mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-20 11:26:13 +00:00
system: move sysctls to new place; add error reporting
This commit is contained in:
Franco Fichtner
parent
9379525ad0
commit
46da14a31c
@ -47,50 +47,6 @@ $g = array(
|
||||
"latest_config" => "11.2",
|
||||
);
|
||||
|
||||
|
||||
/* Default sysctls */
|
||||
$sysctls = array(
|
||||
"debug.pfftpproxy" => "0",
|
||||
"hw.syscons.kbd_reboot" => "0",
|
||||
"kern.ipc.maxsockbuf" => "4262144",
|
||||
"kern.randompid" => "347",
|
||||
"kern.random.sys.harvest.interrupt" => 0,
|
||||
"kern.random.sys.harvest.point_to_point" => 0,
|
||||
"kern.random.sys.harvest.ethernet" => 0,
|
||||
"kern.filedelay" => "5",
|
||||
"kern.dirdelay" => "4",
|
||||
"kern.metadelay" => "3",
|
||||
"net.inet.ip.portrange.first" => "1024",
|
||||
"net.inet.tcp.blackhole" => "2",
|
||||
"net.inet.udp.blackhole" => "1",
|
||||
"net.inet.ip.random_id" => "1",
|
||||
"net.inet.tcp.drop_synfin" => "1",
|
||||
"net.inet.ip.redirect" => "1",
|
||||
"net.inet6.ip6.redirect" => "1",
|
||||
"net.inet6.ip6.use_tempaddr" => "0",
|
||||
"net.inet6.ip6.prefer_tempaddr" => "0",
|
||||
"net.inet.tcp.syncookies" => "1",
|
||||
"net.inet.tcp.recvspace" => "65228",
|
||||
"net.inet.tcp.sendspace" => "65228",
|
||||
"net.inet.ip.fastforwarding" => "0",
|
||||
"net.inet.tcp.delayed_ack" => "0",
|
||||
"net.inet.udp.maxdgram" => "57344",
|
||||
"net.link.bridge.pfil_onlyip" => "0",
|
||||
"net.link.bridge.pfil_member" => "1",
|
||||
"net.link.bridge.pfil_bridge" => "0",
|
||||
"net.link.tap.user_open" => "1",
|
||||
"net.inet.ip.intr_queue_maxlen" => "1000",
|
||||
"net.inet.tcp.log_debug" => "0",
|
||||
"net.inet.tcp.tso" => "1",
|
||||
"net.inet.icmp.icmplim" => "0",
|
||||
"net.inet.ip.process_options" => 0,
|
||||
"net.route.netisr_maxqlen" => 1024,
|
||||
"net.inet.udp.checksum" => 1,
|
||||
"net.bpf.zerocopy_enable" => 1,
|
||||
"net.inet.icmp.reply_from_interface" => 1,
|
||||
"vfs.read_max" => "32",
|
||||
);
|
||||
|
||||
function is_install_media()
|
||||
{
|
||||
/*
|
||||
|
||||
@ -51,11 +51,55 @@ function activate_powerd()
|
||||
}
|
||||
}
|
||||
|
||||
function get_default_sysctl_value($id) {
|
||||
global $sysctls;
|
||||
function get_default_sysctl_value($id)
|
||||
{
|
||||
$sysctls = array(
|
||||
"debug.pfftpproxy" => "0",
|
||||
"hw.syscons.kbd_reboot" => "0",
|
||||
"kern.ipc.maxsockbuf" => "4262144",
|
||||
"kern.randompid" => "347",
|
||||
"kern.random.sys.harvest.interrupt" => 0,
|
||||
"kern.random.sys.harvest.point_to_point" => 0,
|
||||
"kern.random.sys.harvest.ethernet" => 0,
|
||||
"kern.filedelay" => "5",
|
||||
"kern.dirdelay" => "4",
|
||||
"kern.metadelay" => "3",
|
||||
"net.bpf.zerocopy_enable" => 1,
|
||||
"net.inet.ip.portrange.first" => "1024",
|
||||
"net.inet.tcp.blackhole" => "2",
|
||||
"net.inet.udp.blackhole" => "1",
|
||||
"net.inet.ip.random_id" => "1",
|
||||
"net.inet.tcp.drop_synfin" => "1",
|
||||
"net.inet.ip.redirect" => "1",
|
||||
"net.inet6.ip6.redirect" => "1",
|
||||
"net.inet6.ip6.use_tempaddr" => "0",
|
||||
"net.inet6.ip6.prefer_tempaddr" => "0",
|
||||
"net.inet.tcp.syncookies" => "1",
|
||||
"net.inet.tcp.recvspace" => "65228",
|
||||
"net.inet.tcp.sendspace" => "65228",
|
||||
"net.inet.ip.fastforwarding" => "0",
|
||||
"net.inet.tcp.delayed_ack" => "0",
|
||||
"net.inet.udp.maxdgram" => "57344",
|
||||
"net.inet.ip.intr_queue_maxlen" => "1000",
|
||||
"net.inet.tcp.log_debug" => "0",
|
||||
"net.inet.tcp.tso" => "1",
|
||||
"net.inet.icmp.icmplim" => "0",
|
||||
"net.inet.ip.process_options" => 0,
|
||||
"net.inet.udp.checksum" => 1,
|
||||
"net.link.bridge.pfil_onlyip" => "0",
|
||||
"net.link.bridge.pfil_member" => "1",
|
||||
"net.link.bridge.pfil_bridge" => "0",
|
||||
"net.link.tap.user_open" => "1",
|
||||
"net.route.netisr_maxqlen" => 1024,
|
||||
"net.inet.icmp.reply_from_interface" => 1,
|
||||
"vfs.read_max" => "32",
|
||||
);
|
||||
|
||||
if (isset($sysctls[$id]))
|
||||
if (isset($sysctls[$id])) {
|
||||
return $sysctls[$id];
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
function activate_sysctls()
|
||||
@ -63,20 +107,25 @@ function activate_sysctls()
|
||||
global $config;
|
||||
|
||||
$sysctls = array(
|
||||
"net.enc.in.ipsec_bpf_mask" => "0x0002",
|
||||
"net.enc.in.ipsec_filter_mask" => "0x0002",
|
||||
"net.enc.out.ipsec_bpf_mask" => "0x0001",
|
||||
"net.enc.out.ipsec_filter_mask" => "0x0001",
|
||||
"net.enc.in.ipsec_bpf_mask" => "0x0002",
|
||||
"net.enc.in.ipsec_filter_mask" => "0x0002"
|
||||
);
|
||||
|
||||
if(is_array($config['sysctl'])) {
|
||||
if (isset($config['sysctl']['item'])) {
|
||||
foreach($config['sysctl']['item'] as $tunable) {
|
||||
if($tunable['value'] == "default")
|
||||
if ($tunable['value'] == 'default') {
|
||||
$value = get_default_sysctl_value($tunable['tunable']);
|
||||
else
|
||||
} else {
|
||||
$value = $tunable['value'];
|
||||
}
|
||||
|
||||
$sysctls[$tunable['tunable']] = $value;
|
||||
if ($value !== null) {
|
||||
$sysctls[$tunable['tunable']] = $value;
|
||||
} else {
|
||||
log_error(sprintf(gettext('ignoring sysctl `%s\' due to empty value'), $tunable['tunable']));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user