diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/openbgpd/openbgpd.inc | 229 |
1 files changed, 127 insertions, 102 deletions
diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc index 102c937d..93364be9 100644 --- a/config/openbgpd/openbgpd.inc +++ b/config/openbgpd/openbgpd.inc @@ -1,8 +1,9 @@ <?php /* openbgpd.inc + part of pfSense (https://www.pfSense.org/) Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com) - part of pfSense + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -32,100 +33,113 @@ require_once("service-utils.inc"); define('PKG_BGPD_CONFIG_BASE', '/var/etc/openbgpd'); -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version == "2.1" || $pf_version == "2.2") +$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); +if ($pf_version == "2.1" || $pf_version == "2.2") { define('PKG_BGPD_BIN', '/usr/pbi/openbgpd-' . php_uname("m") . '/sbin'); -else +} else { define('PKG_BGPD_BIN','/usr/local/sbin'); +} -define('PKG_BGPD_LOGIN', "_bgpd"); -define('PKG_BGPD_UID', "130"); -define('PKG_BGPD_GROUP', "_bgpd"); -define('PKG_BGPD_GID', "130"); -define('PKG_BGPD_GECOS', "BGP Daemon"); -define('PKG_BGPD_HOMEDIR', "/var/empty"); -define('PKG_BGPD_SHELL', "/usr/sbin/nologin"); +define('PKG_BGPD_LOGIN', "_bgpd"); +define('PKG_BGPD_UID', "130"); +define('PKG_BGPD_GROUP', "_bgpd"); +define('PKG_BGPD_GID', "130"); +define('PKG_BGPD_GECOS', "BGP Daemon"); +define('PKG_BGPD_HOMEDIR', "/var/empty"); +define('PKG_BGPD_SHELL', "/usr/sbin/nologin"); function openbgpd_install_conf() { global $config, $g; - $pkg_login = PKG_BGPD_LOGIN; - $pkg_uid = PKG_BGPD_UID; - $pkg_group = PKG_BGPD_GROUP; - $pkg_gid = PKG_BGPD_GID; - $pkg_gecos = PKG_BGPD_GECOS; - $pkg_homedir = PKG_BGPD_HOMEDIR; - $pkg_shell = PKG_BGPD_SHELL; - $pkg_bin = PKG_BGPD_BIN; + $pkg_login = PKG_BGPD_LOGIN; + $pkg_uid = PKG_BGPD_UID; + $pkg_group = PKG_BGPD_GROUP; + $pkg_gid = PKG_BGPD_GID; + $pkg_gecos = PKG_BGPD_GECOS; + $pkg_homedir = PKG_BGPD_HOMEDIR; + $pkg_shell = PKG_BGPD_SHELL; + $pkg_bin = PKG_BGPD_BIN; conf_mount_rw(); - // Since we need to embed this in a string, copy to a var. Can't embed constnats. + // Since we need to embed this in a string, copy to a var. Can't embed constants. $bgpd_config_base = PKG_BGPD_CONFIG_BASE; if ($config['installedpackages']['openbgpd']['rawconfig'] && $config['installedpackages']['openbgpd']['rawconfig']['item']) { - // if there is a raw config specified in the config.xml use that instead of the assisted config - $conffile = implode("\n",$config['installedpackages']['openbgpd']['rawconfig']['item']); + // If there is a raw config specified in the config.xml, use that instead of the assisted config + $conffile = implode("\n", $config['installedpackages']['openbgpd']['rawconfig']['item']); //$conffile = $config['installedpackages']['openbgpd']['rawconfig']; } else { - // generate bgpd.conf based on the assistant - if($config['installedpackages']['openbgpd']['config']) + // Generate bgpd.conf based on the assistant + if ($config['installedpackages']['openbgpd']['config']) { $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; - if($config['installedpackages']['openbgpd']['config'][0]['row']) + } + if ($config['installedpackages']['openbgpd']['config'][0]['row']) { $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; - if($config['installedpackages']['openbgpdgroups']['config']) + } + if ($config['installedpackages']['openbgpdgroups']['config']) { $openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config']; - if($config['installedpackages']['openbgpdneighbors']['config']) + } + if ($config['installedpackages']['openbgpdneighbors']['config']) { $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config']; + } - $conffile = "# This file was created by the package manager. Do not edit!\n\n"; + $conffile = "# This file was created by the package manager. Do not edit!\n\n"; // Setup AS # - if($openbgpd_conf['asnum']) + if ($openbgpd_conf['asnum']) { $conffile .= "AS {$openbgpd_conf['asnum']}\n"; + } - if($openbgpd_conf['fibupdate']) + if ($openbgpd_conf['fibupdate']) { $conffile .= "fib-update {$openbgpd_conf['fibupdate']}\n"; + } - // Setup holdtime if defined. Default is 90. - if($openbgpd_conf['holdtime']) + // Setup holdtime if defined. Default is 90. + if ($openbgpd_conf['holdtime']) { $conffile .= "holdtime {$openbgpd_conf['holdtime']}\n"; + } - // Specify listen ip - if(!empty($openbgpd_conf['listenip'])) + // Specify listen IP + if (!empty($openbgpd_conf['listenip'])) { $conffile .= "listen on {$openbgpd_conf['listenip']}\n"; - else + } else { $conffile .= "listen on 0.0.0.0\n"; - + } + // Specify router id - if($openbgpd_conf['routerid']) + if ($openbgpd_conf['routerid']) { $conffile .= "router-id {$openbgpd_conf['routerid']}\n"; + } // Handle advertised networks - if($config['installedpackages']['openbgpd']['config'][0]['row']) - if(is_array($openbgpd_rows)) - foreach($openbgpd_rows as $row) + if ($config['installedpackages']['openbgpd']['config'][0]['row']) { + if (is_array($openbgpd_rows)) { + foreach ($openbgpd_rows as $row) { $conffile .= "network {$row['networks']}\n"; - + } + } + } // Attach neighbors to their respective group owner - if(is_array($openbgpd_groups)) { - foreach($openbgpd_groups as $group) { + if (is_array($openbgpd_groups)) { + foreach ($openbgpd_groups as $group) { $conffile .= "group \"{$group['name']}\" {\n"; $conffile .= " remote-as {$group['remoteas']}\n"; - if(is_array($openbgpd_neighbors)) { - foreach($openbgpd_neighbors as $neighbor) { - if($neighbor['groupname'] == $group['name']) { + if (is_array($openbgpd_neighbors)) { + foreach ($openbgpd_neighbors as $neighbor) { + if ($neighbor['groupname'] == $group['name']) { $conffile .= "\tneighbor {$neighbor['neighbor']} {\n"; $conffile .= "\t\tdescr \"{$neighbor['descr']}\"\n"; - if($neighbor['md5sigpass']) { + if ($neighbor['md5sigpass']) { $conffile .= "\t\ttcp md5sig password {$neighbor['md5sigpass']}\n"; } - if($neighbor['md5sigkey']) { + if ($neighbor['md5sigkey']) { $conffile .= "\t\ttcp md5sig key {$neighbor['md5sigkey']}\n"; } $setlocaladdr = true; if (is_array($neighbor['row'])) { - foreach($neighbor['row'] as $row) { - if ($row['parameters'] == "local-address") + foreach ($neighbor['row'] as $row) { + if ($row['parameters'] == "local-address") { $setlocaladdr = false; + } $conffile .= "\t\t{$row['parameters']} {$row['parmvalue']} \n"; } } @@ -136,7 +150,6 @@ function openbgpd_install_conf() { $conffile .= "\t\tlocal-address 0.0.0.0\n"; } } - $conffile .= "}\n"; } } @@ -146,12 +159,12 @@ function openbgpd_install_conf() { } // Handle neighbors that do not have a group assigned to them - if(is_array($openbgpd_neighbors)) { - foreach($openbgpd_neighbors as $neighbor) { - if($neighbor['groupname'] == "") { + if (is_array($openbgpd_neighbors)) { + foreach ($openbgpd_neighbors as $neighbor) { + if ($neighbor['groupname'] == "") { $conffile .= "neighbor {$neighbor['neighbor']} {\n"; $conffile .= "\tdescr \"{$neighbor['descr']}\"\n"; - if ($neighbor['md5sigpass']) { + if ($neighbor['md5sigpass']) { $conffile .= "\ttcp md5sig password {$neighbor['md5sigpass']}\n"; } if ($neighbor['md5sigkey']) { @@ -159,17 +172,18 @@ function openbgpd_install_conf() { } $setlocaladdr = true; if (is_array($neighbor['row'])) { - foreach($neighbor['row'] as $row) { - if ($row['parameters'] == "local-address") + foreach ($neighbor['row'] as $row) { + if ($row['parameters'] == "local-address") { $setlocaladdr = false; + } $conffile .= "\t{$row['parameters']} {$row['parmvalue']} \n"; } } - if ($setlocaladdr == true && !empty($openbgpd_conf['listenip'])) + if ($setlocaladdr == true && !empty($openbgpd_conf['listenip'])) { $conffile .= "\tlocal-address {$openbgpd_conf['listenip']}\n"; - else + } else { $conffile .= "\tlocal-address 0.0.0.0\n"; - + } $conffile .= "}\n"; } } @@ -178,8 +192,8 @@ function openbgpd_install_conf() { // OpenBGPD filters $conffile .= "deny from any\n"; $conffile .= "deny to any\n"; - if(is_array($openbgpd_neighbors)) { - foreach($openbgpd_neighbors as $neighbor) { + if (is_array($openbgpd_neighbors)) { + foreach ($openbgpd_neighbors as $neighbor) { $conffile .= "allow from {$neighbor['neighbor']}\n"; $conffile .= "allow to {$neighbor['neighbor']}\n"; } @@ -194,7 +208,7 @@ function openbgpd_install_conf() { $carp_ip_status_check = ""; if (is_ipaddr($openbgpd_conf['carpstatusip'])) { - $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); + $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); switch ($pfs_version) { case "2.0": case "2.1": @@ -233,22 +247,22 @@ EOF; // Create rc.d file $rc_file_stop = <<<EOF -killall -TERM bgpd +/usr/bin/killall -TERM bgpd EOF; $rc_file_start = <<<EOF -if [ `pw groupshow {$pkg_group} 2>&1 | grep -c "pw: unknown group"` -gt 0 ]; then +if [ `/usr/sbin/pw groupshow {$pkg_group} 2>&1 | /usr/bin/grep -c "pw: unknown group"` -gt 0 ]; then /usr/sbin/pw groupadd {$pkg_group} -g {$pkg_gid} fi -if [ `pw usershow {$pkg_login} 2>&1 | grep -c "pw: no such user"` -gt 0 ]; then +if [ `/usr/sbin/pw usershow {$pkg_login} 2>&1 | /usr/bin/grep -c "pw: no such user"` -gt 0 ]; then /usr/sbin/pw useradd {$pkg_login} -u {$pkg_uid} -g {$pkg_gid} -c "{$pkg_gecos}" -d {$pkg_homedir} -s {$pkg_shell} fi /bin/mkdir -p {$bgpd_config_base} /usr/sbin/chown -R root:wheel {$bgpd_config_base} -/bin/chmod 0600 {$bgpd_config_base}/bgpd.conf +/bin/chmod 0600 {$bgpd_config_base}/bgpd.conf -NUMBGPD=`ps auxw | grep -c '[b]gpd.*parent'` +NUMBGPD=`/bin/ps auxw | /usr/bin/grep -c '[b]gpd.*parent'` if [ \${NUMBGPD} -lt 1 ] ; then {$carp_ip_status_check} {$pkg_bin}/bgpd -f {$bgpd_config_base}/bgpd.conf @@ -259,13 +273,13 @@ EOF; write_rcfile(array( "file" => "bgpd.sh", "start" => $rc_file_start, - "stop" => $rc_file_stop + "stop" => $rc_file_stop ) ); unset($rc_file_start, $rc_file_stop); $_gb = exec("/sbin/sysctl net.inet.ip.ipsec_in_use=1"); - // bgpd process running? if so reload, else start. + // Is bgpd process running? If so, reload, else start. // Kick off newly created rc.d script if (is_ipaddr($openbgpd_conf['carpstatusip'])) { @@ -274,7 +288,7 @@ EOF; // Stop the service if the VIP is in BACKUP or INIT state. case "BACKUP": case "INIT": - exec("/usr/local/etc/rc.d/bgpd.sh stop"); + stop_service("bgpd"); break; // Start the service if the VIP is MASTER state. case "MASTER": @@ -291,30 +305,31 @@ EOF; } function openbgpd_restart() { - if(is_openbgpd_running() == true) { + if (is_openbgpd_running() == true) { exec("{$pkg_bin}/bgpctl reload"); } else { exec("{$pkg_bin}/bgpd -f {$bgpd_config_base}/bgpd.conf"); } } -// get the raw openbgpd confi file for manual inspection/editing +// Get the raw openbgpd config file for manual inspection/editing function openbgpd_get_raw_config() { $conf = PKG_BGPD_CONFIG_BASE . "/bgpd.conf"; - if (file_exists($conf)) + if (file_exists($conf)) { return file_get_contents($conf); - else + } else { return ""; + } } -// serialize the raw openbgpd config file to config.xml +// Serialize the raw openbgpd config file to config.xml function openbgpd_put_raw_config($conffile) { global $config; - if ($conffile == "") + if ($conffile == "") { unset($config['installedpackages']['openbgpd']['rawconfig']); - else { + } else { $config['installedpackages']['openbgpd']['rawconfig'] = array(); - $config['installedpackages']['openbgpd']['rawconfig']['item'] = explode("\n",$_POST['openbgpd_raw']); + $config['installedpackages']['openbgpd']['rawconfig']['item'] = explode("\n", $_POST['openbgpd_raw']); //$config['installedpackages']['openbgpd']['rawconfig'] = $conffile; } } @@ -322,20 +337,25 @@ function openbgpd_put_raw_config($conffile) { function check_group_usage($groupname) { global $config, $g; - if($config['installedpackages']['openbgpd']['config']) + if ($config['installedpackages']['openbgpd']['config']) { $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; - if($config['installedpackages']['openbgpd']['config'][0]['row']) + } + if ($config['installedpackages']['openbgpd']['config'][0]['row']) { $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; - if($config['installedpackages']['openbgpdgroups']['config']) + } + if ($config['installedpackages']['openbgpdgroups']['config']) { $openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config']; - if($config['installedpackages']['openbgpdneighbors']['config']) + } + if ($config['installedpackages']['openbgpdneighbors']['config']) { $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config']; + } - if(is_array($openbgpd_groups)) { - foreach($openbgpd_groups as $group) { - foreach($openbgpd_neighbors as $neighbor) { - if($neighbor['groupname'] == $group['name']) + if (is_array($openbgpd_groups)) { + foreach ($openbgpd_groups as $group) { + foreach ($openbgpd_neighbors as $neighbor) { + if ($neighbor['groupname'] == $group['name']) { return $neighbor['groupname']; + } } } } @@ -345,36 +365,39 @@ function check_group_usage($groupname) { function bgpd_validate_input() { global $config, $g, $input_errors; - - if (!empty($_POST['asnum']) && !is_numeric($_POST['asnum'])) + if (!empty($_POST['asnum']) && !is_numeric($_POST['asnum'])) { $input_errors[] = "AS must be entered as a number only."; + } - if (!empty($_POST['routerid']) && !is_ipaddr($_POST['routerid'])) + if (!empty($_POST['routerid']) && !is_ipaddr($_POST['routerid'])) { $input_errors[] = "Router ID must be an IP address."; + } - if (!empty($_POST['holdtime']) && !is_numeric($_POST['holdtime'])) + if (!empty($_POST['holdtime']) && !is_numeric($_POST['holdtime'])) { $input_errors[] = "Holdtime must be entered as a number."; + } - if (!empty($_POST['listenip']) && !is_ipaddr($_POST['listenip'])) + if (!empty($_POST['listenip']) && !is_ipaddr($_POST['listenip'])) { $input_errors[] = "Listen IP must be an IP address or blank to bind to all IPs."; - + } } function bgpd_validate_group() { global $config, $g, $id, $input_errors; - if (!is_numeric($_POST['remoteas'])) + if (!is_numeric($_POST['remoteas'])) { $input_errors[] = "Remote AS must be entered as a number only."; + } - if ($_POST['name'] == "") + if ($_POST['name'] == "") { $input_errors[] = "You must enter a name."; + } $_POST['name'] = remove_bad_chars($_POST['name']); - } function remove_bad_chars($string) { - return preg_replace('/[^a-z|_|0-9]/i','',$string); + return preg_replace('/[^a-z|_|0-9]/i','', $string); } function grey_out_value_boxes() { @@ -411,11 +434,12 @@ EOF; } function is_openbgpd_running() { - $status = `ps auxw | grep -c '[b]gpd.*parent'`; - if(intval($status) > 0) + $status = shell_exec("/bin/ps auxw | /usr/bin/grep -c '[b]gpd.*parent'"); + if (intval($status) > 0) { return true; - else + } else { return false; + } } function openbgpd_get_carp_status_by_ip($ipaddr) { @@ -423,8 +447,9 @@ function openbgpd_get_carp_status_by_ip($ipaddr) { if ($iface) { $status = get_carp_interface_status($iface); // If there is no status for that interface, return null. - if (!$status) + if (!$status) { $status = null; + } } else { // If there is no VIP by that IP, return null. $status = null; @@ -440,7 +465,7 @@ function openbgpd_plugin_carp($pluginparams) { // $pluginparams['interface'] contains the affected interface /* If there is no bgp config, then stop */ - if(is_array($config['installedpackages']['openbgpd']['config'])) { + if (is_array($config['installedpackages']['openbgpd']['config'])) { $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; } else { return null; |