diff options
| author | Ermal <eri@pfsense.org> | 2012-04-05 20:13:44 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2012-04-05 20:22:01 +0000 |
| commit | 7b47bd4c3ce792e94eca430f22891eb1dd36bb3c (patch) | |
| tree | 8c983217d31e50eda49d5622d30616d2bab91704 | |
| parent | c1a104c7c8cc61d103fe6eba8dd98a071074b4ec (diff) | |
| download | pfsense-7b47bd4c3ce792e94eca430f22891eb1dd36bb3c.zip pfsense-7b47bd4c3ce792e94eca430f22891eb1dd36bb3c.tar.gz | |
Make vips vhid be unique per parent interface!
| -rw-r--r-- | etc/devd.conf | 4 | ||||
| -rw-r--r-- | etc/inc/interfaces.inc | 79 | ||||
| -rw-r--r-- | etc/inc/openvpn.inc | 2 | ||||
| -rw-r--r-- | etc/inc/upgrade_config.inc | 20 | ||||
| -rw-r--r-- | etc/inc/util.inc | 10 | ||||
| -rwxr-xr-x | etc/rc.filter_synchronize | 2 | ||||
| -rwxr-xr-x | usr/local/www/carp_status.php | 4 | ||||
| -rwxr-xr-x | usr/local/www/firewall_virtual_ip.php | 2 | ||||
| -rwxr-xr-x | usr/local/www/firewall_virtual_ip_edit.php | 28 | ||||
| -rw-r--r-- | usr/local/www/widgets/widgets/carp_status.widget.php | 2 | ||||
| -rwxr-xr-x | usr/local/www/xmlrpc.php | 22 |
11 files changed, 84 insertions, 91 deletions
diff --git a/etc/devd.conf b/etc/devd.conf index c83ff6d..912bd7e 100644 --- a/etc/devd.conf +++ b/etc/devd.conf @@ -16,14 +16,14 @@ options { notify 100 { match "system" "IFNET"; match "type" "LINK_UP"; - match "subsystem" "vip"; + match "subsystem" "_vip"; action "/etc/rc.carpmaster $subsystem"; }; notify 100 { match "system" "IFNET"; match "type" "LINK_DOWN"; - match "subsystem" "vip"; + match "subsystem" "_vip"; action "/etc/rc.carpbackup $subsystem"; }; diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index e6d7d45..ddd66de 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -100,7 +100,7 @@ function does_vip_exist($vip) { switch ($vip['mode']) { case "carp": case "carpdev": - $realif = "vip{$vip['vhid']}"; + $realif = "{$vip['interface']}_vip{$vip['vhid']}"; if (!does_interface_exist($realif)) { return false; } @@ -750,9 +750,9 @@ function interfaces_gre_configure($checkparent = 0) { foreach ($config['gres']['gre'] as $i => $gre) { if(empty($gre['greif'])) $gre['greif'] = "gre{$i}"; - if ($checkparent == 1 && strstr($gre['if'], "vip")) + if ($checkparent == 1 && strstr($gre['if'], "_vip")) continue; - if ($checkparent == 2 && !strstr($gre['if'], "vip")) + if ($checkparent == 2 && !strstr($gre['if'], "_vip")) continue; /* XXX: Maybe we should report any errors?! */ interface_gre_configure($gre); @@ -816,9 +816,9 @@ function interfaces_gif_configure($checkparent = 0) { foreach ($config['gifs']['gif'] as $i => $gif) { if(empty($gif['gifif'])) $gre['gifif'] = "gif{$i}"; - if ($checkparent == 1 && strstr($gif['if'], "vip")) + if ($checkparent == 1 && strstr($gif['if'], "_vip")) continue; - if ($checkparent == 2 && !strstr($gif['if'], "vip")) + if ($checkparent == 2 && !strstr($gif['if'], "_vip")) continue; /* XXX: Maybe we should report any errors?! */ interface_gif_configure($gif); @@ -1034,13 +1034,9 @@ function interface_vip_bring_down($vip) { pfSense_interface_deladdress($vipif, $vip['subnet']); break; case "carp": - $vipif = "vip" . $vip['vhid']; - if(does_interface_exist($vipif)) - pfSense_interface_destroy($vipif); - break; case "carpdev-dhcp": - $vipif = "vip" . $vip['vhid']; - if(does_interface_exist($vipif)) + $vipif = "{$vip['interface']}_vip{$vip['vhid']}"; + if (does_interface_exist($vipif)) pfSense_interface_destroy($vipif); break; } @@ -1970,14 +1966,6 @@ function interface_carp_configure(&$vip) { if ($vip['mode'] != "carp") return; - $vip_password = $vip['password']; - $vip_password = escapeshellarg(addslashes(str_replace(" ", "", $vip_password))); - if ($vip['password'] != "") - $password = " pass {$vip_password}"; - - // set the vip interface to the vhid - $vipif = "vip{$vip['vhid']}"; - /* * ensure the interface containing the VIP really exists * prevents a panic if the interface is missing or invalid @@ -2005,7 +1993,8 @@ function interface_carp_configure(&$vip) { file_notice("CARP", sprintf(gettext("Sorry but we could not find a matching real interface subnet for the virtual IPv6 address %s."), $vip['subnet']), "Firewall: Virtual IP", ""); return; } - } + // set the vip interface to the vhid + $vipif = "{$vip['interface']}_vip{$vip['vhid']}"; /* create the carp interface and setup */ if (does_interface_exist($vipif)) { @@ -2019,7 +2008,12 @@ function interface_carp_configure(&$vip) { /* invalidate interface cache */ get_interface_arr(true); + $vip_password = $vip['password']; + $vip_password = escapeshellarg(addslashes(str_replace(" ", "", $vip_password))); + if ($vip['password'] != "") + $password = " pass {$vip_password}"; + $broadcast_address = gen_subnet_max($vip['subnet'], $vip['subnet_bits']); $advbase = ""; if (!empty($vip['advbase'])) $advbase = "advbase {$vip['advbase']}"; @@ -2036,7 +2030,7 @@ function interface_carp_configure(&$vip) { } interfaces_bring_up($vipif); - + return $vipif; } @@ -2046,17 +2040,12 @@ function interface_carpdev_configure(&$vip) { if ($vip['mode'] != "carpdev-dhcp") return; - $vip_password = $vip['password']; - $vip_password = str_replace(" ", "", $vip_password); - if($vip['password'] != "") - $password = " pass \"" . $vip_password . "\""; - if (empty($vip['interface'])) return; - $vipif = "vip" . $vip['vhid']; $realif = get_real_interface($vip['interface']); interfaces_bring_up($realif); + /* * ensure the interface containing the VIP really exists * prevents a panic if the interface is missing or invalid @@ -2066,6 +2055,7 @@ function interface_carpdev_configure(&$vip) { return; } + $vipif = "{$vip['interface']}_vip{$vip['vhid']}"; if (does_interface_exist($vipif)) { interface_bring_down($vipif); } else { @@ -2074,6 +2064,12 @@ function interface_carpdev_configure(&$vip) { pfSense_ngctl_name("{$carpdevif}:", $vipif); } + $vip_password = $vip['password']; + $vip_password = str_replace(" ", "", $vip_password); + if ($vip['password'] != "") + $password = " pass \"" . $vip_password . "\""; + + mwexec("/sbin/ifconfig {$vipif} carpdev {$realif} vhid {$vip['vhid']} advskew {$vip['advskew']} advbase {$vip['advbase']} {$password}"); interfaces_bring_up($vipif); @@ -3548,11 +3544,10 @@ function get_current_wan_address($interface = "wan") { function convert_real_interface_to_friendly_interface_name($interface = "wan") { global $config; - if (stristr($interface, "vip")) { - $index = intval(substr($interface, 3)); + if (stristr($interface, "_vip")) { foreach ($config['virtualip']['vip'] as $counter => $vip) { if ($vip['mode'] == "carpdev-dhcp" || $vip['mode'] == "carp") { - if ($index == $vip['vhid']) + if ($interface == "{$vip['interface']}_vip{$vip['vhid']}") return $vip['interface']; } } @@ -3608,11 +3603,11 @@ function convert_friendly_interface_to_friendly_descr($interface) { else $ifdesc = strtoupper($config['interfaces'][$interface]['descr']); break; - } else if (substr($interface, 0, 3) == "vip") { + } else if (stristr($interface, "_vip")) { if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $counter => $vip) { if ($vip['mode'] == "carpdev-dhcp" || $vip['mode'] == "carp") { - if ($interface == "vip{$vip['vhid']}") + if ($interface == "{$vip['interface']}_vip{$vip['vhid']}") return "{$vip['subnet']} - {$vip['descr']}"; } } @@ -3621,8 +3616,8 @@ function convert_friendly_interface_to_friendly_descr($interface) { /* if list */ $ifdescrs = get_configured_interface_with_descr(false, true); foreach ($ifdescrs as $if => $ifname) { - if ($if == $interface || $ifname == $interface) - return $ifname; + if ($if == $interface || $ifname == $interface) + return $ifname; } } break; @@ -3955,8 +3950,9 @@ function link_ip_to_carp_interface($ip) { $carp_ip = $vip['subnet']; $carp_sn = $vip['subnet_bits']; $carp_nw = gen_subnet($carp_ip, $carp_sn); - if (ip_in_subnet($ip, "{$carp_nw}/{$carp_sn}")) - $carp_int[] = "vip{$vip['vhid']}"; + if (ip_in_subnet($ip, "{$carp_nw}/{$carp_sn}")) { + $carp_int[] = "{$vip['interface']}_vip{$vip['vhid']}"; + } } } if (!empty($carp_int)) @@ -3990,14 +3986,9 @@ function link_interface_to_vips($int, $action = "") { if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $vip) { if ($int == $vip['interface']) { - if ($action == "update") { - if ($vip['mode'] == "carp" && !does_interface_exist("vip{$vip['vhid']}")) - interfaces_vips_configure($int); - else { - interface_vip_bring_down($vip); - interfaces_vips_configure($int); - } - } else + if ($action == "update") + interfaces_vips_configure($int); + else return $vip; } } diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 01a6f6a..6575842 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -673,7 +673,7 @@ function openvpn_restart($mode, $settings) { return; /* Do not start if we are a CARP backup on this vip! */ - if ((substr($settings['interface'], 0, 3) == "vip") && (get_carp_interface_status($settings['interface']) == "BACKUP")) + if ((strstr($settings['interface'], "_vip") && (get_carp_interface_status($settings['interface']) == "BACKUP")) return; /* start the new process */ diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index d8461ee..8929a88 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -2631,6 +2631,7 @@ function upgrade_079_to_080() { } function upgrade_080_to_081() { +<<<<<<< HEAD global $config; global $g; @@ -2713,13 +2714,30 @@ function upgrade_080_to_081() { } function upgrade_081_to_082() { - global $config; + global $config, $g; /* enable the allow IPv6 toggle */ $config['system']['ipv6allow'] = true; + + /* XXX: Gross hacks in sight */ + write_config(); + if (is_array($config['virtualips']['vip'])) { + $vipchg = array(); + foreach ($config['virtualips']['vip'] as $vip) { + $realif = get_real_interface($vip['interface']); + file_put_contents("{$g['tmp_path']}/vipreplace", "s/vip{$vip['vhid']}/{$realif}_vip{$vip['vhid']}/g\n"); + } + mwexec("/bin/sh -I \"\" -f {$g['tmp_path']}/vipreplace /conf/config.xml"); + require_once("config.lib.inc"); + $config = parse_config(true); + } } function upgrade_082_to_083() { global $config; + + /* enable the allow IPv6 toggle if coming from 2.0.x where x > 1 */ + $config['system']['ipv6allow'] = true; + /* Upgrade captiveportal config */ if (!empty($config['captiveportal'])) { $tmpcp = $config['captiveportal']; diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 3761a40..a2f52ef 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -631,11 +631,11 @@ function get_configured_carp_interface_list() { $viparr = &$config['virtualip']['vip']; foreach ($viparr as $vip) { switch ($vip['mode']) { - case "carp": - case "carpdev-dhcp": - $vipif = "vip" . $vip['vhid']; - $iflist[$vipif] = $vip['subnet']; - break; + case "carp": + case "carpdev-dhcp": + $vipif = "{$vip['interface']}_vip{$vip['vhid']}"; + $iflist[$vipif] = $vip['subnet']; + break; } } } diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index 6caffe4..921ce08 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -55,7 +55,7 @@ function backup_vip_config_section() { $temp = array(); $temp['vip'] = array(); foreach($config['virtualip']['vip'] as $section) { - if(($section['mode'] == "proxyarp" || $section['mode'] == "ipalias") && substr($section['interface'],0,3) != "vip") + if(($section['mode'] == "proxyarp" || $section['mode'] == "ipalias") && !strstr($section['interface'], "_vip") continue; if($section['advskew'] <> "") { $section_val = intval($section['advskew']); diff --git a/usr/local/www/carp_status.php b/usr/local/www/carp_status.php index 9058c38..f8fb7c3 100755 --- a/usr/local/www/carp_status.php +++ b/usr/local/www/carp_status.php @@ -84,7 +84,7 @@ if($_POST['disablecarp'] <> "") { sleep(1); break; case "ipalias": - if (substr($vip['interface'], 0, 3) == "vip") + if (strstr($vip['interface'], "_vip")) interface_ipalias_configure($vip); break; } @@ -159,7 +159,7 @@ include("head.inc"); $vhid = $carp['vhid']; $advskew = $carp['advskew']; $advbase = $carp['advbase']; - $carp_int = "vip{$vhid}"; + $carp_int = "{$carp['interface']}_vip{$vhid}"; $status = get_carp_interface_status($carp_int); echo "<tr>"; $align = "valign='middle'"; diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index 620c249..247fe90 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -118,7 +118,7 @@ if ($_GET['act'] == "del") { $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by CARP") . " {$vip['descr']}."; } } else if ($a_vip[$_GET['id']]['mode'] == "carp") { - $vipiface = "vip{$a_vip[$_GET['id']]['vhid']}"; + $vipiface = "{$a_vip[$_GET['id']]['interface']}_vip{$a_vip[$_GET['id']]['vhid']}"; foreach ($a_vip as $vip) { if ($vipiface == $vip['interface'] && $vip['mode'] == "ipalias") $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by ip alias entry") . " {$vip['descr']}."; diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index 3218001..58d30b2 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -146,11 +146,11 @@ if ($_POST) { /* verify against reusage of vhids */ $idtracker = 0; foreach($config['virtualip']['vip'] as $vip) { - if($vip['vhid'] == $_POST['vhid'] and $idtracker <> $id) - $input_errors[] = sprintf(gettext("VHID %s is already in use. Pick a unique number."),$_POST['vhid']); + if($vip['vhid'] == $_POST['vhid'] && $vip['interface'] == $_POST['interface'] && $idtracker <> $id) + $input_errors[] = sprintf(gettext("VHID %s is already in use on interface %s. Pick a unique number on this interface."),$_POST['vhid'], convert_friendly_interface_to_friendly_descr($_POST['interface'])); $idtracker++; } - if($_POST['password'] == "") + if (empty($_POST['password'])) $input_errors[] = gettext("You must specify a CARP password that is shared between the two VHID members."); if(is_ipaddrv4($_POST['subnet'])) { @@ -170,11 +170,11 @@ if ($_POST) { $input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."),$cannot_find); } } - if (substr($_POST['interface'], 0, 3) == "vip") + if (strstr($_POST['interface'], "_vip")) $input_errors[] = gettext("For this type of vip a carp parent is not allowed."); break; case "ipalias": - if (substr($_POST['interface'], 0, 3) == "vip") { + if (strstr($_POST['interface'], "_vip")) { $parent_ip = get_interface_ip($_POST['interface']); $parent_sn = get_interface_subnet($_POST['interface']); if (!ip_in_subnet($_POST['subnet'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['interface'], $_POST['subnet'])) { @@ -184,28 +184,12 @@ if ($_POST) { } break; default: - if (substr($_POST['interface'], 0, 3) == "vip") + if (strstr($_POST['interface'], "_vip")) $input_errors[] = gettext("For this type of VIP, a CARP parent is not allowed."); break; } - /* XXX: Seems this code is to draconian and without a real usefulness. Leaving commented out for now and remove later on */ - if (0 && isset($id) && ($a_vip[$id])) { - if ($a_vip[$id]['mode'] != $_POST['mode']) { - $bringdown = false; - if ($a_vip[$id]['mode'] == "proxyarp") { - $vipiface = $a_vip[$id]['interface']; - foreach ($a_vip as $vip) { - if ($vip['interface'] == $vipiface && $vip['mode'] == "carp") { - if (ip_in_subnet($vip['subnet'], gen_subnet($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']) . "/" . $a_vip[$id]['subnet_bits'])) - $input_errors[] = gettext("This entry cannot be modified because it is still referenced by CARP") . " {$vip['descr']}."; - } - } - } - } - } - if (!$input_errors) { $vipent = array(); diff --git a/usr/local/www/widgets/widgets/carp_status.widget.php b/usr/local/www/widgets/widgets/carp_status.widget.php index 849a924..9f29cb3 100644 --- a/usr/local/www/widgets/widgets/carp_status.widget.php +++ b/usr/local/www/widgets/widgets/carp_status.widget.php @@ -49,7 +49,7 @@ $carp_enabled = get_carp_status(); $netmask = $carp['subnet_bits']; $vhid = $carp['vhid']; $advskew = $carp['advskew']; - $carp_int = "vip{$vhid}"; + $carp_int = "{$carp['interface']}_vip{$vhid}"; $status = get_carp_interface_status($carp_int); ?> <tr> diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index 1554e70..88138ea 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -182,13 +182,13 @@ function restore_config_section_xmlrpc($raw_params) { $vipbackup = array(); $oldvips = array(); if (isset($params[0]['virtualip'])) { - if(is_array($config['virtualip']['vip'])) { + if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $vipindex => $vip) { if ($vip['mode'] == "carp") - $oldvips[$vip['vhid']] = "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}"; - else if ($vip['mode'] == "ipalias" && substr($vip['interface'], 0, 3) == "vip") + $oldvips["{$vip['interface']}_vip{$vip['vhid']}"] = "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}"; + else if ($vip['mode'] == "ipalias" && strstr($vip['interface'], "_vip")) $oldvips[$vip['subnet']] = "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}"; - else if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && substr($vip['interface'], 0, 3) != "vip") + else if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && !strstr($vip['interface'], "_vip")) $vipbackup[] = $vip; } } @@ -219,15 +219,15 @@ function restore_config_section_xmlrpc($raw_params) { $carp_setuped = false; $anyproxyarp = false; foreach ($config['virtualip']['vip'] as $vip) { - if ($vip['mode'] == "carp" && isset($oldvips[$vip['vhid']])) { - if ($oldvips[$vip['vhid']] == "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}") { + if ($vip['mode'] == "carp" && isset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"])) { + if ($oldvips["{$vip['interface']}_vip{$vip['vhid']}"] == "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}") { if (does_vip_exist($vip)) { - unset($oldvips[$vip['vhid']]); + unset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"]); continue; // Skip reconfiguring this vips since nothing has changed. } } - unset($oldvips[$vip['vhid']]); - } else if ($vip['mode'] == "ipalias" && substr($vip['interface'], 0, 3) == "vip" && isset($oldvips[$vip['subnet']])) { + unset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"]); + } else if ($vip['mode'] == "ipalias" && strstr($vip['interface'], "_vip") && isset($oldvips[$vip['subnet']])) { if ($oldvips[$vip['subnet']] = "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}") { if (does_vip_exist($vip)) { unset($oldvips[$vip['subnet']]); @@ -256,8 +256,8 @@ function restore_config_section_xmlrpc($raw_params) { } /* Cleanup remaining old carps */ foreach ($oldvips as $oldvipif => $oldvippar) { - if (!is_ipaddr($oldvipif) && does_interface_exist("vip{$oldvipif}")) - pfSense_interface_destroy("vip{$oldvipif}"); + if (!is_ipaddr($oldvipif) && does_interface_exist($oldvipif)) + pfSense_interface_destroy($oldvipif); } if ($carp_setuped == true) interfaces_carp_setup(); |
