/src/etc/inc/globals.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/etc/inc/globals.inc @ f37dd1a9

1	5b237745	Scott Ullrich	<?php
2	ac24dc24	Renato Botelho	/*
3			* globals.inc
4	2af1b0c7	Stephen Beaver	*
5	ac24dc24	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	b8f91b7c	Luiz Souza	* Copyright (c) 2004-2018 Rubicon Communications, LLC (Netgate)
7	ac24dc24	Renato Botelho	* All rights reserved.
8	2af1b0c7	Stephen Beaver	*
9	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
10			* you may not use this file except in compliance with the License.
11			* You may obtain a copy of the License at
12	2af1b0c7	Stephen Beaver	*
13	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
14	2af1b0c7	Stephen Beaver	*
15	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
16			* distributed under the License is distributed on an "AS IS" BASIS,
17			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18			* See the License for the specific language governing permissions and
19			* limitations under the License.
20	2af1b0c7	Stephen Beaver	*/
21	9ba87997	Phil Davis
22	43c83997	Phil Davis	// Global defines
23	523855b0	Scott Ullrich
24	43c83997	Phil Davis	// Automatic panel collapse
25	820562e8	NewEraCracker	define('COLLAPSIBLE', 0x08);
26			define('SEC_CLOSED', 0x04);
27			define('SEC_OPEN', 0x00);
28	5b237745	Scott Ullrich
29	77a8a7d6	Steve Beaver	// IP address types
30	ca86de04	Steve Beaver	define("IPV4", 4);
31			define("IPV6", 6);
32			define("IPV4V6", 2);
33			define("ALIAS", 1);
34	77a8a7d6	Steve Beaver
35	0793de1a	Luiz Souza	// Interface Name Size
36			define("IF_NAMESIZE", 15); /* 16 minus the terminating NULL */
37
38	5ea90990	Stephen Beaver	// AddPassword method defines
39	820562e8	NewEraCracker	define('DMYPWD', "********");
40	5ea90990	Stephen Beaver
41	8346b5c4	jim-p	global $g;
42	5b237745	Scott Ullrich	$g = array(
43	0ae6daf8	Ermal	"event_address" => "unix:///var/run/check_reload_status",
44	4b96b367	mgrooms	"factory_shipped_username" => "admin",
45	46974905	Chris Buechler	"factory_shipped_password" => "pfsense",
46	1ef7b568	Scott Ullrich	"upload_path" => "/root",
47	e9e7d501	Matthew Grooms	"dhcpd_chroot_path" => "/var/dhcpd",
48	6671b7cd	Warren Baker	"unbound_chroot_path" => "/var/unbound",
49	563771b1	Renato Botelho	"var_path" => "/var",
50	e9e7d501	Matthew Grooms	"varrun_path" => "/var/run",
51			"varetc_path" => "/var/etc",
52			"vardb_path" => "/var/db",
53			"varlog_path" => "/var/log",
54			"etc_path" => "/etc",
55			"tmp_path" => "/tmp",
56	8d80a771	stilez	"tmp_path_user_code" => "/tmp/user_code",
57	e9e7d501	Matthew Grooms	"conf_path" => "/conf",
58			"conf_default_path" => "/conf.default",
59			"cf_path" => "/cf",
60			"cf_conf_path" => "/cf/conf",
61			"www_path" => "/usr/local/www",
62			"xml_rootobj" => "pfsense",
63			"admin_group" => "admins",
64	36d0358b	Scott Ullrich	"product_name" => "pfSense",
65	70497688	Renato Botelho	"product_version" => trim(file_get_contents("/etc/version"), " \n"),
66	81299b5c	Renato Botelho	"product_copyright" => "Rubicon Communications, LLC (Netgate)",
67	2d724ce2	Jared Dillard	"product_copyright_url" => "https://pfsense.org/license",
68	2bb93345	Tuyan Ozipek	"product_copyright_years" => "2004 - ".date("Y"),
69	73113ce9	Ermal Luci	"product_website" => "www.pfsense.org",
70	1180e4f0	Sjon Hortensius	"product_website_footer" => "https://www.pfsense.org/?gui=bootstrap",
71	c57e9f90	Chris Buechler	"product_email" => "coreteam@pfsense.org",
72	3b29612f	Chris Buechler	"disablehelpmenu" => false,
73	28181237	Renato Botelho	"disablehelpicon" => false,
74	36365f49	Scott Ullrich	"disablecrashreporter" => false,
75	f3109fac	Chris Buechler	"crashreporterurl" => "https://crashreporter.pfsense.org/crash_reporter.php",
76	e9e7d501	Matthew Grooms	"debug" => false,
77	e311cb79	PiBa-NL	"latest_config" => "18.4",
78	67b0ed57	Chris Buechler	"minimum_ram_warning" => "101",
79	9f274393	Chris Buechler	"minimum_ram_warning_text" => "128 MB",
80	1180e4f0	Sjon Hortensius	"wan_interface_name" => "wan",
81	e9e7d501	Matthew Grooms	"captiveportal_path" => "/usr/local/captiveportal",
82			"captiveportal_element_path" => "/var/db/cpelements",
83	c2d0699f	Scott Ullrich	"captiveportal_element_sizelimit" => 1048576,
84	517b893e	Renato Botelho	"captiveportal_rules_interval" => 50,
85	e3a13b00	Scott Ullrich	"services_dhcp_server_enable" => true,
86	ac516731	Renato Botelho	"wireless_regex" => "/^(ath\|bwi\|bwn\|ipw\|iwi\|iwm\|iwn\|malo\|mwl\|ral\|rsu\|rum\|run\|uath\|upgt\|ural\|urtw\|urtwn\|wi\|wpi\|wtap\|zyd)[0-9]+/",
87	0bd239d9	Renato Botelho	"help_base_url" => "/help.php",
88	60ff91f1	Renato Botelho	"pkg_prefix" => "pfSense-pkg-",
89	ceecd29b	Renato Botelho	"default_timezone" => "Etc/UTC",
90	0c2dffb0	Renato Botelho	"language" => "en_US",
91	2d113b12	Renato Botelho	"default_config_backup_count" => 30,
92	b395c4f2	Renato Botelho	"minimumtableentries_bogonsv6" => 400000,
93	aa6184b6	Renato Botelho	"alternativemetaports" => array("vmware", "php72")
94	5b237745	Scott Ullrich	);
95
96	a03e3c1f	Bill Marquette	/* IP TOS flags */
97	ec6adc21	Bill Marquette	$iptos = array("lowdelay", "throughput", "reliability");
98	a03e3c1f	Bill Marquette
99			/* TCP flags */
100	79cc9e6b	bcyrill	$tcpflags = array("syn", "ack", "fin", "rst", "psh", "urg", "ece", "cwr");
101	a03e3c1f	Bill Marquette
102	5a0235ca	Renato Botelho	if (file_exists("/etc/version.patch")) {
103			$g["product_version_patch"] = trim(file_get_contents("/etc/version.patch"), " \n");
104			} else {
105			$g["product_version_patch"] = "0";
106			}
107
108			$g['product_version_string'] = $g['product_version'];
109			if (is_numeric($g["product_version_patch"]) && $g["product_version_patch"] != "0") {
110			$g['product_version_string'] .= "-p{$g['product_version_patch']}";
111			}
112
113	dc61252a	Renato Botelho	/* XXX: Backward compatible */
114			$g['platform'] = $g['product_name'];
115	b24a7390	Scott Ullrich
116	630326d4	Renato Botelho	if (file_exists("{$g['etc_path']}/default-config-flavor")) {
117			$flavor_array = file("{$g['etc_path']}/default-config-flavor");
118			$g['default-config-flavor'] = chop($flavor_array[0]);
119			} else {
120			$g['default-config-flavor'] = '';
121			}
122
123	3a35f55f	Scott Ullrich	/* Default sysctls */
124	1180e4f0	Sjon Hortensius	$sysctls = array("net.inet.ip.portrange.first" => "1024",
125			"net.inet.tcp.blackhole" => "2",
126			"net.inet.udp.blackhole" => "1",
127			"net.inet.ip.random_id" => "1",
128			"net.inet.tcp.drop_synfin" => "1",
129			"net.inet.ip.redirect" => "1",
130			"net.inet6.ip6.redirect" => "1",
131	20a3b436	Renato Botelho	"net.inet6.ip6.use_tempaddr" => "0",
132			"net.inet6.ip6.prefer_tempaddr" => "0",
133	1180e4f0	Sjon Hortensius	"net.inet.tcp.syncookies" => "1",
134			"net.inet.tcp.recvspace" => "65228",
135			"net.inet.tcp.sendspace" => "65228",
136			"net.inet.tcp.delayed_ack" => "0",
137			"net.inet.udp.maxdgram" => "57344",
138			"net.link.bridge.pfil_onlyip" => "0",
139			"net.link.bridge.pfil_member" => "1",
140			"net.link.bridge.pfil_bridge" => "0",
141			"net.link.tap.user_open" => "1",
142	c2a14eec	Luiz Souza	"net.link.vlan.mtag_pcp" => "1",
143	1180e4f0	Sjon Hortensius	"kern.randompid" => "347",
144			"net.inet.ip.intr_queue_maxlen" => "1000",
145			"hw.syscons.kbd_reboot" => "0",
146			"net.inet.tcp.log_debug" => "0",
147			"net.inet.tcp.tso" => "1",
148	feae85bc	Scott Ullrich	"net.inet.icmp.icmplim" => "0",
149	abe7607f	Scott Ullrich	"vfs.read_max" => "32",
150	2b7ca9b2	Ermal	"kern.ipc.maxsockbuf" => "4262144",
151	c06240db	Ermal	"net.inet.ip.process_options" => 0,
152	c3938c16	Luiz Souza	"kern.random.harvest.mask" => "351",
153	7d8b75ab	Ermal	"net.route.netisr_maxqlen" => 1024,
154	a3a1b24e	Ermal	"net.inet.udp.checksum" => 1,
155	2f5488df	Ermal	"net.inet.icmp.reply_from_interface" => 1,
156	ec5753e7	Ermal LUÇI	"net.inet6.ip6.rfc6204w3" => 1,
157	c46f9695	Ermal	"net.enc.out.ipsec_bpf_mask" => "0x0001",
158			"net.enc.out.ipsec_filter_mask" => "0x0001",
159	8e068605	Chris Buechler	"net.enc.in.ipsec_bpf_mask" => "0x0002",
160			"net.enc.in.ipsec_filter_mask" => "0x0002",
161	62dc93d1	Chris Buechler	"net.key.preferred_oldsa" => "0",
162	1dbe220c	jim-p	"net.inet.carp.senderr_demotion_factor" => 0, /* Do not demote CARP for interface send errors */
163	c81678f4	Chris Buechler	"net.pfsync.carp_demotion_factor" => 0, /* Do not demote CARP for pfsync errors */
164			"net.raw.recvspace" => 65536,
165	48a8235e	Chris Buechler	"net.raw.sendspace" => 65536,
166			"net.inet.raw.recvspace" => 131072,
167	a08208f8	jim-p	"net.inet.raw.maxdgram" => 131072,
168			"kern.corefile" => "/root/%N.core" /* Write all core files to /root/ so they do not consume space on other slices */
169	feae85bc	Scott Ullrich	);
170	3a35f55f	Scott Ullrich
171	8346b5c4	jim-p	/* Include override values for the above if needed. If the file doesn't exist, don't try to load it. */
172	9ba87997	Phil Davis	if (file_exists("/etc/inc/globals_override.inc")) {
173	86573bb9	Phil Davis	@include_once("globals_override.inc");
174	9ba87997	Phil Davis	}
175	8346b5c4	jim-p
176	ae04affe	Renato Botelho	/* Read all XML files in following dir and load menu entries */
177			$g["ext_menu_path"] = "/usr/local/share/{$g['product_name']}/menu";
178
179	e8f8aeb6	Renato Botelho	/* Cache file used to store pfSense version */
180			$g["version_cache_file"] = "{$g['varrun_path']}/{$g['product_name']}_version";
181	e0e922da	Renato Botelho	$g['version_cache_refresh'] = 2 * 60 * 60; /* 2h */
182	e8f8aeb6	Renato Botelho
183	16d6c1df	Renato Botelho	function platform_booting($on_console = false) {
184	285ef132	Ermal LUÇI	global $g;
185
186	9ba87997	Phil Davis	if ($g['booting'] \|\| file_exists("{$g['varrun_path']}/booting")) {
187			if ($on_console == false \|\| php_sapi_name() != 'fpm-fcgi') {
188	16d6c1df	Renato Botelho	return true;
189	9ba87997	Phil Davis	}
190			}
191	285ef132	Ermal LUÇI
192			return false;
193			}
194	b8d09280	Ermal LUÇI
195	9ba87997	Phil Davis	if (file_exists("{$g['cf_conf_path']}/enableserial_force")) {
196	719db60e	Ermal LUÇI	$g['enableserial_force'] = true;
197	9ba87997	Phil Davis	}
198	719db60e	Ermal LUÇI
199	1883455a	Ermal	$config_parsed = false;
200	9734b054	Scott Ullrich
201	39d2f39d	NOYB	/* Factory default check IP service. */
202			$factory_default_checkipservice = array(
203			"enable" => true,
204			"name" => 'Default',
205			"url" => 'http://checkip.dyndns.org',
206			// "username" => '',
207			// "password" => '',
208			// "verifysslpeer" => true,
209			"descr" => 'Default Check IP Service'
210			);
211
212	456ba14f	Sam Neely	$dyndns_split_domain_types = array("namecheap", "cloudflare", "cloudflare-v6", "gratisdns", "cloudns", "godaddy", "godaddy-v6");
213	b20cfb55	jim-p
214			/* pf tokens from FreeBSD source sbin/pfctl/parse.y (plus our custom entries at the end)*/
215			global $pf_reserved_keywords;
216			$pf_reserved_keywords = array(
217			"pass", "block", "scrub", "return", "in", "os", "out", "log", "quick", "on", "from", "to", "flags", "returnrst",
218			"returnicmp", "returnicmp6", "proto", "inet", "inet6", "all", "any", "icmptype", "icmp6type", "code", "keep",
219			"modulate", "state", "port", "rdr", "nat", "binat", "arrow", "nodf", "minttl", "error", "allowopts", "fastroute",
220			"filename", "routeto", "dupto", "replyto", "no", "label", "noroute", "urpffailed", "fragment", "user", "group",
221			"maxmss", "maximum", "ttl", "tos", "drop", "table", "reassemble", "fragdrop", "fragcrop", "anchor", "natanchor",
222			"rdranchor", "binatanchor", "set", "optimization", "timeout", "limit", "loginterface", "blockpolicy", "randomid",
223			"requireorder", "synproxy", "fingerprints", "nosync", "debug", "skip", "hostid", "antispoof", "for", "include",
224			"bitmask", "random", "sourcehash", "roundrobin", "staticport", "probability", "altq", "cbq", "codel", "priq",
225			"hfsc", "fairq", "bandwidth", "tbrsize", "linkshare", "realtime", "upperlimit", "queue", "priority", "qlimit",
226			"hogs", "buckets", "rtable", "target", "interval", "load", "ruleset_optimization", "prio", "stickyaddress",
227			"maxsrcstates", "maxsrcnodes", "sourcetrack", "global", "rule", "maxsrcconn", "maxsrcconnrate", "overload",
228			"flush", "sloppy", "tagged", "tag", "ifbound", "floating", "statepolicy", "statedefaults", "route", "settos",
229			"divertto", "divertreply", "max", "min", "pptp", "pppoe", "L2TP", "OpenVPN", "IPsec");
230	2b7ca9b2	Ermal	?>

Project

General

Profile

pfSense