/**
* list available interfaces for lagg
* @param null $selected_id selected item index
* @return array
*/
function available_interfaces($selected_id = null)
{
global $config;
// configured interfaces
$configured_interfaces = array();
foreach (get_configured_interface_list(false, true) as $intf) {
$configured_interfaces[] = get_real_interface($intf);
}
// lagg members from other lagg interfaces
$lagg_member_interfaces = array();
foreach ($config['laggs']['lagg'] as $lagg_idx => $lagg) {
if ($lagg_idx == $selected_id) {
continue;
}
foreach (explode(",", $lagg['members']) as $lagg_member) {
$lagg_member_interfaces[] = get_real_interface($lagg_member);
}
}
$interfaces = array();
foreach (get_interface_list() as $intf => $intf_info) {
if (strpos($intf, '_vlan')) {
// skip vlans
continue;
} elseif (in_array($intf, $lagg_member_interfaces)) {
// skip members of other lagg interfaces
continue;
} elseif (in_array($intf, $configured_interfaces)) {
// skip configured interfaces
continue;
}
$interfaces[$intf] = $intf_info;
}
return $interfaces;
}
function find_ip_interface($ip, $bits = null)
{
if (!is_ipaddr($ip)) {
return false;
}
$isv6ip = is_ipaddrv6($ip);
/* if list */
$ifdescrs = get_configured_interface_list();
foreach ($ifdescrs as $ifdescr => $ifname) {
$ifip = $isv6ip ? get_interface_ipv6($ifname) : get_interface_ip($ifname);
if (is_null($ifip)) {
continue;
}
if (is_null($bits)) {
if ($ip == $ifip) {
$int = get_real_interface($ifname);
return $int;
}
} else {
if (ip_in_subnet($ifip, $ip . "/" . $bits)) {
$int = get_real_interface($ifname);
return $int;
}
}
}
return false;
}
function get_interface_rates($iface, &$inKbps, &$outKbps)
{
$realif = get_real_interface($iface);
$ifinfo1 = pfSense_get_interface_stats($realif);
$tmrStart = microtime(true);
usleep(100000);
$ifinfo2 = pfSense_get_interface_stats($realif);
$totTime = microtime(true) - $tmrStart;
$inKbps = abs($ifinfo2['inbytes'] - $ifinfo1['inbytes']) * (1 / $totTime) / 1000 * 8;
$outKbps = abs($ifinfo2['outbytes'] - $ifinfo1['outbytes']) * (1 / $totTime) / 1000 * 8;
}
function get_wireless_channel_info($interface)
{
$wireless_channels = array();
$cloned_interface = get_real_interface($interface);
if ($cloned_interface && is_interface_wireless($cloned_interface)) {
$chan_list = "/sbin/ifconfig {$cloned_interface} list txpower";
$stack_list = "/usr/bin/awk -F\"Channel \" '{ gsub(/\\*/, \" \"); print \$2 \"\\\n\" \$3 }'";
$format_list = "/usr/bin/awk '{print \$1 \",\" \$3 \" \" \$4 \",\" \$5 \",\" \$7}'";
$interface_channels = "";
exec("{$chan_list} | {$stack_list} | sort -u | {$format_list} 2>&1", $interface_channels);
foreach ($interface_channels as $channel_line) {
$channel_line = explode(",", $channel_line);
if (!isset($wireless_channels[$channel_line[0]])) {
$wireless_channels[$channel_line[0]] = $channel_line;
}
}
}
return $wireless_channels;
}
/* define servers and ports snortdefservers */
$snort_servers = array("dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET", "www_servers" => "\$HOME_NET", "sql_servers" => "\$HOME_NET", "telnet_servers" => "\$HOME_NET", "snmp_servers" => "\$HOME_NET", "ftp_servers" => "\$HOME_NET", "ssh_servers" => "\$HOME_NET", "pop_servers" => "\$HOME_NET", "imap_servers" => "\$HOME_NET", "sip_proxy_ip" => "\$HOME_NET", "sip_servers" => "\$HOME_NET", "rpc_servers" => "\$HOME_NET", "dnp3_server" => "\$HOME_NET", "dnp3_client" => "\$HOME_NET", "modbus_server" => "\$HOME_NET", "modbus_client" => "\$HOME_NET", "enip_server" => "\$HOME_NET", "enip_client" => "\$HOME_NET", "aim_servers" => "64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24");
/* if user has defined a custom ssh port, use it */
if (is_array($config['system']['ssh']) && isset($config['system']['ssh']['port'])) {
$ssh_port = $config['system']['ssh']['port'];
} else {
$ssh_port = "22";
}
$snort_ports = array("dns_ports" => "53", "smtp_ports" => "25", "mail_ports" => "25,465,587,691", "http_ports" => "36,80,81,82,83,84,85,86,87,88,89,90,311,383,591,593,631,901,1220,1414,1533,1741,1830,2301,2381,2809,3037,3057,3128,3443,3702,4343,4848,5250,6080,6988,7000,7001,7144,7145,7510,7777,7779,8000,8008,8014,8028,8080,8081,8082,8085,8088,8090,8118,8123,8180,8181,8222,8243,8280,8300,8500,8800,8888,8899,9000,9060,9080,9090,9091,9443,9999,10000,11371,15489,29991,33300,34412,34443,34444,41080,44440,50000,50002,51423,55555,56712", "oracle_ports" => "1024:", "mssql_ports" => "1433", "telnet_ports" => "23", "snmp_ports" => "161", "ftp_ports" => "21,2100,3535", "ssh_ports" => $ssh_port, "pop2_ports" => "109", "pop3_ports" => "110", "imap_ports" => "143", "sip_proxy_ports" => "5060:5090,16384:32768", "sip_ports" => "5060,5061,5600", "auth_ports" => "113", "finger_ports" => "79", "irc_ports" => "6665,6666,6667,6668,6669,7000", "smb_ports" => "139,445", "nntp_ports" => "119", "rlogin_ports" => "513", "rsh_ports" => "514", "ssl_ports" => "443,465,563,636,989,992,993,994,995,7801,7802,7900,7901,7902,7903,7904,7905,7906,7907,7908,7909,7910,7911,7912,7913,7914,7915,7916,7917,7918,7919,7920", "file_data_ports" => "\$HTTP_PORTS,110,143", "shellcode_ports" => "!80", "sun_rpc_ports" => "111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779", "DCERPC_NCACN_IP_TCP" => "139,445", "DCERPC_NCADG_IP_UDP" => "138,1024:", "DCERPC_NCACN_IP_LONG" => "135,139,445,593,1024:", "DCERPC_NCACN_UDP_LONG" => "135,1024:", "DCERPC_NCACN_UDP_SHORT" => "135,593,1024:", "DCERPC_NCACN_TCP" => "2103,2105,2107", "DCERPC_BRIGHTSTORE" => "6503,6504", "DNP3_PORTS" => "20000", "MODBUS_PORTS" => "502", "GTP_PORTS" => "2123,2152,3386");
// Sort our SERVERS and PORTS arrays to make values
// easier to locate for the user.
ksort($snort_servers);
ksort($snort_ports);
$pconfig = $a_nat[$id];
/* convert fake interfaces to real */
$if_real = get_real_interface($pconfig['interface']);
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
if ($_POST['save']) {
$natent = array();
$natent = $pconfig;
foreach ($snort_servers as $key => $server) {
if ($_POST["def_{$key}"] && !is_alias($_POST["def_{$key}"])) {
$input_errors[] = "Only aliases are allowed";
}
}
foreach ($snort_ports as $key => $server) {
if ($_POST["def_{$key}"] && !is_alias($_POST["def_{$key}"])) {
$input_errors[] = "Only aliases are allowed";
}
}
/* if no errors write to conf */
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
$tab_array = array();
foreach ($ciflist as $interface => $ifdescr) {
if (is_interface_wireless(get_real_interface($interface))) {
$enabled = false;
if ($if == $interface) {
$enabled = true;
}
$tab_array[] = array(gettext("Status") . " ({$ifdescr})", $enabled, "status_wireless.php?if={$interface}");
}
}
$rwlif = get_real_interface($if);
if ($_POST['rescanwifi'] != "") {
mwexec_bg("/sbin/ifconfig {$rwlif} scan 2>&1");
$savemsg = gettext("Rescan has been initiated in the background. Refresh this page in 10 seconds to see the results.");
}
if ($savemsg) {
print_info_box($savemsg);
}
display_top_tabs($tab_array);
?>
</td></tr>
<tr><td>
<div id="mainarea" class="tabcont">
<input type="hidden" name="if" id="if" value="<?php
echo htmlspecialchars($if);
?>
function snort_widget_get_alerts()
{
global $config, $a_instance, $snort_nentries;
$snort_alerts = array();
/* read log file(s) */
$counter = 0;
foreach ($a_instance as $instanceid => $instance) {
$snort_uuid = $a_instance[$instanceid]['uuid'];
$if_real = get_real_interface($a_instance[$instanceid]['interface']);
/* make sure alert file exists, then "tail" the last '$snort_nentries' from it */
if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
exec("tail -{$snort_nentries} -r /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_snort{$snort_uuid}");
if (file_exists("/tmp/alert_snort{$snort_uuid}")) {
/* 0 1 2 3 4 5 6 7 8 9 10 11 12 */
/* File format: timestamp,generator_id,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */
if (!($fd = fopen("/tmp/alert_snort{$snort_uuid}", "r"))) {
log_error(gettext("[Snort Widget] Failed to open file /tmp/alert_snort{$snort_uuid}"));
continue;
}
while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
if (count($fields) < 13) {
continue;
}
// Get the Snort interface this alert was received from
$snort_alerts[$counter]['instanceid'] = strtoupper($a_instance[$instanceid]['interface']);
// "fields[0]" is the complete timestamp in ASCII form. Convert
// to a UNIX timestamp so we can use it for various date and
// time formatting. Also extract the MM/DD/YY component and
// reverse its order to YY/MM/DD for proper sorting.
$fields[0] = trim($fields[0]);
// remove trailing space before comma delimiter
$tstamp = strtotime(str_replace("-", " ", $fields[0]));
// remove "-" between date and time components
$tmp = substr($fields[0], 6, 2) . '/' . substr($fields[0], 0, 2) . '/' . substr($fields[0], 3, 2);
$snort_alerts[$counter]['timestamp'] = str_replace(substr($fields[0], 0, 8), $tmp, $fields[0]);
$snort_alerts[$counter]['timeonly'] = date("H:i:s", $tstamp);
$snort_alerts[$counter]['dateonly'] = date("M d", $tstamp);
// Add square brackets around any any IPv6 address
if (strpos($fields[6], ":") === FALSE) {
$snort_alerts[$counter]['src'] = trim($fields[6]);
} else {
$snort_alerts[$counter]['src'] = "[" . trim($fields[6]) . "]";
}
// Add the SRC PORT if not null
if (!empty($fields[7])) {
$snort_alerts[$counter]['src'] .= ":" . trim($fields[7]);
}
// Add square brackets around any any IPv6 address
if (strpos($fields[8], ":") === FALSE) {
$snort_alerts[$counter]['dst'] = trim($fields[8]);
} else {
$snort_alerts[$counter]['dst'] = "[" . trim($fields[8]) . "]";
}
// Add the DST PORT if not null
if (!empty($fields[9])) {
$snort_alerts[$counter]['dst'] .= ":" . trim($fields[9]);
}
$snort_alerts[$counter]['msg'] = trim($fields[4]);
$counter++;
}
fclose($fd);
@unlink("/tmp/alert_snort{$snort_uuid}");
}
}
}
/* sort the alerts array */
if (isset($config['syslog']['reverse'])) {
sksort($snort_alerts, 'timestamp', false);
} else {
sksort($snort_alerts, 'timestamp', true);
}
return $snort_alerts;
}
if (isset($delbtn)) {
$id = $delbtn;
if (link_interface_to_group($id)) {
$input_errors[] = gettext("The interface is part of a group. Please remove it from the group to continue");
} else {
if (link_interface_to_bridge($id)) {
$input_errors[] = gettext("The interface is part of a bridge. Please remove it from the bridge to continue");
} else {
if (link_interface_to_gre($id)) {
$input_errors[] = gettext("The interface is part of a gre tunnel. Please delete the tunnel to continue");
} else {
if (link_interface_to_gif($id)) {
$input_errors[] = gettext("The interface is part of a gif tunnel. Please delete the tunnel to continue");
} else {
unset($config['interfaces'][$id]['enable']);
$realid = get_real_interface($id);
interface_bring_down($id);
/* down the interface */
unset($config['interfaces'][$id]);
/* delete the specified OPTn or LAN*/
if (is_array($config['dhcpd']) && is_array($config['dhcpd'][$id])) {
unset($config['dhcpd'][$id]);
services_dhcpd_configure();
}
if (count($config['filter']['rule']) > 0) {
foreach ($config['filter']['rule'] as $x => $rule) {
if ($rule['interface'] == $id) {
unset($config['filter']['rule'][$x]);
}
}
}
##|*DESCR=Allow access to the 'Diagnostics: Interface Traffic' page.
##|*MATCH=graph.php*
##|-PRIV
require "globals.inc";
require "guiconfig.inc";
header("Last-Modified: " . gmdate("D, j M Y H:i:s") . " GMT");
header("Expires: " . gmdate("D, j M Y H:i:s", time()) . " GMT");
header("Cache-Control: no-cache, no-store, must-revalidate");
// HTTP/1.1
header("Pragma: no-cache");
// HTTP/1.0
header("Content-type: image/svg+xml");
/********** HTTP GET Based Conf ***********/
$ifnum = @$_GET["ifnum"];
// BSD / SNMP interface name / number
$ifnum = get_real_interface($ifnum);
$ifname = @$_GET["ifname"] ? $_GET["ifname"] : "Interface {$ifnum}";
//Interface name that will be showed on top right of graph
/********* Other conf *******/
if (isset($config["widgets"]["trafficgraphs"]["scale_type"])) {
$scale_type = $config["widgets"]["trafficgraphs"]["scale_type"];
} else {
$scale_type = "up";
}
$nb_plot = 120;
//NB plot in graph
if ($_GET["timeint"]) {
$time_interval = $_GET["timeint"];
//Refresh time Interval
} else {
$time_interval = 3;
}
if (file_exists("{$tmpfname}/{$prefix}gen-msg.map")) {
@copy("{$tmpfname}/{$prefix}gen-msg.map", "{$suricatadir}gen-msg.map");
}
/* Start the rules rebuild proccess for each configured interface */
if (is_array($config['installedpackages']['suricata']['rule']) && count($config['installedpackages']['suricata']['rule']) > 0) {
/* Set the flag to force rule rebuilds since we downloaded new rules, */
/* except when in post-install mode. Post-install does its own rebuild. */
if ($g['suricata_postinstall']) {
$rebuild_rules = false;
} else {
$rebuild_rules = true;
}
/* Create configuration for each active Suricata interface */
foreach ($config['installedpackages']['suricata']['rule'] as $value) {
$if_real = get_real_interface($value['interface']);
// Make sure the interface subdirectory exists. We need to re-create
// it during a pkg reinstall on the intial rules set download.
if (!is_dir("{$suricatadir}suricata_{$value['uuid']}_{$if_real}")) {
safe_mkdir("{$suricatadir}suricata_{$value['uuid']}_{$if_real}");
}
if (!is_dir("{$suricatadir}suricata_{$value['uuid']}_{$if_real}/rules")) {
safe_mkdir("{$suricatadir}suricata_{$value['uuid']}_{$if_real}/rules");
}
$tmp = "Updating rules configuration for: " . convert_friendly_interface_to_friendly_descr($value['interface']) . " ...";
if ($pkg_interface != "console") {
update_status(gettext($tmp));
update_output_window(gettext("Please wait while Suricata interface files are being updated..."));
}
suricata_apply_customizations($value, $if_real);
$tmp = "\t" . $tmp . "\n";
}
$a_nat =& $config['installedpackages']['suricata']['rule'];
if (isset($_POST['id']) && is_numericint($_POST['id'])) {
$id = $_POST['id'];
} elseif (isset($_GET['id']) && is_numericint($_GET['id'])) {
$id = htmlspecialchars($_GET['id']);
}
if (is_null($id)) {
$id = 0;
}
if (isset($id) && $a_nat[$id]) {
$pconfig['autoflowbits'] = $a_nat[$id]['autoflowbitrules'];
$pconfig['ips_policy_enable'] = $a_nat[$id]['ips_policy_enable'];
$pconfig['ips_policy'] = $a_nat[$id]['ips_policy'];
}
$if_real = get_real_interface($a_nat[$id]['interface']);
$suricata_uuid = $a_nat[$id]['uuid'];
$snortdownload = $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules'] == 'on' ? 'on' : 'off';
$emergingdownload = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules'] == 'on' ? 'on' : 'off';
$etpro = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules'] == 'on' ? 'on' : 'off';
$snortcommunitydownload = $config['installedpackages']['suricata']['config'][0]['snortcommunityrules'] == 'on' ? 'on' : 'off';
$no_emerging_files = false;
$no_snort_files = false;
$enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']);
/* Test rule categories currently downloaded to $SURICATADIR/rules and set appropriate flags */
if ($emergingdownload == 'on') {
$test = glob("{$suricatadir}rules/" . ET_OPEN_FILE_PREFIX . "*.rules");
$et_type = "ET Open";
} elseif ($etpro == 'on') {
$test = glob("{$suricatadir}rules/" . ET_PRO_FILE_PREFIX . "*.rules");
$et_type = "ET Pro";
$newcp['timeout'] = 60;
/* file upload? */
if (is_uploaded_file($_FILES['htmlfile']['tmp_name'])) {
$newcp['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name']));
}
if (is_uploaded_file($_FILES['errfile']['tmp_name'])) {
$newcp['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name']));
}
if (is_uploaded_file($_FILES['logoutfile']['tmp_name'])) {
$newcp['page']['logouttext'] = base64_encode(file_get_contents($_FILES['logoutfile']['tmp_name']));
}
write_config();
if (!empty($oldifaces) && $oldifaces != $newcp['interface']) {
$ocpinterfaces = explode(",", $oldifaces);
foreach ($ocpinterfaces as $cpifgrp) {
$listrealif = get_real_interface($cpifgrp);
if (does_interface_exist($listrealif)) {
pfSense_interface_flags($listrealif, -IFF_IPFW_FILTER);
$carpif = link_ip_to_carp_interface(find_interface_ip($listrealif));
if (!empty($carpif)) {
$carpsif = explode(" ", $carpif);
foreach ($carpsif as $cpcarp) {
pfSense_interface_flags($cpcarp, -IFF_IPFW_FILTER);
}
}
}
}
}
captiveportal_configure_zone($newcp);
filter_configure();
header("Location: services_captiveportal_zones.php");
return true;
}
if (isset($_POST['instance']) && is_numericint($_POST['instance'])) {
$instanceid = $_POST['instance'];
} elseif (isset($_GET['instance']) && is_numericint($_GET['instance'])) {
$instanceid = $_GET['instance'];
}
if (is_null($instanceid)) {
$instanceid = 0;
}
if (!is_array($config['installedpackages']['suricata']['rule'])) {
$config['installedpackages']['suricata']['rule'] = array();
}
$a_instance =& $config['installedpackages']['suricata']['rule'];
$suricata_uuid = $a_instance[$instanceid]['uuid'];
$if_real = get_real_interface($a_instance[$instanceid]['interface']);
$suricatalogdir = SURICATALOGDIR;
// Load up the arrays of force-enabled and force-disabled SIDs
$enablesid = suricata_load_sid_mods($a_instance[$instanceid]['rule_sid_on']);
$disablesid = suricata_load_sid_mods($a_instance[$instanceid]['rule_sid_off']);
$pconfig = array();
if (is_array($config['installedpackages']['suricata']['alertsblocks'])) {
$pconfig['arefresh'] = $config['installedpackages']['suricata']['alertsblocks']['arefresh'];
$pconfig['alertnumber'] = $config['installedpackages']['suricata']['alertsblocks']['alertnumber'];
}
if (empty($pconfig['alertnumber'])) {
$pconfig['alertnumber'] = '250';
}
if (empty($pconfig['arefresh'])) {
$pconfig['arefresh'] = 'off';
}
}
if ($_POST['configpassthru']) {
$natent['configpassthru'] = base64_encode(str_replace("\r\n", "\n", $_POST['configpassthru']));
} else {
unset($natent['configpassthru']);
}
// Check if EVE OUTPUT TYPE is 'syslog' and auto-enable Suricata syslog output if true.
if ($natent['eve_output_type'] == "syslog" && $natent['alertsystemlog'] == "off") {
$natent['alertsystemlog'] = "on";
$savemsg = gettext("EVE Output to syslog requires Suricata alerts to be copied to the system log, so 'Send Alerts to System Log' has been auto-enabled.");
}
$if_real = get_real_interface($natent['interface']);
if (isset($id) && $a_rule[$id] && $action == '') {
// See if moving an existing Suricata instance to another physical interface
if ($natent['interface'] != $a_rule[$id]['interface']) {
$oif_real = get_real_interface($a_rule[$id]['interface']);
if (suricata_is_running($a_rule[$id]['uuid'], $oif_real)) {
suricata_stop($a_rule[$id], $oif_real);
$suricata_start = true;
} else {
$suricata_start = false;
}
@rename("{$suricatalogdir}suricata_{$oif_real}{$a_rule[$id]['uuid']}", "{$suricatalogdir}suricata_{$if_real}{$a_rule[$id]['uuid']}");
conf_mount_rw();
@rename("{$suricatadir}suricata_{$a_rule[$id]['uuid']}_{$oif_real}", "{$suricatadir}suricata_{$a_rule[$id]['uuid']}_{$if_real}");
conf_mount_ro();
}
$a_rule[$id] = $natent;
} elseif (strcasecmp($action, 'dup') == 0) {
// Duplicating an existing interface to a new interface, so set flag to build new rules
$rebuild_rules = true;
function restore_config_section_xmlrpc($raw_params)
{
global $config, $xmlrpc_g;
$old_config = $config;
$old_ipsec_enabled = ipsec_enabled();
if (xmlrpc_loop_detect()) {
log_error("Disallowing CARP sync loop");
return;
}
$params = xmlrpc_params_to_php($raw_params);
if (!xmlrpc_auth($params)) {
xmlrpc_authfail();
return $xmlrpc_g['return']['authfail'];
}
/*
* Make sure it doesn't end up with both dnsmasq and unbound enabled
* simultaneously in secondary
* */
if (isset($params[0]['unbound']['enable']) && isset($config['dnsmasq']['enable'])) {
unset($config['dnsmasq']['enable']);
services_dnsmasq_configure();
} else {
if (isset($params[0]['dnsmasq']['enable']) && isset($config['unbound']['enable'])) {
unset($config['unbound']['enable']);
services_unbound_configure();
}
}
// Some sections should just be copied and not merged or we end
// up unable to sync the deletion of the last item in a section
$sync_full = array('dnsmasq', 'unbound', 'ipsec', 'aliases', 'wol', 'load_balancer', 'openvpn', 'cert', 'ca', 'crl', 'schedules', 'filter', 'nat', 'dhcpd', 'dhcpv6');
$sync_full_done = array();
foreach ($sync_full as $syncfull) {
if (isset($params[0][$syncfull])) {
$config[$syncfull] = $params[0][$syncfull];
unset($params[0][$syncfull]);
$sync_full_done[] = $syncfull;
}
}
$vipbackup = array();
$oldvips = array();
if (isset($params[0]['virtualip'])) {
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $vipindex => $vip) {
if ($vip['mode'] == "carp") {
$oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['content'] = "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}";
$oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['interface'] = $vip['interface'];
$oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['subnet'] = $vip['subnet'];
} else {
if ($vip['mode'] == "ipalias" && (substr($vip['interface'], 0, 4) == '_vip' || strpos($vip['interface'], "lo0"))) {
$oldvips[$vip['subnet']]['content'] = "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}";
$oldvips[$vip['subnet']]['interface'] = $vip['interface'];
$oldvips[$vip['subnet']]['subnet'] = $vip['subnet'];
} else {
if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && !(substr($vip['interface'], 0, 4) == '_vip') || strpos($vip['interface'], "lo0")) {
$vipbackup[] = $vip;
}
}
}
}
}
}
// For vip section, first keep items sent from the master
$config = array_merge_recursive_unique($config, $params[0]);
/* Then add ipalias and proxyarp types already defined on the backup */
if (is_array($vipbackup) && !empty($vipbackup)) {
if (!is_array($config['virtualip'])) {
$config['virtualip'] = array();
}
if (!is_array($config['virtualip']['vip'])) {
$config['virtualip']['vip'] = array();
}
foreach ($vipbackup as $vip) {
array_unshift($config['virtualip']['vip'], $vip);
}
}
/* Log what happened */
$mergedkeys = implode(",", array_merge(array_keys($params[0]), $sync_full_done));
write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys));
/*
* The real work on handling the vips specially
* This is a copy of intefaces_vips_configure with addition of not reloading existing/not changed carps
*/
if (isset($params[0]['virtualip']) && is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) {
$carp_setuped = false;
$anyproxyarp = false;
foreach ($config['virtualip']['vip'] as $vip) {
if ($vip['mode'] == "carp" && isset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"])) {
if ($oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['content'] == "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}") {
if (does_vip_exist($vip)) {
unset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"]);
continue;
// Skip reconfiguring this vips since nothing has changed.
}
}
} else {
if ($vip['mode'] == "ipalias" && strstr($vip['interface'], "_vip") && isset($oldvips[$vip['subnet']])) {
if ($oldvips[$vip['subnet']]['content'] == "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}") {
if (does_vip_exist($vip)) {
unset($oldvips[$vip['subnet']]);
continue;
// Skip reconfiguring this vips since nothing has changed.
}
}
unset($oldvips[$vip['subnet']]);
}
}
switch ($vip['mode']) {
case "proxyarp":
$anyproxyarp = true;
break;
case "ipalias":
interface_ipalias_configure($vip);
break;
case "carp":
if ($carp_setuped == false) {
$carp_setuped = true;
}
interface_carp_configure($vip);
break;
}
}
/* Cleanup remaining old carps */
foreach ($oldvips as $oldvipar) {
$oldvipif = get_real_interface($oldvipar['interface']);
if (!empty($oldvipif)) {
if (is_ipaddrv6($oldvipar['subnet'])) {
mwexec("/sbin/ifconfig " . escapeshellarg($oldvipif) . " inet6 " . escapeshellarg($oldvipar['subnet']) . " delete");
} else {
pfSense_interface_deladdress($oldvipif, $oldvipar['subnet']);
}
}
}
if ($carp_setuped == true) {
interfaces_sync_setup();
}
if ($anyproxyarp == true) {
interface_proxyarp_configure();
}
}
if ($old_ipsec_enabled !== ipsec_enabled()) {
vpn_ipsec_configure();
}
unset($old_config);
return $xmlrpc_g['return']['true'];
}
function suricata_widget_get_alerts()
{
global $config, $a_instance, $suri_nentries;
$suricata_alerts = array();
/* read log file(s) */
$counter = 0;
foreach ($a_instance as $instanceid => $instance) {
$suricata_uuid = $a_instance[$instanceid]['uuid'];
$if_real = get_real_interface($a_instance[$instanceid]['interface']);
// make sure alert file exists, then grab the most recent {$suri_nentries} from it
// and write them to a temp file.
if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log")) {
exec("tail -{$suri_nentries} -r /var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log > /tmp/surialerts_{$suricata_uuid}");
if (file_exists("/tmp/surialerts_{$suricata_uuid}")) {
/*************** FORMAT without CSV patch -- ALERT -- ***********************************************************************************/
/* Line format: timestamp action[**] [gid:sid:rev] msg [**] [Classification: class] [Priority: pri] {proto} src:srcport -> dst:dstport */
/* 0 1 2 3 4 5 6 7 8 9 10 11 12 */
/****************************************************************************************************************************************/
/**************** FORMAT without CSV patch -- DECODER EVENT -- **************************************************************************/
/* Line format: timestamp action[**] [gid:sid:rev] msg [**] [Classification: class] [Priority: pri] [**] [Raw pkt: ...] */
/* 0 1 2 3 4 5 6 7 */
/************** *************************************************************************************************************************/
if (!($fd = fopen("/tmp/surialerts_{$suricata_uuid}", "r"))) {
log_error(gettext("[Suricata Widget] Failed to open file /tmp/surialerts_{$suricata_uuid}"));
continue;
}
$buf = "";
while (($buf = fgets($fd)) !== FALSE) {
$fields = array();
$tmp = array();
// Parse alert log entry to find the parts we want to display
$fields[0] = substr($buf, 0, strpos($buf, ' '));
// The regular expression match below returns an array as follows:
// [2] => GID, [3] => SID, [4] => REV, [5] => MSG, [6] => CLASSIFICATION, [7] = PRIORITY
preg_match('/\\[\\*{2}\\]\\s\\[((\\d+):(\\d+):(\\d+))\\]\\s(.*)\\[\\*{2}\\]\\s\\[Classification:\\s(.*)\\]\\s\\[Priority:\\s(\\d+)\\]\\s/', $buf, $tmp);
$fields['gid'] = trim($tmp[2]);
$fields['sid'] = trim($tmp[3]);
$fields['rev'] = trim($tmp[4]);
$fields['msg'] = trim($tmp[5]);
$fields['class'] = trim($tmp[6]);
$fields['priority'] = trim($tmp[7]);
// The regular expression match below looks for the PROTO, SRC and DST fields
// and returns an array as follows:
// [1] = PROTO, [2] => SRC:SPORT [3] => DST:DPORT
if (preg_match('/\\{(.*)\\}\\s(.*)\\s->\\s(.*)/', $buf, $tmp)) {
// Get SRC
$fields['src'] = trim(substr($tmp[2], 0, strrpos($tmp[2], ':')));
if (is_ipaddrv6($fields['src'])) {
$fields['src'] = inet_ntop(inet_pton($fields['src']));
}
// Get SPORT
$fields['sport'] = trim(substr($tmp[2], strrpos($tmp[2], ':') + 1));
// Get DST
$fields['dst'] = trim(substr($tmp[3], 0, strrpos($tmp[3], ':')));
if (is_ipaddrv6($fields['dst'])) {
$fields['dst'] = inet_ntop(inet_pton($fields['dst']));
}
// Get DPORT
$fields['dport'] = trim(substr($tmp[3], strrpos($tmp[3], ':') + 1));
} else {
// If no PROTO and IP ADDR, then this is a DECODER EVENT
$fields['src'] = gettext("Decoder Event");
$fields['sport'] = "";
$fields['dst'] = "";
$fields['dport'] = "";
}
// Create a DateTime object from the event timestamp that
// we can use to easily manipulate output formats.
$event_tm = date_create_from_format("m/d/Y-H:i:s.u", $fields[0]);
// Check the 'CATEGORY' field for the text "(null)" and
// substitute "No classtype defined".
if ($fields['class'] == "(null)") {
$fields['class'] = "No classtype assigned";
}
$suricata_alerts[$counter]['instanceid'] = strtoupper(convert_friendly_interface_to_friendly_descr($a_instance[$instanceid]['interface']));
$suricata_alerts[$counter]['timestamp'] = strval(date_timestamp_get($event_tm));
$suricata_alerts[$counter]['timeonly'] = date_format($event_tm, "H:i:s");
$suricata_alerts[$counter]['dateonly'] = date_format($event_tm, "M d");
$suricata_alerts[$counter]['msg'] = $fields['msg'];
// Add square brackets around any IPv6 address
if (is_ipaddrv6($fields['src'])) {
$suricata_alerts[$counter]['src'] = "[" . $fields['src'] . "]";
} else {
$suricata_alerts[$counter]['src'] = $fields['src'];
}
// Add the SRC PORT if not null
if (!empty($fields['sport']) || $fields['sport'] == '0') {
$suricata_alerts[$counter]['src'] .= ":" . $fields['sport'];
}
// Add square brackets around any IPv6 address
if (is_ipaddrv6($fields['dst'])) {
$suricata_alerts[$counter]['dst'] = "[" . $fields['dst'] . "]";
} else {
$suricata_alerts[$counter]['dst'] = $fields['dst'];
}
// Add the DST PORT if not null
if (!empty($fields['dport']) || $fields['dport'] == '0') {
$suricata_alerts[$counter]['dst'] .= ":" . $fields['dport'];
}
$counter++;
}
fclose($fd);
@unlink("/tmp/surialerts_{$suricata_uuid}");
}
}
}
// Sort the alerts array
if (isset($config['syslog']['reverse'])) {
suricata_sksort($suricata_alerts, 'timestamp', false);
} else {
suricata_sksort($suricata_alerts, 'timestamp', true);
}
return $suricata_alerts;
}
}
$a_nat[$id] = $natent;
write_config("Suricata pkg: modified Barnyard2 settings.");
// No need to rebuild rules for Barnyard2 changes
$rebuild_rules = false;
conf_mount_rw();
sync_suricata_package_config();
conf_mount_ro();
// If disabling Barnyard2 on the interface, stop any
// currently running instance. If an instance is
// running, signal it to reload the configuration.
// If Barnyard2 is enabled but not running, start it.
if ($a_nat[$id]['barnyard_enable'] == "off") {
suricata_barnyard_stop($a_nat[$id], get_real_interface($a_nat[$id]['interface']));
} elseif ($a_nat[$id]['barnyard_enable'] == "on") {
if (suricata_is_running($a_nat[$id]['uuid'], get_real_interface($a_nat[$id]['interface']), "barnyard2")) {
suricata_barnyard_reload_config($a_nat[$id], "HUP");
} else {
// Notify user a Suricata restart is required if enabling Barnyard2 for the first time
$savemsg = gettext("NOTE: you must restart Suricata on this interface to activate unified2 logging for Barnyard2.");
}
}
$pconfig = $natent;
} else {
// We had errors, so save previous field data to prevent retyping
$pconfig = $_POST;
}
}
$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Suricata: Interface {$if_friendly} - Barnyard2 Settings");
include_once "head.inc";
/* If no interfaces are defined, then turn off the "no rules" warning */
$no_rules_footnote = false;
if ($id_gen == 0) {
$no_rules = false;
} else {
$no_rules = true;
}
foreach ($a_nat as $natent) {
?>
<tr valign="top" id="fr<?php
echo $nnats;
?>
">
<?php
/* convert fake interfaces to real and check if iface is up */
$if_real = get_real_interface($natent['interface']);
$natend_friendly = convert_friendly_interface_to_friendly_descr($natent['interface']);
$snort_uuid = $natent['uuid'];
if (!snort_is_running($snort_uuid, $if_real)) {
$iconfn = 'block';
$iconfn_msg1 = 'Snort is not running on ';
$iconfn_msg2 = '. Click to start.';
} else {
$iconfn = 'pass';
$iconfn_msg1 = 'Snort is running on ';
$iconfn_msg2 = '. Click to stop.';
}
if (!snort_is_running($snort_uuid, $if_real, 'barnyard2')) {
$biconfn = 'block';
$biconfn_msg1 = 'Barnyard2 is not running on ';
$biconfn_msg2 = '. Click to start.';
<tbody>
<?php
$i = 0;
foreach ($a_ppps as $id => $ppp) {
?>
<tr>
<td>
<?php
echo htmlspecialchars($ppp['if']);
?>
</td>
<td>
<?php
$portlist = explode(",", $ppp['ports']);
foreach ($portlist as $portid => $port) {
if ($port != get_real_interface($port) && $ppp['type'] != "ppp") {
$portlist[$portid] = convert_friendly_interface_to_friendly_descr($port);
}
}
echo htmlspecialchars(implode(",", $portlist));
?>
</td>
<td>
<?php
echo htmlspecialchars($ppp['descr']);
?>
</td>
<td>
<a class="fa fa-pencil" title="<?php
echo gettext('Edit PPP interface');
?>
<body>
<?php
include "fbegin.inc";
?>
<section class="page-content-main">
<div class="container-fluid">
<div class="row">
<section class="col-xs-12">
<?php
if (isset($savemsg)) {
print_info_box($savemsg);
}
$tab_array = array();
foreach ($ciflist as $interface => $ifdescr) {
if (is_interface_wireless(get_real_interface($interface))) {
$enabled = false;
if ($if == $interface) {
$enabled = true;
}
$tab_array[] = array(gettext("Status") . " ({$ifdescr})", $enabled, "status_wireless.php?if={$interface}");
}
}
display_top_tabs($tab_array);
?>
<div class="content-box">
<form method="post" name="iform" id="iform">
<input type="hidden" name="if" id="if" value="<?php
echo $if;
?>
">
if ($realif) {
mwexec("/sbin/ifconfig {$realif} -group " . $a_ifgroups[$id]['ifname']);
}
}
}
$ifgroupentry['ifname'] = $_POST['ifname'];
$a_ifgroups[$id] = $ifgroupentry;
// Edit old group
} else {
if (isset($id) && $a_ifgroups[$id]) {
$omembers = explode(" ", $a_ifgroups[$id]['members']);
$nmembers = explode(" ", $members);
$delmembers = array_diff($omembers, $nmembers);
if (count($delmembers) > 0) {
foreach ($delmembers as $ifs) {
$realif = get_real_interface($ifs);
if ($realif) {
mwexec("/sbin/ifconfig {$realif} -group " . $a_ifgroups[$id]['ifname']);
}
}
}
$ifgroupentry['ifname'] = $_POST['ifname'];
$a_ifgroups[$id] = $ifgroupentry;
// Create new group
} else {
$ifgroupentry['ifname'] = $_POST['ifname'];
$a_ifgroups[] = $ifgroupentry;
}
}
write_config();
interface_group_setup($ifgroupentry);
<?php
/*
bandwidth_by_ip.php
*/
require_once 'guiconfig.inc';
require_once 'interfaces.inc';
require_once 'pfsense-utils.inc';
require_once 'util.inc';
$listedIPs = "";
//get interface IP and break up into an array
$interface = $_GET['if'];
$real_interface = get_real_interface($interface);
if (!does_interface_exist($real_interface)) {
echo gettext("Wrong Interface");
return;
}
$intip = find_interface_ip($real_interface);
//get interface subnet
$netmask = find_interface_subnet($real_interface);
$intsubnet = gen_subnet($intip, $netmask) . "/{$netmask}";
// see if they want local, remote or all IPs returned
$filter = $_GET['filter'];
if ($filter == "") {
$filter = "local";
}
if ($filter == "local") {
$ratesubnet = "-c " . $intsubnet;
} else {
// Tell the rate utility to consider the whole internet (0.0.0.0/0)
// and to consider local "l" traffic - i.e. traffic within the whole internet
update_output_window($static_output);
include '/usr/local/pkg/suricata/suricata_migrate_config.php';
$static_output .= gettext(" done.\n");
update_output_window($static_output);
log_error(gettext("[Suricata] Downloading and updating configured rule types..."));
if ($pkg_interface != "console") {
$suricata_gui_include = true;
}
include '/usr/local/pkg/suricata/suricata_check_for_rule_updates.php';
update_status(gettext("Generating suricata.yaml configuration file from saved settings..."));
$rebuild_rules = true;
conf_mount_rw();
// Create the suricata.yaml files for each enabled interface
$suriconf = $config['installedpackages']['suricata']['rule'];
foreach ($suriconf as $suricatacfg) {
$if_real = get_real_interface($suricatacfg['interface']);
$suricata_uuid = $suricatacfg['uuid'];
$suricatacfgdir = "{$suricatadir}suricata_{$suricata_uuid}_{$if_real}";
$static_output .= gettext("Generating YAML configuration file for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . "...");
update_output_window($static_output);
// Pull in the PHP code that generates the suricata.yaml file
// variables that will be substituted further down below.
include "/usr/local/pkg/suricata/suricata_generate_yaml.php";
// Pull in the boilerplate template for the suricata.yaml
// configuration file. The contents of the template along
// with substituted variables are stored in $suricata_conf_text
// (which is defined in the included file).
include "/usr/local/pkg/suricata/suricata_yaml_template.inc";
// Now write out the conf file using $suricata_conf_text contents
@file_put_contents("{$suricatacfgdir}/suricata.yaml", $suricata_conf_text);
unset($suricata_conf_text);
<th data-sortable="false"></th> <!-- For the optional "Remove" button -->
</tr>
</thead>
<tbody>
<?php
$arr = array();
/* RuleId filter. */
if (isset($_REQUEST['ruleid'])) {
$ids = explode(",", $_REQUEST['ruleid']);
for ($i = 0; $i < count($ids); $i++) {
$arr[] = array("ruleid" => intval($ids[$i]));
}
}
/* Interface filter. */
if (isset($_POST['interface']) && $_POST['interface'] != "all") {
$arr[] = array("interface" => get_real_interface($_POST['interface']));
}
if (isset($_POST['filter']) && strlen($_POST['filter']) > 0) {
$arr[] = array("filter" => $_POST['filter']);
}
if (count($arr) > 0) {
$res = pfSense_get_pf_states($arr);
} else {
$res = pfSense_get_pf_states();
}
$states = 0;
if ($res != NULL && is_array($res)) {
$states = count($res);
}
/* XXX - limit to 10.000 states. */
if ($states > 10000) {
##|-PRIV
require "guiconfig.inc";
if (!is_array($config['bridges']['bridged'])) {
$config['bridges']['bridged'] = array();
}
function is_aoadv_used($pconfig)
{
if ($pconfig['static'] != "" || $pconfig['private'] != "" || $pconfig['stp'] != "" || $pconfig['span'] != "" || $pconfig['edge'] != "" || $pconfig['autoedge'] != "" || $pconfig['ptp'] != "" || $pconfig['autoptp'] != "" || $pconfig['maxaddr'] != "" || $pconfig['timeout'] != "" || $pconfig['maxage'] != "" || $pconfig['fwdelay'] != "" || $pconfig['hellotime'] != "" || $pconfig['priority'] != "" || $pconfig['proto'] != "" && $pconfig['proto'] != "rstp" || $pconfig['holdcnt'] != "") {
return true;
}
return false;
}
$a_bridges =& $config['bridges']['bridged'];
$ifacelist = get_configured_interface_with_descr();
foreach ($ifacelist as $bif => $bdescr) {
if (substr(get_real_interface($bif), 0, 3) == "gre") {
unset($ifacelist[$bif]);
}
}
if (is_numericint($_GET['id'])) {
$id = $_GET['id'];
}
if (isset($_POST['id']) && is_numericint($_POST['id'])) {
$id = $_POST['id'];
}
if (isset($id) && $a_bridges[$id]) {
$pconfig['enablestp'] = isset($a_bridges[$id]['enablestp']);
$pconfig['descr'] = $a_bridges[$id]['descr'];
$pconfig['bridgeif'] = $a_bridges[$id]['bridgeif'];
$pconfig['members'] = $a_bridges[$id]['members'];
$pconfig['maxaddr'] = $a_bridges[$id]['maxaddr'];
}
if ($_POST['nonlocalgateway'] == "yes") {
$gateway['nonlocalgateway'] = true;
}
if ($_POST['force_down'] == "yes") {
$gateway['force_down'] = true;
}
if (is_ipaddr($_POST['monitor'])) {
$gateway['monitor'] = $_POST['monitor'];
}
if (isset($_POST['data_payload']) && $_POST['data_payload'] > 0) {
$gateway['data_payload'] = $_POST['data_payload'];
}
/* NOTE: If gateway ip is changed need to cleanup the old static interface route */
if ($_POST['monitor'] != "dynamic" && !empty($a_gateway_item[$realid]) && is_ipaddr($a_gateway_item[$realid]['gateway']) && $gateway['gateway'] != $a_gateway_item[$realid]['gateway'] && isset($a_gateway_item[$realid]["nonlocalgateway"])) {
$realif = get_real_interface($a_gateway_item[$realid]['interface']);
$inet = !is_ipaddrv4($a_gateway_item[$realid]['gateway']) ? "-inet6" : "-inet";
$cmd = "/sbin/route delete {$inet} " . escapeshellarg($a_gateway_item[$realid]['gateway']) . " -iface " . escapeshellarg($realif);
mwexec($cmd);
}
/* NOTE: If monitor ip is changed need to cleanup the old static route */
if ($_POST['monitor'] != "dynamic" && !empty($a_gateway_item[$realid]) && is_ipaddr($a_gateway_item[$realid]['monitor']) && $_POST['monitor'] != $a_gateway_item[$realid]['monitor'] && $gateway['gateway'] != $a_gateway_item[$realid]['monitor']) {
if (is_ipaddrv4($a_gateway_item[$realid]['monitor'])) {
mwexec("/sbin/route delete " . escapeshellarg($a_gateway_item[$realid]['monitor']));
} else {
mwexec("/sbin/route delete -inet6 " . escapeshellarg($a_gateway_item[$realid]['monitor']));
}
}
if ($_POST['defaultgw'] == "yes" || $_POST['defaultgw'] == "on") {
$i = 0;
/* remove the default gateway bits for all gateways with the same address family */
$pconfig['type6'] = "none";
}
break;
}
// print_r($pconfig);
$pconfig['blockpriv'] = isset($wancfg['blockpriv']);
$pconfig['blockbogons'] = isset($wancfg['blockbogons']);
$pconfig['spoofmac'] = $wancfg['spoofmac'];
$pconfig['mtu'] = $wancfg['mtu'];
$pconfig['mss'] = $wancfg['mss'];
/* Wireless interface? */
if (isset($wancfg['wireless'])) {
/* Sync first to be sure it displays the actual settings that will be used */
interface_sync_wireless_clones($wancfg, false);
/* Get wireless modes */
$wlanif = get_real_interface($if);
if (!does_interface_exist($wlanif)) {
interface_wireless_clone($wlanif, $wancfg);
}
$wlanbaseif = interface_get_wireless_base($wancfg['if']);
preg_match("/^(.*?)([0-9]*)\$/", $wlanbaseif, $wlanbaseif_split);
$wl_modes = get_wireless_modes($if);
$wl_chaninfo = get_wireless_channel_info($if);
$wl_sysctl_prefix = 'dev.' . $wlanbaseif_split[1] . '.' . $wlanbaseif_split[2];
$wl_sysctl = get_sysctl(array("{$wl_sysctl_prefix}.diversity", "{$wl_sysctl_prefix}.txantenna", "{$wl_sysctl_prefix}.rxantenna", "{$wl_sysctl_prefix}.slottime", "{$wl_sysctl_prefix}.acktimeout", "{$wl_sysctl_prefix}.ctstimeout"));
$wl_regdomain_xml_attr = array();
$wl_regdomain_xml = parse_xml_regdomain($wl_regdomain_xml_attr);
$wl_regdomains =& $wl_regdomain_xml['regulatory-domains']['rd'];
$wl_regdomains_attr =& $wl_regdomain_xml_attr['regulatory-domains']['rd'];
$wl_countries =& $wl_regdomain_xml['country-codes']['country'];
$wl_countries_attr =& $wl_regdomain_xml_attr['country-codes']['country'];
if (is_uploaded_file($_FILES['htmlfile']['tmp_name'])) {
$newcp['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name']));
}
if (is_uploaded_file($_FILES['errfile']['tmp_name'])) {
$newcp['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name']));
}
if (is_uploaded_file($_FILES['logoutfile']['tmp_name'])) {
$newcp['page']['logouttext'] = base64_encode(file_get_contents($_FILES['logoutfile']['tmp_name']));
}
write_config();
/* Clear up unselected interfaces */
$newifaces = explode(",", $newcp['interface']);
$toremove = array_diff($oldifaces, $newifaces);
if (!empty($toremove)) {
foreach ($toremove as $removeif) {
$removeif = get_real_interface($removeif);
mwexec("/sbin/ipfw zone {$cpzoneid} mdel {$removeif}");
}
}
captiveportal_configure_zone($newcp);
unset($newcp, $newifaces, $toremove);
filter_configure();
header("Location: services_captiveportal_zones.php");
exit;
} else {
if (is_array($_POST['cinterface'])) {
$pconfig['cinterface'] = implode(",", $_POST['cinterface']);
}
}
}
function build_radiusnas_list()
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
$omit_nocacheheaders = true;
require_once 'guiconfig.inc';
require_once 'interfaces.inc';
require_once 'pfsense-utils.inc';
//get interface IP and break up into an array
$real_interface = get_real_interface($_GET['if']);
if (!does_interface_exist($real_interface)) {
echo gettext("Wrong Interface");
exit;
} elseif (!empty($_GET['act']) && $_GET['act'] == "top") {
//
// find top bandwitdh users
// (parts copied from bandwidth_by_ip.php)
//
//get interface subnet
$netmask = find_interface_subnet($real_interface);
$intsubnet = gen_subnet(find_interface_ip($real_interface), $netmask) . "/{$netmask}";
$cmd_args = "";
switch (!empty($_GET['filter']) ? $_GET['filter'] : "") {
case "local":
$cmd_args .= " -c " . $intsubnet . " ";
$checklist = get_configured_interface_list(false, true);
foreach ($checklist as $tmpif) {
$realifchecklist[get_real_interface($tmpif)] = $tmpif;
}
if (is_numericint($_GET['id'])) {
$id = $_GET['id'];
}
if (isset($_POST['id']) && is_numericint($_POST['id'])) {
$id = $_POST['id'];
}
if (isset($id) && $a_laggs[$id]) {
$pconfig['laggif'] = $a_laggs[$id]['laggif'];
$pconfig['members'] = $a_laggs[$id]['members'];
$laggiflist = explode(",", $a_laggs[$id]['members']);
foreach ($laggiflist as $tmpif) {
unset($realifchecklist[get_real_interface($tmpif)]);
}
$pconfig['proto'] = $a_laggs[$id]['proto'];
$pconfig['descr'] = $a_laggs[$id]['descr'];
}
if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
if (is_array($_POST['members'])) {
$pconfig['members'] = implode(',', $_POST['members']);
}
/* input validation */
$reqdfields = explode(" ", "members proto");
$reqdfieldsn = array(gettext("Member interfaces"), gettext("Lagg protocol"));
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
if (is_array($_POST['members'])) {
