diff options
Diffstat (limited to 'config/openbgpd')
-rw-r--r-- | config/openbgpd/openbgpd.inc | 163 |
1 files changed, 102 insertions, 61 deletions
diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc index 3f9d5ab0..573745be 100644 --- a/config/openbgpd/openbgpd.inc +++ b/config/openbgpd/openbgpd.inc @@ -28,57 +28,79 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +require_once("config.inc"); +require_once("functions.inc"); +require_once("service-utils.inc"); + +define('PKG_BGPD_CONFIG_BASE', '/var/etc/openbgpd'); + +define('PKG_BGPD_LOGIN', "_bgpd"); +define('PKG_BGPD_UID', "130"); +define('PKG_BGPD_GROUP', "_bgpd"); +define('PKG_BGPD_GID', "130"); +define('PKG_BGPD_GECOS', "BGP Daemon"); +define('PKG_BGPD_HOMEDIR', "/var/empty"); +define('PKG_BGPD_SHELL', "/usr/sbin/nologin"); function openbgpd_install_conf() { global $config, $g; - + $pkg_login = PKG_BGPD_LOGIN; + $pkg_uid = PKG_BGPD_UID; + $pkg_group = PKG_BGPD_GROUP; + $pkg_gid = PKG_BGPD_GID; + $pkg_gecos = PKG_BGPD_GECOS; + $pkg_homedir = PKG_BGPD_HOMEDIR; + $pkg_shell = PKG_BGPD_SHELL; + conf_mount_rw(); - + + // Since we need to embed this in a string, copy to a var. Can't embed constnats. + $bgpd_config_base = PKG_BGPD_CONFIG_BASE; if ($config['installedpackages']['openbgpd']['rawconfig'] && $config['installedpackages']['openbgpd']['rawconfig']['item']) { // if there is a raw config specified in the config.xml use that instead of the assisted config $conffile = implode("\n",$config['installedpackages']['openbgpd']['rawconfig']['item']); //$conffile = $config['installedpackages']['openbgpd']['rawconfig']; } else { // generate bgpd.conf based on the assistant - if($config['installedpackages']['openbgpd']['config']) + if($config['installedpackages']['openbgpd']['config']) $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; if($config['installedpackages']['openbgpd']['config'][0]['row']) - $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; + $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; if($config['installedpackages']['openbgpdgroups']['config']) $openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config']; if($config['installedpackages']['openbgpdneighbors']['config']) $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config']; - - $conffile = "# This file was created by the pfSense package manager. Do not edit!\n\n"; + + $conffile = "# This file was created by the package manager. Do not edit!\n\n"; $setkeycf = ""; - + // Setup AS # - if($openbgpd_conf['asnum']) + if($openbgpd_conf['asnum']) $conffile .= "AS {$openbgpd_conf['asnum']}\n"; - + if($openbgpd_conf['fibupdate']) $conffile .= "fib-update {$openbgpd_conf['fibupdate']}\n"; - + // Setup holdtime if defined. Default is 90. - if($openbgpd_conf['holdtime']) + if($openbgpd_conf['holdtime']) $conffile .= "holdtime {$openbgpd_conf['holdtime']}\n"; // Specify listen ip - if($openbgpd_conf['listenip']) + if($openbgpd_conf['listenip']) $conffile .= "listen on {$openbgpd_conf['listenip']}\n"; // Specify router id - if($openbgpd_conf['routerid']) + if($openbgpd_conf['routerid']) $conffile .= "router-id {$openbgpd_conf['routerid']}\n"; // Handle advertised networks if($config['installedpackages']['openbgpd']['config'][0]['row']) if(is_array($openbgpd_rows)) - foreach($openbgpd_rows as $row) + foreach($openbgpd_rows as $row) $conffile .= "network {$row['networks']}\n"; - + // Attach neighbors to their respective group owner - if(is_array($openbgpd_groups)) { + if(is_array($openbgpd_groups)) { foreach($openbgpd_groups as $group) { $conffile .= "group \"{$group['name']}\" {\n"; $conffile .= " remote-as {$group['remoteas']}\n"; @@ -98,16 +120,16 @@ function openbgpd_install_conf() { } foreach($neighbor['row'] as $row) { $conffile .= " {$row['parameters']} {$row['parmvalue']} \n"; - } + } $conffile .= "}\n"; } } } $conffile .= "}\n"; } - } + } - // Handle neighbors that do not have a group assigned to them + // Handle neighbors that do not have a group assigned to them if(is_array($openbgpd_neighbors)) { foreach($openbgpd_neighbors as $neighbor) { $used_this_item = false; @@ -131,41 +153,56 @@ function openbgpd_install_conf() { if($used_this_item) $conffile .= "}\n"; } - } - + } + // OpenBGPD filters $conffile .= "deny from any\n"; $conffile .= "deny to any\n"; if(is_array($openbgpd_neighbors)) { foreach($openbgpd_neighbors as $neighbor) { $conffile .= "allow from {$neighbor['neighbor']}\n"; - $conffile .= "allow to {$neighbor['neighbor']}\n"; + $conffile .= "allow to {$neighbor['neighbor']}\n"; } } } + safe_mkdir($bgpd_config_base); + $fd = fopen("{$bgpd_config_base}/bgpd.conf", "w"); - $fd = fopen("/usr/local/etc/bgpd.conf", "w"); - // Write out the configuration file fwrite($fd, $conffile); - + // Close file handle fclose($fd); - + // Create rc.d file - $fd = fopen("/usr/local/etc/rc.d/bgpd.sh","w"); - fwrite($fd, "#!/bin/sh\n\n"); - fwrite($fd, "# This file was created by the pfSense package manager. Do not edit!\n\n"); - fwrite($fd, "NUMBGPD=`ps auxw | grep bgpd | grep parent | grep -v grep | wc -l | awk '{print \$1}'`\n"); - fwrite($fd, "# echo \$NUMBGPD\n"); - fwrite($fd, "if [ \$NUMBGPD -lt 1 ] ; then\n"); - fwrite($fd, " /usr/local/sbin/bgpd -f /usr/local/etc/bgpd.conf\n"); - fwrite($fd, "fi\n"); - fclose($fd); - exec("chmod a+rx /usr/local/etc/rc.d/bgpd.sh"); - exec("chmod a-rw /usr/local/etc/bgpd.conf"); - exec("chmod u+rw /usr/local/etc/bgpd.conf"); - + $rc_file_stop = <<<EOF +killall -9 bgpd +EOF; + $rc_file_start = <<<EOF + +if [ `pw groupshow {$pkg_group} 2>&1 | grep -c "pw: unknown group"` -gt 0 ]; then + /usr/sbin/pw groupadd {$pkg_group} -g {$pkg_gid} +fi +if [ `pw usershow {$pkg_login} 2>&1 | grep -c "pw: no such user"` -gt 0 ]; then + /usr/sbin/pw useradd {$pkg_login} -u {$pkg_uid} -g {$pkg_gid} -c "{$pkg_gecos}" -d {$pkg_homedir} -s {$pkg_shell} +fi + +/bin/mkdir -p {$bgpd_config_base} +chmod u+rw,go-rw {$bgpd_config_base}/bgpd.conf +/usr/sbin/chown -R root:wheel {$bgpd_config_base} + +NUMBGPD=`ps auxw | grep -c '[b]gpd.*parent'` +if [ \${NUMBGPD} -lt 1 ] ; then + /usr/local/sbin/bgpd -f {$bgpd_config_base}/bgpd.conf +fi +EOF; + write_rcfile(array( + "file" => "bgpd.sh", + "start" => $rc_file_start, + "stop" => $rc_file_stop + ) + ); + // TCP-MD5 support on freebsd. See tcp(5) for more $fd = fopen("{$g['tmp_path']}/bgpdsetkey.conf", "w"); fwrite($fd, $setkeycf ); @@ -178,13 +215,17 @@ function openbgpd_install_conf() { } else { exec("bgpd"); } - + conf_mount_ro(); } // get the raw openbgpd confi file for manual inspection/editing function openbgpd_get_raw_config() { - return file_get_contents("/usr/local/etc/bgpd.conf"); + $conf = PKG_BGPD_CONFIG_BASE . "/bgpd.conf"; + if (file_exists($conf)) + return file_get_contents($conf); + else + return ""; } // serialize the raw openbgpd config file to config.xml @@ -225,19 +266,19 @@ function deinstall_openbgpd() { function check_group_usage($groupname) { global $config, $g; - if($config['installedpackages']['openbgpd']['config']) + if($config['installedpackages']['openbgpd']['config']) $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; if($config['installedpackages']['openbgpd']['config'][0]['row']) - $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; + $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; if($config['installedpackages']['openbgpdgroups']['config']) $openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config']; if($config['installedpackages']['openbgpdneighbors']['config']) $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config']; - if(is_array($openbgpd_groups)) { + if(is_array($openbgpd_groups)) { foreach($openbgpd_groups as $group) { foreach($openbgpd_neighbors as $neighbor) { - if($neighbor['groupname'] == $group['name']) + if($neighbor['groupname'] == $group['name']) return $neighbor['groupname']; } } @@ -251,16 +292,16 @@ function bgpd_validate_input() { if (!empty($_POST['asnum']) && !is_numeric($_POST['asnum'])) $input_errors[] = "AS must be entered as a number only."; - + if (!empty($_POST['routerid']) && !is_ipaddr($_POST['routerid'])) $input_errors[] = "Router ID must be an IP address."; - + if (!empty($_POST['holdtime']) && !is_numeric($_POST['holdtime'])) $input_errors[] = "Holdtime must be entered as a number."; - + if (!empty($_POST['listenip']) && !is_ipaddr($_POST['listenip'])) $input_errors[] = "Listen IP must be an IP address or blank to bind to all IPs."; - + } function bgpd_validate_group() { @@ -268,12 +309,12 @@ function bgpd_validate_group() { if (!is_numeric($_POST['remoteas'])) $input_errors[] = "Remote AS must be entered as a number only."; - + if ($_POST['name'] == "") $input_errors[] = "You must enter a name."; - + $_POST['name'] = remove_bad_chars($_POST['name']); - + } function remove_bad_chars($string) { @@ -293,7 +334,7 @@ function grey_out_value_boxes() { var last_two = fieldvalue.substring(length); var without_last_two = fieldvalue.substring(0,length); if( \$('parmvalue' + x) ) { - if(last_two != ' X') { + if(last_two != ' X') { \$('parmvalue' + x).value = ''; \$('parmvalue' + x).disabled = true; } else { @@ -303,21 +344,21 @@ function grey_out_value_boxes() { } } var timerID = setTimeout("grey_out_value_boxes()", 1200); - - } + + } grey_out_value_boxes(); - </script> + </script> + - EOF; - + } function is_openbgpd_running() { - $status = `ps awux | grep bgpd | grep "parent" | grep -v grep | wc -l | awk '{ print \$1 }'`; - if(intval($status) > 0) + $status = `ps auxw | grep -c '[b]gpd.*parent'`; + if(intval($status) > 0) return true; - else + else return false; } |