From 12a4ff878a41e407aa1a446fb5b6a757c6207706 Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Sun, 15 Nov 2015 22:46:44 +0100
Subject: pfflowd - add privileges configuration, fixes and cleanups

- Add privileges configuration
- Add Enable checkbox instead of using the foreach() hack
- Validate Source IP as well
---
 config/pfflowd/pfflowd.xml | 149 +++++++++++++++++++++------------------------
 1 file changed, 69 insertions(+), 80 deletions(-)

(limited to 'config/pfflowd/pfflowd.xml')

diff --git a/config/pfflowd/pfflowd.xml b/config/pfflowd/pfflowd.xml
index 44294d69..25a68a2c 100644
--- a/config/pfflowd/pfflowd.xml
+++ b/config/pfflowd/pfflowd.xml
@@ -42,138 +42,130 @@
 		]]>
 	</copyright>
 	<name>pfflowd</name>
-	<version>1.0.3</version>
-	<title>pfflowd: Settings</title>
-	<aftersaveredirect>pkg_edit.php?xml=pfflowd.xml&amp;id=0</aftersaveredirect>
+	<version>1.0.4</version>
+	<title>Services: pfflowd Settings</title>
+	<aftersaveredirect>pkg_edit.php?xml=pfflowd.xml</aftersaveredirect>
 	<menu>
 		<name>pfflowd</name>
 		<tooltiptext>Modify pfflowd settings.</tooltiptext>
 		<section>Services</section>
 		<configfile>pfflowd.xml</configfile>
-		<url>/pkg_edit.php?xml=pfflowd.xml&amp;id=0</url>
+		<url>/pkg_edit.php?xml=pfflowd.xml</url>
 	</menu>
 	<service>
 		<name>pfflowd</name>
 		<rcfile>pfflowd.sh</rcfile>
 		<executable>pfflowd</executable>
+		<description>Netflow Export Daemon</description>
 	</service>
 	<configpath>installedpackages->package->$packagename->configuration->settings</configpath>
+	<additional_files_needed>
+		<prefix>/etc/inc/priv/</prefix>
+		<item>https://packages.pfsense.org/packages/config/pfflowd/pfflowd.priv.inc</item>
+	</additional_files_needed>
 	<fields>
 		<field>
-			<fielddescr>Host</fielddescr>
+			<fielddescr>Enable pfflowd</fielddescr>
+			<fieldname>enabled</fieldname>
+			<description>Check this to enable pfflowd daemon.</description>
+			<type>checkbox</type>
+		</field>
+		<field>
+			<fielddescr>Destination Host</fielddescr>
 			<fieldname>host</fieldname>
-			<description>Specify the host that datagrams are to be sent to.</description>
+			<description>Specify the IP address of the host that datagrams are to be sent to.</description>
 			<type>input</type>
+			<required/>
 		</field>
 		<field>
-			<fielddescr>Port</fielddescr>
+			<fielddescr>Destination Port</fielddescr>
 			<fieldname>port</fieldname>
 			<description>Enter the port that datagrams are to be sent to.</description>
 			<type>input</type>
+			<required/>
 		</field>
 		<field>
-			<fielddescr>Source Hostname/IP</fielddescr>
+			<fielddescr>Source IP</fielddescr>
 			<fieldname>sourcehost</fieldname>
-			<description>Specify the hostname or IP address that datagrams are to be sent from. The hostname/IP must be local to this system.</description>
+			<description>
+				<![CDATA[
+				Specify the IP address that datagrams are to be sent from. <strong>The IP must be local to this system.</strong>
+				]]>
+			</description>
 			<type>input</type>
 		</field>
 		<field>
-			<fielddescr>pf rule direction restriction</fielddescr>
+			<fielddescr>pf Rule Direction Restriction</fielddescr>
 			<fieldname>direction</fieldname>
 			<description>Restrict creation of flow records to states matching a certain direction (in, out, or any).</description>
 			<type>select</type>
 			<options>
-				<option>
-					<name>Any</name>
-					<value>any</value>
-				</option>
-				<option>
-					<name>In</name>
-					<value>in</value>
-				</option>
-				<option>
-					<name>Out</name>
-					<value>out</value>
-				</option>
+				<option><name>Any</name><value>any</value></option>
+				<option><name>In</name><value>in</value></option>
+				<option><name>Out</name><value>out</value></option>
 			</options>
 		</field>
 		<field>
-			<fielddescr>Netflow version</fielddescr>
+			<fielddescr>Netflow Version</fielddescr>
 			<fieldname>version</fieldname>
 			<description>Select which version of the NetFlow protocol to use.</description>
 			<type>select</type>
 			<options>
-				<option>
-					<name>9</name>
-					<value>9</value>
-				</option>
-				<option>
-					<name>5</name>
-					<value>5</value>
-				</option>
-				<option>
-					<name>1</name>
-					<value>1</value>
-				</option>
+				<option><name>9</name><value>9</value></option>
+				<option><name>5</name><value>5</value></option>
+				<option><name>1</name><value>1</value></option>
 			</options>
 		</field>
 	</fields>
 	<custom_php_global_functions>
 		<![CDATA[
 		function sync_package_pfflowd() {
-			conf_mount_rw();
 			global $config;
-			foreach ($config['installedpackages']['pfflowd']['config'] as $cf) {
-				if ($cf['host'] != "") {
-					$start = "\n/sbin/ifconfig pfsync0 up\n";
-					$start .= "/usr/local/sbin/pfflowd ";
-					$start .= " -n {$cf['host']}";
-					if ($cf['port'] != "") {
-						$start .= ":{$cf['port']}";
-					}
-					if (!empty($cf['sourcehost'])) {
-						$start .= " -s {$cf['sourcehost']} ";
-					}
-					if ($cf['direction'] != "") {
-						$start .= " -S {$cf['direction']}";
-					}
-					if ($cf['version'] != "") {
-						$start .= " -v {$cf['version']}";
-					}
-					write_rcfile(array(
-							"file" => "pfflowd.sh",
-							"start" => $start,
-							"stop" => "/usr/bin/killall pfflowd"
-						)
-					);
+			conf_mount_rw();
+			if (is_array($config['installedpackages']['pfflowd']['config'])) {
+				$cf = $config['installedpackages']['pfflowd']['config'][0];
+			} else {
+				$cf = array();
+			}
+			if ($cf['enabled'] == "on") {
+				$start = "\n/sbin/ifconfig pfsync0 up\n";
+				$start .= "/usr/local/sbin/pfflowd ";
+				$start .= " -n {$cf['host']}";
+				$start .= ":{$cf['port']}";
+				if (!empty($cf['sourcehost'])) {
+					$start .= " -s {$cf['sourcehost']} ";
+				}
+				if ($cf['direction'] != "") {
+					$start .= " -S {$cf['direction']}";
+				}
+				if ($cf['version'] != "") {
+					$start .= " -v {$cf['version']}";
+				}
+				write_rcfile(array("file" => "pfflowd.sh", "start" => $start, "stop" => "/usr/bin/killall pfflowd"));
+				if (is_service_running("pfflowd")) {
 					restart_service("pfflowd");
-					break;
+				} else {
+					start_service("pfflowd");
+				}
+			} else {
+				if (is_service_running("pfflowd")) {
+					stop_service("pfflowd");
 				}
+				unlink_if_exists("/usr/local/etc/rc.d/pfflowd.sh");
 			}
 			conf_mount_ro();
 		}
 
 		function validate_form_pfflowd($post, &$input_errors) {
-			if (($post['host'] == "") || !is_ipaddr($post['host'])) {
-				$input_errors[] = 'You must specify a valid ip address in the \'Host\' field';
+			if ($post['host'] != "" && !is_ipaddr($post['host'])) {
+				$input_errors[] = 'You must specify a valid IP address in the \'Destination Host\' field';
 			}
-			if (($post['port'] == "") || !is_port($post['port'])) {
-				$input_errors[] = 'You must specify a valid port number in the \'Port\' field';
+			if ($post['port'] != "" && !is_port($post['port'])) {
+				$input_errors[] = 'You must specify a valid port number in the \'Destination Port\' field';
 			}
-		}
-
-		function cleanup_config_pfflowd() {
-			global $a_pkg;
-			$pffconf = array();
-			if (is_array($a_pkg)) {
-				foreach($a_pkg as $cf) {
-					if ($cf['host'] != "") {
-						$pffconf = $cf;
-					}
-				}
+			if ($post['sourcehost'] != "" && !is_ipaddr($post['sourcehost'])) {
+				$input_errors[] = 'You must specify a valid IP address in the \'Source IP\' field';
 			}
-			$a_pkg = array();
-			$a_pkg[0] = $pffconf;
 		}
 		]]>
 	</custom_php_global_functions>
@@ -183,7 +175,4 @@
 	<custom_php_validation_command>
 		validate_form_pfflowd($_POST, $input_errors);
 	</custom_php_validation_command>
-	<custom_php_command_before_form>
-		cleanup_config_pfflowd();
-	</custom_php_command_before_form>
 </packagegui>
-- 
cgit v1.2.3