Skip to content

O
OpnSense
Commit 2f860487 authored by Ad Schellevis's avatar Ad Schellevis Committed by GitHub
Browse files
Options

Merge pull request #1187 from opnsense/carp_improvements 

Carp improvements
parents 1ccf6b45 dcd0e068
Hide whitespace changes
Inline Side-by-side
Showing with 65 additions and 172 deletions
src/etc/inc/interfaces.inc
View file @ 2f860487
...@@ -1770,67 +1770,25 @@ function interfaces_carp_setup() ...@@ -1770,67 +1770,25 @@ function interfaces_carp_setup()
echo gettext("Configuring CARP settings..."); echo gettext("Configuring CARP settings...");
mute_kernel_msgs(); mute_kernel_msgs();
} }
set_single_sysctl("net.inet.carp.preempt", "1");
/* suck in configuration items */ if (!empty($config['hasync']['pfsyncinterface'])) {
if (isset($config['hasync'])) { $carp_sync_int = get_real_interface($config['hasync']['pfsyncinterface']);
if (isset($config['hasync']['pfsyncenabled'])) {
$pfsyncenabled = $config['hasync']['pfsyncenabled'];
}
if (isset($config['hasync']['pfsyncinterface'])) {
$pfsyncinterface = $config['hasync']['pfsyncinterface'];
}
if (isset($config['hasync']['pfsyncpeerip'])) {
$pfsyncpeerip = $config['hasync']['pfsyncpeerip'];
}
} else {
unset($pfsyncinterface);
unset($pfsyncenabled);
}
set_sysctl(array(
"net.inet.carp.preempt" => "1",
"net.inet.carp.log" => "1"
));
if (!empty($pfsyncinterface)) {
$carp_sync_int = get_real_interface($pfsyncinterface);
} else {
unset($carp_sync_int);
} }
/* setup pfsync interface */ /* setup pfsync interface */
if (!empty($carp_sync_int) && isset($pfsyncenabled)) { if (!empty($carp_sync_int) && isset($config['hasync']['pfsyncenabled'])) {
if (is_ipaddr($pfsyncpeerip)) { if (isset($config['hasync']['pfsyncpeerip']) && is_ipaddr($config['hasync']['pfsyncpeerip'])) {
$syncpeer = "syncpeer {$pfsyncpeerip}"; $syncpeer = "syncpeer " . $config['hasync']['pfsyncpeerip'];
} else { } else {
$syncpeer = "-syncpeer"; $syncpeer = "-syncpeer";
} }
mwexec("/sbin/ifconfig pfsync0 syncdev {$carp_sync_int} {$syncpeer} up", false); mwexec("/sbin/ifconfig pfsync0 syncdev {$carp_sync_int} {$syncpeer} up", false);
sleep(1);
/* XXX: Handle an issue with pfsync(4) and carp(4). In a cluster carp will come up before pfsync(4) has updated and so will cause issues
* for existing sessions.
*/
log_error("waiting for pfsync...");
$i = 0;
while (intval(trim(`/sbin/ifconfig pfsync0 | /usr/bin/grep 'syncok: 0' | /usr/bin/grep -v grep | /usr/bin/wc -l`)) == 0 && $i < 30) {
$i++;
sleep(1);
}
log_error("pfsync done in $i seconds.");
log_error("Configuring CARP settings finalize...");
} else { } else {
mwexec("/sbin/ifconfig pfsync0 -syncdev -syncpeer down", false); mwexec("/sbin/ifconfig pfsync0 -syncdev -syncpeer down", false);
} }
if (isset($config['virtualip']['vip']) && $config['virtualip']['vip']) {
set_single_sysctl("net.inet.carp.allow", "1");
} else {
set_single_sysctl("net.inet.carp.allow", "0");
}
if (file_exists("/var/run/booting")) { if (file_exists("/var/run/booting")) {
unmute_kernel_msgs(); unmute_kernel_msgs();
echo gettext("done.") . "\n"; echo gettext("done.") . "\n";
...@@ -1906,29 +1864,21 @@ function interfaces_vips_configure($interface = '') ...@@ -1906,29 +1864,21 @@ function interfaces_vips_configure($interface = '')
$carp_setuped = false; $carp_setuped = false;
$anyproxyarp = false; $anyproxyarp = false;
foreach ($config['virtualip']['vip'] as $vip) { foreach ($config['virtualip']['vip'] as $vip) {
switch ($vip['mode']) { if ($interface == "" || $vip['interface'] == $interface) {
case "proxyarp": switch ($vip['mode']) {
/* nothing it is handled on interface_proxyarp_configure() */ case "proxyarp":
if ($interface <> "" && $vip['interface'] <> $interface) { $anyproxyarp = true;
continue; break;
} case "ipalias":
$anyproxyarp = true; interface_ipalias_configure($vip);
break; break;
case "ipalias": case "carp":
if ($interface <> "" && $vip['interface'] <> $interface) { if ($carp_setuped == false) {
continue; $carp_setuped = true;
} }
interface_ipalias_configure($vip); interface_carp_configure($vip);
break; break;
case "carp": }
if ($interface <> "" && $vip['interface'] <> $interface) {
continue;
}
if ($carp_setuped == false) {
$carp_setuped = true;
}
interface_carp_configure($vip);
break;
} }
} }
if ($carp_setuped == true) { if ($carp_setuped == true) {
...@@ -1948,10 +1898,6 @@ function interface_ipalias_configure(&$vip) ...@@ -1948,10 +1898,6 @@ function interface_ipalias_configure(&$vip)
return; return;
} }
if ($vip['interface'] != 'lo0' && !isset($config['interfaces'][$vip['interface']])) {
return;
}
if ($vip['interface'] != 'lo0' && !isset($config['interfaces'][$vip['interface']]['enable'])) { if ($vip['interface'] != 'lo0' && !isset($config['interfaces'][$vip['interface']]['enable'])) {
return; return;
} }
...@@ -1972,6 +1918,11 @@ function interface_carp_configure(&$vip) ...@@ -1972,6 +1918,11 @@ function interface_carp_configure(&$vip)
return; return;
} }
// when CARP is temporary disabled, don't try to configure on any interface-up events
if (get_single_sysctl('net.inet.carp.allow') == '0') {
return;
}
/* NOTE: Maybe its useless nowdays */ /* NOTE: Maybe its useless nowdays */
$realif = get_real_interface($vip['interface']); $realif = get_real_interface($vip['interface']);
if (!does_interface_exist($realif)) { if (!does_interface_exist($realif)) {
...@@ -4262,45 +4213,6 @@ function guess_interface_from_ip($ipaddress) ...@@ -4262,45 +4213,6 @@ function guess_interface_from_ip($ipaddress)
} }
/****f* interfaces/link_ip_to_carp_interface
* NAME
* link_ip_to_carp_interface - Find where a CARP interface links to.
* INPUTS
* $ip
* RESULT
* $carp_ints
******/
function link_ip_to_carp_interface($ip)
{
global $config;
if (!is_ipaddr($ip)) {
return;
}
$carp_ints = '';
if (isset($config['virtualip']['vip'])) {
$first = 0;
$carp_int = array();
foreach ($config['virtualip']['vip'] as $vip) {
if ($vip['mode'] == "carp") {
$carp_ip = $vip['subnet'];
$carp_sn = $vip['subnet_bits'];
$carp_nw = gen_subnet($carp_ip, $carp_sn);
if (ip_in_subnet($ip, "{$carp_nw}/{$carp_sn}")) {
$carp_int[] = get_real_interface($vip['interface']);
}
}
}
if (!empty($carp_int)) {
$carp_ints = implode(" ", array_unique($carp_int));
}
}
return $carp_ints;
}
function link_interface_to_track6($int, $action = '') function link_interface_to_track6($int, $action = '')
{ {
global $config; global $config;
......
src/etc/inc/system.inc
View file @ 2f860487
...@@ -118,9 +118,7 @@ function activate_sysctls() ...@@ -118,9 +118,7 @@ function activate_sysctls()
"net.enc.in.ipsec_bpf_mask" => "0x0002", "net.enc.in.ipsec_bpf_mask" => "0x0002",
"net.enc.in.ipsec_filter_mask" => "0x0002", "net.enc.in.ipsec_filter_mask" => "0x0002",
"net.enc.out.ipsec_bpf_mask" => "0x0001", "net.enc.out.ipsec_bpf_mask" => "0x0001",
"net.enc.out.ipsec_filter_mask" => "0x0001", "net.enc.out.ipsec_filter_mask" => "0x0001"
'net.inet.carp.senderr_demotion_factor' => '0',
'net.pfsync.carp_demotion_factor' => '0',
); );
if (isset($config['sysctl']['item'])) { if (isset($config['sysctl']['item'])) {
......
src/etc/rc.carpbackup
View file @ 2f860487
...@@ -58,9 +58,3 @@ if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client' ...@@ -58,9 +58,3 @@ if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'
} }
} }
$pluginparams = array();
$pluginparams['type'] = 'carp';
$pluginparams['event'] = 'rc.carpbackup';
$pluginparams['interface'] = $argv[1];
?>
src/etc/rc.carpmaster
View file @ 2f860487
...@@ -66,9 +66,3 @@ if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server' ...@@ -66,9 +66,3 @@ if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'
} }
} }
$pluginparams = array();
$pluginparams['type'] = 'carp';
$pluginparams['event'] = 'rc.carpmaster';
$pluginparams['interface'] = $argv[1];
?>
src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml
View file @ 2f860487
...@@ -164,7 +164,9 @@ ...@@ -164,7 +164,9 @@
<Settings url="/firewall_virtual_ip.php"> <Settings url="/firewall_virtual_ip.php">
<Edit url="/firewall_virtual_ip_edit.php*" visibility="hidden"/> <Edit url="/firewall_virtual_ip_edit.php*" visibility="hidden"/>
</Settings> </Settings>
<Status url="/carp_status.php"/> <Status url="/carp_status.php">
<All url="/carp_status.php*"/>
</Status>
</VIP> </VIP>
<Settings order="200" cssClass="fa fa-cogs fa-fw"> <Settings order="200" cssClass="fa fa-cogs fa-fw">
<Schedules order="100" url="/firewall_schedule.php"> <Schedules order="100" url="/firewall_schedule.php">
......
src/www/carp_status.php
View file @ 2f860487
...@@ -30,65 +30,58 @@ ...@@ -30,65 +30,58 @@
require_once("guiconfig.inc"); require_once("guiconfig.inc");
require_once("interfaces.inc"); require_once("interfaces.inc");
function interfaces_carp_set_maintenancemode($carp_maintenancemode)
{
global $config;
if (isset($config["virtualip_carp_maintenancemode"]) && $carp_maintenancemode == false) {
unset($config["virtualip_carp_maintenancemode"]);
write_config("Leave CARP maintenance mode");
} elseif (!isset($config["virtualip_carp_maintenancemode"]) && $carp_maintenancemode == true) {
$config["virtualip_carp_maintenancemode"] = true;
write_config("Enter CARP maintenance mode");
}
if (isset($config['virtualip']['vip'])) {
$viparr = &$config['virtualip']['vip'];
foreach ($viparr as $vip) {
if ($vip['mode'] == 'carp') {
interface_carp_configure($vip);
}
}
}
}
// init $config['virtualip']['vip'] // init $config['virtualip']['vip']
if ( !isset($config['virtualip']['vip']) || !is_array($config['virtualip']['vip'])) { if ( !isset($config['virtualip']['vip']) || !is_array($config['virtualip']['vip'])) {
$config['virtualip']['vip'] = array(); $config['virtualip']['vip'] = array();
} }
$a_vip = &$config['virtualip']['vip']; $a_vip = &$config['virtualip']['vip'];
$act = null;
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!empty($_POST['carp_maintenancemode'])) { if (!empty($_POST['carp_maintenancemode'])) {
interfaces_carp_set_maintenancemode(!isset($config["virtualip_carp_maintenancemode"])); $act = "maintenance";
if (isset($config["virtualip_carp_maintenancemode"])) {
unset($config["virtualip_carp_maintenancemode"]);
write_config("Leave CARP maintenance mode");
} else {
$config["virtualip_carp_maintenancemode"] = true;
write_config("Enter CARP maintenance mode");
}
} elseif (!empty($_POST['disablecarp'])) { } elseif (!empty($_POST['disablecarp'])) {
if (get_single_sysctl('net.inet.carp.allow') > 0) { if (get_single_sysctl('net.inet.carp.allow') > 0) {
$carp_counter = 0; $act = "disable";
$savemsg = gettext("All virtual IPs have been disabled. Please note that disabling does not survive a reboot.");
set_single_sysctl('net.inet.carp.allow', '0'); set_single_sysctl('net.inet.carp.allow', '0');
foreach ($a_vip as $vip) {
switch ($vip['mode']) {
case "carp":
interface_vip_bring_down($vip);
$carp_counter++;
sleep(1);
break;
}
}
$savemsg = sprintf(gettext("%s IPs have been disabled. Please note that disabling does not survive a reboot."), $carp_counter);
} else { } else {
$act = "enable";
$savemsg = gettext("CARP has been enabled."); $savemsg = gettext("CARP has been enabled.");
foreach ($a_vip as $vip) {
switch ($vip['mode']) {
case "carp":
interface_carp_configure($vip);
sleep(1);
break;
}
}
interfaces_carp_setup(); interfaces_carp_setup();
set_single_sysctl('net.inet.carp.allow', '1'); set_single_sysctl('net.inet.carp.allow', '1');
} }
} }
foreach ($a_vip as $vip) {
if ($vip['mode'] == 'carp') {
switch ($act) {
case 'maintenance':
interface_carp_configure($vip);
break;
case 'disable':
interface_vip_bring_down($vip);
break;
case 'enable':
interface_carp_configure($vip);
break;
default:
break;
}
}
}
header(url_safe('Location: carp_status.php?savemsg=%s', array($savemsg)));
exit;
} elseif ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (!empty($_GET['savemsg'])) {
$savemsg = htmlspecialchars($_GET['savemsg']);
}
} }
$carpcount = 0; $carpcount = 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023