diff options
Diffstat (limited to 'config/openbgpd/openbgpd.inc')
| -rw-r--r-- | config/openbgpd/openbgpd.inc | 281 |
1 files changed, 131 insertions, 150 deletions
diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc index eff2855b..e1619a55 100644 --- a/config/openbgpd/openbgpd.inc +++ b/config/openbgpd/openbgpd.inc @@ -3,7 +3,7 @@ /* $Id$ */ /* openbgpd.inc - Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com) + Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com) part of pfSense All rights reserved. @@ -63,127 +63,127 @@ function openbgpd_install_conf() { // Since we need to embed this in a string, copy to a var. Can't embed constnats. $bgpd_config_base = PKG_BGPD_CONFIG_BASE; - if ($config['installedpackages']['openbgpd']['rawconfig'] && $config['installedpackages']['openbgpd']['rawconfig']['item']) { - // if there is a raw config specified in the config.xml use that instead of the assisted config - $conffile = implode("\n",$config['installedpackages']['openbgpd']['rawconfig']['item']); - //$conffile = $config['installedpackages']['openbgpd']['rawconfig']; - } else { - // generate bgpd.conf based on the assistant - if($config['installedpackages']['openbgpd']['config']) - $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; - if($config['installedpackages']['openbgpd']['config'][0]['row']) - $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; - if($config['installedpackages']['openbgpdgroups']['config']) - $openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config']; - if($config['installedpackages']['openbgpdneighbors']['config']) - $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config']; - - $conffile = "# This file was created by the package manager. Do not edit!\n\n"; - $setkeycf = ""; - - // Setup AS # - if($openbgpd_conf['asnum']) - $conffile .= "AS {$openbgpd_conf['asnum']}\n"; - - if($openbgpd_conf['fibupdate']) - $conffile .= "fib-update {$openbgpd_conf['fibupdate']}\n"; - - // Setup holdtime if defined. Default is 90. - if($openbgpd_conf['holdtime']) - $conffile .= "holdtime {$openbgpd_conf['holdtime']}\n"; - - // Specify listen ip - if($openbgpd_conf['listenip']) - $conffile .= "listen on {$openbgpd_conf['listenip']}\n"; - - // Specify router id - if($openbgpd_conf['routerid']) - $conffile .= "router-id {$openbgpd_conf['routerid']}\n"; - - // Handle advertised networks - if($config['installedpackages']['openbgpd']['config'][0]['row']) - if(is_array($openbgpd_rows)) - foreach($openbgpd_rows as $row) - $conffile .= "network {$row['networks']}\n"; - - // Attach neighbors to their respective group owner - if(is_array($openbgpd_groups)) { - foreach($openbgpd_groups as $group) { - $conffile .= "group \"{$group['name']}\" {\n"; - $conffile .= " remote-as {$group['remoteas']}\n"; - if(is_array($openbgpd_neighbors)) { - foreach($openbgpd_neighbors as $neighbor) { - if($neighbor['groupname'] == $group['name']) { - $conffile .= " neighbor {$neighbor['neighbor']} {\n"; - $conffile .= " descr \"{$neighbor['descr']}\"\n"; - $setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n"; - if($neighbor['md5sigpass']) { - $setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 \"{$neighbor['md5sigpass']}\";\n"; - $conffile .= " tcp md5sig password {$neighbor['md5sigpass']}\n"; - } - if($neighbor['md5sigkey']) { - $setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 0x{$neighbor['md5sigkey']};\n"; - $conffile .= " tcp md5sig key {$neighbor['md5sigkey']}\n"; - } - foreach($neighbor['row'] as $row) { - $conffile .= " {$row['parameters']} {$row['parmvalue']} \n"; - } - $conffile .= "}\n"; - } - } - } - $conffile .= "}\n"; - } - } - - // Handle neighbors that do not have a group assigned to them - if(is_array($openbgpd_neighbors)) { - foreach($openbgpd_neighbors as $neighbor) { - $used_this_item = false; - if($neighbor['groupname'] == "") { - $conffile .= "neighbor {$neighbor['neighbor']} {\n"; - $conffile .= " descr \"{$neighbor['descr']}\"\n"; - $setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n"; - if ($neighbor['md5sigpass']) { - $setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 \"{$neighbor['md5sigpass']}\";\n"; - $conffile .= " tcp md5sig password {$neighbor['md5sigpass']}\n"; - } - if ($neighbor['md5sigkey']) { - $setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 0x{$neighbor['md5sigkey']};\n"; - $conffile .= " tcp md5sig key {$neighbor['md5sigkey']}\n"; - } - $used_this_item = true; - foreach($neighbor['row'] as $row) { - $conffile .= " {$row['parameters']} {$row['parmvalue']} \n"; - } - } - if($used_this_item) - $conffile .= "}\n"; - } - } - - // OpenBGPD filters - $conffile .= "deny from any\n"; - $conffile .= "deny to any\n"; - if(is_array($openbgpd_neighbors)) { - foreach($openbgpd_neighbors as $neighbor) { - $conffile .= "allow from {$neighbor['neighbor']}\n"; - $conffile .= "allow to {$neighbor['neighbor']}\n"; - } - } - } - safe_mkdir($bgpd_config_base); - $fd = fopen("{$bgpd_config_base}/bgpd.conf", "w"); + if ($config['installedpackages']['openbgpd']['rawconfig'] && $config['installedpackages']['openbgpd']['rawconfig']['item']) { + // if there is a raw config specified in the config.xml use that instead of the assisted config + $conffile = implode("\n",$config['installedpackages']['openbgpd']['rawconfig']['item']); + //$conffile = $config['installedpackages']['openbgpd']['rawconfig']; + } else { + // generate bgpd.conf based on the assistant + if($config['installedpackages']['openbgpd']['config']) + $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; + if($config['installedpackages']['openbgpd']['config'][0]['row']) + $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; + if($config['installedpackages']['openbgpdgroups']['config']) + $openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config']; + if($config['installedpackages']['openbgpdneighbors']['config']) + $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config']; + + $conffile = "# This file was created by the package manager. Do not edit!\n\n"; + + // Setup AS # + if($openbgpd_conf['asnum']) + $conffile .= "AS {$openbgpd_conf['asnum']}\n"; + + if($openbgpd_conf['fibupdate']) + $conffile .= "fib-update {$openbgpd_conf['fibupdate']}\n"; + + // Setup holdtime if defined. Default is 90. + if($openbgpd_conf['holdtime']) + $conffile .= "holdtime {$openbgpd_conf['holdtime']}\n"; + + // Specify listen ip + if($openbgpd_conf['listenip']) + $conffile .= "listen on {$openbgpd_conf['listenip']}\n"; + + // Specify router id + if($openbgpd_conf['routerid']) + $conffile .= "router-id {$openbgpd_conf['routerid']}\n"; + + // Handle advertised networks + if($config['installedpackages']['openbgpd']['config'][0]['row']) + if(is_array($openbgpd_rows)) + foreach($openbgpd_rows as $row) + $conffile .= "network {$row['networks']}\n"; + + // Attach neighbors to their respective group owner + if(is_array($openbgpd_groups)) { + foreach($openbgpd_groups as $group) { + $conffile .= "group \"{$group['name']}\" {\n"; + $conffile .= " remote-as {$group['remoteas']}\n"; + if(is_array($openbgpd_neighbors)) { + foreach($openbgpd_neighbors as $neighbor) { + if($neighbor['groupname'] == $group['name']) { + $conffile .= "\tneighbor {$neighbor['neighbor']} {\n"; + $conffile .= "\t\tdescr \"{$neighbor['descr']}\"\n"; + if($neighbor['md5sigpass']) { + $conffile .= "\t\ttcp md5sig password {$neighbor['md5sigpass']}\n"; + } + if($neighbor['md5sigkey']) { + $conffile .= "\t\ttcp md5sig key {$neighbor['md5sigkey']}\n"; + } + $setlocaladdr = true; + if (is_array($neighbor['row'])) { + foreach($neighbor['row'] as $row) { + if ($row['parameters'] == "local-address") + $setlocaladdr = false; + $conffile .= "\t\t{$row['parameters']} {$row['parmvalue']} \n"; + } + } + if ($setlocaladdr == true) + $conffile .= "\t\tlocal-address {$openbgpd_conf['listenip']}\n"; + $conffile .= "}\n"; + } + } + } + $conffile .= "}\n"; + } + } - // Write out the configuration file - fwrite($fd, $conffile); + // Handle neighbors that do not have a group assigned to them + if(is_array($openbgpd_neighbors)) { + foreach($openbgpd_neighbors as $neighbor) { + if($neighbor['groupname'] == "") { + $conffile .= "neighbor {$neighbor['neighbor']} {\n"; + $conffile .= "\tdescr \"{$neighbor['descr']}\"\n"; + if ($neighbor['md5sigpass']) { + $conffile .= "\ttcp md5sig password {$neighbor['md5sigpass']}\n"; + } + if ($neighbor['md5sigkey']) { + $conffile .= "\ttcp md5sig key {$neighbor['md5sigkey']}\n"; + } + $setlocaladdr = true; + if (is_array($neighbor['row'])) { + foreach($neighbor['row'] as $row) { + if ($row['parameters'] == "local-address") + $setlocaladdr = false; + $conffile .= "\t{$row['parameters']} {$row['parmvalue']} \n"; + } + } + if ($setlocaladdr == true) + $conffile .= "\tlocal-address {$openbgpd_conf['listenip']}\n"; + $conffile .= "}\n"; + } + } + } - // Close file handle - fclose($fd); + // OpenBGPD filters + $conffile .= "deny from any\n"; + $conffile .= "deny to any\n"; + if(is_array($openbgpd_neighbors)) { + foreach($openbgpd_neighbors as $neighbor) { + $conffile .= "allow from {$neighbor['neighbor']}\n"; + $conffile .= "allow to {$neighbor['neighbor']}\n"; + } + } + } + safe_mkdir($bgpd_config_base); + // Write out the configuration file + @file_put_contents("{$bgpd_config_base}/bgpd.conf", $conffile); + @chmod("{$bgpd_config_base}/bgpd.conf", 0600); // Create rc.d file $rc_file_stop = <<<EOF -killall -9 bgpd +killall -TERM bgpd EOF; $rc_file_start = <<<EOF @@ -195,12 +195,14 @@ if [ `pw usershow {$pkg_login} 2>&1 | grep -c "pw: no such user"` -gt 0 ]; then fi /bin/mkdir -p {$bgpd_config_base} -chmod u+rw,go-rw {$bgpd_config_base}/bgpd.conf /usr/sbin/chown -R root:wheel {$bgpd_config_base} +/bin/chmod 0600 {$bgpd_config_base}/bgpd.conf NUMBGPD=`ps auxw | grep -c '[b]gpd.*parent'` if [ \${NUMBGPD} -lt 1 ] ; then {$pkg_bin}/bgpd -f {$bgpd_config_base}/bgpd.conf +else + {$pkg_bin}/bgpctl reload fi EOF; write_rcfile(array( @@ -210,17 +212,11 @@ EOF; ) ); - // TCP-MD5 support on freebsd. See tcp(5) for more - $fd = fopen("{$g['tmp_path']}/bgpdsetkey.conf", "w"); - fwrite($fd, $setkeycf ); - fclose($fd); - exec("setkey -f {$g['tmp_path']}/bgpdsetkey.conf"); - // bgpd process running? if so reload, else start. if(is_openbgpd_running() == true) { - exec("bgpctl reload"); + exec("{$pkg_bin}/bgpctl reload"); } else { - exec("bgpd"); + exec("{$pkg_bin}/bgpd -f {$bgpd_config_base}/bgpd.conf"); } conf_mount_ro(); @@ -237,34 +233,19 @@ function openbgpd_get_raw_config() { // serialize the raw openbgpd config file to config.xml function openbgpd_put_raw_config($conffile) { - global $config; - if ($conffile == "") - unset($config['installedpackages']['openbgpd']['rawconfig']); - else { - $config['installedpackages']['openbgpd']['rawconfig'] = array(); - $config['installedpackages']['openbgpd']['rawconfig']['item'] = explode("\n",$_POST['openbgpd_raw']); - //$config['installedpackages']['openbgpd']['rawconfig'] = $conffile; - } + global $config; + if ($conffile == "") + unset($config['installedpackages']['openbgpd']['rawconfig']); + else { + $config['installedpackages']['openbgpd']['rawconfig'] = array(); + $config['installedpackages']['openbgpd']['rawconfig']['item'] = explode("\n",$_POST['openbgpd_raw']); + //$config['installedpackages']['openbgpd']['rawconfig'] = $conffile; + } } function deinstall_openbgpd() { global $config, $g; - if($config['installedpackages']['openbgpd']['config']) - $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; - if($config['installedpackages']['openbgpdneighbors']['config']) - $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config']; - $setkeycf = ""; - if(is_array($openbgpd_neighbors)) { - foreach($openbgpd_neighbors as $neighbor) - $setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n"; - } - // Clear all SADB entries used. - $fd = fopen("{$g['tmp_path']}/bgpdsetkey.conf", "w"); - fwrite($fd, $setkeycf ); - fclose($fd); - exec("setkey -f {$g['tmp_path']}/bgpdsetkey.conf"); - exec("rm /usr/local/etc/rc.d/bgpd.sh"); exec("rm /usr/local/www/openbgpd_status.php"); exec("killall bgpd"); @@ -369,4 +350,4 @@ function is_openbgpd_running() { return false; } -?>
\ No newline at end of file +?> |