diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/siproxd/siproxd.inc | 247 |
1 files changed, 141 insertions, 106 deletions
diff --git a/config/siproxd/siproxd.inc b/config/siproxd/siproxd.inc index 53dc7a2d..50b6e558 100644 --- a/config/siproxd/siproxd.inc +++ b/config/siproxd/siproxd.inc @@ -1,8 +1,10 @@ <?php /* siproxd.inc + part of pfSense (https://www.pfSense.org/) Copyright (C) 2006 Scott Ullrich Copyright (C) 2010 Jim Pingle + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -26,54 +28,51 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -if(!function_exists("filter_configure")) +if (!function_exists("filter_configure")) { require_once("filter.inc"); +} require_once("service-utils.inc"); -// Check to find out on which system the package is running -$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); +// Check to find out on which pfSense version the package is running +global $pfs_version; +$pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); if ($pfs_version == "2.1" || $pfs_version == "2.2") { define('SIPROXD', '/usr/pbi/siproxd-' . php_uname("m")); } else { define('SIPROXD', '/usr/local'); } -// End of system check -function sync_package_sipproxd_users() { +function sync_package_siproxd_users() { + global $g, $config; conf_mount_rw(); - // put the constant to a variable - $varSIPROXD = SIPROXD; - - global $config; - $fout = fopen("$varSIPROXD/etc/siproxd_passwd.cfg","w"); + $siproxd_pwfile = SIPROXD . '/etc/siproxd_passwd.cfg'; + $fout = fopen($siproxd_pwfile, "w"); fwrite($fout, "# This file was automatically generated by the pfSense\n# package management system.\n\n"); - if($config['installedpackages']['siproxdusers']['config'] != "") { - foreach($config['installedpackages']['siproxdusers']['config'] as $rowhelper) { + if ($config['installedpackages']['siproxdusers']['config'] != "") { + foreach ($config['installedpackages']['siproxdusers']['config'] as $rowhelper) { fwrite($fout, $rowhelper['username'] . " " . $rowhelper['password'] . "\n"); } } fclose($fout); + conf_mount_ro(); - system("/usr/bin/killall -HUP siproxd"); + /* Reload settings to sync users */ + sigkillbypid("{$g['varrun_path']}/siproxd.pid", "HUP"); } function siproxd_generate_rules($type) { global $config; - // put the constant to a variable - $varSIPROXD = SIPROXD; - $siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0]; if (!is_service_running('siproxd')) { - log_error("Sipproxd is installed but not started. Not installing redirect rules."); + log_error("Siproxd is installed but not started. Not installing redirect rules."); return; } /* proxy is turned off in package settings */ - if($siproxd_conf['sipenable'] == "0") { - log_error("WARNING: siproxd proxy has not been enabled. Not installing rules."); + if ($siproxd_conf['sipenable'] == "0") { + log_error("WARNING: siproxd proxy has not been enabled. Not installing rules."); return "\n"; } @@ -84,25 +83,26 @@ function siproxd_generate_rules($type) { $port = ($siproxd_conf['port'] ? $siproxd_conf['port'] : 5060); switch($type) { - case 'nat': - $rules .= "\n# Setup Sipproxd proxy redirect\n"; - foreach ($ifaces as $iface) { - if($iface <> "") - $rules .= "rdr on {$iface} proto udp from any to !($iface) port {$port} -> 127.0.0.1 port {$port}\n"; - } - break; - case 'filter': - case 'rule': - foreach ($ifaces as $iface) { - if($iface <> "") { - $rules .= "# allow SIP signaling and RTP traffic\n"; - $rules .= "pass in on {$iface} proto udp from any to any port = {$port}\n"; - if($siproxd_conf['rtpenable'] == "1") { - $rules .= "pass in on {$iface} proto udp from any to any port {$rtplower}:{$rtpupper}\n"; + case 'nat': + $rules .= "\n# Setup Siproxd proxy redirect\n"; + foreach ($ifaces as $iface) { + if ($iface <> "") { + $rules .= "rdr on {$iface} proto udp from any to !($iface) port {$port} -> 127.0.0.1 port {$port}\n"; } } - } - break; + break; + case 'filter': + case 'rule': + foreach ($ifaces as $iface) { + if ($iface <> "") { + $rules .= "# allow SIP signaling and RTP traffic\n"; + $rules .= "pass in on {$iface} proto udp from any to any port = {$port}\n"; + if ($siproxd_conf['rtpenable'] == "1") { + $rules .= "pass in on {$iface} proto udp from any to any port {$rtplower}:{$rtpupper}\n"; + } + } + } + break; } return $rules; @@ -111,42 +111,50 @@ function siproxd_generate_rules($type) { function sync_package_siproxd() { global $config, $pfs_version; - // put the constant to a variable - $varSIPROXD = SIPROXD; - conf_mount_rw(); $siproxd_chroot = "/var/siproxd/"; - @mkdir($siproxd_chroot); + safe_mkdir($siproxd_chroot); @chown($siproxd_chroot, "nobody"); @chgrp($siproxd_chroot, "nobody"); + unlink_if_exists(SIPROXD . '/etc/rc.d/siproxd'); - unlink_if_exists("$varSIPROXD/etc/rc.d/siproxd"); $siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0]; - $fout = fopen("$varSIPROXD/etc/siproxd.conf","w"); + $siproxd_conffile = SIPROXD . '/etc/siproxd.conf'; + $siproxd_pwfile = SIPROXD . '/etc/siproxd_passwd.cfg'; + + $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); + if ($pfs_version == '2.2') { + $siproxd_bin = SIPROXD . '/bin/siproxd'; + } else { + $siproxd_bin = SIPROXD . '/sbin/siproxd'; + } + $plugindir = SIPROXD . '/lib/siproxd'; + + $fout = fopen($siproxd_conffile, "w"); fwrite($fout, "# This file was automatically generated by the pfSense\n"); fwrite($fout, "# package management system.\n\n"); /* proxy is turned off in package settings */ - if($siproxd_conf['sipenable'] == "0") { + if ($siproxd_conf['sipenable'] == "0") { fclose($fout); return; } - if($siproxd_conf['if_inbound'] != "") { + if ($siproxd_conf['if_inbound'] != "") { fwrite($fout, "if_inbound = " . convert_friendly_interface_to_real_interface_name($siproxd_conf['if_inbound']) . "\n"); } - if($siproxd_conf['if_outbound'] != "") { - if(intval($config['version']) < 6 && $config['interfaces'][$siproxd_conf['if_outbound']]['ipaddr'] == "pppoe") { + if ($siproxd_conf['if_outbound'] != "") { + if (intval($config['version']) < 6 && $config['interfaces'][$siproxd_conf['if_outbound']]['ipaddr'] == "pppoe") { fwrite($fout, "if_outbound = ng0\n"); } else { fwrite($fout, "if_outbound = " . convert_friendly_interface_to_real_interface_name($siproxd_conf['if_outbound']) . "\n"); } } - if($siproxd_conf['port'] != "") { + if ($siproxd_conf['port'] != "") { fwrite($fout, "sip_listen_port = " . $siproxd_conf['port'] . "\n"); } else { fwrite($fout, "sip_listen_port = 5060\n"); @@ -161,13 +169,13 @@ function sync_package_siproxd() { fwrite($fout, "autosave_registrations = 10\n"); fwrite($fout, "pid_file = siproxd.pid\n"); - if($siproxd_conf['rtpenable'] != "") { + if ($siproxd_conf['rtpenable'] != "") { fwrite($fout, "rtp_proxy_enable = " . $siproxd_conf['rtpenable'] . "\n"); } else { fwrite($fout, "rtp_proxy_enable = 1\n"); } - if(($siproxd_conf['rtplower'] != "") && ($siproxd_conf['rtpupper'] != "")) { + if (($siproxd_conf['rtplower'] != "") && ($siproxd_conf['rtpupper'] != "")) { fwrite($fout, "rtp_port_low = " . $siproxd_conf['rtplower'] . "\n"); fwrite($fout, "rtp_port_high = " . $siproxd_conf['rtpupper'] . "\n"); } else { @@ -175,102 +183,113 @@ function sync_package_siproxd() { fwrite($fout, "rtp_port_high = 7079\n"); } - if($siproxd_conf['rtptimeout'] != "") { + if ($siproxd_conf['rtptimeout'] != "") { fwrite($fout, "rtp_timeout = " . $siproxd_conf['rtptimeout'] . "\n"); } else { fwrite($fout, "rtp_timeout = 300\n"); } - if($siproxd_conf['defaulttimeout'] != "") { + if ($siproxd_conf['defaulttimeout'] != "") { fwrite($fout, "default_expires = " . $siproxd_conf['defaulttimeout'] . "\n"); } else { fwrite($fout, "default_expires = 600\n"); } - if($siproxd_conf['authentication']) { + if ($siproxd_conf['authentication']) { fwrite($fout, "proxy_auth_realm = Authentication_Realm\n"); - fwrite($fout, "proxy_auth_pwfile = $varSIPROXD/etc/siproxd_passwd.cfg\n"); + fwrite($fout, "proxy_auth_pwfile = {$siproxd_pwfile}\n"); } - if($siproxd_conf['debug_level'] != "") { + if ($siproxd_conf['debug_level'] != "") { fwrite($fout, "debug_level = " . $siproxd_conf['debug_level'] . "\n"); } else { fwrite($fout, "debug_level = 0x00000000\n"); } - if($siproxd_conf['debug_port'] != "") { + if ($siproxd_conf['debug_port'] != "") { fwrite($fout, "debug_port = " . $siproxd_conf['debug_port'] . "\n"); } - if($siproxd_conf['outboundproxyhost'] != "") { - if($siproxd_conf['outboundproxyport'] != "") { + if ($siproxd_conf['outboundproxyhost'] != "") { + if ($siproxd_conf['outboundproxyport'] != "") { fwrite($fout, "outbound_proxy_host = " . $siproxd_conf['outboundproxyhost'] . "\n"); fwrite($fout, "outbound_proxy_port = " . $siproxd_conf['outboundproxyport'] . "\n"); } } - if($siproxd_conf['expeditedforwarding'] != "") + if ($siproxd_conf['expeditedforwarding'] != "") { fwrite($fout, "rtp_dscp = 46\n"); - if($siproxd_conf['expeditedsipforwarding'] != "") + } + if ($siproxd_conf['expeditedsipforwarding'] != "") { fwrite($fout, "sip_dscp = 26\n"); - - if ($siproxd_conf['rtp_input_dejitter'] != "") + } + if ($siproxd_conf['rtp_input_dejitter'] != "") { fwrite($fout, "rtp_input_dejitter = " . $siproxd_conf['rtp_input_dejitter'] . "\n"); - if ($siproxd_conf['rtp_output_dejitter'] != "") + } + if ($siproxd_conf['rtp_output_dejitter'] != "") { fwrite($fout, "rtp_output_dejitter = " . $siproxd_conf['rtp_output_dejitter'] . "\n"); - if ($siproxd_conf['tcp_timeout'] != "") + } + if ($siproxd_conf['tcp_timeout'] != "") { fwrite($fout, "tcp_timeout = " . $siproxd_conf['tcp_timeout'] . "\n"); - if ($siproxd_conf['tcp_connect_timeout'] != "") + } + if ($siproxd_conf['tcp_connect_timeout'] != "") { fwrite($fout, "tcp_connect_timeout = " . $siproxd_conf['tcp_connect_timeout'] . "\n"); - if ($siproxd_conf['tcp_keepalive'] != "") + } + if ($siproxd_conf['tcp_keepalive'] != "") { fwrite($fout, "tcp_keepalive = " . $siproxd_conf['tcp_keepalive'] . "\n"); + } - fwrite($fout, "plugindir=$varSIPROXD/lib/siproxd/\n"); + fwrite($fout, "plugindir={$plugindir}\n"); fwrite($fout, "load_plugin=plugin_logcall.la\n"); - if ($siproxd_conf['plugin_defaulttarget'] != "") + if ($siproxd_conf['plugin_defaulttarget'] != "") { fwrite($fout, "load_plugin=plugin_defaulttarget.la\n"); - if (($siproxd_conf['plugin_defaulttarget'] != "") && ($siproxd_conf['plugin_defaulttarget_log'] != "")) + } + if (($siproxd_conf['plugin_defaulttarget'] != "") && ($siproxd_conf['plugin_defaulttarget_log'] != "")) { fwrite($fout, "plugin_defaulttarget_log = 1\n"); - if (($siproxd_conf['plugin_defaulttarget'] != "") && ($siproxd_conf['plugin_defaulttarget_target'] != "")) + } + if (($siproxd_conf['plugin_defaulttarget'] != "") && ($siproxd_conf['plugin_defaulttarget_target'] != "")) { fwrite($fout, "plugin_defaulttarget_target = " . $siproxd_conf['plugin_defaulttarget_target'] . "\n"); + } - if ($siproxd_conf['plugin_fix_bogus_via'] != "") + if ($siproxd_conf['plugin_fix_bogus_via'] != "") { fwrite($fout, "load_plugin=plugin_fix_bogus_via.la\n"); - if (($siproxd_conf['plugin_fix_bogus_via'] != "") && ($siproxd_conf['plugin_fix_bogus_via_networks'] != "")) + } + if (($siproxd_conf['plugin_fix_bogus_via'] != "") && ($siproxd_conf['plugin_fix_bogus_via_networks'] != "")) { fwrite($fout, "plugin_fix_bogus_via_networks = " . $siproxd_conf['plugin_fix_bogus_via_networks'] . "\n"); + } - if ($siproxd_conf['plugin_stun'] != "") + if ($siproxd_conf['plugin_stun'] != "") { fwrite($fout, "load_plugin=plugin_stun.la\n"); - if (($siproxd_conf['plugin_stun'] != "") && ($siproxd_conf['plugin_stun_server'] != "")) + } + if (($siproxd_conf['plugin_stun'] != "") && ($siproxd_conf['plugin_stun_server'] != "")) { fwrite($fout, "plugin_stun_server = " . $siproxd_conf['plugin_stun_server'] . "\n"); - if (($siproxd_conf['plugin_stun'] != "") && ($siproxd_conf['plugin_stun_port'] != "")) + } + if (($siproxd_conf['plugin_stun'] != "") && ($siproxd_conf['plugin_stun_port'] != "")) { fwrite($fout, "plugin_stun_port = " . $siproxd_conf['plugin_stun_port'] . "\n"); - if (($siproxd_conf['plugin_stun'] != "") && ($siproxd_conf['plugin_stun_period'] != "")) + } + if (($siproxd_conf['plugin_stun'] != "") && ($siproxd_conf['plugin_stun_period'] != "")) { fwrite($fout, "plugin_stun_period = " . $siproxd_conf['plugin_stun_period'] . "\n"); + } fclose($fout); - if ($pfs_version == '2.2') - $bin_dir='bin'; - else - $bin_dir='sbin'; - write_rcfile(array( "file" => "siproxd.sh", - "start" => "$varSIPROXD/{$bin_dir}/siproxd -c $varSIPROXD/etc/siproxd.conf &", + "start" => "{$siproxd_bin} -c {$siproxd_conffile} &", "stop" => "/usr/bin/killall -9 siproxd" ) ); - exec("killall -9 siproxd"); - - sleep(3); - - start_service("siproxd"); - - sleep(3); - + if (is_service_running('siproxd')) { + stop_service("siproxd"); + sleep(3); + } + /* Only (re)start the service when siproxd is enabled */ + if ($siproxd_conf['sipenable'] != "0") { + start_service("siproxd"); + sleep(3); + } filter_configure(); conf_mount_ro(); @@ -278,38 +297,54 @@ function sync_package_siproxd() { } function validate_form_siproxd($post, &$input_errors) { - if ($post['port'] && !is_port($post['port'])) + if ($post['port'] && !is_port($post['port'])) { $input_errors[] = 'Invalid port entered for "Listening Port"'; - if ($post['rtplower'] && !is_port($post['rtplower'])) + } + if ($post['rtplower'] && !is_port($post['rtplower'])) { $input_errors[] = 'Invalid port entered for "RTP port range (lower)".'; - if ($post['rtpupper'] && !is_port($post['rtpupper'])) + } + if ($post['rtpupper'] && !is_port($post['rtpupper'])) { $input_errors[] = 'Invalid port entered for "RTP port range (upper)".'; - if ($post['rtplower'] && $post['rtpupper'] && ($post['rtplower'] >= $post['rtpupper'])) + } + if ($post['rtplower'] && $post['rtpupper'] && ($post['rtplower'] >= $post['rtpupper'])) { $input_errors[] = 'RTP lower port cannot be equal to or higher than the RTP upper port.'; - if ($post['rtptimeout'] && (!is_numeric($post['rtptimeout']) || ($post['rtptimeout'] < 0))) + } + if ($post['rtptimeout'] && (!is_numeric($post['rtptimeout']) || ($post['rtptimeout'] < 0))) { $input_errors[] = '"RTP stream timeout" must be numeric and greater than 0.'; - if ($post['defaulttimeout'] && (!is_numeric($post['defaulttimeout']) || ($post['defaulttimeout'] < 0))) + } + if ($post['defaulttimeout'] && (!is_numeric($post['defaulttimeout']) || ($post['defaulttimeout'] < 0))) { $input_errors[] = '"Default expiration timeout" must be numeric and greater than 0.'; - if ($post['outboundproxyhost'] && (!is_hostname($post['outboundproxyhost']) && !is_ipaddr($post['outboundproxyhost']))) + } + if ($post['outboundproxyhost'] && (!is_hostname($post['outboundproxyhost']) && !is_ipaddr($post['outboundproxyhost']))) { $input_errors[] = 'Invalid hostname or IP address entered for "Outbound Proxy Host".'; - if ($post['outboundproxyport'] && !is_port($post['outboundproxyport'])) + } + if ($post['outboundproxyport'] && !is_port($post['outboundproxyport'])) { $input_errors[] = 'Invalid port entered for "Outbound Proxy Port".'; - if ($post['rtp_input_dejitter'] && (!is_numeric($post['rtp_input_dejitter']) || ($post['rtp_input_dejitter'] < 0))) + } + if ($post['rtp_input_dejitter'] && (!is_numeric($post['rtp_input_dejitter']) || ($post['rtp_input_dejitter'] < 0))) { $input_errors[] = '"Input Dejitter" must be numeric and greater than 0.'; - if ($post['rtp_output_dejitter'] && (!is_numeric($post['rtp_output_dejitter']) || ($post['rtp_output_dejitter'] < 0))) + } + if ($post['rtp_output_dejitter'] && (!is_numeric($post['rtp_output_dejitter']) || ($post['rtp_output_dejitter'] < 0))) { $input_errors[] = '"Output Dejitter" must be numeric and greater than 0.'; - if ($post['tcp_timeout'] && (!is_numeric($post['tcp_timeout']) || ($post['tcp_timeout'] < 0))) + } + if ($post['tcp_timeout'] && (!is_numeric($post['tcp_timeout']) || ($post['tcp_timeout'] < 0))) { $input_errors[] = '"TCP inactivity timeout" must be numeric and greater than 0.'; - if ($post['tcp_connect_timeout'] && (!is_numeric($post['tcp_connect_timeout']) || ($post['tcp_connect_timeout'] < 0))) + } + if ($post['tcp_connect_timeout'] && (!is_numeric($post['tcp_connect_timeout']) || ($post['tcp_connect_timeout'] < 0))) { $input_errors[] = '"TCP Connect Timeout" must be numeric and greater than 0.'; - if ($post['tcp_keepalive'] && (!is_numeric($post['tcp_keepalive']) || ($post['tcp_keepalive'] < 0))) + } + if ($post['tcp_keepalive'] && (!is_numeric($post['tcp_keepalive']) || ($post['tcp_keepalive'] < 0))) { $input_errors[] = '"TCP Keepalive" must be numeric and greater than 0.'; - if ($post['plugin_stun_server'] && (!is_hostname($post['plugin_stun_server']) && !is_ipaddr($post['plugin_stun_server']))) + } + if ($post['plugin_stun_server'] && (!is_hostname($post['plugin_stun_server']) && !is_ipaddr($post['plugin_stun_server']))) { $input_errors[] = 'Invalid hostname or IP address entered for "STUN Server".'; - if ($post['plugin_stun_port'] && !is_port($post['plugin_stun_port'])) + } + if ($post['plugin_stun_port'] && !is_port($post['plugin_stun_port'])) { $input_errors[] = 'Invalid port entered for "STUN Port".'; - if ($post['plugin_stun_period'] && (!is_numeric($post['plugin_stun_period']) || ($post['plugin_stun_period'] < 0))) + } + if ($post['plugin_stun_period'] && (!is_numeric($post['plugin_stun_period']) || ($post['plugin_stun_period'] < 0))) { $input_errors[] = '"STUN Period" must be numeric and greater than 0.'; + } } |