Commit fffcede4 authored by Franco Fichtner's avatar Franco Fichtner

cron: migrate the time-based rules cron job to autocron

o Gets rid of cron save/flush in the filter reload path.
o Gets rid of cron job injection into config.
o Move configure_cron() to the rules edit where it can be
  flipped in case of schedule changes.

To be totally frank, a 15 minute hook to deploy a time
based system is hardly accurate.  But what worries me more
is that we still have this patch in the kernel, totally
unsure of what it actually does when we have a schedule-based
reload on top anyway:

https://github.com/opnsense/src/commit/0a19f813177d18e569a457eff50a07c2e42abe04
parent 7086992b
......@@ -164,9 +164,6 @@ function filter_configure_sync()
/* holds the tables to be flushed *AFTER* the filter is fully loaded */
$after_filter_configure_run = array();
/* For installing cron job of schedules */
$time_based_rules = false;
$FilterIflist = filter_generate_optcfg_array();
/* Use filter lock to not allow concurrent filter reloads during this run. */
......@@ -363,17 +360,6 @@ function filter_configure_sync()
mwexecf('/sbin/pfctl -T flush -t %s', $afcr);
}
/* if time based rules are enabled then swap in the set */
if (isset($config['filter']['rule'])) {
foreach ($config['filter']['rule'] as $rule) {
if (isset($rule['sched']) && !empty($rule['sched'])) {
$time_based_rules = true;
break;
}
}
filter_tdr_install_cron($time_based_rules);
}
if (file_exists("/var/run/booting")) {
echo ".";
}
......@@ -3371,66 +3357,6 @@ function filter_rules_spoofcheck_generate($ifname, $ifcfg, $log)
return $ipfrules;
}
/****f* filter/filter_tdr_install_cron
* NAME
* filter_tdr_install_cron
* INPUTS
* $should_install true if the cron entry should be installed, false
* if the entry should be removed if it is present
* RESULT
* none
******/
function filter_tdr_install_cron($should_install)
{
global $config;
if (file_exists("/var/run/booting")) {
return;
}
if (!is_array($config['cron'])) {
$config['cron'] = array();
}
if (!is_array($config['cron']['item'])) {
$config['cron']['item'] = array();
}
$x=0;
$is_installed = false;
foreach($config['cron']['item'] as $item) {
if (strstr($item['command'], "filter_configure_sync")) {
$is_installed = true;
break;
}
$x++;
}
switch($should_install) {
case true:
if (!$is_installed) {
$cron_item = array();
$cron_item['minute'] = "0,15,30,45";
$cron_item['hour'] = "*";
$cron_item['mday'] = "*";
$cron_item['month'] = "*";
$cron_item['wday'] = "*";
$cron_item['who'] = "root";
$cron_item['command'] = "/usr/local/etc/rc.filter_configure_sync";
$config['cron']['item'][] = $cron_item;
write_config(gettext("Installed 15 minute filter reload for Time Based Rules"));
configure_cron();
}
break;
case false:
if ($is_installed == true) {
unset($config['cron']['item'][$x]);
write_config(gettext("Removed 15 minute filter reload for Time Based Rules"));
configure_cron();
}
break;
}
}
/****f* filter/filter_get_time_based_rule_status
* NAME
* filter_get_time_based_rule_status
......
......@@ -2349,6 +2349,7 @@ function configure_cron()
'/usr/local/etc/rc.backup_dhcpleases',
'/usr/local/etc/rc.backup_netflow',
'/usr/local/etc/rc.backup_rrd',
'/usr/local/etc/rc.filter_configure_sync',
'/usr/local/etc/rc.dyndns.update',
'/usr/local/etc/rc.update_bogons',
'/usr/local/etc/rc.update_urltables',
......@@ -2398,21 +2399,30 @@ function configure_cron()
$autocron[] = generate_cron_job('/usr/local/etc/rc.update_urltables', '30', '12');
if (!empty($config['system']['rrdbackup'])) {
$autocron[] = generate_cron_job('/usr/local/etc/rc.backup_rrd', $minute = '0', '*/' . $config['system']['rrdbackup']);
$autocron[] = generate_cron_job('/usr/local/etc/rc.backup_rrd', '0', '*/' . $config['system']['rrdbackup']);
}
if (!empty($config['system']['dhcpbackup'])) {
$autocron[] = generate_cron_job('/usr/local/etc/rc.backup_dhcpleases', $minute = '0', '*/' . $config['system']['dhcpbackup']);
$autocron[] = generate_cron_job('/usr/local/etc/rc.backup_dhcpleases', '0', '*/' . $config['system']['dhcpbackup']);
}
if (!empty($config['system']['netflowbackup'])) {
$autocron[] = generate_cron_job('/usr/local/etc/rc.backup_netflow', $minute = '0', '*/' . $config['system']['netflowbackup']);
$autocron[] = generate_cron_job('/usr/local/etc/rc.backup_netflow', '0', '*/' . $config['system']['netflowbackup']);
}
if (!empty($config['system']['remotebackup']['GDriveEnabled'])) {
$autocron[] = generate_cron_job('/usr/local/opnsense/scripts/remote_backup.php', 0, 1);
}
if (isset($config['filter']['rule'])) {
foreach ($config['filter']['rule'] as $rule) {
if (!empty($rule['sched'])) {
$autocron[] = generate_cron_job('/usr/local/etc/rc.filter_configure_sync', '0,15,30,45');
break;
}
}
}
/* bogons fetch always set in default config.xml */
switch ($config['system']['bogons']['interval']) {
case 'daily':
......
......@@ -517,6 +517,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
// sort filter items per interface, not really necessary but leaves a bit nicer sorted config.xml behind.
filter_rules_sort();
configure_cron();
// write to config
if (write_config()) {
mark_subsystem_dirty('filter');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment