From 20118288e243a058cdb9ca94ca33a2bd97576e76 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Thu, 2 Apr 2015 16:21:56 +0000
Subject: [PATCH] last bits and pieces for
 https://github.com/opnsense/core/issues/117 although rc.filter_synchronize
 really needs a rewrite at a later moment.

---
 src/etc/inc/filter.inc                        |  1 +
 src/etc/inc/util.inc                          |  2 +-
 src/etc/rc.filter_synchronize                 | 31 +++++++++++--------
 src/opnsense/service/conf/actions_filter.conf |  5 +--
 src/www/status_filter_reload.php              |  1 +
 5 files changed, 24 insertions(+), 16 deletions(-)

diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index 8f34ccaeb..546d0a570 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -121,6 +121,7 @@ function filter_configure()
 	 */
 	if (!file_exists("/var/run/booting")) {
 		send_event('filter reload');
+		send_event('filter sync restart');
 	}
 }
 
diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc
index 0bc5723df..9ecc0d165 100644
--- a/src/etc/inc/util.inc
+++ b/src/etc/inc/util.inc
@@ -1464,7 +1464,7 @@ function is_interface_mismatch()
 /* sync carp entries to other firewalls */
 function carp_sync_client()
 {
-	send_event('filter sync');
+	send_event('filter sync load');
 }
 
 /****f* util/isAjax
diff --git a/src/etc/rc.filter_synchronize b/src/etc/rc.filter_synchronize
index 034f7e2dd..91c25b57e 100755
--- a/src/etc/rc.filter_synchronize
+++ b/src/etc/rc.filter_synchronize
@@ -37,7 +37,7 @@ require_once("functions.inc");
 require_once("filter.inc");
 require_once("shaper.inc");
 require_once("interfaces.inc");
-require_once("XMLRPC_client.inc") ;
+require_once("XMLRPC_Client.inc") ;
 
 /*
  *  backup_vip_config_section($section): returns as an xml file string of
@@ -83,7 +83,7 @@ function remove_special_characters($string) {
 	return $string;
 }
 
-function carp_check_version($url, $username, $password, $method = 'opnsense.host_firmware_version') {
+function carp_check_version($url, $username, $password, $method = 'opnsense.firmware_version') {
 	global $config, $g;
 
 	if (file_exists('/var/run/booting')) {
@@ -136,7 +136,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens
 	$config_copy = $config;
 
 	/* strip out nosync items */
-	if (is_array($config_copy['nat']['outbound']['rule'])) {
+	if (is_array($config_copy['nat']) && is_array($config_copy['nat']['outbound']['rule'])) {
 		$rulescnt = count($config_copy['nat']['outbound']['rule']);
 		for ($x = 0; $x < $rulescnt; $x++) {
 			$config_copy['nat']['outbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['outbound']['rule'][$x]['descr']);
@@ -144,7 +144,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens
 				unset ($config_copy['nat']['outbound']['rule'][$x]);
 		}
 	}
-	if (is_array($config_copy['nat']['rule'])) {
+	if (is_array($config_copy['nat']) && is_array($config_copy['nat']['rule'])) {
 		$natcnt = count($config_copy['nat']['rule']);
 		for ($x = 0; $x < $natcnt; $x++) {
 			$config_copy['nat']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['rule'][$x]['descr']);
@@ -152,7 +152,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens
 				unset ($config_copy['nat']['rule'][$x]);
 		}
 	}
-	if (is_array($config_copy['filter']['rule'])) {
+	if (is_array($config_copy['filter']) && is_array($config_copy['filter']['rule'])) {
 		$filtercnt = count($config_copy['filter']['rule']);
 		for ($x = 0; $x < $filtercnt; $x++) {
 			$config_copy['filter']['rule'][$x]['descr'] = remove_special_characters($config_copy['filter']['rule'][$x]['descr']);
@@ -160,7 +160,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens
 				unset ($config_copy['filter']['rule'][$x]);
 		}
 	}
-	if (is_array($config_copy['aliases']['alias'])) {
+	if (is_array($config_copy['aliases']) && is_array($config_copy['aliases']['alias'])) {
 		$aliascnt = count($config_copy['aliases']['alias']);
 		for ($x = 0; $x < $aliascnt; $x++) {
 			$config_copy['aliases']['alias'][$x]['descr'] = remove_special_characters($config_copy['aliases']['alias'][$x]['descr']);
@@ -168,7 +168,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens
 				unset ($config_copy['aliases']['alias'][$x]);
 		}
 	}
-	if (is_array($config_copy['dnsmasq']['hosts'])) {
+	if (is_array($config_copy['dnsmasq']) && is_array($config_copy['dnsmasq']['hosts'])) {
 		$dnscnt = count($config_copy['dnsmasq']['hosts']);
 		for ($x = 0; $x < $dnscnt; $x++) {
 			$config_copy['dnsmasq']['hosts'][$x]['descr'] = remove_special_characters($config_copy['dnsmasq']['hosts'][$x]['descr']);
@@ -176,7 +176,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens
 				unset ($config_copy['dnsmasq']['hosts'][$x]);
 		}
 	}
-	if (is_array($config_copy['ipsec']['tunnel'])) {
+	if (is_array($config_copy['ipsec']) && is_array($config_copy['ipsec']['tunnel'])) {
 		$ipseccnt = count($config_copy['ipsec']['tunnel']);
 		for ($x = 0; $x < $ipseccnt; $x++) {
 			$config_copy['ipsec']['tunnel'][$x]['descr'] = remove_special_characters($config_copy['ipsec']['tunnel'][$x]['descr']);
@@ -267,10 +267,9 @@ if (is_array($config['hasync'])) {
 	if (!empty($config['system']['webgui']['protocol'])) {
 		$port = $config['system']['webgui']['port'];
 		if (!empty($port)) {
-			$synchronizeto =  $config['system']['webgui']['protocol'] . '://'.$hasync['synchronizetoip'].':'.$port;
-		} elseif ($config['system']['webgui']['protocol'] == "http") {
-			$synchronizeto =  $config['system']['webgui']['protocol'] . '://'.$hasync['synchronizetoip'] ;
+			$synchronizeto =  $config['system']['webgui']['protocol'] . '://'.$hasync['synchronizetoip'].':'.$port."/xmlrpc.php";
 		} else {
+			$synchronizeto =  $config['system']['webgui']['protocol'] . '://'.$hasync['synchronizetoip']."/xmlrpc.php" ;
 		}
 	}
 
@@ -375,12 +374,18 @@ if (is_array($config['hasync'])) {
 	else
 		$username = $hasync['username'];
 
-	if (!carp_check_version($synchronizeto, $username, $hasync['password'], $port))
+	if (!carp_check_version($synchronizeto, $username, $hasync['password']))
 		exit;
 
 	update_filter_reload_status("Signaling CARP reload signal...");
-	carp_sync_xml($synchronizeto, $username, $hasync['password'], $sections, $port);
+	carp_sync_xml($synchronizeto, $username, $hasync['password'], $sections);
 
+	if (count($argv) <= 1 || $argv[1] != 'restart' ) {
+		// only sync data, no reload
+		// TODO: config sync probably needs more thinking, but when we always force a reload 
+		// TODO: the machine tends to get sloppy
+		exit;
+	}
 	$client = new SimpleXMLRPC_Client($synchronizeto,240);
 	$client->setCredentials($username, $hasync['password']);
 	if ($client->query("opnsense.filter_configure")) {
diff --git a/src/opnsense/service/conf/actions_filter.conf b/src/opnsense/service/conf/actions_filter.conf
index 6f64f0b62..3f695377f 100644
--- a/src/opnsense/service/conf/actions_filter.conf
+++ b/src/opnsense/service/conf/actions_filter.conf
@@ -18,6 +18,7 @@ message:Reloading filter
 
 [sync]
 command:/usr/local/etc/rc.filter_synchronize
-parameters:
+parameters:%s
 type:script
-message:Syncing firewall
+message:Syncing firewall %s
+
diff --git a/src/www/status_filter_reload.php b/src/www/status_filter_reload.php
index 97a6df2cf..13d0a1179 100644
--- a/src/www/status_filter_reload.php
+++ b/src/www/status_filter_reload.php
@@ -42,6 +42,7 @@ if($_GET['getstatus']) {
 }
 if($_POST['reloadfilter']) {
 	send_event("filter reload");
+        send_event("filter sync reload")
 	header("Location: status_filter_reload.php");
 	exit;
 }