diff options
author | Ermal <eri@pfsense.org> | 2010-08-26 16:37:38 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2010-08-26 16:38:12 +0000 |
commit | e19b7d1ea849f40f1de194cadeefb3c289812442 (patch) | |
tree | 3cca6a4f1865575e039bb63c63a1084c8ff6486a /etc/inc/interfaces.inc | |
parent | 1bd4b4dcd97c2c77aa8900e3113d5050d44af469 (diff) | |
download | pfsense-e19b7d1ea849f40f1de194cadeefb3c289812442.zip pfsense-e19b7d1ea849f40f1de194cadeefb3c289812442.tar.gz |
Allow carp interfaces to sit on top of aliases. Also add safety belts to ipalias deletion for this to avoid breakage. Trigered-by: http://forum.pfsense.org/index.php/topic,27834.0.html
Diffstat (limited to 'etc/inc/interfaces.inc')
-rw-r--r-- | etc/inc/interfaces.inc | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index ab917fd..8259fec 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1689,7 +1689,7 @@ function interface_carp_configure(&$vip) { /* Ensure CARP IP really exists prior to loading up. */ $ww_subnet_ip = find_interface_ip($realif); $ww_subnet_bits = find_interface_subnet($realif); - if (!ip_in_subnet($vip['subnet'], gen_subnet($ww_subnet_ip, $ww_subnet_bits) . "/" . $ww_subnet_bits)) { + if (!ip_in_subnet($vip['subnet'], gen_subnet($ww_subnet_ip, $ww_subnet_bits) . "/" . $ww_subnet_bits) && !ip_in_interface_alias_subnet($vip['interface'], $vip['subnet'])) { file_notice("CARP", "Sorry but we could not find a matching real interface subnet for the virtual IP address {$vip['subnet']}.", "Firewall: Virtual IP", ""); return; } @@ -3100,6 +3100,25 @@ function find_interface_subnet($interface, $flush = false) return $interface_sn_arr_cache[$interface]; } +function ip_in_interface_alias_subnet($interface, $ipalias) { + global $config; + + if (empty($interface) || !is_ipaddr($ipalias)) + return 0; + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $vip) { + switch ($vip['mode']) { + case "ipalias": + if ($vip['interface'] <> $interface) + continue; + if (ip_in_subnet($ipalias, gen_subnet($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'])) + return 1; + break; + } + } + } +} + function get_interface_ip($interface = "wan") { $realif = get_real_interface($interface); |