Merge branch 'master' of github.com:opnsense/core

pkg/OPNsense.conf

 OPNsense: {
   fingerprints: "/usr/local/etc/pkg/fingerprints/OPNsense",
-  url: "pkg+http://pkg.opnsense.org/${ABI}/latest",
+  url: "pkg+http://pkg.opnsense.org/${ABI}/%%REPO_FLAVOUR%%",
   signature_type: "fingerprints",
   mirror_type: "srv",
   priority: 11,

scripts/version.sh

@@ -27,7 +27,7 @@
 
 set -e
 
-VERSION=$(git describe --abbrev=0)
+VERSION=$(git describe --abbrev=0 --always)
 REVISION=$(git rev-list ${VERSION}.. --count)
 if [ "${REVISION}" != "0" ]; then
 	# must construct full version string manually

src/etc/inc/interfaces.lib.inc

@@ -111,7 +111,7 @@ function legacy_interface_deladdress($ifs, $addr)
 
 function legacy_interface_rename($ifs, $name)
 {
-	$cmd = '/sbin/ifconfig ' . escapeshellarg($if) . ' name ' . escapeshellarg($name);
+	$cmd = '/sbin/ifconfig ' . escapeshellarg($ifs) . ' name ' . escapeshellarg($name);
 
 	exec($cmd . ' 2>&1', $out, $ret);
 	if ($ret) {
@@ -148,3 +148,27 @@ function legacy_vlan_tag($ifs, $member, $tag)
 		log_error('The command `' . $cmd . '\' failed to execute');
 	}
 }
+
+function legacy_interface_stats($ifs)
+{
+	$cmd = '/usr/local/sbin/ifinfo ' . escapeshellarg($ifs);
+	$stats = array();
+
+	exec($cmd . ' 2>&1', $out, $ret);
+	if ($ret) {
+		log_error('The command `' . $cmd . '\' failed to execute');
+		return $stats;
+	}
+
+	if (count($out)) {
+		/* first one is header */
+		array_shift($out);
+
+		foreach ($out as $line) {
+			$stat = explode(':', $line);
+			$stats[trim($stat[0])] = trim($stat[1]);
+		}
+	}
+
+	return $stats;
+}

src/etc/inc/pfsense-utils.inc

@@ -961,21 +961,21 @@ function get_interface_info($ifdescr)
 	$chkif = $ifinfo['if'];
 	$ifinfotmp = pfSense_get_interface_addresses($chkif);
 	$ifinfo['status'] = $ifinfotmp['status'];
-	if (empty($ifinfo['status']))
-		$ifinfo['status'] = "down";
+	if (empty($ifinfo['status'])) {
+		$ifinfo['status'] = 'down';
+	}
 	$ifinfo['macaddr'] = $ifinfotmp['macaddr'];
 	$ifinfo['ipaddr'] = $ifinfotmp['ipaddr'];
 	$ifinfo['subnet'] = $ifinfotmp['subnet'];
 	$ifinfo['linklocal'] = get_interface_linklocal($ifdescr);
 	$ifinfo['ipaddrv6'] = get_interface_ipv6($ifdescr);
 	$ifinfo['subnetv6'] = get_interface_subnetv6($ifdescr);
-	if (isset($ifinfotmp['link0']))
-		$link0 = "down";
-	$ifinfotmp = pfSense_get_interface_stats($chkif);
-	// $ifinfo['inpkts'] = $ifinfotmp['inpkts'];
-	// $ifinfo['outpkts'] = $ifinfotmp['outpkts'];
-	$ifinfo['inerrs'] = $ifinfotmp['inerrs'];
-	$ifinfo['outerrs'] = $ifinfotmp['outerrs'];
+	if (isset($ifinfotmp['link0'])) {
+		$link0 = 'down';
+	}
+	$ifinfotmp = legacy_interface_stats($chkif);
+	$ifinfo['inerrs'] = $ifinfotmp['input errors'];
+	$ifinfo['outerrs'] = $ifinfotmp['output errors'];
 	$ifinfo['collisions'] = $ifinfotmp['collisions'];
 
 	/* Use pfctl for non wrapping 64 bit counters */

src/opnsense/service/templates/OPNsense/IPFW/+MANIFEST

+name: opnsense-ipfw
+version: 0.1
+origin: opnsense/proxy
+comment: IPFW configuration
+desc: configuration templates for ipfw rulesets
+maintainer: ad at opnsense.org
+www: https://opnsense.org
+prefix: /

src/opnsense/service/templates/OPNsense/IPFW/+TARGETS

+ipfw.conf:/tmp/ipfw.rules.new

src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf

+#======================================================================================
+# flush ruleset
+#======================================================================================
+flush
+
+#======================================================================================
+# general purpose rules 1...1000
+#======================================================================================
+add 100 allow pfsync from any to any
+add 110 allow carp from any to any
+# layer 2: pass ARP
+add 120 pass layer2 mac-type arp,rarp
+# OPNsense requires for WPA
+add 130 pass layer2 mac-type 0x888e,0x88c7
+# PPP Over Ethernet Session Stage/Discovery Stage
+add 140 pass layer2 mac-type 0x8863,0x8864
+# layer 2: block anything else non-IP(v4/v6)
+add 150 deny layer2 not mac-type ip,ipv6
+
+#======================================================================================
+# Allow traffic to this hosts static ip's
+#======================================================================================
+{% for intf_key,interface in interfaces.iteritems() %}
+{% if intf_key != "wan" and interface.ipaddr != "dhcp" and interface.ipaddr != "" %}
+add {{loop.index  + 1000}} allow udp from any to {{ interface.ipaddr }} dst-port 53 keep-state
+add {{loop.index  + 1000}} allow ip from any to { 255.255.255.255 or {{interface.ipaddr}} } in
+add {{loop.index  + 1000}} allow ip from { 255.255.255.255 or {{interface.ipaddr}} } to any out
+add {{loop.index  + 1000}} allow icmp from { 255.255.255.255 or {{interface.ipaddr}} } to any out icmptypes 0
+add {{loop.index  + 1000}} allow icmp from any to { 255.255.255.255 or {{interface.ipaddr}} } in icmptypes 8
+{% endif %}
+{% endfor %}
+
+{% if helpers.exists('captiveportal') %}
+{% for cp_key,cp_item in captiveportal.iteritems() %}
+{%      for intf_key,interface in interfaces.iteritems() %}
+{%          if intf_key == cp_item.interface and interface.ipaddr != 'dhcp' %}
+#===================================================================================
+# zone {{cp_key}} ({{cp_item.zoneid}}) configuration
+#===================================================================================
+{# authenticated users ( table 1 + 2 ) #}
+add {{3000 + cp_item.zoneid|int * 10 + 1 }}  skipto {{10001 + cp_item.zoneid|int * 1000  }} ip from table({{6*(cp_item.zoneid|int-1) + 1 }}) to any via {{interface.if}}
+add {{3000 + cp_item.zoneid|int * 10 + 2 }}  skipto {{10001 + cp_item.zoneid|int * 1000  }} ip from table({{6*(cp_item.zoneid|int-1) + 1 }}) to any via {{interface.if}}
+{# authenticated hosts ( table 3 + 4 ) #}
+add {{3000 + cp_item.zoneid|int * 10 + 3 }}  skipto {{10001 + cp_item.zoneid|int * 1000  }} ip from table({{6*(cp_item.zoneid|int-1) + 3 }}) to any via {{interface.if}}
+add {{3000 + cp_item.zoneid|int * 10 + 4 }}  skipto {{10001 + cp_item.zoneid|int * 1000  }} ip from table({{6*(cp_item.zoneid|int-1) + 3 }}) to any via {{interface.if}}
+{# authenticated mac addresses ( table 5 + 6 ) #}
+add {{3000 + cp_item.zoneid|int * 10 + 5 }}  skipto {{10001 + cp_item.zoneid|int * 1000  }} ip from table({{6*(cp_item.zoneid|int-1) + 5 }}) to any via {{interface.if}}
+add {{3000 + cp_item.zoneid|int * 10 + 6 }}  skipto {{10001 + cp_item.zoneid|int * 1000  }} ip from table({{6*(cp_item.zoneid|int-1) + 5 }}) to any via {{interface.if}}
+{%          endif %}
+{%      endfor %}
+{% endfor %}
+{% endif %}
+
+
+
+#======================================================================================
+# setup zone accounting section
+#======================================================================================
+{% if helpers.exists('captiveportal') %}
+{% for cp_key,cp_item in captiveportal.iteritems() %}
+{%      for intf_key,interface in interfaces.iteritems() %}
+{%          if intf_key == cp_item.interface and interface.ipaddr != 'dhcp' %}
+# zone {{cp_key}} ({{cp_item.zoneid}})
+add {{ (cp_item.zoneid|int * 1000) + 10001 }} count ip from any to any via {{interface.if}}
+add {{ (cp_item.zoneid|int * 1000) + 10998 }} skipto 30000 all from any to any via {{interface.if}}
+add {{ (cp_item.zoneid|int * 1000) + 10999 }} deny all from any to any not via {{interface.if}}
+{%          endif %}
+{%      endfor %}
+{% endfor %}
+{% endif %}

src/opnsense/service/templates/OPNsense/Proxy/+MANIFEST

@@ -3,6 +3,6 @@ version: 0.1
 origin: opnsense/proxy
 comment: Squid proxy configuration
 desc: configuration templates for squid proxy
-maintainer: ad@opnsense.org
+maintainer: ad at opnsense.org
 www: https://opnsense.org
 prefix: /

src/opnsense/service/templates/OPNsense/Sample/+MANIFEST

@@ -3,6 +3,6 @@ version: 0.1
 origin: opnsense/sample
 comment: OPNsense configuration template example
 desc: creates some files in /tmp/.../ based on reporting definitions found in +TARGETS
-maintainer: ad@opnsense.org
+maintainer: ad at opnsense.org
 www: https://opnsense.org
 prefix: /

src/www/graph.php

 <?php
+
 /*
 	Copyright (C) 2014-2015 Deciso B.V.
 	Copyright (C) 2004-2006 T. Lechat <dev@lechat.org>, Manuel Kasper <mk@neon1.net>
@@ -82,12 +83,6 @@ $width=200;             //SVG internal width : do not modify
 
 $fetch_link = "ifstats.php?if=" . htmlspecialchars($ifnum);
 
-/* check for custom theme colors */
-if(file_exists("/usr/local/www/themes/{$g['theme']}/graph.php")) {
-	$themetxt = file_get_contents("/usr/local/www/themes/{$g['theme']}/graph.php");
-	eval($themetxt);
-}
-
 /********* Graph DATA **************/
 print('<?xml version="1.0" ?>' . "\n");?>
 <svg width="100%" height="100%" viewBox="0 0 <?=$width?> <?=$height?>" preserveAspectRatio="none" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" onload="init(evt)">

src/www/ifstats.php

@@ -37,7 +37,7 @@ if (!$realif) {
 	$realif = $if; // Need for IPSec case interface.
 }
 
-$ifinfo = pfSense_get_interface_stats($realif);
+$ifinfo = legacy_interface_stats($realif);
 
 $temp = gettimeofday();
 $timing = (double)$temp["sec"] + (double)$temp["usec"] / 1000000.0;
@@ -48,4 +48,4 @@ header("Cache-Control: no-store, no-cache, must-revalidate" ); // HTTP/1.1
 header("Cache-Control: post-check=0, pre-check=0", FALSE );
 header("Pragma: no-cache"); // HTTP/1.0
 
-echo "$timing|" . $ifinfo['inbytes'] . "|" . $ifinfo['outbytes'] . "\n";
+echo "$timing|" . $ifinfo['bytes received'] . "|" . $ifinfo['bytes transmitted'] . "\n";