diff options
author | Ermal Luçi <eri@pfsense.org> | 2009-05-22 16:51:12 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2009-05-22 16:51:12 +0000 |
commit | 6e8f7b537d780261e4054aee58a8d8f34f42b34b (patch) | |
tree | 8c3401ea8d4c28ad9c969364c2c8be491ae59ada /etc/rc.filter_synchronize | |
parent | 3cfb799dffd7a0443ba6307256f953e408baabfc (diff) | |
download | pfsense-6e8f7b537d780261e4054aee58a8d8f34f42b34b.zip pfsense-6e8f7b537d780261e4054aee58a8d8f34f42b34b.tar.gz |
Move Sync of config from filter.inc filter_reload to write_config and all the code in a new file rc.filter_synchronize. The later is called by check_reload_status with the tmp/filter_sync action triggered with carp_sync_client() function. This solves the excessive syncing of configs on not needed cases and speedups the filter_configure_sync!
Diffstat (limited to 'etc/rc.filter_synchronize')
-rw-r--r-- | etc/rc.filter_synchronize | 214 |
1 files changed, 214 insertions, 0 deletions
diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize new file mode 100644 index 0000000..74acb3c --- /dev/null +++ b/etc/rc.filter_synchronize @@ -0,0 +1,214 @@ +#!/usr/local/bin/php -f +<?php +/* + filter.inc + Copyright (C) 2004-2006 Scott Ullrich + Copyright (C) 2005 Bill Marquette + Copyright (C) 2006 Peter Allgeyer + Copyright (C) 2008 Ermal Luci + All rights reserved. + + originally part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + +/* Globals.inc and util.inc is included by config.inc */ +require_once("config.inc"); +require_once("xmlrpc.inc"); + +function remove_special_characters($string) { + $match_array = ""; + preg_match_all("/[a-zA-Z0-9\_\-]+/",$string,$match_array); + $string = ""; + foreach ($match_array[0] as $ma) { + if ($string <> "") + $string .= " "; + $string .= $ma; + } + return $string; +} + +function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') { + global $config, $g; + + if($g['booting']) + return; + + update_filter_reload_status("Syncing CARP data to {$url}"); + + /* make a copy of config */ + $config_copy = $config; + + /* strip out nosync items */ + if (is_array($config_copy['nat']['advancedoutbound']['rule'])) + for ($x = 0; $x < count($config_copy['nat']['advancedoutbound']['rule']); $x++) { + if (isset ($config_copy['nat']['advancedoutbound']['rule'][$x]['nosync'])) + unset ($config_copy['nat']['advancedoutbound']['rule'][$x]); + $config_copy['nat']['advancedoutbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['advancedoutbound']['rule'][$x]['descr']); + } + if (is_array($config_copy['nat']['rule'])) + for ($x = 0; $x < count($config_copy['nat']['rule']); $x++) { + if (isset ($config_copy['nat']['rule'][$x]['nosync'])) + unset ($config_copy['nat']['rule'][$x]); + $config_copy['nat']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['rule'][$x]['descr']); + } + if (is_array($config_copy['filter']['rule'])) + for ($x = 0; $x < count($config_copy['filter']['rule']); $x++) { + if (isset ($config_copy['filter']['rule'][$x]['nosync'])) + unset ($config_copy['filter']['rule'][$x]); + $config_copy['filter']['rule'][$x]['descr'] = remove_special_characters($config_copy['filter']['rule'][$x]['descr']); + } + if (is_array($config_copy['aliases']['alias'])) + for ($x = 0; $x < count($config_copy['aliases']['alias']); $x++) { + if (isset ($config_copy['aliases']['alias'][$x]['nosync'])) + unset ($config_copy['aliases']['alias'][$x]); + $config_copy['aliases']['alias'][$x]['descr'] = remove_special_characters($config_copy['aliases']['alias'][$x]['descr']); + } + if (is_array($config_copy['dnsmasq']['hosts'])) + for ($x = 0; $x < count($config_copy['dnsmasq']['hosts']); $x++) { + if (isset ($config_copy['dnsmasq']['hosts'][$x]['nosync'])) + unset ($config_copy['dnsmasq']['hosts'][$x]); + $config_copy['dnsmasq']['hosts'][$x]['descr'] = remove_special_characters($config_copy['dnsmasq']['hosts'][$x]['descr']); + } + if (is_array($config_copy['virtualip']['vip'])) + for ($x = 0; $x < count($config_copy['virtualip']['vip']); $x++) { + if (isset ($config_copy['virtualip']['vip'][$x]['nosync']) or $config_copy['virtualip']['vip'][$x]['mode'] == "proxyarp") + unset ($config_copy['virtualip']['vip'][$x]); + $config_copy['virtualip']['vip'][$x]['descr'] = remove_special_characters($config_copy['virtualip']['vip'][$x]['descr']); + } + if (is_array($config_copy['ipsec']['tunnel'])) + for ($x = 0; $x < count($config_copy['ipsec']['tunnel']); $x++) { + if (isset ($config_copy['ipsec']['tunnel'][$x]['nosync'])) + unset ($config_copy['ipsec']['tunnel'][$x]); + $config_copy['ipsec']['tunnel'][$x]['descr'] = remove_special_characters($config_copy['ipsec']['tunnel'][$x]['descr']); + } + + foreach ($sections as $section) { + /* we can't use array_intersect_key() + * due to the vip 'special case' + */ + if ($section != 'virtualip') + $xml[$section] = $config_copy[$section]; + else + $xml[$section] = backup_vip_config_section(); + } + + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($xml) + ); + + $numberofruns = 0; + while ($numberofruns < 2) { + log_error("Beginning XMLRPC sync to {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $username = $config['system']['user'][0]['name']; + $cli->setCredentials($username, $password); + if($numberofruns == 1) + $cli->setDebug(1); + /* send our XMLRPC message and timeout after 240 seconds */ + $resp = $cli->send($msg, "240"); + if(!$resp) { + $error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}."; + log_error($error); + file_notice("sync_settings", $error, "Settings Sync", ""); + } elseif($resp->faultCode()) { + $error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "Settings Sync", ""); + } else { + log_error("XMLRPC sync successfully completed with {$url}:{$port}."); + $numberofruns = 3; + } + $numberofruns++; + } +} + +if ($g['booting']) + return; + +update_filter_reload_status("Building CARP sync information"); +if (is_array($config['installedpackages']['carpsettings']['config'])) { + foreach($config['installedpackages']['carpsettings']['config'] as $carp) { + if ($carp['synchronizetoip'] != "" ) { + /* + * XXX: The way we're finding the port right now is really suboptimal - + * we can't assume that the other machine is setup identically. + */ + if ($config['system']['webgui']['protocol'] != "") { + $synchronizetoip = $config['system']['webgui']['protocol']; + $synchronizetoip .= "://"; + } + $port = $config['system']['webgui']['port']; + /* if port is empty lets rely on the protocol selection */ + if ($port == "") { + if ($config['system']['webgui']['protocol'] == "http") + $port = "80"; + else + $port = "443"; + } + $synchronizetoip .= $carp['synchronizetoip']; + if ($carp['synchronizerules'] != "" and is_array($config['filter'])) + $sections[] = 'filter'; + if ($carp['synchronizenat'] != "" and is_array($config['nat'])) + $sections[] = 'nat'; + if ($carp['synchronizealiases'] != "" and is_array($config['aliases'])) + $sections[] = 'aliases'; + if ($carp['synchronizedhcpd'] != "" and is_array($config['dhcpd'])) + $sections[] = 'dhcpd'; + if ($carp['synchronizewol'] != "" and is_array($config['wol'])) + $sections[] = 'wol'; + if ($carp['synchronizetrafficshaper'] != "" and is_array($config['shaper'])) + $sections[] = 'shaper'; + if ($carp['synchronizestaticroutes'] != "" and is_array($config['staticroutes'])) + $sections[] = 'staticroutes'; + if ($carp['synchronizevirtualip'] != "" and is_array($config['virtualip'])) + $sections[] = 'virtualip'; + if ($carp['synchronizelb'] != "" and is_array($config['load_balancer'])) + $sections[] = 'load_balancer'; + if ($carp['synchronizeipsec'] != "" and is_array($config['ipsec'])) + $sections[] = 'ipsec'; + if ($carp['synchronizednsforwarder'] != "" and is_array($config['dnsmasq'])) + $sections[] = 'dnsmasq'; + if ($carp['synchronizeschedules'] != "" and is_array($config['schedules'])) + $sections[] = 'schedules'; + if (count($sections) > 0) { + update_filter_reload_status("Signaling CARP reload signal..."); + carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port); + $cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port); + $msg = new XML_RPC_Message('pfsense.filter_configure', array(new XML_RPC_Value($carp['password'], 'string'))); + $username = $config['system']['user'][0]['name']; + $cli->setCredentials($username, $carp['password']); + $cli->send($msg, "900"); + /* signal a carp reload */ + $msg = new XML_RPC_Message('pfsense.interfaces_carp_configure'); + $cli->send($msg, "900"); + } + } + } +} +?> |