$config['virtualip']['vip'] = array(); } $a_vip =& $config['virtualip']['vip']; if ($_POST) { $pconfig = $_POST; if ($_POST['apply']) { if (file_exists('/tmp/.firewall_virtual_ip.apply')) { $toapplylist = unserialize(file_get_contents('/tmp/.firewall_virtual_ip.apply')); foreach ($toapplylist as $vid => $ovip) { if (!empty($ovip)) { interface_vip_bring_down($ovip); } if ($a_vip[$vid]) { switch ($a_vip[$vid]['mode']) { case "ipalias": interface_ipalias_configure($a_vip[$vid]); break; case "proxyarp": interface_proxyarp_configure($a_vip[$vid]['interface']); break; case "carp": interface_carp_configure($a_vip[$vid]); break; default: break; } } } @unlink('/tmp/.firewall_virtual_ip.apply'); } $retval = 0;
function restore_config_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; $old_config = $config; $old_ipsec_enabled = ipsec_enabled(); if (xmlrpc_loop_detect()) { log_error("Disallowing CARP sync loop"); return; } $params = xmlrpc_params_to_php($raw_params); if (!xmlrpc_auth($params)) { xmlrpc_authfail(); return $xmlrpc_g['return']['authfail']; } /* * Make sure it doesn't end up with both dnsmasq and unbound enabled * simultaneously in secondary * */ if (isset($params[0]['unbound']['enable']) && isset($config['dnsmasq']['enable'])) { unset($config['dnsmasq']['enable']); services_dnsmasq_configure(); } else { if (isset($params[0]['dnsmasq']['enable']) && isset($config['unbound']['enable'])) { unset($config['unbound']['enable']); services_unbound_configure(); } } // Some sections should just be copied and not merged or we end // up unable to sync the deletion of the last item in a section $sync_full = array('dnsmasq', 'unbound', 'ipsec', 'aliases', 'wol', 'load_balancer', 'openvpn', 'cert', 'ca', 'crl', 'schedules', 'filter', 'nat', 'dhcpd', 'dhcpv6'); $sync_full_done = array(); foreach ($sync_full as $syncfull) { if (isset($params[0][$syncfull])) { $config[$syncfull] = $params[0][$syncfull]; unset($params[0][$syncfull]); $sync_full_done[] = $syncfull; } } $vipbackup = array(); $oldvips = array(); if (isset($params[0]['virtualip'])) { if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $vipindex => $vip) { if ($vip['mode'] == "carp") { $oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['content'] = "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}"; $oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['interface'] = $vip['interface']; $oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['subnet'] = $vip['subnet']; } else { if ($vip['mode'] == "ipalias" && (substr($vip['interface'], 0, 4) == '_vip' || strpos($vip['interface'], "lo0"))) { $oldvips[$vip['subnet']]['content'] = "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}"; $oldvips[$vip['subnet']]['interface'] = $vip['interface']; $oldvips[$vip['subnet']]['subnet'] = $vip['subnet']; } else { if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && !(substr($vip['interface'], 0, 4) == '_vip') || strpos($vip['interface'], "lo0")) { $vipbackup[] = $vip; } } } } } } // For vip section, first keep items sent from the master $config = array_merge_recursive_unique($config, $params[0]); /* Then add ipalias and proxyarp types already defined on the backup */ if (is_array($vipbackup) && !empty($vipbackup)) { if (!is_array($config['virtualip'])) { $config['virtualip'] = array(); } if (!is_array($config['virtualip']['vip'])) { $config['virtualip']['vip'] = array(); } foreach ($vipbackup as $vip) { array_unshift($config['virtualip']['vip'], $vip); } } /* Log what happened */ $mergedkeys = implode(",", array_merge(array_keys($params[0]), $sync_full_done)); write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys)); /* * The real work on handling the vips specially * This is a copy of intefaces_vips_configure with addition of not reloading existing/not changed carps */ if (isset($params[0]['virtualip']) && is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { $carp_setuped = false; $anyproxyarp = false; foreach ($config['virtualip']['vip'] as $vip) { if ($vip['mode'] == "carp" && isset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"])) { if ($oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['content'] == "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}") { if (does_vip_exist($vip)) { unset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"]); continue; // Skip reconfiguring this vips since nothing has changed. } } } else { if ($vip['mode'] == "ipalias" && strstr($vip['interface'], "_vip") && isset($oldvips[$vip['subnet']])) { if ($oldvips[$vip['subnet']]['content'] == "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}") { if (does_vip_exist($vip)) { unset($oldvips[$vip['subnet']]); continue; // Skip reconfiguring this vips since nothing has changed. } } unset($oldvips[$vip['subnet']]); } } switch ($vip['mode']) { case "proxyarp": $anyproxyarp = true; break; case "ipalias": interface_ipalias_configure($vip); break; case "carp": if ($carp_setuped == false) { $carp_setuped = true; } interface_carp_configure($vip); break; } } /* Cleanup remaining old carps */ foreach ($oldvips as $oldvipar) { $oldvipif = get_real_interface($oldvipar['interface']); if (!empty($oldvipif)) { if (is_ipaddrv6($oldvipar['subnet'])) { mwexec("/sbin/ifconfig " . escapeshellarg($oldvipif) . " inet6 " . escapeshellarg($oldvipar['subnet']) . " delete"); } else { pfSense_interface_deladdress($oldvipif, $oldvipar['subnet']); } } } if ($carp_setuped == true) { interfaces_sync_setup(); } if ($anyproxyarp == true) { interface_proxyarp_configure(); } } if ($old_ipsec_enabled !== ipsec_enabled()) { vpn_ipsec_configure(); } unset($old_config); return $xmlrpc_g['return']['true']; }
/** * Restore defined config section into local config * * @param string $username * @param string $password * @param array $sections * * @return bool */ public function restore_config_section($username, $password, $sections) { $this->auth($username, $password); global $config; $old_config = $config; $old_ipsec_enabled = ipsec_enabled(); if ($this->loop_detected) { log_error("Disallowing CARP sync loop"); return true; } /* * Some sections should just be copied and not merged or we end * up unable to sync the deletion of the last item in a section */ $sync_full_sections = array('aliases', 'ca', 'cert', 'crl', 'dhcpd', 'dhcpv6', 'dnsmasq', 'filter', 'ipsec', 'load_balancer', 'nat', 'openvpn', 'schedules', 'unbound', 'wol'); $syncd_full_sections = array(); foreach ($sync_full_sections as $section) { if (!isset($sections[$section])) { continue; } $config[$section] = $sections[$section]; unset($sections[$section]); $syncd_full_sections[] = $section; } $vipbackup = array(); $oldvips = array(); if (isset($sections['virtualip']) && is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $vip) { if ($vip['mode'] == "carp") { $key = $vip['interface'] . "_vip" . $vip['vhid']; $oldvips[$key]['content'] = $vip['password'] . $vip['advskew'] . $vip['subnet'] . $vip['subnet_bits'] . $vip['advbase']; $oldvips[$key]['interface'] = $vip['interface']; $oldvips[$key]['subnet'] = $vip['subnet']; } else { if ($vip['mode'] == "ipalias" && (substr($vip['interface'], 0, 4) == '_vip' || strstr($vip['interface'], "lo0"))) { $oldvips[$vip['subnet']]['content'] = $vip['interface'] . $vip['subnet'] . $vip['subnet_bits']; $oldvips[$vip['subnet']]['interface'] = $vip['interface']; $oldvips[$vip['subnet']]['subnet'] = $vip['subnet']; } else { if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && !(substr($vip['interface'], 0, 4) == '_vip') || strstr($vip['interface'], "lo0")) { $vipbackup[] = $vip; } } } } } /* For vip section, first keep items sent from the master */ $config = array_merge_recursive_unique($config, $sections); /* * Then add ipalias and proxyarp types already defined * on the backup */ if (is_array($vipbackup) && !empty($vipbackup)) { if (!is_array($config['virtualip'])) { $config['virtualip'] = array(); } if (!is_array($config['virtualip']['vip'])) { $config['virtualip']['vip'] = array(); } foreach ($vipbackup as $vip) { array_unshift($config['virtualip']['vip'], $vip); } } /* Log what happened */ $mergedkeys = implode(",", array_merge(array_keys($sections), $syncd_full_sections)); write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys)); /* * The real work on handling the vips specially * This is a copy of intefaces_vips_configure with addition of * not reloading existing/not changed carps */ if (isset($sections['virtualip']) && is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { $carp_setuped = false; $anyproxyarp = false; foreach ($config['virtualip']['vip'] as $vip) { $key = "{$vip['interface']}_vip{$vip['vhid']}"; if ($vip['mode'] == "carp" && isset($oldvips[$key])) { if ($oldvips[$key]['content'] == $vip['password'] . $vip['advskew'] . $vip['subnet'] . $vip['subnet_bits'] . $vip['advbase'] && does_vip_exist($vip)) { unset($oldvips[$key]); /* * Skip reconfiguring this vips * since nothing has changed. */ continue; } } elseif ($vip['mode'] == "ipalias" && strstr($vip['interface'], "_vip") && isset($oldvips[$vip['subnet']])) { $key = $vip['subnet']; if ($oldvips[$key]['content'] == $vip['interface'] . $vip['subnet'] . $vip['subnet_bits'] && does_vip_exist($vip)) { unset($oldvips[$key]); /* * Skip reconfiguring this vips * since nothing has changed. */ continue; } unset($oldvips[$key]); } switch ($vip['mode']) { case "proxyarp": $anyproxyarp = true; break; case "ipalias": interface_ipalias_configure($vip); break; case "carp": $carp_setuped = true; interface_carp_configure($vip); break; } } /* Cleanup remaining old carps */ foreach ($oldvips as $oldvipar) { $oldvipif = get_real_interface($oldvipar['interface']); if (empty($oldvipif)) { continue; } if (is_ipaddrv6($oldvipar['subnet'])) { mwexec("/sbin/ifconfig " . escapeshellarg($oldvipif) . " inet6 " . escapeshellarg($oldvipar['subnet']) . " delete"); } else { pfSense_interface_deladdress($oldvipif, $oldvipar['subnet']); } } if ($carp_setuped == true) { interfaces_sync_setup(); } if ($anyproxyarp == true) { interface_proxyarp_configure(); } } if ($old_ipsec_enabled !== ipsec_enabled()) { vpn_ipsec_configure(); } unset($old_config); return true; }
$savemsg = gettext("CARP has been enabled."); if (is_array($config['virtualip']['vip'])) { $viparr =& $config['virtualip']['vip']; foreach ($viparr as $vip) { switch ($vip['mode']) { case "carp": interface_carp_configure($vip); sleep(1); break; case "carpdev-dhcp": interface_carpdev_configure($vip); sleep(1); break; case "ipalias": if (strstr($vip['interface'], "_vip")) { interface_ipalias_configure($vip); } break; } } } interfaces_carp_setup(); mwexec("/sbin/sysctl net.inet.carp.allow=1"); } } $status = get_carp_status(); $pgtitle = array(gettext("Status"), gettext("CARP")); include "head.inc"; ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC">
function restore_config_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; $params = xmlrpc_params_to_php($raw_params); if (!xmlrpc_auth($params)) { xmlrpc_authfail(); return $xmlrpc_g['return']['authfail']; } // Some sections should just be copied and not merged or we end // up unable to sync the deletion of the last item in a section $sync_full = array('ipsec', 'aliases', 'wol', 'load_balancer', 'openvpn', 'cert', 'ca', 'crl', 'schedules'); $sync_full_done = array(); foreach ($sync_full as $syncfull) { if (isset($params[0][$syncfull])) { $config[$syncfull] = $params[0][$syncfull]; unset($params[0][$syncfull]); $sync_full_done[] = $syncfull; } } $vipbackup = array(); $oldvips = array(); if (isset($params[0]['virtualip'])) { if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $vipindex => $vip) { if ($vip['mode'] == "carp") { $oldvips["{$vip['interface']}_vip{$vip['vhid']}"] = "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}"; } else { if ($vip['mode'] == "ipalias" && strstr($vip['interface'], "_vip")) { $oldvips[$vip['subnet']] = "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}"; } else { if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && !strstr($vip['interface'], "_vip")) { $vipbackup[] = $vip; } } } } } } // For vip section, first keep items sent from the master $config = array_merge_recursive_unique($config, $params[0]); /* Then add ipalias and proxyarp types already defined on the backup */ if (is_array($vipbackup) && !empty($vipbackup)) { if (!is_array($config['virtualip'])) { $config['virtualip'] = array(); } if (!is_array($config['virtualip']['vip'])) { $config['virtualip']['vip'] = array(); } foreach ($vipbackup as $vip) { array_unshift($config['virtualip']['vip'], $vip); } } /* Log what happened */ $mergedkeys = implode(",", array_merge(array_keys($params[0]), $sync_full_done)); write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys)); /* * The real work on handling the vips specially * This is a copy of intefaces_vips_configure with addition of not reloading existing/not changed carps */ if (isset($params[0]['virtualip']) && is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { $carp_setuped = false; $anyproxyarp = false; foreach ($config['virtualip']['vip'] as $vip) { if ($vip['mode'] == "carp" && isset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"])) { if ($oldvips["{$vip['interface']}_vip{$vip['vhid']}"] == "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}") { if (does_vip_exist($vip)) { unset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"]); continue; // Skip reconfiguring this vips since nothing has changed. } } unset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"]); } else { if ($vip['mode'] == "ipalias" && strstr($vip['interface'], "_vip") && isset($oldvips[$vip['subnet']])) { if ($oldvips[$vip['subnet']] = "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}") { if (does_vip_exist($vip)) { unset($oldvips[$vip['subnet']]); continue; // Skip reconfiguring this vips since nothing has changed. } } unset($oldvips[$vip['subnet']]); } } switch ($vip['mode']) { case "proxyarp": $anyproxyarp = true; break; case "ipalias": interface_ipalias_configure(&$vip); break; case "carp": if ($carp_setuped == false) { $carp_setuped = true; } interface_carp_configure($vip); break; case "carpdev-dhcp": interface_carpdev_configure($vip); break; } } /* Cleanup remaining old carps */ foreach ($oldvips as $oldvipif => $oldvippar) { if (!is_ipaddr($oldvipif) && does_interface_exist($oldvipif)) { pfSense_interface_destroy($oldvipif); } } if ($carp_setuped == true) { interfaces_carp_setup(); } if ($anyproxyarp == true) { interface_proxyarp_configure(); } } return $xmlrpc_g['return']['true']; }