Skip to content

O
OpnSense
Commit 20118288 authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

last bits and pieces for https://github.com/opnsense/core/issues/117 although... 

last bits and pieces for https://github.com/opnsense/core/issues/117 although rc.filter_synchronize really needs a rewrite at a later moment.
parent 92508ff7
Hide whitespace changes
Inline Side-by-side
Showing with 24 additions and 16 deletions
src/etc/inc/filter.inc
View file @ 20118288
...@@ -121,6 +121,7 @@ function filter_configure() ...@@ -121,6 +121,7 @@ function filter_configure()
*/ */
if (!file_exists("/var/run/booting")) { if (!file_exists("/var/run/booting")) {
send_event('filter reload'); send_event('filter reload');
send_event('filter sync restart');
} }
} }
......
src/etc/inc/util.inc
View file @ 20118288
...@@ -1464,7 +1464,7 @@ function is_interface_mismatch() ...@@ -1464,7 +1464,7 @@ function is_interface_mismatch()
/* sync carp entries to other firewalls */ /* sync carp entries to other firewalls */
function carp_sync_client() function carp_sync_client()
{ {
send_event('filter sync'); send_event('filter sync load');
} }
/****f* util/isAjax /****f* util/isAjax
......
src/etc/rc.filter_synchronize
View file @ 20118288
...@@ -37,7 +37,7 @@ require_once("functions.inc"); ...@@ -37,7 +37,7 @@ require_once("functions.inc");
require_once("filter.inc"); require_once("filter.inc");
require_once("shaper.inc"); require_once("shaper.inc");
require_once("interfaces.inc"); require_once("interfaces.inc");
require_once("XMLRPC_client.inc") ; require_once("XMLRPC_Client.inc") ;
/* /*
* backup_vip_config_section($section): returns as an xml file string of * backup_vip_config_section($section): returns as an xml file string of
...@@ -83,7 +83,7 @@ function remove_special_characters($string) { ...@@ -83,7 +83,7 @@ function remove_special_characters($string) {
return $string; return $string;
} }
function carp_check_version($url, $username, $password, $method = 'opnsense.host_firmware_version') { function carp_check_version($url, $username, $password, $method = 'opnsense.firmware_version') {
global $config, $g; global $config, $g;
if (file_exists('/var/run/booting')) { if (file_exists('/var/run/booting')) {
...@@ -136,7 +136,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens ...@@ -136,7 +136,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens
$config_copy = $config; $config_copy = $config;
/* strip out nosync items */ /* strip out nosync items */
if (is_array($config_copy['nat']['outbound']['rule'])) { if (is_array($config_copy['nat']) && is_array($config_copy['nat']['outbound']['rule'])) {
$rulescnt = count($config_copy['nat']['outbound']['rule']); $rulescnt = count($config_copy['nat']['outbound']['rule']);
for ($x = 0; $x < $rulescnt; $x++) { for ($x = 0; $x < $rulescnt; $x++) {
$config_copy['nat']['outbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['outbound']['rule'][$x]['descr']); $config_copy['nat']['outbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['outbound']['rule'][$x]['descr']);
...@@ -144,7 +144,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens ...@@ -144,7 +144,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens
unset ($config_copy['nat']['outbound']['rule'][$x]); unset ($config_copy['nat']['outbound']['rule'][$x]);
} }
} }
if (is_array($config_copy['nat']['rule'])) { if (is_array($config_copy['nat']) && is_array($config_copy['nat']['rule'])) {
$natcnt = count($config_copy['nat']['rule']); $natcnt = count($config_copy['nat']['rule']);
for ($x = 0; $x < $natcnt; $x++) { for ($x = 0; $x < $natcnt; $x++) {
$config_copy['nat']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['rule'][$x]['descr']); $config_copy['nat']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['rule'][$x]['descr']);
...@@ -152,7 +152,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens ...@@ -152,7 +152,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens
unset ($config_copy['nat']['rule'][$x]); unset ($config_copy['nat']['rule'][$x]);
} }
} }
if (is_array($config_copy['filter']['rule'])) { if (is_array($config_copy['filter']) && is_array($config_copy['filter']['rule'])) {
$filtercnt = count($config_copy['filter']['rule']); $filtercnt = count($config_copy['filter']['rule']);
for ($x = 0; $x < $filtercnt; $x++) { for ($x = 0; $x < $filtercnt; $x++) {
$config_copy['filter']['rule'][$x]['descr'] = remove_special_characters($config_copy['filter']['rule'][$x]['descr']); $config_copy['filter']['rule'][$x]['descr'] = remove_special_characters($config_copy['filter']['rule'][$x]['descr']);
...@@ -160,7 +160,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens ...@@ -160,7 +160,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens
unset ($config_copy['filter']['rule'][$x]); unset ($config_copy['filter']['rule'][$x]);
} }
} }
if (is_array($config_copy['aliases']['alias'])) { if (is_array($config_copy['aliases']) && is_array($config_copy['aliases']['alias'])) {
$aliascnt = count($config_copy['aliases']['alias']); $aliascnt = count($config_copy['aliases']['alias']);
for ($x = 0; $x < $aliascnt; $x++) { for ($x = 0; $x < $aliascnt; $x++) {
$config_copy['aliases']['alias'][$x]['descr'] = remove_special_characters($config_copy['aliases']['alias'][$x]['descr']); $config_copy['aliases']['alias'][$x]['descr'] = remove_special_characters($config_copy['aliases']['alias'][$x]['descr']);
...@@ -168,7 +168,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens ...@@ -168,7 +168,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens
unset ($config_copy['aliases']['alias'][$x]); unset ($config_copy['aliases']['alias'][$x]);
} }
} }
if (is_array($config_copy['dnsmasq']['hosts'])) { if (is_array($config_copy['dnsmasq']) && is_array($config_copy['dnsmasq']['hosts'])) {
$dnscnt = count($config_copy['dnsmasq']['hosts']); $dnscnt = count($config_copy['dnsmasq']['hosts']);
for ($x = 0; $x < $dnscnt; $x++) { for ($x = 0; $x < $dnscnt; $x++) {
$config_copy['dnsmasq']['hosts'][$x]['descr'] = remove_special_characters($config_copy['dnsmasq']['hosts'][$x]['descr']); $config_copy['dnsmasq']['hosts'][$x]['descr'] = remove_special_characters($config_copy['dnsmasq']['hosts'][$x]['descr']);
...@@ -176,7 +176,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens ...@@ -176,7 +176,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens
unset ($config_copy['dnsmasq']['hosts'][$x]); unset ($config_copy['dnsmasq']['hosts'][$x]);
} }
} }
if (is_array($config_copy['ipsec']['tunnel'])) { if (is_array($config_copy['ipsec']) && is_array($config_copy['ipsec']['tunnel'])) {
$ipseccnt = count($config_copy['ipsec']['tunnel']); $ipseccnt = count($config_copy['ipsec']['tunnel']);
for ($x = 0; $x < $ipseccnt; $x++) { for ($x = 0; $x < $ipseccnt; $x++) {
$config_copy['ipsec']['tunnel'][$x]['descr'] = remove_special_characters($config_copy['ipsec']['tunnel'][$x]['descr']); $config_copy['ipsec']['tunnel'][$x]['descr'] = remove_special_characters($config_copy['ipsec']['tunnel'][$x]['descr']);
...@@ -267,10 +267,9 @@ if (is_array($config['hasync'])) { ...@@ -267,10 +267,9 @@ if (is_array($config['hasync'])) {
if (!empty($config['system']['webgui']['protocol'])) { if (!empty($config['system']['webgui']['protocol'])) {
$port = $config['system']['webgui']['port']; $port = $config['system']['webgui']['port'];
if (!empty($port)) { if (!empty($port)) {
$synchronizeto = $config['system']['webgui']['protocol'] . '://'.$hasync['synchronizetoip'].':'.$port; $synchronizeto = $config['system']['webgui']['protocol'] . '://'.$hasync['synchronizetoip'].':'.$port."/xmlrpc.php";
} elseif ($config['system']['webgui']['protocol'] == "http") {
$synchronizeto = $config['system']['webgui']['protocol'] . '://'.$hasync['synchronizetoip'] ;
} else { } else {
$synchronizeto = $config['system']['webgui']['protocol'] . '://'.$hasync['synchronizetoip']."/xmlrpc.php" ;
} }
} }
...@@ -375,12 +374,18 @@ if (is_array($config['hasync'])) { ...@@ -375,12 +374,18 @@ if (is_array($config['hasync'])) {
else else
$username = $hasync['username']; $username = $hasync['username'];
if (!carp_check_version($synchronizeto, $username, $hasync['password'], $port)) if (!carp_check_version($synchronizeto, $username, $hasync['password']))
exit; exit;
update_filter_reload_status("Signaling CARP reload signal..."); update_filter_reload_status("Signaling CARP reload signal...");
carp_sync_xml($synchronizeto, $username, $hasync['password'], $sections, $port); carp_sync_xml($synchronizeto, $username, $hasync['password'], $sections);
if (count($argv) <= 1 || $argv[1] != 'restart' ) {
// only sync data, no reload
// TODO: config sync probably needs more thinking, but when we always force a reload
// TODO: the machine tends to get sloppy
exit;
}
$client = new SimpleXMLRPC_Client($synchronizeto,240); $client = new SimpleXMLRPC_Client($synchronizeto,240);
$client->setCredentials($username, $hasync['password']); $client->setCredentials($username, $hasync['password']);
if ($client->query("opnsense.filter_configure")) { if ($client->query("opnsense.filter_configure")) {
......
src/opnsense/service/conf/actions_filter.conf
View file @ 20118288
...@@ -18,6 +18,7 @@ message:Reloading filter ...@@ -18,6 +18,7 @@ message:Reloading filter
[sync] [sync]
command:/usr/local/etc/rc.filter_synchronize command:/usr/local/etc/rc.filter_synchronize
parameters: parameters:%s
type:script type:script
message:Syncing firewall message:Syncing firewall %s
src/www/status_filter_reload.php
View file @ 20118288
...@@ -42,6 +42,7 @@ if($_GET['getstatus']) { ...@@ -42,6 +42,7 @@ if($_GET['getstatus']) {
} }
if($_POST['reloadfilter']) { if($_POST['reloadfilter']) {
send_event("filter reload"); send_event("filter reload");
send_event("filter sync reload")
header("Location: status_filter_reload.php"); header("Location: status_filter_reload.php");
exit; exit;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023