Commit 1c37911d authored by Ad Schellevis's avatar Ad Schellevis Committed by Franco Fichtner

Multiple issues in using carp, mainly caused by not using the BSD standards.

(cherry picked from commit bc2765ea)
(cherry picked from commit ac8eba7d)
(cherry picked from commit 87011deb)
(cherry picked from commit 5c6a2ef8)
(cherry picked from commit c782d9e8)
(cherry picked from commit 5497ae4e)
(cherry picked from commit 51aec445)
(cherry picked from commit 75e7e0e4)
(cherry picked from commit 2c25e3e3)
(cherry picked from commit dcd0e068)
parent 7375b7b9
......@@ -1772,67 +1772,25 @@ function interfaces_carp_setup()
echo gettext("Configuring CARP settings...");
mute_kernel_msgs();
}
set_single_sysctl("net.inet.carp.preempt", "1");
/* suck in configuration items */
if (isset($config['hasync'])) {
if (isset($config['hasync']['pfsyncenabled'])) {
$pfsyncenabled = $config['hasync']['pfsyncenabled'];
}
if (isset($config['hasync']['pfsyncinterface'])) {
$pfsyncinterface = $config['hasync']['pfsyncinterface'];
}
if (isset($config['hasync']['pfsyncpeerip'])) {
$pfsyncpeerip = $config['hasync']['pfsyncpeerip'];
}
} else {
unset($pfsyncinterface);
unset($pfsyncenabled);
}
set_sysctl(array(
"net.inet.carp.preempt" => "1",
"net.inet.carp.log" => "1"
));
if (!empty($pfsyncinterface)) {
$carp_sync_int = get_real_interface($pfsyncinterface);
} else {
unset($carp_sync_int);
if (!empty($config['hasync']['pfsyncinterface'])) {
$carp_sync_int = get_real_interface($config['hasync']['pfsyncinterface']);
}
/* setup pfsync interface */
if (!empty($carp_sync_int) && isset($pfsyncenabled)) {
if (is_ipaddr($pfsyncpeerip)) {
$syncpeer = "syncpeer {$pfsyncpeerip}";
if (!empty($carp_sync_int) && isset($config['hasync']['pfsyncenabled'])) {
if (isset($config['hasync']['pfsyncpeerip']) && is_ipaddr($config['hasync']['pfsyncpeerip'])) {
$syncpeer = "syncpeer " . $config['hasync']['pfsyncpeerip'];
} else {
$syncpeer = "-syncpeer";
}
mwexec("/sbin/ifconfig pfsync0 syncdev {$carp_sync_int} {$syncpeer} up", false);
sleep(1);
/* XXX: Handle an issue with pfsync(4) and carp(4). In a cluster carp will come up before pfsync(4) has updated and so will cause issues
* for existing sessions.
*/
log_error("waiting for pfsync...");
$i = 0;
while (intval(trim(`/sbin/ifconfig pfsync0 | /usr/bin/grep 'syncok: 0' | /usr/bin/grep -v grep | /usr/bin/wc -l`)) == 0 && $i < 30) {
$i++;
sleep(1);
}
log_error("pfsync done in $i seconds.");
log_error("Configuring CARP settings finalize...");
} else {
mwexec("/sbin/ifconfig pfsync0 -syncdev -syncpeer down", false);
}
if (isset($config['virtualip']['vip']) && $config['virtualip']['vip']) {
set_single_sysctl("net.inet.carp.allow", "1");
} else {
set_single_sysctl("net.inet.carp.allow", "0");
}
if (file_exists("/var/run/booting")) {
unmute_kernel_msgs();
echo gettext("done.") . "\n";
......@@ -1908,24 +1866,15 @@ function interfaces_vips_configure($interface = '')
$carp_setuped = false;
$anyproxyarp = false;
foreach ($config['virtualip']['vip'] as $vip) {
if ($interface == "" || $vip['interface'] == $interface) {
switch ($vip['mode']) {
case "proxyarp":
/* nothing it is handled on interface_proxyarp_configure() */
if ($interface <> "" && $vip['interface'] <> $interface) {
continue;
}
$anyproxyarp = true;
break;
case "ipalias":
if ($interface <> "" && $vip['interface'] <> $interface) {
continue;
}
interface_ipalias_configure($vip);
break;
case "carp":
if ($interface <> "" && $vip['interface'] <> $interface) {
continue;
}
if ($carp_setuped == false) {
$carp_setuped = true;
}
......@@ -1933,6 +1882,7 @@ function interfaces_vips_configure($interface = '')
break;
}
}
}
if ($carp_setuped == true) {
interfaces_carp_setup();
}
......@@ -1950,10 +1900,6 @@ function interface_ipalias_configure(&$vip)
return;
}
if ($vip['interface'] != 'lo0' && !isset($config['interfaces'][$vip['interface']])) {
return;
}
if ($vip['interface'] != 'lo0' && !isset($config['interfaces'][$vip['interface']]['enable'])) {
return;
}
......@@ -1974,6 +1920,11 @@ function interface_carp_configure(&$vip)
return;
}
// when CARP is temporary disabled, don't try to configure on any interface-up events
if (get_single_sysctl('net.inet.carp.allow') == '0') {
return;
}
/* NOTE: Maybe its useless nowdays */
$realif = get_real_interface($vip['interface']);
if (!does_interface_exist($realif)) {
......@@ -4264,45 +4215,6 @@ function guess_interface_from_ip($ipaddress)
}
/****f* interfaces/link_ip_to_carp_interface
* NAME
* link_ip_to_carp_interface - Find where a CARP interface links to.
* INPUTS
* $ip
* RESULT
* $carp_ints
******/
function link_ip_to_carp_interface($ip)
{
global $config;
if (!is_ipaddr($ip)) {
return;
}
$carp_ints = '';
if (isset($config['virtualip']['vip'])) {
$first = 0;
$carp_int = array();
foreach ($config['virtualip']['vip'] as $vip) {
if ($vip['mode'] == "carp") {
$carp_ip = $vip['subnet'];
$carp_sn = $vip['subnet_bits'];
$carp_nw = gen_subnet($carp_ip, $carp_sn);
if (ip_in_subnet($ip, "{$carp_nw}/{$carp_sn}")) {
$carp_int[] = get_real_interface($vip['interface']);
}
}
}
if (!empty($carp_int)) {
$carp_ints = implode(" ", array_unique($carp_int));
}
}
return $carp_ints;
}
function link_interface_to_track6($int, $action = '')
{
global $config;
......
......@@ -118,9 +118,7 @@ function activate_sysctls()
"net.enc.in.ipsec_bpf_mask" => "0x0002",
"net.enc.in.ipsec_filter_mask" => "0x0002",
"net.enc.out.ipsec_bpf_mask" => "0x0001",
"net.enc.out.ipsec_filter_mask" => "0x0001",
'net.inet.carp.senderr_demotion_factor' => '0',
'net.pfsync.carp_demotion_factor' => '0',
"net.enc.out.ipsec_filter_mask" => "0x0001"
);
if (isset($config['sysctl']['item'])) {
......
......@@ -58,9 +58,3 @@ if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'
}
}
$pluginparams = array();
$pluginparams['type'] = 'carp';
$pluginparams['event'] = 'rc.carpbackup';
$pluginparams['interface'] = $argv[1];
?>
......@@ -66,9 +66,3 @@ if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'
}
}
$pluginparams = array();
$pluginparams['type'] = 'carp';
$pluginparams['event'] = 'rc.carpmaster';
$pluginparams['interface'] = $argv[1];
?>
......@@ -164,7 +164,9 @@
<Settings url="/firewall_virtual_ip.php">
<Edit url="/firewall_virtual_ip_edit.php*" visibility="hidden"/>
</Settings>
<Status url="/carp_status.php"/>
<Status url="/carp_status.php">
<All url="/carp_status.php*"/>
</Status>
</VIP>
<Settings order="200" cssClass="fa fa-cogs fa-fw">
<Schedules order="100" url="/firewall_schedule.php">
......
......@@ -30,64 +30,57 @@
require_once("guiconfig.inc");
require_once("interfaces.inc");
function interfaces_carp_set_maintenancemode($carp_maintenancemode)
{
global $config;
if (isset($config["virtualip_carp_maintenancemode"]) && $carp_maintenancemode == false) {
unset($config["virtualip_carp_maintenancemode"]);
write_config("Leave CARP maintenance mode");
} elseif (!isset($config["virtualip_carp_maintenancemode"]) && $carp_maintenancemode == true) {
$config["virtualip_carp_maintenancemode"] = true;
write_config("Enter CARP maintenance mode");
}
if (isset($config['virtualip']['vip'])) {
$viparr = &$config['virtualip']['vip'];
foreach ($viparr as $vip) {
if ($vip['mode'] == 'carp') {
interface_carp_configure($vip);
}
}
}
}
// init $config['virtualip']['vip']
if ( !isset($config['virtualip']['vip']) || !is_array($config['virtualip']['vip'])) {
$config['virtualip']['vip'] = array();
}
$a_vip = &$config['virtualip']['vip'];
$act = null;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!empty($_POST['carp_maintenancemode'])) {
interfaces_carp_set_maintenancemode(!isset($config["virtualip_carp_maintenancemode"]));
$act = "maintenance";
if (isset($config["virtualip_carp_maintenancemode"])) {
unset($config["virtualip_carp_maintenancemode"]);
write_config("Leave CARP maintenance mode");
} else {
$config["virtualip_carp_maintenancemode"] = true;
write_config("Enter CARP maintenance mode");
}
} elseif (!empty($_POST['disablecarp'])) {
if (get_single_sysctl('net.inet.carp.allow') > 0) {
$carp_counter = 0;
$act = "disable";
$savemsg = gettext("All virtual IPs have been disabled. Please note that disabling does not survive a reboot.");
set_single_sysctl('net.inet.carp.allow', '0');
foreach ($a_vip as $vip) {
switch ($vip['mode']) {
case "carp":
interface_vip_bring_down($vip);
$carp_counter++;
sleep(1);
break;
}
}
$savemsg = sprintf(gettext("%s IPs have been disabled. Please note that disabling does not survive a reboot."), $carp_counter);
} else {
$act = "enable";
$savemsg = gettext("CARP has been enabled.");
interfaces_carp_setup();
set_single_sysctl('net.inet.carp.allow', '1');
}
}
foreach ($a_vip as $vip) {
switch ($vip['mode']) {
case "carp":
if ($vip['mode'] == 'carp') {
switch ($act) {
case 'maintenance':
interface_carp_configure($vip);
sleep(1);
break;
case 'disable':
interface_vip_bring_down($vip);
break;
case 'enable':
interface_carp_configure($vip);
break;
default:
break;
}
}
interfaces_carp_setup();
set_single_sysctl('net.inet.carp.allow', '1');
}
header(url_safe('Location: carp_status.php?savemsg=%s', array($savemsg)));
exit;
} elseif ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (!empty($_GET['savemsg'])) {
$savemsg = htmlspecialchars($_GET['savemsg']);
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment