diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc
index 7b75abd6a..e215f3612 100644
--- a/src/etc/inc/interfaces.inc
+++ b/src/etc/inc/interfaces.inc
@@ -1770,67 +1770,25 @@ function interfaces_carp_setup()
echo gettext("Configuring CARP settings...");
mute_kernel_msgs();
}
+ set_single_sysctl("net.inet.carp.preempt", "1");
- /* suck in configuration items */
- if (isset($config['hasync'])) {
- if (isset($config['hasync']['pfsyncenabled'])) {
- $pfsyncenabled = $config['hasync']['pfsyncenabled'];
- }
- if (isset($config['hasync']['pfsyncinterface'])) {
- $pfsyncinterface = $config['hasync']['pfsyncinterface'];
- }
- if (isset($config['hasync']['pfsyncpeerip'])) {
- $pfsyncpeerip = $config['hasync']['pfsyncpeerip'];
- }
- } else {
- unset($pfsyncinterface);
- unset($pfsyncenabled);
- }
-
- set_sysctl(array(
- "net.inet.carp.preempt" => "1",
- "net.inet.carp.log" => "1"
- ));
-
- if (!empty($pfsyncinterface)) {
- $carp_sync_int = get_real_interface($pfsyncinterface);
- } else {
- unset($carp_sync_int);
+ if (!empty($config['hasync']['pfsyncinterface'])) {
+ $carp_sync_int = get_real_interface($config['hasync']['pfsyncinterface']);
}
/* setup pfsync interface */
- if (!empty($carp_sync_int) && isset($pfsyncenabled)) {
- if (is_ipaddr($pfsyncpeerip)) {
- $syncpeer = "syncpeer {$pfsyncpeerip}";
+ if (!empty($carp_sync_int) && isset($config['hasync']['pfsyncenabled'])) {
+ if (isset($config['hasync']['pfsyncpeerip']) && is_ipaddr($config['hasync']['pfsyncpeerip'])) {
+ $syncpeer = "syncpeer " . $config['hasync']['pfsyncpeerip'];
} else {
$syncpeer = "-syncpeer";
}
mwexec("/sbin/ifconfig pfsync0 syncdev {$carp_sync_int} {$syncpeer} up", false);
-
- sleep(1);
-
- /* XXX: Handle an issue with pfsync(4) and carp(4). In a cluster carp will come up before pfsync(4) has updated and so will cause issues
- * for existing sessions.
- */
- log_error("waiting for pfsync...");
- $i = 0;
- while (intval(trim(`/sbin/ifconfig pfsync0 | /usr/bin/grep 'syncok: 0' | /usr/bin/grep -v grep | /usr/bin/wc -l`)) == 0 && $i < 30) {
- $i++;
- sleep(1);
- }
- log_error("pfsync done in $i seconds.");
- log_error("Configuring CARP settings finalize...");
} else {
mwexec("/sbin/ifconfig pfsync0 -syncdev -syncpeer down", false);
}
- if (isset($config['virtualip']['vip']) && $config['virtualip']['vip']) {
- set_single_sysctl("net.inet.carp.allow", "1");
- } else {
- set_single_sysctl("net.inet.carp.allow", "0");
- }
-
if (file_exists("/var/run/booting")) {
unmute_kernel_msgs();
echo gettext("done.") . "\n";
@@ -1906,29 +1864,21 @@ function interfaces_vips_configure($interface = '')
$carp_setuped = false;
$anyproxyarp = false;
foreach ($config['virtualip']['vip'] as $vip) {
- switch ($vip['mode']) {
- case "proxyarp":
- /* nothing it is handled on interface_proxyarp_configure() */
- if ($interface <> "" && $vip['interface'] <> $interface) {
- continue;
- }
- $anyproxyarp = true;
- break;
- case "ipalias":
- if ($interface <> "" && $vip['interface'] <> $interface) {
- continue;
- }
- interface_ipalias_configure($vip);
- break;
- case "carp":
- if ($interface <> "" && $vip['interface'] <> $interface) {
- continue;
- }
- if ($carp_setuped == false) {
- $carp_setuped = true;
- }
- interface_carp_configure($vip);
- break;
+ if ($interface == "" || $vip['interface'] == $interface) {
+ switch ($vip['mode']) {
+ case "proxyarp":
+ $anyproxyarp = true;
+ break;
+ case "ipalias":
+ interface_ipalias_configure($vip);
+ break;
+ case "carp":
+ if ($carp_setuped == false) {
+ $carp_setuped = true;
+ }
+ interface_carp_configure($vip);
+ break;
+ }
}
}
if ($carp_setuped == true) {
@@ -1948,10 +1898,6 @@ function interface_ipalias_configure(&$vip)
return;
}
- if ($vip['interface'] != 'lo0' && !isset($config['interfaces'][$vip['interface']])) {
- return;
- }
-
if ($vip['interface'] != 'lo0' && !isset($config['interfaces'][$vip['interface']]['enable'])) {
return;
}
@@ -1972,6 +1918,11 @@ function interface_carp_configure(&$vip)
return;
}
+ // when CARP is temporary disabled, don't try to configure on any interface-up events
+ if (get_single_sysctl('net.inet.carp.allow') == '0') {
+ return;
+ }
+
/* NOTE: Maybe its useless nowdays */
$realif = get_real_interface($vip['interface']);
if (!does_interface_exist($realif)) {
@@ -4262,45 +4213,6 @@ function guess_interface_from_ip($ipaddress)
}
-
-/****f* interfaces/link_ip_to_carp_interface
- * NAME
- * link_ip_to_carp_interface - Find where a CARP interface links to.
- * INPUTS
- * $ip
- * RESULT
- * $carp_ints
- ******/
-function link_ip_to_carp_interface($ip)
-{
- global $config;
-
- if (!is_ipaddr($ip)) {
- return;
- }
-
- $carp_ints = '';
- if (isset($config['virtualip']['vip'])) {
- $first = 0;
- $carp_int = array();
- foreach ($config['virtualip']['vip'] as $vip) {
- if ($vip['mode'] == "carp") {
- $carp_ip = $vip['subnet'];
- $carp_sn = $vip['subnet_bits'];
- $carp_nw = gen_subnet($carp_ip, $carp_sn);
- if (ip_in_subnet($ip, "{$carp_nw}/{$carp_sn}")) {
- $carp_int[] = get_real_interface($vip['interface']);
- }
- }
- }
- if (!empty($carp_int)) {
- $carp_ints = implode(" ", array_unique($carp_int));
- }
- }
-
- return $carp_ints;
-}
-
function link_interface_to_track6($int, $action = '')
{
global $config;
diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
index 06bccd4ba..814e64874 100644
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -118,9 +118,7 @@ function activate_sysctls()
"net.enc.in.ipsec_bpf_mask" => "0x0002",
"net.enc.in.ipsec_filter_mask" => "0x0002",
"net.enc.out.ipsec_bpf_mask" => "0x0001",
- "net.enc.out.ipsec_filter_mask" => "0x0001",
- 'net.inet.carp.senderr_demotion_factor' => '0',
- 'net.pfsync.carp_demotion_factor' => '0',
+ "net.enc.out.ipsec_filter_mask" => "0x0001"
);
if (isset($config['sysctl']['item'])) {
diff --git a/src/etc/rc.carpbackup b/src/etc/rc.carpbackup
index c77ef4340..5d202ffb9 100755
--- a/src/etc/rc.carpbackup
+++ b/src/etc/rc.carpbackup
@@ -58,9 +58,3 @@ if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'
}
}
-$pluginparams = array();
-$pluginparams['type'] = 'carp';
-$pluginparams['event'] = 'rc.carpbackup';
-$pluginparams['interface'] = $argv[1];
-
-?>
diff --git a/src/etc/rc.carpmaster b/src/etc/rc.carpmaster
index 4988ac0f4..b7d131c1a 100755
--- a/src/etc/rc.carpmaster
+++ b/src/etc/rc.carpmaster
@@ -66,9 +66,3 @@ if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'
}
}
-$pluginparams = array();
-$pluginparams['type'] = 'carp';
-$pluginparams['event'] = 'rc.carpmaster';
-$pluginparams['interface'] = $argv[1];
-
-?>
diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml b/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml
index a0b72ea5c..a76963404 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml
@@ -164,7 +164,9 @@
-
+
+
+
diff --git a/src/www/carp_status.php b/src/www/carp_status.php
index 0fffea09d..530884632 100644
--- a/src/www/carp_status.php
+++ b/src/www/carp_status.php
@@ -30,65 +30,58 @@
require_once("guiconfig.inc");
require_once("interfaces.inc");
-function interfaces_carp_set_maintenancemode($carp_maintenancemode)
-{
- global $config;
-
- if (isset($config["virtualip_carp_maintenancemode"]) && $carp_maintenancemode == false) {
- unset($config["virtualip_carp_maintenancemode"]);
- write_config("Leave CARP maintenance mode");
- } elseif (!isset($config["virtualip_carp_maintenancemode"]) && $carp_maintenancemode == true) {
- $config["virtualip_carp_maintenancemode"] = true;
- write_config("Enter CARP maintenance mode");
- }
-
- if (isset($config['virtualip']['vip'])) {
- $viparr = &$config['virtualip']['vip'];
- foreach ($viparr as $vip) {
- if ($vip['mode'] == 'carp') {
- interface_carp_configure($vip);
- }
- }
- }
-}
-
// init $config['virtualip']['vip']
if ( !isset($config['virtualip']['vip']) || !is_array($config['virtualip']['vip'])) {
$config['virtualip']['vip'] = array();
}
$a_vip = &$config['virtualip']['vip'];
+$act = null;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!empty($_POST['carp_maintenancemode'])) {
- interfaces_carp_set_maintenancemode(!isset($config["virtualip_carp_maintenancemode"]));
+ $act = "maintenance";
+ if (isset($config["virtualip_carp_maintenancemode"])) {
+ unset($config["virtualip_carp_maintenancemode"]);
+ write_config("Leave CARP maintenance mode");
+ } else {
+ $config["virtualip_carp_maintenancemode"] = true;
+ write_config("Enter CARP maintenance mode");
+ }
} elseif (!empty($_POST['disablecarp'])) {
if (get_single_sysctl('net.inet.carp.allow') > 0) {
- $carp_counter = 0;
+ $act = "disable";
+ $savemsg = gettext("All virtual IPs have been disabled. Please note that disabling does not survive a reboot.");
set_single_sysctl('net.inet.carp.allow', '0');
- foreach ($a_vip as $vip) {
- switch ($vip['mode']) {
- case "carp":
- interface_vip_bring_down($vip);
- $carp_counter++;
- sleep(1);
- break;
- }
- }
- $savemsg = sprintf(gettext("%s IPs have been disabled. Please note that disabling does not survive a reboot."), $carp_counter);
} else {
+ $act = "enable";
$savemsg = gettext("CARP has been enabled.");
- foreach ($a_vip as $vip) {
- switch ($vip['mode']) {
- case "carp":
- interface_carp_configure($vip);
- sleep(1);
- break;
- }
- }
interfaces_carp_setup();
set_single_sysctl('net.inet.carp.allow', '1');
}
}
+ foreach ($a_vip as $vip) {
+ if ($vip['mode'] == 'carp') {
+ switch ($act) {
+ case 'maintenance':
+ interface_carp_configure($vip);
+ break;
+ case 'disable':
+ interface_vip_bring_down($vip);
+ break;
+ case 'enable':
+ interface_carp_configure($vip);
+ break;
+ default:
+ break;
+ }
+ }
+ }
+ header(url_safe('Location: carp_status.php?savemsg=%s', array($savemsg)));
+ exit;
+} elseif ($_SERVER['REQUEST_METHOD'] === 'GET') {
+ if (!empty($_GET['savemsg'])) {
+ $savemsg = htmlspecialchars($_GET['savemsg']);
+ }
}
$carpcount = 0;