inc: start to replace the infamous pfSense PHP module

Most of the stuff it does can be hand-rolled using ifconfig(8).
Since these operations are sparse and well-defined, there's no
harm in doing them.  The added benefit is a quantum leap in
transparency and traceability as well as using a script-based
language to do string manipulation for the command line as
opposed to C-style API fiddling (meaning: it's easier).

src/etc/inc/interfaces.inc

@@ -29,7 +29,7 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
-/* include all configuration functions */
+require_once("interfaces.lib.inc");
 require_once("globals.inc");
 require_once("util.inc");
 require_once("gwlb.inc");
@@ -289,8 +289,8 @@ function interface_vlan_configure(&$vlan) {
 	if (!empty($vlanif) && does_interface_exist($vlanif)) {
 		interface_bring_down($vlanif, true);
 	} else {
-		$tmpvlanif = pfSense_interface_create("vlan");
-		pfSense_interface_rename($tmpvlanif, $vlanif);
+		$tmpvlanif = legacy_interface_create('vlan');
+		legacy_interface_rename($tmpvlanif, $vlanif);
 		pfSense_ngctl_name("{$tmpvlanif}:", $vlanif);
 	}
 
@@ -571,11 +571,11 @@ function interface_bridge_configure(&$bridge, $checkmember = 0) {
 		$flags_on |= IFCAP_LRO;
 
 	if (file_exists("/var/run/booting") || !empty($bridge['bridgeif'])) {
-		pfSense_interface_destroy($bridge['bridgeif']);
-		pfSense_interface_create($bridge['bridgeif']);
-		$bridgeif = escapeshellarg($bridge['bridgeif']);
+		legacy_interface_destroy($bridge['bridgeif']);
+		legacy_interface_create($bridge['bridgeif']);
+		$bridgeif = $bridge['bridgeif'];
 	} else {
-		$bridgeif = pfSense_interface_create("bridge");
+		$bridgeif = legacy_interface_create('bridge');
 		$bridge['bridgeif'] = $bridgeif;
 	}
 
@@ -766,22 +766,25 @@ function interfaces_lagg_configure($realif = "") {
 		echo gettext("done.") . "\n";
 }
 
-function interface_lagg_configure(&$lagg) {
+function interface_lagg_configure(&$lagg)
+{
 	global $config;
 
-	if (!is_array($lagg))
+	if (!is_array($lagg)) {
 		return -1;
+	}
 
 	$members = explode(',', $lagg['members']);
 	if (!count($members))
 		return -1;
 
 	if (file_exists("/var/run/booting") || !(empty($lagg['laggif']))) {
-		pfSense_interface_destroy($lagg['laggif']);
-		pfSense_interface_create($lagg['laggif']);
+		legacy_interface_destroy($lagg['laggif']);
+		legacy_interface_create($lagg['laggif']);
 		$laggif = $lagg['laggif'];
-	} else
-		$laggif = pfSense_interface_create("lagg");
+	} else {
+		$laggif = legacy_interface_create('lagg');
+	}
 
 	/* Calculate smaller mtu and enforce it */
 	$smallermtu = 0;
@@ -893,11 +896,12 @@ function interface_gre_configure(&$gre, $grekey = "") {
 	interfaces_bring_up($realif);
 
 	if (file_exists("/var/run/booting") || !(empty($gre['greif']))) {
-		pfSense_interface_destroy($gre['greif']);
-		pfSense_interface_create($gre['greif']);
+		legacy_interface_destroy($gre['greif']);
+		legacy_interface_create($gre['greif']);
 		$greif = $gre['greif'];
-	} else
-		$greif = pfSense_interface_create("gre");
+	} else {
+		$greif = legacy_interface_create('gre');
+	}
 
 	/* Do not change the order here for more see gre(4) NOTES section. */
 	mwexec("/sbin/ifconfig {$greif} tunnel {$realifip} " . escapeshellarg($gre['remote-addr']));
@@ -992,11 +996,12 @@ function interface_gif_configure(&$gif, $gifkey = "") {
 		log_error(gettext("could not bring realif up -- variable not defined -- interface_gif_configure()"));
 
 	if (file_exists("/var/run/booting") || !(empty($gif['gifif']))) {
-		pfSense_interface_destroy($gif['gifif']);
-		pfSense_interface_create($gif['gifif']);
+		legacy_interface_destroy($gif['gifif']);
+		legacy_interface_create($gif['gifif']);
 		$gifif = $gif['gifif'];
-	} else
-		$gifif = pfSense_interface_create("gif");
+	} else {
+		$gifif = legacy_interface_create('gif');
+	}
 
 	/* Do not change the order here for more see gif(4) NOTES section. */
 	mwexec("/sbin/ifconfig {$gifif} tunnel {$realifip} " . escapeshellarg($gif['remote-addr']));
@@ -1382,8 +1387,9 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg =
 	}
 
 	if ($destroy == true) {
-		if (preg_match("/^[a-z0-9]+^tun|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_stf$/i", $realif))
-			pfSense_interface_destroy($realif);
+		if (preg_match("/^[a-z0-9]+^tun|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_stf$/i", $realif)) {
+			legacy_interface_destroy($realif);
+		}
 	}
 
 	return;
@@ -2267,10 +2273,11 @@ function interface_wireless_clone($realif, $wlcfg)
 		$needs_clone = true;
 	}
 
-	if($needs_clone == true) {
+	if ($needs_clone == true) {
 		/* remove previous instance if it exists */
-		if(does_interface_exist($realif))
-			pfSense_interface_destroy($realif);
+		if (does_interface_exist($realif)) {
+			legacy_interface_destroy($realif);
+		}
 
 		log_error(sprintf(gettext("Cloning new wireless interface %s"), $realif));
 		// Create the new wlan interface. FreeBSD returns the new interface name.
@@ -2282,7 +2289,7 @@ function interface_wireless_clone($realif, $wlcfg)
 		}
 		$newif = trim($out[0]);
 		// Rename the interface to {$parentnic}_wlan{$number}#: EX: ath0_wlan0
-		pfSense_interface_rename($newif, $realif);
+		legacy_interface_rename($newif, $realif);
 		// FIXME: not sure what ngctl is for. Doesn't work.
 		// mwexec("/usr/sbin/ngctl name {$newif}: {$realif}", false);
 		file_put_contents("/tmp/{$realif}_oldmac", get_interface_mac($realif));
@@ -3418,13 +3425,15 @@ function interface_6rd_configure($interface = "wan", $wancfg)
 	$rd6brgw = "{$rd6prefix}{$wancfg['gateway-6rd']}";
 
 	/* XXX: need to extend to support variable prefix size for v4 */
-	if (!is_module_loaded("if_stf"))
-		mwexec("/sbin/kldload if_stf.ko");
+	if (!is_module_loaded('if_stf')) {
+		mwexec('/sbin/kldload if_stf.ko');
+	}
 	$stfiface = "{$interface}_stf";
-	if (does_interface_exist($stfiface))
-		pfSense_interface_destroy($stfiface);
-	$tmpstfiface = pfSense_interface_create("stf");
-	pfSense_interface_rename($tmpstfiface, $stfiface);
+	if (does_interface_exist($stfiface)) {
+		legacy_interface_destroy($stfiface);
+	}
+	$tmpstfiface = legacy_interface_create('stf');
+	legacy_interface_rename($tmpstfiface, $stfiface);
 	pfSense_interface_flags($stfiface, IFF_LINK2);
 	if ($wancfg['prefix-6rd-v4plen'] > 0)
 		$rd6prefixlen += intval($wancfg['prefix-6rd-v4plen']);
@@ -3521,13 +3530,15 @@ function interface_6to4_configure($interface = 'wan', $wancfg)
 	$stflan = Net_IPv6::compress(implode(":", $stflanarr));
 
 	/* setup the stf interface */
-	if (!is_module_loaded("if_stf"))
+	if (!is_module_loaded("if_stf")) {
 		mwexec("/sbin/kldload if_stf.ko");
+	}
 	$stfiface = "{$interface}_stf";
-	if (does_interface_exist($stfiface))
-		pfSense_interface_destroy($stfiface);
-	$tmpstfiface = pfSense_interface_create("stf");
-	pfSense_interface_rename($tmpstfiface, $stfiface);
+	if (does_interface_exist($stfiface)) {
+		legacy_interface_destroy($stfiface);
+	}
+	$tmpstfiface = legacy_interface_create('stf');
+	legacy_interface_rename($tmpstfiface, $stfiface);
 	pfSense_interface_flags($stfiface, IFF_LINK2);
 	mwexec("/sbin/ifconfig {$stfiface} inet6 {$stflanpr} prefixlen 16");
 

src/etc/inc/interfaces.lib.inc

@@ -0,0 +1,65 @@
+<?php
+
+/*
+	Copyright (c) 2015 Franco Fichtner <franco@opnsense.org>
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+function legacy_interface_create($ifs)
+{
+	$cmd = '/sbin/ifconfig ' . escapeshellarg($ifs) . ' create 2>&1';
+	$new = null;
+
+	exec($cmd . ' 2>&1', $out, $ret);
+	if ($ret) {
+		log_error('The command `' . $cmd . '\' failed to execute');
+		return ($new);
+	}
+
+	if (isset($out[0])) {
+		$new = $out[0];
+	}
+
+	return ($new);
+}
+
+function legacy_interface_destroy($ifs)
+{
+	$cmd = '/sbin/ifconfig ' . escapeshellarg($ifs) . ' destroy 2>&1';
+
+	exec($cmd . ' 2>&1', $out, $ret);
+	if ($ret) {
+		log_error('The command `' . $cmd . '\' failed to execute');
+	}
+}
+
+function legacy_interface_rename($ifs, $name)
+{
+	$cmd = '/sbin/ifconfig ' . $ifs . ' name ' . $name;
+
+	exec($cmd . ' 2>&1', $out, $ret);
+	if ($ret) {
+		log_error('The command `' . $cmd . '\' failed to execute');
+	}
+}

src/www/interfaces_vlan.php

@@ -1,4 +1,5 @@
 <?php
+
 /*
 	Copyright (C) 2014-2015 Deciso B.V.
 	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
@@ -28,8 +29,13 @@
 
 require_once("guiconfig.inc");
 
-if (!is_array($config['vlans']['vlan']))
+if (!is_array($config['vlans'])) {
+	$config['vlans'] = array();
+}
+
+if (!is_array($config['vlans']['vlan'])) {
 	$config['vlans']['vlan'] = array();
+}
 
 $a_vlans = &$config['vlans']['vlan'] ;
 
@@ -54,8 +60,9 @@ if ($_GET['act'] == "del") {
 	else if (vlan_inuse($_GET['id'])) {
 		$input_errors[] = gettext("This VLAN cannot be deleted because it is still being used as an interface.");
 	} else {
-		if (does_interface_exist($a_vlans[$_GET['id']]['vlanif']))
-			pfSense_interface_destroy($a_vlans[$_GET['id']]['vlanif']);
+		if (does_interface_exist($a_vlans[$_GET['id']]['vlanif'])) {
+			legacy_interface_destroy($a_vlans[$_GET['id']]['vlanif']);
+		}
 		unset($a_vlans[$_GET['id']]);
 
 		write_config();

src/www/interfaces_vlan_edit.php

@@ -1,4 +1,5 @@
 <?php
+
 /*
 	Copyright (C) 2014-2015 Deciso B.V.
 	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
@@ -30,8 +31,13 @@ require_once("guiconfig.inc");
 
 $referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/interfaces_vlan.php');
 
-if (!is_array($config['vlans']['vlan']))
+if (!is_array($config['vlans'])) {
+	$config['vlans'] = array();
+}
+
+if (!is_array($config['vlans']['vlan'])) {
 	$config['vlans']['vlan'] = array();
+}
 
 $a_vlans = &$config['vlans']['vlan'];
 
@@ -99,10 +105,9 @@ if ($_POST) {
 			if (($a_vlans[$id]['if'] != $_POST['if']) || ($a_vlans[$id]['tag'] != $_POST['tag'])) {
 				if (!empty($a_vlans[$id]['vlanif'])) {
 					$confif = convert_real_interface_to_friendly_interface_name($vlan['vlanif']);
-					// Destroy previous vlan
-					pfSense_interface_destroy($a_vlans[$id]['vlanif']);
+					legacy_interface_destroy($a_vlans[$id]['vlanif']);
 				} else {
-					pfSense_interface_destroy("{$a_vlans[$id]['if']}_vlan{$a_vlans[$id]['tag']}");
+					legacy_interface_destroy("{$a_vlans[$id]['if']}_vlan{$a_vlans[$id]['tag']}");
 					$confif = convert_real_interface_to_friendly_interface_name("{$a_vlans[$id]['if']}_vlan{$a_vlans[$id]['tag']}");
 				}
 				if ($confif <> "")