aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/openbgpd/openbgpd.inc229
1 files changed, 127 insertions, 102 deletions
diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc
index 102c937d..93364be9 100644
--- a/config/openbgpd/openbgpd.inc
+++ b/config/openbgpd/openbgpd.inc
@@ -1,8 +1,9 @@
<?php
/*
openbgpd.inc
+ part of pfSense (https://www.pfSense.org/)
Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com)
- part of pfSense
+ Copyright (C) 2015 ESF, LLC
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -32,100 +33,113 @@ require_once("service-utils.inc");
define('PKG_BGPD_CONFIG_BASE', '/var/etc/openbgpd');
-$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
-if ($pf_version == "2.1" || $pf_version == "2.2")
+$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
+if ($pf_version == "2.1" || $pf_version == "2.2") {
define('PKG_BGPD_BIN', '/usr/pbi/openbgpd-' . php_uname("m") . '/sbin');
-else
+} else {
define('PKG_BGPD_BIN','/usr/local/sbin');
+}
-define('PKG_BGPD_LOGIN', "_bgpd");
-define('PKG_BGPD_UID', "130");
-define('PKG_BGPD_GROUP', "_bgpd");
-define('PKG_BGPD_GID', "130");
-define('PKG_BGPD_GECOS', "BGP Daemon");
-define('PKG_BGPD_HOMEDIR', "/var/empty");
-define('PKG_BGPD_SHELL', "/usr/sbin/nologin");
+define('PKG_BGPD_LOGIN', "_bgpd");
+define('PKG_BGPD_UID', "130");
+define('PKG_BGPD_GROUP', "_bgpd");
+define('PKG_BGPD_GID', "130");
+define('PKG_BGPD_GECOS', "BGP Daemon");
+define('PKG_BGPD_HOMEDIR', "/var/empty");
+define('PKG_BGPD_SHELL', "/usr/sbin/nologin");
function openbgpd_install_conf() {
global $config, $g;
- $pkg_login = PKG_BGPD_LOGIN;
- $pkg_uid = PKG_BGPD_UID;
- $pkg_group = PKG_BGPD_GROUP;
- $pkg_gid = PKG_BGPD_GID;
- $pkg_gecos = PKG_BGPD_GECOS;
- $pkg_homedir = PKG_BGPD_HOMEDIR;
- $pkg_shell = PKG_BGPD_SHELL;
- $pkg_bin = PKG_BGPD_BIN;
+ $pkg_login = PKG_BGPD_LOGIN;
+ $pkg_uid = PKG_BGPD_UID;
+ $pkg_group = PKG_BGPD_GROUP;
+ $pkg_gid = PKG_BGPD_GID;
+ $pkg_gecos = PKG_BGPD_GECOS;
+ $pkg_homedir = PKG_BGPD_HOMEDIR;
+ $pkg_shell = PKG_BGPD_SHELL;
+ $pkg_bin = PKG_BGPD_BIN;
conf_mount_rw();
- // Since we need to embed this in a string, copy to a var. Can't embed constnats.
+ // Since we need to embed this in a string, copy to a var. Can't embed constants.
$bgpd_config_base = PKG_BGPD_CONFIG_BASE;
if ($config['installedpackages']['openbgpd']['rawconfig'] && $config['installedpackages']['openbgpd']['rawconfig']['item']) {
- // if there is a raw config specified in the config.xml use that instead of the assisted config
- $conffile = implode("\n",$config['installedpackages']['openbgpd']['rawconfig']['item']);
+ // If there is a raw config specified in the config.xml, use that instead of the assisted config
+ $conffile = implode("\n", $config['installedpackages']['openbgpd']['rawconfig']['item']);
//$conffile = $config['installedpackages']['openbgpd']['rawconfig'];
} else {
- // generate bgpd.conf based on the assistant
- if($config['installedpackages']['openbgpd']['config'])
+ // Generate bgpd.conf based on the assistant
+ if ($config['installedpackages']['openbgpd']['config']) {
$openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0];
- if($config['installedpackages']['openbgpd']['config'][0]['row'])
+ }
+ if ($config['installedpackages']['openbgpd']['config'][0]['row']) {
$openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row'];
- if($config['installedpackages']['openbgpdgroups']['config'])
+ }
+ if ($config['installedpackages']['openbgpdgroups']['config']) {
$openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config'];
- if($config['installedpackages']['openbgpdneighbors']['config'])
+ }
+ if ($config['installedpackages']['openbgpdneighbors']['config']) {
$openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config'];
+ }
- $conffile = "# This file was created by the package manager. Do not edit!\n\n";
+ $conffile = "# This file was created by the package manager. Do not edit!\n\n";
// Setup AS #
- if($openbgpd_conf['asnum'])
+ if ($openbgpd_conf['asnum']) {
$conffile .= "AS {$openbgpd_conf['asnum']}\n";
+ }
- if($openbgpd_conf['fibupdate'])
+ if ($openbgpd_conf['fibupdate']) {
$conffile .= "fib-update {$openbgpd_conf['fibupdate']}\n";
+ }
- // Setup holdtime if defined. Default is 90.
- if($openbgpd_conf['holdtime'])
+ // Setup holdtime if defined. Default is 90.
+ if ($openbgpd_conf['holdtime']) {
$conffile .= "holdtime {$openbgpd_conf['holdtime']}\n";
+ }
- // Specify listen ip
- if(!empty($openbgpd_conf['listenip']))
+ // Specify listen IP
+ if (!empty($openbgpd_conf['listenip'])) {
$conffile .= "listen on {$openbgpd_conf['listenip']}\n";
- else
+ } else {
$conffile .= "listen on 0.0.0.0\n";
-
+ }
+
// Specify router id
- if($openbgpd_conf['routerid'])
+ if ($openbgpd_conf['routerid']) {
$conffile .= "router-id {$openbgpd_conf['routerid']}\n";
+ }
// Handle advertised networks
- if($config['installedpackages']['openbgpd']['config'][0]['row'])
- if(is_array($openbgpd_rows))
- foreach($openbgpd_rows as $row)
+ if ($config['installedpackages']['openbgpd']['config'][0]['row']) {
+ if (is_array($openbgpd_rows)) {
+ foreach ($openbgpd_rows as $row) {
$conffile .= "network {$row['networks']}\n";
-
+ }
+ }
+ }
// Attach neighbors to their respective group owner
- if(is_array($openbgpd_groups)) {
- foreach($openbgpd_groups as $group) {
+ if (is_array($openbgpd_groups)) {
+ foreach ($openbgpd_groups as $group) {
$conffile .= "group \"{$group['name']}\" {\n";
$conffile .= " remote-as {$group['remoteas']}\n";
- if(is_array($openbgpd_neighbors)) {
- foreach($openbgpd_neighbors as $neighbor) {
- if($neighbor['groupname'] == $group['name']) {
+ if (is_array($openbgpd_neighbors)) {
+ foreach ($openbgpd_neighbors as $neighbor) {
+ if ($neighbor['groupname'] == $group['name']) {
$conffile .= "\tneighbor {$neighbor['neighbor']} {\n";
$conffile .= "\t\tdescr \"{$neighbor['descr']}\"\n";
- if($neighbor['md5sigpass']) {
+ if ($neighbor['md5sigpass']) {
$conffile .= "\t\ttcp md5sig password {$neighbor['md5sigpass']}\n";
}
- if($neighbor['md5sigkey']) {
+ if ($neighbor['md5sigkey']) {
$conffile .= "\t\ttcp md5sig key {$neighbor['md5sigkey']}\n";
}
$setlocaladdr = true;
if (is_array($neighbor['row'])) {
- foreach($neighbor['row'] as $row) {
- if ($row['parameters'] == "local-address")
+ foreach ($neighbor['row'] as $row) {
+ if ($row['parameters'] == "local-address") {
$setlocaladdr = false;
+ }
$conffile .= "\t\t{$row['parameters']} {$row['parmvalue']} \n";
}
}
@@ -136,7 +150,6 @@ function openbgpd_install_conf() {
$conffile .= "\t\tlocal-address 0.0.0.0\n";
}
}
-
$conffile .= "}\n";
}
}
@@ -146,12 +159,12 @@ function openbgpd_install_conf() {
}
// Handle neighbors that do not have a group assigned to them
- if(is_array($openbgpd_neighbors)) {
- foreach($openbgpd_neighbors as $neighbor) {
- if($neighbor['groupname'] == "") {
+ if (is_array($openbgpd_neighbors)) {
+ foreach ($openbgpd_neighbors as $neighbor) {
+ if ($neighbor['groupname'] == "") {
$conffile .= "neighbor {$neighbor['neighbor']} {\n";
$conffile .= "\tdescr \"{$neighbor['descr']}\"\n";
- if ($neighbor['md5sigpass']) {
+ if ($neighbor['md5sigpass']) {
$conffile .= "\ttcp md5sig password {$neighbor['md5sigpass']}\n";
}
if ($neighbor['md5sigkey']) {
@@ -159,17 +172,18 @@ function openbgpd_install_conf() {
}
$setlocaladdr = true;
if (is_array($neighbor['row'])) {
- foreach($neighbor['row'] as $row) {
- if ($row['parameters'] == "local-address")
+ foreach ($neighbor['row'] as $row) {
+ if ($row['parameters'] == "local-address") {
$setlocaladdr = false;
+ }
$conffile .= "\t{$row['parameters']} {$row['parmvalue']} \n";
}
}
- if ($setlocaladdr == true && !empty($openbgpd_conf['listenip']))
+ if ($setlocaladdr == true && !empty($openbgpd_conf['listenip'])) {
$conffile .= "\tlocal-address {$openbgpd_conf['listenip']}\n";
- else
+ } else {
$conffile .= "\tlocal-address 0.0.0.0\n";
-
+ }
$conffile .= "}\n";
}
}
@@ -178,8 +192,8 @@ function openbgpd_install_conf() {
// OpenBGPD filters
$conffile .= "deny from any\n";
$conffile .= "deny to any\n";
- if(is_array($openbgpd_neighbors)) {
- foreach($openbgpd_neighbors as $neighbor) {
+ if (is_array($openbgpd_neighbors)) {
+ foreach ($openbgpd_neighbors as $neighbor) {
$conffile .= "allow from {$neighbor['neighbor']}\n";
$conffile .= "allow to {$neighbor['neighbor']}\n";
}
@@ -194,7 +208,7 @@ function openbgpd_install_conf() {
$carp_ip_status_check = "";
if (is_ipaddr($openbgpd_conf['carpstatusip'])) {
- $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
+ $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
switch ($pfs_version) {
case "2.0":
case "2.1":
@@ -233,22 +247,22 @@ EOF;
// Create rc.d file
$rc_file_stop = <<<EOF
-killall -TERM bgpd
+/usr/bin/killall -TERM bgpd
EOF;
$rc_file_start = <<<EOF
-if [ `pw groupshow {$pkg_group} 2>&1 | grep -c "pw: unknown group"` -gt 0 ]; then
+if [ `/usr/sbin/pw groupshow {$pkg_group} 2>&1 | /usr/bin/grep -c "pw: unknown group"` -gt 0 ]; then
/usr/sbin/pw groupadd {$pkg_group} -g {$pkg_gid}
fi
-if [ `pw usershow {$pkg_login} 2>&1 | grep -c "pw: no such user"` -gt 0 ]; then
+if [ `/usr/sbin/pw usershow {$pkg_login} 2>&1 | /usr/bin/grep -c "pw: no such user"` -gt 0 ]; then
/usr/sbin/pw useradd {$pkg_login} -u {$pkg_uid} -g {$pkg_gid} -c "{$pkg_gecos}" -d {$pkg_homedir} -s {$pkg_shell}
fi
/bin/mkdir -p {$bgpd_config_base}
/usr/sbin/chown -R root:wheel {$bgpd_config_base}
-/bin/chmod 0600 {$bgpd_config_base}/bgpd.conf
+/bin/chmod 0600 {$bgpd_config_base}/bgpd.conf
-NUMBGPD=`ps auxw | grep -c '[b]gpd.*parent'`
+NUMBGPD=`/bin/ps auxw | /usr/bin/grep -c '[b]gpd.*parent'`
if [ \${NUMBGPD} -lt 1 ] ; then
{$carp_ip_status_check}
{$pkg_bin}/bgpd -f {$bgpd_config_base}/bgpd.conf
@@ -259,13 +273,13 @@ EOF;
write_rcfile(array(
"file" => "bgpd.sh",
"start" => $rc_file_start,
- "stop" => $rc_file_stop
+ "stop" => $rc_file_stop
)
);
unset($rc_file_start, $rc_file_stop);
$_gb = exec("/sbin/sysctl net.inet.ip.ipsec_in_use=1");
- // bgpd process running? if so reload, else start.
+ // Is bgpd process running? If so, reload, else start.
// Kick off newly created rc.d script
if (is_ipaddr($openbgpd_conf['carpstatusip'])) {
@@ -274,7 +288,7 @@ EOF;
// Stop the service if the VIP is in BACKUP or INIT state.
case "BACKUP":
case "INIT":
- exec("/usr/local/etc/rc.d/bgpd.sh stop");
+ stop_service("bgpd");
break;
// Start the service if the VIP is MASTER state.
case "MASTER":
@@ -291,30 +305,31 @@ EOF;
}
function openbgpd_restart() {
- if(is_openbgpd_running() == true) {
+ if (is_openbgpd_running() == true) {
exec("{$pkg_bin}/bgpctl reload");
} else {
exec("{$pkg_bin}/bgpd -f {$bgpd_config_base}/bgpd.conf");
}
}
-// get the raw openbgpd confi file for manual inspection/editing
+// Get the raw openbgpd config file for manual inspection/editing
function openbgpd_get_raw_config() {
$conf = PKG_BGPD_CONFIG_BASE . "/bgpd.conf";
- if (file_exists($conf))
+ if (file_exists($conf)) {
return file_get_contents($conf);
- else
+ } else {
return "";
+ }
}
-// serialize the raw openbgpd config file to config.xml
+// Serialize the raw openbgpd config file to config.xml
function openbgpd_put_raw_config($conffile) {
global $config;
- if ($conffile == "")
+ if ($conffile == "") {
unset($config['installedpackages']['openbgpd']['rawconfig']);
- else {
+ } else {
$config['installedpackages']['openbgpd']['rawconfig'] = array();
- $config['installedpackages']['openbgpd']['rawconfig']['item'] = explode("\n",$_POST['openbgpd_raw']);
+ $config['installedpackages']['openbgpd']['rawconfig']['item'] = explode("\n", $_POST['openbgpd_raw']);
//$config['installedpackages']['openbgpd']['rawconfig'] = $conffile;
}
}
@@ -322,20 +337,25 @@ function openbgpd_put_raw_config($conffile) {
function check_group_usage($groupname) {
global $config, $g;
- if($config['installedpackages']['openbgpd']['config'])
+ if ($config['installedpackages']['openbgpd']['config']) {
$openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0];
- if($config['installedpackages']['openbgpd']['config'][0]['row'])
+ }
+ if ($config['installedpackages']['openbgpd']['config'][0]['row']) {
$openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row'];
- if($config['installedpackages']['openbgpdgroups']['config'])
+ }
+ if ($config['installedpackages']['openbgpdgroups']['config']) {
$openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config'];
- if($config['installedpackages']['openbgpdneighbors']['config'])
+ }
+ if ($config['installedpackages']['openbgpdneighbors']['config']) {
$openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config'];
+ }
- if(is_array($openbgpd_groups)) {
- foreach($openbgpd_groups as $group) {
- foreach($openbgpd_neighbors as $neighbor) {
- if($neighbor['groupname'] == $group['name'])
+ if (is_array($openbgpd_groups)) {
+ foreach ($openbgpd_groups as $group) {
+ foreach ($openbgpd_neighbors as $neighbor) {
+ if ($neighbor['groupname'] == $group['name']) {
return $neighbor['groupname'];
+ }
}
}
}
@@ -345,36 +365,39 @@ function check_group_usage($groupname) {
function bgpd_validate_input() {
global $config, $g, $input_errors;
-
- if (!empty($_POST['asnum']) && !is_numeric($_POST['asnum']))
+ if (!empty($_POST['asnum']) && !is_numeric($_POST['asnum'])) {
$input_errors[] = "AS must be entered as a number only.";
+ }
- if (!empty($_POST['routerid']) && !is_ipaddr($_POST['routerid']))
+ if (!empty($_POST['routerid']) && !is_ipaddr($_POST['routerid'])) {
$input_errors[] = "Router ID must be an IP address.";
+ }
- if (!empty($_POST['holdtime']) && !is_numeric($_POST['holdtime']))
+ if (!empty($_POST['holdtime']) && !is_numeric($_POST['holdtime'])) {
$input_errors[] = "Holdtime must be entered as a number.";
+ }
- if (!empty($_POST['listenip']) && !is_ipaddr($_POST['listenip']))
+ if (!empty($_POST['listenip']) && !is_ipaddr($_POST['listenip'])) {
$input_errors[] = "Listen IP must be an IP address or blank to bind to all IPs.";
-
+ }
}
function bgpd_validate_group() {
global $config, $g, $id, $input_errors;
- if (!is_numeric($_POST['remoteas']))
+ if (!is_numeric($_POST['remoteas'])) {
$input_errors[] = "Remote AS must be entered as a number only.";
+ }
- if ($_POST['name'] == "")
+ if ($_POST['name'] == "") {
$input_errors[] = "You must enter a name.";
+ }
$_POST['name'] = remove_bad_chars($_POST['name']);
-
}
function remove_bad_chars($string) {
- return preg_replace('/[^a-z|_|0-9]/i','',$string);
+ return preg_replace('/[^a-z|_|0-9]/i','', $string);
}
function grey_out_value_boxes() {
@@ -411,11 +434,12 @@ EOF;
}
function is_openbgpd_running() {
- $status = `ps auxw | grep -c '[b]gpd.*parent'`;
- if(intval($status) > 0)
+ $status = shell_exec("/bin/ps auxw | /usr/bin/grep -c '[b]gpd.*parent'");
+ if (intval($status) > 0) {
return true;
- else
+ } else {
return false;
+ }
}
function openbgpd_get_carp_status_by_ip($ipaddr) {
@@ -423,8 +447,9 @@ function openbgpd_get_carp_status_by_ip($ipaddr) {
if ($iface) {
$status = get_carp_interface_status($iface);
// If there is no status for that interface, return null.
- if (!$status)
+ if (!$status) {
$status = null;
+ }
} else {
// If there is no VIP by that IP, return null.
$status = null;
@@ -440,7 +465,7 @@ function openbgpd_plugin_carp($pluginparams) {
// $pluginparams['interface'] contains the affected interface
/* If there is no bgp config, then stop */
- if(is_array($config['installedpackages']['openbgpd']['config'])) {
+ if (is_array($config['installedpackages']['openbgpd']['config'])) {
$openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0];
} else {
return null;