From fdbd32be08fb31b9cc10bb6cf11833f25ea85e9a Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Wed, 18 Feb 2026 09:03:37 +0100 Subject: [PATCH] backend: use config_read_array() non-insert mode mode iteration of virtual IPs --- src/etc/inc/auth.inc | 2 +- src/etc/inc/interfaces.inc | 67 +++++++++++------------------ src/etc/inc/plugins.inc.d/ipsec.inc | 2 +- src/etc/inc/plugins.inc.d/radvd.inc | 4 +- 4 files changed, 28 insertions(+), 47 deletions(-) diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index 80957f4dd8..b2f09c323b 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -49,7 +49,7 @@ $userindex = index_users(); */ function isAuthLocalIP($http_host) { - foreach (config_read_array('virtualip', 'vip') as $vip) { + foreach (config_read_array('virtualip', 'vip', false) as $vip) { if ($vip['subnet'] == $http_host) { return true; } diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index f3ee29e37a..cded75c7b6 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -838,7 +838,7 @@ function interface_reset($interface, $ifacecfg = false, $suspend = false) } if (!$suspend) { - foreach (config_read_array('virtualip', 'vip') as $vip) { + foreach (config_read_array('virtualip', 'vip', false) as $vip) { if ($vip['interface'] == $interface) { interface_vip_bring_down($vip); } @@ -1432,7 +1432,7 @@ function interfaces_pfsync_configure() function interface_proxyarp_configure($interface = '') { - global $config; + $paa = []; /* kill any running choparp, on restart "all" */ if (empty($interface)) { @@ -1441,17 +1441,14 @@ function interface_proxyarp_configure($interface = '') } } - $paa = []; - if (isset($config['virtualip']['vip'])) { - /* group by interface */ - foreach ($config['virtualip']['vip'] as $vipent) { - if ($vipent['mode'] === "proxyarp") { - if (empty($interface) || $interface == $vipent['interface']) { - if (empty($paa[$vipent['interface']])) { - $paa[$vipent['interface']] = []; - } - $paa[$vipent['interface']][] = $vipent; + /* group by interface */ + foreach (config_read_array('virtualip', 'vip', false) as $vipent) { + if ($vipent['mode'] === 'proxyarp') { + if (empty($interface) || $interface == $vipent['interface']) { + if (empty($paa[$vipent['interface']])) { + $paa[$vipent['interface']] = []; } + $paa[$vipent['interface']][] = $vipent; } } } @@ -1478,17 +1475,11 @@ function interface_proxyarp_configure($interface = '') function interfaces_vips_configure($interface, $family = null) { - global $config; - - if (!isset($config['virtualip']['vip'])) { - return; - } - $proxyarp = false; $pfsync = false; $dad = false; - foreach ($config['virtualip']['vip'] as $vip) { + foreach (config_read_array('virtualip', 'vip', false) as $vip) { if ($vip['interface'] != $interface) { continue; } @@ -3510,12 +3501,10 @@ function convert_friendly_interface_to_friendly_descr($interface) return !empty($config['interfaces'][$interface]['descr']) ? $config['interfaces'][$interface]['descr'] : strtoupper($interface); } elseif (strstr($interface, '_vip')) { - if (isset($config['virtualip']['vip'])) { - foreach ($config['virtualip']['vip'] as $counter => $vip) { - if ($vip['mode'] == 'carp') { - if ($interface == "{$vip['interface']}_vip{$vip['vhid']}") { - return "{$vip['descr']} ({$vip['subnet']})"; - } + foreach (config_read_array('virtualip', 'vip', false) as $vip) { + if ($vip['mode'] == 'carp') { + if ($interface == "{$vip['interface']}_vip{$vip['vhid']}") { + return "{$vip['descr']} ({$vip['subnet']})"; } } } @@ -3696,7 +3685,7 @@ function link_interface_to_gre($interface, $update = false, $family = null) foreach (config_read_array('gres', 'gre') as $gre) { $parent = explode('_vip', $gre['if'])[0]; if (is_ipaddr($parent)) { - foreach (config_read_array('virtualip', 'vip') as $vip) { + foreach (config_read_array('virtualip', 'vip', false) as $vip) { if ($vip['mode'] == 'ipalias' && $vip['subnet'] == $parent) { $parent = $vip['interface']; break; @@ -3751,23 +3740,15 @@ function link_interface_to_gif($interface, $update = false, $family = null) function ip_in_interface_alias_subnet($interface, $ipalias) { - global $config; - if (empty($interface) || !is_ipaddr($ipalias)) { return false; } - if (isset($config['virtualip']['vip'])) { - foreach ($config['virtualip']['vip'] as $vip) { - switch ($vip['mode']) { - case "ipalias": - if ($vip['interface'] != $interface) { - break; - } - $subnet = is_ipaddrv6($ipalias) ? gen_subnetv6($vip['subnet'], $vip['subnet_bits']) : gen_subnet($vip['subnet'], $vip['subnet_bits']); - if (ip_in_subnet($ipalias, $subnet . "/" . $vip['subnet_bits'])) { - return true; - } - break; + + foreach (config_read_array('virtualip', 'vip', false) as $vip) { + if ($vip['mode'] == 'ipalias' && $vip['interface'] == $interface) { + $subnet = is_ipaddrv6($ipalias) ? gen_subnetv6($vip['subnet'], $vip['subnet_bits']) : gen_subnet($vip['subnet'], $vip['subnet_bits']); + if (ip_in_subnet($ipalias, "{$subnet}/{$vip['subnet_bits']}")) { + return true; } } } @@ -3782,7 +3763,7 @@ function get_interface_ip($interface, $ifconfig_details = null) } if (strstr($interface, '_vip')) { - foreach (config_read_array('virtualip', 'vip') as $vip) { + foreach (config_read_array('virtualip', 'vip', false) as $vip) { if ($vip['mode'] == 'carp') { if ($interface == "{$vip['interface']}_vip{$vip['vhid']}" && is_ipaddrv4($vip['subnet'])) { return $vip['subnet']; @@ -3803,7 +3784,7 @@ function get_interface_ipv6($interface, $ifconfig_details = null, $mode = 'prima } if (strstr($interface, '_vip')) { - foreach (config_read_array('virtualip', 'vip') as $vip) { + foreach (config_read_array('virtualip', 'vip', false) as $vip) { if ($vip['mode'] == 'carp') { if ($interface == "{$vip['interface']}_vip{$vip['vhid']}" && is_ipaddrv6($vip['subnet'])) { return $vip['subnet']; @@ -4015,7 +3996,7 @@ function interfaces_addresses($interfaces, $as_subnet = false, $ifconfig_details } foreach ($result as &$info) { - foreach (config_read_array('virtualip', 'vip') as $vip) { + foreach (config_read_array('virtualip', 'vip', false) as $vip) { if (empty($info['interface']) || $info['interface'] != $vip['interface']) { continue; } diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc index 4b9e372b4f..4ade370068 100644 --- a/src/etc/inc/plugins.inc.d/ipsec.inc +++ b/src/etc/inc/plugins.inc.d/ipsec.inc @@ -854,7 +854,7 @@ function ipsec_setup_pinghosts() } /* if no valid src IP was found in configured interfaces, try the vips */ if (is_null($srcip)) { - foreach (config_read_array('virtualip', 'vip') as $vip) { + foreach (config_read_array('virtualip', 'vip', false) as $vip) { if (ip_in_subnet($vip['subnet'], $local_subnet)) { $srcip = $vip['subnet']; break; diff --git a/src/etc/inc/plugins.inc.d/radvd.inc b/src/etc/inc/plugins.inc.d/radvd.inc index 3477241ef4..7c0085a945 100644 --- a/src/etc/inc/plugins.inc.d/radvd.inc +++ b/src/etc/inc/plugins.inc.d/radvd.inc @@ -223,7 +223,7 @@ function radvd_configure_do($verbose = false, $ignorelist = []) } } - foreach (config_read_array('virtualip', 'vip') as $vip) { + foreach (config_read_array('virtualip', 'vip', false) as $vip) { if ($vip['interface'] != $dhcpv6if || !is_ipaddrv6($vip['subnet'])) { continue; } @@ -453,7 +453,7 @@ function radvd_configure_do($verbose = false, $ignorelist = []) $radvdconf .= " };\n"; } - foreach (config_read_array('virtualip', 'vip') as $vip) { + foreach (config_read_array('virtualip', 'vip', false) as $vip) { if ($vip['interface'] != $if || !is_ipaddrv6($vip['subnet']) || $vip['subnet_bits'] == '128') { continue; }