[pfSense Support] DHCP - Static ARP - Feature Request

[Wesley K. Joyce]

I would like to suggest making the DHCP - Static ARP feature more flexible.  I am suggesting making that feature have 3 radio buttons. 

1.  Static ARP OFF

2.  Static ARP for DHCP Reservations only 

3.  Static ARP for DHCP Reservations and no other clients are able to communicate with router

 

Option 3 is the behavior experienced now with the static arp feature on as is.  Option 2 is new.

 

Here is how I think servicesinc would like like to support this functionality.  staticarpunlocked and staticarplocked are the new variables that represent options 2 and 3 respectively.

The big difference is that with option 2 (staticarpunlocked), we do not set the 'staticarp' parameter on the interface.  With option 3 (staticarplocked) we do set the 'staticarp' parameter on the interface.

 

- /etc/inc/services.php

function interfaces_staticarp_configure($if) {
 global $config, $g;
 if(isset($config['system']['developerspew'])) {
  $mt = microtime();
  echo "interfaces_staticarp_configure($if) being called $mt\n";
 }
       
        $ifcfg = $config['interfaces'][$if];

        /* Enable staticarp, if enabled */
        if(isset($config['dhcpd'][$if]['staticarpunlocked'])) {
                mwexec("/usr/sbin/arp -ad > /dev/null 2>&1 ");1
                if (is_array($config['dhcpd'][$if]['staticmap'])) {

                        foreach ($config['dhcpd'][$if]['staticmap'] as $arpent) {
                                mwexec("/usr/sbin/arp -s " . escapeshellarg($arpent['ipaddr']) . " " . escapeshellarg($arpent['mac']));

                        }
                       
                }
        } else {
                if (is_array($config['dhcpd'][$if]['staticmap'])) {

                        foreach ($config['dhcpd'][$if]['staticmap'] as $arpent) {
                                mwexec("/usr/sbin/arp -d " . escapeshellarg($arpent['ipaddr']));

                        }
                       
                }
        }
        if(isset($config['dhcpd'][$if]['staticarplocked'])) {
                mwexec("/sbin/ifconfig " . escapeshellarg($ifcfg['if']) . " staticarp " );
                mwexec("/usr/sbin/arp -ad > /dev/null 2>&1 ");
                if (is_array($config['dhcpd'][$if]['staticmap'])) {

                        foreach ($config['dhcpd'][$if]['staticmap'] as $arpent) {
                                mwexec("/usr/sbin/arp -s " . escapeshellarg($arpent['ipaddr']) . " " . escapeshellarg($arpent['mac']));

                        }
                       
                }
        } else {
                mwexec("/sbin/ifconfig " . escapeshellarg($ifcfg['if']) . " -staticarp " );
                if (is_array($config['dhcpd'][$if]['staticmap'])) {

                        foreach ($config['dhcpd'][$if]['staticmap'] as $arpent) {
                                mwexec("/usr/sbin/arp -d " . escapeshellarg($arpent['ipaddr']));

                        }
                       
                }
        }       

        return 0;
}

 

Line 60 of services_dhcp.php

$pconfig['staticarp'] = isset($config['dhcpd'][$if]['staticarp']);

 

I am not sure how this would need to be modified, somehow it has to hold 'staticarplocked' or 'staticarpunlocked' or NULL if the feature is off.  Maybe like this -

$pconfig['staticarplocked'] = isset($config['dhcpd'][$if]['staticarplocked');

$pconfig['staticarpunlocked'] = isset($config['dhcpd'][$if]['staticarpunlocked']);

 

Lines 174 - 177 of services_dhcp.php would also appear to need to be modified. 

  if($_POST['staticarp'] == "yes")
   $config['dhcpd'][$if]['staticarp'] = true;
  else
   unset($config['dhcpd'][$if]['staticarp']);

  write_config();

  /* static arp configuration */
                /* if (isset($config['dhcpd'][$if]['staticarp'])) */
   interfaces_staticarp_configure($if);

 

Maybe like this?

 

  if($_POST['staticarplocked'] == "yes")
   $config['dhcpd'][$if]['staticarplocked'] = true;
  else
   unset($config['dhcpd'][$if]['staticarp']);

  write_config();

 

  if($_POST['staticarpunlocked'] == "yes")
   $config['dhcpd'][$if]['staticarpunlocked'] = true;
  else
   unset($config['dhcpd'][$if]['staticarpunlocked']);

  write_config();

  /* static arp configuration */
                /* if (isset($config['dhcpd'][$if]['staticarp'])) */
   interfaces_staticarp_configure($if);

 

Lines 356+ of services_dhcp.php would also appear to need to be modified to accomodate the 3 new radio buttons.  I don't know how to do the radio buttons.

    <table>
     <tr>
      <td>
       <input valign="middle" type="checkbox" value="yes" name="staticarp" id="staticarp" <?php if($pconfig['staticarp']) echo " checked"; ?>>&nbsp;
      </td>
      <td>
       <b>Enable Static ARP entries</b>
      </td>
     </tr>
     <tr>
      <td>
       &nbsp;
      </td>
      <td>
       <span class="red"><strong>Note:</strong></span> This feature is under development.  Only the machines listed below will be able to communicate with the firewall on this NIC.  Disabling this has been tested to be broken, a reboot will be required to disable.  Be warned!
      </td>
     </tr>
    </table>

 

I am not sure what other files would need to be modified to accomodate this feature request.  If this is feature request is deemed good and can be incorporated, I could test it.  I just need a pfsense programmer to sanity check it first since you would probably do it alot faster than me and also know other files that need to change to accomodate this.