|
1
|
<?php
|
|
2
|
/*
|
|
3
|
* gwlb.inc
|
|
4
|
*
|
|
5
|
* part of pfSense (https://www.pfsense.org)
|
|
6
|
* Copyright (c) 2008 Bill Marquette, Seth Mos
|
|
7
|
* Copyright (c) 2008-2013 BSD Perimeter
|
|
8
|
* Copyright (c) 2013-2016 Electric Sheep Fencing
|
|
9
|
* Copyright (c) 2014-2023 Rubicon Communications, LLC (Netgate)
|
|
10
|
* All rights reserved.
|
|
11
|
*
|
|
12
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
13
|
* you may not use this file except in compliance with the License.
|
|
14
|
* You may obtain a copy of the License at
|
|
15
|
*
|
|
16
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
17
|
*
|
|
18
|
* Unless required by applicable law or agreed to in writing, software
|
|
19
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
20
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
21
|
* See the License for the specific language governing permissions and
|
|
22
|
* limitations under the License.
|
|
23
|
*/
|
|
24
|
|
|
25
|
require_once("config.inc");
|
|
26
|
require_once("rrd.inc");
|
|
27
|
require_once("ipsec.inc");
|
|
28
|
require_once("interfaces.inc");
|
|
29
|
require_once("util.inc");
|
|
30
|
|
|
31
|
global $gateway_state_kill_modes;
|
|
32
|
$gateway_state_kill_modes = array(
|
|
33
|
'' => gettext("Use global behavior (default)"),
|
|
34
|
'none' => gettext("Do not kill states on gateway failure"),
|
|
35
|
'down' => gettext("Kill states using this gateway when it is down"),
|
|
36
|
);
|
|
37
|
|
|
38
|
/* Returns an array of default values used for dpinger */
|
|
39
|
function return_dpinger_defaults() {
|
|
40
|
return array(
|
|
41
|
"latencylow" => "200",
|
|
42
|
"latencyhigh" => "500",
|
|
43
|
"losslow" => "10",
|
|
44
|
"losshigh" => "20",
|
|
45
|
"interval" => "500",
|
|
46
|
"loss_interval" => "2000",
|
|
47
|
"time_period" => "60000",
|
|
48
|
"alert_interval" => "1000",
|
|
49
|
"data_payload" => "1");
|
|
50
|
}
|
|
51
|
|
|
52
|
function running_dpinger_processes() {
|
|
53
|
global $g;
|
|
54
|
|
|
55
|
$pidfiles = glob("{$g['varrun_path']}/dpinger_*.pid");
|
|
56
|
|
|
57
|
$result = array();
|
|
58
|
if ($pidfiles === FALSE) {
|
|
59
|
return $result;
|
|
60
|
}
|
|
61
|
|
|
62
|
foreach ($pidfiles as $pidfile) {
|
|
63
|
if (preg_match('/^dpinger_(.+)~([^~]+)~([^~]+)\.pid$/',
|
|
64
|
basename($pidfile), $matches)) {
|
|
65
|
$socket_file = preg_replace('/\.pid$/', '.sock',
|
|
66
|
$pidfile);
|
|
67
|
$result[$matches[1]] = array(
|
|
68
|
'srcip' => $matches[2],
|
|
69
|
'targetip' => $matches[3],
|
|
70
|
'pidfile' => $pidfile,
|
|
71
|
'socket' => $socket_file
|
|
72
|
);
|
|
73
|
unset($gwinfo);
|
|
74
|
}
|
|
75
|
}
|
|
76
|
|
|
77
|
return $result;
|
|
78
|
}
|
|
79
|
|
|
80
|
/*
|
|
81
|
* Stop one or more dpinger process
|
|
82
|
* default parameter $gwname is '*' that will kill all running sessions
|
|
83
|
* If a gateway name is passed, only this one will be killed
|
|
84
|
*/
|
|
85
|
function stop_dpinger($gwname = '') {
|
|
86
|
global $g;
|
|
87
|
|
|
88
|
$running_processes = running_dpinger_processes();
|
|
89
|
|
|
90
|
foreach ($running_processes as $running_gwname => $process) {
|
|
91
|
if ($gwname != '' && $running_gwname != $gwname) {
|
|
92
|
continue;
|
|
93
|
}
|
|
94
|
|
|
95
|
if (isvalidpid($process['pidfile'])) {
|
|
96
|
killbypid($process['pidfile'], 3);
|
|
97
|
} else {
|
|
98
|
@unlink($process['pidfile']);
|
|
99
|
}
|
|
100
|
}
|
|
101
|
}
|
|
102
|
|
|
103
|
function start_dpinger($gateway) {
|
|
104
|
global $g;
|
|
105
|
|
|
106
|
if (!isset($gateway['gwifip'])) {
|
|
107
|
return (false);
|
|
108
|
}
|
|
109
|
|
|
110
|
$dpinger_defaults = return_dpinger_defaults();
|
|
111
|
|
|
112
|
$prefix = "{$g['varrun_path']}/dpinger_{$gateway['name']}~" .
|
|
113
|
"{$gateway['gwifip']}~{$gateway['monitor']}";
|
|
114
|
# dpinger socket path should not be longer then uaddr.sun_path
|
|
115
|
if (strlen($prefix) > 95) {
|
|
116
|
$prefix = "{$g['varrun_path']}/dpinger_{$gateway['name']}~" .
|
|
117
|
substr(md5($gateway['gwifip']),0,8) . "~" .
|
|
118
|
$gateway['monitor'];
|
|
119
|
}
|
|
120
|
$pidfile = $prefix . ".pid";
|
|
121
|
$socket = $prefix . ".sock";
|
|
122
|
$alarm_cmd = "{$g['etc_path']}/rc.gateway_alarm";
|
|
123
|
|
|
124
|
$params = "-S "; /* Log warnings via syslog */
|
|
125
|
$params .= "-r 0 "; /* Disable unused reporting thread */
|
|
126
|
$params .= "-i {$gateway['name']} "; /* Identifier */
|
|
127
|
$params .= "-B {$gateway['gwifip']} "; /* Bind src address */
|
|
128
|
$params .= "-p {$pidfile} "; /* PID filename */
|
|
129
|
$params .= "-u {$socket} "; /* Status Socket */
|
|
130
|
if (!$gateway['action_disable']) {
|
|
131
|
$params .= "-C \"{$alarm_cmd}\" "; /* Command to run on alarm */
|
|
132
|
}
|
|
133
|
|
|
134
|
$params .= "-d " .
|
|
135
|
(isset($gateway['data_payload']) && is_numeric($gateway['data_payload'])
|
|
136
|
? $gateway['data_payload']
|
|
137
|
: $dpinger_defaults['data_payload']
|
|
138
|
) . " ";
|
|
139
|
|
|
140
|
$params .= "-s " .
|
|
141
|
(isset($gateway['interval']) && is_numeric($gateway['interval'])
|
|
142
|
? $gateway['interval']
|
|
143
|
: $dpinger_defaults['interval']
|
|
144
|
) . " ";
|
|
145
|
|
|
146
|
$params .= "-l " .
|
|
147
|
(isset($gateway['loss_interval']) && is_numeric($gateway['loss_interval'])
|
|
148
|
? $gateway['loss_interval']
|
|
149
|
: $dpinger_defaults['loss_interval']
|
|
150
|
) . " ";
|
|
151
|
|
|
152
|
$params .= "-t " .
|
|
153
|
(isset($gateway['time_period']) && is_numeric($gateway['time_period'])
|
|
154
|
? $gateway['time_period']
|
|
155
|
: $dpinger_defaults['time_period']
|
|
156
|
) . " ";
|
|
157
|
|
|
158
|
$params .= "-A " .
|
|
159
|
(isset($gateway['alert_interval']) && is_numeric($gateway['alert_interval'])
|
|
160
|
? $gateway['alert_interval']
|
|
161
|
: $dpinger_defaults['alert_interval']
|
|
162
|
) . " ";
|
|
163
|
|
|
164
|
$params .= "-D " .
|
|
165
|
(isset($gateway['latencyhigh']) && is_numeric($gateway['latencyhigh'])
|
|
166
|
? $gateway['latencyhigh']
|
|
167
|
: $dpinger_defaults['latencyhigh']
|
|
168
|
) . " ";
|
|
169
|
|
|
170
|
$params .= "-L " .
|
|
171
|
(isset($gateway['losshigh']) && is_numeric($gateway['losshigh'])
|
|
172
|
? $gateway['losshigh']
|
|
173
|
: $dpinger_defaults['losshigh']
|
|
174
|
) . " ";
|
|
175
|
|
|
176
|
/* Make sure we don't end up with 2 process for the same GW */
|
|
177
|
stop_dpinger($gateway['name']);
|
|
178
|
|
|
179
|
/* Do not try to bind IPv6 where interface is in tentative state */
|
|
180
|
if (is_ipaddrv6($gateway['gwifip'])) {
|
|
181
|
$err = interface_wait_tentative(get_real_interface(
|
|
182
|
$gateway['interface']));
|
|
183
|
if ($err == false) {
|
|
184
|
log_error(gettext("Timeout waiting for IPv6 address in tentative state. dpinger will not run."));
|
|
185
|
return (false);
|
|
186
|
}
|
|
187
|
}
|
|
188
|
|
|
189
|
/* Redirect stdout to /dev/null to avoid exec() to wait for dpinger */
|
|
190
|
return mwexec("/usr/local/bin/dpinger {$params} {$gateway['monitor']} >/dev/null");
|
|
191
|
}
|
|
192
|
|
|
193
|
/*
|
|
194
|
* Starts dpinger processes and adds appropriate static routes for monitor IPs
|
|
195
|
*/
|
|
196
|
function setup_gateways_monitor() {
|
|
197
|
global $config, $g;
|
|
198
|
|
|
199
|
$gateways_arr = return_gateways_array();
|
|
200
|
if (!is_array($gateways_arr)) {
|
|
201
|
log_error(gettext("No gateways to monitor. dpinger will not run."));
|
|
202
|
stop_dpinger();
|
|
203
|
return;
|
|
204
|
}
|
|
205
|
if (platform_booting()) {
|
|
206
|
echo "Setting up gateway monitors...";
|
|
207
|
}
|
|
208
|
$monitor_ips = array();
|
|
209
|
foreach ($gateways_arr as $gwname => $gateway) {
|
|
210
|
/* Do not monitor if such was requested */
|
|
211
|
if (isset($gateway['monitor_disable'])) {
|
|
212
|
continue;
|
|
213
|
}
|
|
214
|
if (empty($gateway['monitor']) || !is_ipaddr($gateway['monitor'])) {
|
|
215
|
if (is_ipaddr($gateway['gateway'])) {
|
|
216
|
$gateways_arr[$gwname]['monitor'] = $gateway['gateway'];
|
|
217
|
} else { /* No chance to get an ip to monitor skip target. */
|
|
218
|
continue;
|
|
219
|
}
|
|
220
|
}
|
|
221
|
|
|
222
|
/* if the monitor address is already used before, skip */
|
|
223
|
if (in_array($gateway['monitor'], $monitor_ips)) {
|
|
224
|
continue;
|
|
225
|
}
|
|
226
|
|
|
227
|
/* Interface ip is needed since dpinger will bind a socket to it.
|
|
228
|
* However the config GUI should already have checked this and when
|
|
229
|
* PPPoE is used the IP address is set to "dynamic". So using is_ipaddrv4
|
|
230
|
* or is_ipaddrv6 to identify packet type would be wrong, especially as
|
|
231
|
* further checks (that can cope with the "dynamic" case) are present inside
|
|
232
|
* the if block. So using $gateway['ipprotocol'] is the better option.
|
|
233
|
*/
|
|
234
|
if ($gateway['ipprotocol'] == "inet") { // This is an IPv4 gateway...
|
|
235
|
$gwifip = find_interface_ip($gateway['interface'], true);
|
|
236
|
if (!is_ipaddrv4($gwifip)) {
|
|
237
|
continue; //Skip this target
|
|
238
|
}
|
|
239
|
|
|
240
|
if ($gwifip == "0.0.0.0") {
|
|
241
|
continue; //Skip this target - the gateway is still waiting for DHCP
|
|
242
|
}
|
|
243
|
|
|
244
|
/*
|
|
245
|
* If the gateway is the same as the monitor we do not add a
|
|
246
|
* route as this will break the routing table.
|
|
247
|
* Add static routes for each gateway with their monitor IP
|
|
248
|
* not strictly necessary but is a added level of protection.
|
|
249
|
*/
|
|
250
|
if (!isset($config['system']['dpinger_dont_add_static_routes']) &&
|
|
251
|
!isset($gateway['dpinger_dont_add_static_route'])) {
|
|
252
|
if (is_ipaddrv4($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) {
|
|
253
|
log_error(sprintf(gettext('Removing static route for monitor %1$s and adding a new route through %2$s'), $gateway['monitor'], $gateway['gateway']));
|
|
254
|
if (interface_isppp_type($gateway['friendlyiface'])) {
|
|
255
|
route_add_or_change($gateway['monitor'],
|
|
256
|
'', $gateway['interface']);
|
|
257
|
system_staticroutes_configure($gateway['friendlyiface']);
|
|
258
|
} else {
|
|
259
|
route_add_or_change($gateway['monitor'],
|
|
260
|
$gateway['gateway']);
|
|
261
|
}
|
|
262
|
|
|
263
|
pfSense_kill_states("0.0.0.0/0", $gateway['monitor'], $gateway['interface'], "icmp");
|
|
264
|
}
|
|
265
|
}
|
|
266
|
} else if ($gateway['ipprotocol'] == "inet6") { // This is an IPv6 gateway...
|
|
267
|
if (is_linklocal($gateway['gateway']) &&
|
|
268
|
get_ll_scope($gateway['gateway']) == '') {
|
|
269
|
$gateway['gateway'] .= '%' . $gateway['interface'];
|
|
270
|
}
|
|
271
|
|
|
272
|
if (is_linklocal($gateway['monitor'])) {
|
|
273
|
if (get_ll_scope($gateway['monitor']) == '') {
|
|
274
|
$gateways_arr[$gwname]['monitor'] .= '%' . $gateway['interface'];
|
|
275
|
}
|
|
276
|
|
|
277
|
$gwifip = find_interface_ipv6_ll($gateway['interface'], true);
|
|
278
|
|
|
279
|
if (get_ll_scope($gwifip) == '') {
|
|
280
|
$gwifip .= '%' . $gateway['interface'];
|
|
281
|
}
|
|
282
|
} else {
|
|
283
|
$gwifip = find_interface_ipv6($gateway['interface'], true);
|
|
284
|
}
|
|
285
|
|
|
286
|
if (!is_ipaddrv6($gwifip)) {
|
|
287
|
continue; //Skip this target
|
|
288
|
}
|
|
289
|
|
|
290
|
/*
|
|
291
|
* If the gateway is the same as the monitor we do not add a
|
|
292
|
* route as this will break the routing table.
|
|
293
|
* Add static routes for each gateway with their monitor IP
|
|
294
|
* not strictly necessary but is a added level of protection.
|
|
295
|
*/
|
|
296
|
|
|
297
|
if (!isset($config['system']['dpinger_dont_add_static_routes']) &&
|
|
298
|
!isset($gateway['dpinger_dont_add_static_route'])) {
|
|
299
|
if ($gateway['gateway'] != $gateways_arr[$gwname]['monitor']) {
|
|
300
|
log_error(sprintf(gettext('Removing static route for monitor %1$s and adding a new route through %2$s'), $gateway['monitor'], $gateway['gateway']));
|
|
301
|
if (interface_isppp_type($gateway['friendlyiface'])) {
|
|
302
|
route_add_or_change($gateway['monitor'],
|
|
303
|
'', $gateway['interface']);
|
|
304
|
system_staticroutes_configure($gateway['friendlyiface']);
|
|
305
|
} else {
|
|
306
|
route_add_or_change($gateway['monitor'],
|
|
307
|
$gateway['gateway']);
|
|
308
|
}
|
|
309
|
|
|
310
|
pfSense_kill_states("::0.0.0.0/0", $gateway['monitor'], $gateway['interface'], "icmpv6");
|
|
311
|
}
|
|
312
|
}
|
|
313
|
} else {
|
|
314
|
continue;
|
|
315
|
}
|
|
316
|
|
|
317
|
$monitor_ips[] = $gateway['monitor'];
|
|
318
|
$gateways_arr[$gwname]['enable_dpinger'] = true;
|
|
319
|
$gateways_arr[$gwname]['gwifip'] = $gwifip;
|
|
320
|
}
|
|
321
|
|
|
322
|
stop_dpinger();
|
|
323
|
|
|
324
|
/* Start new processes */
|
|
325
|
foreach ($gateways_arr as $gateway) {
|
|
326
|
if (!isset($gateway['enable_dpinger'])) {
|
|
327
|
continue;
|
|
328
|
}
|
|
329
|
|
|
330
|
if (start_dpinger($gateway) != 0) {
|
|
331
|
log_error(sprintf(gettext("Error starting gateway monitor for %s"), $gateway['name']));
|
|
332
|
}
|
|
333
|
}
|
|
334
|
if (platform_booting()) {
|
|
335
|
echo "done.\n";
|
|
336
|
}
|
|
337
|
|
|
338
|
return;
|
|
339
|
}
|
|
340
|
|
|
341
|
function get_dpinger_status($gwname, $gways = false, $action_disable = false) {
|
|
342
|
global $g;
|
|
343
|
|
|
344
|
$running_processes = running_dpinger_processes();
|
|
345
|
|
|
346
|
if (!isset($running_processes[$gwname])) {
|
|
347
|
log_error(sprintf(gettext(
|
|
348
|
'dpinger: No dpinger session running for gateway %s'),
|
|
349
|
$gwname));
|
|
350
|
return false;
|
|
351
|
}
|
|
352
|
|
|
353
|
$proc = $running_processes[$gwname];
|
|
354
|
unset($running_processes);
|
|
355
|
|
|
356
|
$timeoutcounter = 0;
|
|
357
|
while (true) {
|
|
358
|
if (!file_exists($proc['socket'])) {
|
|
359
|
log_error("dpinger: status socket {$proc['socket']} not found");
|
|
360
|
return false;
|
|
361
|
}
|
|
362
|
$fp = @stream_socket_client("unix://{$proc['socket']}", $errno, $errstr, 10);
|
|
363
|
if (!$fp) {
|
|
364
|
log_error(sprintf(gettext('dpinger: cannot connect to status socket %1$s - %2$s (%3$s)'), $proc['socket'], $errstr, $errno));
|
|
365
|
return false;
|
|
366
|
}
|
|
367
|
|
|
368
|
$status = '';
|
|
369
|
while (!feof($fp)) {
|
|
370
|
$status .= fgets($fp, 1024);
|
|
371
|
}
|
|
372
|
fclose($fp);
|
|
373
|
|
|
374
|
$r = array();
|
|
375
|
list(
|
|
376
|
$r['gwname'],
|
|
377
|
$r['latency_avg'],
|
|
378
|
$r['latency_stddev'],
|
|
379
|
$r['loss']
|
|
380
|
) = explode(' ', preg_replace('/\n/', '', $status));
|
|
381
|
|
|
382
|
// dpinger returns '<gwname> 0 0 0' when queried directly after it starts.
|
|
383
|
// while a latency of 0 and a loss of 0 would be perfect, in a real world it doesnt happen.
|
|
384
|
// or does it, anyone? if so we must 'detect' the initialization period differently..
|
|
385
|
$ready = $r['latency_stddev'] != '0' || $r['loss'] != '0';
|
|
386
|
|
|
387
|
if ($ready) {
|
|
388
|
break;
|
|
389
|
} else {
|
|
390
|
$timeoutcounter++;
|
|
391
|
if ($timeoutcounter > 300) {
|
|
392
|
log_error(sprintf(gettext('dpinger: timeout while retrieving status for gateway %s'), $gwname));
|
|
393
|
return false;
|
|
394
|
}
|
|
395
|
usleep(10000);
|
|
396
|
}
|
|
397
|
}
|
|
398
|
|
|
399
|
$r['srcip'] = $proc['srcip'];
|
|
400
|
$r['targetip'] = $proc['targetip'];
|
|
401
|
|
|
402
|
if (is_array($gways)) {
|
|
403
|
$gateways_arr = $gways;
|
|
404
|
} else {
|
|
405
|
$gateways_arr = return_gateways_array();
|
|
406
|
}
|
|
407
|
|
|
408
|
unset($gw);
|
|
409
|
if (isset($gateways_arr[$gwname])) {
|
|
410
|
$gw = $gateways_arr[$gwname];
|
|
411
|
}
|
|
412
|
|
|
413
|
$r['latency_avg'] = round($r['latency_avg']/1000, 3);
|
|
414
|
$r['latency_stddev'] = round($r['latency_stddev']/1000, 3);
|
|
415
|
|
|
416
|
$r['status'] = "online";
|
|
417
|
$r['substatus'] = "none";
|
|
418
|
if (isset($gw) && isset($gw['force_down'])) {
|
|
419
|
$r['status'] = "down";
|
|
420
|
$r['substatus'] = "force_down";
|
|
421
|
} else if (isset($gw)) {
|
|
422
|
$settings = return_dpinger_defaults();
|
|
423
|
|
|
424
|
$keys = array(
|
|
425
|
'latencylow',
|
|
426
|
'latencyhigh',
|
|
427
|
'losslow',
|
|
428
|
'losshigh'
|
|
429
|
);
|
|
430
|
|
|
431
|
/* Replace default values by user-defined */
|
|
432
|
foreach ($keys as $key) {
|
|
433
|
if (isset($gw[$key]) && is_numeric($gw[$key])) {
|
|
434
|
$settings[$key] = $gw[$key];
|
|
435
|
}
|
|
436
|
}
|
|
437
|
|
|
438
|
if ($r['latency_avg'] > $settings['latencyhigh']) {
|
|
439
|
if (!$action_disable) {
|
|
440
|
$r['status'] = "down";
|
|
441
|
}
|
|
442
|
$r['substatus'] = "highdelay";
|
|
443
|
} else if ($r['loss'] > $settings['losshigh']) {
|
|
444
|
if (!$action_disable) {
|
|
445
|
$r['status'] = "down";
|
|
446
|
}
|
|
447
|
$r['substatus'] = "highloss";
|
|
448
|
} else if ($r['latency_avg'] > $settings['latencylow']) {
|
|
449
|
$r['substatus'] = "delay";
|
|
450
|
} else if ($r['loss'] > $settings['losslow']) {
|
|
451
|
$r['substatus'] = "loss";
|
|
452
|
}
|
|
453
|
}
|
|
454
|
|
|
455
|
return $r;
|
|
456
|
}
|
|
457
|
|
|
458
|
/* return the status of the dpinger targets as an array */
|
|
459
|
function return_gateways_status($byname = false, $gways = false) {
|
|
460
|
global $config, $g;
|
|
461
|
|
|
462
|
$dpinger_gws = running_dpinger_processes();
|
|
463
|
$status = array();
|
|
464
|
|
|
465
|
if (is_array($gways)) {
|
|
466
|
$gateways_arr = $gways;
|
|
467
|
} else {
|
|
468
|
$gateways_arr = return_gateways_array();
|
|
469
|
}
|
|
470
|
|
|
471
|
foreach ($dpinger_gws as $gwname => $gwdata) {
|
|
472
|
/*
|
|
473
|
* If action is disabled for this gateway, then we want a
|
|
474
|
* detailed status. That reports "highdelay" or "highloss"
|
|
475
|
* rather than just "down". Because reporting the gateway
|
|
476
|
* down would be misleading (gateway action is disabled)
|
|
477
|
*/
|
|
478
|
$action_disable = $gateways_arr[$gwname]['action_disable'];
|
|
479
|
$dpinger_status = get_dpinger_status($gwname, false, $action_disable);
|
|
480
|
if ($dpinger_status === false) {
|
|
481
|
continue;
|
|
482
|
}
|
|
483
|
|
|
484
|
if ($byname == false) {
|
|
485
|
$target = $dpinger_status['targetip'];
|
|
486
|
} else {
|
|
487
|
$target = $gwname;
|
|
488
|
}
|
|
489
|
|
|
490
|
$status[$target] = array();
|
|
491
|
$status[$target]['monitorip'] = $dpinger_status['targetip'];
|
|
492
|
$status[$target]['srcip'] = $dpinger_status['srcip'];
|
|
493
|
$status[$target]['name'] = $gwname;
|
|
494
|
$status[$target]['delay'] =
|
|
495
|
empty($dpinger_status['latency_avg'])
|
|
496
|
? "0ms"
|
|
497
|
: $dpinger_status['latency_avg'] . "ms";
|
|
498
|
$status[$target]['stddev'] =
|
|
499
|
empty($dpinger_status['latency_stddev'])
|
|
500
|
? "0ms"
|
|
501
|
: $dpinger_status['latency_stddev'] . "ms";
|
|
502
|
$status[$target]['loss'] = empty($dpinger_status['loss'])
|
|
503
|
? "0.0%"
|
|
504
|
: round($dpinger_status['loss'], 1) . "%";
|
|
505
|
$status[$target]['status'] = $dpinger_status['status'];
|
|
506
|
$status[$target]['substatus'] = $dpinger_status['substatus'];
|
|
507
|
}
|
|
508
|
|
|
509
|
/* tack on any gateways that have monitoring disabled
|
|
510
|
* or are down, which could cause gateway groups to fail */
|
|
511
|
$gateways_arr = return_gateways_array();
|
|
512
|
foreach ($gateways_arr as $gwitem) {
|
|
513
|
if (!isset($gwitem['monitor_disable'])) {
|
|
514
|
continue;
|
|
515
|
}
|
|
516
|
if (!is_ipaddr($gwitem['monitor'])) {
|
|
517
|
$realif = $gwitem['interface'];
|
|
518
|
$tgtip = get_interface_gateway($realif);
|
|
519
|
if (!is_ipaddr($tgtip)) {
|
|
520
|
$tgtip = "none";
|
|
521
|
}
|
|
522
|
$srcip = find_interface_ip($realif);
|
|
523
|
} else {
|
|
524
|
$tgtip = $gwitem['monitor'];
|
|
525
|
$srcip = find_interface_ip($realif);
|
|
526
|
}
|
|
527
|
if ($byname == true) {
|
|
528
|
$target = $gwitem['name'];
|
|
529
|
} else {
|
|
530
|
$target = $tgtip;
|
|
531
|
}
|
|
532
|
|
|
533
|
/* failsafe for down interfaces */
|
|
534
|
if ($target == "none") {
|
|
535
|
$target = $gwitem['name'];
|
|
536
|
$status[$target]['name'] = $gwitem['name'];
|
|
537
|
$status[$target]['delay'] = "0.0ms";
|
|
538
|
$status[$target]['loss'] = "100.0%";
|
|
539
|
$status[$target]['status'] = "down";
|
|
540
|
$status[$target]['substatus'] = "down";
|
|
541
|
} else {
|
|
542
|
$status[$target]['monitorip'] = $tgtip;
|
|
543
|
$status[$target]['srcip'] = $srcip;
|
|
544
|
$status[$target]['name'] = $gwitem['name'];
|
|
545
|
$status[$target]['delay'] = "";
|
|
546
|
$status[$target]['loss'] = "";
|
|
547
|
$status[$target]['status'] = "online";
|
|
548
|
$status[$target]['substatus'] = "none";
|
|
549
|
}
|
|
550
|
|
|
551
|
$status[$target]['monitor_disable'] = true;
|
|
552
|
}
|
|
553
|
return($status);
|
|
554
|
}
|
|
555
|
|
|
556
|
function return_gateways_status_text($byname = false, $brief = false) {
|
|
557
|
$gwstat = return_gateways_status($byname);
|
|
558
|
$output = "";
|
|
559
|
$widths = array();
|
|
560
|
$col_sep = 2;
|
|
561
|
if ($brief) {
|
|
562
|
$collist = array('status' => "Status");
|
|
563
|
} else {
|
|
564
|
$collist = array('monitorip' => "Monitor",
|
|
565
|
'srcip' => "Source",
|
|
566
|
'delay' => "Delay",
|
|
567
|
'stddev' => "StdDev",
|
|
568
|
'loss' => "Loss",
|
|
569
|
'status' => "Status",
|
|
570
|
'substatus' => "Substatus");
|
|
571
|
}
|
|
572
|
foreach ($gwstat as $gw) {
|
|
573
|
foreach ($gw as $gwdidx => $gwdata) {
|
|
574
|
if (strlen($gwdata) > $widths[$gwdidx]) {
|
|
575
|
$widths[$gwdidx] = strlen($gwdata);
|
|
576
|
}
|
|
577
|
}
|
|
578
|
}
|
|
579
|
|
|
580
|
$output .= str_pad("Name", $widths['name'] + $col_sep, " ", STR_PAD_RIGHT);
|
|
581
|
foreach ($collist as $hdrcol => $hdrdesc) {
|
|
582
|
if (strlen($hdrdesc) > $widths[$hdrcol]) {
|
|
583
|
$widths[$hdrcol] = strlen($hdrdesc);
|
|
584
|
}
|
|
585
|
$output .= str_pad($hdrdesc, $widths[$hdrcol] + $col_sep, " ", (substr($hdrcol, -2, 2) == "ip") ? STR_PAD_RIGHT : STR_PAD_LEFT);
|
|
586
|
}
|
|
587
|
$output .= "\n";
|
|
588
|
|
|
589
|
foreach ($gwstat as $idx => $gw) {
|
|
590
|
$output .= str_pad($gw['name'], $widths['name'] + $col_sep, " ", STR_PAD_RIGHT);
|
|
591
|
foreach (array_keys($collist) as $col) {
|
|
592
|
$output .= str_pad($gw[$col], $widths[$col] + $col_sep, " ", (substr($col, -2, 2) == "ip") ? STR_PAD_RIGHT : STR_PAD_LEFT);
|
|
593
|
}
|
|
594
|
$output .= "\n";
|
|
595
|
}
|
|
596
|
|
|
597
|
return $output;
|
|
598
|
}
|
|
599
|
|
|
600
|
function compare_gateway_order_configured($a, $b) {
|
|
601
|
/* XXX WAN always has precedence */
|
|
602
|
if ($a['friendlyiface'] == "wan") {
|
|
603
|
return -1;
|
|
604
|
} elseif ($b['friendlyiface'] == "wan") {
|
|
605
|
return 1;
|
|
606
|
}
|
|
607
|
|
|
608
|
if ($a['attribute'] === $b['attribute']) {
|
|
609
|
if ($a['attribute'] === 'system') {
|
|
610
|
$res = (($a['name'] < $b['name'])) ? -1 : 1;
|
|
611
|
return $res;
|
|
612
|
}
|
|
613
|
return 0;
|
|
614
|
}
|
|
615
|
if ($a['attribute'] === 'system' || $b['attribute'] === 'system') {
|
|
616
|
$res = (($b['attribute'] === 'system')) ? -1 : 1;
|
|
617
|
return $res;
|
|
618
|
}
|
|
619
|
$res = ($a['attribute'] < $b['attribute']) ? -1 : 1;
|
|
620
|
return $res;
|
|
621
|
}
|
|
622
|
|
|
623
|
function order_gateways_as_configured($gateways_arr) {
|
|
624
|
uasort($gateways_arr, 'compare_gateway_order_configured');
|
|
625
|
return $gateways_arr;
|
|
626
|
}
|
|
627
|
|
|
628
|
/* Return all configured gateways on the system
|
|
629
|
$disabled = true - include gateways that are disabled
|
|
630
|
$localhost = true - include "Null" entries for localhost IP addresses
|
|
631
|
$inactive = true - include gateways on inactive interfaces
|
|
632
|
$integer_index = true - index the returned array by integers 0,1,2,... instead of by GW name
|
|
633
|
*/
|
|
634
|
function return_gateways_array($disabled = false, $localhost = false, $inactive = false, $integer_index = false) {
|
|
635
|
global $config, $g;
|
|
636
|
|
|
637
|
$gateways_arr = array();
|
|
638
|
$gateways_arr_temp = array();
|
|
639
|
$cgw4 = route_get_default('inet');
|
|
640
|
$cgw6 = route_get_default('inet6');
|
|
641
|
$found_defaultv4 = 0;
|
|
642
|
$found_defaultv6 = 0;
|
|
643
|
|
|
644
|
// Ensure the interface cache is up to date first
|
|
645
|
$interfaces = get_interface_arr(true);
|
|
646
|
|
|
647
|
$i = -1;
|
|
648
|
/* Process/add all the configured gateways. */
|
|
649
|
if (is_array($config['gateways']) && is_array($config['gateways']['gateway_item'])) {
|
|
650
|
foreach ($config['gateways']['gateway_item'] as $gateway) {
|
|
651
|
if (!is_array($gateway) || empty($gateway)) {
|
|
652
|
continue;
|
|
653
|
}
|
|
654
|
|
|
655
|
/* Increment it here to do not skip items */
|
|
656
|
$i++;
|
|
657
|
if (isset($gateway['defaultgw'])) {
|
|
658
|
unset($gateway['defaultgw']);
|
|
659
|
}
|
|
660
|
|
|
661
|
if (empty($config['interfaces'][$gateway['interface']])) {
|
|
662
|
if ($inactive === false) {
|
|
663
|
continue;
|
|
664
|
} else {
|
|
665
|
$gateway['inactive'] = true;
|
|
666
|
}
|
|
667
|
}
|
|
668
|
$wancfg = config_get_path("interfaces/{$gateway['interface']}");
|
|
669
|
|
|
670
|
/* skip disabled interfaces */
|
|
671
|
if ($disabled === false && (!isset($wancfg['enable']))) {
|
|
672
|
continue;
|
|
673
|
}
|
|
674
|
|
|
675
|
/* if the gateway is dynamic and we can find the IPv4, Great! */
|
|
676
|
if (empty($gateway['gateway']) || $gateway['gateway'] == "dynamic") {
|
|
677
|
if ($gateway['ipprotocol'] == "inet") {
|
|
678
|
/* we know which interfaces is dynamic, this should be made a function */
|
|
679
|
$gateway['gateway'] = get_interface_gateway($gateway['interface']);
|
|
680
|
/* no IP address found, set to dynamic */
|
|
681
|
if (!is_ipaddrv4($gateway['gateway'])) {
|
|
682
|
$gateway['gateway'] = "dynamic";
|
|
683
|
}
|
|
684
|
$gateway['dynamic'] = true;
|
|
685
|
}
|
|
686
|
|
|
687
|
/* if the gateway is dynamic and we can find the IPv6, Great! */
|
|
688
|
else if ($gateway['ipprotocol'] == "inet6") {
|
|
689
|
/* we know which interfaces is dynamic, this should be made a function, and for v6 too */
|
|
690
|
$gateway['gateway'] = get_interface_gateway_v6($gateway['interface']);
|
|
691
|
/* no IPv6 address found, set to dynamic */
|
|
692
|
if (!is_ipaddrv6($gateway['gateway'])) {
|
|
693
|
$gateway['gateway'] = "dynamic";
|
|
694
|
}
|
|
695
|
$gateway['dynamic'] = true;
|
|
696
|
}
|
|
697
|
} else {
|
|
698
|
/* getting this detection right is hard at this point because we still don't
|
|
699
|
* store the address family in the gateway item */
|
|
700
|
if (is_ipaddrv4($gateway['gateway'])) {
|
|
701
|
$gateway['ipprotocol'] = "inet";
|
|
702
|
} else if (is_ipaddrv6($gateway['gateway'])) {
|
|
703
|
$gateway['ipprotocol'] = "inet6";
|
|
704
|
}
|
|
705
|
}
|
|
706
|
|
|
707
|
if (isset($gateway['monitor_disable'])) {
|
|
708
|
$gateway['monitor_disable'] = true;
|
|
709
|
} else if (empty($gateway['monitor'])) {
|
|
710
|
$gateway['monitor'] = $gateway['gateway'];
|
|
711
|
}
|
|
712
|
|
|
713
|
if (isset($gateway['action_disable'])) {
|
|
714
|
$gateway['action_disable'] = true;
|
|
715
|
}
|
|
716
|
|
|
717
|
$gateway['friendlyiface'] = $gateway['interface'];
|
|
718
|
$gateway['friendlyifdescr'] = convert_friendly_interface_to_friendly_descr($gateway['interface']);
|
|
719
|
|
|
720
|
/* special treatment for tunnel interfaces */
|
|
721
|
if ($gateway['ipprotocol'] == "inet6") {
|
|
722
|
$gateway['interface'] = get_real_interface($gateway['interface'], "inet6", false, false);
|
|
723
|
} else {
|
|
724
|
$gateway['interface'] = get_real_interface($gateway['interface'], "inet", false, false);
|
|
725
|
}
|
|
726
|
|
|
727
|
if ($gateway['ipprotocol'] == "inet" &&
|
|
728
|
($gateway['gateway'] == $cgw4)) {
|
|
729
|
$gateway['isdefaultgw'] = true;
|
|
730
|
$found_defaultv4 = 1;
|
|
731
|
} else if ($gateway['ipprotocol'] == "inet6" &&
|
|
732
|
($gateway['gateway'] == $cgw6)) {
|
|
733
|
$gateway['isdefaultgw'] = true;
|
|
734
|
$found_defaultv6 = 1;
|
|
735
|
}
|
|
736
|
/* include the gateway index as the attribute */
|
|
737
|
$gateway['attribute'] = $i;
|
|
738
|
|
|
739
|
/* Remember all the gateway names, even ones to be skipped because they are disabled. */
|
|
740
|
/* Then we can easily know and match them later when attempting to add dynamic gateways to the list. */
|
|
741
|
$gateways_arr_temp[$gateway['name']] = $gateway;
|
|
742
|
|
|
743
|
/* skip disabled gateways if the caller has not asked for them to be returned. */
|
|
744
|
if (!($disabled === false && isset($gateway['disabled']))) {
|
|
745
|
$gateways_arr[$gateway['name']] = $gateway;
|
|
746
|
}
|
|
747
|
}
|
|
748
|
}
|
|
749
|
unset($gateway);
|
|
750
|
|
|
751
|
//Sort the array by GW name before moving on.
|
|
752
|
ksort($gateways_arr, SORT_STRING | SORT_FLAG_CASE);
|
|
753
|
|
|
754
|
/* Loop through all interfaces with a gateway and add it to a array */
|
|
755
|
if ($disabled == false) {
|
|
756
|
$iflist = get_configured_interface_with_descr();
|
|
757
|
} else {
|
|
758
|
$iflist = get_configured_interface_with_descr(true);
|
|
759
|
}
|
|
760
|
|
|
761
|
/* Process/add dynamic v4 gateways. */
|
|
762
|
foreach ($iflist as $ifname => $friendly) {
|
|
763
|
if (!interface_has_gateway($ifname)) {
|
|
764
|
continue;
|
|
765
|
}
|
|
766
|
|
|
767
|
if (empty($config['interfaces'][$ifname])) {
|
|
768
|
continue;
|
|
769
|
}
|
|
770
|
|
|
771
|
$ifcfg = &$config['interfaces'][$ifname];
|
|
772
|
if (!isset($ifcfg['enable'])) {
|
|
773
|
continue;
|
|
774
|
}
|
|
775
|
|
|
776
|
if (!empty($ifcfg['ipaddr']) && is_ipaddrv4($ifcfg['ipaddr'])) {
|
|
777
|
continue;
|
|
778
|
}
|
|
779
|
|
|
780
|
$ctype = "";
|
|
781
|
switch ($ifcfg['ipaddr']) {
|
|
782
|
case "dhcp":
|
|
783
|
case "pppoe":
|
|
784
|
case "l2tp":
|
|
785
|
case "pptp":
|
|
786
|
case "ppp":
|
|
787
|
$ctype = strtoupper($ifcfg['ipaddr']);
|
|
788
|
break;
|
|
789
|
default:
|
|
790
|
$tunnelif = substr($ifcfg['if'], 0, 3);
|
|
791
|
if (substr($ifcfg['if'], 0, 4) == "ovpn") {
|
|
792
|
switch (substr($ifcfg['if'], 4, 1)) {
|
|
793
|
case "c":
|
|
794
|
$ovpntype = "openvpn-client";
|
|
795
|
break;
|
|
796
|
case "s":
|
|
797
|
$ovpntype = "openvpn-server";
|
|
798
|
break;
|
|
799
|
default:
|
|
800
|
// unknown ovpn type
|
|
801
|
continue 3;
|
|
802
|
}
|
|
803
|
$ovpnid = substr($ifcfg['if'], 5);
|
|
804
|
foreach (config_get_path("openvpn/{$ovpntype}", []) as $ovpnconf) {
|
|
805
|
if (empty($ovpnconf)) {
|
|
806
|
continue;
|
|
807
|
}
|
|
808
|
if ($ovpnconf['vpnid'] == $ovpnid) {
|
|
809
|
// skip IPv6-only interfaces
|
|
810
|
if ($ovpnconf['create_gw'] == "v6only") {
|
|
811
|
continue 3;
|
|
812
|
}
|
|
813
|
// skip tap interfaces
|
|
814
|
if ($ovpnconf['dev_mode'] == "tap") {
|
|
815
|
continue 3;
|
|
816
|
}
|
|
817
|
}
|
|
818
|
}
|
|
819
|
$ctype = "VPNv4";
|
|
820
|
} elseif (substr($ifcfg['if'], 0, 5) == "ipsec") {
|
|
821
|
$ikeid = substr($ifcfg['if'], 5);
|
|
822
|
if (!empty(config_get_path('ipsec/phase1', [])) &&
|
|
823
|
!empty(config_get_path('ipsec/phase2', []))) {
|
|
824
|
foreach (config_get_path('ipsec/phase1', []) as $ph1ent) {
|
|
825
|
if (empty($ph1ent) || $ph1ent['disabled']) {
|
|
826
|
continue;
|
|
827
|
}
|
|
828
|
$vtisubnet_spec = ipsec_vti($ph1ent, true);
|
|
829
|
// Skip non-VTI tunnels
|
|
830
|
if (!$vtisubnet_spec || !is_array($vtisubnet_spec)) {
|
|
831
|
continue;
|
|
832
|
}
|
|
833
|
if (!isset($ph1ent['mobile']) && ($keyexchange == 'ikev1' || isset($ph1ent['splitconn']))) {
|
|
834
|
foreach ($vtisubnet_spec as $idx => $vtisub) {
|
|
835
|
if ($ifcfg['if'] == ipsec_get_ifname($ph1ent, $vtisub['reqid'])) {
|
|
836
|
// If this specific VTI remote is v4, then we can make a v4 gw
|
|
837
|
if (is_ipaddrv4($vtisub['right'])) {
|
|
838
|
$ctype = "VTIv4";
|
|
839
|
}
|
|
840
|
}
|
|
841
|
}
|
|
842
|
} else {
|
|
843
|
if ($ifcfg['if'] == ipsec_get_ifname($ph1ent)) {
|
|
844
|
// If any of the VTI remotes are v4, then we can make a v4 gw
|
|
845
|
foreach ($vtisubnet_spec as $vtisub) {
|
|
846
|
if (is_ipaddrv4($vtisub['right'])) {
|
|
847
|
$ctype = "VTIv4";
|
|
848
|
}
|
|
849
|
}
|
|
850
|
}
|
|
851
|
}
|
|
852
|
}
|
|
853
|
if (empty($ctype)) {
|
|
854
|
continue 2;
|
|
855
|
}
|
|
856
|
}
|
|
857
|
} elseif ($tunnelif == "gif" || $tunnelif == "gre") {
|
|
858
|
$ctype = "TUNNELv4";
|
|
859
|
}
|
|
860
|
break;
|
|
861
|
}
|
|
862
|
$ctype = "_". strtoupper($ctype);
|
|
863
|
|
|
864
|
$gateway = array();
|
|
865
|
$gateway['dynamic'] = false;
|
|
866
|
$gateway['ipprotocol'] = "inet";
|
|
867
|
$gateway['gateway'] = get_interface_gateway($ifname, $gateway['dynamic']);
|
|
868
|
$gateway['interface'] = get_real_interface($ifname);
|
|
869
|
$gateway['friendlyiface'] = $ifname;
|
|
870
|
$gateway['friendlyifdescr'] = convert_friendly_interface_to_friendly_descr($ifname);
|
|
871
|
$gateway['name'] = "{$friendly}{$ctype}";
|
|
872
|
$gateway['attribute'] = "system";
|
|
873
|
|
|
874
|
if (($gateway['dynamic'] === "default") && ($found_defaultv4 == 0)) {
|
|
875
|
$gateway['isdefaultgw'] = true;
|
|
876
|
$gateway['dynamic'] = true;
|
|
877
|
$found_defaultv4 = 1;
|
|
878
|
}
|
|
879
|
|
|
880
|
/* Loopback dummy for dynamic interfaces without a IP */
|
|
881
|
if (!is_ipaddrv4($gateway['gateway']) && $gateway['dynamic'] == true) {
|
|
882
|
$gateway['gateway'] = "dynamic";
|
|
883
|
}
|
|
884
|
|
|
885
|
/* automatically skip known static and dynamic gateways that were previously processed */
|
|
886
|
foreach ($gateways_arr_temp as $gateway_item) {
|
|
887
|
if ((($ifname == $gateway_item['friendlyiface'] && $friendly == $gateway_item['name'])&& ($gateway['ipprotocol'] == $gateway_item['ipprotocol'])) ||
|
|
888
|
(($ifname == $gateway_item['friendlyiface'] && $gateway_item['dynamic'] == true) && ($gateway['ipprotocol'] == $gateway_item['ipprotocol']))) {
|
|
889
|
continue 2;
|
|
890
|
}
|
|
891
|
}
|
|
892
|
|
|
893
|
if (is_ipaddrv4($gateway['gateway'])) {
|
|
894
|
$gateway['monitor'] = $gateway['gateway'];
|
|
895
|
}
|
|
896
|
|
|
897
|
$gateway['descr'] = "Interface {$friendly}{$ctype} Gateway";
|
|
898
|
$gateways_arr[$gateway['name']] = $gateway;
|
|
899
|
}
|
|
900
|
unset($gateway);
|
|
901
|
|
|
902
|
/* Process/add dynamic v6 gateways. */
|
|
903
|
foreach ($iflist as $ifname => $friendly) {
|
|
904
|
/* If the user has disabled IPv6, they probably don't want any IPv6 gateways. */
|
|
905
|
if (!isset($config['system']['ipv6allow'])) {
|
|
906
|
break;
|
|
907
|
}
|
|
908
|
|
|
909
|
if (!interface_has_gatewayv6($ifname)) {
|
|
910
|
continue;
|
|
911
|
}
|
|
912
|
|
|
913
|
if (empty($config['interfaces'][$ifname])) {
|
|
914
|
continue;
|
|
915
|
}
|
|
916
|
|
|
917
|
$ifcfg = &$config['interfaces'][$ifname];
|
|
918
|
if (!isset($ifcfg['enable'])) {
|
|
919
|
continue;
|
|
920
|
}
|
|
921
|
|
|
922
|
if (!empty($ifcfg['ipaddrv6']) && is_ipaddrv6($ifcfg['ipaddrv6'])) {
|
|
923
|
continue;
|
|
924
|
}
|
|
925
|
|
|
926
|
$ctype = "";
|
|
927
|
switch ($ifcfg['ipaddrv6']) {
|
|
928
|
case "slaac":
|
|
929
|
case "dhcp6":
|
|
930
|
case "6to4":
|
|
931
|
case "6rd":
|
|
932
|
$ctype = strtoupper($ifcfg['ipaddrv6']);
|
|
933
|
break;
|
|
934
|
default:
|
|
935
|
$tunnelif = substr($ifcfg['if'], 0, 3);
|
|
936
|
if (substr($ifcfg['if'], 0, 4) == "ovpn") {
|
|
937
|
switch (substr($ifcfg['if'], 4, 1)) {
|
|
938
|
case "c":
|
|
939
|
$ovpntype = "openvpn-client";
|
|
940
|
break;
|
|
941
|
case "s":
|
|
942
|
$ovpntype = "openvpn-server";
|
|
943
|
break;
|
|
944
|
default:
|
|
945
|
// unknown ovpn type
|
|
946
|
continue 3;
|
|
947
|
}
|
|
948
|
$ovpnid = substr($ifcfg['if'], 5);
|
|
949
|
foreach (config_get_path("openvpn/{$ovpntype}", []) as $ovpnconf) {
|
|
950
|
if (empty($ovpnconf)) {
|
|
951
|
continue;
|
|
952
|
}
|
|
953
|
if ($ovpnconf['vpnid'] == $ovpnid) {
|
|
954
|
// skip IPv4-only interfaces
|
|
955
|
if ($ovpnconf['create_gw'] == "v4only") {
|
|
956
|
continue 3;
|
|
957
|
}
|
|
958
|
// skip tap interfaces
|
|
959
|
if ($ovpnconf['dev_mode'] == "tap") {
|
|
960
|
continue 3;
|
|
961
|
}
|
|
962
|
}
|
|
963
|
}
|
|
964
|
$ctype = "VPNv6";
|
|
965
|
} elseif (substr($ifcfg['if'], 0, 5) == "ipsec") {
|
|
966
|
$ikeid = substr($ifcfg['if'], 5);
|
|
967
|
if (!empty(config_get_path('ipsec/phase1', [])) &&
|
|
968
|
!empty(config_get_path('ipsec/phase2', []))) {
|
|
969
|
foreach (config_get_path('ipsec/phase1', []) as $ph1ent) {
|
|
970
|
if (empty($ph1ent) || $ph1ent['disabled']) {
|
|
971
|
continue;
|
|
972
|
}
|
|
973
|
$vtisubnet_spec = ipsec_vti($ph1ent, true);
|
|
974
|
// Skip non-VTI tunnels
|
|
975
|
if (!$vtisubnet_spec || !is_array($vtisubnet_spec)) {
|
|
976
|
continue;
|
|
977
|
}
|
|
978
|
if (!isset($ph1ent['mobile']) && ($keyexchange == 'ikev1' || isset($ph1ent['splitconn']))) {
|
|
979
|
foreach ($vtisubnet_spec as $idx => $vtisub) {
|
|
980
|
if ($ifcfg['if'] == ipsec_get_ifname($ph1ent, $vtisub['reqid'])) {
|
|
981
|
// If this specific VTI remote is v6, then we can make a v6 gw
|
|
982
|
if (is_ipaddrv6($vtisub['right'])) {
|
|
983
|
$ctype = "VTIv6";
|
|
984
|
}
|
|
985
|
}
|
|
986
|
}
|
|
987
|
} else {
|
|
988
|
if ($ifcfg['if'] == ipsec_get_ifname($ph1ent)) {
|
|
989
|
// If any of the VTI remotes are v6, then we can make a v6 gw
|
|
990
|
foreach ($vtisubnet_spec as $vtisub) {
|
|
991
|
if (is_ipaddrv6($vtisub['right'])) {
|
|
992
|
$ctype = "VTIv6";
|
|
993
|
}
|
|
994
|
}
|
|
995
|
}
|
|
996
|
}
|
|
997
|
}
|
|
998
|
if (empty($ctype)) {
|
|
999
|
continue 2;
|
|
1000
|
}
|
|
1001
|
}
|
|
1002
|
} else if ($tunnelif == "gif" || $tunnelif == "gre") {
|
|
1003
|
$ctype = "TUNNELv6";
|
|
1004
|
}
|
|
1005
|
break;
|
|
1006
|
}
|
|
1007
|
$ctype = "_". strtoupper($ctype);
|
|
1008
|
|
|
1009
|
$gateway = array();
|
|
1010
|
$gateway['dynamic'] = false;
|
|
1011
|
$gateway['ipprotocol'] = "inet6";
|
|
1012
|
$gateway['gateway'] = get_interface_gateway_v6($ifname, $gateway['dynamic']);
|
|
1013
|
$gateway['interface'] = get_real_interface($ifname, "inet6");
|
|
1014
|
switch ($ifcfg['ipaddrv6']) {
|
|
1015
|
case "6rd":
|
|
1016
|
case "6to4":
|
|
1017
|
$gateway['dynamic'] = "default";
|
|
1018
|
break;
|
|
1019
|
}
|
|
1020
|
$gateway['friendlyiface'] = $ifname;
|
|
1021
|
$gateway['friendlyifdescr'] = convert_friendly_interface_to_friendly_descr($ifname);
|
|
1022
|
$gateway['name'] = "{$friendly}{$ctype}";
|
|
1023
|
$gateway['attribute'] = "system";
|
|
1024
|
|
|
1025
|
if (($gateway['dynamic'] === "default") && ($found_defaultv6 == 0)) {
|
|
1026
|
$gateway['isdefaultgw'] = true;
|
|
1027
|
$gateway['dynamic'] = true;
|
|
1028
|
$found_defaultv6 = 1;
|
|
1029
|
}
|
|
1030
|
|
|
1031
|
/* Loopback dummy for dynamic interfaces without a IP */
|
|
1032
|
if (!is_ipaddrv6($gateway['gateway']) && $gateway['dynamic'] == true) {
|
|
1033
|
$gateway['gateway'] = "dynamic";
|
|
1034
|
}
|
|
1035
|
|
|
1036
|
/* automatically skip known static and dynamic gateways that were previously processed */
|
|
1037
|
foreach ($gateways_arr_temp as $gateway_item) {
|
|
1038
|
if ((($ifname == $gateway_item['friendlyiface'] && $friendly == $gateway_item['name']) && ($gateway['ipprotocol'] == $gateway_item['ipprotocol'])) ||
|
|
1039
|
(($ifname == $gateway_item['friendlyiface'] && $gateway_item['dynamic'] == true) && ($gateway['ipprotocol'] == $gateway_item['ipprotocol']))) {
|
|
1040
|
continue 2;
|
|
1041
|
}
|
|
1042
|
}
|
|
1043
|
|
|
1044
|
if (is_ipaddrv6($gateway['gateway'])) {
|
|
1045
|
$gateway['monitor'] = $gateway['gateway'];
|
|
1046
|
}
|
|
1047
|
|
|
1048
|
$gateway['descr'] = "Interface {$friendly}{$ctype} Gateway";
|
|
1049
|
$gateways_arr[$gateway['name']] = $gateway;
|
|
1050
|
}
|
|
1051
|
unset($gateway);
|
|
1052
|
|
|
1053
|
/* FIXME: Should this be enabled.
|
|
1054
|
* Some interface like wan might be default but have no info recorded
|
|
1055
|
* the config. */
|
|
1056
|
/* this is a fallback if all else fails and we want to get packets out @smos */
|
|
1057
|
if ($found_defaultv4 == 0 || $found_defaultv6 == 0) {
|
|
1058
|
foreach ($gateways_arr as &$gateway) {
|
|
1059
|
if (($gateway['friendlyiface'] == "wan") && ($found_defaultv4 == 0) && (!isset($gateway['ipprotocol']) || ($gateway['ipprotocol'] == "inet"))) {
|
|
1060
|
if (file_exists("{$g['tmp_path']}/{$gateway['interface']}_defaultgw")) {
|
|
1061
|
$gateway['isdefaultgw'] = true;
|
|
1062
|
$found_defaultv4 = 1;
|
|
1063
|
}
|
|
1064
|
}
|
|
1065
|
else if (($gateway['friendlyiface'] == "wan") && ($found_defaultv6 == 0) && ($gateway['ipprotocol'] == "inet6")) {
|
|
1066
|
if (file_exists("{$g['tmp_path']}/{$gateway['interface']}_defaultgwv6")) {
|
|
1067
|
$gateway['isdefaultgw'] = true;
|
|
1068
|
$found_defaultv6 = 1;
|
|
1069
|
}
|
|
1070
|
}
|
|
1071
|
}
|
|
1072
|
}
|
|
1073
|
|
|
1074
|
if ($localhost === true) {
|
|
1075
|
/* attach localhost for Null routes */
|
|
1076
|
$gwlo4 = array();
|
|
1077
|
$gwlo4['name'] = "Null4";
|
|
1078
|
$gwlo4['interface'] = "lo0";
|
|
1079
|
$gwlo4['ipprotocol'] = "inet";
|
|
1080
|
$gwlo4['gateway'] = "127.0.0.1";
|
|
1081
|
$gwlo4['attribute'] = "system";
|
|
1082
|
$gwlo6 = array();
|
|
1083
|
$gwlo6['name'] = "Null6";
|
|
1084
|
$gwlo6['interface'] = "lo0";
|
|
1085
|
$gwlo6['ipprotocol'] = "inet6";
|
|
1086
|
$gwlo6['gateway'] = "::1";
|
|
1087
|
$gwlo6['attribute'] = "system";
|
|
1088
|
$gateways_arr['Null4'] = $gwlo4;
|
|
1089
|
$gateways_arr['Null6'] = $gwlo6;
|
|
1090
|
}
|
|
1091
|
|
|
1092
|
if ($integer_index) {
|
|
1093
|
$gateways_arr = array_values($gateways_arr);
|
|
1094
|
}
|
|
1095
|
|
|
1096
|
if ($found_defaultv4 != 1 && is_ipaddr($cgw4)) {
|
|
1097
|
foreach($gateways_arr as &$gw) {
|
|
1098
|
if ($gw['gateway'] == $cgw4) {
|
|
1099
|
$gw['isdefaultgw'] = true;
|
|
1100
|
}
|
|
1101
|
}
|
|
1102
|
}
|
|
1103
|
if ($found_defaultv6 != 1 && is_ipaddr($cgw6)) {
|
|
1104
|
foreach($gateways_arr as &$gw) {
|
|
1105
|
if ($gw['gateway'] == $cgw6) {
|
|
1106
|
$gw['isdefaultgw'] = true;
|
|
1107
|
}
|
|
1108
|
}
|
|
1109
|
}
|
|
1110
|
|
|
1111
|
$gways = order_gateways_as_configured($gateways_arr);
|
|
1112
|
|
|
1113
|
// Add the tier names here so that system_gateways.php doesn't need to
|
|
1114
|
foreach ($gways as $idx => $gway) {
|
|
1115
|
$gways[$idx]['tiername'] = gateway_getgwtiername($gways, $idx);
|
|
1116
|
}
|
|
1117
|
|
|
1118
|
return $gways;
|
|
1119
|
}
|
|
1120
|
|
|
1121
|
function fixup_default_gateway($ipprotocol, $gateways_status, $gateways_arr) {
|
|
1122
|
global $config, $g;
|
|
1123
|
/*
|
|
1124
|
* NOTE: The code below is meant to replace the default gateway when it goes down.
|
|
1125
|
* This facilitates services running on pfSense itself and are not handled by a PBR to continue working.
|
|
1126
|
*/
|
|
1127
|
$set_dfltgwname = '';
|
|
1128
|
|
|
1129
|
if ($ipprotocol == 'inet') {
|
|
1130
|
$gwdefault = config_get_path('gateways/defaultgw4', "");
|
|
1131
|
} else {
|
|
1132
|
$gwdefault = config_get_path('gateways/defaultgw6', "");
|
|
1133
|
}
|
|
1134
|
/* do not delete dynamic (frr/bgp/ospf) route
|
|
1135
|
* see https://redmine.pfsense.org/issues/12536 */
|
|
1136
|
if ($gwdefault == "-") {
|
|
1137
|
if (!is_dynamic_route('default', $ipprotocol)) {
|
|
1138
|
route_del('default', $ipprotocol);
|
|
1139
|
}
|
|
1140
|
return;
|
|
1141
|
}
|
|
1142
|
if (isset($gateways_arr[$gwdefault])) {
|
|
1143
|
// the configured gateway is a regular one. (not a gwgroup) use it as is..
|
|
1144
|
$set_dfltgwname = $gwdefault;
|
|
1145
|
} elseif (empty($gwdefault)) {
|
|
1146
|
// 'automatic' mode, pick the first one thats 'up' or 'unmonitored' which is always considered up
|
|
1147
|
$gateways_arr = order_gateways_as_configured($gateways_arr);
|
|
1148
|
$fallback = "";
|
|
1149
|
foreach($gateways_arr as $gwname => $gwsttng) {
|
|
1150
|
if (($gwsttng['ipprotocol'] != $ipprotocol) || isset($gwsttng['force_down'])) {
|
|
1151
|
continue;
|
|
1152
|
}
|
|
1153
|
|
|
1154
|
if (isset($gwsttng['monitor_disable']) || isset($gwsttng['action_disable']) ||
|
|
1155
|
($gateways_status[$gwname]['status'] == "online")) {
|
|
1156
|
$set_dfltgwname = $gwname;
|
|
1157
|
break;
|
|
1158
|
}
|
|
1159
|
if (empty($fallback) && $gwsttng['interface'] != 'lo0') {
|
|
1160
|
$fallback = $gwname;
|
|
1161
|
}
|
|
1162
|
}
|
|
1163
|
if (empty($set_dfltgwname) && !empty($fallback)) {
|
|
1164
|
log_error(sprintf("Gateway, none 'available' for %s, use the first one configured. '%s'", $ipprotocol, $fallback));
|
|
1165
|
$set_dfltgwname = $fallback;
|
|
1166
|
} else {
|
|
1167
|
log_error("Gateway, NONE AVAILABLE");
|
|
1168
|
}
|
|
1169
|
} else {
|
|
1170
|
// a gwgroup is selected
|
|
1171
|
// find the best available gateway given options available..
|
|
1172
|
$gwg_members = array();
|
|
1173
|
$viplist = get_configured_vip_list();
|
|
1174
|
if (is_array($config['gateways']['gateway_group'])) {
|
|
1175
|
foreach ($config['gateways']['gateway_group'] as $group) {
|
|
1176
|
if ($group['name'] == $gwdefault) {
|
|
1177
|
// finds the gw members of the best available tier for this group.
|
|
1178
|
$gwg_members = get_gwgroup_members_inner($group, $gateways_status, $gateways_arr, $viplist);
|
|
1179
|
}
|
|
1180
|
}
|
|
1181
|
}
|
|
1182
|
|
|
1183
|
if (count($gwg_members) > 0) {
|
|
1184
|
$currentdefaultgwip = route_get_default($ipprotocol);
|
|
1185
|
$found_current = false;
|
|
1186
|
foreach($gwg_members as $gwgroupitem) {
|
|
1187
|
if (!empty($currentdefaultgwip) &&
|
|
1188
|
is_array($gwgroupitem) &&
|
|
1189
|
($gwgroupitem['gwip'] == $currentdefaultgwip)) {
|
|
1190
|
$set_dfltgwname = $gwgroupitem['gw'];
|
|
1191
|
$found_current = true;
|
|
1192
|
if (isset($config['system']['gw-debug'])) {
|
|
1193
|
log_error("Keep current gateway, its already part of the group members.");
|
|
1194
|
}
|
|
1195
|
break;
|
|
1196
|
}
|
|
1197
|
}
|
|
1198
|
if (!$found_current) {
|
|
1199
|
$set_dfltgwname = $gwg_members[0]['gw'];
|
|
1200
|
log_error(sprintf("Gateway, switch to: %s", $set_dfltgwname));
|
|
1201
|
}
|
|
1202
|
} else {
|
|
1203
|
log_error("Gateway, NONE AVAILABLE");
|
|
1204
|
}
|
|
1205
|
}
|
|
1206
|
if (!empty($set_dfltgwname) && isset($gateways_arr[$set_dfltgwname])) {
|
|
1207
|
setdefaultgateway($gateways_arr[$set_dfltgwname]);
|
|
1208
|
} elseif (empty($set_dfltgwname)) {
|
|
1209
|
route_del('default', $ipprotocol);
|
|
1210
|
}
|
|
1211
|
}
|
|
1212
|
|
|
1213
|
function setdefaultgateway($gw) {
|
|
1214
|
global $g, $config;
|
|
1215
|
if (isset($config['system']['route-debug'])) {
|
|
1216
|
file_put_contents("/dev/console", "\n[".getmypid()."] SET DEF GW: {$gw['name']}");
|
|
1217
|
}
|
|
1218
|
$ipprotocol = $gw['ipprotocol'];
|
|
1219
|
if ($gw['gateway'] == "dynamic") {
|
|
1220
|
if ($ipprotocol == 'inet') {
|
|
1221
|
$gw['gateway'] = get_interface_gateway($gw['friendlyiface']);
|
|
1222
|
} else {
|
|
1223
|
$gw['gateway'] = get_interface_gateway_v6($$gw['friendlyiface']);
|
|
1224
|
}
|
|
1225
|
}
|
|
1226
|
if ($ipprotocol == 'inet6' && !is_ipaddrv6($gw['gateway'])) {
|
|
1227
|
return;
|
|
1228
|
}
|
|
1229
|
if ($ipprotocol == 'inet' && !is_ipaddrv4($gw['gateway'])) {
|
|
1230
|
return;
|
|
1231
|
}
|
|
1232
|
if ($ipprotocol == 'inet6') {
|
|
1233
|
if (is_linklocal($gw['gateway']) && get_ll_scope($gw['gateway']) == '') {
|
|
1234
|
$gw['gateway'] .= "%" . $gw['interface'];
|
|
1235
|
}
|
|
1236
|
}
|
|
1237
|
$currentdefaultgwip = route_get_default($ipprotocol);
|
|
1238
|
if ($currentdefaultgwip != $gw['gateway']) {
|
|
1239
|
log_error("Default gateway setting {$gw['descr']} as default.");
|
|
1240
|
|
|
1241
|
if ($ipprotocol == 'inet') {
|
|
1242
|
$inet = '';
|
|
1243
|
} else {
|
|
1244
|
$inet = 'v6';
|
|
1245
|
}
|
|
1246
|
unlink_if_exists("{$g['tmp_path']}/*_defaultgw{$inet}");
|
|
1247
|
$defaultif = get_real_interface($gw['interface']);
|
|
1248
|
if ($defaultif) {
|
|
1249
|
@file_put_contents("{$g['tmp_path']}/{$defaultif}_defaultgw{$inet}", $gw['gateway']);
|
|
1250
|
}
|
|
1251
|
|
|
1252
|
if (isset($gw["nonlocalgateway"])) {
|
|
1253
|
if (is_ipaddr($gw['gateway']) && !empty($gw['interface'])) {
|
|
1254
|
route_add_or_change($gw['gateway'], '',
|
|
1255
|
$gw['interface']);
|
|
1256
|
}
|
|
1257
|
}
|
|
1258
|
if (isset($config['system']['route-debug'])) {
|
|
1259
|
file_put_contents("/dev/console", "\n[".getmypid()."] SET DEF GW: {$gw['name']} ({$gw['gateway']})");
|
|
1260
|
}
|
|
1261
|
route_add_or_change("default", $gw['gateway'], '', '',
|
|
1262
|
$ipprotocol);
|
|
1263
|
return true;
|
|
1264
|
}
|
|
1265
|
}
|
|
1266
|
|
|
1267
|
function get_gwgroup_members_inner($group, $gateways_status, $gateways_arr, $viplist){
|
|
1268
|
$result = array();
|
|
1269
|
/* create array with group gateways members separated by tier */
|
|
1270
|
$tiers = array();
|
|
1271
|
$backupplan = array();
|
|
1272
|
$gwvip_arr = array();
|
|
1273
|
foreach ($group['item'] as $item) {
|
|
1274
|
list($gwname, $tier, $vipname) = explode("|", $item);
|
|
1275
|
|
|
1276
|
if (is_ipaddr($viplist[$vipname])) {
|
|
1277
|
if (!is_array($gwvip_arr[$group['name']])) {
|
|
1278
|
$gwvip_arr[$group['name']] = array();
|
|
1279
|
}
|
|
1280
|
$gwvip_arr[$group['name']][$gwname] = $vipname;
|
|
1281
|
}
|
|
1282
|
|
|
1283
|
/* Do it here rather than reiterating again the group in case no member is up. */
|
|
1284
|
if (!is_array($backupplan[$tier])) {
|
|
1285
|
$backupplan[$tier] = array();
|
|
1286
|
}
|
|
1287
|
$backupplan[$tier][] = $gwname;
|
|
1288
|
|
|
1289
|
/* check if the gateway is available before adding it to the array */
|
|
1290
|
if (is_array($gateways_status[$gwname])) {
|
|
1291
|
$status = $gateways_status[$gwname];
|
|
1292
|
$gwdown = false;
|
|
1293
|
if (stristr($status['status'], "down")) {
|
|
1294
|
$gwdown = true;
|
|
1295
|
switch ($status['substatus']) {
|
|
1296
|
case "highloss":
|
|
1297
|
$msg = sprintf(gettext('MONITOR: %1$s has packet loss, omitting from routing group %2$s'), $gwname, $group['name']);
|
|
1298
|
break;
|
|
1299
|
case "highdelay":
|
|
1300
|
$msg = sprintf(gettext('MONITOR: %1$s has high latency, omitting from routing group %2$s'), $gwname, $group['name']);
|
|
1301
|
break;
|
|
1302
|
default:
|
|
1303
|
$msg = sprintf(gettext('MONITOR: %1$s is down, omitting from routing group %2$s'), $gwname, $group['name']);
|
|
1304
|
}
|
|
1305
|
}
|
|
1306
|
$statuschanged = false;
|
|
1307
|
$pluginparams = array();
|
|
1308
|
$pluginparams['type'] = 'gateway';
|
|
1309
|
$pluginparams['name'] = $gwname;
|
|
1310
|
if ($gwdown == true) {
|
|
1311
|
if (!file_exists("/tmp/.down.{$gwname}")) {
|
|
1312
|
@touch("/tmp/.down.{$gwname}");
|
|
1313
|
$msg .= "\n".implode("|", $status);
|
|
1314
|
$pluginparams['event'] = 'gateway.down';
|
|
1315
|
$statuschanged = true;
|
|
1316
|
}
|
|
1317
|
} else {
|
|
1318
|
/* Online add member */
|
|
1319
|
if (!is_array($tiers[$tier])) {
|
|
1320
|
$tiers[$tier] = array();
|
|
1321
|
}
|
|
1322
|
$tiers[$tier][] = $gwname;
|
|
1323
|
if (unlink_if_exists("/tmp/.down.{$gwname}")) {
|
|
1324
|
$msg = sprintf(gettext('MONITOR: %1$s is available now, adding to routing group %2$s'), $gwname, $group['name']);
|
|
1325
|
$msg .= "\n".implode("|", $status);
|
|
1326
|
$pluginparams['event'] = 'gateway.up';
|
|
1327
|
$statuschanged = true;
|
|
1328
|
}
|
|
1329
|
}
|
|
1330
|
if ($statuschanged) {
|
|
1331
|
log_error($msg);
|
|
1332
|
notify_all_remote($msg);
|
|
1333
|
if (isset($gateways_arr[$gwname]['interface'])) {
|
|
1334
|
$pluginparams['interface'] = $gateways_arr[$gwname]['interface'];
|
|
1335
|
}
|
|
1336
|
pkg_call_plugins('plugin_gateway', $pluginparams);
|
|
1337
|
}
|
|
1338
|
} else if (isset($gateways_arr[$gwname]['monitor_disable']) || isset($gateways_arr[$gwname]['action_disable'])) {
|
|
1339
|
$tiers[$tier][] = $gwname;
|
|
1340
|
}
|
|
1341
|
}
|
|
1342
|
$tiers_count = count($tiers);
|
|
1343
|
if ($tiers_count == 0) {
|
|
1344
|
/* Oh dear, we have no members! Engage Plan B */
|
|
1345
|
if (isset($config['system']['gw-debug']) && (!platform_booting())) {
|
|
1346
|
$msg = sprintf(gettext('Gateways status could not be determined, considering all as up/active. (Group: %s)'), $group['name']);
|
|
1347
|
log_error($msg);
|
|
1348
|
}
|
|
1349
|
$tiers = $backupplan;
|
|
1350
|
}
|
|
1351
|
/* sort the tiers array by the tier key */
|
|
1352
|
ksort($tiers);
|
|
1353
|
|
|
1354
|
/* we do not really foreach the tiers as we stop after the first tier */
|
|
1355
|
foreach ($tiers as $tieridx => $tier) {
|
|
1356
|
/* process all gateways in this tier */
|
|
1357
|
foreach ($tier as $member) {
|
|
1358
|
/* determine interface gateway */
|
|
1359
|
if (isset($gateways_arr[$member])) {
|
|
1360
|
$gateway = $gateways_arr[$member];
|
|
1361
|
$int = $gateway['interface'];
|
|
1362
|
$gatewayip = "";
|
|
1363
|
if (is_ipaddr($gateway['gateway'])) {
|
|
1364
|
$gatewayip = $gateway['gateway'];
|
|
1365
|
} elseif (!empty($int)) {
|
|
1366
|
if ($gateway['ipprotocol'] == 'inet') {
|
|
1367
|
$gatewayip = get_interface_gateway($gateway['friendlyiface']);
|
|
1368
|
} else {
|
|
1369
|
$gatewayip = get_interface_gateway_v6($gateway['friendlyiface']);
|
|
1370
|
}
|
|
1371
|
}
|
|
1372
|
|
|
1373
|
if (!empty($int)) {
|
|
1374
|
$result['ipprotocol'] = $gateway['ipprotocol'];
|
|
1375
|
if (is_ipaddr($gatewayip)) {
|
|
1376
|
$groupmember = array();
|
|
1377
|
$groupmember['gw'] = $member;
|
|
1378
|
$groupmember['int'] = $int;
|
|
1379
|
$groupmember['gwip'] = $gatewayip;
|
|
1380
|
/* set correct linklocal gateway address,
|
|
1381
|
* see https://redmine.pfsense.org/issues/12721 */
|
|
1382
|
if (is_ipaddrv6($gatewayip) && is_linklocal($gatewayip) && empty(get_ll_scope($gatewayip))) {
|
|
1383
|
$groupmember['gwip'] .= '%' . $int;
|
|
1384
|
}
|
|
1385
|
$groupmember['weight'] = isset($gateway['weight']) ? $gateway['weight'] : 1;
|
|
1386
|
if (is_array($gwvip_arr[$group['name']]) && !empty($gwvip_arr[$group['name']][$member])) {
|
|
1387
|
$groupmember['vip'] = $gwvip_arr[$group['name']][$member];
|
|
1388
|
}
|
|
1389
|
$result[] = $groupmember;
|
|
1390
|
}
|
|
1391
|
}
|
|
1392
|
}
|
|
1393
|
}
|
|
1394
|
/* we should have the 1st available tier now, exit stage left */
|
|
1395
|
if (count($result) > 0) {
|
|
1396
|
break;
|
|
1397
|
} else {
|
|
1398
|
log_error(sprintf(gettext('GATEWAYS: Group %1$s did not have any gateways up on tier %2$s!'), $group['name'], $tieridx));
|
|
1399
|
}
|
|
1400
|
}
|
|
1401
|
// Add description field last to not influence the count() above
|
|
1402
|
$result['descr'] = $group['descr'];
|
|
1403
|
return $result;
|
|
1404
|
}
|
|
1405
|
|
|
1406
|
function get_gwgroup_members($groupname) {
|
|
1407
|
global $config;
|
|
1408
|
$gateways_status = return_gateways_status(true);
|
|
1409
|
$gateways_arr = return_gateways_array();
|
|
1410
|
$viplist = get_configured_vip_list();
|
|
1411
|
foreach ($config['gateways']['gateway_group'] as $group) {
|
|
1412
|
if ($group['name'] == $groupname) {
|
|
1413
|
return get_gwgroup_members_inner($group, $gateways_status, $gateways_arr, $viplist);
|
|
1414
|
}
|
|
1415
|
}
|
|
1416
|
return array();
|
|
1417
|
}
|
|
1418
|
|
|
1419
|
/*
|
|
1420
|
* Return an array with all gateway groups with name as key
|
|
1421
|
* All gateway groups will be processed before returning the array.
|
|
1422
|
*/
|
|
1423
|
function return_gateway_groups_array($fixup = false, $gways = false) {
|
|
1424
|
global $config;
|
|
1425
|
|
|
1426
|
/* fetch the current gateways status */
|
|
1427
|
if (is_array($gways)) {
|
|
1428
|
$gateways_status = $gways;
|
|
1429
|
} else {
|
|
1430
|
$gateways_status = return_gateways_status(true);
|
|
1431
|
}
|
|
1432
|
|
|
1433
|
$gateways_arr = return_gateways_array();
|
|
1434
|
$gateway_groups_array = array();
|
|
1435
|
if ($fixup == true) {
|
|
1436
|
$gw4 = lookup_gateway_or_group_by_name(config_get_path('gateways/defaultgw4', ""), $gways);
|
|
1437
|
$gw6 = lookup_gateway_or_group_by_name(config_get_path('gateways/defaultgw6', ""), $gways);
|
|
1438
|
if ($gw4 && $gw4['type'] == 'gatewaygroup') {
|
|
1439
|
fixup_default_gateway("inet", $gateways_status, $gateways_arr);
|
|
1440
|
}
|
|
1441
|
if ($gw6 && $gw6['type'] == 'gatewaygroup') {
|
|
1442
|
fixup_default_gateway("inet6", $gateways_status, $gateways_arr);
|
|
1443
|
}
|
|
1444
|
}
|
|
1445
|
init_config_arr(array('gateways', 'gateway_group'));
|
|
1446
|
if (!empty($config['gateways']['gateway_group'])) {
|
|
1447
|
$viplist = get_configured_vip_list();
|
|
1448
|
foreach ($config['gateways']['gateway_group'] as $group) {
|
|
1449
|
$gateway_groups_array[$group['name']] = get_gwgroup_members_inner($group, $gateways_status, $gateways_arr, $viplist);
|
|
1450
|
}
|
|
1451
|
}
|
|
1452
|
|
|
1453
|
return ($gateway_groups_array);
|
|
1454
|
}
|
|
1455
|
|
|
1456
|
/* Update DHCP WAN Interface ip address in gateway group item */
|
|
1457
|
function dhclient_update_gateway_groups_defaultroute($interface = "wan") {
|
|
1458
|
global $config;
|
|
1459
|
|
|
1460
|
if (is_array($config['gateways']['gateway_item'])) {
|
|
1461
|
foreach ($config['gateways']['gateway_item'] as & $gw) {
|
|
1462
|
if ($gw['interface'] != $interface) {
|
|
1463
|
continue;
|
|
1464
|
}
|
|
1465
|
|
|
1466
|
$current_gw = get_interface_gateway($interface);
|
|
1467
|
if ($gw['gateway'] <> $current_gw) {
|
|
1468
|
$gw['gateway'] = $current_gw;
|
|
1469
|
$changed = true;
|
|
1470
|
}
|
|
1471
|
}
|
|
1472
|
}
|
|
1473
|
|
|
1474
|
if ($changed && $current_gw) {
|
|
1475
|
write_config(sprintf(gettext(
|
|
1476
|
'Updating gateway group gateway for %1$s - new gateway is %2$s'),
|
|
1477
|
$interface, $current_gw));
|
|
1478
|
}
|
|
1479
|
}
|
|
1480
|
|
|
1481
|
function lookup_gateway_or_group_by_name($gwname, $gways = false) {
|
|
1482
|
global $config;
|
|
1483
|
|
|
1484
|
if (is_array($gways)) {
|
|
1485
|
$gateways_arr = $gways;
|
|
1486
|
} else {
|
|
1487
|
$gateways_arr = return_gateways_array();
|
|
1488
|
}
|
|
1489
|
|
|
1490
|
foreach ($gateways_arr as $gw) {
|
|
1491
|
if ($gw['name'] == $gwname) {
|
|
1492
|
$gw['type'] = 'gateway';
|
|
1493
|
return $gw;
|
|
1494
|
}
|
|
1495
|
}
|
|
1496
|
|
|
1497
|
init_config_arr(array('gateways', 'gateway_group'));
|
|
1498
|
foreach ($config['gateways']['gateway_group'] as $gwg) {
|
|
1499
|
if ($gwg['name'] == $gwname) {
|
|
1500
|
$gwg['type'] = 'gatewaygroup';
|
|
1501
|
return $gwg;
|
|
1502
|
}
|
|
1503
|
}
|
|
1504
|
|
|
1505
|
return false;
|
|
1506
|
}
|
|
1507
|
|
|
1508
|
function lookup_gateway_ip_by_name($name, $disabled = false) {
|
|
1509
|
|
|
1510
|
$gateways_arr = return_gateways_array($disabled, true);
|
|
1511
|
foreach ($gateways_arr as $gname => $gw) {
|
|
1512
|
if ($gw['name'] === $name || $gname === $name) {
|
|
1513
|
return $gw['gateway'];
|
|
1514
|
}
|
|
1515
|
}
|
|
1516
|
|
|
1517
|
return false;
|
|
1518
|
}
|
|
1519
|
|
|
1520
|
function lookup_gateway_monitor_ip_by_name($name) {
|
|
1521
|
|
|
1522
|
$gateways_arr = return_gateways_array(false, true);
|
|
1523
|
if (!empty($gateways_arr[$name])) {
|
|
1524
|
$gateway = $gateways_arr[$name];
|
|
1525
|
if (!is_ipaddr($gateway['monitor'])) {
|
|
1526
|
return $gateway['gateway'];
|
|
1527
|
}
|
|
1528
|
|
|
1529
|
return $gateway['monitor'];
|
|
1530
|
}
|
|
1531
|
|
|
1532
|
return (false);
|
|
1533
|
}
|
|
1534
|
|
|
1535
|
function lookup_gateway_interface_by_name($name) {
|
|
1536
|
|
|
1537
|
$gateways_arr = return_gateways_array(false, true);
|
|
1538
|
if (!empty($gateways_arr[$name])) {
|
|
1539
|
$interfacegw = $gateways_arr[$name]['friendlyiface'];
|
|
1540
|
return ($interfacegw);
|
|
1541
|
}
|
|
1542
|
|
|
1543
|
return (false);
|
|
1544
|
}
|
|
1545
|
|
|
1546
|
function get_root_interface($interface) {
|
|
1547
|
if (substr($interface, 0, 4) == '_vip') {
|
|
1548
|
$interface = get_configured_vip_interface($interface);
|
|
1549
|
if (substr($interface, 0, 4) == '_vip') {
|
|
1550
|
$interface = get_configured_vip_interface($interface);
|
|
1551
|
}
|
|
1552
|
}
|
|
1553
|
return $interface;
|
|
1554
|
}
|
|
1555
|
|
|
1556
|
function get_interface_gateway($interface, &$dynamic = false) {
|
|
1557
|
global $config, $g;
|
|
1558
|
|
|
1559
|
$interface = get_root_interface($interface);
|
|
1560
|
|
|
1561
|
$gw = NULL;
|
|
1562
|
$gwcfg = config_get_path("interfaces/{$interface}");
|
|
1563
|
if (!empty($gwcfg['gateway']) && is_array($config['gateways']['gateway_item'])) {
|
|
1564
|
foreach ($config['gateways']['gateway_item'] as $gateway) {
|
|
1565
|
if (($gateway['name'] == $gwcfg['gateway']) && (is_ipaddrv4($gateway['gateway']))) {
|
|
1566
|
$gw = $gateway['gateway'];
|
|
1567
|
break;
|
|
1568
|
}
|
|
1569
|
}
|
|
1570
|
}
|
|
1571
|
|
|
1572
|
// for dynamic interfaces we handle them through the $interface_router file.
|
|
1573
|
if (($gw == NULL || !is_ipaddrv4($gw)) && !is_ipaddrv4($gwcfg['ipaddr'])) {
|
|
1574
|
$realif = get_real_interface($interface);
|
|
1575
|
if (file_exists("{$g['tmp_path']}/{$realif}_router")) {
|
|
1576
|
$gw = trim(@file_get_contents("{$g['tmp_path']}/{$realif}_router"), " \n");
|
|
1577
|
$dynamic = true;
|
|
1578
|
}
|
|
1579
|
if (file_exists("{$g['tmp_path']}/{$realif}_defaultgw")) {
|
|
1580
|
$dynamic = "default";
|
|
1581
|
}
|
|
1582
|
|
|
1583
|
}
|
|
1584
|
|
|
1585
|
/* return gateway */
|
|
1586
|
return ($gw);
|
|
1587
|
}
|
|
1588
|
|
|
1589
|
function get_interface_gateway_last($interface, $family = 'inet') {
|
|
1590
|
global $config, $g;
|
|
1591
|
$interface = get_root_interface($interface);
|
|
1592
|
$realif = get_real_interface($interface);
|
|
1593
|
$suffix = ($family == 'inet6') ? 'v6' : '';
|
|
1594
|
if (file_exists("{$g['tmp_path']}/{$realif}_router{$suffix}.last")) {
|
|
1595
|
return trim(@file_get_contents("{$g['tmp_path']}/{$realif}_router{$suffix}.last"), " \n");
|
|
1596
|
}
|
|
1597
|
return '';
|
|
1598
|
}
|
|
1599
|
|
|
1600
|
function get_interface_gateway_v6($interface, &$dynamic = false) {
|
|
1601
|
global $config, $g;
|
|
1602
|
|
|
1603
|
$interface = get_root_interface($interface);
|
|
1604
|
|
|
1605
|
$gw = NULL;
|
|
1606
|
$gwcfg = config_get_path("interfaces/{$interface}");
|
|
1607
|
if (!empty($gwcfg['gatewayv6']) && is_array($config['gateways']['gateway_item'])) {
|
|
1608
|
foreach ($config['gateways']['gateway_item'] as $gateway) {
|
|
1609
|
if (($gateway['name'] == $gwcfg['gatewayv6']) && (is_ipaddrv6($gateway['gateway']))) {
|
|
1610
|
$gw = $gateway['gateway'];
|
|
1611
|
break;
|
|
1612
|
}
|
|
1613
|
}
|
|
1614
|
}
|
|
1615
|
|
|
1616
|
// for dynamic interfaces we handle them through the $interface_router file.
|
|
1617
|
if (($gw == NULL || !is_ipaddrv6($gw)) && !is_ipaddrv6($gwcfg['ipaddrv6'])) {
|
|
1618
|
$realif = get_real_interface($interface);
|
|
1619
|
if (file_exists("{$g['tmp_path']}/{$realif}_routerv6")) {
|
|
1620
|
$gw = trim(file_get_contents("{$g['tmp_path']}/{$realif}_routerv6"), " \n");
|
|
1621
|
$dynamic = true;
|
|
1622
|
}
|
|
1623
|
if (file_exists("{$g['tmp_path']}/{$realif}_defaultgwv6")) {
|
|
1624
|
$dynamic = "default";
|
|
1625
|
}
|
|
1626
|
}
|
|
1627
|
/* return gateway */
|
|
1628
|
return ($gw);
|
|
1629
|
}
|
|
1630
|
|
|
1631
|
/* Check a IP address against a gateway IP or name
|
|
1632
|
* to verify it's address family */
|
|
1633
|
function validate_address_family($ipaddr, $gwname, $disabled = false) {
|
|
1634
|
$v4ip = false;
|
|
1635
|
$v6ip = false;
|
|
1636
|
$v4gw = false;
|
|
1637
|
$v6gw = false;
|
|
1638
|
|
|
1639
|
if (is_ipaddrv4($ipaddr)) {
|
|
1640
|
$v4ip = true;
|
|
1641
|
}
|
|
1642
|
if (is_ipaddrv6($ipaddr)) {
|
|
1643
|
$v6ip = true;
|
|
1644
|
}
|
|
1645
|
if (is_ipaddrv4($gwname)) {
|
|
1646
|
$v4gw = true;
|
|
1647
|
}
|
|
1648
|
if (is_ipaddrv6($gwname)) {
|
|
1649
|
$v6gw = true;
|
|
1650
|
}
|
|
1651
|
|
|
1652
|
if ($v4ip && $v4gw) {
|
|
1653
|
return true;
|
|
1654
|
}
|
|
1655
|
if ($v6ip && $v6gw) {
|
|
1656
|
return true;
|
|
1657
|
}
|
|
1658
|
|
|
1659
|
/* still no match, carry on, lookup gateways */
|
|
1660
|
if (is_ipaddrv4(lookup_gateway_ip_by_name($gwname, $disabled))) {
|
|
1661
|
$v4gw = true;
|
|
1662
|
}
|
|
1663
|
if (is_ipaddrv6(lookup_gateway_ip_by_name($gwname, $disabled))) {
|
|
1664
|
$v6gw = true;
|
|
1665
|
}
|
|
1666
|
|
|
1667
|
/* Check gateways including disabled gateways and gateways for disabled
|
|
1668
|
* interfaces.
|
|
1669
|
* https://redmine.pfsense.org/issues/8846
|
|
1670
|
*/
|
|
1671
|
$gw_array = return_gateways_array(true, false, true);
|
|
1672
|
if (is_array($gw_array[$gwname])) {
|
|
1673
|
switch ($gw_array[$gwname]['ipprotocol']) {
|
|
1674
|
case "inet":
|
|
1675
|
$v4gw = true;
|
|
1676
|
break;
|
|
1677
|
case "inet6":
|
|
1678
|
$v6gw = true;
|
|
1679
|
break;
|
|
1680
|
}
|
|
1681
|
}
|
|
1682
|
|
|
1683
|
if ($v4ip && $v4gw) {
|
|
1684
|
return true;
|
|
1685
|
}
|
|
1686
|
if ($v6ip && $v6gw) {
|
|
1687
|
return true;
|
|
1688
|
}
|
|
1689
|
|
|
1690
|
return false;
|
|
1691
|
}
|
|
1692
|
|
|
1693
|
/* check if a interface is part of a gateway group */
|
|
1694
|
function interface_gateway_group_member($interface, $gwgroup_name = "") {
|
|
1695
|
global $config;
|
|
1696
|
|
|
1697
|
if (is_array($config['gateways']['gateway_group'])) {
|
|
1698
|
$groups = config_get_path('gateways/gateway_group');
|
|
1699
|
} else {
|
|
1700
|
return false;
|
|
1701
|
}
|
|
1702
|
|
|
1703
|
$gateways_arr = return_gateways_array(false, true);
|
|
1704
|
foreach ($groups as $group) {
|
|
1705
|
if (is_array($group['item'])) {
|
|
1706
|
foreach ($group['item'] as $item) {
|
|
1707
|
$elements = explode("|", $item);
|
|
1708
|
$gwname = $elements[0];
|
|
1709
|
if ($interface == $gateways_arr[$gwname]['interface'] &&
|
|
1710
|
(empty($gwgroup_name) || $gwgroup_name == $group['name'])) {
|
|
1711
|
unset($gateways_arr);
|
|
1712
|
return true;
|
|
1713
|
}
|
|
1714
|
}
|
|
1715
|
}
|
|
1716
|
}
|
|
1717
|
unset($gateways_arr);
|
|
1718
|
|
|
1719
|
return false;
|
|
1720
|
}
|
|
1721
|
|
|
1722
|
function gateway_is_gwgroup_member($name, $detail=false) {
|
|
1723
|
global $config;
|
|
1724
|
|
|
1725
|
if (is_array($config['gateways']['gateway_group'])) {
|
|
1726
|
$groups = config_get_path('gateways/gateway_group');
|
|
1727
|
} else {
|
|
1728
|
return false;
|
|
1729
|
}
|
|
1730
|
|
|
1731
|
$members = array();
|
|
1732
|
foreach ($groups as $group) {
|
|
1733
|
if (is_array($group['item'])) {
|
|
1734
|
foreach ($group['item'] as $item) {
|
|
1735
|
list($gwname, $tier, $vipname) = explode("|", $item);
|
|
1736
|
if ($name == $gwname) {
|
|
1737
|
if ($detail) {
|
|
1738
|
$newitem = array();
|
|
1739
|
$newitem['name'] = $group['name'];
|
|
1740
|
$newitem['tier'] = $tier;
|
|
1741
|
$newitem['vipname'] = $vipname;
|
|
1742
|
$members[] = $newitem;
|
|
1743
|
} else {
|
|
1744
|
$members[] = $group['name'];
|
|
1745
|
}
|
|
1746
|
}
|
|
1747
|
}
|
|
1748
|
}
|
|
1749
|
}
|
|
1750
|
|
|
1751
|
return $members;
|
|
1752
|
}
|
|
1753
|
/*
|
|
1754
|
Check the proposed gateway settings to see if they are valid.
|
|
1755
|
$gateway_settings - the proposed array of proposed gateway settings
|
|
1756
|
$id - the index of the gateway proposed to be modified (otherwise "" if adding a new gateway)
|
|
1757
|
$parent_ip - the IP (v4 or v6) address about to be set on the corresponding interface (if any)
|
|
1758
|
$parent_sn - the subnet about to be set on the corresponding interface (if any)
|
|
1759
|
(Note: the above 2 parameters allow gateway parameters to be validated concurrently with saving
|
|
1760
|
an interface, before the new interface parameters are actually saved in the config.)
|
|
1761
|
Return completed $input_errors array if there is any problem.
|
|
1762
|
Otherwise return an empty $input_errors array
|
|
1763
|
*/
|
|
1764
|
function validate_gateway($gateway_settings, $id = "", $parent_ip = "", $parent_sn = "") {
|
|
1765
|
global $config, $gateway_state_kill_modes;
|
|
1766
|
|
|
1767
|
$a_gateways = return_gateways_array(true, false, true, true);
|
|
1768
|
$input_errors = array();
|
|
1769
|
|
|
1770
|
/* input validation */
|
|
1771
|
$reqdfields = explode(" ", "name interface");
|
|
1772
|
$reqdfieldsn = array(gettext("Name"), gettext("Interface"));
|
|
1773
|
|
|
1774
|
do_input_validation($gateway_settings, $reqdfields, $reqdfieldsn, $input_errors);
|
|
1775
|
|
|
1776
|
if (!isset($gateway_settings['name'])) {
|
|
1777
|
$input_errors[] = "A valid gateway name must be specified.";
|
|
1778
|
}
|
|
1779
|
if (!is_validaliasname($gateway_settings['name'])) {
|
|
1780
|
$input_errors[] = invalidaliasnamemsg($gateway_settings['name'], gettext("gateway"));
|
|
1781
|
} else if (isset($gateway_settings['disabled'])) {
|
|
1782
|
// We have a valid gateway name that the user wants to mark as disabled.
|
|
1783
|
// Check if the gateway name is used in any gateway group.
|
|
1784
|
foreach (config_get_path('gateways/gateway_group', []) as $group) {
|
|
1785
|
foreach ($group['item'] as $item) {
|
|
1786
|
$items = explode("|", $item);
|
|
1787
|
if ($items[0] == $gateway_settings['name']) {
|
|
1788
|
$input_errors[] = sprintf(gettext('Gateway "%1$s" cannot be disabled because it is in use on Gateway Group "%2$s"'), $gateway_settings['name'], $group['name']);
|
|
1789
|
}
|
|
1790
|
}
|
|
1791
|
}
|
|
1792
|
|
|
1793
|
// Check if the gateway name is used in any enabled Static Route.
|
|
1794
|
foreach (config_get_path('staticroutes/route', []) as $route) {
|
|
1795
|
if ($route['gateway'] == $gateway_settings['name']) {
|
|
1796
|
if (!isset($route['disabled'])) {
|
|
1797
|
// There is a static route that uses this gateway and is enabled (not disabled).
|
|
1798
|
$input_errors[] = sprintf(gettext('Gateway "%1$s" cannot be disabled because it is in use on Static Route "%2$s"'), $gateway_settings['name'], $route['network']);
|
|
1799
|
}
|
|
1800
|
}
|
|
1801
|
}
|
|
1802
|
|
|
1803
|
// Check if the gateway name is used by any DNS Server
|
|
1804
|
$dnsgw_counter = 1;
|
|
1805
|
while (isset($config["system"]["dns{$dnsgw_counter}gw"])) {
|
|
1806
|
if ($gateway_settings['name'] == $config["system"]["dns{$dnsgw_counter}gw"]) {
|
|
1807
|
// The user wants to disable this gateway, but there is a static route to the DNS server that refers to the gateway.
|
|
1808
|
$input_errors[] = sprintf(gettext('Gateway "%1$s" cannot be disabled because it is in use by DNS Server "%2$s"'), $gateway_settings['name'], $config["system"]["dns{$dnsgw_counter}gw"]);
|
|
1809
|
}
|
|
1810
|
$dnsgw_counter++;
|
|
1811
|
}
|
|
1812
|
}
|
|
1813
|
/* skip system gateways which have been automatically added */
|
|
1814
|
if (($gateway_settings['gateway'] && (!is_ipaddr($gateway_settings['gateway'])) && ($gateway_settings['attribute'] !== "system")) && ($gateway_settings['gateway'] != "dynamic")) {
|
|
1815
|
$input_errors[] = gettext("A valid gateway IP address must be specified.");
|
|
1816
|
}
|
|
1817
|
|
|
1818
|
if ($gateway_settings['gateway'] && is_ipaddr($gateway_settings['gateway'])) {
|
|
1819
|
if (is_ipaddrv4($gateway_settings['gateway'])) {
|
|
1820
|
if ($parent_ip == '') {
|
|
1821
|
$parent_ip = get_interface_ip($gateway_settings['interface']);
|
|
1822
|
$parent_sn = get_interface_subnet($gateway_settings['interface']);
|
|
1823
|
}
|
|
1824
|
if (empty($parent_ip) || empty($parent_sn)) {
|
|
1825
|
$input_errors[] = gettext("Cannot add IPv4 Gateway Address because no IPv4 address could be found on the interface.");
|
|
1826
|
} elseif (!isset($gateway_settings["nonlocalgateway"])) {
|
|
1827
|
$subnets = array(gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn);
|
|
1828
|
$vips = link_interface_to_vips($gateway_settings['interface']);
|
|
1829
|
if (is_array($vips)) {
|
|
1830
|
foreach ($vips as $vip) {
|
|
1831
|
if (!is_ipaddrv4($vip['subnet'])) {
|
|
1832
|
continue;
|
|
1833
|
}
|
|
1834
|
$subnets[] = gen_subnet($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'];
|
|
1835
|
}
|
|
1836
|
}
|
|
1837
|
|
|
1838
|
$found = false;
|
|
1839
|
foreach ($subnets as $subnet) {
|
|
1840
|
if (ip_in_subnet($gateway_settings['gateway'], $subnet)) {
|
|
1841
|
$found = true;
|
|
1842
|
break;
|
|
1843
|
}
|
|
1844
|
}
|
|
1845
|
|
|
1846
|
if ($found === false) {
|
|
1847
|
$input_errors[] = sprintf(gettext("The gateway address %s does not lie within one of the chosen interface's subnets."), $gateway_settings['gateway']);
|
|
1848
|
}
|
|
1849
|
}
|
|
1850
|
} else if (is_ipaddrv6($gateway_settings['gateway'])) {
|
|
1851
|
/* do not do a subnet match on a link local address, it's valid */
|
|
1852
|
if (!is_linklocal($gateway_settings['gateway'])) {
|
|
1853
|
if ($parent_ip == '') {
|
|
1854
|
$parent_ip = get_interface_ipv6($gateway_settings['interface']);
|
|
1855
|
$parent_sn = get_interface_subnetv6($gateway_settings['interface']);
|
|
1856
|
}
|
|
1857
|
if (empty($parent_ip) || empty($parent_sn)) {
|
|
1858
|
$input_errors[] = gettext("Cannot add IPv6 Gateway Address because no IPv6 address could be found on the interface.");
|
|
1859
|
} elseif (!isset($gateway_settings["nonlocalgateway"])) {
|
|
1860
|
$subnets = array(gen_subnetv6($parent_ip, $parent_sn) . "/" . $parent_sn);
|
|
1861
|
$vips = link_interface_to_vips($gateway_settings['interface']);
|
|
1862
|
if (is_array($vips)) {
|
|
1863
|
foreach ($vips as $vip) {
|
|
1864
|
if (!is_ipaddrv6($vip['subnet'])) {
|
|
1865
|
continue;
|
|
1866
|
}
|
|
1867
|
$subnets[] = gen_subnetv6($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'];
|
|
1868
|
}
|
|
1869
|
}
|
|
1870
|
|
|
1871
|
$found = false;
|
|
1872
|
foreach ($subnets as $subnet) {
|
|
1873
|
if (ip_in_subnet($gateway_settings['gateway'], $subnet)) {
|
|
1874
|
$found = true;
|
|
1875
|
break;
|
|
1876
|
}
|
|
1877
|
}
|
|
1878
|
|
|
1879
|
if ($found === false) {
|
|
1880
|
$input_errors[] = sprintf(gettext("The gateway address %s does not lie within one of the chosen interface's subnets."), $gateway_settings['gateway']);
|
|
1881
|
}
|
|
1882
|
}
|
|
1883
|
}
|
|
1884
|
}
|
|
1885
|
|
|
1886
|
if (!empty($config['interfaces'][$gateway_settings['interface']]['ipaddr'])) {
|
|
1887
|
if (is_ipaddr($config['interfaces'][$gateway_settings['interface']]['ipaddr']) && (empty($gateway_settings['gateway']) || $gateway_settings['gateway'] == "dynamic")) {
|
|
1888
|
$input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv4 configuration.");
|
|
1889
|
}
|
|
1890
|
}
|
|
1891
|
if (!empty($config['interfaces'][$gateway_settings['interface']]['ipaddrv6'])) {
|
|
1892
|
if (is_ipaddr($config['interfaces'][$gateway_settings['interface']]['ipaddrv6']) && (empty($gateway_settings['gateway']) || $gateway_settings['gateway'] == "dynamic")) {
|
|
1893
|
$input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv6 configuration.");
|
|
1894
|
}
|
|
1895
|
}
|
|
1896
|
}
|
|
1897
|
if (($gateway_settings['monitor'] != "") && ($gateway_settings['monitor'] != "dynamic")) {
|
|
1898
|
validateipaddr($gateway_settings['monitor'], IPV4V6, "Monitor IP", $input_errors, false);
|
|
1899
|
}
|
|
1900
|
if (isset($gateway_settings['data_payload']) && is_numeric($gateway_settings['data_payload']) && $gateway_settings['data_payload'] < 0) {
|
|
1901
|
$input_errors[] = gettext("A valid data payload must be specified.");
|
|
1902
|
}
|
|
1903
|
if (!empty($gateway_settings['skip_rules_gw_down']) && !array_key_exists($gateway_settings['skip_rules_gw_down'], $gateway_state_kill_modes)) {
|
|
1904
|
$input_errors[] = gettext("Please select a valid State Killing on Gateway Failure mode.");
|
|
1905
|
}
|
|
1906
|
/* only allow correct IPv4 and IPv6 gateway addresses */
|
|
1907
|
if (($gateway_settings['gateway'] <> "") && is_ipaddr($gateway_settings['gateway']) && $gateway_settings['gateway'] != "dynamic") {
|
|
1908
|
if (is_ipaddrv6($gateway_settings['gateway']) && ($gateway_settings['ipprotocol'] == "inet")) {
|
|
1909
|
$input_errors[] = sprintf(gettext("The IPv6 gateway address '%s' can not be used as a IPv4 gateway."), $gateway_settings['gateway']);
|
|
1910
|
}
|
|
1911
|
if (is_ipaddrv4($gateway_settings['gateway']) && ($gateway_settings['ipprotocol'] == "inet6")) {
|
|
1912
|
$input_errors[] = sprintf(gettext("The IPv4 gateway address '%s' can not be used as a IPv6 gateway."), $gateway_settings['gateway']);
|
|
1913
|
}
|
|
1914
|
}
|
|
1915
|
/* only allow correct IPv4 and IPv6 monitor addresses */
|
|
1916
|
if (($gateway_settings['monitor'] <> "") && is_ipaddr($gateway_settings['monitor']) && $gateway_settings['monitor'] != "dynamic") {
|
|
1917
|
if (is_ipaddrv6($gateway_settings['monitor']) && ($gateway_settings['ipprotocol'] == "inet")) {
|
|
1918
|
$input_errors[] = sprintf(gettext("The IPv6 monitor address '%s' can not be used on a IPv4 gateway."), $gateway_settings['monitor']);
|
|
1919
|
}
|
|
1920
|
if (is_ipaddrv4($gateway_settings['monitor']) && ($gateway_settings['ipprotocol'] == "inet6")) {
|
|
1921
|
$input_errors[] = sprintf(gettext("The IPv4 monitor address '%s' can not be used on a IPv6 gateway."), $gateway_settings['monitor']);
|
|
1922
|
}
|
|
1923
|
}
|
|
1924
|
|
|
1925
|
if (isset($gateway_settings['name'])) {
|
|
1926
|
/* check for overlaps */
|
|
1927
|
foreach ($a_gateways as $gateway) {
|
|
1928
|
if (isset($id) && ($a_gateways[$id]) && ($a_gateways[$id] === $gateway)) {
|
|
1929
|
if ($gateway['name'] != $gateway_settings['name']) {
|
|
1930
|
$input_errors[] = gettext("Changing name on a gateway is not allowed.");
|
|
1931
|
}
|
|
1932
|
continue;
|
|
1933
|
}
|
|
1934
|
if ($gateway_settings['name'] <> "") {
|
|
1935
|
if (($gateway['name'] <> "") && ($gateway_settings['name'] == $gateway['name']) && ($gateway['attribute'] !== "system")) {
|
|
1936
|
$input_errors[] = sprintf(gettext('The gateway name "%s" already exists.'), $gateway_settings['name']);
|
|
1937
|
break;
|
|
1938
|
}
|
|
1939
|
}
|
|
1940
|
if (is_ipaddr($gateway_settings['gateway'])) {
|
|
1941
|
if (($gateway['gateway'] <> "") && ($gateway_settings['gateway'] == $gateway['gateway']) && ($gateway['attribute'] !== "system")) {
|
|
1942
|
$input_errors[] = sprintf(gettext('The gateway IP address "%s" already exists.'), $gateway_settings['gateway']);
|
|
1943
|
break;
|
|
1944
|
}
|
|
1945
|
}
|
|
1946
|
if (is_ipaddr($gateway_settings['monitor'])) {
|
|
1947
|
if (($gateway['monitor'] <> "") && ($gateway_settings['monitor'] == $gateway['monitor']) && ($gateway['attribute'] !== "system")) {
|
|
1948
|
$input_errors[] = sprintf(gettext('The monitor IP address "%s" is already in use. A different monitor IP must be chosen.'), $gateway_settings['monitor']);
|
|
1949
|
break;
|
|
1950
|
}
|
|
1951
|
}
|
|
1952
|
}
|
|
1953
|
}
|
|
1954
|
|
|
1955
|
/* input validation of dpinger advanced parameters */
|
|
1956
|
|
|
1957
|
$dpinger_default = return_dpinger_defaults();
|
|
1958
|
$latencylow = $dpinger_default['latencylow'];
|
|
1959
|
if ($gateway_settings['latencylow']) {
|
|
1960
|
if (!is_numeric($gateway_settings['latencylow'])) {
|
|
1961
|
$input_errors[] = gettext("The low latency threshold needs to be a numeric value.");
|
|
1962
|
} else if ($gateway_settings['latencylow'] < 1) {
|
|
1963
|
$input_errors[] = gettext("The low latency threshold needs to be positive.");
|
|
1964
|
} else {
|
|
1965
|
$latencylow = $gateway_settings['latencylow'];
|
|
1966
|
}
|
|
1967
|
}
|
|
1968
|
|
|
1969
|
$latencyhigh = $dpinger_default['latencyhigh'];
|
|
1970
|
if ($gateway_settings['latencyhigh']) {
|
|
1971
|
if (!is_numeric($gateway_settings['latencyhigh'])) {
|
|
1972
|
$input_errors[] = gettext("The high latency threshold needs to be a numeric value.");
|
|
1973
|
} else if ($gateway_settings['latencyhigh'] < 1) {
|
|
1974
|
$input_errors[] = gettext("The high latency threshold needs to be positive.");
|
|
1975
|
} else {
|
|
1976
|
$latencyhigh = $gateway_settings['latencyhigh'];
|
|
1977
|
}
|
|
1978
|
}
|
|
1979
|
|
|
1980
|
$losslow = $dpinger_default['losslow'];
|
|
1981
|
if ($gateway_settings['losslow']) {
|
|
1982
|
if (!is_numeric($gateway_settings['losslow'])) {
|
|
1983
|
$input_errors[] = gettext("The low Packet Loss threshold needs to be a numeric value.");
|
|
1984
|
} else if ($gateway_settings['losslow'] < 1) {
|
|
1985
|
$input_errors[] = gettext("The low Packet Loss threshold needs to be positive.");
|
|
1986
|
} else if ($gateway_settings['losslow'] >= 100) {
|
|
1987
|
$input_errors[] = gettext("The low Packet Loss threshold needs to be less than 100.");
|
|
1988
|
} else {
|
|
1989
|
$losslow = $gateway_settings['losslow'];
|
|
1990
|
}
|
|
1991
|
}
|
|
1992
|
|
|
1993
|
$losshigh = $dpinger_default['losshigh'];
|
|
1994
|
if ($gateway_settings['losshigh']) {
|
|
1995
|
if (!is_numeric($gateway_settings['losshigh'])) {
|
|
1996
|
$input_errors[] = gettext("The high Packet Loss threshold needs to be a numeric value.");
|
|
1997
|
} else if ($gateway_settings['losshigh'] < 1) {
|
|
1998
|
$input_errors[] = gettext("The high Packet Loss threshold needs to be positive.");
|
|
1999
|
} else if ($gateway_settings['losshigh'] > 100) {
|
|
2000
|
$input_errors[] = gettext("The high Packet Loss threshold needs to be 100 or less.");
|
|
2001
|
} else {
|
|
2002
|
$losshigh = $gateway_settings['losshigh'];
|
|
2003
|
}
|
|
2004
|
}
|
|
2005
|
|
|
2006
|
$time_period = $dpinger_default['time_period'];
|
|
2007
|
if ($gateway_settings['time_period']) {
|
|
2008
|
if (!is_numeric($gateway_settings['time_period'])) {
|
|
2009
|
$input_errors[] = gettext("The time period over which results are averaged needs to be a numeric value.");
|
|
2010
|
} else if ($gateway_settings['time_period'] < 1) {
|
|
2011
|
$input_errors[] = gettext("The time period over which results are averaged needs to be positive.");
|
|
2012
|
} else {
|
|
2013
|
$time_period = $gateway_settings['time_period'];
|
|
2014
|
}
|
|
2015
|
}
|
|
2016
|
|
|
2017
|
$interval = $dpinger_default['interval'];
|
|
2018
|
if ($gateway_settings['interval']) {
|
|
2019
|
if (!is_numeric($gateway_settings['interval'])) {
|
|
2020
|
$input_errors[] = gettext("The probe interval needs to be a numeric value.");
|
|
2021
|
} else if ($gateway_settings['interval'] < 1) {
|
|
2022
|
$input_errors[] = gettext("The probe interval needs to be positive.");
|
|
2023
|
} else {
|
|
2024
|
$interval = $gateway_settings['interval'];
|
|
2025
|
}
|
|
2026
|
}
|
|
2027
|
|
|
2028
|
$loss_interval = $dpinger_default['loss_interval'];
|
|
2029
|
if ($gateway_settings['loss_interval']) {
|
|
2030
|
if (!is_numeric($gateway_settings['loss_interval'])) {
|
|
2031
|
$input_errors[] = gettext("The loss interval needs to be a numeric value.");
|
|
2032
|
} else if ($gateway_settings['loss_interval'] < 1) {
|
|
2033
|
$input_errors[] = gettext("The loss interval setting needs to be positive.");
|
|
2034
|
} else {
|
|
2035
|
$loss_interval = $gateway_settings['loss_interval'];
|
|
2036
|
}
|
|
2037
|
}
|
|
2038
|
|
|
2039
|
$alert_interval = $dpinger_default['alert_interval'];
|
|
2040
|
if ($gateway_settings['alert_interval']) {
|
|
2041
|
if (!is_numeric($gateway_settings['alert_interval'])) {
|
|
2042
|
$input_errors[] = gettext("The alert interval needs to be a numeric value.");
|
|
2043
|
} else if ($gateway_settings['alert_interval'] < 1) {
|
|
2044
|
$input_errors[] = gettext("The alert interval setting needs to be positive.");
|
|
2045
|
} else {
|
|
2046
|
$alert_interval = $gateway_settings['alert_interval'];
|
|
2047
|
}
|
|
2048
|
}
|
|
2049
|
|
|
2050
|
if ($latencylow >= $latencyhigh) {
|
|
2051
|
$input_errors[] = gettext(
|
|
2052
|
"The high latency threshold needs to be greater than the low latency threshold");
|
|
2053
|
}
|
|
2054
|
|
|
2055
|
if ($losslow >= $losshigh) {
|
|
2056
|
$input_errors[] = gettext(
|
|
2057
|
"The high packet loss threshold needs to be higher than the low packet loss threshold");
|
|
2058
|
}
|
|
2059
|
|
|
2060
|
// If the loss interval is less than latencyhigh, then high latency could never be recorded
|
|
2061
|
// because those high latency packets would be considered as lost. So do not allow that.
|
|
2062
|
if ($latencyhigh > $loss_interval) {
|
|
2063
|
$input_errors[] = gettext("The loss interval needs to be greater than or equal to the high latency threshold.");
|
|
2064
|
}
|
|
2065
|
|
|
2066
|
// Ensure that the time period is greater than 2 times the probe interval plus the loss interval.
|
|
2067
|
if (($interval * 2 + $loss_interval) >= $time_period) {
|
|
2068
|
$input_errors[] = gettext("The time period needs to be greater than twice the probe interval plus the loss interval.");
|
|
2069
|
}
|
|
2070
|
|
|
2071
|
// There is no point recalculating the average latency and loss more often than the probe interval.
|
|
2072
|
// So the alert interval needs to be >= probe interval.
|
|
2073
|
if ($interval > $alert_interval) {
|
|
2074
|
$input_errors[] = gettext("The alert interval needs to be greater than or equal to the probe interval.");
|
|
2075
|
}
|
|
2076
|
|
|
2077
|
return $input_errors;
|
|
2078
|
}
|
|
2079
|
|
|
2080
|
// Save gateway settings.
|
|
2081
|
// $gateway_settings - the array of gateway setting parameters
|
|
2082
|
// $realid - the index of the gateway to be modified (otherwise "" if adding a new gateway)
|
|
2083
|
|
|
2084
|
// This function is responsible to:
|
|
2085
|
// Setup the gateway parameter structure from the gateway settings input parameter
|
|
2086
|
// Save the structure into the config
|
|
2087
|
// Remove any run-time settings from gateway parameters that are changed (e.g. remove routes to addresses that are changing)
|
|
2088
|
|
|
2089
|
// A subsequent "apply" step will implement the added/changed gateway.
|
|
2090
|
|
|
2091
|
function save_gateway($gateway_settings, $realid = "") {
|
|
2092
|
global $config;
|
|
2093
|
|
|
2094
|
init_config_arr(array('gateways', 'gateway_item'));
|
|
2095
|
$a_gateway_item = &$config['gateways']['gateway_item'];
|
|
2096
|
$reloadif = "";
|
|
2097
|
$gateway = array();
|
|
2098
|
|
|
2099
|
if (empty($gateway_settings['interface'])) {
|
|
2100
|
$gateway['interface'] = $gateway_settings['friendlyiface'];
|
|
2101
|
} else {
|
|
2102
|
$gateway['interface'] = $gateway_settings['interface'];
|
|
2103
|
}
|
|
2104
|
if (is_ipaddr($gateway_settings['gateway'])) {
|
|
2105
|
$gateway['gateway'] = $gateway_settings['gateway'];
|
|
2106
|
} else {
|
|
2107
|
$gateway['gateway'] = "dynamic";
|
|
2108
|
}
|
|
2109
|
$gateway['name'] = $gateway_settings['name'];
|
|
2110
|
$gateway['weight'] = $gateway_settings['weight'];
|
|
2111
|
$gateway['ipprotocol'] = $gateway_settings['ipprotocol'];
|
|
2112
|
if ($gateway_settings['interval']) {
|
|
2113
|
$gateway['interval'] = $gateway_settings['interval'];
|
|
2114
|
}
|
|
2115
|
|
|
2116
|
if ($gateway_settings['time_period']) {
|
|
2117
|
$gateway['time_period'] = $gateway_settings['time_period'];
|
|
2118
|
}
|
|
2119
|
if ($gateway_settings['alert_interval']) {
|
|
2120
|
$gateway['alert_interval'] = $gateway_settings['alert_interval'];
|
|
2121
|
}
|
|
2122
|
|
|
2123
|
$gateway['descr'] = $gateway_settings['descr'];
|
|
2124
|
if ($gateway_settings['monitor_disable'] == "yes") {
|
|
2125
|
$gateway['monitor_disable'] = true;
|
|
2126
|
}
|
|
2127
|
if ($gateway_settings['action_disable'] == "yes") {
|
|
2128
|
$gateway['action_disable'] = true;
|
|
2129
|
}
|
|
2130
|
if ($gateway_settings['nonlocalgateway'] == "yes") {
|
|
2131
|
$gateway['nonlocalgateway'] = true;
|
|
2132
|
}
|
|
2133
|
if ($gateway_settings['dpinger_dont_add_static_route'] == "yes") {
|
|
2134
|
$gateway['dpinger_dont_add_static_route'] = true;
|
|
2135
|
}
|
|
2136
|
if ($gateway_settings['force_down'] == "yes") {
|
|
2137
|
$gateway['force_down'] = true;
|
|
2138
|
}
|
|
2139
|
$gateway['gw_down_kill_states'] = $gateway_settings['gw_down_kill_states'];
|
|
2140
|
if (is_ipaddr($gateway_settings['monitor'])) {
|
|
2141
|
$gateway['monitor'] = $gateway_settings['monitor'];
|
|
2142
|
}
|
|
2143
|
if (isset($gateway_settings['data_payload']) && is_numeric($gateway_settings['data_payload']) && $gateway_settings['data_payload'] >= 0) {
|
|
2144
|
$gateway['data_payload'] = $gateway_settings['data_payload'];
|
|
2145
|
}
|
|
2146
|
|
|
2147
|
/* NOTE: If gateway ip is changed need to cleanup the old static interface route */
|
|
2148
|
if ($gateway_settings['monitor'] != "dynamic" &&
|
|
2149
|
!empty($a_gateway_item[$realid]) &&
|
|
2150
|
is_ipaddr($a_gateway_item[$realid]['gateway']) &&
|
|
2151
|
$gateway['gateway'] != $a_gateway_item[$realid]['gateway'] &&
|
|
2152
|
isset($a_gateway_item[$realid]["nonlocalgateway"])) {
|
|
2153
|
route_del($a_gateway_item[$realid]['gateway']);
|
|
2154
|
}
|
|
2155
|
|
|
2156
|
/* NOTE: If monitor ip is changed need to cleanup the old static route */
|
|
2157
|
if ($gateway_settings['monitor'] != "dynamic" &&
|
|
2158
|
!empty($a_gateway_item[$realid]) &&
|
|
2159
|
is_ipaddr($a_gateway_item[$realid]['monitor']) &&
|
|
2160
|
$gateway_settings['monitor'] != $a_gateway_item[$realid]['monitor'] &&
|
|
2161
|
$gateway['gateway'] != $a_gateway_item[$realid]['monitor']) {
|
|
2162
|
route_del($a_gateway_item[$realid]['monitor']);
|
|
2163
|
}
|
|
2164
|
|
|
2165
|
if ($gateway_settings['defaultgw'] == "yes" || $gateway_settings['defaultgw'] == "on") {
|
|
2166
|
// a new default gateway is being saved.
|
|
2167
|
$i = 0;
|
|
2168
|
/* remove the default gateway bits for all gateways with the same address family */
|
|
2169
|
if (is_array($a_gateway_item)) {
|
|
2170
|
foreach ($a_gateway_item as $gw) {
|
|
2171
|
if ($gateway['ipprotocol'] == $gw['ipprotocol']) {
|
|
2172
|
if ($gw['interface'] != $gateway_settings['interface'] &&
|
|
2173
|
($gw['name'] == config_get_path('gateways/defaultgw4', "") ||
|
|
2174
|
$gw['name'] == config_get_path('gateways/defaultgw6', ""))) {
|
|
2175
|
// remember the old default gateway interface to call with a "interface reconfigure" event.
|
|
2176
|
$reloadif = $gw['interface'];
|
|
2177
|
}
|
|
2178
|
}
|
|
2179
|
$i++;
|
|
2180
|
}
|
|
2181
|
}
|
|
2182
|
if ($gateway['ipprotocol'] == "inet") {
|
|
2183
|
config_set_path('gateways/defaultgw4', $gateway['name']);
|
|
2184
|
} elseif ($gateway['ipprotocol'] == "inet6") {
|
|
2185
|
config_set_path('gateways/defaultgw4', $gateway['name']);
|
|
2186
|
}
|
|
2187
|
}
|
|
2188
|
|
|
2189
|
if ($gateway_settings['latencylow']) {
|
|
2190
|
$gateway['latencylow'] = $gateway_settings['latencylow'];
|
|
2191
|
}
|
|
2192
|
if ($gateway_settings['latencyhigh']) {
|
|
2193
|
$gateway['latencyhigh'] = $gateway_settings['latencyhigh'];
|
|
2194
|
}
|
|
2195
|
if ($gateway_settings['losslow']) {
|
|
2196
|
$gateway['losslow'] = $gateway_settings['losslow'];
|
|
2197
|
}
|
|
2198
|
if ($gateway_settings['losshigh']) {
|
|
2199
|
$gateway['losshigh'] = $gateway_settings['losshigh'];
|
|
2200
|
}
|
|
2201
|
if ($gateway_settings['loss_interval']) {
|
|
2202
|
$gateway['loss_interval'] = $gateway_settings['loss_interval'];
|
|
2203
|
}
|
|
2204
|
|
|
2205
|
/* reload IPsec and OpenVPN on gateway IP, 'Mark Gateway as Down', or 'Disabled' option change
|
|
2206
|
* see https://redmine.pfsense.org/issues/13076 */
|
|
2207
|
if (!empty($a_gateway_item[$realid]) &&
|
|
2208
|
(isset($gateway['disabled']) ^ isset($a_gateway_item[$realid]['disabled'])) ||
|
|
2209
|
(!isset($a_gateway_item[$realid]['disabled']) &&
|
|
2210
|
((($gateway['monitor'] != "dynamic") &&
|
|
2211
|
is_ipaddr($a_gateway_item[$realid]['gateway']) &&
|
|
2212
|
($gateway['gateway'] != $a_gateway_item[$realid]['gateway'])) ||
|
|
2213
|
(isset($gateway['force_down']) ^ isset($a_gateway_item[$realid]['force_down']))))) {
|
|
2214
|
$reloadvpn = true;
|
|
2215
|
}
|
|
2216
|
|
|
2217
|
/* when saving the manual gateway we use the attribute which has the corresponding id */
|
|
2218
|
if (isset($realid) && $a_gateway_item[$realid]) {
|
|
2219
|
$preserve_disabled = isset($a_gateway_item[$realid]['disabled']);
|
|
2220
|
$a_gateway_item[$realid] = $gateway;
|
|
2221
|
if ($preserve_disabled) {
|
|
2222
|
$a_gateway_item[$realid]['disabled'] = true;
|
|
2223
|
}
|
|
2224
|
} else {
|
|
2225
|
$a_gateway_item[] = $gateway;
|
|
2226
|
}
|
|
2227
|
gateway_set_enabled($gateway_settings['name'], !isset($gateway_settings['disabled']));
|
|
2228
|
|
|
2229
|
mark_subsystem_dirty('staticroutes');
|
|
2230
|
|
|
2231
|
write_config("Gateway settings changed");
|
|
2232
|
|
|
2233
|
if ($reloadvpn) {
|
|
2234
|
send_event("service reload ipsec " . escapeshellarg($gateway['name']));
|
|
2235
|
send_event("service reload openvpn " . escapeshellarg($gateway['name']));
|
|
2236
|
}
|
|
2237
|
|
|
2238
|
if (!empty($reloadif)) {
|
|
2239
|
send_event("interface reconfigure {$reloadif}");
|
|
2240
|
}
|
|
2241
|
}
|
|
2242
|
|
|
2243
|
function gateway_set_enabled($name, $enabled) {
|
|
2244
|
global $config;
|
|
2245
|
if (is_array($config['gateways']['gateway_item'])) {
|
|
2246
|
foreach($config['gateways']['gateway_item'] as &$item) {
|
|
2247
|
if ($item['name'] == $name) {
|
|
2248
|
$gateway = &$item;
|
|
2249
|
}
|
|
2250
|
}
|
|
2251
|
}
|
|
2252
|
if (!isset($gateway)) {
|
|
2253
|
return;
|
|
2254
|
}
|
|
2255
|
if ($enabled) {
|
|
2256
|
unset($gateway['disabled']);
|
|
2257
|
} else {
|
|
2258
|
/* Check if the gateway was enabled but changed to disabled. */
|
|
2259
|
if (!isset($gateway['disabled'])) {
|
|
2260
|
/* If the disabled gateway was the default route, remove the default route */
|
|
2261
|
if (is_ipaddr($gateway['gateway'])) {
|
|
2262
|
$inet = (!is_ipaddrv4($gateway['gateway']) ? 'inet6' : 'inet');
|
|
2263
|
if ($inet == 'inet') {
|
|
2264
|
$cgw = route_get_default('inet');
|
|
2265
|
} else {
|
|
2266
|
$cgw = route_get_default('inet6');
|
|
2267
|
}
|
|
2268
|
if ($gateway['gateway'] == $cgw) {
|
|
2269
|
route_del("default", $inet);
|
|
2270
|
}
|
|
2271
|
}
|
|
2272
|
$gateway['disabled'] = true;
|
|
2273
|
}
|
|
2274
|
}
|
|
2275
|
}
|
|
2276
|
|
|
2277
|
function gateway_or_gwgroup_exists($name) {
|
|
2278
|
global $config;
|
|
2279
|
if (is_array($config['gateways']['gateway_item'])) {
|
|
2280
|
foreach($config['gateways']['gateway_item'] as $item) {
|
|
2281
|
if ($item['name'] == $name) {
|
|
2282
|
return true;
|
|
2283
|
}
|
|
2284
|
}
|
|
2285
|
}
|
|
2286
|
if (is_array($config['gateways']['gateway_group'])) {
|
|
2287
|
foreach($config['gateways']['gateway_group'] as $item) {
|
|
2288
|
if ($item['name'] == $name) {
|
|
2289
|
return true;
|
|
2290
|
}
|
|
2291
|
}
|
|
2292
|
}
|
|
2293
|
return false;
|
|
2294
|
}
|
|
2295
|
|
|
2296
|
// These two replacement functions avoid the need to call return_gateways_array() multiple times and
|
|
2297
|
// allow system_gateways.php to get everything it needs in a single function call
|
|
2298
|
function gateway_getgwtiername($gways, $idx) {
|
|
2299
|
global $config;
|
|
2300
|
|
|
2301
|
$result = "";
|
|
2302
|
$gwname = $gways[$idx]['name'];
|
|
2303
|
|
|
2304
|
$gw = get_gateway_or_group_by_name($gwname, $gways);
|
|
2305
|
|
|
2306
|
init_config_arr(array('gateways'));
|
|
2307
|
$gw4 = config_get_path('gateways/defaultgw4', "");
|
|
2308
|
$gw6 = config_get_path('gateways/defaultgw6', "");
|
|
2309
|
if ($gw4 == $gwname || $gw6 == $gwname) {
|
|
2310
|
$result = "Default";
|
|
2311
|
} else {
|
|
2312
|
if ($gw['ipprotocol'] == 'inet') {
|
|
2313
|
$defgw = get_gateway_or_group_by_name($gw4, $gways);
|
|
2314
|
} else {
|
|
2315
|
$defgw = get_gateway_or_group_by_name($gw6, $gways);
|
|
2316
|
}
|
|
2317
|
|
|
2318
|
if ($defgw['type'] == "gatewaygroup") {
|
|
2319
|
$detail = gateway_is_gwgroup_member($gwname, true);
|
|
2320
|
foreach($detail as $gwitem) {
|
|
2321
|
if ($gwitem['name'] == $defgw['name']) {
|
|
2322
|
if (isset($gwitem['tier'])) {
|
|
2323
|
$result = "Tier " . $gwitem['tier'];
|
|
2324
|
break;
|
|
2325
|
}
|
|
2326
|
}
|
|
2327
|
}
|
|
2328
|
}
|
|
2329
|
}
|
|
2330
|
|
|
2331
|
if (!empty($result)) {
|
|
2332
|
if ($gw['ipprotocol'] == "inet") {
|
|
2333
|
$result .= " (IPv4)";
|
|
2334
|
} elseif ($gw['ipprotocol'] == "inet6") {
|
|
2335
|
$result .= " (IPv6)";
|
|
2336
|
}
|
|
2337
|
}
|
|
2338
|
|
|
2339
|
return $result;
|
|
2340
|
}
|
|
2341
|
|
|
2342
|
function get_gateway_or_group_by_name($gwname, $gateways_arr) {
|
|
2343
|
global $config;
|
|
2344
|
|
|
2345
|
foreach ($gateways_arr as $gw) {
|
|
2346
|
if ($gw['name'] == $gwname) {
|
|
2347
|
$gw['type'] = 'gateway';
|
|
2348
|
return $gw;
|
|
2349
|
}
|
|
2350
|
}
|
|
2351
|
|
|
2352
|
init_config_arr(array('gateways', 'gateway_group'));
|
|
2353
|
foreach ($config['gateways']['gateway_group'] as $gwg) {
|
|
2354
|
if ($gwg['name'] == $gwname) {
|
|
2355
|
$gwg['type'] = 'gatewaygroup';
|
|
2356
|
return $gwg;
|
|
2357
|
}
|
|
2358
|
}
|
|
2359
|
|
|
2360
|
return false;
|
|
2361
|
}
|
|
2362
|
|
|
2363
|
// Compose a list of available gateways but without the need to call return_gateways_array() multiple times
|
|
2364
|
// Previously that function could be called eight times per gateway!
|
|
2365
|
function available_default_gateways() {
|
|
2366
|
global $config;
|
|
2367
|
|
|
2368
|
$gways = return_gateways_array(true, false, true, true);
|
|
2369
|
|
|
2370
|
$items4 = array();
|
|
2371
|
$items6 = array();
|
|
2372
|
$items4[''] = "Automatic";
|
|
2373
|
$items6[''] = "Automatic";
|
|
2374
|
foreach($gways as $gw) {
|
|
2375
|
$gwn = $gw['name'];
|
|
2376
|
if ($gw['ipprotocol'] == "inet6") {
|
|
2377
|
$items6[$gwn] = $gwn;
|
|
2378
|
} else {
|
|
2379
|
$items4[$gwn] = $gwn;
|
|
2380
|
}
|
|
2381
|
}
|
|
2382
|
|
|
2383
|
$groups = return_gateway_groups_array(false, $gways);
|
|
2384
|
foreach ($groups as $key => $group) {
|
|
2385
|
$gwn = $group['descr'];
|
|
2386
|
if ($group['ipprotocol'] == "inet6") {
|
|
2387
|
$items6[$key] = "$key ($gwn)";
|
|
2388
|
} else {
|
|
2389
|
$items4[$key] = "$key ($gwn)";
|
|
2390
|
}
|
|
2391
|
}
|
|
2392
|
$items4['-'] = "None";
|
|
2393
|
$items6['-'] = "None";
|
|
2394
|
|
|
2395
|
$defaults = array();
|
|
2396
|
$defaults['v4'] = $items4;
|
|
2397
|
$defaults['v6'] = $items6;
|
|
2398
|
$defaults['defaultgw4'] = config_get_path('gateways/defaultgw4', "");
|
|
2399
|
$defaults['defaultgw6'] = config_get_path('gateways/defaultgw6', "");
|
|
2400
|
|
|
2401
|
return $defaults;
|
|
2402
|
}
|
|
2403
|
|
|
2404
|
|
|
2405
|
?>
|