Commit 9b4029c9 authored by Ad Schellevis's avatar Ad Schellevis Committed by Franco Fichtner

(gwlb.inc) cleanups

(cherry picked from commit aa1221ae)
(cherry picked from commit 4f58e7f8)
(cherry picked from commit 4169afd1)
(cherry picked from commit ee8955e4)
(cherry picked from commit 2dbc3ab2)
(cherry picked from commit 66511add)
(cherry picked from commit 336cbd67)
(cherry picked from commit 79a6df22)
(cherry picked from commit a5d9897c)
parent d02f17c5
......@@ -913,8 +913,6 @@ function filter_generate_gateways()
if (is_array($GatewayGroupsList)) {
foreach ($GatewayGroupsList as $gateway => $members) {
$route = "";
/* hey, that's not a group member! */
unset($members['ipprotocol']);
if (count($members) > 0) {
$foundlb = 0;
$routeto = "";
......
......@@ -473,16 +473,7 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive
$found_defaultv4 = 0;
$found_defaultv6 = 0;
$interfaces = legacy_interface_listget();
$interfaces_v4 = array();
$interfaces_v6 = array();
/* Loop through all interfaces with a gateway and add it to a array */
if ($disabled == false) {
$iflist = get_configured_interface_with_descr();
} else {
$iflist = get_configured_interface_with_descr(false, true);
}
/* Process/add dynamic v4 gateways. */
foreach ($iflist as $ifname => $friendly) {
......@@ -490,23 +481,12 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive
continue;
}
if (empty($config['interfaces'][$ifname])) {
continue;
}
$ifcfg = &$config['interfaces'][$ifname];
if (!isset($ifcfg['enable'])) {
continue;
}
if (!empty($ifcfg['ipaddr']) && is_ipaddrv4($ifcfg['ipaddr'])) {
continue;
}
if (isset($interfaces_v4[$ifname])) {
continue;
}
$ctype = '';
switch($ifcfg['ipaddr']) {
case "dhcp":
......@@ -542,7 +522,7 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive
$gateway['name'] = "{$friendly}{$ctype}";
$gateway['attribute'] = "system";
if (($gateway['dynamic'] === "default") && ($found_defaultv4 == 0)) {
if ($gateway['dynamic'] === "default" && $found_defaultv4 == 0) {
$gateway['defaultgw'] = true;
$gateway['dynamic'] = true;
$found_defaultv4 = 1;
......@@ -552,14 +532,6 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive
$gateway['gateway'] = "dynamic";
}
/* automatically skip known static and dynamic gateways we have a array entry for */
foreach ($gateways_arr as $gateway_item) {
if ((($ifname == $gateway_item['friendlyiface'] && $friendly == $gateway_item['name'])&& ($gateway['ipprotocol'] == $gateway_item['ipprotocol'])) ||
($ifname == $gateway_item['friendlyiface'] && $gateway_item['dynamic'] == true) && ($gateway['ipprotocol'] == $gateway_item['ipprotocol'])) {
continue 2;
}
}
if (is_ipaddrv4($gateway['gateway'])) {
$gateway['monitor'] = $gateway['gateway'];
}
......@@ -568,7 +540,6 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive
$gateway['monitor_disable'] = true;
$gateways_arr[$gateway['name']] = $gateway;
}
unset($gateway);
/* Process/add dynamic v6 gateways. */
foreach ($iflist as $ifname => $friendly) {
......@@ -586,18 +557,11 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive
}
$ifcfg = &$config['interfaces'][$ifname];
if (!isset($ifcfg['enable'])) {
continue;
}
if (!empty($ifcfg['ipaddrv6']) && is_ipaddrv6($ifcfg['ipaddrv6'])) {
continue;
}
if (isset($interfaces_v6[$ifname])) {
continue;
}
$ctype = '';
switch($ifcfg['ipaddrv6']) {
case "slaac":
......@@ -653,14 +617,6 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive
$gateway['gateway'] = "dynamic";
}
/* automatically skip known static and dynamic gateways we have a array entry for */
foreach($gateways_arr as $gateway_item) {
if ((($ifname == $gateway_item['friendlyiface'] && $friendly == $gateway_item['name']) && ($gateway['ipprotocol'] == $gateway_item['ipprotocol'])) ||
($ifname == $gateway_item['friendlyiface'] && $gateway_item['dynamic'] == true) && ($gateway['ipprotocol'] == $gateway_item['ipprotocol'])) {
continue 2;
}
}
if (is_ipaddrv6($gateway['gateway'])) {
$gateway['monitor'] = $gateway['gateway'];
}
......@@ -669,17 +625,13 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive
$gateway['monitor_disable'] = true;
$gateways_arr[$gateway['name']] = $gateway;
}
unset($gateway);
$i = -1;
$i = 0;
/* Process/add all the configured gateways. */
if (isset($config['gateways']['gateway_item'])) {
foreach ($config['gateways']['gateway_item'] as $gateway) {
/* Increment it here to do not skip items */
$i++;
if (empty($config['interfaces'][$gateway['interface']])) {
if ($inactive === false) {
if (!$inactive) {
continue;
} else {
$gateway['inactive'] = true;
......@@ -688,7 +640,7 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive
$wancfg = $config['interfaces'][$gateway['interface']];
/* skip disabled interfaces */
if ($disabled === false && (!isset($wancfg['enable']) || isset($gateway['disabled']))) {
if (!$disabled && (!isset($wancfg['enable']) || isset($gateway['disabled']))) {
if (isset($gateways_arr[$gateway['name']])) {
unset($gateways_arr[$gateway['name']]);
}
......@@ -715,14 +667,6 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive
}
$gateway['dynamic'] = true;
}
} else {
/* getting this detection right is hard at this point because we still don't
* store the address family in the gateway item */
if (is_ipaddrv4($gateway['gateway'])) {
$gateway['ipprotocol'] = "inet";
} elseif (is_ipaddrv6($gateway['gateway'])) {
$gateway['ipprotocol'] = "inet6";
}
}
if (isset($gateway['monitor_disable'])) {
......@@ -736,29 +680,20 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive
/* special treatment for tunnel interfaces */
if ($gateway['ipprotocol'] == "inet6") {
$gateway['interface'] = get_real_interface($gateway['interface'], "inet6", false, false);
$interfaces_v6[$gateway['friendlyiface']] = $gateway['friendlyiface'];
} else {
$gateway['interface'] = get_real_interface($gateway['interface'], "all", false, false);
$interfaces_v4[$gateway['friendlyiface']] = $gateway['friendlyiface'];
}
/* entry has a default flag, use it */
if (isset($gateway['defaultgw'])) {
if ($gateway['ipprotocol'] == "inet") {
$gateway['defaultgw'] = true;
$found_defaultv4 = 1;
} else if ($gateway['ipprotocol'] == "inet6") {
$gateway['defaultgw'] = true;
$found_defaultv6 = 1;
}
}
/* include the gateway index as the attribute */
$gateway['attribute'] = $i;
$gateway['attribute'] = $i++;
$gateways_arr[$gateway['name']] = $gateway;
}
}
unset($gateway);
if ($localhost === true) {
/* attach localhost for Null routes */
......@@ -776,66 +711,57 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive
$gateways_arr['Null6'] = $gwlo6;
}
return($gateways_arr);
return $gateways_arr;
}
function fixup_default_gateway($ipprotocol, $gateways_status, $gateways_arr)
function fixup_default_gateway($gateways_status, $gateways_arr)
{
global $config;
/*
* NOTE: The code below is meant to replace the default gateway when it goes down.
* This facilitates services running on OPNsense itself and are not handled by a PBR to continue working.
*/
foreach (array("inet", "inet6") as $ipprotocol) {
$upgw = "";
$dfltgwdown = false;
$dfltgwfound = false;
$dfltgwup = false;
$dfltgwname = null;
foreach ($gateways_arr as $gwname => $gwsttng) {
if (($gwsttng['ipprotocol'] == $ipprotocol) && isset($gwsttng['defaultgw'])) {
$dfltgwfound = true;
if ($gwsttng['ipprotocol'] == $ipprotocol) {
if (isset($gwsttng['defaultgw'])) {
$dfltgwname = $gwname;
if (!isset($gwsttng['monitor_disable']) && stristr($gateways_status[$gwname]['status'], "down")) {
$dfltgwdown = true;
if (isset($gwsttng['monitor_disable']) || !stristr($gateways_status[$gwname]['status'], "down")) {
$dfltgwup = true;
}
}
/* Keep a record of the last up gateway */
/* XXX: Blacklist lan for now since it might cause issues to those who have a gateway set for it */
if (empty($upgw) && ($gwsttng['ipprotocol'] == $ipprotocol) && (isset($gwsttng['monitor_disable']) || !stristr($gateways_status[$gwname]['status'], "down")) && $gwsttng[$gwname]['friendlyiface'] != "lan") {
if (empty($upgw) && $gwsttng[$gwname]['friendlyiface'] != "lan" &&
(isset($gwsttng['monitor_disable']) || !stristr($gateways_status[$gwname]['status'], "down"))) {
$upgw = $gwname;
}
if ($dfltgwdown == true && !empty($upgw)) {
if ($dfltgwdown && !empty($upgw)) {
// switch gateway
$dfltgwname = $upgw;
break;
}
}
if ($dfltgwfound == false) {
$gwname = convert_friendly_interface_to_friendly_descr("wan");
if (!empty($gateways_status[$gwname]) && stristr($gateways_status[$gwname]['status'], "down")) {
$dfltgwdown = true;
}
}
if ($dfltgwdown == true && !empty($upgw)) {
if ($gateways_arr[$upgw]['gateway'] == "dynamic") {
$gateways_arr[$upgw]['gateway'] = get_interface_gateway($gateways_arr[$upgw]['friendlyiface']);
}
if (is_ipaddr($gateways_arr[$upgw]['gateway'])) {
log_error("Default gateway down setting {$upgw} as default!");
if (is_ipaddrv6($gateways_arr[$upgw]['gateway'])) {
$inetfamily = "-inet6";
if ($gateways_arr[$dfltgwname]['gateway'] == "dynamic") {
if ($ipprotocol == 'inet') {
$gwip = get_interface_gateway($gateways_arr[$dfltgwname]['friendlyiface']);
} else {
$inetfamily = "-inet";
}
mwexec("/sbin/route delete {$inetfamily} default {$gateways_arr[$upgw]['gateway']}");
mwexec("/sbin/route add {$inetfamily} default {$gateways_arr[$upgw]['gateway']}");
$gwip = get_interface_gateway_v6($gateways_arr[$dfltgwname]['friendlyiface']);
}
} else {
$gwip = $gateways_arr[$dfltgwname]['gateway'];
}
$defaultgw = trim(exec("/sbin/route -n get -{$ipprotocol} default | /usr/bin/awk '/gateway:/ {print $2}'"), " \n");
if (is_ipaddrv6($gateways_arr[$dfltgwname]['gateway'])) {
$inetfamily = "-inet6";
} else {
$inetfamily = "-inet";
if (!$dfltgwup) {
log_error("Default gateway down setting {$dfltgwname} as default!");
}
if ($defaultgw != $gateways_arr[$dfltgwname]['gateway']) {
mwexec("/sbin/route delete {$inetfamily} default {$gateways_arr[$dfltgwname]['gateway']}");
mwexec("/sbin/route add {$inetfamily} default {$gateways_arr[$dfltgwname]['gateway']}");
if ($defaultgw != $gwip && is_ipaddr($gwip)) {
mwexec("/sbin/route delete -{$ipprotocol} default");
mwexec("/sbin/route add -{$ipprotocol} default {$gwip}");
}
}
}
......@@ -854,107 +780,93 @@ function return_gateway_groups_array()
$gateway_groups_array = array();
if (isset($config['system']['gw_switch_default'])) {
fixup_default_gateway("inet", $gateways_status, $gateways_arr);
fixup_default_gateway("inet6", $gateways_status, $gateways_arr);
fixup_default_gateway($gateways_status, $gateways_arr);
}
if (isset($config['gateways']['gateway_group'])) {
$carplist = get_configured_carp_interface_list();
foreach ($config['gateways']['gateway_group'] as $group) {
/* create array with group gateways members separated by tier */
$tiers = array();
$backupplan = array();
$gwvip_arr = array();
$tiers_online = 0;
foreach ($group['item'] as $item) {
list($gwname, $tier, $vipname) = explode("|", $item);
if (is_ipaddr($carplist[$vipname])) {
if (!is_array($gwvip_arr[$group['name']])) {
$gwvip_arr[$group['name']] = array();
}
$gwvip_arr[$group['name']][$gwname] = $vipname;
}
/* Do it here rather than reiterating again the group in case no member is up. */
if (!is_array($backupplan[$tier])) {
$backupplan[$tier] = array();
if (!isset($tiers[$tier])) {
$tiers[$tier] = array();
}
$backupplan[$tier][] = $gwname;
/* check if the gateway is available before adding it to the array */
if (is_array($gateways_status[$gwname])) {
$gwup = false;
if (!empty($gateways_status[$gwname])) {
$status = $gateways_status[$gwname];
$gwdown = false;
if (stristr($status['status'], 'down')) {
$msg = sprintf(gettext('MONITOR: %s is down, removing from routing group %s'), $gwname, $group['name']);
$gwdown = true;
} elseif (stristr($status['status'], 'loss') && strstr($group['trigger'], 'loss')) {
/* packet loss */
$msg = sprintf(gettext('MONITOR: %s has packet loss, removing from routing group %s'), $gwname, $group['name']);
$gwdown = true;
} elseif (stristr($status['status'], 'delay') && strstr($group['trigger'] , 'latency')) {
/* high latency */
$msg = sprintf(gettext('MONITOR: %s has high latency, removing from routing group %s'), $gwname, $group['name']);
$gwdown = true;
} else {
$msg = null;
}
if ($gwdown == true) {
if (!empty($msg)) {
log_error($msg);
notify_via_growl($msg);
notify_via_smtp($msg);
notify_all_remote($msg);
} else {
/* Online add member */
if (!is_array($tiers[$tier])) {
$tiers[$tier] = array();
}
$tiers[$tier][] = $gwname;
$tiers_online++;
$gwup = true;
}
} elseif (isset($gateways_arr[$gwname]['monitor_disable'])) {
$tiers[$tier][] = $gwname;
$gwup = true;
}
$vip = null;
if (!empty($carplist[$vipname]) && is_ipaddr($carplist[$vipname])) {
$vip = $vipname;
}
$tiers[$tier][] = array("up" => $gwup, "gwname" => $gwname, "vip" => $vip);
}
$tiers_count = count($tiers);
if ($tiers_count == 0) {
/* Oh dear, we have no members! Engage Plan B */
if (!file_exists('/var/run/booting')) {
if ($tiers_online == 0 && !file_exists('/var/run/booting')) {
/* Oh dear, we have no members!*/
$msg = sprintf(gettext('Gateways status could not be determined, considering all as up/active. (Group: %s)'), $group['name']);
log_error($msg);
notify_via_growl($msg);
//notify_via_smtp($msg);
}
$tiers = $backupplan;
}
/* sort the tiers array by the tier key */
ksort($tiers);
/* we do not really foreach the tiers as we stop after the first tier */
foreach ($tiers as $tieridx => $tier) {
/* process all gateways in this tier */
foreach ($tier as $member) {
foreach ($tier as $member_item) {
$member = $member_item['gwname'];
if (($member_item['up'] || $tiers_online) && isset($gateways_arr[$member])) {
/* determine interface gateway */
if (isset($gateways_arr[$member])) {
$gateway = $gateways_arr[$member];
$int = $gateway['interface'];
$gatewayip = "";
if (is_ipaddr($gateway['gateway'])) {
$gatewayip = $gateway['gateway'];
} elseif (!empty($int)) {
} elseif (!empty($gateway['interface'])) {
$gatewayip = get_interface_gateway($gateway['friendlyiface']);
} else {
$gatewayip = "";
}
if (!empty($int)) {
$gateway_groups_array[$group['name']]['ipprotocol'] = $gateway['ipprotocol'];
if (!empty($gateway['interface'])) {
if (empty($gateway_groups_array[$group['name']])) {
$gateway_groups_array[$group['name']] = array();
}
if (is_ipaddr($gatewayip)) {
$groupmember = array();
$groupmember['int'] = $int;
$groupmember['int'] = $gateway['interface'];
$groupmember['gwip'] = $gatewayip;
$groupmember['weight'] = isset($gateway['weight']) ? $gateway['weight'] : 1;
if (is_array($gwvip_arr[$group['name']])&& !empty($gwvip_arr[$group['name']][$member])) {
$groupmember['vip'] = $gwvip_arr[$group['name']][$member];
if (!empty($member_item['vip'])) {
$groupmember['vip'] = $member_item['vip'];
}
$gateway_groups_array[$group['name']][] = $groupmember;
}
}
}
}
/* we should have the 1st available tier now, exit stage left */
if (count($gateway_groups_array[$group['name']]) > 0) {
break;
......@@ -965,7 +877,7 @@ function return_gateway_groups_array()
}
}
return ($gateway_groups_array);
return $gateway_groups_array;
}
function lookup_gateway_ip_by_name($name)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment