summaryrefslogtreecommitdiffstats
path: root/etc/rc.filter_synchronize
diff options
context:
space:
mode:
authorErmal Luçi <eri@pfsense.org>2009-05-22 16:51:12 +0000
committerErmal Luçi <eri@pfsense.org>2009-05-22 16:51:12 +0000
commit6e8f7b537d780261e4054aee58a8d8f34f42b34b (patch)
tree8c3401ea8d4c28ad9c969364c2c8be491ae59ada /etc/rc.filter_synchronize
parent3cfb799dffd7a0443ba6307256f953e408baabfc (diff)
downloadpfsense-6e8f7b537d780261e4054aee58a8d8f34f42b34b.zip
pfsense-6e8f7b537d780261e4054aee58a8d8f34f42b34b.tar.gz
Move Sync of config from filter.inc filter_reload to write_config and all the code in a new file rc.filter_synchronize. The later is called by check_reload_status with the tmp/filter_sync action triggered with carp_sync_client() function. This solves the excessive syncing of configs on not needed cases and speedups the filter_configure_sync!
Diffstat (limited to 'etc/rc.filter_synchronize')
-rw-r--r--etc/rc.filter_synchronize214
1 files changed, 214 insertions, 0 deletions
diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize
new file mode 100644
index 0000000..74acb3c
--- /dev/null
+++ b/etc/rc.filter_synchronize
@@ -0,0 +1,214 @@
+#!/usr/local/bin/php -f
+<?php
+/*
+ filter.inc
+ Copyright (C) 2004-2006 Scott Ullrich
+ Copyright (C) 2005 Bill Marquette
+ Copyright (C) 2006 Peter Allgeyer
+ Copyright (C) 2008 Ermal Luci
+ All rights reserved.
+
+ originally part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+/* Globals.inc and util.inc is included by config.inc */
+require_once("config.inc");
+require_once("xmlrpc.inc");
+
+function remove_special_characters($string) {
+ $match_array = "";
+ preg_match_all("/[a-zA-Z0-9\_\-]+/",$string,$match_array);
+ $string = "";
+ foreach ($match_array[0] as $ma) {
+ if ($string <> "")
+ $string .= " ";
+ $string .= $ma;
+ }
+ return $string;
+}
+
+function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') {
+ global $config, $g;
+
+ if($g['booting'])
+ return;
+
+ update_filter_reload_status("Syncing CARP data to {$url}");
+
+ /* make a copy of config */
+ $config_copy = $config;
+
+ /* strip out nosync items */
+ if (is_array($config_copy['nat']['advancedoutbound']['rule']))
+ for ($x = 0; $x < count($config_copy['nat']['advancedoutbound']['rule']); $x++) {
+ if (isset ($config_copy['nat']['advancedoutbound']['rule'][$x]['nosync']))
+ unset ($config_copy['nat']['advancedoutbound']['rule'][$x]);
+ $config_copy['nat']['advancedoutbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['advancedoutbound']['rule'][$x]['descr']);
+ }
+ if (is_array($config_copy['nat']['rule']))
+ for ($x = 0; $x < count($config_copy['nat']['rule']); $x++) {
+ if (isset ($config_copy['nat']['rule'][$x]['nosync']))
+ unset ($config_copy['nat']['rule'][$x]);
+ $config_copy['nat']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['rule'][$x]['descr']);
+ }
+ if (is_array($config_copy['filter']['rule']))
+ for ($x = 0; $x < count($config_copy['filter']['rule']); $x++) {
+ if (isset ($config_copy['filter']['rule'][$x]['nosync']))
+ unset ($config_copy['filter']['rule'][$x]);
+ $config_copy['filter']['rule'][$x]['descr'] = remove_special_characters($config_copy['filter']['rule'][$x]['descr']);
+ }
+ if (is_array($config_copy['aliases']['alias']))
+ for ($x = 0; $x < count($config_copy['aliases']['alias']); $x++) {
+ if (isset ($config_copy['aliases']['alias'][$x]['nosync']))
+ unset ($config_copy['aliases']['alias'][$x]);
+ $config_copy['aliases']['alias'][$x]['descr'] = remove_special_characters($config_copy['aliases']['alias'][$x]['descr']);
+ }
+ if (is_array($config_copy['dnsmasq']['hosts']))
+ for ($x = 0; $x < count($config_copy['dnsmasq']['hosts']); $x++) {
+ if (isset ($config_copy['dnsmasq']['hosts'][$x]['nosync']))
+ unset ($config_copy['dnsmasq']['hosts'][$x]);
+ $config_copy['dnsmasq']['hosts'][$x]['descr'] = remove_special_characters($config_copy['dnsmasq']['hosts'][$x]['descr']);
+ }
+ if (is_array($config_copy['virtualip']['vip']))
+ for ($x = 0; $x < count($config_copy['virtualip']['vip']); $x++) {
+ if (isset ($config_copy['virtualip']['vip'][$x]['nosync']) or $config_copy['virtualip']['vip'][$x]['mode'] == "proxyarp")
+ unset ($config_copy['virtualip']['vip'][$x]);
+ $config_copy['virtualip']['vip'][$x]['descr'] = remove_special_characters($config_copy['virtualip']['vip'][$x]['descr']);
+ }
+ if (is_array($config_copy['ipsec']['tunnel']))
+ for ($x = 0; $x < count($config_copy['ipsec']['tunnel']); $x++) {
+ if (isset ($config_copy['ipsec']['tunnel'][$x]['nosync']))
+ unset ($config_copy['ipsec']['tunnel'][$x]);
+ $config_copy['ipsec']['tunnel'][$x]['descr'] = remove_special_characters($config_copy['ipsec']['tunnel'][$x]['descr']);
+ }
+
+ foreach ($sections as $section) {
+ /* we can't use array_intersect_key()
+ * due to the vip 'special case'
+ */
+ if ($section != 'virtualip')
+ $xml[$section] = $config_copy[$section];
+ else
+ $xml[$section] = backup_vip_config_section();
+ }
+
+ $params = array(
+ XML_RPC_encode($password),
+ XML_RPC_encode($xml)
+ );
+
+ $numberofruns = 0;
+ while ($numberofruns < 2) {
+ log_error("Beginning XMLRPC sync to {$url}:{$port}.");
+ $msg = new XML_RPC_Message($method, $params);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+ $username = $config['system']['user'][0]['name'];
+ $cli->setCredentials($username, $password);
+ if($numberofruns == 1)
+ $cli->setDebug(1);
+ /* send our XMLRPC message and timeout after 240 seconds */
+ $resp = $cli->send($msg, "240");
+ if(!$resp) {
+ $error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}.";
+ log_error($error);
+ file_notice("sync_settings", $error, "Settings Sync", "");
+ } elseif($resp->faultCode()) {
+ $error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error($error);
+ file_notice("sync_settings", $error, "Settings Sync", "");
+ } else {
+ log_error("XMLRPC sync successfully completed with {$url}:{$port}.");
+ $numberofruns = 3;
+ }
+ $numberofruns++;
+ }
+}
+
+if ($g['booting'])
+ return;
+
+update_filter_reload_status("Building CARP sync information");
+if (is_array($config['installedpackages']['carpsettings']['config'])) {
+ foreach($config['installedpackages']['carpsettings']['config'] as $carp) {
+ if ($carp['synchronizetoip'] != "" ) {
+ /*
+ * XXX: The way we're finding the port right now is really suboptimal -
+ * we can't assume that the other machine is setup identically.
+ */
+ if ($config['system']['webgui']['protocol'] != "") {
+ $synchronizetoip = $config['system']['webgui']['protocol'];
+ $synchronizetoip .= "://";
+ }
+ $port = $config['system']['webgui']['port'];
+ /* if port is empty lets rely on the protocol selection */
+ if ($port == "") {
+ if ($config['system']['webgui']['protocol'] == "http")
+ $port = "80";
+ else
+ $port = "443";
+ }
+ $synchronizetoip .= $carp['synchronizetoip'];
+ if ($carp['synchronizerules'] != "" and is_array($config['filter']))
+ $sections[] = 'filter';
+ if ($carp['synchronizenat'] != "" and is_array($config['nat']))
+ $sections[] = 'nat';
+ if ($carp['synchronizealiases'] != "" and is_array($config['aliases']))
+ $sections[] = 'aliases';
+ if ($carp['synchronizedhcpd'] != "" and is_array($config['dhcpd']))
+ $sections[] = 'dhcpd';
+ if ($carp['synchronizewol'] != "" and is_array($config['wol']))
+ $sections[] = 'wol';
+ if ($carp['synchronizetrafficshaper'] != "" and is_array($config['shaper']))
+ $sections[] = 'shaper';
+ if ($carp['synchronizestaticroutes'] != "" and is_array($config['staticroutes']))
+ $sections[] = 'staticroutes';
+ if ($carp['synchronizevirtualip'] != "" and is_array($config['virtualip']))
+ $sections[] = 'virtualip';
+ if ($carp['synchronizelb'] != "" and is_array($config['load_balancer']))
+ $sections[] = 'load_balancer';
+ if ($carp['synchronizeipsec'] != "" and is_array($config['ipsec']))
+ $sections[] = 'ipsec';
+ if ($carp['synchronizednsforwarder'] != "" and is_array($config['dnsmasq']))
+ $sections[] = 'dnsmasq';
+ if ($carp['synchronizeschedules'] != "" and is_array($config['schedules']))
+ $sections[] = 'schedules';
+ if (count($sections) > 0) {
+ update_filter_reload_status("Signaling CARP reload signal...");
+ carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port);
+ $msg = new XML_RPC_Message('pfsense.filter_configure', array(new XML_RPC_Value($carp['password'], 'string')));
+ $username = $config['system']['user'][0]['name'];
+ $cli->setCredentials($username, $carp['password']);
+ $cli->send($msg, "900");
+ /* signal a carp reload */
+ $msg = new XML_RPC_Message('pfsense.interfaces_carp_configure');
+ $cli->send($msg, "900");
+ }
+ }
+ }
+}
+?>
OpenPOWER on IntegriCloud