New RFC2136 Updates / Fixes


  • Rebel Alliance Developer Netgate

    I pushed a bunch of updates to RFC2136 today to bring it more in line with the other dyndns type.

    Improvements include:

    • Cached IP support and checking to avoid updating too often / unnecessarily
    • Fixed double click row to edit RFC2136 entry
    • Added an option, off by default, to find and use the public IP if the interface IP is private
    • Made the display of RFC2136 items in the list also show the cached IP, the server IP, etc.
    • Included RFC2136 hosts in DNS rebinding exclusions
    • Included RFC2136 hosts in HTTP_REFERER exclusions (and DynDNS hosts, too, those weren't in there yet)

    The only thing left on my little todo list now is Gateway Group support, which may or may not happen.

    Unless anyone else has any ideas.

    It should be in the next available new snapshot.



  • Nice work.
    Time must have been permitting.  ;)
    Thank you.



  • What would the logic be when registering gateways in a gateway group?

    • Register the VIP addresses of all the live gateways in the lowest numbered tier.

    • If one or more gateways go down in that tier, unregister them.

    • if all the gateways go down in that tier then unregister them and register all the up gateways in the next higher tier.

    • If any of the gateways in the lower tier come back alive, register the VIPs of those gateways and unregister the VIPs of the gateways from the higher tier.

    What else did I miss?

    Thanks,

    Shahid


  • Rebel Alliance Developer Netgate

    Nothing that fancy.

    • Register the IP on the interface that is active in the failover group (Or VIP if chosen)
    • When a WAN fails, register whatever is now the new preferred IP for the failover gateway group.

    That isn't done yet, not sure if it will make 2.1.

    There could be more logic to handle multiple gateways on the same tier but that code doesn't exist anywhere yet. For now all it needs is the same logic that is currently used by the other DynDNS mechanism.



  • I've made an attempt to add gateway groups support to RFC2136. Its in pull request 799.

    Based on my limited testing it appears to be working.

    One caveat is that if the DNS server is to be reached through the same gateway that may have just flipped then the update using UDP is not always successful.

    In my tests where the DNS server was on the LAN side, it updated consistently every time when the gateway group failed over.

    And if this looks good then I would like to add a pull request for RELENG_2_1 as well.

    Thanks,

    Shahid



  • Incase anyone else is interested in this, here is the patch.

    Save it to say /tmp/799.patch and run from root like:

    [2.1-RC2][root@fw04]/(6): patch -p1 < /tmp/799.patch
    
    From bef50779f3c4f0211484806907d59584f7c040ee Mon Sep 17 00:00:00 2001
    From: Shahid Sheikh
    Date: Sun, 8 Sep 2013 02:50:25 -0400
    Subject: [PATCH 1/7] Update services_rfc2136.php
    
    Added support for gateway groups.
    ---
     usr/local/www/services_rfc2136.php | 16 +++++++++++-----
     1 file changed, 11 insertions(+), 5 deletions(-)
    
    diff --git a/usr/local/www/services_rfc2136.php b/usr/local/www/services_rfc2136.php
    index f3c3488..d2ff036 100644
    --- a/usr/local/www/services_rfc2136.php
    +++ b/usr/local/www/services_rfc2136.php
    @@ -1,7 +1,7 @@
      /* $Id$ */
     /*
    -	Copyright (C) 2008 Ermal Luçi
    +	Copyright (C) 2008 Ermal Lu�i
     	All rights reserved.
    
     	Redistribution and use in source and binary forms, with or without
    @@ -76,18 +76,24 @@
    
    -		  
    +		  
    
    -		  
    -		  
    +		  
    +		  
    
    -				     
    +				     
    
    |  |  |  |  |  |  |  |  |  | 		 		 		
    | 
     		   			$iflist = get_configured_interface_with_descr();
    +			$grouplist = return_gateway_groups_array();
    +			foreach ($grouplist as $name => $group) {
    +				if($group['ipprotocol'] != inet)
    +					continue;
    +				$iflist[$name] = $name;
    +			}
     			foreach ($iflist as $if => $ifdesc) {
     				if ($rfc2136['interface'] == $if) {
     					if (!isset($rfc2136['enable']))
    @@ -184,4 +190,4 @@
    
    -
    \ No newline at end of file
    +
    -- 
    1.8.4
    
    From a8c58f3014dc01a17c392e63280cd7622dc66eb4 Mon Sep 17 00:00:00 2001
    From: Shahid Sheikh
    Date: Sun, 8 Sep 2013 03:05:33 -0400
    Subject: [PATCH 2/7] Update services_rfc2136_edit.php
    
    Added support for gateway groups.
    ---
     usr/local/www/services_rfc2136_edit.php | 12 +++++++++---
     1 file changed, 9 insertions(+), 3 deletions(-)
    
    diff --git a/usr/local/www/services_rfc2136_edit.php b/usr/local/www/services_rfc2136_edit.php
    index 965940f..1158fc6 100644
    --- a/usr/local/www/services_rfc2136_edit.php
    +++ b/usr/local/www/services_rfc2136_edit.php
    @@ -1,7 +1,7 @@
      /* $Id$ */
     /*
    -	Copyright (C) 2008 Ermal Luçi
    +	Copyright (C) 2008 Ermal Lu�i
     	All rights reserved.
    
     	Redistribution and use in source and binary forms, with or without
    @@ -136,11 +136,17 @@
     				   | 				
    |  |  | 
     				   <select name="interface" class="formselect" id="interface">-				   		foreach ($iflist as $if => $ifdesc):?>+						$grouplist = return_gateway_groups_array();+						foreach ($grouplist as $name => $group) {+							if($group['ipprotocol'] != inet)+								continue;+							$iflist[$name] = "GW Group: {$name}";+						}+						foreach ($iflist as $if => $ifdesc):?> 							<option value="<?=$if;?>" <?php="" if="" ($pconfig['interface']="=" $if)="" echo="" "selected";?="">></option></select> 
    -- 
    1.8.4
    
    From 556939086e24cc342c9bd1261d3edb3e7769ec6b Mon Sep 17 00:00:00 2001
    From: Shahid Sheikh
    Date: Sun, 8 Sep 2013 03:11:15 -0400
    Subject: [PATCH 3/7] Update services.inc
    
    Added support for gateway groups in rfc2136.
    ---
     etc/inc/services.inc | 7 +++++++
     1 file changed, 7 insertions(+)
    
    diff --git a/etc/inc/services.inc b/etc/inc/services.inc
    index 14d1233..48ab3a8 100644
    --- a/etc/inc/services.inc
    +++ b/etc/inc/services.inc
    @@ -1983,6 +1983,13 @@ function services_dnsupdate_process($int = "", $updatehost = "", $forced = false
    
     			/* determine interface name */
     			$if = get_real_interface($dnsupdate['interface']);
    +			/* if the real interface is not found then this may be a gateway group. */
    +			if ($if == "") {
    +				$a_groups = return_gateway_groups_array();
    +				if (is_array($a_groups[$dnsupdate['interface']])) {
    +					$if = $dnsupdate['interface'];
    +				}
    +			}
     			$wanip = get_interface_ip($dnsupdate['interface']);
     			$wanipv6 = get_interface_ipv6($dnsupdate['interface']);
    
    -- 
    1.8.4
    
    From 44c14a2ec231c499b1783e20d9941b82bbb44946 Mon Sep 17 00:00:00 2001
    From: Shahid Sheikh
    Date: Sun, 8 Sep 2013 08:43:26 -0400
    Subject: [PATCH 4/7] Update services.inc
    
    Gateway groups support for RFC2136 - rc.dyndns.update sends the interface friendly name instead of the gateway name. Find out based on interface name if we need to do an update.
    ---
     etc/inc/services.inc | 5 ++++-
     1 file changed, 4 insertions(+), 1 deletion(-)
    
    diff --git a/etc/inc/services.inc b/etc/inc/services.inc
    index 48ab3a8..b6fbbaf 100644
    --- a/etc/inc/services.inc
    +++ b/etc/inc/services.inc
    @@ -1973,13 +1973,16 @@ function services_dnsupdate_process($int = "", $updatehost = "", $forced = false
     	/* Dynamic DNS updating active? */
     	if (is_array($config['dnsupdates']['dnsupdate'])) {
     		$notify_text = "";
    +		$gwgroups = interface_gateway_group_member($int);
     		foreach ($config['dnsupdates']['dnsupdate'] as $i => $dnsupdate) {
     			if (!isset($dnsupdate['enable']))
     				continue;
    -			if (!empty($int) && $int != $dnsupdate['interface'])
    +			if (!empty($int) && $int != $dnsupdate['interface'] && !gwgroups)
     				continue;
     			if (!empty($updatehost) && ($updatehost != $dnsupdate['host']))
     				continue;
    +			if ($gwgroups && !empty($int) && !in_array($dnsupdate['interface'], $gwgroups))
    +				continue;
    
     			/* determine interface name */
     			$if = get_real_interface($dnsupdate['interface']);
    -- 
    1.8.4
    
    From af4ca98831e1b6b7f6cbfacfd29333c14dbf0a45 Mon Sep 17 00:00:00 2001
    From: Shahid Sheikh
    Date: Sun, 8 Sep 2013 08:49:10 -0400
    Subject: [PATCH 5/7] Change interface_gateway_group_member($interface) to
     return members
    
    interface_gateway_group_member($interface) now returns the list of gateways instead of true.
    ---
     etc/inc/gwlb.inc | 17 +++++++++++------
     1 file changed, 11 insertions(+), 6 deletions(-)
    
    diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc
    index 1adc751..90d7ca7 100644
    --- a/etc/inc/gwlb.inc
    +++ b/etc/inc/gwlb.inc
    @@ -952,21 +952,24 @@ function interface_gateway_group_member($interface) {
     		return false;
    
     	$gateways_arr = return_gateways_array(false, true);
    +	$members = array();
     	foreach($groups as $group) {
     		if(is_array($group['item'])) {
     			foreach($group['item'] as $item) {
     				$elements = explode("|", $item);
     				$gwname = $elements[0];
    -				if ($interface == $gateways_arr[$gwname]['interface']) {
    +				if ($interface == $gateways_arr[$gwname]['friendlyiface']) {
     					unset($gateways_arr);
    -					return true;
    +					$members[] = $group['name'];
     				}
     			}
     		}
     	}
     	unset($gateways_arr);
    -
    -	return false;
    +	if (empty($members))
    +		return false;
    +	else
    +		return $members;
     }
    
     function gateway_is_gwgroup_member($name) {
    @@ -988,7 +991,9 @@ function gateway_is_gwgroup_member($name) {
     			}
     		}
     	}
    -
    -	return $members;
    +	if (empty($members))
    +		return false;
    +	else
    +		return $members;
     }
     ?>
    -- 
    1.8.4
    
    From edf4a04744a583435c477e01932facdd02abef46 Mon Sep 17 00:00:00 2001
    From: Shahid Sheikh
    Date: Sun, 8 Sep 2013 09:20:51 -0400
    Subject: [PATCH 6/7] Add support for gateway groups
    
    Changed list header and column widths. Added GW group names to first column.
    ---
     usr/local/www/services_rfc2136.php | 2 +-
     1 file changed, 1 insertion(+), 1 deletion(-)
    
    diff --git a/usr/local/www/services_rfc2136.php b/usr/local/www/services_rfc2136.php
    index d2ff036..09c885b 100644
    --- a/usr/local/www/services_rfc2136.php
    +++ b/usr/local/www/services_rfc2136.php
    @@ -76,7 +76,7 @@
    
    -		  
    +		  
    
    -- 
    1.8.4
    
    From f95e1ec9ba1c38e289872d2d08ed5f7e0fa9d470 Mon Sep 17 00:00:00 2001
    From: Shahid Sheikh
    Date: Sun, 8 Sep 2013 09:23:34 -0400
    Subject: [PATCH 7/7] Added support for gateway groups
    
    Populate gateway groups in list.
    ---
     usr/local/www/services_rfc2136_edit.php | 2 +-
     1 file changed, 1 insertion(+), 1 deletion(-)
    
    diff --git a/usr/local/www/services_rfc2136_edit.php b/usr/local/www/services_rfc2136_edit.php
    index 1158fc6..9e99b76 100644
    --- a/usr/local/www/services_rfc2136_edit.php
    +++ b/usr/local/www/services_rfc2136_edit.php
    @@ -144,7 +144,7 @@
     						foreach ($grouplist as $name => $group) {
     							if($group['ipprotocol'] != inet)
     								continue;
    -							$iflist[$name] = "GW Group: {$name}";
    +							$iflist[$name] = "GW Group {$name}";
     						}
     						foreach ($iflist as $if => $ifdesc):?>
    <option value="<?=$if;?>" <?php="" if="" ($pconfig['interface']="=" $if)="" echo="" "selected";?="">></option>
    -- 
    1.8.4
    
    |  |  |  |  |  | 							
    
     |
    
    

  • Rebel Alliance Developer Netgate

    FYI- pull requests are automatically made into patches by github.

    You can just feed https://github.com/pfsense/pfsense/pull/799.patch into the system patches package to test it.


Log in to reply