diff options
| author | Luiz Otavio O Souza <luiz@netgate.com> | 2016-02-08 19:22:40 -0600 |
|---|---|---|
| committer | Luiz Otavio O Souza <luiz@netgate.com> | 2016-02-09 15:58:43 -0600 |
| commit | 2a5960b07bb2a40aeaf81423b0c52d5629e87e49 (patch) | |
| tree | 9fcb0bdd705cd77b0e570ec84a4ead17259659ac | |
| parent | fd4dbabc09ddd265f78db8140bdac688651f3575 (diff) | |
| download | pfsense-2a5960b07bb2a40aeaf81423b0c52d5629e87e49.zip pfsense-2a5960b07bb2a40aeaf81423b0c52d5629e87e49.tar.gz | |
Review of CARP uniqid changes.
It turns out that current CARP implementation is not much different from an IP alias.
This commit converts the IP alias to also use the CARP uniqid scheme, this simplify the code in all other places because now we have only two different cases to deal with:
- A friendly interface name (lan, wan, opt1, etc.);
- A Virtual IP - VIP alias (_vip{$uniqid}) - CARP or IP Alias.
The parent of a CARP is always a friendly interface. The parent of an IP alias can be a friendly interface or a CARP (this is the only case of recursion of a VIP).
This commit removes a few cases where CARP were still considered a interface (the old CARP implementation), fixes all the wrong cases of strpos() being used to detect a VIP address (wont work as it returns '0' which fails when tested as 'TRUE'), review the usage of CARP and IP alias as services bind addresses, fixes general issues of adding and editing VIP addresses.
The following subsystems were affected by this changes:
- IPSEC;
- OpenVPN;
- dnsmasq;
- NTP;
- gateways and gateway groups;
- IPv6 RA;
- GRE interfaces;
- CARP status;
- Referrer authentication.
Fixes (and/or revisit) the following tickets:
- Ticket #3257
- Ticket #3716
- Ticket #4450
- Ticket #4858
- Ticket #5441
- Ticket #5442
- Ticket #5500
- Ticket #5783
- Ticket #5844
| -rw-r--r-- | src/etc/inc/filter.inc | 22 | ||||
| -rw-r--r-- | src/etc/inc/gwlb.inc | 32 | ||||
| -rw-r--r-- | src/etc/inc/interfaces.inc | 278 | ||||
| -rw-r--r-- | src/etc/inc/ipsec.inc | 30 | ||||
| -rw-r--r-- | src/etc/inc/openvpn.inc | 37 | ||||
| -rw-r--r-- | src/etc/inc/pfsense-utils.inc | 14 | ||||
| -rw-r--r-- | src/etc/inc/services.inc | 105 | ||||
| -rw-r--r-- | src/etc/inc/system.inc | 16 | ||||
| -rw-r--r-- | src/etc/inc/util.inc | 150 | ||||
| -rw-r--r-- | src/etc/inc/vpn.inc | 50 | ||||
| -rw-r--r-- | src/usr/local/www/firewall_virtual_ip.php | 16 | ||||
| -rw-r--r-- | src/usr/local/www/firewall_virtual_ip_edit.php | 58 | ||||
| -rw-r--r-- | src/usr/local/www/interfaces_gre.php | 9 | ||||
| -rw-r--r-- | src/usr/local/www/services_ntpd.php | 17 | ||||
| -rw-r--r-- | src/usr/local/www/services_router_advertisements.php | 29 | ||||
| -rw-r--r-- | src/usr/local/www/status_carp.php | 79 | ||||
| -rw-r--r-- | src/usr/local/www/system_gateway_groups_edit.php | 66 | ||||
| -rw-r--r-- | src/usr/local/www/vpn_ipsec.php | 13 | ||||
| -rw-r--r-- | src/usr/local/www/vpn_ipsec_phase1.php | 15 | ||||
| -rwxr-xr-x | src/usr/local/www/xmlrpc.php | 4 |
20 files changed, 350 insertions, 690 deletions
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 81b7a7a..674bd0b 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -1053,7 +1053,9 @@ function filter_get_direct_networks_list($returnsubnetsonly = true) { } } } - foreach (get_configured_ip_aliases_list(true) as $vip) { + $viplist = get_configured_vip_list(); + foreach ($viplist as $vid => $address) { + $vip = get_configured_vip($vid); $subnet = "{$vip['subnet']}/{$vip['subnet_bits']}"; if (is_subnet($subnet) && !(is_subnetv4($subnet) && $vip['subnet_bits'] == 32) && !(is_subnetv6($subnet) && $vip['subnet_bits'] == 128)) { if (is_subnetv4($subnet)) { @@ -4087,19 +4089,13 @@ function filter_generate_ipsec_rules($log = array()) { } } - if (strpos($ph1ent['interface'], "_vip")) { - $parentinterface = get_configured_carp_interface_list($ph1ent['interface'], '', 'iface'); - } else if (is_ipaddr($ph1ent['interface'])) { - if (is_array($config['virtualip']['vip'])) { - foreach ($config['virtualip']['vip'] as $vip) { - if ($ph1ent['interface'] == $vip['subnet']) { - $parentinterface = $vip['interface']; - } - } - } - } else { + if (substr($ph1ent['interface'], 0, 4) == "_vip") { + $parentinterface = get_configured_vip_interface($ph1ent['interface']); + /* IP Alias -> CARP */ + if (substr($parentinterface, 0, 4) == "_vip") + $parentinterface = get_configured_vip_interface($parentinterface); + } else $parentinterface = $ph1ent['interface']; - } if (empty($FilterIflist[$parentinterface]['descr'])) { $ipfrules .= "# Could not locate interface for IPsec: {$descr}\n"; continue; diff --git a/src/etc/inc/gwlb.inc b/src/etc/inc/gwlb.inc index 86dcf1f..8c74d45 100644 --- a/src/etc/inc/gwlb.inc +++ b/src/etc/inc/gwlb.inc @@ -495,8 +495,6 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive // Ensure the interface cache is up to date first $interfaces = get_interface_arr(true); - $interfaces_v4 = array(); - $interfaces_v6 = array(); $i = -1; /* Process/add all the configured gateways. */ @@ -562,10 +560,8 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive /* special treatment for tunnel interfaces */ if ($gateway['ipprotocol'] == "inet6") { $gateway['interface'] = get_real_interface($gateway['interface'], "inet6", false, false); - $interfaces_v6[$gateway['friendlyiface']] = $gateway['friendlyiface']; } else { - $gateway['interface'] = get_real_interface($gateway['interface'], "all", false, false); - $interfaces_v4[$gateway['friendlyiface']] = $gateway['friendlyiface']; + $gateway['interface'] = get_real_interface($gateway['interface'], "inet", false, false); } /* entry has a default flag, use it */ @@ -619,10 +615,6 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive continue; } - if (isset($interfaces_v4[$ifname])) { - continue; - } - $ctype = ""; switch ($ifcfg['ipaddr']) { case "dhcp": @@ -715,10 +707,6 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive continue; } - if (isset($interfaces_v6[$ifname])) { - continue; - } - $ctype = ""; switch ($ifcfg['ipaddrv6']) { case "slaac": @@ -910,7 +898,7 @@ function return_gateway_groups_array() { fixup_default_gateway("inet6", $gateways_status, $gateways_arr); } if (is_array($config['gateways']['gateway_group'])) { - $carplist = get_configured_carp_interface_list(); + $viplist = get_configured_vip_list(); foreach ($config['gateways']['gateway_group'] as $group) { /* create array with group gateways members separated by tier */ $tiers = array(); @@ -919,10 +907,9 @@ function return_gateway_groups_array() { foreach ($group['item'] as $item) { list($gwname, $tier, $vipname) = explode("|", $item); - if (is_ipaddr($carplist[$vipname])) { - if (!is_array($gwvip_arr[$group['name']])) { + if (is_ipaddr($viplist[$vipname])) { + if (!is_array($gwvip_arr[$group['name']])) $gwvip_arr[$group['name']] = array(); - } $gwvip_arr[$group['name']][$gwname] = $vipname; } @@ -999,9 +986,8 @@ function return_gateway_groups_array() { $groupmember['int'] = $int; $groupmember['gwip'] = $gatewayip; $groupmember['weight'] = isset($gateway['weight']) ? $gateway['weight'] : 1; - if (is_array($gwvip_arr[$group['name']])&& !empty($gwvip_arr[$group['name']][$member])) { + if (is_array($gwvip_arr[$group['name']]) && !empty($gwvip_arr[$group['name']][$member])) $groupmember['vip'] = $gwvip_arr[$group['name']][$member]; - } $gateway_groups_array[$group['name']][] = $groupmember; } } @@ -1079,7 +1065,9 @@ function get_interface_gateway($interface, &$dynamic = false) { global $config, $g; if (substr($interface, 0, 4) == '_vip') { - $interface = get_configured_carp_interface_list($interface, 'inet', 'iface'); + $interface = get_configured_vip_interface($interface); + if (substr($interface, 0, 4) == '_vip') + $interface = get_configured_vip_interface($interface); } $gw = NULL; @@ -1114,7 +1102,9 @@ function get_interface_gateway_v6($interface, &$dynamic = false) { global $config, $g; if (substr($interface, 0, 4) == '_vip') { - $interface = get_configured_carp_interface_list($interface, 'inet6', 'iface'); + $interface = get_configured_vip_interface($interface); + if (substr($interface, 0, 4) == '_vip') + $interface = get_configured_vip_interface($interface); } $gw = NULL; diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index 60ba40e..dc984fd 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -1188,20 +1188,7 @@ function interface_reconfigure($interface = "wan", $reloadall = false) { function interface_vip_bring_down($vip) { global $g; - if (strpos($vip['interface'], '_vip')) { - if (is_ipaddrv6($vip['subnet'])) { - $family = 'inet6'; - } else { - $family = 'inet'; - } - - $carpvip = get_configured_carp_interface_list($vip['interface'], $family, 'vip'); - $iface = $carpvip['interface']; - } else { - $iface = $vip['interface']; - } - - $vipif = get_real_interface($iface); + $vipif = get_real_interface($vip['interface']); switch ($vip['mode']) { case "proxyarp": if (file_exists("{$g['varrun_path']}/choparp_{$vipif}.pid")) { @@ -2324,60 +2311,30 @@ function interface_ipalias_configure(&$vip) { return; } - if ($vip['interface'] != 'lo0' && stripos($vip['interface'], '_vip') === false) { - if (!isset($config['interfaces'][$vip['interface']])) { + $realif = get_real_interface("_vip{$vip['uniqid']}"); + if ($realif != "lo0") { + $if = convert_real_interface_to_friendly_interface_name($realif); + if (!isset($config['interfaces'][$if])) { return; } - if (!isset($config['interfaces'][$vip['interface']]['enable'])) { + if (!isset($config['interfaces'][$if]['enable'])) { return; } } $af = 'inet'; - if (is_ipaddrv6($vip['subnet'])) { + if (is_ipaddrv6($vip['subnet'])) $af = 'inet6'; - } $iface = $vip['interface']; - $vipadd = ''; - if (strpos($vip['interface'], '_vip')) { - $carpvip = get_configured_carp_interface_list($vip['interface'], $af, 'vip'); + $vhid = ''; + if (substr($vip['interface'], 0, 4) == "_vip") { + $carpvip = get_configured_vip($vip['interface']); $iface = $carpvip['interface']; - $vipadd = "vhid {$carpvip['vhid']}"; - } - $if = get_real_interface($iface); - mwexec("/sbin/ifconfig " . escapeshellarg($if) ." {$af} ". escapeshellarg($vip['subnet']) ."/" . escapeshellarg($vip['subnet_bits']) . " alias {$vipadd}"); - unset($iface, $af, $if, $carpvip, $vipadd); -} - -function interface_reload_carps($cif) { - global $config; - - $carpifs = link_ip_to_carp_interface(find_interface_ip($cif)); - if (empty($carpifs)) { - return; - } - - $carps = explode(" ", $carpifs); - if (is_array($config['virtualip']['vip'])) { - $viparr = &$config['virtualip']['vip']; - foreach ($viparr as $vip) { - if (in_array($vip['carpif'], $carps)) { - switch ($vip['mode']) { - case "carp": - interface_vip_bring_down($vip); - sleep(1); - interface_carp_configure($vip); - break; - case "ipalias": - interface_vip_bring_down($vip); - sleep(1); - interface_ipalias_configure($vip); - break; - } - } - } + $vhid = "vhid {$carpvip['vhid']}"; } + mwexec("/sbin/ifconfig " . escapeshellarg($realif) ." {$af} ". escapeshellarg($vip['subnet']) ."/" . escapeshellarg($vip['subnet_bits']) . " alias {$vhid}"); + unset($iface, $af, $realif, $carpvip, $vhid); } function interface_carp_configure(&$vip) { @@ -4535,16 +4492,6 @@ function get_current_wan_address($interface = "wan") { function convert_real_interface_to_friendly_interface_name($interface = "wan", $checkparent = false) { global $config; - if (stripos($interface, "_vip")) { - foreach ($config['virtualip']['vip'] as $counter => $vip) { - if ($vip['mode'] == "carp") { - if ($interface == "_vip{$vip['uniqid']}") { - return $vip['interface']; - } - } - } - } - /* XXX: For speed reasons reference directly the interface array */ $ifdescrs = &$config['interfaces']; //$ifdescrs = get_configured_interface_list(false, true); @@ -4781,10 +4728,9 @@ function get_real_interface($interface = "wan", $family = "all", $realv6iface = break; default: if (substr($interface, 0, 4) == '_vip') { - $wanif = get_configured_carp_interface_list($interface, $family, 'iface'); - if (!empty($wanif)) { - $wanif = get_real_interface($wanif, $family); - } + $wanif = get_configured_vip_interface($interface); + if (!empty($wanif)) + $wanif = get_real_interface($wanif); break; } else if (substr($interface, 0, 5) == '_lloc') { $interface = substr($interface, 5); @@ -4961,123 +4907,6 @@ function find_virtual_ip_alias($ip, $bits = null) { return false; } -/* - * find_number_of_created_carp_interfaces: return the number of carp interfaces - */ -function find_number_of_created_carp_interfaces() { - return `/sbin/ifconfig | /usr/bin/grep "carp:" | /usr/bin/wc -l`; -} - -/* - * find_carp_interface($ip): return the carp interface where an ip is defined - */ -function find_carp_interface($ip) { - global $config; - if (is_array($config['virtualip']['vip'])) { - foreach ($config['virtualip']['vip'] as $vip) { - if ($vip['mode'] == "carp") { - if (is_ipaddrv4($ip)) { - $carp_ip = get_interface_ip($vip['interface']); - } - if (is_ipaddrv6($ip)) { - $carp_ip = get_interface_ipv6($vip['interface']); - } - exec("/sbin/ifconfig", $output, $return); - foreach ($output as $line) { - $elements = preg_split("/[ ]+/i", $line); - if (strstr($elements[0], "vip")) { - $curif = str_replace(":", "", $elements[0]); - } - if (stristr($line, $ip)) { - $if = $curif; - continue; - } - } - - if ($if) { - return $if; - } - } - } - } -} - -function link_carp_interface_to_parent($interface) { - global $config; - - if (empty($interface)) { - return; - } - - $carp_ip = get_interface_ip($interface); - $carp_ipv6 = get_interface_ipv6($interface); - - if ((!is_ipaddrv4($carp_ip)) && (!is_ipaddrv6($carp_ipv6))) { - return; - } - - /* if list */ - $ifdescrs = get_configured_interface_list(); - foreach ($ifdescrs as $ifdescr => $ifname) { - /* check IPv4 */ - if (is_ipaddrv4($carp_ip)) { - $interfaceip = get_interface_ip($ifname); - $subnet_bits = get_interface_subnet($ifname); - $subnet_ip = gen_subnet("{$interfaceip}", "{$subnet_bits}"); - if (ip_in_subnet($carp_ip, "{$subnet_ip}/{$subnet_bits}")) { - return $ifname; - } - } - /* Check IPv6 */ - if (is_ipaddrv6($carp_ipv6)) { - $interfaceipv6 = get_interface_ipv6($ifname); - $prefixlen = get_interface_subnetv6($ifname); - if (ip_in_subnet($carp_ipv6, "{$interfaceipv6}/{$prefixlen}")) { - return $ifname; - } - } - } - return ""; -} - - -/****f* interfaces/link_ip_to_carp_interface - * NAME - * link_ip_to_carp_interface - Find where a CARP interface links to. - * INPUTS - * $ip - * RESULT - * $carp_ints - ******/ -function link_ip_to_carp_interface($ip) { - global $config; - - if (!is_ipaddr($ip)) { - return; - } - - $carp_ints = ""; - if (is_array($config['virtualip']['vip'])) { - $first = 0; - $carp_int = array(); - foreach ($config['virtualip']['vip'] as $vip) { - if ($vip['mode'] == "carp") { - $carp_ip = $vip['subnet']; - $carp_sn = $vip['subnet_bits']; - $carp_nw = gen_subnet($carp_ip, $carp_sn); - if (ip_in_subnet($ip, "{$carp_nw}/{$carp_sn}")) { - $carp_int[] = get_real_interface($vip['interface']); - } - } - } - if (!empty($carp_int)) { - $carp_ints = implode(" ", array_unique($carp_int)); - } - } - - return $carp_ints; -} - function link_interface_to_track6($int, $action = "") { global $config; @@ -5433,22 +5262,11 @@ function get_possible_listen_ips($include_ipv6_link_local=false) { } } } - /* XXX: Maybe use array_merge below? */ - $carplist = get_configured_carp_interface_list(); - foreach ($carplist as $cif => $carpip) { - if (get_vip_descr($carpip)) { - $interfaces[$cif] = $carpip . ' (' . get_vip_descr($carpip) . ')'; - } else { - $interfaces[$cif] = $carpip; - } - } - $aliaslist = get_configured_ip_aliases_list(); - foreach ($aliaslist as $aliasip => $aliasif) { - if (get_vip_descr($aliasip)) { - $interfaces[$aliasip] = $aliasip . ' (' . get_vip_descr($aliasip) . ')'; - } else { - $interfaces[$aliasip] = $aliasip; - } + $viplist = get_configured_vip_list(); + foreach ($viplist as $vip => $address) { + $interfaces[$vip] = $address; + if (get_vip_descr($address)) + $interfaces[$vip] .= " (". get_vip_descr($address) .")"; } $interfaces['lo0'] = 'Localhost'; @@ -5476,7 +5294,7 @@ function get_possible_traffic_source_addresses($include_ipv6_link_local=false) { function get_interface_ip($interface = "wan") { if (substr($interface, 0, 4) == '_vip') { - return get_configured_carp_interface_list($interface); + return get_configured_vip_ipv4($interface); } else if (substr($interface, 0, 5) == '_lloc') { /* No link-local address for v4. */ return null; @@ -5488,7 +5306,7 @@ function get_interface_ip($interface = "wan") { } if (substr($realif, 0, 4) == '_vip') { - return get_configured_carp_interface_list($realif, 'inet', 'ip'); + return get_configured_vip_ipv4($realif); } else if (substr($realif, 0, 5) == '_lloc') { /* No link-local address for v4. */ return null; @@ -5505,15 +5323,21 @@ function get_interface_ip($interface = "wan") { function get_interface_ipv6($interface = "wan", $flush = false) { global $config; + if (substr($interface, 0, 4) == '_vip') { + return get_configured_vip_ipv6($interface); + } else if (substr($interface, 0, 5) == '_lloc') { + return get_interface_linklocal($interface); + } + $realif = get_failover_interface($interface, 'inet6'); if (!$realif) { return null; } - if (substr($interface, 0, 4) == '_vip') { - return get_configured_carp_interface_list($interface, 'inet6', 'ip'); - } else if (substr($interface, 0, 5) == '_lloc') { - return get_interface_linklocal($interface); + if (substr($realif, 0, 4) == '_vip') { + return get_configured_vip_ipv6($realif); + } else if (substr($realif, 0, 5) == '_lloc') { + return get_interface_linklocal($realif); } if (is_array($config['interfaces'][$interface])) { @@ -5570,42 +5394,36 @@ function get_interface_linklocal($interface = "wan") { function get_interface_subnet($interface = "wan") { - if (substr($interface, 0, 4) == '_vip') { - return get_configured_carp_interface_list($interface, 'inet', 'subnet'); - } + if (substr($interface, 0, 4) == '_vip') + return (get_configured_vip_subnetv4($interface)); $realif = get_real_interface($interface); - if (!$realif) { - return null; - } + if (!$realif) + return (NULL); $cursn = find_interface_subnet($realif); - if (!empty($cursn)) { - return $cursn; - } + if (!empty($cursn)) + return ($cursn); - return null; + return (NULL); } function get_interface_subnetv6($interface = "wan") { - if (substr($interface, 0, 4) == '_vip') { - return get_configured_carp_interface_list($interface, 'inet6', 'subnet'); - } else if (substr($interface, 0, 5) == '_lloc') { + if (substr($interface, 0, 4) == '_vip') + return (get_configured_vip_subnetv6($interface)); + else if (substr($interface, 0, 5) == '_lloc') $interface = substr($interface, 5); - } $realif = get_real_interface($interface, 'inet6'); - if (!$realif) { - return null; - } + if (!$realif) + return (NULL); $cursn = find_interface_subnetv6($realif); - if (!empty($cursn)) { - return $cursn; - } + if (!empty($cursn)) + return ($cursn); - return null; + return (NULL); } /* return outside interfaces with a gateway */ diff --git a/src/etc/inc/ipsec.inc b/src/etc/inc/ipsec.inc index b90c870..f3e8ef2 100644 --- a/src/etc/inc/ipsec.inc +++ b/src/etc/inc/ipsec.inc @@ -275,28 +275,16 @@ function ipsec_ikeid_next() { function ipsec_get_phase1_src(& $ph1ent) { if ($ph1ent['interface']) { - if (!is_ipaddr($ph1ent['interface'])) { - if (strpos($ph1ent['interface'], '_vip')) { - $if = $ph1ent['interface']; - } else { - $if = get_failover_interface($ph1ent['interface']); - } - if ($ph1ent['protocol'] == "inet6") { - $interfaceip = get_interface_ipv6($if); - } else { - $interfaceip = get_interface_ip($if); - } - } else { - $interfaceip = $ph1ent['interface']; - } - } else { + if (substr($ph1ent['interface'], 0, 4) == "_vip") + $if = $ph1ent['interface']; + else + $if = get_failover_interface($ph1ent['interface']); + } else $if = "wan"; - if ($ph1ent['protocol'] == "inet6") { - $interfaceip = get_interface_ipv6($if); - } else { - $interfaceip = get_interface_ip($if); - } - } + if ($ph1ent['protocol'] == "inet6") + $interfaceip = get_interface_ipv6($if); + else + $interfaceip = get_interface_ip($if); return $interfaceip; } diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc index c225727..06f44c6 100644 --- a/src/etc/inc/openvpn.inc +++ b/src/etc/inc/openvpn.inc @@ -160,25 +160,18 @@ function openvpn_build_if_list() { $list = array(); $interfaces = get_configured_interface_with_descr(); - $carplist = get_configured_carp_interface_list(); - - foreach ($carplist as $cif => $carpip) { - $interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; - } - - $aliaslist = get_configured_ip_aliases_list(); - - foreach ($aliaslist as $aliasip => $aliasif) { - $interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; + $viplist = get_configured_vip_list(); + foreach ($viplist as $vip => $address) { + $interfaces[$vip.'|'.$address] = $address; + if (get_vip_descr($address)) { + $interfaces[$vip.'|'.$address] .= " ("; + $interfaces[$vip.'|'.$address] .= get_vip_descr($address); + $interfaces[$vip.'|'.$address] .= ")"; + } } $grouplist = return_gateway_groups_array(); - foreach ($grouplist as $name => $group) { - if ($group['ipprotocol'] != inet) { - continue; - } - if ($group[0]['vip'] != "") { $vipif = $group[0]['vip']; } else { @@ -277,16 +270,12 @@ function openvpn_build_bridge_list() { $serverbridge_interface['none'] = "none"; $serverbridge_interface = array_merge($serverbridge_interface, get_configured_interface_with_descr()); - $carplist = get_configured_carp_interface_list(); - - foreach ($carplist as $cif => $carpip) { - $serverbridge_interface[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; - } - - $aliaslist = get_configured_ip_aliases_list(); + $viplist = get_configured_vip_list(); - foreach ($aliaslist as $aliasip => $aliasif) { - $serverbridge_interface[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; + foreach ($viplist as $vip => $address) { + $serverbridge_interface[$vip.'|'.$address] = $address; + if (get_vip_descr($address)) + $serverbridge_interface[$vip.'|'.$address] .= " (". get_vip_descr($address) .")"; } foreach ($serverbridge_interface as $iface => $ifacename) { diff --git a/src/etc/inc/pfsense-utils.inc b/src/etc/inc/pfsense-utils.inc index 07364f2..5aa43f2 100644 --- a/src/etc/inc/pfsense-utils.inc +++ b/src/etc/inc/pfsense-utils.inc @@ -2714,20 +2714,6 @@ function where_is_ipaddr_configured($ipaddr, $ignore_if = "", $check_localip = f } } - $interface_list_vips = get_configured_vips_list(true); - foreach ($interface_list_vips as $id => $vip) { - /* Skip CARP interfaces here since they were already checked above */ - if ($id == $ignore_vip_id || (substr($ignore_if, 0, 4) == '_vip') && $ignore_vip_if === $vip['if']) { - continue; - } - if (strcasecmp($ipaddr, $vip['ipaddr']) == 0) { - $where_entry = array(); - $where_entry['if'] = $vip['if']; - $where_entry['ip_or_subnet'] = $vip['ipaddr']; - $where_configured[] = $where_entry; - } - } - if ($check_localip) { if (!is_array($config['l2tp']) && !empty($config['l2tp']['localip']) && (strcasecmp($ipaddr, $config['l2tp']['localip']) == 0)) { $where_entry = array(); diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc index 6c29b8e..386afd7 100644 --- a/src/etc/inc/services.inc +++ b/src/etc/inc/services.inc @@ -73,7 +73,6 @@ function services_radvd_configure($blacklist = array()) { $Iflist = get_configured_interface_list(); $Iflist = array_merge($Iflist, get_configured_pppoe_server_interfaces()); - $carplist = get_configured_carp_interface_list(); $radvdconf = "# Automatically Generated, do not edit\n"; @@ -106,26 +105,7 @@ function services_radvd_configure($blacklist = array()) { $dhcpv6ifconf['rapriority'] = "medium"; } - /* always start with the real parent, we override with the carp if later */ - $carpif = false; - /* check if we need to listen on a CARP interface */ - if (!empty($dhcpv6ifconf['rainterface'])) { - if (!empty($carplist[$dhcpv6ifconf['rainterface']])) { - $dhcpv6if = $dhcpv6ifconf['rainterface']; - $carpif = true; - } - } - - if (strstr($dhcpv6if, "_vip")) { - // CARP IP, check if it's enabled and find parent - if (!get_carp_status() || get_carp_interface_status($dhcpv6if) != "MASTER") { - continue; - } - $ifparent = link_carp_interface_to_parent($dhcpv6if); - $realif = convert_friendly_interface_to_real_interface_name($ifparent); - } else { - $realif = get_real_interface($dhcpv6if, "inet6"); - } + $realif = get_real_interface($dhcpv6if, "inet6"); if (isset($radvdifs[$realif])) { continue; @@ -178,11 +158,7 @@ function services_radvd_configure($blacklist = array()) { break; } $radvdconf .= "\tprefix {$subnetv6}/{$ifcfgsnv6} {\n"; - if ($carpif == true) { - $radvdconf .= "\t\tDeprecatePrefix off;\n"; - } else { - $radvdconf .= "\t\tDeprecatePrefix on;\n"; - } + $radvdconf .= "\t\tDeprecatePrefix on;\n"; switch ($dhcpv6ifconf['ramode']) { case "managed": $radvdconf .= "\t\tAdvOnLink on;\n"; @@ -225,11 +201,7 @@ function services_radvd_configure($blacklist = array()) { foreach ($dhcpv6ifconf['subnets']['item'] as $subnet) { if (is_subnetv6($subnet)) { $radvdconf .= "\tprefix {$subnet} {\n"; - if ($carpif == true) { - $radvdconf .= "\t\tDeprecatePrefix off;\n"; - } else { - $radvdconf .= "\t\tDeprecatePrefix on;\n"; - } + $radvdconf .= "\t\tDeprecatePrefix on;\n"; switch ($dhcpv6ifconf['ramode']) { case "managed": $radvdconf .= "\t\tAdvOnLink on;\n"; @@ -256,15 +228,9 @@ function services_radvd_configure($blacklist = array()) { } } } - if ($carpif === true) { - $radvdconf .= "\troute ::/0 {\n"; - $radvdconf .= "\t\tRemoveRoute off;\n"; - $radvdconf .= "\t};\n"; - } else { - $radvdconf .= "\troute ::/0 {\n"; - $radvdconf .= "\t\tRemoveRoute on;\n"; - $radvdconf .= "\t};\n"; - } + $radvdconf .= "\troute ::/0 {\n"; + $radvdconf .= "\t\tRemoveRoute on;\n"; + $radvdconf .= "\t};\n"; /* add DNS servers */ $dnslist = array(); @@ -322,13 +288,7 @@ function services_radvd_configure($blacklist = array()) { continue; } - if (strstr($if, "_vip")) { - // CARP IP, find parent - $ifparent = link_carp_interface_to_parent($if); - $realif = convert_friendly_interface_to_real_interface_name($ifparent); - } else { - $realif = get_real_interface($if, "inet6"); - } + $realif = get_real_interface($if, "inet6"); /* prevent duplicate entries, manual overrides */ if (isset($radvdifs[$realif])) { @@ -1924,7 +1884,6 @@ function services_dyndns_configure_client($conf) { $dns = new updatedns($dnsService = $conf['type'], $dnsHost = $conf['host'], - $dnsDomain = $conf['domainname'], $dnsUser = $conf['username'], $dnsPass = $conf['password'], $dnsWildcard = $conf['wildcard'], @@ -2054,43 +2013,23 @@ function services_dnsmasq_configure() { if (isset($config['dnsmasq']['interface'])) { $interfaces = explode(",", $config['dnsmasq']['interface']); foreach ($interfaces as $interface) { - if (is_ipaddrv4($interface)) { - $listen_addresses .= " --listen-address={$interface} "; - } else if (is_ipaddrv6($interface)) { - /* - * XXX: Since dnsmasq does not support link-local address - * with scope specified. These checks are being done. - */ - if (is_linklocal($interface) && strstr($interface, "%")) { - $tmpaddrll6 = explode("%", $interface); - $listen_addresses .= " --listen-address={$tmpaddrll6[0]} "; - } else { - $listen_addresses .= " --listen-address={$interface} "; - } - } else if (strstr($interface, "_vip")) { - $laddr = get_configured_carp_interface_list($interface); - if (is_ipaddr($laddr)) { + $if = get_real_interface($interface); + if (does_interface_exist($if)) { + $laddr = get_interface_ip($interface); + if (is_ipaddrv4($laddr)) { $listen_addresses .= " --listen-address={$laddr} "; } - } else { - $if = get_real_interface($interface); - if (does_interface_exist($if)) { - $laddr = get_interface_ip($interface); - if (is_ipaddrv4($laddr)) { - $listen_addresses .= " --listen-address={$laddr} "; - } - $laddr6 = get_interface_ipv6($interface); - if (is_ipaddrv6($laddr6) && !isset($config['dnsmasq']['strictbind'])) { - /* - * XXX: Since dnsmasq does not support link-local address - * with scope specified. These checks are being done. - */ - if (is_linklocal($laddr6) && strstr($laddr6, "%")) { - $tmpaddrll6 = explode("%", $laddr6); - $listen_addresses .= " --listen-address={$tmpaddrll6[0]} "; - } else { - $listen_addresses .= " --listen-address={$laddr6} "; - } + $laddr6 = get_interface_ipv6($interface); + if (is_ipaddrv6($laddr6) && !isset($config['dnsmasq']['strictbind'])) { + /* + * XXX: Since dnsmasq does not support link-local address + * with scope specified. These checks are being done. + */ + if (is_linklocal($laddr6) && strstr($laddr6, "%")) { + $tmpaddrll6 = explode("%", $laddr6); + $listen_addresses .= " --listen-address={$tmpaddrll6[0]} "; + } else { + $listen_addresses .= " --listen-address={$laddr6} "; } } } diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index e9a53b9..ca3af44 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -1792,17 +1792,15 @@ function system_ntp_configure($start_ntpd=true) { } if (is_array($interfaces) && count($interfaces)) { + $finterfaces = array(); $ntpcfg .= "interface ignore all\n"; foreach ($interfaces as $interface) { - if (strstr($interface, "_vip")) { - $interface = get_configured_carp_interface_list($interface); - } - if (!is_ipaddr($interface)) { - $interface = get_real_interface($interface); - } - if (!empty($interface)) { - $ntpcfg .= "interface listen {$interface}\n"; - } + $interface = get_real_interface($interface); + if (!empty($interface)) + $finterfaces[] = $interface; + } + foreach ($finterfaces as $interface) { + $ntpcfg .= "interface listen {$interface}\n"; } } diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc index 5a23f9f..3ec908f 100644 --- a/src/etc/inc/util.inc +++ b/src/etc/inc/util.inc @@ -1132,108 +1132,98 @@ function is_inrange($test, $start, $end) { return is_ipaddrv6($test) ? is_inrange_v6($test, $start, $end) : is_inrange_v4($test, $start, $end); } -/* XXX: return the configured carp interface list */ -function get_configured_carp_interface_list($carpinterface = '', $family = 'inet', $what = 'ip') { +function get_configured_vip_list($family = 'all') { global $config; - $iflist = array(); - - if (!is_array($config['virtualip']['vip']) || empty($config['virtualip']['vip'])) { - return $iflist; - } + $list = array(); + if (!is_array($config['virtualip']['vip']) || empty($config['virtualip']['vip'])) + return ($list); $viparr = &$config['virtualip']['vip']; foreach ($viparr as $vip) { - if ($vip['mode'] != "carp") { + if ($vip['mode'] != "carp" && $vip['mode'] != "ipalias") continue; + + if ($family == 'all' || + ($family == 'inet' && is_ipaddrv4($vip['subnet'])) || + ($family == 'inet6' && is_ipaddrv6($vip['subnet']))) { + $list["_vip{$vip['uniqid']}"] = $vip['subnet']; } + } + return ($list); +} + +function get_configured_vip($vipinterface = '') { + + return (get_configured_vip_detail($vipinterface, 'all', 'vip')); +} + +function get_configured_vip_interface($vipinterface = '') { + + return (get_configured_vip_detail($vipinterface, 'all', 'iface')); +} + +function get_configured_vip_ipv4($vipinterface = '') { + + return (get_configured_vip_detail($vipinterface, 'inet', 'ip')); +} - if (empty($carpinterface)) { - $iflist["_vip{$vip['uniqid']}"] = $vip['subnet']; +function get_configured_vip_ipv6($vipinterface = '') { + + return (get_configured_vip_detail($vipinterface, 'inet6', 'ip')); +} + +function get_configured_vip_subnetv4($vipinterface = '') { + + return (get_configured_vip_detail($vipinterface, 'inet', 'subnet')); +} + +function get_configured_vip_subnetv6($vipinterface = '') { + + return (get_configured_vip_detail($vipinterface, 'inet6', 'subnet')); +} + +function get_configured_vip_detail($vipinterface = '', $family = 'inet', $what = 'ip') { + global $config; + + if (empty($vipinterface) || !is_array($config['virtualip']['vip']) || + empty($config['virtualip']['vip'])) { + return (NULL); + } + + $viparr = &$config['virtualip']['vip']; + foreach ($viparr as $vip) { + if ($vip['mode'] != "carp" && $vip['mode'] != "ipalias") continue; - } - if ($carpinterface != "_vip{$vip['uniqid']}") { + if ($vipinterface != "_vip{$vip['uniqid']}") continue; - } switch ($what) { case 'subnet': - if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) { - return $vip['subnet_bits']; - } else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) { - return $vip['subnet_bits']; - } + if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) + return ($vip['subnet_bits']); + else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) + return ($vip['subnet_bits']); break; case 'iface': - if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) { - return $vip['interface']; - } else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) { - return $vip['interface']; - } + return ($vip['interface']); break; case 'vip': - if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) { - return $vip; - } else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) { - return $vip; - } + return ($vip); break; case 'ip': default: - if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) { - return $vip['subnet']; - } else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) { - return $vip['subnet']; - } + if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) + return ($vip['subnet']); + else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) + return ($vip['subnet']); break; } break; } - return $iflist; -} - -/* return the configured IP aliases list */ -function get_configured_ip_aliases_list($returnfullentry = false) { - global $config; - - $alias_list = array(); - - if (is_array($config['virtualip']['vip'])) { - $viparr = &$config['virtualip']['vip']; - foreach ($viparr as $vip) { - if ($vip['mode'] == "ipalias") { - if ($returnfullentry) { - $alias_list[$vip['subnet']] = $vip; - } else { - $alias_list[$vip['subnet']] = $vip['interface']; - } - } - } - } - - return $alias_list; -} - -/* return all configured aliases list (IP, carp, proxyarp and other) */ -function get_configured_vips_list() { - global $config; - - $alias_list = array(); - - if (is_array($config['virtualip']['vip'])) { - $viparr = &$config['virtualip']['vip']; - foreach ($viparr as $vip) { - if ($vip['mode'] == "carp") { - $alias_list[] = array("ipaddr" => $vip['subnet'], "if" => "_vip{$vip['uniqid']}"); - } else { - $alias_list[] = array("ipaddr" => $vip['subnet'], "if" => $vip['interface']); - } - } - } - - return $alias_list; + return ($list); } /* comparison function for sorting by the order in which interfaces are normally created */ @@ -1319,7 +1309,7 @@ function get_configured_interface_with_descr($only_opt = false, $withdisabled = /* * get_configured_ip_addresses() - Return a list of all configured - * interfaces IP Addresses + * IPv4 addresses. * */ function get_configured_ip_addresses() { @@ -1336,7 +1326,7 @@ function get_configured_ip_addresses() { $ip_array[$int] = $ipaddr; } } - $interfaces = get_configured_carp_interface_list(); + $interfaces = get_configured_vip_list('inet'); if (is_array($interfaces)) { foreach ($interfaces as $int => $ipaddr) { $ip_array[$int] = $ipaddr; @@ -1360,7 +1350,7 @@ function get_configured_ip_addresses() { /* * get_configured_ipv6_addresses() - Return a list of all configured - * interfaces IPv6 Addresses + * IPv6 addresses. * */ function get_configured_ipv6_addresses() { @@ -1373,7 +1363,7 @@ function get_configured_ipv6_addresses() { $ipv6_array[$int] = $ipaddrv6; } } - $interfaces = get_configured_carp_interface_list(); + $interfaces = get_configured_vip_list('inet6'); if (is_array($interfaces)) { foreach ($interfaces as $int => $ipaddrv6) { $ipv6_array[$int] = $ipaddrv6; diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index c79a761..c7d6662 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -275,7 +275,6 @@ function vpn_ipsec_configure($restart = false) { $ipmap = array(); $rgmap = array(); $filterdns_list = array(); - $listeniflist = array(); $aggressive_mode_psk = false; unset($iflist); $ifacesuse = array(); @@ -289,14 +288,14 @@ function vpn_ipsec_configure($restart = false) { continue; } - if (strpos($ph1ent['interface'], '_vip')) { - $vpninterface = explode('_vip', $ph1ent['interface']); - $ifacesuse[] = get_real_interface($vpninterface[0]); + if (substr($ph1ent['interface'], 0, 4) == "_vip") { + $vpninterface = get_configured_vip_interface($ph1ent['interface']); + $ifacesuse[] = get_real_interface($vpninterface); } else { $vpninterface = get_failover_interface($ph1ent['interface']); - if (strpos($vpninterface, '_vip')) { - $vpninterface = explode('_vip', $vpninterface); - $ifacesuse[] = get_real_interface($vpninterface[0]); + if (substr($vpninterface, 0, 4) == "_vip") { + $vpninterface = get_configured_vip_interface($vpninterface); + $ifacesuse[] = get_real_interface($vpninterface); } elseif (!empty($vpninterface)) { $ifacesuse[] = $vpninterface; } @@ -307,7 +306,6 @@ function vpn_ipsec_configure($restart = false) { } $ikeid = $ph1ent['ikeid']; - $listeniflist = get_real_interface($a_phase1['interface']); $ep = ipsec_get_phase1_src($ph1ent); if (!is_ipaddr($ep)) { @@ -388,10 +386,10 @@ function vpn_ipsec_configure($restart = false) { } /* if no valid src IP was found in configured interfaces, try the vips */ if (is_null($srcip)) { - $viplist = get_configured_vips_list(); - foreach ($viplist as $vip) { - if (ip_in_subnet($vip['ipaddr'], $local_subnet)) { - $srcip = $vip['ipaddr']; + $viplist = get_configured_vip_list(); + foreach ($viplist as $vip => $address) { + if (ip_in_subnet($address, $local_subnet)) { + $srcip = $address; break; } } @@ -897,16 +895,14 @@ EOD; } if ($ph1ent['protocol'] == 'inet') { - if (strpos($ph1ent['interface'], '_vip')) { - $vpninterface = explode('_vip', $ph1ent['interface']); - $ifacesuse = get_real_interface($vpninterface[0]); - $vpninterface = $vpninterface[0]; + if (substr($ph1ent['interface'], 0, 4) == "_vip") { + $vpninterface = get_configured_vip_interface($ph1ent['interface']); + $ifacesuse = get_real_interface($vpninterface); } else { $ifacesuse = get_failover_interface($ph1ent['interface']); - if (strpos($ifacesuse, '_vip')) { - $vpninterface = explode('_vip', $ifacesuse); - $ifacesuse = get_real_interface($vpninterface[0]); - $vpninterface = $vpninterface[0]; + if (substr($ifacesuse, 0, 4) == "_vip") { + $vpninterface = get_configured_vip_interface($ifacesuse); + $ifacesuse = get_real_interface($vpninterface); } else { $vpninterface = convert_real_interface_to_friendly_interface_name($ifacesuse); } @@ -926,16 +922,14 @@ EOD; } } } else if ($ph1ent['protocol'] == 'inet6') { - if (strpos($ph1ent['interface'], '_vip')) { - $vpninterface = explode('_vip', $ph1ent['interface']); - $ifacesuse = get_real_interface($vpninterface[0]); - $vpninterface = $vpninterface[0]; + if (substr($ph1ent['interface'], 0, 4) == "_vip") { + $vpninterface = get_configured_vip_interface($ph1ent['interface']); + $ifacesuse = get_real_interface($vpninterface); } else { $ifacesuse = get_failover_interface($ph1ent['interface']); - if (strpos($ifacesuse, '_vip')) { - $vpninterface = explode('_vip', $ifacesuse); - $ifacesuse = get_real_interface($vpninterface[0]); - $vpninterface = $vpninterface[0]; + if (substr($ifacesuse, 0, 4) == "_vip") { + $vpninterface = get_configured_vip_interface($ifacesuse); + $ifacesuse = get_real_interface($vpninterface); } else { $vpninterface = convert_real_interface_to_friendly_interface_name($ifacesuse); } diff --git a/src/usr/local/www/firewall_virtual_ip.php b/src/usr/local/www/firewall_virtual_ip.php index 964ba69..4e8226c 100644 --- a/src/usr/local/www/firewall_virtual_ip.php +++ b/src/usr/local/www/firewall_virtual_ip.php @@ -302,10 +302,18 @@ display_top_tabs($tab_array); <tbody> <?php $interfaces = get_configured_interface_with_descr(false, true); -$carplist = get_configured_carp_interface_list(); - -foreach ($carplist as $cif => $carpip) { - $interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")"; +$viplist = get_configured_vip_list(); + +foreach ($viplist as $vipname => $address) { + $interfaces[$vipname] = $address; + $interfaces[$vipname] .= " ("; + if (get_vip_descr($address)) + $interfaces[$vipname] .= get_vip_descr($address); + else { + $vip = get_configured_vip($vipname); + $interfaces[$vipname] .= "vhid: {$vip['vhid']}"; + } + $interfaces[$vipname] .= ")"; } $interfaces['lo0'] = "Localhost"; diff --git a/src/usr/local/www/firewall_virtual_ip_edit.php b/src/usr/local/www/firewall_virtual_ip_edit.php index f459813..d3beb92 100644 --- a/src/usr/local/www/firewall_virtual_ip_edit.php +++ b/src/usr/local/www/firewall_virtual_ip_edit.php @@ -141,23 +141,18 @@ if ($_POST) { if (isset($id) && isset($a_vip[$id])) { $ignore_if = $a_vip[$id]['interface']; $ignore_mode = $a_vip[$id]['mode']; - if (isset($a_vip[$id]['uniqid'])) { + if (isset($a_vip[$id]['uniqid'])) $ignore_uniqid = $a_vip[$id]['uniqid']; - } } else { $ignore_if = $_POST['interface']; $ignore_mode = $_POST['mode']; } - if (!isset($ignore_uniqid)) { + if (!isset($ignore_uniqid)) $ignore_uniqid = $_POST['uniqid']; - } - if ($ignore_mode == 'carp') { + if ($ignore_mode == 'carp' || $ignore_mode == 'ipalias') $ignore_if = "_vip{$ignore_uniqid}"; - } else { - $ignore_if .= "_virtualip{$id}"; - } if (is_ipaddr_configured($_POST['subnet'], $ignore_if)) { $input_errors[] = gettext("This IP address is being used by another interface or VIP."); @@ -215,37 +210,18 @@ if ($_POST) { if ($_POST['interface'] == 'lo0') { $input_errors[] = gettext("For this type of vip localhost is not allowed."); - } else if (strpos($_POST['interface'], '_vip')) { + } else if (strstr($_POST['interface'], '_vip')) { $input_errors[] = gettext("A CARP parent interface can only be used with IP Alias type Virtual IPs."); } break; case 'ipalias': - if (strstr($_POST['interface'], "_vip")) { - if (is_ipaddrv4($_POST['subnet'])) { - $parent_ip = get_interface_ip($_POST['interface']); - $parent_sn = get_interface_subnet($_POST['interface']); - $subnet = gen_subnet($parent_ip, $parent_sn); - } else if (is_ipaddrv6($_POST['subnet'])) { - $parent_ip = get_interface_ipv6($_POST['interface']); - $parent_sn = get_interface_subnetv6($_POST['interface']); - $subnet = gen_subnetv6($parent_ip, $parent_sn); - } - - if (isset($parent_ip) && !ip_in_subnet($_POST['subnet'], "{$subnet}/{$parent_sn}") && - !ip_in_interface_alias_subnet(link_carp_interface_to_parent($_POST['interface']), $_POST['subnet'])) { - $cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'] ; - $input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."), $cannot_find); - } - - unset($parent_ip, $parent_sn, $subnet); - } - + /* ipalias works fine with localhost and CARP. */ break; default: if ($_POST['interface'] == 'lo0') { $input_errors[] = gettext("For this type of vip localhost is not allowed."); - } else if (strpos($_POST['interface'], '_vip')) { + } else if (strstr($_POST['interface'], '_vip')) { $input_errors[] = gettext("A CARP parent interface can only be used with IP Alias type Virtual IPs."); } @@ -283,6 +259,10 @@ if ($_POST) { } } + /* IPalias specific fields */ + if ($_POST['mode'] === "ipalias") + $vipent['uniqid'] = $_POST['uniqid']; + /* Common fields */ $vipent['descr'] = $_POST['descr']; if (isset($_POST['type'])) { @@ -343,10 +323,20 @@ function build_if_list() { $list = array(); $interfaces = get_configured_interface_with_descr(false, true); - $carplist = get_configured_carp_interface_list(); - - foreach ($carplist as $cif => $carpip) { - $interfaces[$cif] = $carpip . ' (' . get_vip_descr($carpip) . ')'; + $carplist = get_configured_vip_list(); + + foreach ($carplist as $vipname => $address) { + $vip = get_configured_vip($vipname); + if ($vip['mode'] != 'carp') + continue; + + $interfaces[$vipname] = $address; + $interfaces[$vipname] .= " ("; + if (get_vip_descr($address)) + $interfaces[$vipname] .= get_vip_descr($address); + else + $interfaces[$vipname] .= "vhid: {$vip['vhid']}"; + $interfaces[$vipname] .= ")"; } $interfaces['lo0'] = 'Localhost'; diff --git a/src/usr/local/www/interfaces_gre.php b/src/usr/local/www/interfaces_gre.php index 76da5dc..0acbf1e 100644 --- a/src/usr/local/www/interfaces_gre.php +++ b/src/usr/local/www/interfaces_gre.php @@ -135,10 +135,15 @@ display_top_tabs($tab_array); </tr> </thead> <tbody> -<?php foreach ($a_gres as $i => $gre): ?> +<?php foreach ($a_gres as $i => $gre): + if (substr($gre['if'], 0, 4) == "_vip") + $if = convert_real_interface_to_friendly_descr(get_real_interface($gre['if'])); + else + $if = $gre['if']; +?> <tr> <td> - <?=htmlspecialchars(convert_friendly_interface_to_friendly_descr($gre['if']))?> + <?=htmlspecialchars(convert_friendly_interface_to_friendly_descr($if))?> </td> <td> <?=htmlspecialchars($gre['remote-addr'])?> diff --git a/src/usr/local/www/services_ntpd.php b/src/usr/local/www/services_ntpd.php index 7892456..e91545b 100644 --- a/src/usr/local/www/services_ntpd.php +++ b/src/usr/local/www/services_ntpd.php @@ -229,22 +229,9 @@ function build_interface_list() { $iflist = array('options' => array(), 'selected' => array()); $interfaces = get_configured_interface_with_descr(); - $carplist = get_configured_carp_interface_list(); - - foreach ($carplist as $cif => $carpip) { - $interfaces[$cif] = $carpip . " (" . get_vip_descr($carpip) .")"; - } - - $aliaslist = get_configured_ip_aliases_list(); - - foreach ($aliaslist as $aliasip => $aliasif) { - $interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; - } - - $size = (count($interfaces) < 10) ? count($interfaces) : 10; - foreach ($interfaces as $iface => $ifacename) { - if (!is_ipaddr(get_interface_ip($iface)) && !is_ipaddr($iface)) { + if (!is_ipaddr(get_interface_ip($iface)) && + !is_ipaddrv6(get_interface_ipv6($iface))) { continue; } diff --git a/src/usr/local/www/services_router_advertisements.php b/src/usr/local/www/services_router_advertisements.php index dd13ed1..c7a221b 100644 --- a/src/usr/local/www/services_router_advertisements.php +++ b/src/usr/local/www/services_router_advertisements.php @@ -122,7 +122,6 @@ if (is_array($config['dhcpdv6'][$if])) { $pconfig['ravalidlifetime'] = $config['dhcpdv6'][$if]['ravalidlifetime']; $pconfig['rapreferredlifetime'] = $config['dhcpdv6'][$if]['rapreferredlifetime']; - $pconfig['rainterface'] = $config['dhcpdv6'][$if]['rainterface']; $pconfig['radomainsearchlist'] = $config['dhcpdv6'][$if]['radomainsearchlist']; list($pconfig['radns1'], $pconfig['radns2'], $pconfig['radns3']) = $config['dhcpdv6'][$if]['radnsserver']; $pconfig['rasamednsasdhcp6'] = isset($config['dhcpdv6'][$if]['rasamednsasdhcp6']); @@ -144,7 +143,6 @@ $priority_modes = array( "low" => gettext("Low"), "medium" => gettext("Normal"), "high" => gettext("High")); -$carplist = get_configured_carp_interface_list(); $subnets_help = '<span class="help-block">' . gettext("Subnets are specified in CIDR format. " . @@ -206,7 +204,6 @@ if ($_POST) { $config['dhcpdv6'][$if]['ramode'] = $_POST['ramode']; $config['dhcpdv6'][$if]['rapriority'] = $_POST['rapriority']; - $config['dhcpdv6'][$if]['rainterface'] = $_POST['rainterface']; $config['dhcpdv6'][$if]['ravalidlifetime'] = $_POST['ravalidlifetime']; $config['dhcpdv6'][$if]['rapreferredlifetime'] = $_POST['rapreferredlifetime']; @@ -325,37 +322,11 @@ $section->addInput(new Form_Input( ))->setHelp('Seconds. The length of time in seconds (relative to the time the packet is sent) that addresses generated from the prefix via stateless address autoconfiguration remain preferred.' . ' <br />' . 'The default is 14400 seconds.'); -$carplistif = array(); -if (count($carplist) > 0) { - foreach ($carplist as $ifname => $vip) { - if ((preg_match("/^{$if}_/", $ifname)) && (is_ipaddrv6($vip))) { - $carplistif[$ifname] = $vip; - } - } -} - -if (count($carplistif) > 0) { - $list = array(); - - foreach ($carplistif as $ifname => $vip) { - $list['interface'] = strtoupper($if); - $list[$ifname] = $ifname . ' - ' . $vip; - } - - $section->addInput(new Form_Select( - 'rainterface', - 'RA Interface', - $pconfig['rainterface'], - $list - ))->setHelp('Select the Interface for the Router Advertisement (RA) Daemon.'); -} - $section->addInput(new Form_StaticText( 'RA Subnets', $subnets_help )); - if (empty($pconfig['subnets'])) { $pconfig['subnets'] = array('0' => '/128'); } diff --git a/src/usr/local/www/status_carp.php b/src/usr/local/www/status_carp.php index 39d2a64..748c36b 100644 --- a/src/usr/local/www/status_carp.php +++ b/src/usr/local/www/status_carp.php @@ -64,11 +64,25 @@ require_once("guiconfig.inc"); require_once("globals.inc"); unset($interface_arr_cache); -unset($carp_interface_count_cache); unset($interface_ip_arr_cache); + +function find_ipalias($carpif) { + global $config; + + $ips = array(); + foreach ($config['virtualip']['vip'] as $vip) { + if ($vip['mode'] != "ipalias") + continue; + if ($vip['interface'] != $carpif) + continue; + $ips[] = "{$vip['subnet']}/{$vip['subnet_bits']}"; + } + + return ($ips); +} + $status = get_carp_status(); -$status = intval($status); if ($_POST['carp_maintenancemode'] != "") { interfaces_carp_set_maintenancemode(!isset($config["virtualip_carp_maintenancemode"])); @@ -80,28 +94,27 @@ if ($_POST['disablecarp'] != "") { if (is_array($config['virtualip']['vip'])) { $viparr = &$config['virtualip']['vip']; foreach ($viparr as $vip) { - switch ($vip['mode']) { - case "carp": - interface_vip_bring_down($vip); - - /* - * Reconfigure radvd when necessary - * XXX: Is it the best way to do it? - */ - if (isset($config['dhcpdv6']) && is_array($config['dhcpdv6'])) { - foreach ($config['dhcpdv6'] as $dhcpv6if => $dhcpv6ifconf) { - if ($dhcpv6if !== $vip['interface'] || - $dhcpv6ifconf['ramode'] === "disabled") { - continue; - } - - services_radvd_configure(); - break; - } + if ($vip['mode'] != "carp" && $vip['mode'] != "ipalias") + continue; + if ($vip['mode'] == "ipalias" && substr($vip['interface'], 0, 4) != "_vip") + continue; + + interface_vip_bring_down($vip); + + /* + * Reconfigure radvd when necessary + * XXX: Is it the best way to do it? + */ + if (isset($config['dhcpdv6']) && is_array($config['dhcpdv6'])) { + foreach ($config['dhcpdv6'] as $dhcpv6if => $dhcpv6ifconf) { + if ($dhcpv6if !== $vip['interface'] || + $dhcpv6ifconf['ramode'] === "disabled") { + continue; } - sleep(1); + services_radvd_configure(); break; + } } } } @@ -115,12 +128,10 @@ if ($_POST['disablecarp'] != "") { switch ($vip['mode']) { case "carp": interface_carp_configure($vip); - sleep(1); break; case 'ipalias': - if (strpos($vip['interface'], '_vip')) { + if (substr($vip['interface'], 0, 4) == "_vip") interface_ipalias_configure($vip); - } break; } } @@ -219,9 +230,9 @@ if ($carpcount == 0) { continue; } - $ipaddress = $carp['subnet']; $vhid = $carp['vhid']; $status = get_carp_interface_status("_vip{$carp['uniqid']}"); + $aliases = find_ipalias("_vip{$carp['uniqid']}"); if ($carp_enabled == false) { $icon = 'times-circle'; @@ -238,7 +249,13 @@ if ($carpcount == 0) { ?> <tr> <td><?=convert_friendly_interface_to_friendly_descr($carp['interface'])?>@<?=$vhid?></td> - <td><?=$ipaddress?></td> + <td> +<?php + printf("{$carp['subnet']}/{$carp['subnet_bits']}"); + for ($i = 0; $i < count($aliases); $i++) + printf("<br>{$aliases[$i]}"); +?> + </td> <td><i class="fa fa-<?=$icon?>"></i> <?=$status?></td> </tr> <?php }?> @@ -253,8 +270,14 @@ if ($carpcount == 0) { <div class="panel-body"> <ul> <?php - foreach (explode("\n", exec_command("/sbin/pfctl -vvss | /usr/bin/grep creator | /usr/bin/cut -d\" \" -f7 | /usr/bin/sort -u")) as $node) { - echo '<li>'. $node .'</li>'; + + $nodes = array(); + $states = pfSense_get_pf_states(); + for ($i = 0; $states != NULL && $i < count($states); $i++) { + $nodes[$states[$i]['creatorid']] = 1; + } + foreach ($nodes as $node => $nenabled) { + echo "<li>$node</li>"; } ?> </ul> diff --git a/src/usr/local/www/system_gateway_groups_edit.php b/src/usr/local/www/system_gateway_groups_edit.php index e875ffa..c083794 100644 --- a/src/usr/local/www/system_gateway_groups_edit.php +++ b/src/usr/local/www/system_gateway_groups_edit.php @@ -189,21 +189,15 @@ function build_gateway_protocol_map (&$a_gateways) { return $result; } -function build_carp_list() { - global $carplist, $gateway; +function build_vip_list($family = 'all') { $list = array('address' => gettext('Interface Address')); - foreach ($carplist as $vip => $address) { - if (($gateway['ipprotocol'] == "inet") && (!is_ipaddrv4($address))) { - continue; - } - if (($gateway['ipprotocol'] == "inet6") && (!is_ipaddrv6($address))) { - continue; - } - if ($gateway['friendlyiface'] == link_carp_interface_to_parent($vip)) { - $list[$vip] = "$address"; - } + $viplist = get_configured_vip_list($family); + foreach ($viplist as $vip => $address) { + $list[$vip] = "$address"; + if (get_vip_descr($address)) + $list[$vip] .= " (". get_vip_descr($address) .")"; } return($list); @@ -231,11 +225,16 @@ $section->addInput(new Form_Input( $pconfig['name'] )); - -$carplist = get_configured_carp_interface_list(); $row = 0; $numrows = count($a_gateways) - 1; +$group = new Form_Group('Gateway Priority'); +$group->add(new Form_StaticText('', ''))->setReadonly(); +$group->add(new Form_StaticText('', ''))->setReadonly(); +$group->add(new Form_StaticText('', ''))->setReadonly(); +$group->add(new Form_StaticText('', ''))->setWidth(3)->setReadonly(); +$section->add($group); + foreach ($a_gateways as $gwname => $gateway) { if (!empty($pconfig['item'])) { $af = explode("|", $pconfig['item'][0]); @@ -246,17 +245,19 @@ foreach ($a_gateways as $gwname => $gateway) { } } + $selected = '0'; + $vaddress = ''; foreach ((array)$pconfig['item'] as $item) { $itemsplit = explode("|", $item); if ($itemsplit[0] == $gwname) { $selected = $itemsplit[1]; + if (count($itemsplit) >= 3) + $vaddress = $itemsplit[2]; break; - } else { - $selected = '0'; } } - $group = new Form_Group($row == 0 ? 'Gateway Priority':null); + $group = new Form_Group(null); $group->addClass($gateway['ipprotocol']); $group->add(new Form_Input( @@ -264,8 +265,7 @@ foreach ($a_gateways as $gwname => $gateway) { 'Group Name', 'text', $gateway['name'] - ))->setHelp($row == $numrows ? 'Gateway':null) - ->setReadonly(); + ))->setReadonly(); $tr = gettext("Tier"); $group->add(new Form_Select( @@ -280,38 +280,34 @@ foreach ($a_gateways as $gwname => $gateway) { '4' => $tr . ' 4', '5' => $tr . ' 5' ) - ))->setHelp($row == $numrows ? 'Tier':null)->addClass('row')->addClass($gateway['ipprotocol']); - - foreach ((array)$pconfig['item'] as $item) { - $itemsplit = explode("|", $item); - if ($itemsplit[0] == $gwname) { - $selected = $itemsplit[2]; - break; - } else { - $selected = "0"; - } - } + ))->addClass('row')->addClass($gateway['ipprotocol']); $group->add(new Form_Select( $gwname . '_vip', 'Virtual IP', - $selected, - build_carp_list() - ))->setHelp($row == $numrows ? 'Virtual IP':null); + $vaddress, + build_vip_list($gateway['ipprotocol']) + )); $group->add(new Form_Input( 'description', 'Group Name', 'text', $gateway['descr'] - ))->setWidth(3)->setHelp($row == $numrows ? 'Description':null) - ->setReadonly(); + ))->setWidth(3)->setReadonly(); $section->add($group); $row++; } // e-o-foreach +$group = new Form_Group(null); +$group->add(new Form_StaticText('', ''))->setHelp('Gateway')->setReadonly(); +$group->add(new Form_StaticText('', ''))->setHelp('Tier')->setReadonly(); +$group->add(new Form_StaticText('', ''))->setHelp('Virtual IP')->setReadonly(); +$group->add(new Form_StaticText('', ''))->setWidth(3)->setHelp('Description')->setReadonly(); +$section->add($group); + $section->addInput(new Form_StaticText( 'Link Priority', 'The priority selected here defines in what order failover and balancing of links will be done. ' . diff --git a/src/usr/local/www/vpn_ipsec.php b/src/usr/local/www/vpn_ipsec.php index c4345cb..81f1dfe 100644 --- a/src/usr/local/www/vpn_ipsec.php +++ b/src/usr/local/www/vpn_ipsec.php @@ -323,14 +323,11 @@ display_top_tabs($tab_array); if ($ph1ent['interface']) { $iflabels = get_configured_interface_with_descr(); - $carplist = get_configured_carp_interface_list(); - foreach ($carplist as $cif => $carpip) { - $iflabels[$cif] = $carpip." (".get_vip_descr($carpip).")"; - } - - $aliaslist = get_configured_ip_aliases_list(); - foreach ($aliaslist as $aliasip => $aliasif) { - $iflabels[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; + $viplist = get_configured_vip_list(); + foreach ($viplist as $vip => $address) { + $iflabels[$vip] = $address; + if (get_vip_descr($address)) + $iflabels[$vip] .= " (". get_vip_descr($address) .")"; } $grouplist = return_gateway_groups_array(); diff --git a/src/usr/local/www/vpn_ipsec_phase1.php b/src/usr/local/www/vpn_ipsec_phase1.php index 5cd751e..aba06f3 100644 --- a/src/usr/local/www/vpn_ipsec_phase1.php +++ b/src/usr/local/www/vpn_ipsec_phase1.php @@ -524,16 +524,11 @@ if ($_POST) { function build_interface_list() { $interfaces = get_configured_interface_with_descr(); - $carplist = get_configured_carp_interface_list(); - - foreach ($carplist as $cif => $carpip) { - $interfaces[$cif] = $carpip . " (" . get_vip_descr($carpip) . ")"; - } - - $aliaslist = get_configured_ip_aliases_list(); - - foreach ($aliaslist as $aliasip => $aliasif) { - $interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; + $viplist = get_configured_vip_list(); + foreach ($viplist as $vip => $address) { + $interfaces[$vip] = $address; + if (get_vip_descr($address)) + $interfaces[$vip] .= " (". get_vip_descr($address) .")"; } $grouplist = return_gateway_groups_array(); diff --git a/src/usr/local/www/xmlrpc.php b/src/usr/local/www/xmlrpc.php index 559a168..d2d8ded 100755 --- a/src/usr/local/www/xmlrpc.php +++ b/src/usr/local/www/xmlrpc.php @@ -244,11 +244,11 @@ function restore_config_section_xmlrpc($raw_params) { $oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['content'] = "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}"; $oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['interface'] = $vip['interface']; $oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['subnet'] = $vip['subnet']; - } else if ($vip['mode'] == "ipalias" && (substr($vip['interface'], 0, 4) == '_vip' || strpos($vip['interface'], "lo0"))) { + } else if ($vip['mode'] == "ipalias" && (substr($vip['interface'], 0, 4) == '_vip' || strstr($vip['interface'], "lo0"))) { $oldvips[$vip['subnet']]['content'] = "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}"; $oldvips[$vip['subnet']]['interface'] = $vip['interface']; $oldvips[$vip['subnet']]['subnet'] = $vip['subnet']; - } else if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && !(substr($vip['interface'], 0, 4) == '_vip') || strpos($vip['interface'], "lo0")) { + } else if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && !(substr($vip['interface'], 0, 4) == '_vip') || strstr($vip['interface'], "lo0")) { $vipbackup[] = $vip; } } |
