Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
OpnSense
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kulya
OpnSense
Commits
2f860487
Commit
2f860487
authored
Sep 15, 2016
by
Ad Schellevis
Committed by
GitHub
Sep 15, 2016
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #1187 from opnsense/carp_improvements
Carp improvements
parents
1ccf6b45
dcd0e068
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
65 additions
and
172 deletions
+65
-172
interfaces.inc
src/etc/inc/interfaces.inc
+26
-114
system.inc
src/etc/inc/system.inc
+1
-3
rc.carpbackup
src/etc/rc.carpbackup
+0
-6
rc.carpmaster
src/etc/rc.carpmaster
+0
-6
Menu.xml
src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml
+3
-1
carp_status.php
src/www/carp_status.php
+35
-42
No files found.
src/etc/inc/interfaces.inc
View file @
2f860487
...
...
@@ -1770,67 +1770,25 @@ function interfaces_carp_setup()
echo
gettext
(
"Configuring CARP settings..."
);
mute_kernel_msgs
();
}
set_single_sysctl
(
"net.inet.carp.preempt"
,
"1"
);
/* suck in configuration items */
if
(
isset
(
$config
[
'hasync'
]))
{
if
(
isset
(
$config
[
'hasync'
][
'pfsyncenabled'
]))
{
$pfsyncenabled
=
$config
[
'hasync'
][
'pfsyncenabled'
];
}
if
(
isset
(
$config
[
'hasync'
][
'pfsyncinterface'
]))
{
$pfsyncinterface
=
$config
[
'hasync'
][
'pfsyncinterface'
];
}
if
(
isset
(
$config
[
'hasync'
][
'pfsyncpeerip'
]))
{
$pfsyncpeerip
=
$config
[
'hasync'
][
'pfsyncpeerip'
];
}
}
else
{
unset
(
$pfsyncinterface
);
unset
(
$pfsyncenabled
);
}
set_sysctl
(
array
(
"net.inet.carp.preempt"
=>
"1"
,
"net.inet.carp.log"
=>
"1"
));
if
(
!
empty
(
$pfsyncinterface
))
{
$carp_sync_int
=
get_real_interface
(
$pfsyncinterface
);
}
else
{
unset
(
$carp_sync_int
);
if
(
!
empty
(
$config
[
'hasync'
][
'pfsyncinterface'
]))
{
$carp_sync_int
=
get_real_interface
(
$config
[
'hasync'
][
'pfsyncinterface'
]);
}
/* setup pfsync interface */
if
(
!
empty
(
$carp_sync_int
)
&&
isset
(
$
pfsyncenabled
))
{
if
(
is
_ipaddr
(
$pfsyncpeerip
))
{
$syncpeer
=
"syncpeer
{
$pfsyncpeerip
}
"
;
if
(
!
empty
(
$carp_sync_int
)
&&
isset
(
$
config
[
'hasync'
][
'pfsyncenabled'
]
))
{
if
(
is
set
(
$config
[
'hasync'
][
'pfsyncpeerip'
])
&&
is_ipaddr
(
$config
[
'hasync'
][
'pfsyncpeerip'
]
))
{
$syncpeer
=
"syncpeer
"
.
$config
[
'hasync'
][
'pfsyncpeerip'
]
;
}
else
{
$syncpeer
=
"-syncpeer"
;
}
mwexec
(
"/sbin/ifconfig pfsync0 syncdev
{
$carp_sync_int
}
{
$syncpeer
}
up"
,
false
);
sleep
(
1
);
/* XXX: Handle an issue with pfsync(4) and carp(4). In a cluster carp will come up before pfsync(4) has updated and so will cause issues
* for existing sessions.
*/
log_error
(
"waiting for pfsync..."
);
$i
=
0
;
while
(
intval
(
trim
(
`/sbin/ifconfig pfsync0 | /usr/bin/grep 'syncok: 0' | /usr/bin/grep -v grep | /usr/bin/wc -l`
))
==
0
&&
$i
<
30
)
{
$i
++
;
sleep
(
1
);
}
log_error
(
"pfsync done in
$i
seconds."
);
log_error
(
"Configuring CARP settings finalize..."
);
}
else
{
mwexec
(
"/sbin/ifconfig pfsync0 -syncdev -syncpeer down"
,
false
);
}
if
(
isset
(
$config
[
'virtualip'
][
'vip'
])
&&
$config
[
'virtualip'
][
'vip'
])
{
set_single_sysctl
(
"net.inet.carp.allow"
,
"1"
);
}
else
{
set_single_sysctl
(
"net.inet.carp.allow"
,
"0"
);
}
if
(
file_exists
(
"/var/run/booting"
))
{
unmute_kernel_msgs
();
echo
gettext
(
"done."
)
.
"
\n
"
;
...
...
@@ -1906,29 +1864,21 @@ function interfaces_vips_configure($interface = '')
$carp_setuped
=
false
;
$anyproxyarp
=
false
;
foreach
(
$config
[
'virtualip'
][
'vip'
]
as
$vip
)
{
switch
(
$vip
[
'mode'
])
{
case
"proxyarp"
:
/* nothing it is handled on interface_proxyarp_configure() */
if
(
$interface
<>
""
&&
$vip
[
'interface'
]
<>
$interface
)
{
continue
;
}
$anyproxyarp
=
true
;
break
;
case
"ipalias"
:
if
(
$interface
<>
""
&&
$vip
[
'interface'
]
<>
$interface
)
{
continue
;
}
interface_ipalias_configure
(
$vip
);
break
;
case
"carp"
:
if
(
$interface
<>
""
&&
$vip
[
'interface'
]
<>
$interface
)
{
continue
;
}
if
(
$carp_setuped
==
false
)
{
$carp_setuped
=
true
;
}
interface_carp_configure
(
$vip
);
break
;
if
(
$interface
==
""
||
$vip
[
'interface'
]
==
$interface
)
{
switch
(
$vip
[
'mode'
])
{
case
"proxyarp"
:
$anyproxyarp
=
true
;
break
;
case
"ipalias"
:
interface_ipalias_configure
(
$vip
);
break
;
case
"carp"
:
if
(
$carp_setuped
==
false
)
{
$carp_setuped
=
true
;
}
interface_carp_configure
(
$vip
);
break
;
}
}
}
if
(
$carp_setuped
==
true
)
{
...
...
@@ -1948,10 +1898,6 @@ function interface_ipalias_configure(&$vip)
return
;
}
if
(
$vip
[
'interface'
]
!=
'lo0'
&&
!
isset
(
$config
[
'interfaces'
][
$vip
[
'interface'
]]))
{
return
;
}
if
(
$vip
[
'interface'
]
!=
'lo0'
&&
!
isset
(
$config
[
'interfaces'
][
$vip
[
'interface'
]][
'enable'
]))
{
return
;
}
...
...
@@ -1972,6 +1918,11 @@ function interface_carp_configure(&$vip)
return
;
}
// when CARP is temporary disabled, don't try to configure on any interface-up events
if
(
get_single_sysctl
(
'net.inet.carp.allow'
)
==
'0'
)
{
return
;
}
/* NOTE: Maybe its useless nowdays */
$realif
=
get_real_interface
(
$vip
[
'interface'
]);
if
(
!
does_interface_exist
(
$realif
))
{
...
...
@@ -4262,45 +4213,6 @@ function guess_interface_from_ip($ipaddress)
}
/****f* interfaces/link_ip_to_carp_interface
* NAME
* link_ip_to_carp_interface - Find where a CARP interface links to.
* INPUTS
* $ip
* RESULT
* $carp_ints
******/
function
link_ip_to_carp_interface
(
$ip
)
{
global
$config
;
if
(
!
is_ipaddr
(
$ip
))
{
return
;
}
$carp_ints
=
''
;
if
(
isset
(
$config
[
'virtualip'
][
'vip'
]))
{
$first
=
0
;
$carp_int
=
array
();
foreach
(
$config
[
'virtualip'
][
'vip'
]
as
$vip
)
{
if
(
$vip
[
'mode'
]
==
"carp"
)
{
$carp_ip
=
$vip
[
'subnet'
];
$carp_sn
=
$vip
[
'subnet_bits'
];
$carp_nw
=
gen_subnet
(
$carp_ip
,
$carp_sn
);
if
(
ip_in_subnet
(
$ip
,
"
{
$carp_nw
}
/
{
$carp_sn
}
"
))
{
$carp_int
[]
=
get_real_interface
(
$vip
[
'interface'
]);
}
}
}
if
(
!
empty
(
$carp_int
))
{
$carp_ints
=
implode
(
" "
,
array_unique
(
$carp_int
));
}
}
return
$carp_ints
;
}
function
link_interface_to_track6
(
$int
,
$action
=
''
)
{
global
$config
;
...
...
src/etc/inc/system.inc
View file @
2f860487
...
...
@@ -118,9 +118,7 @@ function activate_sysctls()
"net.enc.in.ipsec_bpf_mask"
=>
"0x0002"
,
"net.enc.in.ipsec_filter_mask"
=>
"0x0002"
,
"net.enc.out.ipsec_bpf_mask"
=>
"0x0001"
,
"net.enc.out.ipsec_filter_mask"
=>
"0x0001"
,
'net.inet.carp.senderr_demotion_factor'
=>
'0'
,
'net.pfsync.carp_demotion_factor'
=>
'0'
,
"net.enc.out.ipsec_filter_mask"
=>
"0x0001"
);
if
(
isset
(
$config
[
'sysctl'
][
'item'
]))
{
...
...
src/etc/rc.carpbackup
View file @
2f860487
...
...
@@ -58,9 +58,3 @@ if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'
}
}
$pluginparams
=
array
();
$pluginparams
[
'type'
]
=
'carp'
;
$pluginparams
[
'event'
]
=
'rc.carpbackup'
;
$pluginparams
[
'interface'
]
=
$argv
[
1
];
?>
src/etc/rc.carpmaster
View file @
2f860487
...
...
@@ -66,9 +66,3 @@ if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'
}
}
$pluginparams
=
array
();
$pluginparams
[
'type'
]
=
'carp'
;
$pluginparams
[
'event'
]
=
'rc.carpmaster'
;
$pluginparams
[
'interface'
]
=
$argv
[
1
];
?>
src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml
View file @
2f860487
...
...
@@ -164,7 +164,9 @@
<Settings
url=
"/firewall_virtual_ip.php"
>
<Edit
url=
"/firewall_virtual_ip_edit.php*"
visibility=
"hidden"
/>
</Settings>
<Status
url=
"/carp_status.php"
/>
<Status
url=
"/carp_status.php"
>
<All
url=
"/carp_status.php*"
/>
</Status>
</VIP>
<Settings
order=
"200"
cssClass=
"fa fa-cogs fa-fw"
>
<Schedules
order=
"100"
url=
"/firewall_schedule.php"
>
...
...
src/www/carp_status.php
View file @
2f860487
...
...
@@ -30,65 +30,58 @@
require_once
(
"guiconfig.inc"
);
require_once
(
"interfaces.inc"
);
function
interfaces_carp_set_maintenancemode
(
$carp_maintenancemode
)
{
global
$config
;
if
(
isset
(
$config
[
"virtualip_carp_maintenancemode"
])
&&
$carp_maintenancemode
==
false
)
{
unset
(
$config
[
"virtualip_carp_maintenancemode"
]);
write_config
(
"Leave CARP maintenance mode"
);
}
elseif
(
!
isset
(
$config
[
"virtualip_carp_maintenancemode"
])
&&
$carp_maintenancemode
==
true
)
{
$config
[
"virtualip_carp_maintenancemode"
]
=
true
;
write_config
(
"Enter CARP maintenance mode"
);
}
if
(
isset
(
$config
[
'virtualip'
][
'vip'
]))
{
$viparr
=
&
$config
[
'virtualip'
][
'vip'
];
foreach
(
$viparr
as
$vip
)
{
if
(
$vip
[
'mode'
]
==
'carp'
)
{
interface_carp_configure
(
$vip
);
}
}
}
}
// init $config['virtualip']['vip']
if
(
!
isset
(
$config
[
'virtualip'
][
'vip'
])
||
!
is_array
(
$config
[
'virtualip'
][
'vip'
]))
{
$config
[
'virtualip'
][
'vip'
]
=
array
();
}
$a_vip
=
&
$config
[
'virtualip'
][
'vip'
];
$act
=
null
;
if
(
$_SERVER
[
'REQUEST_METHOD'
]
===
'POST'
)
{
if
(
!
empty
(
$_POST
[
'carp_maintenancemode'
]))
{
interfaces_carp_set_maintenancemode
(
!
isset
(
$config
[
"virtualip_carp_maintenancemode"
]));
$act
=
"maintenance"
;
if
(
isset
(
$config
[
"virtualip_carp_maintenancemode"
]))
{
unset
(
$config
[
"virtualip_carp_maintenancemode"
]);
write_config
(
"Leave CARP maintenance mode"
);
}
else
{
$config
[
"virtualip_carp_maintenancemode"
]
=
true
;
write_config
(
"Enter CARP maintenance mode"
);
}
}
elseif
(
!
empty
(
$_POST
[
'disablecarp'
]))
{
if
(
get_single_sysctl
(
'net.inet.carp.allow'
)
>
0
)
{
$carp_counter
=
0
;
$act
=
"disable"
;
$savemsg
=
gettext
(
"All virtual IPs have been disabled. Please note that disabling does not survive a reboot."
);
set_single_sysctl
(
'net.inet.carp.allow'
,
'0'
);
foreach
(
$a_vip
as
$vip
)
{
switch
(
$vip
[
'mode'
])
{
case
"carp"
:
interface_vip_bring_down
(
$vip
);
$carp_counter
++
;
sleep
(
1
);
break
;
}
}
$savemsg
=
sprintf
(
gettext
(
"%s IPs have been disabled. Please note that disabling does not survive a reboot."
),
$carp_counter
);
}
else
{
$act
=
"enable"
;
$savemsg
=
gettext
(
"CARP has been enabled."
);
foreach
(
$a_vip
as
$vip
)
{
switch
(
$vip
[
'mode'
])
{
case
"carp"
:
interface_carp_configure
(
$vip
);
sleep
(
1
);
break
;
}
}
interfaces_carp_setup
();
set_single_sysctl
(
'net.inet.carp.allow'
,
'1'
);
}
}
foreach
(
$a_vip
as
$vip
)
{
if
(
$vip
[
'mode'
]
==
'carp'
)
{
switch
(
$act
)
{
case
'maintenance'
:
interface_carp_configure
(
$vip
);
break
;
case
'disable'
:
interface_vip_bring_down
(
$vip
);
break
;
case
'enable'
:
interface_carp_configure
(
$vip
);
break
;
default
:
break
;
}
}
}
header
(
url_safe
(
'Location: carp_status.php?savemsg=%s'
,
array
(
$savemsg
)));
exit
;
}
elseif
(
$_SERVER
[
'REQUEST_METHOD'
]
===
'GET'
)
{
if
(
!
empty
(
$_GET
[
'savemsg'
]))
{
$savemsg
=
htmlspecialchars
(
$_GET
[
'savemsg'
]);
}
}
$carpcount
=
0
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment