From 161ff20d69b5b613bae7fccd2e76a9febd52dc5e Mon Sep 17 00:00:00 2001 From: fhloston Date: Thu, 21 Oct 2021 15:28:01 +0200 Subject: [PATCH] add enablecarp to softether (#2172) --- .../src/etc/inc/plugins.inc.d/softether.inc | 13 ++++ .../src/etc/rc.syshook.d/carp/50-softether | 70 +++++++++++++++++++ .../OPNsense/Softether/forms/general.xml | 13 ++++ .../app/models/OPNsense/Softether/General.xml | 13 ++++ .../OPNsense/Softether/softether_server | 3 + 5 files changed, 112 insertions(+) create mode 100755 security/softether/src/etc/rc.syshook.d/carp/50-softether diff --git a/security/softether/src/etc/inc/plugins.inc.d/softether.inc b/security/softether/src/etc/inc/plugins.inc.d/softether.inc index 93a337adb..e11d8b839 100644 --- a/security/softether/src/etc/inc/plugins.inc.d/softether.inc +++ b/security/softether/src/etc/inc/plugins.inc.d/softether.inc @@ -32,6 +32,19 @@ function softether_enabled() return (string)$model->enabled == '1'; } +function softether_carp_enabled() +{ + $model = new \OPNsense\Softether\General(); + return (string)$model->enabled == '1' && + (string)$model->enablecarp == '1'; +} + +function softether_carp_interfaces() +{ + $model = new \OPNsense\Softether\General(); + return (string)$model->carpinterfaces; +} + function softether_services() { $services = array(); diff --git a/security/softether/src/etc/rc.syshook.d/carp/50-softether b/security/softether/src/etc/rc.syshook.d/carp/50-softether new file mode 100755 index 000000000..ca50c43ca --- /dev/null +++ b/security/softether/src/etc/rc.syshook.d/carp/50-softether @@ -0,0 +1,70 @@ +#!/usr/local/bin/php + + * Copyright (C) 2004 Scott Ullrich + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once('config.inc'); +require_once('util.inc'); +require_once('interfaces.inc'); +require_once('plugins.inc.d/softether.inc'); + +if (softether_carp_enabled()) { + // XXX: carp enable/disable mode + $subsystem = !empty($argv[1]) ? $argv[1] : ''; + $type = !empty($argv[2]) ? $argv[2] : ''; + + if ($type != 'MASTER' && $type != 'BACKUP') { + log_error("Carp '$type' event unknown from source '{$subsystem}'"); + exit(1); + } + + if (!strstr($subsystem, '@')) { + log_error("Carp '$type' event triggered from wrong source '{$subsystem}'"); + exit(1); + } + + list ($vhid, $iface) = explode('@', $subsystem); + $friendly = convert_real_interface_to_friendly_interface_name($iface); + + if (!(strpos(softether_carp_interfaces(),$friendly) !== false)) { + exit(0); + } + + switch ($type) { + case 'MASTER': + touch('/var/run/softether/CARP_MASTER'); + shell_exec('/usr/local/etc/rc.d/softether_server start'); + break; + case 'BACKUP': + if (file_exists('/var/run/softether/CARP_MASTER')) { + unlink('/var/run/softether/CARP_MASTER'); + } + shell_exec('/usr/local/etc/rc.d/softether_server stop'); + break; + } +} diff --git a/security/softether/src/opnsense/mvc/app/controllers/OPNsense/Softether/forms/general.xml b/security/softether/src/opnsense/mvc/app/controllers/OPNsense/Softether/forms/general.xml index c5a99db13..8e738f5d4 100644 --- a/security/softether/src/opnsense/mvc/app/controllers/OPNsense/Softether/forms/general.xml +++ b/security/softether/src/opnsense/mvc/app/controllers/OPNsense/Softether/forms/general.xml @@ -5,4 +5,17 @@ checkbox This will activate SoftEther vpnserver process. + + general.enablecarp + + checkbox + This will activate the vpnserver service only on the master device. + + + general.carpinterfaces + + select_multiple + + Type or select interface. + diff --git a/security/softether/src/opnsense/mvc/app/models/OPNsense/Softether/General.xml b/security/softether/src/opnsense/mvc/app/models/OPNsense/Softether/General.xml index 743f6585d..05968a34c 100644 --- a/security/softether/src/opnsense/mvc/app/models/OPNsense/Softether/General.xml +++ b/security/softether/src/opnsense/mvc/app/models/OPNsense/Softether/General.xml @@ -7,5 +7,18 @@ 0 Y + + 0 + Y + + + N + Y + + Y + + /^(?!0).*$/ + + diff --git a/security/softether/src/opnsense/service/templates/OPNsense/Softether/softether_server b/security/softether/src/opnsense/service/templates/OPNsense/Softether/softether_server index 72a7f3048..29fcf7190 100644 --- a/security/softether/src/opnsense/service/templates/OPNsense/Softether/softether_server +++ b/security/softether/src/opnsense/service/templates/OPNsense/Softether/softether_server @@ -1,6 +1,9 @@ {% if helpers.exists('OPNsense.softether.general.enabled') and OPNsense.softether.general.enabled == '1' %} softether_server_var_script="/usr/local/opnsense/scripts/OPNsense/Softether/setup.sh" softether_server_enable="YES" +{% if helpers.exists('OPNsense.softether.general.enablecarp') and OPNsense.softether.general.enablecarp == '1' %} +required_files="/var/run/softether/CARP_MASTER" +{% endif %} {% else %} softether_server_enable="NO" {% endif %}