diff options
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/filter.inc | 22 | ||||
-rw-r--r-- | src/etc/inc/gwlb.inc | 32 | ||||
-rw-r--r-- | src/etc/inc/interfaces.inc | 278 | ||||
-rw-r--r-- | src/etc/inc/ipsec.inc | 30 | ||||
-rw-r--r-- | src/etc/inc/openvpn.inc | 37 | ||||
-rw-r--r-- | src/etc/inc/pfsense-utils.inc | 14 | ||||
-rw-r--r-- | src/etc/inc/services.inc | 105 | ||||
-rw-r--r-- | src/etc/inc/system.inc | 16 | ||||
-rw-r--r-- | src/etc/inc/util.inc | 150 | ||||
-rw-r--r-- | src/etc/inc/vpn.inc | 50 |
10 files changed, 211 insertions, 523 deletions
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 81b7a7a..674bd0b 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -1053,7 +1053,9 @@ function filter_get_direct_networks_list($returnsubnetsonly = true) { } } } - foreach (get_configured_ip_aliases_list(true) as $vip) { + $viplist = get_configured_vip_list(); + foreach ($viplist as $vid => $address) { + $vip = get_configured_vip($vid); $subnet = "{$vip['subnet']}/{$vip['subnet_bits']}"; if (is_subnet($subnet) && !(is_subnetv4($subnet) && $vip['subnet_bits'] == 32) && !(is_subnetv6($subnet) && $vip['subnet_bits'] == 128)) { if (is_subnetv4($subnet)) { @@ -4087,19 +4089,13 @@ function filter_generate_ipsec_rules($log = array()) { } } - if (strpos($ph1ent['interface'], "_vip")) { - $parentinterface = get_configured_carp_interface_list($ph1ent['interface'], '', 'iface'); - } else if (is_ipaddr($ph1ent['interface'])) { - if (is_array($config['virtualip']['vip'])) { - foreach ($config['virtualip']['vip'] as $vip) { - if ($ph1ent['interface'] == $vip['subnet']) { - $parentinterface = $vip['interface']; - } - } - } - } else { + if (substr($ph1ent['interface'], 0, 4) == "_vip") { + $parentinterface = get_configured_vip_interface($ph1ent['interface']); + /* IP Alias -> CARP */ + if (substr($parentinterface, 0, 4) == "_vip") + $parentinterface = get_configured_vip_interface($parentinterface); + } else $parentinterface = $ph1ent['interface']; - } if (empty($FilterIflist[$parentinterface]['descr'])) { $ipfrules .= "# Could not locate interface for IPsec: {$descr}\n"; continue; diff --git a/src/etc/inc/gwlb.inc b/src/etc/inc/gwlb.inc index 86dcf1f..8c74d45 100644 --- a/src/etc/inc/gwlb.inc +++ b/src/etc/inc/gwlb.inc @@ -495,8 +495,6 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive // Ensure the interface cache is up to date first $interfaces = get_interface_arr(true); - $interfaces_v4 = array(); - $interfaces_v6 = array(); $i = -1; /* Process/add all the configured gateways. */ @@ -562,10 +560,8 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive /* special treatment for tunnel interfaces */ if ($gateway['ipprotocol'] == "inet6") { $gateway['interface'] = get_real_interface($gateway['interface'], "inet6", false, false); - $interfaces_v6[$gateway['friendlyiface']] = $gateway['friendlyiface']; } else { - $gateway['interface'] = get_real_interface($gateway['interface'], "all", false, false); - $interfaces_v4[$gateway['friendlyiface']] = $gateway['friendlyiface']; + $gateway['interface'] = get_real_interface($gateway['interface'], "inet", false, false); } /* entry has a default flag, use it */ @@ -619,10 +615,6 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive continue; } - if (isset($interfaces_v4[$ifname])) { - continue; - } - $ctype = ""; switch ($ifcfg['ipaddr']) { case "dhcp": @@ -715,10 +707,6 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive continue; } - if (isset($interfaces_v6[$ifname])) { - continue; - } - $ctype = ""; switch ($ifcfg['ipaddrv6']) { case "slaac": @@ -910,7 +898,7 @@ function return_gateway_groups_array() { fixup_default_gateway("inet6", $gateways_status, $gateways_arr); } if (is_array($config['gateways']['gateway_group'])) { - $carplist = get_configured_carp_interface_list(); + $viplist = get_configured_vip_list(); foreach ($config['gateways']['gateway_group'] as $group) { /* create array with group gateways members separated by tier */ $tiers = array(); @@ -919,10 +907,9 @@ function return_gateway_groups_array() { foreach ($group['item'] as $item) { list($gwname, $tier, $vipname) = explode("|", $item); - if (is_ipaddr($carplist[$vipname])) { - if (!is_array($gwvip_arr[$group['name']])) { + if (is_ipaddr($viplist[$vipname])) { + if (!is_array($gwvip_arr[$group['name']])) $gwvip_arr[$group['name']] = array(); - } $gwvip_arr[$group['name']][$gwname] = $vipname; } @@ -999,9 +986,8 @@ function return_gateway_groups_array() { $groupmember['int'] = $int; $groupmember['gwip'] = $gatewayip; $groupmember['weight'] = isset($gateway['weight']) ? $gateway['weight'] : 1; - if (is_array($gwvip_arr[$group['name']])&& !empty($gwvip_arr[$group['name']][$member])) { + if (is_array($gwvip_arr[$group['name']]) && !empty($gwvip_arr[$group['name']][$member])) $groupmember['vip'] = $gwvip_arr[$group['name']][$member]; - } $gateway_groups_array[$group['name']][] = $groupmember; } } @@ -1079,7 +1065,9 @@ function get_interface_gateway($interface, &$dynamic = false) { global $config, $g; if (substr($interface, 0, 4) == '_vip') { - $interface = get_configured_carp_interface_list($interface, 'inet', 'iface'); + $interface = get_configured_vip_interface($interface); + if (substr($interface, 0, 4) == '_vip') + $interface = get_configured_vip_interface($interface); } $gw = NULL; @@ -1114,7 +1102,9 @@ function get_interface_gateway_v6($interface, &$dynamic = false) { global $config, $g; if (substr($interface, 0, 4) == '_vip') { - $interface = get_configured_carp_interface_list($interface, 'inet6', 'iface'); + $interface = get_configured_vip_interface($interface); + if (substr($interface, 0, 4) == '_vip') + $interface = get_configured_vip_interface($interface); } $gw = NULL; diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index 60ba40e..dc984fd 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -1188,20 +1188,7 @@ function interface_reconfigure($interface = "wan", $reloadall = false) { function interface_vip_bring_down($vip) { global $g; - if (strpos($vip['interface'], '_vip')) { - if (is_ipaddrv6($vip['subnet'])) { - $family = 'inet6'; - } else { - $family = 'inet'; - } - - $carpvip = get_configured_carp_interface_list($vip['interface'], $family, 'vip'); - $iface = $carpvip['interface']; - } else { - $iface = $vip['interface']; - } - - $vipif = get_real_interface($iface); + $vipif = get_real_interface($vip['interface']); switch ($vip['mode']) { case "proxyarp": if (file_exists("{$g['varrun_path']}/choparp_{$vipif}.pid")) { @@ -2324,60 +2311,30 @@ function interface_ipalias_configure(&$vip) { return; } - if ($vip['interface'] != 'lo0' && stripos($vip['interface'], '_vip') === false) { - if (!isset($config['interfaces'][$vip['interface']])) { + $realif = get_real_interface("_vip{$vip['uniqid']}"); + if ($realif != "lo0") { + $if = convert_real_interface_to_friendly_interface_name($realif); + if (!isset($config['interfaces'][$if])) { return; } - if (!isset($config['interfaces'][$vip['interface']]['enable'])) { + if (!isset($config['interfaces'][$if]['enable'])) { return; } } $af = 'inet'; - if (is_ipaddrv6($vip['subnet'])) { + if (is_ipaddrv6($vip['subnet'])) $af = 'inet6'; - } $iface = $vip['interface']; - $vipadd = ''; - if (strpos($vip['interface'], '_vip')) { - $carpvip = get_configured_carp_interface_list($vip['interface'], $af, 'vip'); + $vhid = ''; + if (substr($vip['interface'], 0, 4) == "_vip") { + $carpvip = get_configured_vip($vip['interface']); $iface = $carpvip['interface']; - $vipadd = "vhid {$carpvip['vhid']}"; - } - $if = get_real_interface($iface); - mwexec("/sbin/ifconfig " . escapeshellarg($if) ." {$af} ". escapeshellarg($vip['subnet']) ."/" . escapeshellarg($vip['subnet_bits']) . " alias {$vipadd}"); - unset($iface, $af, $if, $carpvip, $vipadd); -} - -function interface_reload_carps($cif) { - global $config; - - $carpifs = link_ip_to_carp_interface(find_interface_ip($cif)); - if (empty($carpifs)) { - return; - } - - $carps = explode(" ", $carpifs); - if (is_array($config['virtualip']['vip'])) { - $viparr = &$config['virtualip']['vip']; - foreach ($viparr as $vip) { - if (in_array($vip['carpif'], $carps)) { - switch ($vip['mode']) { - case "carp": - interface_vip_bring_down($vip); - sleep(1); - interface_carp_configure($vip); - break; - case "ipalias": - interface_vip_bring_down($vip); - sleep(1); - interface_ipalias_configure($vip); - break; - } - } - } + $vhid = "vhid {$carpvip['vhid']}"; } + mwexec("/sbin/ifconfig " . escapeshellarg($realif) ." {$af} ". escapeshellarg($vip['subnet']) ."/" . escapeshellarg($vip['subnet_bits']) . " alias {$vhid}"); + unset($iface, $af, $realif, $carpvip, $vhid); } function interface_carp_configure(&$vip) { @@ -4535,16 +4492,6 @@ function get_current_wan_address($interface = "wan") { function convert_real_interface_to_friendly_interface_name($interface = "wan", $checkparent = false) { global $config; - if (stripos($interface, "_vip")) { - foreach ($config['virtualip']['vip'] as $counter => $vip) { - if ($vip['mode'] == "carp") { - if ($interface == "_vip{$vip['uniqid']}") { - return $vip['interface']; - } - } - } - } - /* XXX: For speed reasons reference directly the interface array */ $ifdescrs = &$config['interfaces']; //$ifdescrs = get_configured_interface_list(false, true); @@ -4781,10 +4728,9 @@ function get_real_interface($interface = "wan", $family = "all", $realv6iface = break; default: if (substr($interface, 0, 4) == '_vip') { - $wanif = get_configured_carp_interface_list($interface, $family, 'iface'); - if (!empty($wanif)) { - $wanif = get_real_interface($wanif, $family); - } + $wanif = get_configured_vip_interface($interface); + if (!empty($wanif)) + $wanif = get_real_interface($wanif); break; } else if (substr($interface, 0, 5) == '_lloc') { $interface = substr($interface, 5); @@ -4961,123 +4907,6 @@ function find_virtual_ip_alias($ip, $bits = null) { return false; } -/* - * find_number_of_created_carp_interfaces: return the number of carp interfaces - */ -function find_number_of_created_carp_interfaces() { - return `/sbin/ifconfig | /usr/bin/grep "carp:" | /usr/bin/wc -l`; -} - -/* - * find_carp_interface($ip): return the carp interface where an ip is defined - */ -function find_carp_interface($ip) { - global $config; - if (is_array($config['virtualip']['vip'])) { - foreach ($config['virtualip']['vip'] as $vip) { - if ($vip['mode'] == "carp") { - if (is_ipaddrv4($ip)) { - $carp_ip = get_interface_ip($vip['interface']); - } - if (is_ipaddrv6($ip)) { - $carp_ip = get_interface_ipv6($vip['interface']); - } - exec("/sbin/ifconfig", $output, $return); - foreach ($output as $line) { - $elements = preg_split("/[ ]+/i", $line); - if (strstr($elements[0], "vip")) { - $curif = str_replace(":", "", $elements[0]); - } - if (stristr($line, $ip)) { - $if = $curif; - continue; - } - } - - if ($if) { - return $if; - } - } - } - } -} - -function link_carp_interface_to_parent($interface) { - global $config; - - if (empty($interface)) { - return; - } - - $carp_ip = get_interface_ip($interface); - $carp_ipv6 = get_interface_ipv6($interface); - - if ((!is_ipaddrv4($carp_ip)) && (!is_ipaddrv6($carp_ipv6))) { - return; - } - - /* if list */ - $ifdescrs = get_configured_interface_list(); - foreach ($ifdescrs as $ifdescr => $ifname) { - /* check IPv4 */ - if (is_ipaddrv4($carp_ip)) { - $interfaceip = get_interface_ip($ifname); - $subnet_bits = get_interface_subnet($ifname); - $subnet_ip = gen_subnet("{$interfaceip}", "{$subnet_bits}"); - if (ip_in_subnet($carp_ip, "{$subnet_ip}/{$subnet_bits}")) { - return $ifname; - } - } - /* Check IPv6 */ - if (is_ipaddrv6($carp_ipv6)) { - $interfaceipv6 = get_interface_ipv6($ifname); - $prefixlen = get_interface_subnetv6($ifname); - if (ip_in_subnet($carp_ipv6, "{$interfaceipv6}/{$prefixlen}")) { - return $ifname; - } - } - } - return ""; -} - - -/****f* interfaces/link_ip_to_carp_interface - * NAME - * link_ip_to_carp_interface - Find where a CARP interface links to. - * INPUTS - * $ip - * RESULT - * $carp_ints - ******/ -function link_ip_to_carp_interface($ip) { - global $config; - - if (!is_ipaddr($ip)) { - return; - } - - $carp_ints = ""; - if (is_array($config['virtualip']['vip'])) { - $first = 0; - $carp_int = array(); - foreach ($config['virtualip']['vip'] as $vip) { - if ($vip['mode'] == "carp") { - $carp_ip = $vip['subnet']; - $carp_sn = $vip['subnet_bits']; - $carp_nw = gen_subnet($carp_ip, $carp_sn); - if (ip_in_subnet($ip, "{$carp_nw}/{$carp_sn}")) { - $carp_int[] = get_real_interface($vip['interface']); - } - } - } - if (!empty($carp_int)) { - $carp_ints = implode(" ", array_unique($carp_int)); - } - } - - return $carp_ints; -} - function link_interface_to_track6($int, $action = "") { global $config; @@ -5433,22 +5262,11 @@ function get_possible_listen_ips($include_ipv6_link_local=false) { } } } - /* XXX: Maybe use array_merge below? */ - $carplist = get_configured_carp_interface_list(); - foreach ($carplist as $cif => $carpip) { - if (get_vip_descr($carpip)) { - $interfaces[$cif] = $carpip . ' (' . get_vip_descr($carpip) . ')'; - } else { - $interfaces[$cif] = $carpip; - } - } - $aliaslist = get_configured_ip_aliases_list(); - foreach ($aliaslist as $aliasip => $aliasif) { - if (get_vip_descr($aliasip)) { - $interfaces[$aliasip] = $aliasip . ' (' . get_vip_descr($aliasip) . ')'; - } else { - $interfaces[$aliasip] = $aliasip; - } + $viplist = get_configured_vip_list(); + foreach ($viplist as $vip => $address) { + $interfaces[$vip] = $address; + if (get_vip_descr($address)) + $interfaces[$vip] .= " (". get_vip_descr($address) .")"; } $interfaces['lo0'] = 'Localhost'; @@ -5476,7 +5294,7 @@ function get_possible_traffic_source_addresses($include_ipv6_link_local=false) { function get_interface_ip($interface = "wan") { if (substr($interface, 0, 4) == '_vip') { - return get_configured_carp_interface_list($interface); + return get_configured_vip_ipv4($interface); } else if (substr($interface, 0, 5) == '_lloc') { /* No link-local address for v4. */ return null; @@ -5488,7 +5306,7 @@ function get_interface_ip($interface = "wan") { } if (substr($realif, 0, 4) == '_vip') { - return get_configured_carp_interface_list($realif, 'inet', 'ip'); + return get_configured_vip_ipv4($realif); } else if (substr($realif, 0, 5) == '_lloc') { /* No link-local address for v4. */ return null; @@ -5505,15 +5323,21 @@ function get_interface_ip($interface = "wan") { function get_interface_ipv6($interface = "wan", $flush = false) { global $config; + if (substr($interface, 0, 4) == '_vip') { + return get_configured_vip_ipv6($interface); + } else if (substr($interface, 0, 5) == '_lloc') { + return get_interface_linklocal($interface); + } + $realif = get_failover_interface($interface, 'inet6'); if (!$realif) { return null; } - if (substr($interface, 0, 4) == '_vip') { - return get_configured_carp_interface_list($interface, 'inet6', 'ip'); - } else if (substr($interface, 0, 5) == '_lloc') { - return get_interface_linklocal($interface); + if (substr($realif, 0, 4) == '_vip') { + return get_configured_vip_ipv6($realif); + } else if (substr($realif, 0, 5) == '_lloc') { + return get_interface_linklocal($realif); } if (is_array($config['interfaces'][$interface])) { @@ -5570,42 +5394,36 @@ function get_interface_linklocal($interface = "wan") { function get_interface_subnet($interface = "wan") { - if (substr($interface, 0, 4) == '_vip') { - return get_configured_carp_interface_list($interface, 'inet', 'subnet'); - } + if (substr($interface, 0, 4) == '_vip') + return (get_configured_vip_subnetv4($interface)); $realif = get_real_interface($interface); - if (!$realif) { - return null; - } + if (!$realif) + return (NULL); $cursn = find_interface_subnet($realif); - if (!empty($cursn)) { - return $cursn; - } + if (!empty($cursn)) + return ($cursn); - return null; + return (NULL); } function get_interface_subnetv6($interface = "wan") { - if (substr($interface, 0, 4) == '_vip') { - return get_configured_carp_interface_list($interface, 'inet6', 'subnet'); - } else if (substr($interface, 0, 5) == '_lloc') { + if (substr($interface, 0, 4) == '_vip') + return (get_configured_vip_subnetv6($interface)); + else if (substr($interface, 0, 5) == '_lloc') $interface = substr($interface, 5); - } $realif = get_real_interface($interface, 'inet6'); - if (!$realif) { - return null; - } + if (!$realif) + return (NULL); $cursn = find_interface_subnetv6($realif); - if (!empty($cursn)) { - return $cursn; - } + if (!empty($cursn)) + return ($cursn); - return null; + return (NULL); } /* return outside interfaces with a gateway */ diff --git a/src/etc/inc/ipsec.inc b/src/etc/inc/ipsec.inc index b90c870..f3e8ef2 100644 --- a/src/etc/inc/ipsec.inc +++ b/src/etc/inc/ipsec.inc @@ -275,28 +275,16 @@ function ipsec_ikeid_next() { function ipsec_get_phase1_src(& $ph1ent) { if ($ph1ent['interface']) { - if (!is_ipaddr($ph1ent['interface'])) { - if (strpos($ph1ent['interface'], '_vip')) { - $if = $ph1ent['interface']; - } else { - $if = get_failover_interface($ph1ent['interface']); - } - if ($ph1ent['protocol'] == "inet6") { - $interfaceip = get_interface_ipv6($if); - } else { - $interfaceip = get_interface_ip($if); - } - } else { - $interfaceip = $ph1ent['interface']; - } - } else { + if (substr($ph1ent['interface'], 0, 4) == "_vip") + $if = $ph1ent['interface']; + else + $if = get_failover_interface($ph1ent['interface']); + } else $if = "wan"; - if ($ph1ent['protocol'] == "inet6") { - $interfaceip = get_interface_ipv6($if); - } else { - $interfaceip = get_interface_ip($if); - } - } + if ($ph1ent['protocol'] == "inet6") + $interfaceip = get_interface_ipv6($if); + else + $interfaceip = get_interface_ip($if); return $interfaceip; } diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc index c225727..06f44c6 100644 --- a/src/etc/inc/openvpn.inc +++ b/src/etc/inc/openvpn.inc @@ -160,25 +160,18 @@ function openvpn_build_if_list() { $list = array(); $interfaces = get_configured_interface_with_descr(); - $carplist = get_configured_carp_interface_list(); - - foreach ($carplist as $cif => $carpip) { - $interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; - } - - $aliaslist = get_configured_ip_aliases_list(); - - foreach ($aliaslist as $aliasip => $aliasif) { - $interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; + $viplist = get_configured_vip_list(); + foreach ($viplist as $vip => $address) { + $interfaces[$vip.'|'.$address] = $address; + if (get_vip_descr($address)) { + $interfaces[$vip.'|'.$address] .= " ("; + $interfaces[$vip.'|'.$address] .= get_vip_descr($address); + $interfaces[$vip.'|'.$address] .= ")"; + } } $grouplist = return_gateway_groups_array(); - foreach ($grouplist as $name => $group) { - if ($group['ipprotocol'] != inet) { - continue; - } - if ($group[0]['vip'] != "") { $vipif = $group[0]['vip']; } else { @@ -277,16 +270,12 @@ function openvpn_build_bridge_list() { $serverbridge_interface['none'] = "none"; $serverbridge_interface = array_merge($serverbridge_interface, get_configured_interface_with_descr()); - $carplist = get_configured_carp_interface_list(); - - foreach ($carplist as $cif => $carpip) { - $serverbridge_interface[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; - } - - $aliaslist = get_configured_ip_aliases_list(); + $viplist = get_configured_vip_list(); - foreach ($aliaslist as $aliasip => $aliasif) { - $serverbridge_interface[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; + foreach ($viplist as $vip => $address) { + $serverbridge_interface[$vip.'|'.$address] = $address; + if (get_vip_descr($address)) + $serverbridge_interface[$vip.'|'.$address] .= " (". get_vip_descr($address) .")"; } foreach ($serverbridge_interface as $iface => $ifacename) { diff --git a/src/etc/inc/pfsense-utils.inc b/src/etc/inc/pfsense-utils.inc index 07364f2..5aa43f2 100644 --- a/src/etc/inc/pfsense-utils.inc +++ b/src/etc/inc/pfsense-utils.inc @@ -2714,20 +2714,6 @@ function where_is_ipaddr_configured($ipaddr, $ignore_if = "", $check_localip = f } } - $interface_list_vips = get_configured_vips_list(true); - foreach ($interface_list_vips as $id => $vip) { - /* Skip CARP interfaces here since they were already checked above */ - if ($id == $ignore_vip_id || (substr($ignore_if, 0, 4) == '_vip') && $ignore_vip_if === $vip['if']) { - continue; - } - if (strcasecmp($ipaddr, $vip['ipaddr']) == 0) { - $where_entry = array(); - $where_entry['if'] = $vip['if']; - $where_entry['ip_or_subnet'] = $vip['ipaddr']; - $where_configured[] = $where_entry; - } - } - if ($check_localip) { if (!is_array($config['l2tp']) && !empty($config['l2tp']['localip']) && (strcasecmp($ipaddr, $config['l2tp']['localip']) == 0)) { $where_entry = array(); diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc index 6c29b8e..386afd7 100644 --- a/src/etc/inc/services.inc +++ b/src/etc/inc/services.inc @@ -73,7 +73,6 @@ function services_radvd_configure($blacklist = array()) { $Iflist = get_configured_interface_list(); $Iflist = array_merge($Iflist, get_configured_pppoe_server_interfaces()); - $carplist = get_configured_carp_interface_list(); $radvdconf = "# Automatically Generated, do not edit\n"; @@ -106,26 +105,7 @@ function services_radvd_configure($blacklist = array()) { $dhcpv6ifconf['rapriority'] = "medium"; } - /* always start with the real parent, we override with the carp if later */ - $carpif = false; - /* check if we need to listen on a CARP interface */ - if (!empty($dhcpv6ifconf['rainterface'])) { - if (!empty($carplist[$dhcpv6ifconf['rainterface']])) { - $dhcpv6if = $dhcpv6ifconf['rainterface']; - $carpif = true; - } - } - - if (strstr($dhcpv6if, "_vip")) { - // CARP IP, check if it's enabled and find parent - if (!get_carp_status() || get_carp_interface_status($dhcpv6if) != "MASTER") { - continue; - } - $ifparent = link_carp_interface_to_parent($dhcpv6if); - $realif = convert_friendly_interface_to_real_interface_name($ifparent); - } else { - $realif = get_real_interface($dhcpv6if, "inet6"); - } + $realif = get_real_interface($dhcpv6if, "inet6"); if (isset($radvdifs[$realif])) { continue; @@ -178,11 +158,7 @@ function services_radvd_configure($blacklist = array()) { break; } $radvdconf .= "\tprefix {$subnetv6}/{$ifcfgsnv6} {\n"; - if ($carpif == true) { - $radvdconf .= "\t\tDeprecatePrefix off;\n"; - } else { - $radvdconf .= "\t\tDeprecatePrefix on;\n"; - } + $radvdconf .= "\t\tDeprecatePrefix on;\n"; switch ($dhcpv6ifconf['ramode']) { case "managed": $radvdconf .= "\t\tAdvOnLink on;\n"; @@ -225,11 +201,7 @@ function services_radvd_configure($blacklist = array()) { foreach ($dhcpv6ifconf['subnets']['item'] as $subnet) { if (is_subnetv6($subnet)) { $radvdconf .= "\tprefix {$subnet} {\n"; - if ($carpif == true) { - $radvdconf .= "\t\tDeprecatePrefix off;\n"; - } else { - $radvdconf .= "\t\tDeprecatePrefix on;\n"; - } + $radvdconf .= "\t\tDeprecatePrefix on;\n"; switch ($dhcpv6ifconf['ramode']) { case "managed": $radvdconf .= "\t\tAdvOnLink on;\n"; @@ -256,15 +228,9 @@ function services_radvd_configure($blacklist = array()) { } } } - if ($carpif === true) { - $radvdconf .= "\troute ::/0 {\n"; - $radvdconf .= "\t\tRemoveRoute off;\n"; - $radvdconf .= "\t};\n"; - } else { - $radvdconf .= "\troute ::/0 {\n"; - $radvdconf .= "\t\tRemoveRoute on;\n"; - $radvdconf .= "\t};\n"; - } + $radvdconf .= "\troute ::/0 {\n"; + $radvdconf .= "\t\tRemoveRoute on;\n"; + $radvdconf .= "\t};\n"; /* add DNS servers */ $dnslist = array(); @@ -322,13 +288,7 @@ function services_radvd_configure($blacklist = array()) { continue; } - if (strstr($if, "_vip")) { - // CARP IP, find parent - $ifparent = link_carp_interface_to_parent($if); - $realif = convert_friendly_interface_to_real_interface_name($ifparent); - } else { - $realif = get_real_interface($if, "inet6"); - } + $realif = get_real_interface($if, "inet6"); /* prevent duplicate entries, manual overrides */ if (isset($radvdifs[$realif])) { @@ -1924,7 +1884,6 @@ function services_dyndns_configure_client($conf) { $dns = new updatedns($dnsService = $conf['type'], $dnsHost = $conf['host'], - $dnsDomain = $conf['domainname'], $dnsUser = $conf['username'], $dnsPass = $conf['password'], $dnsWildcard = $conf['wildcard'], @@ -2054,43 +2013,23 @@ function services_dnsmasq_configure() { if (isset($config['dnsmasq']['interface'])) { $interfaces = explode(",", $config['dnsmasq']['interface']); foreach ($interfaces as $interface) { - if (is_ipaddrv4($interface)) { - $listen_addresses .= " --listen-address={$interface} "; - } else if (is_ipaddrv6($interface)) { - /* - * XXX: Since dnsmasq does not support link-local address - * with scope specified. These checks are being done. - */ - if (is_linklocal($interface) && strstr($interface, "%")) { - $tmpaddrll6 = explode("%", $interface); - $listen_addresses .= " --listen-address={$tmpaddrll6[0]} "; - } else { - $listen_addresses .= " --listen-address={$interface} "; - } - } else if (strstr($interface, "_vip")) { - $laddr = get_configured_carp_interface_list($interface); - if (is_ipaddr($laddr)) { + $if = get_real_interface($interface); + if (does_interface_exist($if)) { + $laddr = get_interface_ip($interface); + if (is_ipaddrv4($laddr)) { $listen_addresses .= " --listen-address={$laddr} "; } - } else { - $if = get_real_interface($interface); - if (does_interface_exist($if)) { - $laddr = get_interface_ip($interface); - if (is_ipaddrv4($laddr)) { - $listen_addresses .= " --listen-address={$laddr} "; - } - $laddr6 = get_interface_ipv6($interface); - if (is_ipaddrv6($laddr6) && !isset($config['dnsmasq']['strictbind'])) { - /* - * XXX: Since dnsmasq does not support link-local address - * with scope specified. These checks are being done. - */ - if (is_linklocal($laddr6) && strstr($laddr6, "%")) { - $tmpaddrll6 = explode("%", $laddr6); - $listen_addresses .= " --listen-address={$tmpaddrll6[0]} "; - } else { - $listen_addresses .= " --listen-address={$laddr6} "; - } + $laddr6 = get_interface_ipv6($interface); + if (is_ipaddrv6($laddr6) && !isset($config['dnsmasq']['strictbind'])) { + /* + * XXX: Since dnsmasq does not support link-local address + * with scope specified. These checks are being done. + */ + if (is_linklocal($laddr6) && strstr($laddr6, "%")) { + $tmpaddrll6 = explode("%", $laddr6); + $listen_addresses .= " --listen-address={$tmpaddrll6[0]} "; + } else { + $listen_addresses .= " --listen-address={$laddr6} "; } } } diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index e9a53b9..ca3af44 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -1792,17 +1792,15 @@ function system_ntp_configure($start_ntpd=true) { } if (is_array($interfaces) && count($interfaces)) { + $finterfaces = array(); $ntpcfg .= "interface ignore all\n"; foreach ($interfaces as $interface) { - if (strstr($interface, "_vip")) { - $interface = get_configured_carp_interface_list($interface); - } - if (!is_ipaddr($interface)) { - $interface = get_real_interface($interface); - } - if (!empty($interface)) { - $ntpcfg .= "interface listen {$interface}\n"; - } + $interface = get_real_interface($interface); + if (!empty($interface)) + $finterfaces[] = $interface; + } + foreach ($finterfaces as $interface) { + $ntpcfg .= "interface listen {$interface}\n"; } } diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc index 5a23f9f..3ec908f 100644 --- a/src/etc/inc/util.inc +++ b/src/etc/inc/util.inc @@ -1132,108 +1132,98 @@ function is_inrange($test, $start, $end) { return is_ipaddrv6($test) ? is_inrange_v6($test, $start, $end) : is_inrange_v4($test, $start, $end); } -/* XXX: return the configured carp interface list */ -function get_configured_carp_interface_list($carpinterface = '', $family = 'inet', $what = 'ip') { +function get_configured_vip_list($family = 'all') { global $config; - $iflist = array(); - - if (!is_array($config['virtualip']['vip']) || empty($config['virtualip']['vip'])) { - return $iflist; - } + $list = array(); + if (!is_array($config['virtualip']['vip']) || empty($config['virtualip']['vip'])) + return ($list); $viparr = &$config['virtualip']['vip']; foreach ($viparr as $vip) { - if ($vip['mode'] != "carp") { + if ($vip['mode'] != "carp" && $vip['mode'] != "ipalias") continue; + + if ($family == 'all' || + ($family == 'inet' && is_ipaddrv4($vip['subnet'])) || + ($family == 'inet6' && is_ipaddrv6($vip['subnet']))) { + $list["_vip{$vip['uniqid']}"] = $vip['subnet']; } + } + return ($list); +} + +function get_configured_vip($vipinterface = '') { + + return (get_configured_vip_detail($vipinterface, 'all', 'vip')); +} + +function get_configured_vip_interface($vipinterface = '') { + + return (get_configured_vip_detail($vipinterface, 'all', 'iface')); +} + +function get_configured_vip_ipv4($vipinterface = '') { + + return (get_configured_vip_detail($vipinterface, 'inet', 'ip')); +} - if (empty($carpinterface)) { - $iflist["_vip{$vip['uniqid']}"] = $vip['subnet']; +function get_configured_vip_ipv6($vipinterface = '') { + + return (get_configured_vip_detail($vipinterface, 'inet6', 'ip')); +} + +function get_configured_vip_subnetv4($vipinterface = '') { + + return (get_configured_vip_detail($vipinterface, 'inet', 'subnet')); +} + +function get_configured_vip_subnetv6($vipinterface = '') { + + return (get_configured_vip_detail($vipinterface, 'inet6', 'subnet')); +} + +function get_configured_vip_detail($vipinterface = '', $family = 'inet', $what = 'ip') { + global $config; + + if (empty($vipinterface) || !is_array($config['virtualip']['vip']) || + empty($config['virtualip']['vip'])) { + return (NULL); + } + + $viparr = &$config['virtualip']['vip']; + foreach ($viparr as $vip) { + if ($vip['mode'] != "carp" && $vip['mode'] != "ipalias") continue; - } - if ($carpinterface != "_vip{$vip['uniqid']}") { + if ($vipinterface != "_vip{$vip['uniqid']}") continue; - } switch ($what) { case 'subnet': - if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) { - return $vip['subnet_bits']; - } else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) { - return $vip['subnet_bits']; - } + if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) + return ($vip['subnet_bits']); + else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) + return ($vip['subnet_bits']); break; case 'iface': - if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) { - return $vip['interface']; - } else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) { - return $vip['interface']; - } + return ($vip['interface']); break; case 'vip': - if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) { - return $vip; - } else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) { - return $vip; - } + return ($vip); break; case 'ip': default: - if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) { - return $vip['subnet']; - } else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) { - return $vip['subnet']; - } + if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) + return ($vip['subnet']); + else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) + return ($vip['subnet']); break; } break; } - return $iflist; -} - -/* return the configured IP aliases list */ -function get_configured_ip_aliases_list($returnfullentry = false) { - global $config; - - $alias_list = array(); - - if (is_array($config['virtualip']['vip'])) { - $viparr = &$config['virtualip']['vip']; - foreach ($viparr as $vip) { - if ($vip['mode'] == "ipalias") { - if ($returnfullentry) { - $alias_list[$vip['subnet']] = $vip; - } else { - $alias_list[$vip['subnet']] = $vip['interface']; - } - } - } - } - - return $alias_list; -} - -/* return all configured aliases list (IP, carp, proxyarp and other) */ -function get_configured_vips_list() { - global $config; - - $alias_list = array(); - - if (is_array($config['virtualip']['vip'])) { - $viparr = &$config['virtualip']['vip']; - foreach ($viparr as $vip) { - if ($vip['mode'] == "carp") { - $alias_list[] = array("ipaddr" => $vip['subnet'], "if" => "_vip{$vip['uniqid']}"); - } else { - $alias_list[] = array("ipaddr" => $vip['subnet'], "if" => $vip['interface']); - } - } - } - - return $alias_list; + return ($list); } /* comparison function for sorting by the order in which interfaces are normally created */ @@ -1319,7 +1309,7 @@ function get_configured_interface_with_descr($only_opt = false, $withdisabled = /* * get_configured_ip_addresses() - Return a list of all configured - * interfaces IP Addresses + * IPv4 addresses. * */ function get_configured_ip_addresses() { @@ -1336,7 +1326,7 @@ function get_configured_ip_addresses() { $ip_array[$int] = $ipaddr; } } - $interfaces = get_configured_carp_interface_list(); + $interfaces = get_configured_vip_list('inet'); if (is_array($interfaces)) { foreach ($interfaces as $int => $ipaddr) { $ip_array[$int] = $ipaddr; @@ -1360,7 +1350,7 @@ function get_configured_ip_addresses() { /* * get_configured_ipv6_addresses() - Return a list of all configured - * interfaces IPv6 Addresses + * IPv6 addresses. * */ function get_configured_ipv6_addresses() { @@ -1373,7 +1363,7 @@ function get_configured_ipv6_addresses() { $ipv6_array[$int] = $ipaddrv6; } } - $interfaces = get_configured_carp_interface_list(); + $interfaces = get_configured_vip_list('inet6'); if (is_array($interfaces)) { foreach ($interfaces as $int => $ipaddrv6) { $ipv6_array[$int] = $ipaddrv6; diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index c79a761..c7d6662 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -275,7 +275,6 @@ function vpn_ipsec_configure($restart = false) { $ipmap = array(); $rgmap = array(); $filterdns_list = array(); - $listeniflist = array(); $aggressive_mode_psk = false; unset($iflist); $ifacesuse = array(); @@ -289,14 +288,14 @@ function vpn_ipsec_configure($restart = false) { continue; } - if (strpos($ph1ent['interface'], '_vip')) { - $vpninterface = explode('_vip', $ph1ent['interface']); - $ifacesuse[] = get_real_interface($vpninterface[0]); + if (substr($ph1ent['interface'], 0, 4) == "_vip") { + $vpninterface = get_configured_vip_interface($ph1ent['interface']); + $ifacesuse[] = get_real_interface($vpninterface); } else { $vpninterface = get_failover_interface($ph1ent['interface']); - if (strpos($vpninterface, '_vip')) { - $vpninterface = explode('_vip', $vpninterface); - $ifacesuse[] = get_real_interface($vpninterface[0]); + if (substr($vpninterface, 0, 4) == "_vip") { + $vpninterface = get_configured_vip_interface($vpninterface); + $ifacesuse[] = get_real_interface($vpninterface); } elseif (!empty($vpninterface)) { $ifacesuse[] = $vpninterface; } @@ -307,7 +306,6 @@ function vpn_ipsec_configure($restart = false) { } $ikeid = $ph1ent['ikeid']; - $listeniflist = get_real_interface($a_phase1['interface']); $ep = ipsec_get_phase1_src($ph1ent); if (!is_ipaddr($ep)) { @@ -388,10 +386,10 @@ function vpn_ipsec_configure($restart = false) { } /* if no valid src IP was found in configured interfaces, try the vips */ if (is_null($srcip)) { - $viplist = get_configured_vips_list(); - foreach ($viplist as $vip) { - if (ip_in_subnet($vip['ipaddr'], $local_subnet)) { - $srcip = $vip['ipaddr']; + $viplist = get_configured_vip_list(); + foreach ($viplist as $vip => $address) { + if (ip_in_subnet($address, $local_subnet)) { + $srcip = $address; break; } } @@ -897,16 +895,14 @@ EOD; } if ($ph1ent['protocol'] == 'inet') { - if (strpos($ph1ent['interface'], '_vip')) { - $vpninterface = explode('_vip', $ph1ent['interface']); - $ifacesuse = get_real_interface($vpninterface[0]); - $vpninterface = $vpninterface[0]; + if (substr($ph1ent['interface'], 0, 4) == "_vip") { + $vpninterface = get_configured_vip_interface($ph1ent['interface']); + $ifacesuse = get_real_interface($vpninterface); } else { $ifacesuse = get_failover_interface($ph1ent['interface']); - if (strpos($ifacesuse, '_vip')) { - $vpninterface = explode('_vip', $ifacesuse); - $ifacesuse = get_real_interface($vpninterface[0]); - $vpninterface = $vpninterface[0]; + if (substr($ifacesuse, 0, 4) == "_vip") { + $vpninterface = get_configured_vip_interface($ifacesuse); + $ifacesuse = get_real_interface($vpninterface); } else { $vpninterface = convert_real_interface_to_friendly_interface_name($ifacesuse); } @@ -926,16 +922,14 @@ EOD; } } } else if ($ph1ent['protocol'] == 'inet6') { - if (strpos($ph1ent['interface'], '_vip')) { - $vpninterface = explode('_vip', $ph1ent['interface']); - $ifacesuse = get_real_interface($vpninterface[0]); - $vpninterface = $vpninterface[0]; + if (substr($ph1ent['interface'], 0, 4) == "_vip") { + $vpninterface = get_configured_vip_interface($ph1ent['interface']); + $ifacesuse = get_real_interface($vpninterface); } else { $ifacesuse = get_failover_interface($ph1ent['interface']); - if (strpos($ifacesuse, '_vip')) { - $vpninterface = explode('_vip', $ifacesuse); - $ifacesuse = get_real_interface($vpninterface[0]); - $vpninterface = $vpninterface[0]; + if (substr($ifacesuse, 0, 4) == "_vip") { + $vpninterface = get_configured_vip_interface($ifacesuse); + $ifacesuse = get_real_interface($vpninterface); } else { $vpninterface = convert_real_interface_to_friendly_interface_name($ifacesuse); } |