From 46da14a31cce9298e4a586e2050ebda8c98fcc55 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Thu, 13 Aug 2015 16:48:42 +0200
Subject: [PATCH] system: move sysctls to new place; add error reporting

---
 src/etc/inc/globals.inc | 44 ---------------------------
 src/etc/inc/system.inc  | 67 +++++++++++++++++++++++++++++++++++------
 2 files changed, 58 insertions(+), 53 deletions(-)

diff --git a/src/etc/inc/globals.inc b/src/etc/inc/globals.inc
index eec904c9e..3b7af8930 100644
--- a/src/etc/inc/globals.inc
+++ b/src/etc/inc/globals.inc
@@ -47,50 +47,6 @@ $g = array(
 	"latest_config" => "11.2",
 );
 
-
-/* Default sysctls */
-$sysctls = array(
-	"debug.pfftpproxy" => "0",
-	"hw.syscons.kbd_reboot" => "0",
-	"kern.ipc.maxsockbuf" => "4262144",
-	"kern.randompid" => "347",
-	"kern.random.sys.harvest.interrupt" => 0,
-	"kern.random.sys.harvest.point_to_point" => 0,
-	"kern.random.sys.harvest.ethernet" => 0,
-	"kern.filedelay" => "5",
-	"kern.dirdelay" => "4",
-	"kern.metadelay" => "3",
-	"net.inet.ip.portrange.first" => "1024",
-	"net.inet.tcp.blackhole" => "2",
-	"net.inet.udp.blackhole" => "1",
-	"net.inet.ip.random_id" => "1",
-	"net.inet.tcp.drop_synfin" => "1",
-	"net.inet.ip.redirect" => "1",
-	"net.inet6.ip6.redirect" => "1",
-	"net.inet6.ip6.use_tempaddr" => "0",
-	"net.inet6.ip6.prefer_tempaddr" => "0",
-	"net.inet.tcp.syncookies" => "1",
-	"net.inet.tcp.recvspace" => "65228",
-	"net.inet.tcp.sendspace" => "65228",
-	"net.inet.ip.fastforwarding" => "0",
-	"net.inet.tcp.delayed_ack" => "0",
-	"net.inet.udp.maxdgram" => "57344",
-	"net.link.bridge.pfil_onlyip" => "0",
-	"net.link.bridge.pfil_member" => "1",
-	"net.link.bridge.pfil_bridge" => "0",
-	"net.link.tap.user_open" => "1",
-	"net.inet.ip.intr_queue_maxlen" => "1000",
-	"net.inet.tcp.log_debug" => "0",
-	"net.inet.tcp.tso" => "1",
-	"net.inet.icmp.icmplim" => "0",
-	"net.inet.ip.process_options" => 0,
-	"net.route.netisr_maxqlen" => 1024,
-	"net.inet.udp.checksum" => 1,
-	"net.bpf.zerocopy_enable" => 1,
-	"net.inet.icmp.reply_from_interface" => 1,
-	"vfs.read_max" => "32",
-);
-
 function is_install_media()
 {
 	/*
diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
index ebdc338ff..650399d86 100644
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -51,11 +51,55 @@ function activate_powerd()
 	}
 }
 
-function get_default_sysctl_value($id) {
-	global $sysctls;
+function get_default_sysctl_value($id)
+{
+	$sysctls = array(
+		"debug.pfftpproxy" => "0",
+		"hw.syscons.kbd_reboot" => "0",
+		"kern.ipc.maxsockbuf" => "4262144",
+		"kern.randompid" => "347",
+		"kern.random.sys.harvest.interrupt" => 0,
+		"kern.random.sys.harvest.point_to_point" => 0,
+		"kern.random.sys.harvest.ethernet" => 0,
+		"kern.filedelay" => "5",
+		"kern.dirdelay" => "4",
+		"kern.metadelay" => "3",
+		"net.bpf.zerocopy_enable" => 1,
+		"net.inet.ip.portrange.first" => "1024",
+		"net.inet.tcp.blackhole" => "2",
+		"net.inet.udp.blackhole" => "1",
+		"net.inet.ip.random_id" => "1",
+		"net.inet.tcp.drop_synfin" => "1",
+		"net.inet.ip.redirect" => "1",
+		"net.inet6.ip6.redirect" => "1",
+		"net.inet6.ip6.use_tempaddr" => "0",
+		"net.inet6.ip6.prefer_tempaddr" => "0",
+		"net.inet.tcp.syncookies" => "1",
+		"net.inet.tcp.recvspace" => "65228",
+		"net.inet.tcp.sendspace" => "65228",
+		"net.inet.ip.fastforwarding" => "0",
+		"net.inet.tcp.delayed_ack" => "0",
+		"net.inet.udp.maxdgram" => "57344",
+		"net.inet.ip.intr_queue_maxlen" => "1000",
+		"net.inet.tcp.log_debug" => "0",
+		"net.inet.tcp.tso" => "1",
+		"net.inet.icmp.icmplim" => "0",
+		"net.inet.ip.process_options" => 0,
+		"net.inet.udp.checksum" => 1,
+		"net.link.bridge.pfil_onlyip" => "0",
+		"net.link.bridge.pfil_member" => "1",
+		"net.link.bridge.pfil_bridge" => "0",
+		"net.link.tap.user_open" => "1",
+		"net.route.netisr_maxqlen" => 1024,
+		"net.inet.icmp.reply_from_interface" => 1,
+		"vfs.read_max" => "32",
+	);
 
-	if (isset($sysctls[$id]))
+	if (isset($sysctls[$id])) {
 		return $sysctls[$id];
+	}
+
+	return null;
 }
 
 function activate_sysctls()
@@ -63,20 +107,25 @@ function activate_sysctls()
 	global $config;
 
 	$sysctls = array(
+		"net.enc.in.ipsec_bpf_mask" => "0x0002",
+		"net.enc.in.ipsec_filter_mask" => "0x0002",
 		"net.enc.out.ipsec_bpf_mask" => "0x0001",
 		"net.enc.out.ipsec_filter_mask" => "0x0001",
-		"net.enc.in.ipsec_bpf_mask" => "0x0002",
-		"net.enc.in.ipsec_filter_mask" => "0x0002"
 	);
 
-	if(is_array($config['sysctl'])) {
+	if (isset($config['sysctl']['item'])) {
 		foreach($config['sysctl']['item'] as $tunable) {
-			if($tunable['value'] == "default")
+			if ($tunable['value'] == 'default') {
 				$value = get_default_sysctl_value($tunable['tunable']);
-			else
+			} else {
 				$value = $tunable['value'];
+			}
 
-			$sysctls[$tunable['tunable']] = $value;
+			if ($value !== null) {
+				$sysctls[$tunable['tunable']] = $value;
+			} else {
+				log_error(sprintf(gettext('ignoring sysctl `%s\' due to empty value'), $tunable['tunable']));
+			}
 		}
 	}