diff options
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/captiveportal.inc | 28 | ||||
-rw-r--r-- | etc/inc/certs.inc | 37 | ||||
-rw-r--r-- | etc/inc/config.console.inc | 15 | ||||
-rw-r--r-- | etc/inc/filter.inc | 7 | ||||
-rw-r--r-- | etc/inc/globals.inc | 7 | ||||
-rw-r--r-- | etc/inc/gwlb.inc | 6 | ||||
-rw-r--r-- | etc/inc/interfaces.inc | 85 | ||||
-rw-r--r-- | etc/inc/services.inc | 10 | ||||
-rw-r--r-- | etc/inc/shaper.inc | 6 | ||||
-rw-r--r-- | etc/inc/system.inc | 74 | ||||
-rw-r--r-- | etc/inc/util.inc | 6 | ||||
-rw-r--r-- | etc/inc/zeromq.inc | 2 |
12 files changed, 178 insertions, 105 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 000db23..a5029a5 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -937,7 +937,7 @@ function captiveportal_radius_stop_all() { } } -function captiveportal_passthrumac_configure_entry($macent) { +function captiveportal_passthrumac_configure_entry($macent, $pipeinrule = false) { global $config, $g, $cpzone; $bwUp = 0; @@ -954,14 +954,22 @@ function captiveportal_passthrumac_configure_entry($macent) { $ruleno = captiveportal_get_next_ipfw_ruleno(); if ($macent['action'] == 'pass') { + $rules = ""; $pipeno = captiveportal_get_next_dn_ruleno(); $pipeup = $pipeno; - $_gb = @pfSense_pipe_action("pipe {$pipeno} config bw {$bwUp}Kbit/s queue 100 buckets 16"); + if ($pipeinrule == true) + $_gb = @pfSense_pipe_action("pipe {$pipeno} config bw {$bwUp}Kbit/s queue 100 buckets 16"); + else + $rules .= "pipe {$pipeno} config bw {$bwUp}Kbit/s queue 100 buckets 16\n"; + $pipedown = $pipeno + 1; - $_gb = @pfSense_pipe_action("pipe {$pipedown} config bw {$bwDown}Kbit/s queue 100 buckets 16"); + if ($pipeinrule == true) + $_gb = @pfSense_pipe_action("pipe {$pipedown} config bw {$bwDown}Kbit/s queue 100 buckets 16"); + else + $rules .= "pipe {$pipedown} config bw {$bwDown}Kbit/s queue 100 buckets 16\n"; - $rules = "add {$ruleno} pipe {$pipeup} ip from any to any MAC any {$macent['mac']}\n"; + $rules .= "add {$ruleno} pipe {$pipeup} ip from any to any MAC any {$macent['mac']}\n"; $ruleno++; $rules .= "add {$ruleno} pipe {$pipedown} ip from any to any MAC {$macent['mac']} any\n"; } @@ -1000,9 +1008,15 @@ function captiveportal_passthrumac_configure($lock = false) { $rules = ""; - if (is_array($config['captiveportal'][$cpzone]['passthrumac'])) - foreach ($config['captiveportal'][$cpzone]['passthrumac'] as $macent) - $rules .= captiveportal_passthrumac_configure_entry($macent); + if (is_array($config['captiveportal'][$cpzone]['passthrumac'])) { + $nentries = count($config['captiveportal'][$cpzone]['passthrumac']); + foreach ($config['captiveportal'][$cpzone]['passthrumac'] as $macent) { + if ($nentries > 100) + $rules .= captiveportal_passthrumac_configure_entry($macent, true); + else + $rules .= captiveportal_passthrumac_configure_entry($macent); + } + } return $rules; } diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 8df3e5d..bf9f899 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -270,22 +270,28 @@ function cert_import(& $cert, $crt_str, $key_str) { function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user", $digest_alg = "sha256") { - $ca =& lookup_ca($caref); - if (!$ca) - return false; + $cert['type'] = $type; - $ca_str_crt = base64_decode($ca['crt']); - $ca_str_key = base64_decode($ca['prv']); - $ca_res_crt = openssl_x509_read($ca_str_crt); - $ca_res_key = openssl_pkey_get_private(array(0 => $ca_str_key, 1 => "")); - if(!$ca_res_key) return false; - $ca_serial = ++$ca['serial']; + if ($type != "self-signed") { + $cert['caref'] = $caref; + $ca =& lookup_ca($caref); + if (!$ca) + return false; + + $ca_str_crt = base64_decode($ca['crt']); + $ca_str_key = base64_decode($ca['prv']); + $ca_res_crt = openssl_x509_read($ca_str_crt); + $ca_res_key = openssl_pkey_get_private(array(0 => $ca_str_key, 1 => "")); + if(!$ca_res_key) return false; + $ca_serial = ++$ca['serial']; + } switch ($type) { case "ca": $cert_type = "v3_ca"; break; case "server": + case "self-signed": $cert_type = "server"; break; default: @@ -312,11 +318,20 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user", $di $res_key = openssl_pkey_new($args); if(!$res_key) return false; + // If this is a self-signed cert, blank out the CA and sign with the cert's key + if ($type == "self-signed") { + $ca = null; + $ca_res_crt = null; + $ca_res_key = $res_key; + $ca_serial = 0; + $cert['type'] = "server"; + } + // generate a certificate signing request $res_csr = openssl_csr_new($dn, $res_key, $args); if(!$res_csr) return false; - // self sign the certificate + // sign the certificate using an internal CA $res_crt = openssl_csr_sign($res_csr, $ca_res_crt, $ca_res_key, $lifetime, $args, $ca_serial); if(!$res_crt) return false; @@ -327,10 +342,8 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user", $di return false; // return our certificate information - $cert['caref'] = $caref; $cert['crt'] = base64_encode($str_crt); $cert['prv'] = base64_encode($str_key); - $cert['type'] = $type; return true; } diff --git a/etc/inc/config.console.inc b/etc/inc/config.console.inc index 2d15dc2..6c956fb 100644 --- a/etc/inc/config.console.inc +++ b/etc/inc/config.console.inc @@ -191,13 +191,6 @@ EOD; echo <<<EOD -*NOTE* {$g['product_name']} requires {$g['minimum_nic_count_text']} assigned interface(s) to function. - If you do not have {$g['minimum_nic_count_text']} interfaces you CANNOT continue. - - If you do not have at least {$g['minimum_nic_count']} *REAL* network interface card(s) - or one interface with multiple VLANs then {$g['product_name']} - *WILL NOT* function correctly. - If you do not know the names of your interfaces, you may choose to use auto-detection. In that case, disconnect all interfaces now before hitting 'a' to initiate auto detection. @@ -231,12 +224,8 @@ EOD; } if($lanif == "") { - if($g['minimum_nic_count'] < 2) { - break; - } else { - fclose($fp); - return; - } + /* It is OK to have just a WAN, without a LAN so break if the user does not want LAN. */ + break; } if ($lanif === "a") diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 0f74ad6..79fb652 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2442,7 +2442,7 @@ function filter_generate_user_rule($rule) { $l7_present = true; $l7rule =& $layer7_rules_list[$rule['l7container']]; $l7_structures = $l7rule->get_unique_structures(); - $aline['divert'] = "divert " . $l7rule->GetRPort() . " "; + $aline['divert'] = "divert-to " . $l7rule->GetRPort() . " "; } if (($rule['protocol'] == "icmp") && $rule['icmptype'] && ($rule['ipprotocol'] == "inet")) $aline['icmp-type'] = "icmp-type {$rule['icmptype']} "; @@ -2703,6 +2703,11 @@ function filter_rules_generate() { $tracker = $saved_tracker; $ipfrules .= <<<EOD +# block IPv4 link-local. Per RFC 3927, link local "MUST NOT" be forwarded by a routing device, +# and clients "MUST NOT" send such packets to a router. FreeBSD won't route 169.254./16, but +# route-to can override that, causing problems such as in redmine #2073 +block in {$log['block']} quick from 169.254.0.0/16 to any +block in {$log['block']} quick from any to 169.254.0.0/16 #--------------------------------------------------------------------------- # default deny rules #--------------------------------------------------------------------------- diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 4bb1410..de37f8b 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -77,8 +77,6 @@ $g = array( "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", - "minimum_nic_count" => "1", - "minimum_nic_count_text" => "*AT LEAST* 1", "wan_interface_name" => "wan", "nopccard_platforms" => array("wrap", "net48xx"), "xmlrpcbaseurl" => "https://packages.pfsense.org", @@ -104,7 +102,7 @@ if(file_exists("/etc/platform")) { //$arch = ($arch == "i386") ? "" : '/' . $arch; /* Full installs and NanoBSD use the same update directory and manifest in 2.x */ - $g['update_url']="https://snapshots.pfsense.org/FreeBSD_stable/10/{$arch}/pfSense_HEAD/.updaters/"; + $g['update_url']="https://snapshots.pfsense.org/FreeBSD_releng/10.1/{$arch}/pfSense_HEAD/.updaters/"; $g['update_manifest']="https://updates.pfSense.org/manifest"; $g['platform'] = trim(file_get_contents("/etc/platform")); @@ -154,7 +152,8 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024", "net.route.netisr_maxqlen" => 1024, "net.inet.udp.checksum" => 1, "net.bpf.zerocopy_enable" => 1, - "net.inet.icmp.reply_from_interface" => 1 + "net.inet.icmp.reply_from_interface" => 1, + "vfs.forcesync" => "0" ); /* Include override values for the above if needed. If the file doesn't exist, don't try to load it. */ diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index c5121fe..e32bea0 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -822,15 +822,15 @@ function return_gateway_groups_array() { $status = $gateways_status[$gwname]; $gwdown = false; if (stristr($status['status'], "down")) { - $msg = sprintf(gettext("MONITOR: %s is down, removing from routing group {$group['name']}"), $gwname); + $msg = sprintf(gettext("MONITOR: %s is down, omitting from routing group {$group['name']}"), $gwname); $gwdown = true; } else if (stristr($status['status'], "loss") && strstr($group['trigger'], "loss")) { /* packet loss */ - $msg = sprintf(gettext("MONITOR: %s has packet loss, removing from routing group {$group['name']}"), $gwname); + $msg = sprintf(gettext("MONITOR: %s has packet loss, omitting from routing group {$group['name']}"), $gwname); $gwdown = true; } else if (stristr($status['status'], "delay") && strstr($group['trigger'] , "latency")) { /* high latency */ - $msg = sprintf(gettext("MONITOR: %s has high latency, removing from routing group {$group['name']}"), $gwname); + $msg = sprintf(gettext("MONITOR: %s has high latency, omitting from routing group {$group['name']}"), $gwname); $gwdown = true; } if ($gwdown == true) { diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 488fb20..684babd 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -730,7 +730,7 @@ function interfaces_lagg_configure($realif = "") { echo gettext("done.") . "\n"; } -function interface_lagg_configure(&$lagg) { +function interface_lagg_configure($lagg) { global $config, $g; if (!is_array($lagg)) @@ -747,30 +747,47 @@ function interface_lagg_configure(&$lagg) { } else $laggif = pfSense_interface_create("lagg"); - /* Calculate smaller mtu and enforce it */ - $smallermtu = 0; - foreach ($members as $member) { - $opts = pfSense_get_interface_addresses($member); - $mtu = $opts['mtu']; - if (!isset($opts['caps']['txcsum'])) - $commontx = false; - if (!isset($opts['caps']['rxcsum'])) - $commonrx = false; - if (!isset($opts['caps']['tso4'])) - $commontso4 = false; - if (!isset($opts['caps']['tso6'])) - $commontso6 = false; - if (!isset($opts['caps']['lro'])) - $commonlro = false; - if ($smallermtu == 0 && !empty($mtu)) - $smallermtu = $mtu; - else if (!empty($mtu) && $mtu < $smallermtu) - $smallermtu = $mtu; + /* Check if MTU was defined for this lagg interface */ + $lagg_mtu = 0; + if (is_array($config['interfaces'])) { + foreach ($config['interfaces'] as $ifname => $ifdata) { + if ($ifdata['if'] != $laggif) + continue; + + if (isset($ifdata['mtu']) && !empty($ifdata['mtu'])) { + $lagg_mtu = $ifdata['mtu']; + break; + } + } + } + + if ($lagg_mtu == 0) { + /* Calculate smaller mtu and enforce it */ + $smallermtu = 0; + foreach ($members as $member) { + $opts = pfSense_get_interface_addresses($member); + $mtu = $opts['mtu']; + if (!isset($opts['caps']['txcsum'])) + $commontx = false; + if (!isset($opts['caps']['rxcsum'])) + $commonrx = false; + if (!isset($opts['caps']['tso4'])) + $commontso4 = false; + if (!isset($opts['caps']['tso6'])) + $commontso6 = false; + if (!isset($opts['caps']['lro'])) + $commonlro = false; + if ($smallermtu == 0 && !empty($mtu)) + $smallermtu = $mtu; + else if (!empty($mtu) && $mtu < $smallermtu) + $smallermtu = $mtu; + } + $lagg_mtu = $smallermtu; } /* Just in case anything is not working well */ - if ($smallermtu == 0) - $smallermtu = 1500; + if ($lagg_mtu == 0) + $lagg_mtu = 1500; $flags_on = 0; $flags_off = 0; @@ -801,7 +818,7 @@ function interface_lagg_configure(&$lagg) { if (!array_key_exists($member, $checklist)) continue; /* make sure the parent interface is up */ - pfSense_interface_mtu($member, $smallermtu); + pfSense_interface_mtu($member, $lagg_mtu); pfSense_interface_capabilities($member, -$flags_off); pfSense_interface_capabilities($member, $flags_on); interfaces_bring_up($member); @@ -1925,12 +1942,12 @@ EOD; return 1; } -function interfaces_carp_setup() { +function interfaces_sync_setup() { global $g, $config; if (isset($config['system']['developerspew'])) { $mt = microtime(); - echo "interfaces_carp_setup() being called $mt\n"; + echo "interfaces_sync_setup() being called $mt\n"; } if ($g['booting']) { @@ -1959,7 +1976,7 @@ function interfaces_carp_setup() { unset($carp_sync_int); /* setup pfsync interface */ - if ($carp_sync_int and $pfsyncenabled) { + if (isset($carp_sync_int) and isset($pfsyncenabled)) { if (is_ipaddr($pfsyncpeerip)) $syncpeer = "syncpeer {$pfsyncpeerip}"; else @@ -2112,7 +2129,7 @@ function interfaces_vips_configure($interface = "") { } } if ($carp_setuped == true) - interfaces_carp_setup(); + interfaces_sync_setup(); if ($anyproxyarp == true) interface_proxyarp_configure(); } @@ -3123,6 +3140,18 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven interface_vlan_adapt_mtu(link_interface_to_vlans($realhwif), $wancfg['mtu']); } else pfSense_interface_mtu($realif, $wancfg['mtu']); + } else if (substr($realif, 0, 4) == 'lagg') { + /* LAGG interface must be destroyed and re-created to change MTU */ + if ($wancfg['mtu'] != get_interface_mtu($realif)) { + if (isset($config['laggs']['lagg']) && is_array($config['laggs']['lagg'])) { + foreach ($config['laggs']['lagg'] as $lagg) { + if ($lagg['laggif'] == $realif) { + interface_lagg_configure($lagg); + break; + } + } + } + } } else { if ($wancfg['mtu'] != get_interface_mtu($realif)) pfSense_interface_mtu($realif, $wancfg['mtu']); @@ -3130,7 +3159,7 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven /* This case is needed when the parent of vlans is being configured */ interface_vlan_adapt_mtu(link_interface_to_vlans($realif), $wancfg['mtu']); } - /* XXX: What about gre/gif/lagg/.. ? */ + /* XXX: What about gre/gif/.. ? */ } if (does_interface_exist($wancfg['if'])) diff --git a/etc/inc/services.inc b/etc/inc/services.inc index e3e8a08..2c41ab6 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -358,10 +358,14 @@ function services_dhcpdv4_configure() { return 0; /* if OLSRD is enabled, allow WAN to house DHCP. */ - if($config['installedpackages']['olsrd']) + if (!function_exists('is_package_installed')) + require_once('pkg-utils.inc'); + if (is_package_installed('olsrd') && isset($config['installedpackages']['olsrd'])) foreach($config['installedpackages']['olsrd']['config'] as $olsrd) - if($olsrd['enable']) - $is_olsr_enabled = true; + if (isset($olsrd['enable']) && $olsrd['enable'] == "on") { + $is_olsr_enabled = true; + break; + } if ($g['booting']) { /* restore the leases, if we have them */ diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index fddff92..cd52390 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -3044,7 +3044,8 @@ class dnpipe_class extends dummynet_class { $schedule = 0; $schedulenone = 0; $entries = 0; - for ($i = 0; $i < 30; $i++) { + /* XXX: Really no better way? */ + for ($i = 0; $i < 2900; $i++) { if (!empty($data["bwsched{$i}"])) { if ($data["bwsched{$i}"] != "none") $schedule++; @@ -3082,7 +3083,8 @@ class dnpipe_class extends dummynet_class { if (!empty($_POST)) { $bandwidth = array(); - for ($i = 0; $i < 30; $i++) { + /* XXX: Really no better way? */ + for ($i = 0; $i < 2900; $i++) { if (isset($q["bandwidth{$i}"]) && $q["bandwidth{$i}"] <> "") { $bw = array(); $bw['bw'] = $q["bandwidth{$i}"]; diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 3dead28..e903cdb 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -544,7 +544,7 @@ function system_staticroutes_configure($interface = "", $update_dns = false) { } if (isset($rtent['disabled'])) { - /* XXX: This is a bit dangerous in case of routing daemons!? */ + /* XXX: This can break things by deleting routes that shouldn't be deleted - OpenVPN, dynamic routing scenarios, etc. redmine #3709 */ foreach ($ips as $ip) mwexec("/sbin/route delete " . escapeshellarg($ip), true); continue; @@ -830,6 +830,44 @@ EOD; return $retval; } +function system_webgui_create_certificate() { + global $config, $g; + + if (!is_array($config['ca'])) + $config['ca'] = array(); + $a_ca =& $config['ca']; + if (!is_array($config['cert'])) + $config['cert'] = array(); + $a_cert =& $config['cert']; + log_error("Creating SSL Certificate for this host"); + + $cert = array(); + $cert['refid'] = uniqid(); + $cert['descr'] = gettext("webConfigurator default ({$cert['refid']})"); + + $dn = array( + 'countryName' => "US", + 'stateOrProvinceName' => "State", + 'localityName' => "Locality", + 'organizationName' => "{$g['product_name']} webConfigurator Self-Signed Certificate", + 'emailAddress' => "admin@{$config['system']['hostname']}.{$config['system']['domain']}", + 'commonName' => "{$config['system']['hostname']}-{$cert['refid']}"); + $old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */ + if (!cert_create($cert, null, 2048, 2000, $dn, "self-signed", "sha256")){ + while($ssl_err = openssl_error_string()){ + log_error("Error creating WebGUI Certificate: openssl library returns: " . $ssl_err); + } + error_reporting($old_err_level); + return null; + } + error_reporting($old_err_level); + + $a_cert[] = $cert; + $config['system']['webgui']['ssl-certref'] = $cert['refid']; + write_config(gettext("Generated new self-signed HTTPS certificate ({$cert['refid']})")); + return $cert; +} + function system_webgui_start() { global $config, $g; @@ -852,36 +890,17 @@ function system_webgui_start() { // Ensure that we have a webConfigurator CERT $cert =& lookup_cert($config['system']['webgui']['ssl-certref']); if(!is_array($cert) && !$cert['crt'] && !$cert['prv']) { - if (!is_array($config['ca'])) - $config['ca'] = array(); - $a_ca =& $config['ca']; - if (!is_array($config['cert'])) - $config['cert'] = array(); - $a_cert =& $config['cert']; - log_error("Creating SSL Certificate for this host"); - $cert = array(); - $cert['refid'] = uniqid(); - $cert['descr'] = gettext("webConfigurator default"); - mwexec("/usr/bin/openssl genrsa 1024 > {$g['tmp_path']}/ssl.key"); - mwexec("/usr/bin/openssl req -new -x509 -nodes -sha256 -days 2000 -key {$g['tmp_path']}/ssl.key > {$g['tmp_path']}/ssl.crt"); - $crt = file_get_contents("{$g['tmp_path']}/ssl.crt"); - $key = file_get_contents("{$g['tmp_path']}/ssl.key"); - unlink("{$g['tmp_path']}/ssl.key"); - unlink("{$g['tmp_path']}/ssl.crt"); - cert_import($cert, $crt, $key); - $a_cert[] = $cert; - $config['system']['webgui']['ssl-certref'] = $cert['refid']; - write_config(gettext("Importing HTTPS certificate")); - if(!$config['system']['webgui']['port']) - $portarg = "443"; - $ca = ca_chain($cert); + $cert = system_webgui_create_certificate(); + $crt = $cert['crt']; + $key = $cert['prv']; } else { $crt = base64_decode($cert['crt']); $key = base64_decode($cert['prv']); - if(!$config['system']['webgui']['port']) - $portarg = "443"; - $ca = ca_chain($cert); } + + if(!$config['system']['webgui']['port']) + $portarg = "443"; + $ca = ca_chain($cert); } /* generate lighttpd configuration */ @@ -1228,6 +1247,7 @@ EOD; // Harden SSL a bit for PCI conformance testing $lighty_config .= "ssl.use-sslv2 = \"disable\"\n"; + $lighty_config .= "ssl.use-sslv3 = \"disable\"\n"; /* Hifn accelerators do NOT work with the BEAST mitigation code. Do not allow it to be enabled if a Hifn card has been detected. */ $fd = @fopen("{$g['varlog_path']}/dmesg.boot", "r"); diff --git a/etc/inc/util.inc b/etc/inc/util.inc index bf77e95..a9e533f 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -644,7 +644,7 @@ function is_domain($domain) { if (!is_string($domain)) return false; - if (preg_match('/^(?:(?:[a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*(?:[a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])$/i', $domain)) + if (preg_match('/^(?:(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\-]*[a-z_0-9])\.)*(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\-]*[a-z_0-9])$/i', $domain)) return true; else return false; @@ -1710,9 +1710,7 @@ function is_interface_mismatch() { } } - if ($g['minimum_nic_count'] > $i) { - $do_assign = true; - } else if (file_exists("{$g['tmp_path']}/assign_complete")) + if (file_exists("{$g['tmp_path']}/assign_complete")) $do_assign = false; if (!empty($missing_interfaces) && $do_assign) diff --git a/etc/inc/zeromq.inc b/etc/inc/zeromq.inc index db40ce9..65589d0 100644 --- a/etc/inc/zeromq.inc +++ b/etc/inc/zeromq.inc @@ -273,7 +273,7 @@ function interfaces_carp_configure_zeromq($raw_params) { $params = $raw_params; if(zeromq_auth($raw_params) == false) return ZEROMQ_AUTH_FAIL; - interfaces_carp_setup(); + interfaces_sync_setup(); interfaces_vips_configure(); return ZEROMQ_FASLE; } |