// init $config['virtualip']['vip']
if (!isset($config['virtualip']['vip']) || !is_array($config['virtualip']['vip'])) {
$config['virtualip']['vip'] = array();
}
$a_vip =& $config['virtualip']['vip'];
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!empty($_POST['carp_maintenancemode'])) {
interfaces_carp_set_maintenancemode(!isset($config["virtualip_carp_maintenancemode"]));
} elseif (!empty($_POST['disablecarp'])) {
if (get_single_sysctl('net.inet.carp.allow') > 0) {
$carp_counter = 0;
set_single_sysctl('net.inet.carp.allow', '0');
foreach ($a_vip as $vip) {
switch ($vip['mode']) {
case "carp":
interface_vip_bring_down($vip);
$carp_counter++;
sleep(1);
break;
}
}
$savemsg = sprintf(gettext("%s IPs have been disabled. Please note that disabling does not survive a reboot."), $carp_counter);
} else {
$savemsg = gettext("CARP has been enabled.");
foreach ($a_vip as $vip) {
switch ($vip['mode']) {
case "carp":
interface_carp_configure($vip);
sleep(1);
break;
}
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
$user = getUserEntry($_SESSION['Username']);
if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) {
header("Location: firewall_virtual_ip.php");
exit;
}
session_write_close();
// Special case since every proxyarp vip is handled by the same daemon.
if ($a_vip[$_GET['id']]['mode'] == "proxyarp") {
$viface = $a_vip[$_GET['id']]['interface'];
unset($a_vip[$_GET['id']]);
interface_proxyarp_configure($viface);
} else {
interface_vip_bring_down($a_vip[$_GET['id']]);
unset($a_vip[$_GET['id']]);
}
if (count($config['virtualip']['vip']) == 0) {
unset($config['virtualip']['vip']);
}
write_config();
header("Location: firewall_virtual_ip.php");
exit;
}
}
} else {
if ($_GET['changes'] == "mods" && is_numericint($_GET['id'])) {
$id = $_GET['id'];
}
}
/**
* delete virtual ip
*/
function deleteVIPEntry($id)
{
global $config;
$input_errors = array();
$a_vip =& $config['virtualip']['vip'];
/* make sure no inbound NAT mappings reference this entry */
if (isset($config['nat']['rule'])) {
foreach ($config['nat']['rule'] as $rule) {
if (!empty($rule['destination']['address'])) {
if ($rule['destination']['address'] == $a_vip[$id]['subnet']) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one NAT mapping.");
break;
}
}
}
}
if (is_ipaddrv6($a_vip[$id]['subnet'])) {
$is_ipv6 = true;
$subnet = gen_subnetv6($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']);
$if_subnet_bits = get_interface_subnetv6($a_vip[$id]['interface']);
$if_subnet = gen_subnetv6(get_interface_ipv6($a_vip[$id]['interface']), $if_subnet_bits);
} else {
$is_ipv6 = false;
$subnet = gen_subnet($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']);
$if_subnet_bits = get_interface_subnet($a_vip[$id]['interface']);
$if_subnet = gen_subnet(get_interface_ip($a_vip[$id]['interface']), $if_subnet_bits);
}
$subnet .= "/" . $a_vip[$id]['subnet_bits'];
$if_subnet .= "/" . $if_subnet_bits;
if (isset($config['gateways']['gateway_item'])) {
foreach ($config['gateways']['gateway_item'] as $gateway) {
if ($a_vip[$id]['interface'] != $gateway['interface']) {
continue;
}
if ($is_ipv6 && $gateway['ipprotocol'] == 'inet') {
continue;
}
if (!$is_ipv6 && $gateway['ipprotocol'] == 'inet6') {
continue;
}
if (ip_in_subnet($gateway['gateway'], $if_subnet)) {
continue;
}
if (ip_in_subnet($gateway['gateway'], $subnet)) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one Gateway.");
break;
}
}
}
if ($a_vip[$id]['mode'] == "ipalias") {
$subnet = gen_subnet($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']) . "/" . $a_vip[$id]['subnet_bits'];
$found_if = false;
$found_carp = false;
$found_other_alias = false;
if ($subnet == $if_subnet) {
$found_if = true;
}
$vipiface = $a_vip[$id]['interface'];
foreach ($a_vip as $vip_id => $vip) {
if ($vip_id != $id) {
if ($vip['interface'] == $vipiface && ip_in_subnet($vip['subnet'], $subnet)) {
if ($vip['mode'] == "carp") {
$found_carp = true;
} else {
if ($vip['mode'] == "ipalias") {
$found_other_alias = true;
}
}
}
}
}
if ($found_carp === true && $found_other_alias === false && $found_if === false) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by a CARP IP with the description") . " {$vip['descr']}.";
}
}
if (count($input_errors) == 0) {
// Special case since every proxyarp vip is handled by the same daemon.
if ($a_vip[$id]['mode'] == "proxyarp") {
$viface = $a_vip[$id]['interface'];
unset($a_vip[$id]);
interface_proxyarp_configure($viface);
} else {
interface_vip_bring_down($a_vip[$id]);
unset($a_vip[$id]);
}
if (count($config['virtualip']['vip']) == 0) {
unset($config['virtualip']['vip']);
}
}
return $input_errors;
}
