function IP6TLAN_build_command($name)
{
fwrite("w", $_GLOBALS["START"], "#!/bin/sh\n");
fwrite("a", $_GLOBALS["START"], "ip6tables -t filter -F FWD." . $name . "\n");
fwrite("a", $_GLOBALS["START"], "ip6tables -t filter -F INP." . $name . "\n");
$iptcmdFWD = "ip6tables -t filter -A FWD." . $name;
$iptcmdIN = "ip6tables -t filter -A INP." . $name;
$path = XNODE_getpathbytarget("", "inf", "uid", $name, 0);
if ($path != "") {
$fw = XNODE_get_var("FIREWALL6.USED");
$security = query("/device/simple_security");
if ($fw > 0) {
fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -j FIREWALL\n");
}
if ($security > 0) {
fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -j FWD.SMPSECURITY." . $name . "\n");
}
if ($fw > 0) {
fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -j FIREWALL_POLICY\n");
}
/* Outbound filter will be run faster to drop some packets. */
fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -j FWD.OBFILTER\n");
fwrite("a", $_GLOBALS["START"], $iptcmdIN . " -j INP.OBFILTER\n");
}
fwrite("a", $_GLOBALS["START"], "exit 0\n");
fwrite("w", $_GLOBALS["STOP"], "#!/bin/sh\n");
fwrite("a", $_GLOBALS["STOP"], "ip6tables -t filter -F FWD." . $name . "\n");
fwrite("a", $_GLOBALS["STOP"], "ip6tables -t filter -F INP." . $name . "\n");
fwrite("a", $_GLOBALS["STOP"], "exit 0\n");
}
function IP6TLAN_build_command($name)
{
fwrite("w", $_GLOBALS["START"], "#!/bin/sh\n");
fwrite("a", $_GLOBALS["START"], "ip6tables -t filter -F FWD." . $name . "\n");
fwrite("a", $_GLOBALS["START"], "ip6tables -t filter -F INP." . $name . "\n");
$iptcmdFWD = "ip6tables -t filter -A FWD." . $name;
$iptcmdIN = "ip6tables -t filter -A INP." . $name;
$path = XNODE_getpathbytarget("", "inf", "uid", $name, 0);
if ($path != "") {
$fw = XNODE_get_var("FIREWALL6.USED");
if ($fw > 0) {
fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -j FIREWALL\n");
}
}
fwrite("a", $_GLOBALS["START"], "exit 0\n");
fwrite("w", $_GLOBALS["STOP"], "#!/bin/sh\n");
fwrite("a", $_GLOBALS["STOP"], "ip6tables -t filter -F FWD." . $name . "\n");
fwrite("a", $_GLOBALS["STOP"], "ip6tables -t filter -F INP." . $name . "\n");
fwrite("a", $_GLOBALS["STOP"], "exit 0\n");
}
function IP6TWAN_build_command($name)
{
fwrite(w, $_GLOBALS["START"], "#!/bin/sh\n" . "ip6tables -F FWD." . $name . "\n" . "ip6tables -F INP." . $name . "\n");
$iptcmd = "ip6tables -t nat -A PRE." . $name;
$path = XNODE_getpathbytarget("", "inf", "uid", $name, 0);
if ($path != "") {
/* FIREWALL */
$firewall = XNODE_get_var("FIREWALL6.USED");
$security = query("/device/simple_security");
if ($firewall > 0) {
fwrite("a", $_GLOBALS["START"], "ip6tables -A FWD." . $name . " -j FIREWALL\n");
}
if ($security > 0) {
fwrite("a", $_GLOBALS["START"], "ip6tables -A FWD." . $name . " -j FWD.SMPSECURITY." . $name . "\n");
}
if ($firewall > 0) {
fwrite("a", $_GLOBALS["START"], "ip6tables -A FWD." . $name . " -j FIREWALL_POLICY\n");
}
}
fwrite("w", $_GLOBALS["STOP"], "#!/bin/sh\n" . "ip6tables -F FWD." . $name . "\n" . "ip6tables -F INP." . $name . "\n" . "exit 0\n");
}
function dhcp_client($mode, $inf, $devnam, $opt, $router, $dns)
{
$hlp = "/var/servd/" . $inf . "-dhcp6c.sh";
$pid = "/var/servd/" . $inf . "-dhcp6c.pid";
$cfg = "/var/servd/" . $inf . "-dhcp6c.cfg";
/* DHCP over PPP session ? */
$previnf = XNODE_get_var($inf . "_PREVINF");
XNODE_del_var($inf . "_PREVINF");
/* dslite ? */
$nextinf = XNODE_get_var($inf . "_NEXTINF");
XNODE_del_var($inf . "_NEXTINF");
//if ($mode=="PPPDHCP" && $_GLOBALS["PREVINF"]!="")
//msg("mode is ".$mode.", previnf is ".$previnf);
msg("mode is " . $mode . ", previnf is " . $previnf . ", nextinf is " . $nextinf);
if ($mode == "PPPDHCP" && $previnf != "") {
//$pppdev = PHYINF_getruntimeifname($_GLOBALS["PREVINF"]);
$pppdev = PHYINF_getruntimeifname($previnf);
if ($pppdev == "") {
return error("no PPP device.");
}
msg("PPP device = " . $pppdev);
}
msg("dhcpopt: " . $opt);
/* Gererate DHCP-IAID from 32-bit of mac address*/
$mac = PHYINF_getphymac($inf);
$mac1 = cut($mac, 3, ":");
$mac2 = cut($mac, 0, ":");
$mac3 = cut($mac, 1, ":");
$mac4 = cut($mac, 2, ":");
$iaidstr = $mac1 . $mac2 . $mac3 . $mac4;
$iaid = strtoul($iaidstr, 16);
/* Generate configuration file. */
if ($mode == "INFOONLY") {
$send = "\tinformation-only;\n";
$idas = "";
} else {
//check if we have pd hint
$stsp = XNODE_getpathbytarget("/runtime", "inf", "uid", $inf, 0);
$pdhint_enable = query($stsp . "/pdhint/enable");
$pdhintmsg = "\n";
if ($pdhint_enable == "1") {
$pdhint_network = query($stsp . "/pdhint/network");
$pdhint_prefix = query($stsp . "/pdhint/prefix");
$pdhint_plft = query($stsp . "/pdhint/preferlft");
$pdhint_vlft = query($stsp . "/pdhint/validlft");
if ($pdhint_vlft != "") {
$pdhintmsg = "\tprefix " . $pdhint_network . "/" . $pdhint_prefix . " " . $pdhint_plft . " " . $pdhint_vlft . ";\n";
} else {
$pdhintmsg = "\tprefix " . $pdhint_network . "/" . $pdhint_prefix . " " . $pdhint_plft . ";\n";
}
}
//check if we got the prefix before
//++++
$pre_pd_network = query("/runtime/ipv6/pre_pdnetwork");
if ($pre_pd_network != "") {
$pre_pd_prefix = query("/runtime/ipv6/pre_pdprefix");
$pre_pd_plft = query("/runtime/ipv6/pre_pdplft");
$pre_pd_vlft = query("/runtime/ipv6/pre_pdvlft");
if ($pre_pd_vlft != "") {
$pdhintmsg = "\tprefix " . $pre_pd_network . "/" . $pre_pd_prefix . " " . $pre_pd_plft . " " . $pre_pd_vlft . ";\n";
} else {
$pdhintmsg = "\tprefix " . $pre_pd_network . "/" . $pre_pd_prefix . " " . $pre_pd_plft . ";\n";
}
} else {
$pdhintmsg = "\tprefix ::/56 0 0;\n";
}
//----
//if (strstr($opt,"IA-NA")!="") {$send=$send."\tsend ia-na 0;\n"; $idas=$idas."id-assoc na {\n};\n";}
if (strstr($opt, "IA-NA") != "") {
$send = $send . "\tsend ia-na " . $iaid . ";\n";
$idas = $idas . "id-assoc na " . $iaid . "{\n};\n";
}
//if (strstr($opt,"IA-PD")!="") {$send=$send."\tsend ia-pd 0;\n"; $idas=$idas."id-assoc pd {\n};\n";}
if (strstr($opt, "IA-PD") != "") {
$send = $send . "\tsend ia-pd 0;\n";
$idas = $idas . "id-assoc pd {\n" . $pdhintmsg . "};\n";
}
}
if ($mode == "PPPDHCP") {
$dname = $pppdev;
} else {
$dname = $devnam;
}
$nextinfp = XNODE_getpathbytarget("", "inf", "uid", $nextinf, 0);
$nextinet = query($nextinfp . "/inet");
$nextinetp = XNODE_getpathbytarget("inet", "entry", "uid", $nextinet, 0);
$nextmode = query($nextinetp . "/ipv4/ipv4in6/mode");
if ($nextinf != "" && $nextmode == "dslite") {
$rqstmsg = "\trequest aftr-server-domain-name;\n";
} else {
$rqstmsg = "";
}
fwrite(w, $cfg, "interface " . $dname . " {\n" . $send . "\trequest domain-name-servers;\n" . "\trequest domain-name;\n" . "\trequest ntp-servers;\n" . $rqstmsg . "\tscript \"" . $hlp . "\";\n" . "};\n" . $idas);
/* generate callback script */
fwrite(w, $hlp, "#!/bin/sh\n" . 'if [ $new_addr != "" ] || [ $new_pd_prefix != "" ]; then\\n' . "\techo [\$0]: [{$new_addr}] [{$new_pd_prefix}] [{$new_pd_plen}] [{$new_pd_pltime}] [{$new_pd_vltime}] > /dev/console\n" . "else\n" . "\texit 0\n" . "fi\n" . "phpsh /etc/services/INET/inet6_dhcpc_helper.php" . " INF=" . $inf . " MODE=" . $mode . " DEVNAM=" . $dname . " GATEWAY=" . $router . " DHCPOPT=" . $opt . ' "NAMESERVERS=$new_domain_name_servers"' . ' "DOMAIN=$new_domain_name"' . ' "NEW_ADDR=$new_addr"' . ' "NEW_PD_PREFIX=$new_pd_prefix"' . ' "NEW_PD_PLEN=$new_pd_plen"' . ' "NEW_PD_PLTIME=$new_pd_pltime"' . ' "NEW_PD_VLTIME=$new_pd_vltime"' . ' "DNS=' . $dns . '"' . ' "NEW_AFTR_NAME=$new_aftr_name"' . ' "NTPSERVER=$new_ntp_servers"' . "\n");
/* Start DHCP client */
cmd("chmod +x " . $hlp);
if ($pppdev == "") {
cmd("dhcp6c -c " . $cfg . " -p " . $pid . " -t LL -n " . $inf . " " . $devnam);
} else {
cmd("dhcp6c -c " . $cfg . " -p " . $pid . " -t LL -o " . $devnam . " -n " . $inf . " " . $pppdev);
}
return 0;
}
function IPTLAN_build_command($name)
{
fwrite("w", $_GLOBALS["START"], "#!/bin/sh\n");
fwrite("w", $_GLOBALS["STOP"], "#!/bin/sh\n");
fwrite("a", $_GLOBALS["START"], "iptables -t nat -F PRE." . $name . "\n");
/* if snmp open wan, drop udp port 161 from lan port */
$snmp_inf = query("/snmp/inf");
$enable_snmp = query("/snmp/active");
$iptcmdNAT = "iptables -t nat -A PRE." . $name;
$dev = PHYINF_getruntimeifname($name);
if ($enable_snmp == "1") {
if ($snmp_inf != $name) {
$path = XNODE_getpathbytarget("", "inf", "uid", $snmp_inf, 0);
$inet = query($path . "/inet");
$inetp = XNODE_getpathbytarget("/inet", "entry", "uid", $inet, 0);
$ipaddr = query($inetp . "/ipv4/ipaddr");
if ($ipaddr != "") {
fwrite("a", $_GLOBALS["START"], $iptcmdNAT . " -i " . $dev . " -p udp --dport 161 -d " . $ipaddr . " -j DROP\n");
}
}
}
fwrite("a", $_GLOBALS["START"], "iptables -t nat -A PRE." . $name . " -j ACCEPT\n");
/* firewall */
fwrite("a", $_GLOBALS["START"], "echo -1 > /proc/fastnat/forskipsupport\n");
fwrite("a", $_GLOBALS["START"], "iptables -t filter -F FWD." . $name . "\n");
fwrite("a", $_GLOBALS["START"], "iptables -t filter -F INP." . $name . "\n");
$iptcmdFWD = "iptables -t filter -A FWD." . $name;
$iptcmdIN = "iptables -t filter -A INP." . $name;
$path = XNODE_getpathbytarget("", "inf", "uid", $name, 0);
if ($path != "") {
$macf = XNODE_get_var("MACF." . $name . ".USED");
$urlf = XNODE_get_var("URLF." . $name . ".USED");
$fw = XNODE_get_var("FIREWALL.USED");
$fw2 = XNODE_get_var("FIREWALL-2.USED");
$fw3 = XNODE_get_var("FIREWALL-3.USED");
$pptppt = query("/device/passthrough/pptp");
$ipsecpt = query("/device/passthrough/ipsec");
$rtsppt = query("/device/passthrough/rtsp");
$sip = query("/device/passthrough/sip");
/* Outbound filter will be run faster to drop some packets. */
fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -j FWD.OBFILTER\n");
fwrite("a", $_GLOBALS["START"], $iptcmdIN . " -j INP.OBFILTER\n");
if ($macf > 0) {
fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -j MACF." . $name . "\n" . $iptcmdIN . " -j MACF." . $name . "\n");
}
if ($fw > 0) {
fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -j FIREWALL\n");
}
if ($fw2 > 0) {
fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -j FIREWALL-2\n");
}
if ($fw3 > 0) {
fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -j FIREWALL-3\n");
}
if ($urlf > 0) {
fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -p tcp --dport 80 -j URLF." . $name . "\n" . "echo 80 > /proc/fastnat/forskipsupport\n" . "event SW.FASTNAT.DOWN\n");
fwrite("a", $_GLOBALS["STOP"], "event SW.FASTNAT.UP\n");
}
fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -j FOR_POLICY\n");
port_trigger_command($iptcmdFWD);
if ($pptppt == 0) {
fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -p tcp --dport 1723 -j DROP\n" . "echo 1723 > /proc/fastnat/forskipsupport\n");
}
if ($ipsecpt == 0) {
fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -p udp --dport 500 -j DROP\n" . "echo 500 > /proc/fastnat/forskipsupport\n" . $iptcmdFWD . " -p udp --dport 4500 -j DROP\n" . "echo 4500 > /proc/fastnat/forskipsupport\n" . $iptcmdFWD . " -p ah -j DROP\n" . $iptcmdFWD . " -p esp -j DROP\n");
}
if ($rtsppt == 0) {
fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -p tcp --dport 554 -j DROP\n" . "echo 554 > /proc/fastnat/forskipsupport\n");
}
if ($sip == 0) {
fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -p udp --dport 5060 -j DROP\n" . "echo 5060 > /proc/fastnat/forskipsupport\n");
}
}
fwrite("a", $_GLOBALS["START"], "exit 0\n");
fwrite("a", $_GLOBALS["STOP"], "iptables -t nat -F PRE." . $name . "\n");
/* firewall */
fwrite("a", $_GLOBALS["STOP"], "echo -1 > /proc/fastnat/forskipsupport\n");
fwrite("a", $_GLOBALS["STOP"], "iptables -t filter -F FWD." . $name . "\n");
fwrite("a", $_GLOBALS["STOP"], "iptables -t filter -F INP." . $name . "\n");
fwrite("a", $_GLOBALS["STOP"], "exit 0\n");
}
function phyinf_setup($ifname)
{
$phyinf = XNODE_getpathbytarget("", "phyinf", "uid", $ifname, 0);
if ($phyinf == "") {
error("9");
return;
}
if (query($phyinf . "/active") != "1") {
error("8");
return;
}
/* Set media */
$media = query($phyinf . "/media/linktype");
if ($media == "") {
$media = "AUTO";
}
phyinf_setmedia($mode, $ifname, $media);
startcmd("# PHYINF." . $ifname . ": media=" . $media . ", VID=" . $vid);
/* Set IPv6 */
if (isfile("/proc/net/if_inet6") == 1) {
/* IPv6 is disabled by default (we modified the kernel code).
* Enable IPv6 here. */
$dev = PHYINF_getifname($ifname);
if ($dev != "") {
startcmd("echo 0 > /proc/sys/net/ipv6/conf/" . $dev . "/disable_ipv6");
stopcmd("echo 1 > /proc/sys/net/ipv6/conf/" . $dev . "/disable_ipv6");
}
}
/* Set the MAC address */
$stsp = XNODE_getpathbytarget("/runtime", "phyinf", "uid", $ifname, 0);
if ($stsp == "") {
/* The LAYOUT service should be start before PHYINF.XXX.
* We should never reach here !! */
fwrite("w", "/dev/console", "PHYINF: The LAYOUT service should be start before PHYINF !!!\n");
} else {
$mac = query($phyinf . "/macaddr");
if ($mac == "") {
$mac = XNODE_get_var("MACADDR_" . $ifname);
}
$mac = tolower($mac);
$curr = tolower(query($stsp . "/macaddr"));
startcmd("# MAC: currrent " . $curr . ", target " . $mac);
if ($mac != $curr) {
SHELL_info($_GLOBALS["START"], "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n" . "!!! Bad MAC address. Device may work abnormally. !!!\n" . "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n");
}
}
}
return $optfile;
}
/* PPP IPv6 *****************************************************/
fwrite("a", $START, "# INFNAME = [" . $_GLOBALS["INET_INFNAME"] . "]\n");
fwrite("a", $STOP, "# INFNAME = [" . $_GLOBALS["INET_INFNAME"] . "]\n");
/* These parameter should be valid. */
$inf = $INET_INFNAME;
$infp = XNODE_getpathbytarget("", "inf", "uid", $inf, 0);
$phyinf = query($infp . "/phyinf");
$inet = query($infp . "/inet");
$inetp = XNODE_getpathbytarget("/inet", "entry", "uid", $inet, 0);
$ifname = PHYINF_getifname($phyinf);
$default = query($infp . "/defaultroute");
$child = query($infp . "/child");
$addrtype = query($inetp . "/addrtype");
$dial = XNODE_get_var($inf . ".DIALUP");
if ($dial == "") {
$dial = query($inetp . "/ppp6/dialup/mode");
}
fwrite("a", $START, 'event ' . $inf . '.PPP.AUTHFAILED add true\\n');
/* generate option file */
$optfile = pppoptions($inf, $ifname, $inetp . "/ppp6", $default, $dial, $addrtype);
fwrite("a", $START, "# optfile = [" . $optfile . "]\n");
/* Files */
$sfile = "/var/run/ppp-" . $inf . ".status";
$pppd_pid = "/var/run/ppp-" . $inf . ".pid";
$dialuppid = "/var/run/ppp-" . $inf . "-dialup.pid";
$dialupsh = "/var/run/ppp-" . $inf . "-dialup.sh";
$hangupsh = "/var/run/ppp-" . $inf . "-hangup.sh";
/* Dialup/Hangup script ******************************/
fwrite(w, $dialupsh, "#!/bin/sh\n");
$dnstext = fread("r", "/etc/ppp/resolv.conf." . $PARAM);
$cnt = scut_count($dnstext, "");
$i = 0;
while ($i < $cnt) {
$token = scut($dnstext, $i, "");
if ($token == "nameserver") {
$i++;
$token = scut($dnstext, $i, "");
add($stsp . "/inet/ppp4/dns", $token);
}
$i++;
}
}
/* We use PING peer IP to trigger the dailup at 'ondemand' mode.
* So we need to update the command to PING the new gateway. */
$dial = XNODE_get_var($PARAM . ".DIALUP");
if ($dial == "") {
$dial = query($inetp . "/ppp4/dialup/mode");
}
if ($dial == "ondemand") {
echo 'event ' . $PARAM . '.PPP.DIALUP add "ping ' . $REMOTE . '"\\n';
//hendry, for on demand, we at least dial once
echo 'event ' . $PARAM . '.PPP.DIALUP\\n';
}
/* 3G connection mode */
if (query($inetp . "/ppp4/over") == "tty") {
echo "event TTY.UP\n";
}
/*
echo "event ".$PARAM.".UP\n";
echo "echo 1 > /var/run/".$PARAM.".UP\n";
<?php
/* This is an include file, used by IPTPFWD.php and IPTPORTT.php.
* The file add the VSVR, PFWD, and PORTT chains to PFWD.$UID,
* So that the stream destined to the WAN's IP address from the LAN hosts can be correctly redirected to the targeted LAN host,
* when there are rules in Virtual Server, Port Forward, or Port Trigger.
*/
$CHAIN = "DNAT.VSVR." . $UID;
if (XNODE_get_var($CHAIN . ".USED") > 0) {
fwrite("a", $START, "iptables -t nat -A PFWD." . $UID . " -j " . $CHAIN . "\n");
}
$CHAIN = "DNAT.PFWD." . $UID;
if (XNODE_get_var($CHAIN . ".USED") > 0) {
fwrite("a", $START, "iptables -t nat -A PFWD." . $UID . " -j " . $CHAIN . "\n");
}
$CHAIN = "DNAT.PORTT." . $UID;
if (XNODE_get_var("PORTT." . $UID . ".USED") > 0) {
fwrite("a", $START, "iptables -t nat -A PFWD." . $UID . " -j " . $CHAIN . "\n");
}
function ipv6_child($child)
{
/* Get the config */
$infp = XNODE_getpathbytarget("", "inf", "uid", $child, 0);
if ($infp == "") {
echo "# " . $child . " is not found !!!\n";
return;
}
$phyinf = query($infp . "/phyinf");
$defrt = query($infp . "/defaultroute");
/* Create the runtime nodes. */
$stsp = XNODE_getpathbytarget("/runtime", "inf", "uid", $child, 1);
set($stsp . "/phyinf", $phyinf);
set($stsp . "/defaultroute", $defrt);
/* Get the config. */
$ipaddr = XNODE_get_var($child . "_IPADDR");
$prefix = XNODE_get_var($child . "_PREFIX");
$devnam = PHYINF_getphyinf($child);
$phyinfv = XNODE_get_var($child . "_PHYINF");
if ($phyinfv != "") {
$phyinf = $phyinfv;
$devnam = PHYINF_getifname($phyinf);
set($stsp . "/phyinf", $phyinf);
}
/* Get dhcp-pd config. */
$pdnetwork = XNODE_get_var($child . "_PDNETWORK");
$pdprefix = XNODE_get_var($child . "_PDPREFIX");
//$enablepd = query($stsp."/dhcps6/pd/enable");
echo "# pdnetwork :" . $pdnetwork . "\n";
echo "# pdprefix :" . $pdprefix . "\n";
if ($pdnetwork != "" && $pdprefix != "") {
set($stsp . "/dhcps6/pd/network", $pdnetwork);
set($stsp . "/dhcps6/pd/prefix", $pdprefix);
}
$pdplft = XNODE_get_var($child . "_PDPLFT");
$pdvlft = XNODE_get_var($child . "_PDVLFT");
echo "# pdplft :" . $pdplft . "\n";
echo "# pdvlft :" . $pdvlft . "\n";
if ($pdplft != "") {
set($stsp . "/dhcps6/pd/preferlft", $pdplft);
}
if ($pdvlft != "") {
set($stsp . "/dhcps6/pd/validlft", $pdvlft);
}
/* Clear the variables. */
/*
XNODE_del_var($child."_IPADDR");
XNODE_del_var($child."_PREFIX");
XNODE_del_var($child."_ADDRTYPE");
XNODE_del_var($child."_PHYINF");
XNODE_del_var($child."_PDNETWORK");
XNODE_del_var($child."_PDPREFIX");
XNODE_del_var($child."_PDPLFT");
XNODE_del_var($child."_PDVLFT");
*/
/* enable IPv6 */
fwrite(w, "/proc/sys/net/ipv6/conf/" . $devnam . "/disable_ipv6", 0);
$path_eth = XNODE_getpathbytarget("/runtime", "phyinf", "uid", $phyinf, 0);
$val_eth = query($path_eth . "/ipv6/link/ipaddr");
if ($path_eth == "") {
return;
} else {
if ($val_eth != "") {
stopcmd("phpsh /etc/scripts/IPV6.INET.php ACTION=DETACH INF=" . $child);
startcmd("phpsh /etc/scripts/IPV6.INET.php ACTION=ATTACH INF=" . $child . " MODE=CHILD DEVNAM=" . $devnam . " IPADDR=" . $ipaddr . " PREFIX=" . $prefix);
} else {
return 0;
}
}
/* Start/Stop scripts */
//stopcmd( "phpsh /etc/scripts/IPV6.INET.php ACTION=DETACH INF=".$child);
//startcmd("phpsh /etc/scripts/IPV6.INET.php ACTION=ATTACH INF=".$child.
// " MODE=CHILD DEVNAM=".$devnam." IPADDR=".$ipaddr." PREFIX=".$prefix);
/* record */
stopcmd("rm -f /var/run/CHILD." . $child . ".UP");
startcmd("echo 1 > /var/run/CHILD." . $child . ".UP");
/* delay 2s to wait ipv6 address take effect before HTTP service */
//startcmd("sleep 2");
}
function phyinf_setup($ifname)
{
$phyinf = XNODE_getpathbytarget("", "phyinf", "uid", $ifname, 0);
if ($phyinf == "") {
error("9");
return;
}
if (query($phyinf . "/active") != "1") {
error("8");
return;
}
/* Get layout mode */
$layout = query("/runtime/device/layout");
if ($layout == "bridge") {
$mode = "1BRIDGE";
} else {
if ($layout == "router") {
$mode = query("/runtime/device/router/mode");
} else {
error("10");
return;
}
}
if ($mode == "") {
$mode = "1W1L";
}
/* Set media */
$media = query($phyinf . "/media/linktype");
if ($media == "") {
$media = "AUTO";
}
phyinf_setmedia($mode, $ifname, $media);
startcmd("# PHYINF." . $ifname . ": media=" . $media . ", VID=" . $vid);
/* Set IPv6 */
if (isfile("/proc/net/if_inet6") == 1) {
if ($layout == "router") {
/**********************************************************************************
* only enable ipv6 function at br0(LAN) and eth1(WAN), other disable by default
*********************************************************************************/
phyinf_setipv6($mode, $ifname);
} else {
$dev = PHYINF_getifname($ifname);
if ($dev != "") {
startcmd("echo 0 > /proc/sys/net/ipv6/conf/" . $dev . "/disable_ipv6");
stopcmd("echo 1 > /proc/sys/net/ipv6/conf/" . $dev . "/disable_ipv6");
}
}
}
/* Set the MAC address */
$stsp = XNODE_getpathbytarget("/runtime", "phyinf", "uid", $ifname, 0);
if ($stsp == "") {
/* The LAYOUT service should be start before PHYINF.XXX.
* We should never reach here !! */
fwrite("w", "/dev/console", "PHYINF: The LAYOUT service should be start before PHYINF !!!\n");
} else {
$mac = query($phyinf . "/macaddr");
if ($mac == "") {
$mac = XNODE_get_var("MACADDR_" . $ifname);
}
$mac = tolower($mac);
$curr = tolower(query($stsp . "/macaddr"));
startcmd("# MAC: currrent " . $curr . ", target " . $mac);
if ($mac != $curr) {
SHELL_info($_GLOBALS["START"], "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n" . "!!! Bad MAC address. Device may work abnormally. !!!\n" . "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n");
}
}
}
}
TRACE_debug("IPTDMZ: cnt= " . $cnt);
while ($i < $cnt) {
$i++;
anchor("/nat/entry:" . $i);
$UID = query("uid");
$CHAIN = "DNAT.DMZ." . $UID;
XNODE_set_var($CHAIN . ".USED", "0");
fwrite("a", $START, "iptables -t nat -F " . $CHAIN . "\n");
fwrite("a", $STOP, "iptables -t nat -F " . $CHAIN . "\n");
$enable = query("dmz/enable");
$inf = query("dmz/inf");
$hostid = query("dmz/hostid");
$sch = query("dmz/schedule");
if ($enable == "1" && $inf != "" && $hostid != "") {
$lanip = XNODE_get_var($inf . ".IPADDR");
$mask = XNODE_get_var($inf . ".MASK");
$ipaddr = ipv4ip($lanip, $mask, $hostid);
if ($ipaddr != "") {
if ($sch == "") {
$timecmd = "";
} else {
$timecmd = IPT_build_time_command($sch);
}
fwrite("a", $START, "iptables -t nat -A " . $CHAIN . " " . $timecmd . " -j DNAT --to-destination " . $ipaddr . "\n");
XNODE_set_var($CHAIN . ".USED", "1");
}
}
}
fwrite("a", $START, "exit 0\n");
fwrite("a", $STOP, "exit 0\n");
