diff options
| author | bmeeks8 <bmeeks8@bellsouth.net> | 2013-06-18 18:49:39 -0400 |
|---|---|---|
| committer | bmeeks8 <bmeeks8@bellsouth.net> | 2013-06-18 18:49:39 -0400 |
| commit | 34cb0a39d7d14ecba7a4fc5060a04760d3921bc8 (patch) | |
| tree | be1f93eff4980ae6cf3f0d3bbbd5735a426f7b60 /config | |
| parent | 8c5840439b815474d2a39434147b7892590198f3 (diff) | |
| parent | 268bcb9a886494c81191ec63e220ec1c02508b65 (diff) | |
| download | pfsense-packages-34cb0a39d7d14ecba7a4fc5060a04760d3921bc8.tar.gz pfsense-packages-34cb0a39d7d14ecba7a4fc5060a04760d3921bc8.tar.bz2 pfsense-packages-34cb0a39d7d14ecba7a4fc5060a04760d3921bc8.zip | |
Merge remote-tracking branch 'upstream/master'
Diffstat (limited to 'config')
| -rw-r--r-- | config/freeradius2/freeradius.inc | 2 | ||||
| -rw-r--r-- | config/freeradius2/freeradius.xml | 2 | ||||
| -rw-r--r-- | config/haproxy-devel/haproxy.inc | 2 | ||||
| -rw-r--r-- | config/haproxy-devel/haproxy_pool_edit.php | 2 | ||||
| -rw-r--r-- | config/quagga_ospfd/quagga_ospfd.inc | 17 | ||||
| -rw-r--r-- | config/quagga_ospfd/quagga_ospfd.xml | 2 | ||||
| -rw-r--r-- | config/unbound/unbound.inc | 44 | ||||
| -rw-r--r-- | config/unbound/unbound_acls.php | 3 | ||||
| -rw-r--r-- | config/unbound/unbound_advanced.xml | 3 |
9 files changed, 43 insertions, 34 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index b2df3d0b..bf48dd06 100644 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -4003,7 +4003,7 @@ USERNAME=`echo -n "\$1" | sed 's/[^0-9a-zA-Z._-]/X/g' ` PASSWD=`echo -n "\$2" | sed 's/[^0-9a-f]/0/g' ` SECRET=`echo -n "\$3" | sed 's/[^0-9a-f]/0/g' ` PIN=`echo -n "\$4" | sed 's/[^0-9]/0/g' ` -OFFSET=`echo -n "\$5" | sed 's/[^0-9]/0/g' ` +OFFSET=`echo -n "\$5" | sed 's/[^0-9-]/0/g' ` EPOCHTIME=`date +%s` ; EPOCHTIME=`chop \$EPOCHTIME` # delete old logins diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml index c9381c81..8e3105ef 100644 --- a/config/freeradius2/freeradius.xml +++ b/config/freeradius2/freeradius.xml @@ -275,7 +275,7 @@ 1. Write down the first 9 digits of the Epoch-Time on the client.<br> 2. Check with <b>date +%s</b> the Epoch-Time on your FreeRADIUS server and write down the first 9 digits.<br> - 3. Subtract both values, multiply the result with 10 and enter the value in this field. (Default: 0)]]></description> + 3. Subtract both values, multiply the result with 10 and enter the value in this field. Example: 30 or -180 (Default: 0)]]></description> <type>input</type> <default_value>0</default_value> </field> diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index 66bcf81f..b5ca35cd 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -934,6 +934,8 @@ function haproxy_check_run($reload) { if(use_transparent_clientip_proxying()) load_ipfw_rules(); + else + mwexec("/usr/local/sbin/ipfw_context -d haproxy", true); if(isset($a_global['enable'])) { if (isset($a_global['carpdev'])) { diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php index 4b93632f..a7a56b1c 100644 --- a/config/haproxy-devel/haproxy_pool_edit.php +++ b/config/haproxy-devel/haproxy_pool_edit.php @@ -491,7 +491,7 @@ foreach($simplefields as $field){ </table> </td> </tr> - <tr align="left" style="display:none;"> + <tr align="left"> <td width="22%" valign="top" class="vncell">Transparent ClientIP</td> <td width="78%" class="vtable" colspan="2"> <input id="transparent_clientip" name="transparent_clientip" type="checkbox" value="yes" <?php if ($pconfig['transparent_clientip']=='yes') echo "checked"; ?> onclick='updatevisibility();'> diff --git a/config/quagga_ospfd/quagga_ospfd.inc b/config/quagga_ospfd/quagga_ospfd.inc index 46037bd9..aabd27a8 100644 --- a/config/quagga_ospfd/quagga_ospfd.inc +++ b/config/quagga_ospfd/quagga_ospfd.inc @@ -243,6 +243,20 @@ function quagga_ospfd_install_conf() { fwrite($fd, $zebraconffile); fclose($fd); + $carp_ip_status_check = ""; + if (is_ipaddr($ospfd_conf['carpstatusip'])) { + $carpcheckinterface = trim(find_carp_interface($ospfd_conf['carpstatusip'])); + $carp_ip_status_check = <<<EOF + +CARP_STATUS=`/sbin/ifconfig {$carpcheckinterface} | /usr/bin/grep carp: | /usr/bin/awk '{print \$2;}'` +if [ \${CARP_STATUS} != "MASTER" ]; then + exit; +fi + +EOF; + } + + // Create rc.d file $rc_file_stop = <<<EOF if [ -e /var/run/quagga/zebra.pid ]; then @@ -274,6 +288,7 @@ fi killall -9 zebra 2>/dev/null killall -9 ospfd 2>/dev/null sleep 1 +{$carp_ip_status_check} /usr/local/sbin/zebra -d -f {$quagga_config_base}/zebra.conf /usr/local/sbin/ospfd -d -f {$quagga_config_base}/ospfd.conf EOF; @@ -363,7 +378,7 @@ function quagga_ospfd_put_raw_config($conffile) { } function quagga_get_carp_status_by_ip($ipaddr) { - $iface = find_carp_interface($ipaddr); + $iface = trim(find_carp_interface($ipaddr)); if ($iface) { $status = get_carp_interface_status($iface); // If there is no status for that interface, return null. diff --git a/config/quagga_ospfd/quagga_ospfd.xml b/config/quagga_ospfd/quagga_ospfd.xml index c48d0f47..a03f9e3c 100644 --- a/config/quagga_ospfd/quagga_ospfd.xml +++ b/config/quagga_ospfd/quagga_ospfd.xml @@ -1,6 +1,6 @@ <packagegui> <name>quagga_ospfd</name> - <version>0.5.3</version> + <version>0.5.4</version> <title>Services: Quagga OSPFd</title> <include_file>/usr/local/pkg/quagga_ospfd.inc</include_file> <aftersaveredirect>pkg_edit.php?xml=quagga_ospfd.xml&id=0</aftersaveredirect> diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc index 2dd33bcd..f1d68eb7 100644 --- a/config/unbound/unbound.inc +++ b/config/unbound/unbound.inc @@ -275,12 +275,14 @@ function unbound_get_network_interface_addresses() { log_error("Unbound DNS: There was a problem setting up the Virtual IP for the interface ".link_ip_to_carp_interface($vip['subnet'])); } else { $unbound_interfaces[$i]['virtual']['ipaddr'] = $virtual_ip; + $unbound_interfaces[$i]['virtual']['subnet'] = $vip['subnet_bits']; + $unbound_interfaces[$i]['virtual']['network'] = $virtual_ip; } } } } } - } else if(isset($interfaces[$unboundif]['ipaddr'])) { + } else if (isset($interfaces[$unboundif]['ipaddr'])) { /* Find the interface IP address for * XXX - this only works for IPv4 currently - the pfSense module needs IPv6 love */ @@ -378,7 +380,7 @@ function unbound_acls_config() { global $config; /* Configure the ACLs */ - if(is_array($config['installedpackages']['unboundacls']['config'])) { + if (is_array($config['installedpackages']['unboundacls']['config'])) { $unbound_acls = $config['installedpackages']['unboundacls']['config']; $unboundcfg = ""; foreach($unbound_acls as $unbound_acl){ @@ -409,9 +411,9 @@ function unbound_resync_config() { $unbound_allowed_networks = ""; $unboundnetcfg = unbound_get_network_interface_addresses(); foreach($unboundnetcfg as $netent) { - foreach($netent as $entry) { + foreach($netent as $nettype => $entry) { $unbound_bind_interfaces .="interface: {$entry['ipaddr']}\n"; - if($entry['ipaddr'] != "127.0.0.1" && $entry['ipaddr'] != "::1") + if($entry['ipaddr'] != "127.0.0.1" && $entry['ipaddr'] != "::1" && $nettype != "virtual") $unbound_allowed_networks .= "access-control: {$entry['network']}/{$entry['subnet']} allow\n"; } } @@ -485,7 +487,7 @@ EOF; $outgoing_num_tcp = (!empty($unbound_config['outgoing_num_tcp'])) ? $unbound_config['outgoing_num_tcp'] : "10"; $incoming_num_tcp = (!empty($unbound_config['incoming_num_tcp'])) ? $unbound_config['incoming_num_tcp'] : "10"; $edns_buffer_size = (!empty($unbound_config['edns_buffer_size'])) ? $unbound_config['edns_buffer_size'] : "4096"; - $num_queries_per_thread = (!empty($unbound_config['num_queries_per_thread'])) ? $unbound_config['num_queries_per_thread'] : "1024"; + $num_queries_per_thread = (!empty($unbound_config['num_queries_per_thread'])) ? $unbound_config['num_queries_per_thread'] : "4096"; $jostle_timeout = (!empty($unbound_config['jostle_timeout'])) ? $unbound_config['jostle_timeout'] : "200"; $cache_max_ttl = (!empty($unbound_config['cache_max_ttl'])) ? $unbound_config['cache_max_ttl'] : "86400"; $cache_min_ttl = (!empty($unbound_config['cache_min_ttl'])) ? $unbound_config['cache_min_ttl'] : "0"; @@ -543,7 +545,7 @@ harden-dnssec-stripped: {$harden_dnssec_stripped} {$optimization['key_cache_slabs']} {$optimization['msg_cache_size']} {$optimization['rrset_cache_size']} -{$optimization['outgoing_range']} +outgoing-range: 8192 {$optimization['so_rcvbuf']} # Interface IP(s) to bind to @@ -619,23 +621,19 @@ function unbound_optimization() { // Set the number of threads equal to number of CPUs. // Use 1 (disable threading) if for some reason this sysctl fails. $numprocs = intval(trim(`/sbin/sysctl kern.smp.cpus | /usr/bin/cut -d" " -f2`)); - if($numprocs > 0) + if($numprocs > 1) { $optimization['number_threads'] = "num-threads: {$numprocs}"; - else + $optimize_num = pow(2,floor(log($numprocs,2))); + } else { $optimization['number_threads'] = "num-threads: 1"; + $optimize_num = 4; + } // Slabs to help reduce lock contention. - if ($numprocs > 4) { - $optimization['msg_cache_slabs'] = "msg-cache-slabs: {$numprocs}"; - $optimization['rrset_cache_slabs'] = "rrset-cache-slabs: {$numprocs}"; - $optimization['infra_cache_slabs'] = "infra-cache-slabs: {$numprocs}"; - $optimization['key_cache_slabs'] = "key-cache-slabs: {$numprocs}"; - } else { - $optimization['msg_cache_slabs'] = "msg-cache-slabs: 4"; - $optimization['rrset_cache_slabs'] = "rrset-cache-slabs: 4"; - $optimization['infra_cache_slabs'] = "infra-cache-slabs: 4"; - $optimization['key_cache_slabs'] = "key-cache-slabs: 4"; - } + $optimization['msg_cache_slabs'] = "msg-cache-slabs: {$optimize_num}"; + $optimization['rrset_cache_slabs'] = "rrset-cache-slabs: {$optimize_num}"; + $optimization['infra_cache_slabs'] = "infra-cache-slabs: {$optimize_num}"; + $optimization['key_cache_slabs'] = "key-cache-slabs: {$optimize_num}"; // Memory usage - default is 4Mb if nothing has been selected if(isset($unbound_config['msg_cache_size'])) { @@ -647,14 +645,6 @@ function unbound_optimization() { $optimization['rrset_cache_size'] = "rrset-cache-size: 8m"; } - // More outgoing connections per thread otherwise assign a default of 4096 for a single thread - if($numprocs > 0) { - $or = (1024/$numprocs) - 50; - $optimization['outgoing_range'] = "outgoing-range: {$or}"; - } else { - $optimization['outgoing_range'] = "outgoing-range: {4096}"; - } - // Larger socket buffer for busy servers // Check that it is set to 4MB (by default the OS has it configured to 4MB) foreach ($config['sysctl']['item'] as $tunable) { diff --git a/config/unbound/unbound_acls.php b/config/unbound/unbound_acls.php index 721d3adb..59738aab 100644 --- a/config/unbound/unbound_acls.php +++ b/config/unbound/unbound_acls.php @@ -139,7 +139,8 @@ include("head.inc"); <script type="text/javascript"> function mask_field(fieldname, fieldsize, n) { return '<select name="' + fieldname + n + '" class="formselect" id="' + fieldname + n + '"><?php - for ($i = 128; $i >= 0; $i--) { + $start = 24; if (function_exists("is_ipaddrv6")) $start = "128"; + for ($i = $start; $i >= 0; $i--) { echo "<option value=\"$i\">$i</option>"; } ?></select>'; diff --git a/config/unbound/unbound_advanced.xml b/config/unbound/unbound_advanced.xml index 7603d0aa..2da5b505 100644 --- a/config/unbound/unbound_advanced.xml +++ b/config/unbound/unbound_advanced.xml @@ -219,11 +219,12 @@ <fieldname>num_queries_per_thread</fieldname> <description>The number of queries that every thread will service simultaneously. If more queries arrive that need to be serviced, and no queries can be jostled, then these queries are dropped.</description> <type>select</type> - <default_value>1024</default_value> + <default_value>4096</default_value> <options> <option><name>512</name><value>512</value></option> <option><name>1024</name><value>1024</value></option> <option><name>2048</name><value>2048</value></option> + <option><name>4096</name><value>4096</value></option> </options> <advancedfield/> </field> |