Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
OpnSense
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kulya
OpnSense
Commits
91f984a0
Commit
91f984a0
authored
Jun 18, 2016
by
Franco Fichtner
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
filter: migrate alias handling
parent
21086738
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
151 additions
and
150 deletions
+151
-150
filter.inc
src/etc/inc/filter.inc
+149
-1
pfsense-utils.inc
src/etc/inc/pfsense-utils.inc
+0
-149
rc.update_urltables
src/etc/rc.update_urltables
+1
-0
firewall_aliases_edit.php
src/www/firewall_aliases_edit.php
+1
-0
No files found.
src/etc/inc/filter.inc
View file @
91f984a0
<?php
/*
Copyright (C) 2004-200
6
Scott Ullrich
Copyright (C) 2004-200
7
Scott Ullrich
Copyright (C) 2005 Bill Marquette
Copyright (C) 2006 Peter Allgeyer
Copyright (C) 2008-2010 Ermal Luci
...
...
@@ -99,6 +99,154 @@ function is_bogonsv6_used()
return
$usebogonsv6
;
}
function
download_file
(
$url
,
$destination
,
$verify_ssl
=
false
,
$connect_timeout
=
60
,
$timeout
=
0
)
{
global
$config
,
$g
;
$fp
=
fopen
(
$destination
,
"wb"
);
if
(
!
$fp
)
{
return
false
;
}
$ch
=
curl_init
();
curl_setopt
(
$ch
,
CURLOPT_URL
,
$url
);
if
(
!
$verify_ssl
)
{
/* leave the curl defaults untouched when verify is used */
curl_setopt
(
$ch
,
CURLOPT_SSL_VERIFYPEER
,
0
);
curl_setopt
(
$ch
,
CURLOPT_SSL_VERIFYHOST
,
0
);
}
curl_setopt
(
$ch
,
CURLOPT_FILE
,
$fp
);
curl_setopt
(
$ch
,
CURLOPT_CONNECTTIMEOUT
,
$connect_timeout
);
curl_setopt
(
$ch
,
CURLOPT_TIMEOUT
,
$timeout
);
curl_setopt
(
$ch
,
CURLOPT_HEADER
,
false
);
curl_setopt
(
$ch
,
CURLOPT_FOLLOWLOCATION
,
true
);
curl_setopt
(
$ch
,
CURLOPT_USERAGENT
,
$g
[
'product_name'
]
.
'/'
.
rtrim
(
file_get_contents
(
"/usr/local/opnsense/version/opnsense"
)));
@
curl_exec
(
$ch
);
$http_code
=
curl_getinfo
(
$ch
,
CURLINFO_HTTP_CODE
);
fclose
(
$fp
);
curl_close
(
$ch
);
return
(
$http_code
==
200
)
?
true
:
$http_code
;
}
function
update_alias_names_upon_change
(
$section
,
$field
,
$new_alias_name
,
$origname
)
{
global
$config
;
if
(
!
$origname
)
{
return
;
}
$sectionref
=
&
$config
;
foreach
(
$section
as
$sectionname
)
{
if
(
is_array
(
$sectionref
)
&&
isset
(
$sectionref
[
$sectionname
]))
{
$sectionref
=
&
$sectionref
[
$sectionname
];
}
else
{
return
;
}
}
if
(
is_array
(
$sectionref
))
{
foreach
(
$sectionref
as
$itemkey
=>
$item
)
{
$fieldfound
=
true
;
$fieldref
=
&
$sectionref
[
$itemkey
];
foreach
(
$field
as
$fieldname
)
{
if
(
is_array
(
$fieldref
)
&&
isset
(
$fieldref
[
$fieldname
]))
{
$fieldref
=
&
$fieldref
[
$fieldname
];
}
else
{
$fieldfound
=
false
;
break
;
}
}
if
(
$fieldfound
&&
$fieldref
==
$origname
)
{
$fieldref
=
$new_alias_name
;
}
}
}
}
function
process_alias_urltable
(
$name
,
$url
,
$freq
,
$forceupdate
=
false
)
{
global
$config
;
$urltable_prefix
=
"/var/db/aliastables/"
;
$urltable_filename
=
$urltable_prefix
.
$name
.
".txt"
;
// Make the aliases directory if it doesn't exist
if
(
!
file_exists
(
$urltable_prefix
))
{
mkdir
(
$urltable_prefix
);
}
elseif
(
!
is_dir
(
$urltable_prefix
))
{
unlink
(
$urltable_prefix
);
mkdir
(
$urltable_prefix
);
}
if
(
empty
(
$freq
))
{
$freq
=
1
;
}
$update_freq
=
(
$freq
*
86400
)
-
90
;
// If the file doesn't exist or is older than update_freq days, fetch a new copy.
if
(
!
file_exists
(
$urltable_filename
)
||
((
time
()
-
filemtime
(
$urltable_filename
))
>
$update_freq
)
||
$forceupdate
)
{
// open file handle to output file, in case the process takes a lot of time, make sure there's a file before
// filter starts to load. Also helps for tracking progress.
//
// todo: rethink alias_expand_urltable in filter.inc , its probably not a very good idea to download and
// process files during boot.
$output_file_handle
=
fopen
(
$urltable_filename
,
'w'
);
$alias_type
=
alias_get_type
(
$name
);
// Try to fetch the URL supplied
@
unlink
(
"
{
$urltable_filename
}
.tmp"
);
$verify_ssl
=
isset
(
$config
[
'system'
][
'checkaliasesurlcert'
]);
if
(
download_file
(
$url
,
"
{
$urltable_filename
}
.tmp"
,
$verify_ssl
))
{
foreach
(
preg_split
(
'/[\n\r]+/'
,
file_get_contents
(
"
{
$urltable_filename
}
.tmp"
),
-
1
,
PREG_SPLIT_NO_EMPTY
)
as
$line
)
{
$line
=
trim
(
$line
);
// remove leading spaces
if
(
$line
[
0
]
!=
'#'
)
{
// cleanse line item
$line
=
preg_split
(
'/\s+/'
,
$line
)[
0
];
if
(
$alias_type
==
"urltable_ports"
)
{
// todo: add proper validation for ports here
fwrite
(
$output_file_handle
,
"
{
$line
}
\n
"
);
}
else
{
// validate or resolve line items, skip unparseable content
if
(
is_subnet
(
$line
)
||
is_ipaddr
(
$line
))
{
fwrite
(
$output_file_handle
,
"
{
$line
}
\n
"
);
}
elseif
(
is_hostname
(
$line
))
{
foreach
(
array
(
DNS_AAAA
,
DNS_A
)
as
$dns_type
)
{
// normally dns_get_record should be able to use DNS_A + DNS_AAAA
// but for some strange reason not on our platform...
$dns_records
=
@
dns_get_record
(
$line
,
$dns_type
);
if
(
$dns_records
)
{
foreach
(
$dns_records
as
$dns_record
)
{
if
(
!
empty
(
$dns_record
[
'ipv6'
]))
{
fwrite
(
$output_file_handle
,
$dns_record
[
'ipv6'
]
.
"
\n
"
);
}
elseif
(
!
empty
(
$dns_record
[
'ip'
]))
{
fwrite
(
$output_file_handle
,
$dns_record
[
'ip'
]
.
"
\n
"
);
}
}
}
}
}
fflush
(
$output_file_handle
);
}
}
}
fclose
(
$output_file_handle
);
if
(
$alias_type
==
"urltable_ports"
)
{
$ports
=
explode
(
"
\n
"
,
file_get_contents
(
$urltable_filename
));
$ports
=
group_ports
(
$ports
);
file_put_contents
(
$urltable_filename
,
implode
(
"
\n
"
,
$ports
));
}
@
unlink
(
"
{
$urltable_filename
}
.tmp"
);
}
else
{
touch
(
$urltable_filename
);
}
return
true
;
}
else
{
// File exists, and it doesn't need updated.
return
-
1
;
}
}
/* sort by interface only, retain the original order of rules that apply to
the same interface */
function
filter_rules_sort
()
...
...
src/etc/inc/pfsense-utils.inc
View file @
91f984a0
...
...
@@ -265,155 +265,6 @@ function is_fqdn($fqdn) {
return
(
$hostname
);
}
function
download_file
(
$url
,
$destination
,
$verify_ssl
=
false
,
$connect_timeout
=
60
,
$timeout
=
0
)
{
global
$config
,
$g
;
$fp
=
fopen
(
$destination
,
"wb"
);
if
(
!
$fp
)
{
return
false
;
}
$ch
=
curl_init
();
curl_setopt
(
$ch
,
CURLOPT_URL
,
$url
);
if
(
!
$verify_ssl
)
{
/* leave the curl defaults untouched when verify is used */
curl_setopt
(
$ch
,
CURLOPT_SSL_VERIFYPEER
,
0
);
curl_setopt
(
$ch
,
CURLOPT_SSL_VERIFYHOST
,
0
);
}
curl_setopt
(
$ch
,
CURLOPT_FILE
,
$fp
);
curl_setopt
(
$ch
,
CURLOPT_CONNECTTIMEOUT
,
$connect_timeout
);
curl_setopt
(
$ch
,
CURLOPT_TIMEOUT
,
$timeout
);
curl_setopt
(
$ch
,
CURLOPT_HEADER
,
false
);
curl_setopt
(
$ch
,
CURLOPT_FOLLOWLOCATION
,
true
);
curl_setopt
(
$ch
,
CURLOPT_USERAGENT
,
$g
[
'product_name'
]
.
'/'
.
rtrim
(
file_get_contents
(
"/usr/local/opnsense/version/opnsense"
)));
@
curl_exec
(
$ch
);
$http_code
=
curl_getinfo
(
$ch
,
CURLINFO_HTTP_CODE
);
fclose
(
$fp
);
curl_close
(
$ch
);
return
(
$http_code
==
200
)
?
true
:
$http_code
;
}
function
update_alias_names_upon_change
(
$section
,
$field
,
$new_alias_name
,
$origname
)
{
global
$config
;
if
(
!
$origname
)
{
return
;
}
$sectionref
=
&
$config
;
foreach
(
$section
as
$sectionname
)
{
if
(
is_array
(
$sectionref
)
&&
isset
(
$sectionref
[
$sectionname
]))
{
$sectionref
=
&
$sectionref
[
$sectionname
];
}
else
{
return
;
}
}
if
(
is_array
(
$sectionref
))
{
foreach
(
$sectionref
as
$itemkey
=>
$item
)
{
$fieldfound
=
true
;
$fieldref
=
&
$sectionref
[
$itemkey
];
foreach
(
$field
as
$fieldname
)
{
if
(
is_array
(
$fieldref
)
&&
isset
(
$fieldref
[
$fieldname
]))
{
$fieldref
=
&
$fieldref
[
$fieldname
];
}
else
{
$fieldfound
=
false
;
break
;
}
}
if
(
$fieldfound
&&
$fieldref
==
$origname
)
{
$fieldref
=
$new_alias_name
;
}
}
}
}
function
process_alias_urltable
(
$name
,
$url
,
$freq
,
$forceupdate
=
false
)
{
global
$config
;
$urltable_prefix
=
"/var/db/aliastables/"
;
$urltable_filename
=
$urltable_prefix
.
$name
.
".txt"
;
// Make the aliases directory if it doesn't exist
if
(
!
file_exists
(
$urltable_prefix
))
{
mkdir
(
$urltable_prefix
);
}
elseif
(
!
is_dir
(
$urltable_prefix
))
{
unlink
(
$urltable_prefix
);
mkdir
(
$urltable_prefix
);
}
if
(
empty
(
$freq
))
{
$freq
=
1
;
}
$update_freq
=
(
$freq
*
86400
)
-
90
;
// If the file doesn't exist or is older than update_freq days, fetch a new copy.
if
(
!
file_exists
(
$urltable_filename
)
||
((
time
()
-
filemtime
(
$urltable_filename
))
>
$update_freq
)
||
$forceupdate
)
{
// open file handle to output file, in case the process takes a lot of time, make sure there's a file before
// filter starts to load. Also helps for tracking progress.
//
// todo: rethink alias_expand_urltable in filter.inc , its probably not a very good idea to download and
// process files during boot.
$output_file_handle
=
fopen
(
$urltable_filename
,
'w'
);
$alias_type
=
alias_get_type
(
$name
);
// Try to fetch the URL supplied
@
unlink
(
"
{
$urltable_filename
}
.tmp"
);
$verify_ssl
=
isset
(
$config
[
'system'
][
'checkaliasesurlcert'
]);
if
(
download_file
(
$url
,
"
{
$urltable_filename
}
.tmp"
,
$verify_ssl
))
{
foreach
(
preg_split
(
'/[\n\r]+/'
,
file_get_contents
(
"
{
$urltable_filename
}
.tmp"
),
-
1
,
PREG_SPLIT_NO_EMPTY
)
as
$line
)
{
$line
=
trim
(
$line
);
// remove leading spaces
if
(
$line
[
0
]
!=
'#'
)
{
// cleanse line item
$line
=
preg_split
(
'/\s+/'
,
$line
)[
0
];
if
(
$alias_type
==
"urltable_ports"
)
{
// todo: add proper validation for ports here
fwrite
(
$output_file_handle
,
"
{
$line
}
\n
"
);
}
else
{
// validate or resolve line items, skip unparseable content
if
(
is_subnet
(
$line
)
||
is_ipaddr
(
$line
))
{
fwrite
(
$output_file_handle
,
"
{
$line
}
\n
"
);
}
elseif
(
is_hostname
(
$line
))
{
foreach
(
array
(
DNS_AAAA
,
DNS_A
)
as
$dns_type
)
{
// normally dns_get_record should be able to use DNS_A + DNS_AAAA
// but for some strange reason not on our platform...
$dns_records
=
@
dns_get_record
(
$line
,
$dns_type
);
if
(
$dns_records
)
{
foreach
(
$dns_records
as
$dns_record
)
{
if
(
!
empty
(
$dns_record
[
'ipv6'
]))
{
fwrite
(
$output_file_handle
,
$dns_record
[
'ipv6'
]
.
"
\n
"
);
}
elseif
(
!
empty
(
$dns_record
[
'ip'
]))
{
fwrite
(
$output_file_handle
,
$dns_record
[
'ip'
]
.
"
\n
"
);
}
}
}
}
}
fflush
(
$output_file_handle
);
}
}
}
fclose
(
$output_file_handle
);
if
(
$alias_type
==
"urltable_ports"
)
{
$ports
=
explode
(
"
\n
"
,
file_get_contents
(
$urltable_filename
));
$ports
=
group_ports
(
$ports
);
file_put_contents
(
$urltable_filename
,
implode
(
"
\n
"
,
$ports
));
}
@
unlink
(
"
{
$urltable_filename
}
.tmp"
);
}
else
{
touch
(
$urltable_filename
);
}
return
true
;
}
else
{
// File exists, and it doesn't need updated.
return
-
1
;
}
}
/* This xml 2 array function is courtesy of the php.net comment section on xml_parse.
* it is roughly 4 times faster then our existing pfSense parser but due to the large
* size of the RRD xml dumps this is required.
...
...
src/etc/rc.update_urltables
View file @
91f984a0
...
...
@@ -3,6 +3,7 @@
require_once
(
"config.inc"
);
require_once
(
"util.inc"
);
require_once
(
"filter.inc"
);
require_once
(
"pfsense-utils.inc"
);
if
(
!
isset
(
$config
[
'aliases'
][
'alias'
]))
{
...
...
src/www/firewall_aliases_edit.php
View file @
91f984a0
...
...
@@ -31,6 +31,7 @@
*/
require_once
(
"guiconfig.inc"
);
require_once
(
"filter.inc"
);
require_once
(
"pfsense-utils.inc"
);
/**
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment