Interfaces: Virtual IPs: Settings - Improve address cleanup so modifications to VIPs are less likely to end up with multiple interfaces using the same address.

With the previous code it was quite easy to move an address to another interface after which that address was configured on both (new and old).
2026-03-13 08:09:41 +00:00 · 2023-05-09 16:57:48 +02:00 · 2023-05-09 16:57:48 +02:00 · c2f407ca4c
commit c2f407ca4c
parent 58528970e0
2 changed files with 20 additions and 11 deletions
--- a/src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/VipSettingsController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/VipSettingsController.php
@ -140,7 +140,14 @@ class VipSettingsController extends ApiMutableModelControllerBase
    {
        $node = $this->getModel()->getNodeByReference('vip.' . $uuid);
        $validations = [];
-        if ($node != null && explode('/', $_POST['vip']['network'])[0] != (string)$node->subnet) {
+        $post_subnet = '';
+        $post_interface = '';
+        if (isset($_POST['vip'])) {
+            $post_subnet = !empty($_POST['vip']['network']) ? explode('/', $_POST['vip']['network'])[0] : '';
+            $post_interface = !empty($_POST['vip']['interface']) ? $_POST['vip']['interface'] : '';
+        }
+
+        if ($node != null && $post_subnet != (string)$node->subnet) {
            $validations = $this->getModel()->whereUsed((string)$node->subnet);
            if (!empty($validations)) {
                // XXX a bit unpractical, but we can not validate previous values from the model so
@ -151,10 +158,11 @@ class VipSettingsController extends ApiMutableModelControllerBase
                        'vip.network' => array_slice($validations, 0, 2)
                    ]
                ];
-            } elseif (!file_exists("/tmp/delete_vip_{$uuid}.todo")) {
-                file_put_contents("/tmp/delete_vip_{$uuid}.todo", (string)$node->subnet);
            }
        }
+        if ($node != null && ($post_subnet != (string)$node->subnet || $post_interface != (string)$node->interface)) {
+            file_put_contents("/tmp/delete_vip_{$uuid}.todo", (string)$node->subnet . "\n", FILE_APPEND);
+        }

        return $this->handleFormValidations($this->setBase('vip', 'vip', $uuid, $this->getVipOverlay()));
    }
@ -186,8 +194,8 @@ class VipSettingsController extends ApiMutableModelControllerBase
            throw new UserException(implode('<br/>', array_slice($validations, 0, 5)), gettext("Item in use by"));
        }
        $response = $this->delBase("vip", $uuid);
-        if (($response['result'] ?? '') == 'deleted' && !file_exists("/tmp/delete_vip_{$uuid}.todo")) {
-            file_put_contents("/tmp/delete_vip_{$uuid}.todo", (string)$node->subnet);
+        if (($response['result'] ?? '') == 'deleted') {
+            file_put_contents("/tmp/delete_vip_{$uuid}.todo", (string)$node->subnet . "\n", FILE_APPEND);
        }
        return $response;
    }
--- a/src/opnsense/scripts/interfaces/reconfigure_vips.php
+++ b/src/opnsense/scripts/interfaces/reconfigure_vips.php
@ -60,12 +60,13 @@ foreach (legacy_interfaces_details() as $ifname => $ifcnf) {

 // remove deleted vips
 foreach (glob("/tmp/delete_vip_*.todo") as $filename) {
-    $address = trim(file_get_contents($filename));
-    if (isset($addresses[$address])) {
-        legacy_interface_deladdress($addresses[$address]['if'], $address, is_ipaddrv6($address) ? 6 : 4);
-    } else {
-        // not found, likely proxy arp
-        $anyproxyarp = true;
+    foreach (array_unique(explode("\n", trim(file_get_contents($filename)))) as $address) {
+        if (isset($addresses[$address])) {
+            legacy_interface_deladdress($addresses[$address]['if'], $address, is_ipaddrv6($address) ? 6 : 4);
+        } else {
+            // not found, likely proxy arp
+            $anyproxyarp = true;
+        }
    }
    unlink($filename);
 }