Transparent support, saner defaults, added interface selection widgets

2 files changed, 29 insertions, 7 deletions

diff --git a/packages/havp.inc b/packages/havp.inc
index e0169f51..ce4e8e88 100644
--- a/packages/havp.inc
+++ b/packages/havp.inc
@@ -57,21 +57,34 @@ function sync_package_havp() {
 		  if ($tmp['servernumber'] != "") fwrite($fd,"SERVERNUMBER " . $tmp['servernumber'] . "\n");
 		  if ($tmp['maxservers'] != "") fwrite($fd,"MAXSERVERS " . $tmp['maxservers'] . "\n");
 		  if ($tmp['port'] != "") fwrite($fd,"PORT " . $tmp['port'] . "\n");
-		  if ($tmp['bind_address'] != ""){
-		    fwrite($fd,"BIND_ADDRESS " . $tmp['bind_address'] . " \n");
-		  }else {
-		    fwrite($fd,"BIND_ADDRESS " . $config['interfaces']['lan']['ipaddr'] . " \n");
-		  }
 		  if ($tmp['source_address'] != "") fwrite($fd,"SOURCE_ADDRESS " . $tmp['source_address'] . " \n");
 		  if ($tmp['dbreload'] != "") fwrite($fd,"DBRELOAD" . $tmp['dbreload'] . " \n");
 		  if ($tmp['parentproxy'] != "") fwrite($fd,"PARENTPROXY" . $tmp['parentproxy'] . " \n");
 		  if ($tmp['parentport'] != "") fwrite($fd,"PARENTPORT" . $tmp['parentport'] . " \n");
 
+		  /* If Transparent then, don't bother with bind address */
 		  if ($tmp['transparent'] == "on"){
 		       fwrite($fd,"TRANSPARENT true\n");
+		       fwrite($fd,"BIND_ADDRESS 127.0.0.1\n");
+		       $trans_file = fopen("/tmp/havp_pf.rules","w");
+		       fwrite($trans_file, "rdr on " . $config['interfaces']['lan']['if'] .  " inet proto tcp from any to ! " . $config['interfaces']['lan']['ipaddr'] . " port = http -> 127.0.0.1 port 8080 \n");
+		       fclose($trans_file);
+		       $havp_pf_result = mwexec ("pfctl -a rdr-package/havp -f /tmp/havp_pf.rules");
+		       if($havp_pf_result <> 0) {
+			    file_notice("HAVP", "There were error(s) loading the transparency rules", "HAVP", "");
+		       }
 		  }
 		  else {
 		       fwrite($fd,"TRANSPARENT false\n");
+		       if ($tmp['bind_address'] != ""){
+			    fwrite($fd,"BIND_ADDRESS " . $config['interfaces'][strtolower($tmp['bind_address'])]['ipaddr']  . " \n");
+		       }else { /* just to be sure, default is lan */
+			    fwrite($fd,"BIND_ADDRESS " . $config['interfaces']['lan']['ipaddr'] . " \n");
+		       }
+		       $havp_pf_result = mwexec ("pfctl -a rdr-package/havp -F nat");
+		       if($havp_pf_result <> 0) {
+			    file_notice("HAVP", "There were error(s) clearing the transparency rules", "HAVP", "");
+		       }
 		  }
 
 		  if ($tmp['range'] == "on"){
@@ -87,6 +100,14 @@ function sync_package_havp() {
 		       fwrite($fd,"LOG_OKS false\n");
 		  }
 	     }
+	} else {
+	     fwrite($fd,"SERVERNUMBER 10\n");
+	     fwrite($fd,"MAXSERVERS 100\n");
+	     fwrite($fd,"PORT 8080\n");
+	     fwrite($fd,"TRANSPARENT false\n");
+	     fwrite($fd,"RANGE true\n");
+	     fwrite($fd,"LOG_OKS true\n");
+	     fwrite($fd,"BIND_ADDRESS " . $config['interfaces']['lan']['ipaddr'] . " \n");	     
 	}
 	fclose($fd);
 	conf_mount_ro();
diff --git a/packages/havp.xml b/packages/havp.xml
index d6cd7c9d..c024e369 100644
--- a/packages/havp.xml
+++ b/packages/havp.xml
@@ -75,7 +75,7 @@
 		<field>
 			<fielddescr>Transparent?</fielddescr>
 			<fieldname>transparent</fieldname>
-			<description>Run HAVP as transparent Proxy? [In Next Version]</description>
+			<description>Run HAVP as transparent Proxy? [Bind Address will be disregarded in this mode, HAVP will listen on localhost] </description>
 			<type>checkbox</type>
 		</field>		
 		<field>
@@ -89,7 +89,8 @@
 			<fielddescr>Bind Address</fielddescr>
 			<fieldname>bind_address</fieldname>
 			<description>IP address that HAVP listens on. Leave it empty to bind all addresses, defaults to LAN address</description>
-			<type>input</type>
+			<type>interfaces_selection</type>
+			<default_value>lan</default_value>
 		</field>		
 		<field>
 			<fielddescr>Source Address</fielddescr>