Force Config Sync : restart IPv6 CARP

dominique.fournier

Hi

When I click on "Force Config Sync" on a cluster CARP master, the slave start the following commands (I put a error_log in mwexec command, in /etc/inc/util.inc line 1010) :

Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/ifconfig lan_vip12 inet6 2001:www:xxx:203::fe prefixlen 64 vhid 12 advskew 100 advbase 2  pass 'xxxx'' start
Jan  2 14:12:46 pfsense2 kernel: lan_vip12: link state changed to DOWN
Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/ifconfig wan_vip13 inet6 2001:www:xxx:2ff::42 prefixlen 64 vhid 13 advskew 100 advbase 2  pass 'xxxx'' start
Jan  2 14:12:46 pfsense2 kernel: lan_vip12: INIT -> BACKUP
Jan  2 14:12:46 pfsense2 kernel: lan_vip12: link state changed to DOWN
Jan  2 14:12:46 pfsense2 kernel: wan_vip13: link state changed to DOWN
Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/ifconfig opt1_vip14 inet6 2001:www:xxx:201::fe prefixlen 64 vhid 14 advskew 100 advbase 2  pass 'xxxx'' start
Jan  2 14:12:46 pfsense2 kernel: wan_vip13: INIT -> BACKUP
Jan  2 14:12:46 pfsense2 kernel: wan_vip13: link state changed to DOWN
Jan  2 14:12:46 pfsense2 kernel: opt1_vip14: link state changed to DOWN
Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/ifconfig opt8_vip17 inet6 2001:www:xxx:02d2::fe prefixlen 64 vhid 17 advskew 100 advbase 2  pass 'xxxx'' start
Jan  2 14:12:46 pfsense2 kernel: opt1_vip14: INIT -> BACKUP
Jan  2 14:12:46 pfsense2 kernel: opt1_vip14: link state changed to DOWN
Jan  2 14:12:46 pfsense2 kernel: opt8_vip17: link state changed to DOWN
Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/ifconfig opt9_vip19 inet6 2001:www:xxx:215::fe prefixlen 64 vhid 19 advskew 100 advbase 3  pass 'xxxx'' start
Jan  2 14:12:46 pfsense2 kernel: opt8_vip17: INIT -> BACKUP
Jan  2 14:12:46 pfsense2 kernel: opt8_vip17: link state changed to DOWN
Jan  2 14:12:46 pfsense2 kernel: opt9_vip19: link state changed to DOWN
Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/sysctl net.inet.carp.preempt=1' start
Jan  2 14:12:46 pfsense2 kernel: opt9_vip19: INIT -> BACKUP
Jan  2 14:12:46 pfsense2 kernel: opt9_vip19: link state changed to DOWN
Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command 'sbin/sysctl net.inet.carp.log=1' start
Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/ifconfig pfsync0 syncdev em1 syncpeer 192.168.254.1 up' start
Jan  2 14:12:46 pfsense2 php: : Message sent to admin@domain OK
Jan  2 14:12:46 pfsense2 php: : Message sent to admin@domain OK
Jan  2 14:12:47 pfsense2 php: : Message sent to admin@domain  OK
Jan  2 14:12:47 pfsense2 php: : Message sent to admin@domain OK
Jan  2 14:12:47 pfsense2 php: : Message sent to admin@domain  OK
Jan  2 14:12:47 pfsense2 php: /xmlrpc.php: waiting for pfsync...

My problem is : I don't change the CARP interfaces !! So they should not be restarted.

I think the function used to detect the changes is not working for IPv6… because the IPv4 CARP are not restarted.

dominique.fournier

Well, After debugging the problem, I have the following issue : pfSense_getall_interface_addresses (opt8_vip17) send an empty array

I found the opt8_vip17 interface in ifconfig :

opt8_vip17: flags=49 <up,loopback,running>metric 0 mtu 1500
	inet6 fe80::200:5eff:fe00:111%opt8_vip17 prefixlen 64 scopeid 0x20 
	inet6 2001:660:530d:2d2::fe prefixlen 64 
	nd6 options=3 <performnud,accept_rtadv>carp: BACKUP vhid 17 advbase 2 advskew 100</performnud,accept_rtadv></up,loopback,running> 

I found the function pfSense_getall_interface_addresses in pfSense.c but I don't understand how it works.

It works well for IPv4 CARP, but no way to IPv6.
IPv6 carp are wan_vip13, opt1_vip14, lan_vip12, opt8_vip17 and opt9_vip19
Any idea ?

databeestje

The pfSense module does not have support for IPv6 yet, complicating issues.

dominique.fournier

Strange because I think it was working at the end of summer. I add more CARP interfaces since this epoc but I think it was working well in IPv6. Any idea ?

dominique.fournier

I propose the following code to solve the problem.
The pfSense_getall_interface_addresses function is used only on time : on CARP reload. So I don't use it and I use an other way to have the information.

What do you think about this ?

diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc
index 07d621d..0d3d658 100644
--- a/etc/inc/interfaces.inc
+++ b/etc/inc/interfaces.inc
@@ -86,6 +86,21 @@ function does_interface_exist($interface) {
                return false;
 }

+function getall_interface_addresses ($realif) 
+{
+  // Return an array with all the IPs defined on a physical interface
+  $ipv4 = get_interface_ip ($realif);
+  $ipv6 = get_interface_ipv6 ($realif);
+  $nm4 = get_interface_subnet ($realif);
+  $nm6 = get_interface_subnetv6 ($realif);
+  $ips = array ();
+  if ($ipv4 !== NULL)
+    $ips[] = "$ipv4/$nm4";
+  if ($ipv6 !== NULL)
+    $ips[] = "$ipv6/$nm6";
+  return $ips;
+}
+
 /*
  * does_vip_exist($vip): return true or false if a vip is
  * configured.
@@ -116,7 +131,7 @@ function does_vip_exist($vip) {
                return false;
        }

-       $ifacedata = pfSense_getall_interface_addresses($realif);
+       $ifacedata = getall_interface_addresses($realif);
        foreach ($ifacedata as $vipips) {
                if ($vipips == "{$vip['subnet']}/{$vip['subnet_bits']}")
                        return true;