diff options
author | Bill Marquette <billm@pfsense.org> | 2005-07-13 03:09:18 +0000 |
---|---|---|
committer | Bill Marquette <billm@pfsense.org> | 2005-07-13 03:09:18 +0000 |
commit | 1425e067d6db9b41eafe67070742e3b466178053 (patch) | |
tree | c6996ad986ab75ecba8c3f1eb815134202bba875 /etc/inc | |
parent | aca8110ae9f52c81bc88e762fbaf9cb8f2d8d2ca (diff) | |
download | pfsense-1425e067d6db9b41eafe67070742e3b466178053.zip pfsense-1425e067d6db9b41eafe67070742e3b466178053.tar.gz |
Merge in virtual IP code
This changeset does the following:
merges proxy arp and carp setup menus
removes proxy arp menu from left side
upgrades config file from 1.7 to 1.8
moves existing carp virtual IP and proxy arp config to new <virtualip> tag
removes server NAT (why duplicate work?)
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/config.inc | 48 | ||||
-rw-r--r-- | etc/inc/globals.inc | 2 | ||||
-rw-r--r-- | etc/inc/interfaces.inc | 87 | ||||
-rw-r--r-- | etc/inc/services.inc | 26 | ||||
-rw-r--r-- | etc/inc/xmlparse.inc | 3 |
5 files changed, 111 insertions, 55 deletions
diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 940d779..e802a93 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -600,6 +600,54 @@ function convert_config() { $config['shaper']['enable'] = FALSE; $config['version'] = "1.7"; } + /* Convert 1.7 -> 1.8 */ + if ($config['version'] == "1.7") { + if(isset($config['proxyarp']) && is_array($config['proxyarp']['proxyarpnet'])) { + $proxyarp = &$config['proxyarp']['proxyarpnet']; + foreach($proxyarp as $arpent){ + $vip = array(); + $vip['mode'] = "proxyarp"; + $vip['interface'] = $arpent['interface']; + $vip['descr'] = $arpent['descr']; + if (isset($arpent['range'])) { + $vip['range'] = $arpent['range']; + $vip['type'] = "range"; + } else { + $subnet = explode('/', $arpent['network']); + $vip['subnet'] = $subnet[0]; + if (isset($subnet[1])) { + $vip['subnet_bits'] = $subnet[1]; + $vip['type'] = "network"; + } else { + $vip['subnet_bits'] = "32"; + $vip['type'] = "single"; + } + } + $config['virtualip']['vip'][] = $vip; + } + unset($config['proxyarp']); + } + if(isset($config['installedpackages']) && isset($config['installedpackages']['carp']) && is_array($config['installedpackages']['carp']['config'])) { + $carp = &$config['installedpackages']['carp']['config']; + foreach($carp as $carpent){ + $vip = array(); + $vip['mode'] = "carp"; + $vip['interface'] = "AUTO"; + $vip['descr'] = "CARP vhid {$carpent['vhid']}"; + $vip['type'] = "single"; + $vip['vhid'] = $carpent['vhid']; + $vip['advskew'] = $carpent['advskew']; + $vip['password'] = $carpent['password']; + $vip['subnet'] = $carpent['ipaddress']; + $vip['subnet_bits'] = "32"; + $config['virtualip']['vip'][] = $vip; + } + unset($config['installedpackages']['carp']); + } + + $config['version'] = "1.8"; + } + if ($prev_version != $config['version']) write_config("Upgraded config version level from {$prev_version} to {$config['version']}"); diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index cb43bf1..d0b9803 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -50,7 +50,7 @@ $g = array( "n_pptp_units" => 16, /* this value can be overriden in pptp->n_pptp_units */ "pptp_subnet" => 28, /* this value can be overriden in pptp->pptp_subnet */ "debug" => false, - "latest_config" => "1.7", + "latest_config" => "1.8", "nopkg_platforms" => array("cdrom"), "nopccard_platforms" => array("wrap", "net48xx"), "xmlrpcbaseurl" => "www.pfsense.com", diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 8d760df..0efdac6 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -254,49 +254,54 @@ function interfaces_carp_configure() { unlink_if_exists("/usr/local/pkg/pf/carp_rules.sh"); $carp_instances_counter = 0; $pfsync_instances_counter = 0; - if($config['installedpackages']['carpsettings']['config'] != "") { - foreach($config['installedpackages']['carpsettings']['config'] as $carp) - if($carp['pfsyncenabled'] != "") { - if($carp['premption'] != "") - mwexec("/sbin/sysctl net.inet.carp.preempt=1"); - if($carp['balancing'] != "") - mwexec("/sbin/sysctl net.inet.arpbalance=1"); - $carp_sync_int = convert_friendly_interface_to_real_interface_name($carp['pfsyncinterface']); - mwexec("/sbin/ifconfig pfsync0 create"); - mwexec("/sbin/ifconfig pfsync0 syncdev " . $carp_sync_int); - mwexec("/sbin/ifconfig pfsync0 syncif " . $carp_sync_int); - mwexec("/sbin/ifconfig {$carp_sync_int} up"); - mwexec("/sbin/ifconfig pfsync0 up"); - if($g['booting']) { - /* install rules to alllow pfsync to sync up during boot - * carp interfaces will remain down until the bootup sequence finishes - */ - exec("echo pass quick proto carp all keep state > /tmp/rules.boot"); - exec("echo pass quick proto pfsync all >> /tmp/rules.boot"); - exec("echo pass out proto { tcp, udp } from any to any port 53 keep state >> /tmp/rules.boot"); - exec("/sbin/pfctl -f /tmp/rules.boot"); + if (is_array($config['virtualip']['vip'])) { + if(is_array($config['installedpackages']['carpsettings']['config'])) { + foreach($config['installedpackages']['carpsettings']['config'] as $carp) + if($carp['pfsyncenabled'] != "") { + if($carp['premption'] != "") + mwexec("/sbin/sysctl net.inet.carp.preempt=1"); + if($carp['balancing'] != "") + mwexec("/sbin/sysctl net.inet.arpbalance=1"); + $carp_sync_int = convert_friendly_interface_to_real_interface_name($carp['pfsyncinterface']); + mwexec("/sbin/ifconfig pfsync0 create"); + mwexec("/sbin/ifconfig pfsync0 syncdev " . $carp_sync_int); + mwexec("/sbin/ifconfig pfsync0 syncif " . $carp_sync_int); + mwexec("/sbin/ifconfig {$carp_sync_int} up"); + mwexec("/sbin/ifconfig pfsync0 up"); + if($g['booting']) { + /* install rules to alllow pfsync to sync up during boot + * carp interfaces will remain down until the bootup sequence finishes + */ + exec("echo pass quick proto carp all keep state > /tmp/rules.boot"); + exec("echo pass quick proto pfsync all >> /tmp/rules.boot"); + exec("echo pass out proto { tcp, udp } from any to any port 53 keep state >> /tmp/rules.boot"); + exec("/sbin/pfctl -f /tmp/rules.boot"); + } + $pfsync_instances_counter++; } - $pfsync_instances_counter++; } - } - if($config['installedpackages']['carp']['config'] != "") { - foreach($config['installedpackages']['carp']['config'] as $carp) { - /* - * create the carp interface - */ - mwexec("/sbin/ifconfig carp" . $carp_instances_counter . " create"); - mwexec("/sbin/ifconfig carp" . $carp_instances_counter . " down"); - $broadcast_address = gen_subnet_max($carp['ipaddress'], $carp['netmask']); - if($carp['password'] != "") { - $password = " pass " . $carp['password']; - } - $carpdev = ""; - if($carp['interface'] <> "AUTO" and $carp['interface'] <> "") { - $ci = filter_opt_interface_to_real($carp['interface']); - $carpdev = " carpdev {$ci} "; + $viparr = &$config['virtualip']['vip']; + foreach ($viparr as $vip) { + if ($vip['mode'] == "carp") { + /* + * create the carp interface + */ + mwexec("/sbin/ifconfig carp" . $carp_instances_counter . " create"); + mwexec("/sbin/ifconfig carp" . $carp_instances_counter . " down"); + $broadcast_address = gen_subnet_max($vip['subnet'], $vip['subnet_bits']); + if($vip['password'] != "") { + $password = " pass " . $vip['password']; + } + /* XXX: billm - carpdev not in our build? + $carpdev = ""; + if(isset($vip['interface']) && ($vip['interface'] != "AUTO" && $vip['interface'] != "")) { + $ci = filter_opt_interface_to_real($vip['interface']); + $carpdev = " carpdev {$ci} "; + } + */ + mwexec("/sbin/ifconfig carp" . $carp_instances_counter . " " . $vip['subnet'] . "/" . $vip['subnet_bits'] . " broadcast " . $broadcast_address . " vhid " . $vip['vhid'] . "{$carpdev} advskew " . $vip['advskew'] . $password); + $carp_instances_counter++; } - mwexec("/sbin/ifconfig carp" . $carp_instances_counter . " " . $carp['ipaddress'] . "/" . $carp['netmask'] . " broadcast " . $broadcast_address . " vhid " . $carp['vhid'] . "{$carpdev} advskew " . $carp['advskew'] . $password); - $carp_instances_counter++; } } unmute_kernel_msgs(); @@ -903,4 +908,4 @@ function get_current_wan_address() { } } -?>
\ No newline at end of file +?> diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 45a61b8..4d45c5c 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -557,23 +557,25 @@ function services_proxyarp_configure() { /* kill any running choparp */ killbyname("choparp"); - if (is_array($config['proxyarp']) && count($config['proxyarp'])) { - + if (isset($config['virtualip']) && is_array($config['virtualip']['vip'])) { $paa = array(); /* group by interface */ - foreach ($config['proxyarp']['proxyarpnet'] as $paent) { - if ($paent['interface']) - $if = $paent['interface']; - else - $if = "wan"; + foreach ($config['virtualip']['vip'] as $vipent) { + if ($vipent['mode'] === "proxyarp") { + if ($vipent['interface']) + $if = $vipent['interface']; + else + $if = "wan"; - if (!is_array($paa[$if])) - $paa[$if] = array(); + if (!is_array($paa[$if])) + $paa[$if] = array(); - $paa[$if][] = $paent; + $paa[$if][] = $vipent; + } } + if (count($paa)) foreach ($paa as $paif => $paents) { if ($paif == "wan" && !(is_ipaddr($config['interfaces']['wan']['ipaddr']) || ($config['interfaces']['wan']['ipaddr'] == "dhcp") || @@ -584,8 +586,8 @@ function services_proxyarp_configure() { foreach ($paents as $paent) { - if (isset($paent['network'])) - $args .= " " . escapeshellarg($paent['network']); + if (isset($paent['subnet'])) + $args .= " " . escapeshellarg("{$paent['subnet']}/{$paent['subnet_bits']}"); else if (isset($paent['range'])) $args .= " " . escapeshellarg($paent['range']['from'] . "-" . $paent['range']['to']); diff --git a/etc/inc/xmlparse.inc b/etc/inc/xmlparse.inc index 9d0e7ce..bb16495 100644 --- a/etc/inc/xmlparse.inc +++ b/etc/inc/xmlparse.inc @@ -35,7 +35,8 @@ function listtags() { $ret = explode(" ", "cacert row config package columnitem option item fieldname field rule user key subqueue " . "dnsserver winsserver encryption-algorithm-option hash-algorithm-option hosts tunnel " . "onetoone staticmap route alias queue shellcmd earlyshellcmd mobilekey " . - "service servernat proxyarpnet passthrumac allowedip wolentry vlan menu domainoverrides"); + "service servernat proxyarpnet passthrumac allowedip wolentry vlan menu domainoverrides " . + "vip"); return $ret; } |