if ($layout != "router") { exit; } /* detect interface */ $i = 1; while ($i < 4) { $WANSTR = "WAN-" . $i; $WANDEV = PHYINF_getruntimeifname($WANSTR); ///echo "loop".$i.$waninf."=".$WANDEV."\n"; if ($WANDEV != "") { break; } $i++; } $LANSTR = "LAN-1"; $LANDEV = PHYINF_getruntimeifname($LANSTR); $s1 = "echo Interface is wanif=" . $WANDEV . " lanif=" . $LANDEV . " "; if ($WANDEV == "" || $LANDEV == "") { $s2 = " ... Error!!! \n"; } else { $s2 = " ... OK \n"; } fwrite("a", $START, $s1 . $s2); fwrite("a", $STOP, $s1 . $s2); if ($WANDEV == "" || $LANDEV == "") { exit; } /* tc debug */ $TC = "echo tc"; $TC = "tc"; $K = kbps;
function dhcp_client($mode, $inf, $devnam, $opt, $router, $dns) { $hlp = "/var/servd/" . $inf . "-dhcp6c.sh"; $pid = "/var/servd/" . $inf . "-dhcp6c.pid"; $cfg = "/var/servd/" . $inf . "-dhcp6c.cfg"; /* DHCP over PPP session ? */ $previnf = XNODE_get_var($inf . "_PREVINF"); XNODE_del_var($inf . "_PREVINF"); /* dslite ? */ $nextinf = XNODE_get_var($inf . "_NEXTINF"); XNODE_del_var($inf . "_NEXTINF"); //if ($mode=="PPPDHCP" && $_GLOBALS["PREVINF"]!="") //msg("mode is ".$mode.", previnf is ".$previnf); msg("mode is " . $mode . ", previnf is " . $previnf . ", nextinf is " . $nextinf); if ($mode == "PPPDHCP" && $previnf != "") { //$pppdev = PHYINF_getruntimeifname($_GLOBALS["PREVINF"]); $pppdev = PHYINF_getruntimeifname($previnf); if ($pppdev == "") { return error("no PPP device."); } msg("PPP device = " . $pppdev); } msg("dhcpopt: " . $opt); /* Gererate DHCP-IAID from 32-bit of mac address*/ $mac = PHYINF_getphymac($inf); $mac1 = cut($mac, 3, ":"); $mac2 = cut($mac, 0, ":"); $mac3 = cut($mac, 1, ":"); $mac4 = cut($mac, 2, ":"); $iaidstr = $mac1 . $mac2 . $mac3 . $mac4; $iaid = strtoul($iaidstr, 16); /* Generate configuration file. */ if ($mode == "INFOONLY") { $send = "\tinformation-only;\n"; $idas = ""; } else { //check if we have pd hint $stsp = XNODE_getpathbytarget("/runtime", "inf", "uid", $inf, 0); $pdhint_enable = query($stsp . "/pdhint/enable"); $pdhintmsg = "\n"; if ($pdhint_enable == "1") { $pdhint_network = query($stsp . "/pdhint/network"); $pdhint_prefix = query($stsp . "/pdhint/prefix"); $pdhint_plft = query($stsp . "/pdhint/preferlft"); $pdhint_vlft = query($stsp . "/pdhint/validlft"); if ($pdhint_vlft != "") { $pdhintmsg = "\tprefix " . $pdhint_network . "/" . $pdhint_prefix . " " . $pdhint_plft . " " . $pdhint_vlft . ";\n"; } else { $pdhintmsg = "\tprefix " . $pdhint_network . "/" . $pdhint_prefix . " " . $pdhint_plft . ";\n"; } } //check if we got the prefix before //++++ $pre_pd_network = query("/runtime/ipv6/pre_pdnetwork"); if ($pre_pd_network != "") { $pre_pd_prefix = query("/runtime/ipv6/pre_pdprefix"); $pre_pd_plft = query("/runtime/ipv6/pre_pdplft"); $pre_pd_vlft = query("/runtime/ipv6/pre_pdvlft"); if ($pre_pd_vlft != "") { $pdhintmsg = "\tprefix " . $pre_pd_network . "/" . $pre_pd_prefix . " " . $pre_pd_plft . " " . $pre_pd_vlft . ";\n"; } else { $pdhintmsg = "\tprefix " . $pre_pd_network . "/" . $pre_pd_prefix . " " . $pre_pd_plft . ";\n"; } } else { $pdhintmsg = "\tprefix ::/56 0 0;\n"; } //---- //if (strstr($opt,"IA-NA")!="") {$send=$send."\tsend ia-na 0;\n"; $idas=$idas."id-assoc na {\n};\n";} if (strstr($opt, "IA-NA") != "") { $send = $send . "\tsend ia-na " . $iaid . ";\n"; $idas = $idas . "id-assoc na " . $iaid . "{\n};\n"; } //if (strstr($opt,"IA-PD")!="") {$send=$send."\tsend ia-pd 0;\n"; $idas=$idas."id-assoc pd {\n};\n";} if (strstr($opt, "IA-PD") != "") { $send = $send . "\tsend ia-pd 0;\n"; $idas = $idas . "id-assoc pd {\n" . $pdhintmsg . "};\n"; } } if ($mode == "PPPDHCP") { $dname = $pppdev; } else { $dname = $devnam; } $nextinfp = XNODE_getpathbytarget("", "inf", "uid", $nextinf, 0); $nextinet = query($nextinfp . "/inet"); $nextinetp = XNODE_getpathbytarget("inet", "entry", "uid", $nextinet, 0); $nextmode = query($nextinetp . "/ipv4/ipv4in6/mode"); if ($nextinf != "" && $nextmode == "dslite") { $rqstmsg = "\trequest aftr-server-domain-name;\n"; } else { $rqstmsg = ""; } fwrite(w, $cfg, "interface " . $dname . " {\n" . $send . "\trequest domain-name-servers;\n" . "\trequest domain-name;\n" . "\trequest ntp-servers;\n" . $rqstmsg . "\tscript \"" . $hlp . "\";\n" . "};\n" . $idas); /* generate callback script */ fwrite(w, $hlp, "#!/bin/sh\n" . 'if [ $new_addr != "" ] || [ $new_pd_prefix != "" ]; then\\n' . "\techo [\$0]: [{$new_addr}] [{$new_pd_prefix}] [{$new_pd_plen}] [{$new_pd_pltime}] [{$new_pd_vltime}] > /dev/console\n" . "else\n" . "\texit 0\n" . "fi\n" . "phpsh /etc/services/INET/inet6_dhcpc_helper.php" . " INF=" . $inf . " MODE=" . $mode . " DEVNAM=" . $dname . " GATEWAY=" . $router . " DHCPOPT=" . $opt . ' "NAMESERVERS=$new_domain_name_servers"' . ' "DOMAIN=$new_domain_name"' . ' "NEW_ADDR=$new_addr"' . ' "NEW_PD_PREFIX=$new_pd_prefix"' . ' "NEW_PD_PLEN=$new_pd_plen"' . ' "NEW_PD_PLTIME=$new_pd_pltime"' . ' "NEW_PD_VLTIME=$new_pd_vltime"' . ' "DNS=' . $dns . '"' . ' "NEW_AFTR_NAME=$new_aftr_name"' . ' "NTPSERVER=$new_ntp_servers"' . "\n"); /* Start DHCP client */ cmd("chmod +x " . $hlp); if ($pppdev == "") { cmd("dhcp6c -c " . $cfg . " -p " . $pid . " -t LL -n " . $inf . " " . $devnam); } else { cmd("dhcp6c -c " . $cfg . " -p " . $pid . " -t LL -o " . $devnam . " -n " . $inf . " " . $pppdev); } return 0; }
If we name the same name on several interfaces, the dnsmasq will return the first match interface but not the specific interface (input interface). For this, we should seperate different interfaces to use individual dnsmasq daemon. By Enos. 2010/07/19 */ $i = 1; while ($i > 0) { /* get LAN path */ $lan = "LAN-" . $i; $linfp = XNODE_getpathbytarget("", "inf", "uid", $lan, 0); $lstsp = XNODE_getpathbytarget("/runtime", "inf", "uid", $lan, 0); if ($lstsp == "" || $linfp == "") { $i = 0; break; } /* Get phyinf */ $laninf = PHYINF_getruntimeifname($lan); $infdncmd = $infdncmd . " --interface-name=" . $hdn . "," . $laninf; $i++; } } $hostname = query("/device/hostname"); $mac = PHYINF_getmacsetting("LAN-1"); $macstr = cut($mac, 4, ":") . cut($mac, 5, ":"); fwrite("a", $hosts, $RouterLANIP . " " . $hostname . " " . $hostname . $macstr . "\n" . $RouterLANIP . " " . $hostname . ".local \n" . $RouterLANIP . " " . $hostname . ".localdomain" . " " . $hostname . $macstr . ".localdomain" . "\n"); //jef add + for support use shareport.local to access shareportmobile $web_file_access = query("/webaccess/enable"); if ($web_file_access == 1) { fwrite("a", $hosts, $RouterLANIP . " shareport\n"); fwrite("a", $hosts, $RouterLANIP . " shareport.local\n"); } //jef add -
function IPTLAN_build_command($name) { fwrite("w", $_GLOBALS["START"], "#!/bin/sh\n"); fwrite("w", $_GLOBALS["STOP"], "#!/bin/sh\n"); fwrite("a", $_GLOBALS["START"], "iptables -t nat -F PRE." . $name . "\n"); /* if snmp open wan, drop udp port 161 from lan port */ $snmp_inf = query("/snmp/inf"); $enable_snmp = query("/snmp/active"); $iptcmdNAT = "iptables -t nat -A PRE." . $name; $dev = PHYINF_getruntimeifname($name); if ($enable_snmp == "1") { if ($snmp_inf != $name) { $path = XNODE_getpathbytarget("", "inf", "uid", $snmp_inf, 0); $inet = query($path . "/inet"); $inetp = XNODE_getpathbytarget("/inet", "entry", "uid", $inet, 0); $ipaddr = query($inetp . "/ipv4/ipaddr"); if ($ipaddr != "") { fwrite("a", $_GLOBALS["START"], $iptcmdNAT . " -i " . $dev . " -p udp --dport 161 -d " . $ipaddr . " -j DROP\n"); } } } fwrite("a", $_GLOBALS["START"], "iptables -t nat -A PRE." . $name . " -j ACCEPT\n"); /* firewall */ fwrite("a", $_GLOBALS["START"], "echo -1 > /proc/fastnat/forskipsupport\n"); fwrite("a", $_GLOBALS["START"], "iptables -t filter -F FWD." . $name . "\n"); fwrite("a", $_GLOBALS["START"], "iptables -t filter -F INP." . $name . "\n"); $iptcmdFWD = "iptables -t filter -A FWD." . $name; $iptcmdIN = "iptables -t filter -A INP." . $name; $path = XNODE_getpathbytarget("", "inf", "uid", $name, 0); if ($path != "") { $macf = XNODE_get_var("MACF." . $name . ".USED"); $urlf = XNODE_get_var("URLF." . $name . ".USED"); $fw = XNODE_get_var("FIREWALL.USED"); $fw2 = XNODE_get_var("FIREWALL-2.USED"); $fw3 = XNODE_get_var("FIREWALL-3.USED"); $pptppt = query("/device/passthrough/pptp"); $ipsecpt = query("/device/passthrough/ipsec"); $rtsppt = query("/device/passthrough/rtsp"); $sip = query("/device/passthrough/sip"); /* Outbound filter will be run faster to drop some packets. */ fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -j FWD.OBFILTER\n"); fwrite("a", $_GLOBALS["START"], $iptcmdIN . " -j INP.OBFILTER\n"); if ($macf > 0) { fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -j MACF." . $name . "\n" . $iptcmdIN . " -j MACF." . $name . "\n"); } if ($fw > 0) { fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -j FIREWALL\n"); } if ($fw2 > 0) { fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -j FIREWALL-2\n"); } if ($fw3 > 0) { fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -j FIREWALL-3\n"); } if ($urlf > 0) { fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -p tcp --dport 80 -j URLF." . $name . "\n" . "echo 80 > /proc/fastnat/forskipsupport\n" . "event SW.FASTNAT.DOWN\n"); fwrite("a", $_GLOBALS["STOP"], "event SW.FASTNAT.UP\n"); } fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -j FOR_POLICY\n"); port_trigger_command($iptcmdFWD); if ($pptppt == 0) { fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -p tcp --dport 1723 -j DROP\n" . "echo 1723 > /proc/fastnat/forskipsupport\n"); } if ($ipsecpt == 0) { fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -p udp --dport 500 -j DROP\n" . "echo 500 > /proc/fastnat/forskipsupport\n" . $iptcmdFWD . " -p udp --dport 4500 -j DROP\n" . "echo 4500 > /proc/fastnat/forskipsupport\n" . $iptcmdFWD . " -p ah -j DROP\n" . $iptcmdFWD . " -p esp -j DROP\n"); } if ($rtsppt == 0) { fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -p tcp --dport 554 -j DROP\n" . "echo 554 > /proc/fastnat/forskipsupport\n"); } if ($sip == 0) { fwrite("a", $_GLOBALS["START"], $iptcmdFWD . " -p udp --dport 5060 -j DROP\n" . "echo 5060 > /proc/fastnat/forskipsupport\n"); } } fwrite("a", $_GLOBALS["START"], "exit 0\n"); fwrite("a", $_GLOBALS["STOP"], "iptables -t nat -F PRE." . $name . "\n"); /* firewall */ fwrite("a", $_GLOBALS["STOP"], "echo -1 > /proc/fastnat/forskipsupport\n"); fwrite("a", $_GLOBALS["STOP"], "iptables -t filter -F FWD." . $name . "\n"); fwrite("a", $_GLOBALS["STOP"], "iptables -t filter -F INP." . $name . "\n"); fwrite("a", $_GLOBALS["STOP"], "exit 0\n"); }
$del_ipt = "iptables -t nat -D " . $ipt_cmd; exe_ouside_cmd($del_ipt); $add_ipt = "iptables -t nat -A " . $ipt_cmd; exe_ouside_cmd($add_ipt); } /*$ext_ip=query("/runtime/webaccess/wan_ext_ip"); if($ext_ip != "") {*/ $ipt_cmd = ""; $wan_ip = query("/runtime/webaccess/wanip"); $wan_st = query("/runtime/webaccess/wanst"); $mask = query("/runtime/webaccess/mask"); /* if($C_IP==$ext_ip) { */ $laninf = PHYINF_getruntimeifname("LAN-1"); if ($SSL == '0') { $ipt_cmd = "PRE.WFA -i " . $laninf . " -p tcp --dport " . $E_PORT . " -j DNAT --to-destination " . $wan_ip . ":" . query("/webaccess/httpport") . " &"; } else { $ipt_cmd = "PRE.WFA -i " . $laninf . " -p tcp --dport " . $E_PORT . " -j DNAT --to-destination " . $wan_ip . ":" . query("/webaccess/httpsport") . " &"; } if ($ipt_cmd != "") { $del_ipt = "iptables -t nat -D " . $ipt_cmd; exe_ouside_cmd($del_ipt); $add_ipt = "iptables -t nat -A " . $ipt_cmd; exe_ouside_cmd($add_ipt); } //if($wan_st!="public" && $mask != "") if ($wan_st != "ppp" && $mask != "") { $host_ip = ipv4networkid($wan_ip, $mask); if ($SSL == '0') {