Force Config Sync : restart IPv6 CARP



  • Hi

    When I click on "Force Config Sync" on a cluster CARP master, the slave start the following commands (I put a error_log in mwexec command, in /etc/inc/util.inc line 1010) :

    Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/ifconfig lan_vip12 inet6 2001:www:xxx:203::fe prefixlen 64 vhid 12 advskew 100 advbase 2  pass 'xxxx'' start
    Jan  2 14:12:46 pfsense2 kernel: lan_vip12: link state changed to DOWN
    Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/ifconfig wan_vip13 inet6 2001:www:xxx:2ff::42 prefixlen 64 vhid 13 advskew 100 advbase 2  pass 'xxxx'' start
    Jan  2 14:12:46 pfsense2 kernel: lan_vip12: INIT -> BACKUP
    Jan  2 14:12:46 pfsense2 kernel: lan_vip12: link state changed to DOWN
    Jan  2 14:12:46 pfsense2 kernel: wan_vip13: link state changed to DOWN
    Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/ifconfig opt1_vip14 inet6 2001:www:xxx:201::fe prefixlen 64 vhid 14 advskew 100 advbase 2  pass 'xxxx'' start
    Jan  2 14:12:46 pfsense2 kernel: wan_vip13: INIT -> BACKUP
    Jan  2 14:12:46 pfsense2 kernel: wan_vip13: link state changed to DOWN
    Jan  2 14:12:46 pfsense2 kernel: opt1_vip14: link state changed to DOWN
    Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/ifconfig opt8_vip17 inet6 2001:www:xxx:02d2::fe prefixlen 64 vhid 17 advskew 100 advbase 2  pass 'xxxx'' start
    Jan  2 14:12:46 pfsense2 kernel: opt1_vip14: INIT -> BACKUP
    Jan  2 14:12:46 pfsense2 kernel: opt1_vip14: link state changed to DOWN
    Jan  2 14:12:46 pfsense2 kernel: opt8_vip17: link state changed to DOWN
    Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/ifconfig opt9_vip19 inet6 2001:www:xxx:215::fe prefixlen 64 vhid 19 advskew 100 advbase 3  pass 'xxxx'' start
    Jan  2 14:12:46 pfsense2 kernel: opt8_vip17: INIT -> BACKUP
    Jan  2 14:12:46 pfsense2 kernel: opt8_vip17: link state changed to DOWN
    Jan  2 14:12:46 pfsense2 kernel: opt9_vip19: link state changed to DOWN
    Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/sysctl net.inet.carp.preempt=1' start
    Jan  2 14:12:46 pfsense2 kernel: opt9_vip19: INIT -> BACKUP
    Jan  2 14:12:46 pfsense2 kernel: opt9_vip19: link state changed to DOWN
    Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command 'sbin/sysctl net.inet.carp.log=1' start
    Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/ifconfig pfsync0 syncdev em1 syncpeer 192.168.254.1 up' start
    Jan  2 14:12:46 pfsense2 php: : Message sent to admin@domain OK
    Jan  2 14:12:46 pfsense2 php: : Message sent to admin@domain OK
    Jan  2 14:12:47 pfsense2 php: : Message sent to admin@domain  OK
    Jan  2 14:12:47 pfsense2 php: : Message sent to admin@domain OK
    Jan  2 14:12:47 pfsense2 php: : Message sent to admin@domain  OK
    Jan  2 14:12:47 pfsense2 php: /xmlrpc.php: waiting for pfsync...
    
    

    My problem is : I don't change the CARP interfaces !! So they should not be restarted.

    I think the function used to detect the changes is not working for IPv6… because the IPv4 CARP are not restarted.



  • Well, After debugging the problem, I have the following issue : pfSense_getall_interface_addresses (opt8_vip17) send an empty array

    I found the opt8_vip17 interface in ifconfig :

    opt8_vip17: flags=49 <up,loopback,running>metric 0 mtu 1500
    	inet6 fe80::200:5eff:fe00:111%opt8_vip17 prefixlen 64 scopeid 0x20 
    	inet6 2001:660:530d:2d2::fe prefixlen 64 
    	nd6 options=3 <performnud,accept_rtadv>carp: BACKUP vhid 17 advbase 2 advskew 100</performnud,accept_rtadv></up,loopback,running> 
    

    I found the function pfSense_getall_interface_addresses in pfSense.c but I don't understand how it works.

    It works well for IPv4 CARP, but no way to IPv6.
    IPv6 carp are wan_vip13, opt1_vip14, lan_vip12, opt8_vip17 and opt9_vip19
    Any idea ?



  • The pfSense module does not have support for IPv6 yet, complicating issues.



  • Strange because I think it was working at the end of summer. I add more CARP interfaces since this epoc but I think it was working well in IPv6. Any idea ?



  • I propose the following code to solve the problem.
    The pfSense_getall_interface_addresses function is used only on time : on CARP reload. So I don't use it and I use an other way to have the information.

    What do you think about this ?

    diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc
    index 07d621d..0d3d658 100644
    --- a/etc/inc/interfaces.inc
    +++ b/etc/inc/interfaces.inc
    @@ -86,6 +86,21 @@ function does_interface_exist($interface) {
                    return false;
     }
    
    +function getall_interface_addresses ($realif) 
    +{
    +  // Return an array with all the IPs defined on a physical interface
    +  $ipv4 = get_interface_ip ($realif);
    +  $ipv6 = get_interface_ipv6 ($realif);
    +  $nm4 = get_interface_subnet ($realif);
    +  $nm6 = get_interface_subnetv6 ($realif);
    +  $ips = array ();
    +  if ($ipv4 !== NULL)
    +    $ips[] = "$ipv4/$nm4";
    +  if ($ipv6 !== NULL)
    +    $ips[] = "$ipv6/$nm6";
    +  return $ips;
    +}
    +
     /*
      * does_vip_exist($vip): return true or false if a vip is
      * configured.
    @@ -116,7 +131,7 @@ function does_vip_exist($vip) {
                    return false;
            }
    
    -       $ifacedata = pfSense_getall_interface_addresses($realif);
    +       $ifacedata = getall_interface_addresses($realif);
            foreach ($ifacedata as $vipips) {
                    if ($vipips == "{$vip['subnet']}/{$vip['subnet_bits']}")
                            return true;
    
    

Locked