = $gwn;
2285
		}
2286
	}
2287

    
2288
	$groups = return_gateway_groups_array(false, $gways);
2289
	foreach ($groups as $key => $group) {
2290
		$gwn = $group['descr'];
2291
		if ($group['ipprotocol'] == "inet6") {
2292
			$items6[$key] = "$key ($gwn)";
2293
		} else {
2294
			$items4[$key] = "$key ($gwn)";
2295
		}
2296
	}
2297
	$items4['-'] = "None";
2298
	$items6['-'] = "None";
2299

    
2300
	$defaults = array();
2301
	$defaults['v4'] = $items4;
2302
	$defaults['v6'] = $items6;
2303
	$defaults['defaultgw4'] = $config['gateways']['defaultgw4'];
2304
	$defaults['defaultgw6'] = $config['gateways']['defaultgw6'];
2305

    
2306
	return $defaults;
2307
}
2308

    
2309

    
2310
?>
(21-21/61)