From 6ad11303b7fc5e17862924d7a9a7cd9ef2de3fda Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Mon, 27 Apr 2015 22:45:29 +0200 Subject: [PATCH] inc: start to replace the infamous pfSense PHP module Most of the stuff it does can be hand-rolled using ifconfig(8). Since these operations are sparse and well-defined, there's no harm in doing them. The added benefit is a quantum leap in transparency and traceability as well as using a script-based language to do string manipulation for the command line as opposed to C-style API fiddling (meaning: it's easier). --- src/etc/inc/interfaces.inc | 87 ++++++++++++++++++-------------- src/etc/inc/interfaces.lib.inc | 65 ++++++++++++++++++++++++ src/www/interfaces_vlan.php | 13 +++-- src/www/interfaces_vlan_edit.php | 13 +++-- 4 files changed, 133 insertions(+), 45 deletions(-) create mode 100644 src/etc/inc/interfaces.lib.inc diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index 5cce3e248..3ebd2c8c0 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -29,7 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ -/* include all configuration functions */ +require_once("interfaces.lib.inc"); require_once("globals.inc"); require_once("util.inc"); require_once("gwlb.inc"); @@ -289,8 +289,8 @@ function interface_vlan_configure(&$vlan) { if (!empty($vlanif) && does_interface_exist($vlanif)) { interface_bring_down($vlanif, true); } else { - $tmpvlanif = pfSense_interface_create("vlan"); - pfSense_interface_rename($tmpvlanif, $vlanif); + $tmpvlanif = legacy_interface_create('vlan'); + legacy_interface_rename($tmpvlanif, $vlanif); pfSense_ngctl_name("{$tmpvlanif}:", $vlanif); } @@ -571,11 +571,11 @@ function interface_bridge_configure(&$bridge, $checkmember = 0) { $flags_on |= IFCAP_LRO; if (file_exists("/var/run/booting") || !empty($bridge['bridgeif'])) { - pfSense_interface_destroy($bridge['bridgeif']); - pfSense_interface_create($bridge['bridgeif']); - $bridgeif = escapeshellarg($bridge['bridgeif']); + legacy_interface_destroy($bridge['bridgeif']); + legacy_interface_create($bridge['bridgeif']); + $bridgeif = $bridge['bridgeif']; } else { - $bridgeif = pfSense_interface_create("bridge"); + $bridgeif = legacy_interface_create('bridge'); $bridge['bridgeif'] = $bridgeif; } @@ -766,22 +766,25 @@ function interfaces_lagg_configure($realif = "") { echo gettext("done.") . "\n"; } -function interface_lagg_configure(&$lagg) { +function interface_lagg_configure(&$lagg) +{ global $config; - if (!is_array($lagg)) + if (!is_array($lagg)) { return -1; + } $members = explode(',', $lagg['members']); if (!count($members)) return -1; if (file_exists("/var/run/booting") || !(empty($lagg['laggif']))) { - pfSense_interface_destroy($lagg['laggif']); - pfSense_interface_create($lagg['laggif']); + legacy_interface_destroy($lagg['laggif']); + legacy_interface_create($lagg['laggif']); $laggif = $lagg['laggif']; - } else - $laggif = pfSense_interface_create("lagg"); + } else { + $laggif = legacy_interface_create('lagg'); + } /* Calculate smaller mtu and enforce it */ $smallermtu = 0; @@ -893,11 +896,12 @@ function interface_gre_configure(&$gre, $grekey = "") { interfaces_bring_up($realif); if (file_exists("/var/run/booting") || !(empty($gre['greif']))) { - pfSense_interface_destroy($gre['greif']); - pfSense_interface_create($gre['greif']); + legacy_interface_destroy($gre['greif']); + legacy_interface_create($gre['greif']); $greif = $gre['greif']; - } else - $greif = pfSense_interface_create("gre"); + } else { + $greif = legacy_interface_create('gre'); + } /* Do not change the order here for more see gre(4) NOTES section. */ mwexec("/sbin/ifconfig {$greif} tunnel {$realifip} " . escapeshellarg($gre['remote-addr'])); @@ -992,11 +996,12 @@ function interface_gif_configure(&$gif, $gifkey = "") { log_error(gettext("could not bring realif up -- variable not defined -- interface_gif_configure()")); if (file_exists("/var/run/booting") || !(empty($gif['gifif']))) { - pfSense_interface_destroy($gif['gifif']); - pfSense_interface_create($gif['gifif']); + legacy_interface_destroy($gif['gifif']); + legacy_interface_create($gif['gifif']); $gifif = $gif['gifif']; - } else - $gifif = pfSense_interface_create("gif"); + } else { + $gifif = legacy_interface_create('gif'); + } /* Do not change the order here for more see gif(4) NOTES section. */ mwexec("/sbin/ifconfig {$gifif} tunnel {$realifip} " . escapeshellarg($gif['remote-addr'])); @@ -1382,8 +1387,9 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg = } if ($destroy == true) { - if (preg_match("/^[a-z0-9]+^tun|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_stf$/i", $realif)) - pfSense_interface_destroy($realif); + if (preg_match("/^[a-z0-9]+^tun|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_stf$/i", $realif)) { + legacy_interface_destroy($realif); + } } return; @@ -2267,10 +2273,11 @@ function interface_wireless_clone($realif, $wlcfg) $needs_clone = true; } - if($needs_clone == true) { + if ($needs_clone == true) { /* remove previous instance if it exists */ - if(does_interface_exist($realif)) - pfSense_interface_destroy($realif); + if (does_interface_exist($realif)) { + legacy_interface_destroy($realif); + } log_error(sprintf(gettext("Cloning new wireless interface %s"), $realif)); // Create the new wlan interface. FreeBSD returns the new interface name. @@ -2282,7 +2289,7 @@ function interface_wireless_clone($realif, $wlcfg) } $newif = trim($out[0]); // Rename the interface to {$parentnic}_wlan{$number}#: EX: ath0_wlan0 - pfSense_interface_rename($newif, $realif); + legacy_interface_rename($newif, $realif); // FIXME: not sure what ngctl is for. Doesn't work. // mwexec("/usr/sbin/ngctl name {$newif}: {$realif}", false); file_put_contents("/tmp/{$realif}_oldmac", get_interface_mac($realif)); @@ -3418,13 +3425,15 @@ function interface_6rd_configure($interface = "wan", $wancfg) $rd6brgw = "{$rd6prefix}{$wancfg['gateway-6rd']}"; /* XXX: need to extend to support variable prefix size for v4 */ - if (!is_module_loaded("if_stf")) - mwexec("/sbin/kldload if_stf.ko"); + if (!is_module_loaded('if_stf')) { + mwexec('/sbin/kldload if_stf.ko'); + } $stfiface = "{$interface}_stf"; - if (does_interface_exist($stfiface)) - pfSense_interface_destroy($stfiface); - $tmpstfiface = pfSense_interface_create("stf"); - pfSense_interface_rename($tmpstfiface, $stfiface); + if (does_interface_exist($stfiface)) { + legacy_interface_destroy($stfiface); + } + $tmpstfiface = legacy_interface_create('stf'); + legacy_interface_rename($tmpstfiface, $stfiface); pfSense_interface_flags($stfiface, IFF_LINK2); if ($wancfg['prefix-6rd-v4plen'] > 0) $rd6prefixlen += intval($wancfg['prefix-6rd-v4plen']); @@ -3521,13 +3530,15 @@ function interface_6to4_configure($interface = 'wan', $wancfg) $stflan = Net_IPv6::compress(implode(":", $stflanarr)); /* setup the stf interface */ - if (!is_module_loaded("if_stf")) + if (!is_module_loaded("if_stf")) { mwexec("/sbin/kldload if_stf.ko"); + } $stfiface = "{$interface}_stf"; - if (does_interface_exist($stfiface)) - pfSense_interface_destroy($stfiface); - $tmpstfiface = pfSense_interface_create("stf"); - pfSense_interface_rename($tmpstfiface, $stfiface); + if (does_interface_exist($stfiface)) { + legacy_interface_destroy($stfiface); + } + $tmpstfiface = legacy_interface_create('stf'); + legacy_interface_rename($tmpstfiface, $stfiface); pfSense_interface_flags($stfiface, IFF_LINK2); mwexec("/sbin/ifconfig {$stfiface} inet6 {$stflanpr} prefixlen 16"); diff --git a/src/etc/inc/interfaces.lib.inc b/src/etc/inc/interfaces.lib.inc new file mode 100644 index 000000000..e3f7441db --- /dev/null +++ b/src/etc/inc/interfaces.lib.inc @@ -0,0 +1,65 @@ + + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +function legacy_interface_create($ifs) +{ + $cmd = '/sbin/ifconfig ' . escapeshellarg($ifs) . ' create 2>&1'; + $new = null; + + exec($cmd . ' 2>&1', $out, $ret); + if ($ret) { + log_error('The command `' . $cmd . '\' failed to execute'); + return ($new); + } + + if (isset($out[0])) { + $new = $out[0]; + } + + return ($new); +} + +function legacy_interface_destroy($ifs) +{ + $cmd = '/sbin/ifconfig ' . escapeshellarg($ifs) . ' destroy 2>&1'; + + exec($cmd . ' 2>&1', $out, $ret); + if ($ret) { + log_error('The command `' . $cmd . '\' failed to execute'); + } +} + +function legacy_interface_rename($ifs, $name) +{ + $cmd = '/sbin/ifconfig ' . $ifs . ' name ' . $name; + + exec($cmd . ' 2>&1', $out, $ret); + if ($ret) { + log_error('The command `' . $cmd . '\' failed to execute'); + } +} diff --git a/src/www/interfaces_vlan.php b/src/www/interfaces_vlan.php index 7ae95c433..f50c07c11 100644 --- a/src/www/interfaces_vlan.php +++ b/src/www/interfaces_vlan.php @@ -1,4 +1,5 @@ . @@ -28,8 +29,13 @@ require_once("guiconfig.inc"); -if (!is_array($config['vlans']['vlan'])) +if (!is_array($config['vlans'])) { + $config['vlans'] = array(); +} + +if (!is_array($config['vlans']['vlan'])) { $config['vlans']['vlan'] = array(); +} $a_vlans = &$config['vlans']['vlan'] ; @@ -54,8 +60,9 @@ if ($_GET['act'] == "del") { else if (vlan_inuse($_GET['id'])) { $input_errors[] = gettext("This VLAN cannot be deleted because it is still being used as an interface."); } else { - if (does_interface_exist($a_vlans[$_GET['id']]['vlanif'])) - pfSense_interface_destroy($a_vlans[$_GET['id']]['vlanif']); + if (does_interface_exist($a_vlans[$_GET['id']]['vlanif'])) { + legacy_interface_destroy($a_vlans[$_GET['id']]['vlanif']); + } unset($a_vlans[$_GET['id']]); write_config(); diff --git a/src/www/interfaces_vlan_edit.php b/src/www/interfaces_vlan_edit.php index ad1231e2f..280261c6e 100644 --- a/src/www/interfaces_vlan_edit.php +++ b/src/www/interfaces_vlan_edit.php @@ -1,4 +1,5 @@ . @@ -30,8 +31,13 @@ require_once("guiconfig.inc"); $referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/interfaces_vlan.php'); -if (!is_array($config['vlans']['vlan'])) +if (!is_array($config['vlans'])) { + $config['vlans'] = array(); +} + +if (!is_array($config['vlans']['vlan'])) { $config['vlans']['vlan'] = array(); +} $a_vlans = &$config['vlans']['vlan']; @@ -99,10 +105,9 @@ if ($_POST) { if (($a_vlans[$id]['if'] != $_POST['if']) || ($a_vlans[$id]['tag'] != $_POST['tag'])) { if (!empty($a_vlans[$id]['vlanif'])) { $confif = convert_real_interface_to_friendly_interface_name($vlan['vlanif']); - // Destroy previous vlan - pfSense_interface_destroy($a_vlans[$id]['vlanif']); + legacy_interface_destroy($a_vlans[$id]['vlanif']); } else { - pfSense_interface_destroy("{$a_vlans[$id]['if']}_vlan{$a_vlans[$id]['tag']}"); + legacy_interface_destroy("{$a_vlans[$id]['if']}_vlan{$a_vlans[$id]['tag']}"); $confif = convert_real_interface_to_friendly_interface_name("{$a_vlans[$id]['if']}_vlan{$a_vlans[$id]['tag']}"); } if ($confif <> "")