Commit 2f860487 authored by Ad Schellevis's avatar Ad Schellevis Committed by GitHub

Merge pull request #1187 from opnsense/carp_improvements

Carp improvements
parents 1ccf6b45 dcd0e068
......@@ -1770,67 +1770,25 @@ function interfaces_carp_setup()
echo gettext("Configuring CARP settings...");
mute_kernel_msgs();
}
set_single_sysctl("net.inet.carp.preempt", "1");
/* suck in configuration items */
if (isset($config['hasync'])) {
if (isset($config['hasync']['pfsyncenabled'])) {
$pfsyncenabled = $config['hasync']['pfsyncenabled'];
}
if (isset($config['hasync']['pfsyncinterface'])) {
$pfsyncinterface = $config['hasync']['pfsyncinterface'];
}
if (isset($config['hasync']['pfsyncpeerip'])) {
$pfsyncpeerip = $config['hasync']['pfsyncpeerip'];
}
} else {
unset($pfsyncinterface);
unset($pfsyncenabled);
}
set_sysctl(array(
"net.inet.carp.preempt" => "1",
"net.inet.carp.log" => "1"
));
if (!empty($pfsyncinterface)) {
$carp_sync_int = get_real_interface($pfsyncinterface);
} else {
unset($carp_sync_int);
if (!empty($config['hasync']['pfsyncinterface'])) {
$carp_sync_int = get_real_interface($config['hasync']['pfsyncinterface']);
}
/* setup pfsync interface */
if (!empty($carp_sync_int) && isset($pfsyncenabled)) {
if (is_ipaddr($pfsyncpeerip)) {
$syncpeer = "syncpeer {$pfsyncpeerip}";
if (!empty($carp_sync_int) && isset($config['hasync']['pfsyncenabled'])) {
if (isset($config['hasync']['pfsyncpeerip']) && is_ipaddr($config['hasync']['pfsyncpeerip'])) {
$syncpeer = "syncpeer " . $config['hasync']['pfsyncpeerip'];
} else {
$syncpeer = "-syncpeer";
}
mwexec("/sbin/ifconfig pfsync0 syncdev {$carp_sync_int} {$syncpeer} up", false);
sleep(1);
/* XXX: Handle an issue with pfsync(4) and carp(4). In a cluster carp will come up before pfsync(4) has updated and so will cause issues
* for existing sessions.
*/
log_error("waiting for pfsync...");
$i = 0;
while (intval(trim(`/sbin/ifconfig pfsync0 | /usr/bin/grep 'syncok: 0' | /usr/bin/grep -v grep | /usr/bin/wc -l`)) == 0 && $i < 30) {
$i++;
sleep(1);
}
log_error("pfsync done in $i seconds.");
log_error("Configuring CARP settings finalize...");
} else {
mwexec("/sbin/ifconfig pfsync0 -syncdev -syncpeer down", false);
}
if (isset($config['virtualip']['vip']) && $config['virtualip']['vip']) {
set_single_sysctl("net.inet.carp.allow", "1");
} else {
set_single_sysctl("net.inet.carp.allow", "0");
}
if (file_exists("/var/run/booting")) {
unmute_kernel_msgs();
echo gettext("done.") . "\n";
......@@ -1906,29 +1864,21 @@ function interfaces_vips_configure($interface = '')
$carp_setuped = false;
$anyproxyarp = false;
foreach ($config['virtualip']['vip'] as $vip) {
switch ($vip['mode']) {
case "proxyarp":
/* nothing it is handled on interface_proxyarp_configure() */
if ($interface <> "" && $vip['interface'] <> $interface) {
continue;
}
$anyproxyarp = true;
break;
case "ipalias":
if ($interface <> "" && $vip['interface'] <> $interface) {
continue;
}
interface_ipalias_configure($vip);
break;
case "carp":
if ($interface <> "" && $vip['interface'] <> $interface) {
continue;
}
if ($carp_setuped == false) {
$carp_setuped = true;
}
interface_carp_configure($vip);
break;
if ($interface == "" || $vip['interface'] == $interface) {
switch ($vip['mode']) {
case "proxyarp":
$anyproxyarp = true;
break;
case "ipalias":
interface_ipalias_configure($vip);
break;
case "carp":
if ($carp_setuped == false) {
$carp_setuped = true;
}
interface_carp_configure($vip);
break;
}
}
}
if ($carp_setuped == true) {
......@@ -1948,10 +1898,6 @@ function interface_ipalias_configure(&$vip)
return;
}
if ($vip['interface'] != 'lo0' && !isset($config['interfaces'][$vip['interface']])) {
return;
}
if ($vip['interface'] != 'lo0' && !isset($config['interfaces'][$vip['interface']]['enable'])) {
return;
}
......@@ -1972,6 +1918,11 @@ function interface_carp_configure(&$vip)
return;
}
// when CARP is temporary disabled, don't try to configure on any interface-up events
if (get_single_sysctl('net.inet.carp.allow') == '0') {
return;
}
/* NOTE: Maybe its useless nowdays */
$realif = get_real_interface($vip['interface']);
if (!does_interface_exist($realif)) {
......@@ -4262,45 +4213,6 @@ function guess_interface_from_ip($ipaddress)
}
/****f* interfaces/link_ip_to_carp_interface
* NAME
* link_ip_to_carp_interface - Find where a CARP interface links to.
* INPUTS
* $ip
* RESULT
* $carp_ints
******/
function link_ip_to_carp_interface($ip)
{
global $config;
if (!is_ipaddr($ip)) {
return;
}
$carp_ints = '';
if (isset($config['virtualip']['vip'])) {
$first = 0;
$carp_int = array();
foreach ($config['virtualip']['vip'] as $vip) {
if ($vip['mode'] == "carp") {
$carp_ip = $vip['subnet'];
$carp_sn = $vip['subnet_bits'];
$carp_nw = gen_subnet($carp_ip, $carp_sn);
if (ip_in_subnet($ip, "{$carp_nw}/{$carp_sn}")) {
$carp_int[] = get_real_interface($vip['interface']);
}
}
}
if (!empty($carp_int)) {
$carp_ints = implode(" ", array_unique($carp_int));
}
}
return $carp_ints;
}
function link_interface_to_track6($int, $action = '')
{
global $config;
......
......@@ -118,9 +118,7 @@ function activate_sysctls()
"net.enc.in.ipsec_bpf_mask" => "0x0002",
"net.enc.in.ipsec_filter_mask" => "0x0002",
"net.enc.out.ipsec_bpf_mask" => "0x0001",
"net.enc.out.ipsec_filter_mask" => "0x0001",
'net.inet.carp.senderr_demotion_factor' => '0',
'net.pfsync.carp_demotion_factor' => '0',
"net.enc.out.ipsec_filter_mask" => "0x0001"
);
if (isset($config['sysctl']['item'])) {
......
......@@ -58,9 +58,3 @@ if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'
}
}
$pluginparams = array();
$pluginparams['type'] = 'carp';
$pluginparams['event'] = 'rc.carpbackup';
$pluginparams['interface'] = $argv[1];
?>
......@@ -66,9 +66,3 @@ if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'
}
}
$pluginparams = array();
$pluginparams['type'] = 'carp';
$pluginparams['event'] = 'rc.carpmaster';
$pluginparams['interface'] = $argv[1];
?>
......@@ -164,7 +164,9 @@
<Settings url="/firewall_virtual_ip.php">
<Edit url="/firewall_virtual_ip_edit.php*" visibility="hidden"/>
</Settings>
<Status url="/carp_status.php"/>
<Status url="/carp_status.php">
<All url="/carp_status.php*"/>
</Status>
</VIP>
<Settings order="200" cssClass="fa fa-cogs fa-fw">
<Schedules order="100" url="/firewall_schedule.php">
......
......@@ -30,65 +30,58 @@
require_once("guiconfig.inc");
require_once("interfaces.inc");
function interfaces_carp_set_maintenancemode($carp_maintenancemode)
{
global $config;
if (isset($config["virtualip_carp_maintenancemode"]) && $carp_maintenancemode == false) {
unset($config["virtualip_carp_maintenancemode"]);
write_config("Leave CARP maintenance mode");
} elseif (!isset($config["virtualip_carp_maintenancemode"]) && $carp_maintenancemode == true) {
$config["virtualip_carp_maintenancemode"] = true;
write_config("Enter CARP maintenance mode");
}
if (isset($config['virtualip']['vip'])) {
$viparr = &$config['virtualip']['vip'];
foreach ($viparr as $vip) {
if ($vip['mode'] == 'carp') {
interface_carp_configure($vip);
}
}
}
}
// init $config['virtualip']['vip']
if ( !isset($config['virtualip']['vip']) || !is_array($config['virtualip']['vip'])) {
$config['virtualip']['vip'] = array();
}
$a_vip = &$config['virtualip']['vip'];
$act = null;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!empty($_POST['carp_maintenancemode'])) {
interfaces_carp_set_maintenancemode(!isset($config["virtualip_carp_maintenancemode"]));
$act = "maintenance";
if (isset($config["virtualip_carp_maintenancemode"])) {
unset($config["virtualip_carp_maintenancemode"]);
write_config("Leave CARP maintenance mode");
} else {
$config["virtualip_carp_maintenancemode"] = true;
write_config("Enter CARP maintenance mode");
}
} elseif (!empty($_POST['disablecarp'])) {
if (get_single_sysctl('net.inet.carp.allow') > 0) {
$carp_counter = 0;
$act = "disable";
$savemsg = gettext("All virtual IPs have been disabled. Please note that disabling does not survive a reboot.");
set_single_sysctl('net.inet.carp.allow', '0');
foreach ($a_vip as $vip) {
switch ($vip['mode']) {
case "carp":
interface_vip_bring_down($vip);
$carp_counter++;
sleep(1);
break;
}
}
$savemsg = sprintf(gettext("%s IPs have been disabled. Please note that disabling does not survive a reboot."), $carp_counter);
} else {
$act = "enable";
$savemsg = gettext("CARP has been enabled.");
foreach ($a_vip as $vip) {
switch ($vip['mode']) {
case "carp":
interface_carp_configure($vip);
sleep(1);
break;
}
}
interfaces_carp_setup();
set_single_sysctl('net.inet.carp.allow', '1');
}
}
foreach ($a_vip as $vip) {
if ($vip['mode'] == 'carp') {
switch ($act) {
case 'maintenance':
interface_carp_configure($vip);
break;
case 'disable':
interface_vip_bring_down($vip);
break;
case 'enable':
interface_carp_configure($vip);
break;
default:
break;
}
}
}
header(url_safe('Location: carp_status.php?savemsg=%s', array($savemsg)));
exit;
} elseif ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (!empty($_GET['savemsg'])) {
$savemsg = htmlspecialchars($_GET['savemsg']);
}
}
$carpcount = 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment