aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/freeradius2/freeradius.inc2
-rw-r--r--config/freeradius2/freeradius.xml2
-rw-r--r--config/haproxy-devel/haproxy.inc2
-rw-r--r--config/haproxy-devel/haproxy_pool_edit.php2
-rw-r--r--config/quagga_ospfd/quagga_ospfd.inc17
-rw-r--r--config/quagga_ospfd/quagga_ospfd.xml2
-rw-r--r--config/unbound/unbound.inc44
-rw-r--r--config/unbound/unbound_acls.php3
-rw-r--r--config/unbound/unbound_advanced.xml3
9 files changed, 43 insertions, 34 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index b2df3d0b..bf48dd06 100644
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -4003,7 +4003,7 @@ USERNAME=`echo -n "\$1" | sed 's/[^0-9a-zA-Z._-]/X/g' `
PASSWD=`echo -n "\$2" | sed 's/[^0-9a-f]/0/g' `
SECRET=`echo -n "\$3" | sed 's/[^0-9a-f]/0/g' `
PIN=`echo -n "\$4" | sed 's/[^0-9]/0/g' `
-OFFSET=`echo -n "\$5" | sed 's/[^0-9]/0/g' `
+OFFSET=`echo -n "\$5" | sed 's/[^0-9-]/0/g' `
EPOCHTIME=`date +%s` ; EPOCHTIME=`chop \$EPOCHTIME`
# delete old logins
diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml
index c9381c81..8e3105ef 100644
--- a/config/freeradius2/freeradius.xml
+++ b/config/freeradius2/freeradius.xml
@@ -275,7 +275,7 @@
1. Write down the first 9 digits of the Epoch-Time on the client.<br>
2. Check with <b>date +%s</b> the Epoch-Time on your FreeRADIUS server and write down the first 9 digits.<br>
- 3. Subtract both values, multiply the result with 10 and enter the value in this field. (Default: 0)]]></description>
+ 3. Subtract both values, multiply the result with 10 and enter the value in this field. Example: 30 or -180 (Default: 0)]]></description>
<type>input</type>
<default_value>0</default_value>
</field>
diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc
index 66bcf81f..b5ca35cd 100644
--- a/config/haproxy-devel/haproxy.inc
+++ b/config/haproxy-devel/haproxy.inc
@@ -934,6 +934,8 @@ function haproxy_check_run($reload) {
if(use_transparent_clientip_proxying())
load_ipfw_rules();
+ else
+ mwexec("/usr/local/sbin/ipfw_context -d haproxy", true);
if(isset($a_global['enable'])) {
if (isset($a_global['carpdev'])) {
diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php
index 4b93632f..a7a56b1c 100644
--- a/config/haproxy-devel/haproxy_pool_edit.php
+++ b/config/haproxy-devel/haproxy_pool_edit.php
@@ -491,7 +491,7 @@ foreach($simplefields as $field){
</table>
</td>
</tr>
- <tr align="left" style="display:none;">
+ <tr align="left">
<td width="22%" valign="top" class="vncell">Transparent ClientIP</td>
<td width="78%" class="vtable" colspan="2">
<input id="transparent_clientip" name="transparent_clientip" type="checkbox" value="yes" <?php if ($pconfig['transparent_clientip']=='yes') echo "checked"; ?> onclick='updatevisibility();'>
diff --git a/config/quagga_ospfd/quagga_ospfd.inc b/config/quagga_ospfd/quagga_ospfd.inc
index 46037bd9..aabd27a8 100644
--- a/config/quagga_ospfd/quagga_ospfd.inc
+++ b/config/quagga_ospfd/quagga_ospfd.inc
@@ -243,6 +243,20 @@ function quagga_ospfd_install_conf() {
fwrite($fd, $zebraconffile);
fclose($fd);
+ $carp_ip_status_check = "";
+ if (is_ipaddr($ospfd_conf['carpstatusip'])) {
+ $carpcheckinterface = trim(find_carp_interface($ospfd_conf['carpstatusip']));
+ $carp_ip_status_check = <<<EOF
+
+CARP_STATUS=`/sbin/ifconfig {$carpcheckinterface} | /usr/bin/grep carp: | /usr/bin/awk '{print \$2;}'`
+if [ \${CARP_STATUS} != "MASTER" ]; then
+ exit;
+fi
+
+EOF;
+ }
+
+
// Create rc.d file
$rc_file_stop = <<<EOF
if [ -e /var/run/quagga/zebra.pid ]; then
@@ -274,6 +288,7 @@ fi
killall -9 zebra 2>/dev/null
killall -9 ospfd 2>/dev/null
sleep 1
+{$carp_ip_status_check}
/usr/local/sbin/zebra -d -f {$quagga_config_base}/zebra.conf
/usr/local/sbin/ospfd -d -f {$quagga_config_base}/ospfd.conf
EOF;
@@ -363,7 +378,7 @@ function quagga_ospfd_put_raw_config($conffile) {
}
function quagga_get_carp_status_by_ip($ipaddr) {
- $iface = find_carp_interface($ipaddr);
+ $iface = trim(find_carp_interface($ipaddr));
if ($iface) {
$status = get_carp_interface_status($iface);
// If there is no status for that interface, return null.
diff --git a/config/quagga_ospfd/quagga_ospfd.xml b/config/quagga_ospfd/quagga_ospfd.xml
index c48d0f47..a03f9e3c 100644
--- a/config/quagga_ospfd/quagga_ospfd.xml
+++ b/config/quagga_ospfd/quagga_ospfd.xml
@@ -1,6 +1,6 @@
<packagegui>
<name>quagga_ospfd</name>
- <version>0.5.3</version>
+ <version>0.5.4</version>
<title>Services: Quagga OSPFd</title>
<include_file>/usr/local/pkg/quagga_ospfd.inc</include_file>
<aftersaveredirect>pkg_edit.php?xml=quagga_ospfd.xml&amp;id=0</aftersaveredirect>
diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc
index 2dd33bcd..f1d68eb7 100644
--- a/config/unbound/unbound.inc
+++ b/config/unbound/unbound.inc
@@ -275,12 +275,14 @@ function unbound_get_network_interface_addresses() {
log_error("Unbound DNS: There was a problem setting up the Virtual IP for the interface ".link_ip_to_carp_interface($vip['subnet']));
} else {
$unbound_interfaces[$i]['virtual']['ipaddr'] = $virtual_ip;
+ $unbound_interfaces[$i]['virtual']['subnet'] = $vip['subnet_bits'];
+ $unbound_interfaces[$i]['virtual']['network'] = $virtual_ip;
}
}
}
}
}
- } else if(isset($interfaces[$unboundif]['ipaddr'])) {
+ } else if (isset($interfaces[$unboundif]['ipaddr'])) {
/* Find the interface IP address for
* XXX - this only works for IPv4 currently - the pfSense module needs IPv6 love
*/
@@ -378,7 +380,7 @@ function unbound_acls_config() {
global $config;
/* Configure the ACLs */
- if(is_array($config['installedpackages']['unboundacls']['config'])) {
+ if (is_array($config['installedpackages']['unboundacls']['config'])) {
$unbound_acls = $config['installedpackages']['unboundacls']['config'];
$unboundcfg = "";
foreach($unbound_acls as $unbound_acl){
@@ -409,9 +411,9 @@ function unbound_resync_config() {
$unbound_allowed_networks = "";
$unboundnetcfg = unbound_get_network_interface_addresses();
foreach($unboundnetcfg as $netent) {
- foreach($netent as $entry) {
+ foreach($netent as $nettype => $entry) {
$unbound_bind_interfaces .="interface: {$entry['ipaddr']}\n";
- if($entry['ipaddr'] != "127.0.0.1" && $entry['ipaddr'] != "::1")
+ if($entry['ipaddr'] != "127.0.0.1" && $entry['ipaddr'] != "::1" && $nettype != "virtual")
$unbound_allowed_networks .= "access-control: {$entry['network']}/{$entry['subnet']} allow\n";
}
}
@@ -485,7 +487,7 @@ EOF;
$outgoing_num_tcp = (!empty($unbound_config['outgoing_num_tcp'])) ? $unbound_config['outgoing_num_tcp'] : "10";
$incoming_num_tcp = (!empty($unbound_config['incoming_num_tcp'])) ? $unbound_config['incoming_num_tcp'] : "10";
$edns_buffer_size = (!empty($unbound_config['edns_buffer_size'])) ? $unbound_config['edns_buffer_size'] : "4096";
- $num_queries_per_thread = (!empty($unbound_config['num_queries_per_thread'])) ? $unbound_config['num_queries_per_thread'] : "1024";
+ $num_queries_per_thread = (!empty($unbound_config['num_queries_per_thread'])) ? $unbound_config['num_queries_per_thread'] : "4096";
$jostle_timeout = (!empty($unbound_config['jostle_timeout'])) ? $unbound_config['jostle_timeout'] : "200";
$cache_max_ttl = (!empty($unbound_config['cache_max_ttl'])) ? $unbound_config['cache_max_ttl'] : "86400";
$cache_min_ttl = (!empty($unbound_config['cache_min_ttl'])) ? $unbound_config['cache_min_ttl'] : "0";
@@ -543,7 +545,7 @@ harden-dnssec-stripped: {$harden_dnssec_stripped}
{$optimization['key_cache_slabs']}
{$optimization['msg_cache_size']}
{$optimization['rrset_cache_size']}
-{$optimization['outgoing_range']}
+outgoing-range: 8192
{$optimization['so_rcvbuf']}
# Interface IP(s) to bind to
@@ -619,23 +621,19 @@ function unbound_optimization() {
// Set the number of threads equal to number of CPUs.
// Use 1 (disable threading) if for some reason this sysctl fails.
$numprocs = intval(trim(`/sbin/sysctl kern.smp.cpus | /usr/bin/cut -d" " -f2`));
- if($numprocs > 0)
+ if($numprocs > 1) {
$optimization['number_threads'] = "num-threads: {$numprocs}";
- else
+ $optimize_num = pow(2,floor(log($numprocs,2)));
+ } else {
$optimization['number_threads'] = "num-threads: 1";
+ $optimize_num = 4;
+ }
// Slabs to help reduce lock contention.
- if ($numprocs > 4) {
- $optimization['msg_cache_slabs'] = "msg-cache-slabs: {$numprocs}";
- $optimization['rrset_cache_slabs'] = "rrset-cache-slabs: {$numprocs}";
- $optimization['infra_cache_slabs'] = "infra-cache-slabs: {$numprocs}";
- $optimization['key_cache_slabs'] = "key-cache-slabs: {$numprocs}";
- } else {
- $optimization['msg_cache_slabs'] = "msg-cache-slabs: 4";
- $optimization['rrset_cache_slabs'] = "rrset-cache-slabs: 4";
- $optimization['infra_cache_slabs'] = "infra-cache-slabs: 4";
- $optimization['key_cache_slabs'] = "key-cache-slabs: 4";
- }
+ $optimization['msg_cache_slabs'] = "msg-cache-slabs: {$optimize_num}";
+ $optimization['rrset_cache_slabs'] = "rrset-cache-slabs: {$optimize_num}";
+ $optimization['infra_cache_slabs'] = "infra-cache-slabs: {$optimize_num}";
+ $optimization['key_cache_slabs'] = "key-cache-slabs: {$optimize_num}";
// Memory usage - default is 4Mb if nothing has been selected
if(isset($unbound_config['msg_cache_size'])) {
@@ -647,14 +645,6 @@ function unbound_optimization() {
$optimization['rrset_cache_size'] = "rrset-cache-size: 8m";
}
- // More outgoing connections per thread otherwise assign a default of 4096 for a single thread
- if($numprocs > 0) {
- $or = (1024/$numprocs) - 50;
- $optimization['outgoing_range'] = "outgoing-range: {$or}";
- } else {
- $optimization['outgoing_range'] = "outgoing-range: {4096}";
- }
-
// Larger socket buffer for busy servers
// Check that it is set to 4MB (by default the OS has it configured to 4MB)
foreach ($config['sysctl']['item'] as $tunable) {
diff --git a/config/unbound/unbound_acls.php b/config/unbound/unbound_acls.php
index 721d3adb..59738aab 100644
--- a/config/unbound/unbound_acls.php
+++ b/config/unbound/unbound_acls.php
@@ -139,7 +139,8 @@ include("head.inc");
<script type="text/javascript">
function mask_field(fieldname, fieldsize, n) {
return '<select name="' + fieldname + n + '" class="formselect" id="' + fieldname + n + '"><?php
- for ($i = 128; $i >= 0; $i--) {
+ $start = 24; if (function_exists("is_ipaddrv6")) $start = "128";
+ for ($i = $start; $i >= 0; $i--) {
echo "<option value=\"$i\">$i</option>";
}
?></select>';
diff --git a/config/unbound/unbound_advanced.xml b/config/unbound/unbound_advanced.xml
index 7603d0aa..2da5b505 100644
--- a/config/unbound/unbound_advanced.xml
+++ b/config/unbound/unbound_advanced.xml
@@ -219,11 +219,12 @@
<fieldname>num_queries_per_thread</fieldname>
<description>The number of queries that every thread will service simultaneously. If more queries arrive that need to be serviced, and no queries can be jostled, then these queries are dropped.</description>
<type>select</type>
- <default_value>1024</default_value>
+ <default_value>4096</default_value>
<options>
<option><name>512</name><value>512</value></option>
<option><name>1024</name><value>1024</value></option>
<option><name>2048</name><value>2048</value></option>
+ <option><name>4096</name><value>4096</value></option>
</options>
<advancedfield/>
</field>