aboutsummaryrefslogtreecommitdiffstats
path: root/config/openbgpd
diff options
context:
space:
mode:
Diffstat (limited to 'config/openbgpd')
-rw-r--r--config/openbgpd/openbgpd.inc281
-rw-r--r--config/openbgpd/openbgpd_neighbors.xml4
-rw-r--r--config/openbgpd/openbgpd_status.php5
3 files changed, 138 insertions, 152 deletions
diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc
index eff2855b..e1619a55 100644
--- a/config/openbgpd/openbgpd.inc
+++ b/config/openbgpd/openbgpd.inc
@@ -3,7 +3,7 @@
/* $Id$ */
/*
openbgpd.inc
- Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com)
+ Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com)
part of pfSense
All rights reserved.
@@ -63,127 +63,127 @@ function openbgpd_install_conf() {
// Since we need to embed this in a string, copy to a var. Can't embed constnats.
$bgpd_config_base = PKG_BGPD_CONFIG_BASE;
- if ($config['installedpackages']['openbgpd']['rawconfig'] && $config['installedpackages']['openbgpd']['rawconfig']['item']) {
- // if there is a raw config specified in the config.xml use that instead of the assisted config
- $conffile = implode("\n",$config['installedpackages']['openbgpd']['rawconfig']['item']);
- //$conffile = $config['installedpackages']['openbgpd']['rawconfig'];
- } else {
- // generate bgpd.conf based on the assistant
- if($config['installedpackages']['openbgpd']['config'])
- $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0];
- if($config['installedpackages']['openbgpd']['config'][0]['row'])
- $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row'];
- if($config['installedpackages']['openbgpdgroups']['config'])
- $openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config'];
- if($config['installedpackages']['openbgpdneighbors']['config'])
- $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config'];
-
- $conffile = "# This file was created by the package manager. Do not edit!\n\n";
- $setkeycf = "";
-
- // Setup AS #
- if($openbgpd_conf['asnum'])
- $conffile .= "AS {$openbgpd_conf['asnum']}\n";
-
- if($openbgpd_conf['fibupdate'])
- $conffile .= "fib-update {$openbgpd_conf['fibupdate']}\n";
-
- // Setup holdtime if defined. Default is 90.
- if($openbgpd_conf['holdtime'])
- $conffile .= "holdtime {$openbgpd_conf['holdtime']}\n";
-
- // Specify listen ip
- if($openbgpd_conf['listenip'])
- $conffile .= "listen on {$openbgpd_conf['listenip']}\n";
-
- // Specify router id
- if($openbgpd_conf['routerid'])
- $conffile .= "router-id {$openbgpd_conf['routerid']}\n";
-
- // Handle advertised networks
- if($config['installedpackages']['openbgpd']['config'][0]['row'])
- if(is_array($openbgpd_rows))
- foreach($openbgpd_rows as $row)
- $conffile .= "network {$row['networks']}\n";
-
- // Attach neighbors to their respective group owner
- if(is_array($openbgpd_groups)) {
- foreach($openbgpd_groups as $group) {
- $conffile .= "group \"{$group['name']}\" {\n";
- $conffile .= " remote-as {$group['remoteas']}\n";
- if(is_array($openbgpd_neighbors)) {
- foreach($openbgpd_neighbors as $neighbor) {
- if($neighbor['groupname'] == $group['name']) {
- $conffile .= " neighbor {$neighbor['neighbor']} {\n";
- $conffile .= " descr \"{$neighbor['descr']}\"\n";
- $setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n";
- if($neighbor['md5sigpass']) {
- $setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 \"{$neighbor['md5sigpass']}\";\n";
- $conffile .= " tcp md5sig password {$neighbor['md5sigpass']}\n";
- }
- if($neighbor['md5sigkey']) {
- $setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 0x{$neighbor['md5sigkey']};\n";
- $conffile .= " tcp md5sig key {$neighbor['md5sigkey']}\n";
- }
- foreach($neighbor['row'] as $row) {
- $conffile .= " {$row['parameters']} {$row['parmvalue']} \n";
- }
- $conffile .= "}\n";
- }
- }
- }
- $conffile .= "}\n";
- }
- }
-
- // Handle neighbors that do not have a group assigned to them
- if(is_array($openbgpd_neighbors)) {
- foreach($openbgpd_neighbors as $neighbor) {
- $used_this_item = false;
- if($neighbor['groupname'] == "") {
- $conffile .= "neighbor {$neighbor['neighbor']} {\n";
- $conffile .= " descr \"{$neighbor['descr']}\"\n";
- $setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n";
- if ($neighbor['md5sigpass']) {
- $setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 \"{$neighbor['md5sigpass']}\";\n";
- $conffile .= " tcp md5sig password {$neighbor['md5sigpass']}\n";
- }
- if ($neighbor['md5sigkey']) {
- $setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 0x{$neighbor['md5sigkey']};\n";
- $conffile .= " tcp md5sig key {$neighbor['md5sigkey']}\n";
- }
- $used_this_item = true;
- foreach($neighbor['row'] as $row) {
- $conffile .= " {$row['parameters']} {$row['parmvalue']} \n";
- }
- }
- if($used_this_item)
- $conffile .= "}\n";
- }
- }
-
- // OpenBGPD filters
- $conffile .= "deny from any\n";
- $conffile .= "deny to any\n";
- if(is_array($openbgpd_neighbors)) {
- foreach($openbgpd_neighbors as $neighbor) {
- $conffile .= "allow from {$neighbor['neighbor']}\n";
- $conffile .= "allow to {$neighbor['neighbor']}\n";
- }
- }
- }
- safe_mkdir($bgpd_config_base);
- $fd = fopen("{$bgpd_config_base}/bgpd.conf", "w");
+ if ($config['installedpackages']['openbgpd']['rawconfig'] && $config['installedpackages']['openbgpd']['rawconfig']['item']) {
+ // if there is a raw config specified in the config.xml use that instead of the assisted config
+ $conffile = implode("\n",$config['installedpackages']['openbgpd']['rawconfig']['item']);
+ //$conffile = $config['installedpackages']['openbgpd']['rawconfig'];
+ } else {
+ // generate bgpd.conf based on the assistant
+ if($config['installedpackages']['openbgpd']['config'])
+ $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0];
+ if($config['installedpackages']['openbgpd']['config'][0]['row'])
+ $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row'];
+ if($config['installedpackages']['openbgpdgroups']['config'])
+ $openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config'];
+ if($config['installedpackages']['openbgpdneighbors']['config'])
+ $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config'];
+
+ $conffile = "# This file was created by the package manager. Do not edit!\n\n";
+
+ // Setup AS #
+ if($openbgpd_conf['asnum'])
+ $conffile .= "AS {$openbgpd_conf['asnum']}\n";
+
+ if($openbgpd_conf['fibupdate'])
+ $conffile .= "fib-update {$openbgpd_conf['fibupdate']}\n";
+
+ // Setup holdtime if defined. Default is 90.
+ if($openbgpd_conf['holdtime'])
+ $conffile .= "holdtime {$openbgpd_conf['holdtime']}\n";
+
+ // Specify listen ip
+ if($openbgpd_conf['listenip'])
+ $conffile .= "listen on {$openbgpd_conf['listenip']}\n";
+
+ // Specify router id
+ if($openbgpd_conf['routerid'])
+ $conffile .= "router-id {$openbgpd_conf['routerid']}\n";
+
+ // Handle advertised networks
+ if($config['installedpackages']['openbgpd']['config'][0]['row'])
+ if(is_array($openbgpd_rows))
+ foreach($openbgpd_rows as $row)
+ $conffile .= "network {$row['networks']}\n";
+
+ // Attach neighbors to their respective group owner
+ if(is_array($openbgpd_groups)) {
+ foreach($openbgpd_groups as $group) {
+ $conffile .= "group \"{$group['name']}\" {\n";
+ $conffile .= " remote-as {$group['remoteas']}\n";
+ if(is_array($openbgpd_neighbors)) {
+ foreach($openbgpd_neighbors as $neighbor) {
+ if($neighbor['groupname'] == $group['name']) {
+ $conffile .= "\tneighbor {$neighbor['neighbor']} {\n";
+ $conffile .= "\t\tdescr \"{$neighbor['descr']}\"\n";
+ if($neighbor['md5sigpass']) {
+ $conffile .= "\t\ttcp md5sig password {$neighbor['md5sigpass']}\n";
+ }
+ if($neighbor['md5sigkey']) {
+ $conffile .= "\t\ttcp md5sig key {$neighbor['md5sigkey']}\n";
+ }
+ $setlocaladdr = true;
+ if (is_array($neighbor['row'])) {
+ foreach($neighbor['row'] as $row) {
+ if ($row['parameters'] == "local-address")
+ $setlocaladdr = false;
+ $conffile .= "\t\t{$row['parameters']} {$row['parmvalue']} \n";
+ }
+ }
+ if ($setlocaladdr == true)
+ $conffile .= "\t\tlocal-address {$openbgpd_conf['listenip']}\n";
+ $conffile .= "}\n";
+ }
+ }
+ }
+ $conffile .= "}\n";
+ }
+ }
- // Write out the configuration file
- fwrite($fd, $conffile);
+ // Handle neighbors that do not have a group assigned to them
+ if(is_array($openbgpd_neighbors)) {
+ foreach($openbgpd_neighbors as $neighbor) {
+ if($neighbor['groupname'] == "") {
+ $conffile .= "neighbor {$neighbor['neighbor']} {\n";
+ $conffile .= "\tdescr \"{$neighbor['descr']}\"\n";
+ if ($neighbor['md5sigpass']) {
+ $conffile .= "\ttcp md5sig password {$neighbor['md5sigpass']}\n";
+ }
+ if ($neighbor['md5sigkey']) {
+ $conffile .= "\ttcp md5sig key {$neighbor['md5sigkey']}\n";
+ }
+ $setlocaladdr = true;
+ if (is_array($neighbor['row'])) {
+ foreach($neighbor['row'] as $row) {
+ if ($row['parameters'] == "local-address")
+ $setlocaladdr = false;
+ $conffile .= "\t{$row['parameters']} {$row['parmvalue']} \n";
+ }
+ }
+ if ($setlocaladdr == true)
+ $conffile .= "\tlocal-address {$openbgpd_conf['listenip']}\n";
+ $conffile .= "}\n";
+ }
+ }
+ }
- // Close file handle
- fclose($fd);
+ // OpenBGPD filters
+ $conffile .= "deny from any\n";
+ $conffile .= "deny to any\n";
+ if(is_array($openbgpd_neighbors)) {
+ foreach($openbgpd_neighbors as $neighbor) {
+ $conffile .= "allow from {$neighbor['neighbor']}\n";
+ $conffile .= "allow to {$neighbor['neighbor']}\n";
+ }
+ }
+ }
+ safe_mkdir($bgpd_config_base);
+ // Write out the configuration file
+ @file_put_contents("{$bgpd_config_base}/bgpd.conf", $conffile);
+ @chmod("{$bgpd_config_base}/bgpd.conf", 0600);
// Create rc.d file
$rc_file_stop = <<<EOF
-killall -9 bgpd
+killall -TERM bgpd
EOF;
$rc_file_start = <<<EOF
@@ -195,12 +195,14 @@ if [ `pw usershow {$pkg_login} 2>&1 | grep -c "pw: no such user"` -gt 0 ]; then
fi
/bin/mkdir -p {$bgpd_config_base}
-chmod u+rw,go-rw {$bgpd_config_base}/bgpd.conf
/usr/sbin/chown -R root:wheel {$bgpd_config_base}
+/bin/chmod 0600 {$bgpd_config_base}/bgpd.conf
NUMBGPD=`ps auxw | grep -c '[b]gpd.*parent'`
if [ \${NUMBGPD} -lt 1 ] ; then
{$pkg_bin}/bgpd -f {$bgpd_config_base}/bgpd.conf
+else
+ {$pkg_bin}/bgpctl reload
fi
EOF;
write_rcfile(array(
@@ -210,17 +212,11 @@ EOF;
)
);
- // TCP-MD5 support on freebsd. See tcp(5) for more
- $fd = fopen("{$g['tmp_path']}/bgpdsetkey.conf", "w");
- fwrite($fd, $setkeycf );
- fclose($fd);
- exec("setkey -f {$g['tmp_path']}/bgpdsetkey.conf");
-
// bgpd process running? if so reload, else start.
if(is_openbgpd_running() == true) {
- exec("bgpctl reload");
+ exec("{$pkg_bin}/bgpctl reload");
} else {
- exec("bgpd");
+ exec("{$pkg_bin}/bgpd -f {$bgpd_config_base}/bgpd.conf");
}
conf_mount_ro();
@@ -237,34 +233,19 @@ function openbgpd_get_raw_config() {
// serialize the raw openbgpd config file to config.xml
function openbgpd_put_raw_config($conffile) {
- global $config;
- if ($conffile == "")
- unset($config['installedpackages']['openbgpd']['rawconfig']);
- else {
- $config['installedpackages']['openbgpd']['rawconfig'] = array();
- $config['installedpackages']['openbgpd']['rawconfig']['item'] = explode("\n",$_POST['openbgpd_raw']);
- //$config['installedpackages']['openbgpd']['rawconfig'] = $conffile;
- }
+ global $config;
+ if ($conffile == "")
+ unset($config['installedpackages']['openbgpd']['rawconfig']);
+ else {
+ $config['installedpackages']['openbgpd']['rawconfig'] = array();
+ $config['installedpackages']['openbgpd']['rawconfig']['item'] = explode("\n",$_POST['openbgpd_raw']);
+ //$config['installedpackages']['openbgpd']['rawconfig'] = $conffile;
+ }
}
function deinstall_openbgpd() {
global $config, $g;
- if($config['installedpackages']['openbgpd']['config'])
- $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0];
- if($config['installedpackages']['openbgpdneighbors']['config'])
- $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config'];
- $setkeycf = "";
- if(is_array($openbgpd_neighbors)) {
- foreach($openbgpd_neighbors as $neighbor)
- $setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n";
- }
- // Clear all SADB entries used.
- $fd = fopen("{$g['tmp_path']}/bgpdsetkey.conf", "w");
- fwrite($fd, $setkeycf );
- fclose($fd);
- exec("setkey -f {$g['tmp_path']}/bgpdsetkey.conf");
-
exec("rm /usr/local/etc/rc.d/bgpd.sh");
exec("rm /usr/local/www/openbgpd_status.php");
exec("killall bgpd");
@@ -369,4 +350,4 @@ function is_openbgpd_running() {
return false;
}
-?> \ No newline at end of file
+?>
diff --git a/config/openbgpd/openbgpd_neighbors.xml b/config/openbgpd/openbgpd_neighbors.xml
index efa82384..5553c022 100644
--- a/config/openbgpd/openbgpd_neighbors.xml
+++ b/config/openbgpd/openbgpd_neighbors.xml
@@ -100,13 +100,13 @@
<field>
<fielddescr>TCP-MD5 key</fielddescr>
<fieldname>md5sigkey</fieldname>
- <description>The md5 key to communicate with the peer. Does not work with Cisco BGP routers.</description>
+ <description>The md5 key to communicate with the peer. Does not work with Cisco BGP routers. If the Local Addr option is not set listening ip will be used.</description>
<type>input</type>
</field>
<field>
<fielddescr>TCP-MD5 password</fielddescr>
<fieldname>md5sigpass</fieldname>
- <description>The md5 password to communicate with the peer. Use this when communicating with a Cisco BGP router.</description>
+ <description>The md5 password to communicate with the peer. Use this when communicating with a Cisco BGP router. If the Local Addr option is not set listenning ip will be used.</description>
<type>input</type>
</field>
<field>
diff --git a/config/openbgpd/openbgpd_status.php b/config/openbgpd/openbgpd_status.php
index 3db2781a..6b27b4de 100644
--- a/config/openbgpd/openbgpd_status.php
+++ b/config/openbgpd/openbgpd_status.php
@@ -60,8 +60,13 @@ function doCmdT($title, $command) {
fclose($fd);
} else {
$fd = popen("{$command} 2>&1", "r");
+ $ct = 0;
while (($line = fgets($fd)) !== FALSE) {
echo htmlspecialchars($line, ENT_NOQUOTES);
+ if ($ct++ > 1000) {
+ ob_flush();
+ $ct = 0;
+ }
}
pclose($fd);
}