diff options
author | jim-p <jimp@pfsense.org> | 2013-08-15 13:45:09 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2013-08-15 13:51:52 -0400 |
commit | b8131408db568b67c42a70490b0b2ec1bda84c13 (patch) | |
tree | 319e8450d159e9d5a21990ac229cbe83148b2a97 /etc | |
parent | 1702a838194d2f4ffaa99359f888a42b0832472a (diff) | |
download | pfsense-b8131408db568b67c42a70490b0b2ec1bda84c13.zip pfsense-b8131408db568b67c42a70490b0b2ec1bda84c13.tar.gz |
When renaming or deleting a virtual server, clean up the old relayd anchor name. Otherwise the rules are still there and valid, and will cause problems as they will override the new VS settings. Also clear out the anchors when stopping relayd or starting fresh that way no old settings could conflict.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/vslb.inc | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/etc/inc/vslb.inc b/etc/inc/vslb.inc index 8620a1d..f2bf532 100644 --- a/etc/inc/vslb.inc +++ b/etc/inc/vslb.inc @@ -365,6 +365,8 @@ function relayd_configure($kill_first=false) { if (! empty($vs_a)) { if ($kill_first) { mwexec('pkill relayd'); + /* Remove all active relayd anchors now that relayd is no longer running. */ + cleanup_lb_anchor("*"); mwexec("/usr/local/sbin/relayd -f {$g['varetc_path']}/relayd.conf"); } else { // it's running and there is a config, just reload @@ -379,10 +381,14 @@ function relayd_configure($kill_first=false) { * returns "command failed" */ mwexec('pkill relayd'); + /* Remove all active relayd anchors now that relayd is no longer running. */ + cleanup_lb_anchor("*"); } } else { if (! empty($vs_a)) { // not running and there is a config, start it + /* Remove all active relayd anchors so it can start fresh. */ + cleanup_lb_anchor("*"); mwexec("/usr/local/sbin/relayd -f {$g['varetc_path']}/relayd.conf"); } } @@ -482,4 +488,73 @@ function get_lb_summary() { return $relay_hosts; } +/* Get a list of all relayd virtual server anchors */ +function get_lb_anchors() { + /* NOTE: These names come back prepended with "relayd/" e.g. "relayd/MyVSName" */ + return explode("\n", trim(`/sbin/pfctl -sA -a relayd | /usr/bin/awk '{print $1;}'`)); +} + +/* Remove NAT rules from a relayd anchor that is no longer in use. + $anchorname can either be * to clear all anchors or a specific anchor name.*/ +function cleanup_lb_anchor($anchorname = "*") { + $lbanchors = get_lb_anchors(); + foreach ($lbanchors as $lba) { + if (($anchorname == "*") || ($lba == "relayd/{$anchorname}")) { + /* Flush both the NAT and the Table for the anchor, so it will be completely removed by pf. */ + mwexec("/sbin/pfctl -a " . escapeshellarg($lba) . " -F nat"); + mwexec("/sbin/pfctl -a " . escapeshellarg($lba) . " -F Tables"); + } + } +} + +/* Mark an anchor for later cleanup. This will allow us to remove an old VS name */ +function cleanup_lb_mark_anchor($name) { + global $g; + /* Nothing to do! */ + if (empty($name)) + return; + $filename = "{$g['tmp_path']}/relayd_anchors_remove"; + $cleanup_anchors = array(); + /* Read in any currently unapplied name changes */ + if (file_exists($filename)) + $cleanup_anchors = explode("\n", file_get_contents($filename)); + /* Only add the anchor to the list if it's not already there. */ + if (!in_array($name, $cleanup_anchors)) + $cleanup_anchors[] = $name; + file_put_contents($filename, implode("\n", $cleanup_anchors)); +} + +/* Cleanup relayd anchors that have been marked for cleanup. */ +function cleanup_lb_marked() { + global $g, $config; + $filename = "{$g['tmp_path']}/relayd_anchors_remove"; + $cleanup_anchors = array(); + /* Nothing to do! */ + if (!file_exists($filename)) { + return; + } else { + $cleanup_anchors = explode("\n", file_get_contents($filename)); + /* Nothing to do! */ + if (empty($cleanup_anchors)) + return; + } + + /* Load current names so we can make sure we don't remove an anchor that is still in use. */ + $vs_a = $config['load_balancer']['virtual_server']; + $active_vsnames = array(); + if(is_array($vs_a)) { + foreach ($vs_a as $vs) { + $active_vsnames[] = $vs['name']; + } + } + + foreach ($cleanup_anchors as $anchor) { + /* Only cleanup an anchor if it is not still active. */ + if (!in_array($anchor, $active_vsnames)) { + cleanup_lb_anchor($anchor); + } + } + unlink_if_exists($filename); +} + ?> |