From 6e8f7b537d780261e4054aee58a8d8f34f42b34b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ermal=20Lu=E7i?= Date: Fri, 22 May 2009 16:51:12 +0000 Subject: Move Sync of config from filter.inc filter_reload to write_config and all the code in a new file rc.filter_synchronize. The later is called by check_reload_status with the tmp/filter_sync action triggered with carp_sync_client() function. This solves the excessive syncing of configs on not needed cases and speedups the filter_configure_sync! --- etc/inc/config.inc | 4 ++ etc/inc/filter.inc | 181 ----------------------------------------------------- etc/inc/util.inc | 7 +++ 3 files changed, 11 insertions(+), 181 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/config.inc b/etc/inc/config.inc index ab3a9ae..6dd751d 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -629,6 +629,10 @@ function write_config($desc="Unknown", $backup = true) { conf_mount_ro(); unlock($lockkey); + unlink_if_exists("/usr/local/pkg/pf/carp_sync_client.php"); + /* sync carp entries to other firewalls */ + carp_sync_client(); + if(is_dir("/usr/local/pkg/write_config/")) { /* process packager manager custom rules */ update_filter_reload_status("Running plugins"); diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 205f6d5..36f4eed 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -255,7 +255,6 @@ function filter_configure_sync() { update_filter_reload_status("Starting up layer7 daemon"); layer7_start_l7daemon(); - unlink_if_exists("/usr/local/pkg/pf/carp_sync_client.php"); /* run items scheduled for after filter configure run */ $fda = fopen("/tmp/commands.txt", "w"); foreach($after_filter_configure_run as $afcr) @@ -286,10 +285,6 @@ function filter_configure_sync() { unlock($filterlck); - /* sync carp entries to other firewalls */ - update_filter_reload_status("Syncing CARP data"); - carp_sync_client(); - if ($g['booting'] == true) echo "."; system_routing_configure(); @@ -2174,182 +2169,6 @@ function process_carp_rules() return $lines; } -function remove_special_characters($string) { - $match_array = ""; - preg_match_all("/[a-zA-Z0-9\_\-]+/",$string,$match_array); - $string = ""; - foreach($match_array[0] as $ma) { - if($string <> "") - $string .= " "; - $string .= $ma; - } - return $string; -} - -function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') { - global $config, $g; - - if($g['booting']) - return; - - update_filter_reload_status("Syncing CARP data to {$url}"); - - /* make a copy of config */ - $config_copy = $config; - - /* strip out nosync items */ - if (is_array($config_copy['nat']['advancedoutbound']['rule'])) - for ($x = 0; $x < count($config_copy['nat']['advancedoutbound']['rule']); $x++) { - if (isset ($config_copy['nat']['advancedoutbound']['rule'][$x]['nosync'])) - unset ($config_copy['nat']['advancedoutbound']['rule'][$x]); - $config_copy['nat']['advancedoutbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['advancedoutbound']['rule'][$x]['descr']); - } - if (is_array($config_copy['nat']['rule'])) - for ($x = 0; $x < count($config_copy['nat']['rule']); $x++) { - if (isset ($config_copy['nat']['rule'][$x]['nosync'])) - unset ($config_copy['nat']['rule'][$x]); - $config_copy['nat']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['rule'][$x]['descr']); - } - if (is_array($config_copy['filter']['rule'])) - for ($x = 0; $x < count($config_copy['filter']['rule']); $x++) { - if (isset ($config_copy['filter']['rule'][$x]['nosync'])) - unset ($config_copy['filter']['rule'][$x]); - $config_copy['filter']['rule'][$x]['descr'] = remove_special_characters($config_copy['filter']['rule'][$x]['descr']); - } - if (is_array($config_copy['aliases']['alias'])) - for ($x = 0; $x < count($config_copy['aliases']['alias']); $x++) { - if (isset ($config_copy['aliases']['alias'][$x]['nosync'])) - unset ($config_copy['aliases']['alias'][$x]); - $config_copy['aliases']['alias'][$x]['descr'] = remove_special_characters($config_copy['aliases']['alias'][$x]['descr']); - } - if (is_array($config_copy['dnsmasq']['hosts'])) - for ($x = 0; $x < count($config_copy['dnsmasq']['hosts']); $x++) { - if (isset ($config_copy['dnsmasq']['hosts'][$x]['nosync'])) - unset ($config_copy['dnsmasq']['hosts'][$x]); - $config_copy['dnsmasq']['hosts'][$x]['descr'] = remove_special_characters($config_copy['dnsmasq']['hosts'][$x]['descr']); - } - if (is_array($config_copy['virtualip']['vip'])) - for ($x = 0; $x < count($config_copy['virtualip']['vip']); $x++) { - if (isset ($config_copy['virtualip']['vip'][$x]['nosync']) or $config_copy['virtualip']['vip'][$x]['mode'] == "proxyarp") - unset ($config_copy['virtualip']['vip'][$x]); - $config_copy['virtualip']['vip'][$x]['descr'] = remove_special_characters($config_copy['virtualip']['vip'][$x]['descr']); - } - if (is_array($config_copy['ipsec']['tunnel'])) - for ($x = 0; $x < count($config_copy['ipsec']['tunnel']); $x++) { - if (isset ($config_copy['ipsec']['tunnel'][$x]['nosync'])) - unset ($config_copy['ipsec']['tunnel'][$x]); - $config_copy['ipsec']['tunnel'][$x]['descr'] = remove_special_characters($config_copy['ipsec']['tunnel'][$x]['descr']); - } - - foreach($sections as $section) { - /* we can't use array_intersect_key() - * due to the vip 'special case' - */ - if($section != 'virtualip') { - $xml[$section] = $config_copy[$section]; - } else { - $xml[$section] = backup_vip_config_section(); - } - } - - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); - - $numberofruns = 0; - while($numberofruns < 2) { - log_error("Beginning XMLRPC sync to {$url}:{$port}."); - $msg = new XML_RPC_Message($method, $params); - $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $username = $config['system']['user'][0]['name']; - $cli->setCredentials($username, $password); - if($numberofruns == 1) - $cli->setDebug(1); - /* send our XMLRPC message and timeout after 240 seconds */ - $resp = $cli->send($msg, "240"); - if(!$resp) { - $error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}."; - log_error($error); - file_notice("sync_settings", $error, "Settings Sync", ""); - } elseif($resp->faultCode()) { - $error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); - file_notice("sync_settings", $error, "Settings Sync", ""); - } else { - log_error("XMLRPC sync successfully completed with {$url}:{$port}."); - $numberofruns = 3; - } - $numberofruns++; - } -} - -function carp_sync_client() { - global $config, $g; - update_filter_reload_status("Building CARP sync information"); - if($g['booting']) - return; - if(is_array($config['installedpackages']['carpsettings']['config'])) { - foreach($config['installedpackages']['carpsettings']['config'] as $carp) { - if($carp['synchronizetoip'] != "" ) { - /* - * XXX: The way we're finding the port right now is really suboptimal - - * we can't assume that the other machine is setup identically. - */ - if($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") - $port = "80"; - else - $port = "443"; - } - $synchronizetoip .= $carp['synchronizetoip']; - if($carp['synchronizerules'] != "" and is_array($config['filter'])) - $sections[] = 'filter'; - if($carp['synchronizenat'] != "" and is_array($config['nat'])) - $sections[] = 'nat'; - if($carp['synchronizealiases'] != "" and is_array($config['aliases'])) - $sections[] = 'aliases'; - if($carp['synchronizedhcpd'] != "" and is_array($config['dhcpd'])) - $sections[] = 'dhcpd'; - if($carp['synchronizewol'] != "" and is_array($config['wol'])) - $sections[] = 'wol'; - if($carp['synchronizetrafficshaper'] != "" and is_array($config['shaper'])) - $sections[] = 'shaper'; - if($carp['synchronizestaticroutes'] != "" and is_array($config['staticroutes'])) - $sections[] = 'staticroutes'; - if($carp['synchronizevirtualip'] != "" and is_array($config['virtualip'])) - $sections[] = 'virtualip'; - if($carp['synchronizelb'] != "" and is_array($config['load_balancer'])) - $sections[] = 'load_balancer'; - if($carp['synchronizeipsec'] != "" and is_array($config['ipsec'])) - $sections[] = 'ipsec'; - if($carp['synchronizednsforwarder'] != "" and is_array($config['dnsmasq'])) - $sections[] = 'dnsmasq'; - if($carp['synchronizeschedules'] != "" and is_array($config['schedules'])) - $sections[] = 'schedules'; - if(count($sections) > 0) { - update_filter_reload_status("Signaling CARP reload signal..."); - carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port); - $cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port); - $msg = new XML_RPC_Message('pfsense.filter_configure', array(new XML_RPC_Value($carp['password'], 'string'))); - $username = $config['system']['user'][0]['name']; - $cli->setCredentials($username, $carp['password']); - $cli->send($msg, "900"); - /* signal a carp reload */ - $msg = new XML_RPC_Message('pfsense.interfaces_carp_configure'); - $cli->send($msg, "900"); - } - } - } - } -} - /* Generate IPSEC Filter Items */ function generate_ipsec_filter_rules() { global $config, $g, $FilterIflist, $GatewaysList; diff --git a/etc/inc/util.inc b/etc/inc/util.inc index c419369..11772d9 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -966,4 +966,11 @@ function is_interface_mismatch() { return $do_assign; } +/* sync carp entries to other firewalls */ +function carp_sync_client() { + global $g; + update_filter_reload_status("Syncing CARP data"); + touch($g['tmp_path'] . "/filter_sync"); +} + ?> -- cgit v1.1