diff options
author | jim-p <jimp@pfsense.org> | 2012-08-22 16:57:46 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-08-22 16:57:46 -0400 |
commit | c4cb635d11cd82e98be9d16d9abf4fc8b4a35c84 (patch) | |
tree | fcdd4d450bc5d17dcc6433ac24074e9031909e65 | |
parent | c051bf14000857ffff97ab80273a1a0ea6b62c7b (diff) | |
download | pfsense-packages-c4cb635d11cd82e98be9d16d9abf4fc8b4a35c84.tar.gz pfsense-packages-c4cb635d11cd82e98be9d16d9abf4fc8b4a35c84.tar.bz2 pfsense-packages-c4cb635d11cd82e98be9d16d9abf4fc8b4a35c84.zip |
Change up some bgpd initialization, fixes #2572
-rw-r--r-- | config/openbgpd/openbgpd.inc | 116 |
1 files changed, 61 insertions, 55 deletions
diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc index 4a99dbc1..0a02eb7b 100644 --- a/config/openbgpd/openbgpd.inc +++ b/config/openbgpd/openbgpd.inc @@ -34,20 +34,26 @@ require_once("service-utils.inc"); define('PKG_BGPD_CONFIG_BASE', '/var/etc/openbgpd'); -$pkg_login = "_bgpd"; -$pkg_uid = "130"; -$pkg_group = "_bgpd"; -$pkg_gid = "130"; -$pkg_gecos = "BGP Daemon"; -$pkg_homedir = "/var/empty"; -$pkg_shell = "/usr/sbin/nologin"; - +define('PKG_BGPD_LOGIN', = "_bgpd"); +define('PKG_BGPD_UID', = "130"); +define('PKG_BGPD_GROUP', = "_bgpd"); +define('PKG_BGPD_GID', = "130"); +define('PKG_BGPD_GECOS', = "BGP Daemon"); +define('PKG_BGPD_HOMEDIR', = "/var/empty"); +define('PKG_BGPD_SHELL', = "/usr/sbin/nologin"); function openbgpd_install_conf() { - global $config, $g, $pkg_login, $pkg_uid, $pkg_group, $pkg_gid, $pkg_gecos, $pkg_homedir, $pkg_shell; - + global $config, $g; + $pkg_login = PKG_BGPD_LOGIN; + $pkg_uid = PKG_BGPD_UID; + $pkg_group = PKG_BGPD_GROUP; + $pkg_gid = PKG_BGPD_GID; + $pkg_gecos = PKG_BGPD_GECOS; + $pkg_homedir = PKG_BGPD_HOMEDIR; + $pkg_shell = PKG_BGPD_SHELL; + conf_mount_rw(); - + // Since we need to embed this in a string, copy to a var. Can't embed constnats. $bgpd_config_base = PKG_BGPD_CONFIG_BASE; if ($config['installedpackages']['openbgpd']['rawconfig'] && $config['installedpackages']['openbgpd']['rawconfig']['item']) { @@ -56,45 +62,45 @@ function openbgpd_install_conf() { //$conffile = $config['installedpackages']['openbgpd']['rawconfig']; } else { // generate bgpd.conf based on the assistant - if($config['installedpackages']['openbgpd']['config']) + if($config['installedpackages']['openbgpd']['config']) $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; if($config['installedpackages']['openbgpd']['config'][0]['row']) - $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; + $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; if($config['installedpackages']['openbgpdgroups']['config']) $openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config']; if($config['installedpackages']['openbgpdneighbors']['config']) $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config']; - + $conffile = "# This file was created by the package manager. Do not edit!\n\n"; $setkeycf = ""; - + // Setup AS # - if($openbgpd_conf['asnum']) + if($openbgpd_conf['asnum']) $conffile .= "AS {$openbgpd_conf['asnum']}\n"; - + if($openbgpd_conf['fibupdate']) $conffile .= "fib-update {$openbgpd_conf['fibupdate']}\n"; - + // Setup holdtime if defined. Default is 90. - if($openbgpd_conf['holdtime']) + if($openbgpd_conf['holdtime']) $conffile .= "holdtime {$openbgpd_conf['holdtime']}\n"; // Specify listen ip - if($openbgpd_conf['listenip']) + if($openbgpd_conf['listenip']) $conffile .= "listen on {$openbgpd_conf['listenip']}\n"; // Specify router id - if($openbgpd_conf['routerid']) + if($openbgpd_conf['routerid']) $conffile .= "router-id {$openbgpd_conf['routerid']}\n"; // Handle advertised networks if($config['installedpackages']['openbgpd']['config'][0]['row']) if(is_array($openbgpd_rows)) - foreach($openbgpd_rows as $row) + foreach($openbgpd_rows as $row) $conffile .= "network {$row['networks']}\n"; - + // Attach neighbors to their respective group owner - if(is_array($openbgpd_groups)) { + if(is_array($openbgpd_groups)) { foreach($openbgpd_groups as $group) { $conffile .= "group \"{$group['name']}\" {\n"; $conffile .= " remote-as {$group['remoteas']}\n"; @@ -114,16 +120,16 @@ function openbgpd_install_conf() { } foreach($neighbor['row'] as $row) { $conffile .= " {$row['parameters']} {$row['parmvalue']} \n"; - } + } $conffile .= "}\n"; } } } $conffile .= "}\n"; } - } + } - // Handle neighbors that do not have a group assigned to them + // Handle neighbors that do not have a group assigned to them if(is_array($openbgpd_neighbors)) { foreach($openbgpd_neighbors as $neighbor) { $used_this_item = false; @@ -147,27 +153,27 @@ function openbgpd_install_conf() { if($used_this_item) $conffile .= "}\n"; } - } - + } + // OpenBGPD filters $conffile .= "deny from any\n"; $conffile .= "deny to any\n"; if(is_array($openbgpd_neighbors)) { foreach($openbgpd_neighbors as $neighbor) { $conffile .= "allow from {$neighbor['neighbor']}\n"; - $conffile .= "allow to {$neighbor['neighbor']}\n"; + $conffile .= "allow to {$neighbor['neighbor']}\n"; } } } safe_mkdir($bgpd_config_base); $fd = fopen("{$bgpd_config_base}/bgpd.conf", "w"); - + // Write out the configuration file fwrite($fd, $conffile); - + // Close file handle fclose($fd); - + // Create rc.d file $rc_file_stop = <<<EOF killall -9 bgpd @@ -183,7 +189,7 @@ fi /bin/mkdir -p {$bgpd_config_base} chmod u+rw,go-rw {$bgpd_config_base}/bgpd.conf -/usr/sbin/chown -R {$pkg_login}:{$pkg_login} {$bgpd_config_base} +/usr/sbin/chown -R root:wheel {$bgpd_config_base} NUMBGPD=`ps auxw | grep -c '[b]gpd.*parent'` if [ \${NUMBGPD} -lt 1 ] ; then @@ -196,7 +202,7 @@ EOF; "stop" => $rc_file_stop ) ); - + // TCP-MD5 support on freebsd. See tcp(5) for more $fd = fopen("{$g['tmp_path']}/bgpdsetkey.conf", "w"); fwrite($fd, $setkeycf ); @@ -209,7 +215,7 @@ EOF; } else { exec("bgpd"); } - + conf_mount_ro(); } @@ -260,19 +266,19 @@ function deinstall_openbgpd() { function check_group_usage($groupname) { global $config, $g; - if($config['installedpackages']['openbgpd']['config']) + if($config['installedpackages']['openbgpd']['config']) $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; if($config['installedpackages']['openbgpd']['config'][0]['row']) - $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; + $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; if($config['installedpackages']['openbgpdgroups']['config']) $openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config']; if($config['installedpackages']['openbgpdneighbors']['config']) $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config']; - if(is_array($openbgpd_groups)) { + if(is_array($openbgpd_groups)) { foreach($openbgpd_groups as $group) { foreach($openbgpd_neighbors as $neighbor) { - if($neighbor['groupname'] == $group['name']) + if($neighbor['groupname'] == $group['name']) return $neighbor['groupname']; } } @@ -286,16 +292,16 @@ function bgpd_validate_input() { if (!empty($_POST['asnum']) && !is_numeric($_POST['asnum'])) $input_errors[] = "AS must be entered as a number only."; - + if (!empty($_POST['routerid']) && !is_ipaddr($_POST['routerid'])) $input_errors[] = "Router ID must be an IP address."; - + if (!empty($_POST['holdtime']) && !is_numeric($_POST['holdtime'])) $input_errors[] = "Holdtime must be entered as a number."; - + if (!empty($_POST['listenip']) && !is_ipaddr($_POST['listenip'])) $input_errors[] = "Listen IP must be an IP address or blank to bind to all IPs."; - + } function bgpd_validate_group() { @@ -303,12 +309,12 @@ function bgpd_validate_group() { if (!is_numeric($_POST['remoteas'])) $input_errors[] = "Remote AS must be entered as a number only."; - + if ($_POST['name'] == "") $input_errors[] = "You must enter a name."; - + $_POST['name'] = remove_bad_chars($_POST['name']); - + } function remove_bad_chars($string) { @@ -328,7 +334,7 @@ function grey_out_value_boxes() { var last_two = fieldvalue.substring(length); var without_last_two = fieldvalue.substring(0,length); if( \$('parmvalue' + x) ) { - if(last_two != ' X') { + if(last_two != ' X') { \$('parmvalue' + x).value = ''; \$('parmvalue' + x).disabled = true; } else { @@ -338,21 +344,21 @@ function grey_out_value_boxes() { } } var timerID = setTimeout("grey_out_value_boxes()", 1200); - - } + + } grey_out_value_boxes(); - </script> + </script> + - EOF; - + } function is_openbgpd_running() { $status = `ps auxw | grep -c '[b]gpd.*parent'`; - if(intval($status) > 0) + if(intval($status) > 0) return true; - else + else return false; } |