aboutsummaryrefslogtreecommitdiffstats
path: root/config/openbgpd
diff options
context:
space:
mode:
Diffstat (limited to 'config/openbgpd')
-rw-r--r--config/openbgpd/openbgpd.inc163
1 files changed, 102 insertions, 61 deletions
diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc
index 3f9d5ab0..573745be 100644
--- a/config/openbgpd/openbgpd.inc
+++ b/config/openbgpd/openbgpd.inc
@@ -28,57 +28,79 @@
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
+require_once("config.inc");
+require_once("functions.inc");
+require_once("service-utils.inc");
+
+define('PKG_BGPD_CONFIG_BASE', '/var/etc/openbgpd');
+
+define('PKG_BGPD_LOGIN', "_bgpd");
+define('PKG_BGPD_UID', "130");
+define('PKG_BGPD_GROUP', "_bgpd");
+define('PKG_BGPD_GID', "130");
+define('PKG_BGPD_GECOS', "BGP Daemon");
+define('PKG_BGPD_HOMEDIR', "/var/empty");
+define('PKG_BGPD_SHELL', "/usr/sbin/nologin");
function openbgpd_install_conf() {
global $config, $g;
-
+ $pkg_login = PKG_BGPD_LOGIN;
+ $pkg_uid = PKG_BGPD_UID;
+ $pkg_group = PKG_BGPD_GROUP;
+ $pkg_gid = PKG_BGPD_GID;
+ $pkg_gecos = PKG_BGPD_GECOS;
+ $pkg_homedir = PKG_BGPD_HOMEDIR;
+ $pkg_shell = PKG_BGPD_SHELL;
+
conf_mount_rw();
-
+
+ // Since we need to embed this in a string, copy to a var. Can't embed constnats.
+ $bgpd_config_base = PKG_BGPD_CONFIG_BASE;
if ($config['installedpackages']['openbgpd']['rawconfig'] && $config['installedpackages']['openbgpd']['rawconfig']['item']) {
// if there is a raw config specified in the config.xml use that instead of the assisted config
$conffile = implode("\n",$config['installedpackages']['openbgpd']['rawconfig']['item']);
//$conffile = $config['installedpackages']['openbgpd']['rawconfig'];
} else {
// generate bgpd.conf based on the assistant
- if($config['installedpackages']['openbgpd']['config'])
+ if($config['installedpackages']['openbgpd']['config'])
$openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0];
if($config['installedpackages']['openbgpd']['config'][0]['row'])
- $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row'];
+ $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row'];
if($config['installedpackages']['openbgpdgroups']['config'])
$openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config'];
if($config['installedpackages']['openbgpdneighbors']['config'])
$openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config'];
-
- $conffile = "# This file was created by the pfSense package manager. Do not edit!\n\n";
+
+ $conffile = "# This file was created by the package manager. Do not edit!\n\n";
$setkeycf = "";
-
+
// Setup AS #
- if($openbgpd_conf['asnum'])
+ if($openbgpd_conf['asnum'])
$conffile .= "AS {$openbgpd_conf['asnum']}\n";
-
+
if($openbgpd_conf['fibupdate'])
$conffile .= "fib-update {$openbgpd_conf['fibupdate']}\n";
-
+
// Setup holdtime if defined. Default is 90.
- if($openbgpd_conf['holdtime'])
+ if($openbgpd_conf['holdtime'])
$conffile .= "holdtime {$openbgpd_conf['holdtime']}\n";
// Specify listen ip
- if($openbgpd_conf['listenip'])
+ if($openbgpd_conf['listenip'])
$conffile .= "listen on {$openbgpd_conf['listenip']}\n";
// Specify router id
- if($openbgpd_conf['routerid'])
+ if($openbgpd_conf['routerid'])
$conffile .= "router-id {$openbgpd_conf['routerid']}\n";
// Handle advertised networks
if($config['installedpackages']['openbgpd']['config'][0]['row'])
if(is_array($openbgpd_rows))
- foreach($openbgpd_rows as $row)
+ foreach($openbgpd_rows as $row)
$conffile .= "network {$row['networks']}\n";
-
+
// Attach neighbors to their respective group owner
- if(is_array($openbgpd_groups)) {
+ if(is_array($openbgpd_groups)) {
foreach($openbgpd_groups as $group) {
$conffile .= "group \"{$group['name']}\" {\n";
$conffile .= " remote-as {$group['remoteas']}\n";
@@ -98,16 +120,16 @@ function openbgpd_install_conf() {
}
foreach($neighbor['row'] as $row) {
$conffile .= " {$row['parameters']} {$row['parmvalue']} \n";
- }
+ }
$conffile .= "}\n";
}
}
}
$conffile .= "}\n";
}
- }
+ }
- // Handle neighbors that do not have a group assigned to them
+ // Handle neighbors that do not have a group assigned to them
if(is_array($openbgpd_neighbors)) {
foreach($openbgpd_neighbors as $neighbor) {
$used_this_item = false;
@@ -131,41 +153,56 @@ function openbgpd_install_conf() {
if($used_this_item)
$conffile .= "}\n";
}
- }
-
+ }
+
// OpenBGPD filters
$conffile .= "deny from any\n";
$conffile .= "deny to any\n";
if(is_array($openbgpd_neighbors)) {
foreach($openbgpd_neighbors as $neighbor) {
$conffile .= "allow from {$neighbor['neighbor']}\n";
- $conffile .= "allow to {$neighbor['neighbor']}\n";
+ $conffile .= "allow to {$neighbor['neighbor']}\n";
}
}
}
+ safe_mkdir($bgpd_config_base);
+ $fd = fopen("{$bgpd_config_base}/bgpd.conf", "w");
- $fd = fopen("/usr/local/etc/bgpd.conf", "w");
-
// Write out the configuration file
fwrite($fd, $conffile);
-
+
// Close file handle
fclose($fd);
-
+
// Create rc.d file
- $fd = fopen("/usr/local/etc/rc.d/bgpd.sh","w");
- fwrite($fd, "#!/bin/sh\n\n");
- fwrite($fd, "# This file was created by the pfSense package manager. Do not edit!\n\n");
- fwrite($fd, "NUMBGPD=`ps auxw | grep bgpd | grep parent | grep -v grep | wc -l | awk '{print \$1}'`\n");
- fwrite($fd, "# echo \$NUMBGPD\n");
- fwrite($fd, "if [ \$NUMBGPD -lt 1 ] ; then\n");
- fwrite($fd, " /usr/local/sbin/bgpd -f /usr/local/etc/bgpd.conf\n");
- fwrite($fd, "fi\n");
- fclose($fd);
- exec("chmod a+rx /usr/local/etc/rc.d/bgpd.sh");
- exec("chmod a-rw /usr/local/etc/bgpd.conf");
- exec("chmod u+rw /usr/local/etc/bgpd.conf");
-
+ $rc_file_stop = <<<EOF
+killall -9 bgpd
+EOF;
+ $rc_file_start = <<<EOF
+
+if [ `pw groupshow {$pkg_group} 2>&1 | grep -c "pw: unknown group"` -gt 0 ]; then
+ /usr/sbin/pw groupadd {$pkg_group} -g {$pkg_gid}
+fi
+if [ `pw usershow {$pkg_login} 2>&1 | grep -c "pw: no such user"` -gt 0 ]; then
+ /usr/sbin/pw useradd {$pkg_login} -u {$pkg_uid} -g {$pkg_gid} -c "{$pkg_gecos}" -d {$pkg_homedir} -s {$pkg_shell}
+fi
+
+/bin/mkdir -p {$bgpd_config_base}
+chmod u+rw,go-rw {$bgpd_config_base}/bgpd.conf
+/usr/sbin/chown -R root:wheel {$bgpd_config_base}
+
+NUMBGPD=`ps auxw | grep -c '[b]gpd.*parent'`
+if [ \${NUMBGPD} -lt 1 ] ; then
+ /usr/local/sbin/bgpd -f {$bgpd_config_base}/bgpd.conf
+fi
+EOF;
+ write_rcfile(array(
+ "file" => "bgpd.sh",
+ "start" => $rc_file_start,
+ "stop" => $rc_file_stop
+ )
+ );
+
// TCP-MD5 support on freebsd. See tcp(5) for more
$fd = fopen("{$g['tmp_path']}/bgpdsetkey.conf", "w");
fwrite($fd, $setkeycf );
@@ -178,13 +215,17 @@ function openbgpd_install_conf() {
} else {
exec("bgpd");
}
-
+
conf_mount_ro();
}
// get the raw openbgpd confi file for manual inspection/editing
function openbgpd_get_raw_config() {
- return file_get_contents("/usr/local/etc/bgpd.conf");
+ $conf = PKG_BGPD_CONFIG_BASE . "/bgpd.conf";
+ if (file_exists($conf))
+ return file_get_contents($conf);
+ else
+ return "";
}
// serialize the raw openbgpd config file to config.xml
@@ -225,19 +266,19 @@ function deinstall_openbgpd() {
function check_group_usage($groupname) {
global $config, $g;
- if($config['installedpackages']['openbgpd']['config'])
+ if($config['installedpackages']['openbgpd']['config'])
$openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0];
if($config['installedpackages']['openbgpd']['config'][0]['row'])
- $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row'];
+ $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row'];
if($config['installedpackages']['openbgpdgroups']['config'])
$openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config'];
if($config['installedpackages']['openbgpdneighbors']['config'])
$openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config'];
- if(is_array($openbgpd_groups)) {
+ if(is_array($openbgpd_groups)) {
foreach($openbgpd_groups as $group) {
foreach($openbgpd_neighbors as $neighbor) {
- if($neighbor['groupname'] == $group['name'])
+ if($neighbor['groupname'] == $group['name'])
return $neighbor['groupname'];
}
}
@@ -251,16 +292,16 @@ function bgpd_validate_input() {
if (!empty($_POST['asnum']) && !is_numeric($_POST['asnum']))
$input_errors[] = "AS must be entered as a number only.";
-
+
if (!empty($_POST['routerid']) && !is_ipaddr($_POST['routerid']))
$input_errors[] = "Router ID must be an IP address.";
-
+
if (!empty($_POST['holdtime']) && !is_numeric($_POST['holdtime']))
$input_errors[] = "Holdtime must be entered as a number.";
-
+
if (!empty($_POST['listenip']) && !is_ipaddr($_POST['listenip']))
$input_errors[] = "Listen IP must be an IP address or blank to bind to all IPs.";
-
+
}
function bgpd_validate_group() {
@@ -268,12 +309,12 @@ function bgpd_validate_group() {
if (!is_numeric($_POST['remoteas']))
$input_errors[] = "Remote AS must be entered as a number only.";
-
+
if ($_POST['name'] == "")
$input_errors[] = "You must enter a name.";
-
+
$_POST['name'] = remove_bad_chars($_POST['name']);
-
+
}
function remove_bad_chars($string) {
@@ -293,7 +334,7 @@ function grey_out_value_boxes() {
var last_two = fieldvalue.substring(length);
var without_last_two = fieldvalue.substring(0,length);
if( \$('parmvalue' + x) ) {
- if(last_two != ' X') {
+ if(last_two != ' X') {
\$('parmvalue' + x).value = '';
\$('parmvalue' + x).disabled = true;
} else {
@@ -303,21 +344,21 @@ function grey_out_value_boxes() {
}
}
var timerID = setTimeout("grey_out_value_boxes()", 1200);
-
- }
+
+ }
grey_out_value_boxes();
- </script>
+ </script>
+
-
EOF;
-
+
}
function is_openbgpd_running() {
- $status = `ps awux | grep bgpd | grep "parent" | grep -v grep | wc -l | awk '{ print \$1 }'`;
- if(intval($status) > 0)
+ $status = `ps auxw | grep -c '[b]gpd.*parent'`;
+ if(intval($status) > 0)
return true;
- else
+ else
return false;
}