* Seperate PFSync settings into its own menu area.

* Add IP address field for PFSync interface

3 files changed, 107 insertions, 42 deletions

diff --git a/packages/carp.xml b/packages/carp.xml
index d9028537..48b9c669 100644
--- a/packages/carp.xml
+++ b/packages/carp.xml
@@ -12,7 +12,7 @@
 	</menu>
 	<tabs>
 	    <tab>
-		<text>CARP Settings</text>
+		<text>CARP Virtual IPs</text>
 		<url>/pkg_edit.php?xml=carp.xml</url>
 		<active/>
 	    </tab>
@@ -20,8 +20,18 @@
 		<text>CARP Status</text>
 		<url>carp_status.php</url>
 	    </tab>
+	    <tab>
+		<text>CARP Settings</text>
+		<xml>carp_settings.xml</xml>
+		<active/>
+	    </tab>
 	</tabs>
     	<additional_files_needed>
+	    <prefix>/usr/local/pkg/</prefix>
+	    <chmod>a+x</chmod>
+	    <item>http://www.pfsense.com/packages/config/carp_settings.xml</item>
+	</additional_files_needed>
+    	<additional_files_needed>
 	    <prefix>/usr/local/pkg/pf/</prefix>
 	    <chmod>a+x</chmod>
 	    <item>http://www.pfsense.com/packages/config/carp_rules.php</item>
@@ -48,11 +58,6 @@
 		    <fieldname>advskew</fieldname>
 	    </columnitem>
 	    <columnitem>
-		    <fielddescr>Synchronize State</fielddescr>
-		    <fieldname>pfsync</fieldname>
-		    <type>checkbox</type>
-	    </columnitem>
-	    <columnitem>
 		    <fielddescr>Load Balancing</fielddescr>
 		    <fieldname>balancing</fieldname>
 		    <type>checkbox</type>
@@ -203,18 +208,6 @@
 			</options>
 		</field>
 		<field>
-			<fielddescr>Synchrnoize State</fielddescr>
-			<fieldname>pfsync</fieldname>
-			<description>PFSync transfers state insertion, update, and deletion messages between firewalls. Each firewall sends these messages out via multicast on a specified interface, using the PFSYNC protocol (IP Protocol 240). It also listens on that interface for similar messages from other firewalls, and imports them into the local state table.</description>
-			<type>checkbox</type>
-		</field>
-		<field>
-			<fielddescr>Synchronize Interface</fielddescr>
-			<fieldname>synciface</fieldname>
-			<type>interfaces_selection</type>
-			<description>If Synchronize State is enabled, it will utilize this interface for communication.</description>
-		</field>
-		<field>
 			<fielddescr>Load Balancing</fielddescr>
 			<fieldname>balancing</fieldname>
 			<description>If this feature is enabled, CARP source-hashes the originating IP of a request. The hash is then used to select a virtual host from the available pool to handle the request. This is disabled by default.</description>
@@ -261,17 +254,20 @@
 			  fwrite($fout, $carp_command . "\n");
 			  fwrite($fout, "/sbin/ifconfig carp{$carp_instances_counter} up\n");
 			  if($carp['pfsync'] != "") $pfsync = 1;
-			  if($pfsync != 0) {
-			      /*
-			       * user has selected pfsync, bring it up.
-			       */
-			      fwrite($fout, "/sbin/ifconfig pfsync" . $pfsync_instances_counter . " create \n");
-			      fwrite($fout, "/sbin/ifconfig pfsync" . $pfsync_instances_counter . " up syncif " . convert_friendly_interface_to_real_interface_name($carp['synciface']) . "\n");
-			      $pfsync_instances_counter++;
-			  }
 			  $carp_instances_counter++;
 		      }
 		  }
+		    if($pfsync != 0) {
+			/*
+			 * user has selected pfsync, bring it up.
+			 */
+			$carp_sync_int = convert_friendly_interface_to_real_interface_name($config['installedpackages']['carpsettings']['config']['pfsyncinterface']);
+			$carp_sync_ip  = $config['installedpackages']['carpsettings']['config']['pfsyncip'];
+			fwrite($fout, "/sbin/ifconfig pfsync0 create\n");
+			fwrite($fout, "/sbin/ifconfig pfsync0 {$carp_sync_ip}/24\n");
+			fwrite($fout, "/sbin/ifconfig pfsync0 up syncif " . carp_sync_ip . "\n");
+			$pfsync_instances_counter++;
+		    }
 		  fwrite($fout, "/etc/rc.filter_configure");
 		  fclose($fout);
 		  mwexec("chmod a+x /usr/local/etc/rc.d/carp.sh");
diff --git a/packages/carp_rules.php b/packages/carp_rules.php
index eaf8464a..20fd5988 100644
--- a/packages/carp_rules.php
+++ b/packages/carp_rules.php
@@ -28,34 +28,25 @@
 */
 
 /* return if there are no carp configured items */
-//if($config['installedpackages']['carp']['config']) return;
-
+if($config['installedpackages']['carp']['config']) return;
 mwexec("/sbin/pfctl -a carp -Fr");
-
 /* carp records exist, lets process */
 $wan_interface = get_real_wan_interface();
-$seen_sync_ints = array();
 foreach($config['installedpackages']['carp']['config'] as $carp) {
     $ip = $carp['ipaddress'];
     $int = find_ip_interface($ip);
     $carp_int = find_carp_interface($ip);
-    $carp_sync_int = convert_friendly_interface_to_real_interface_name($carp['synciface']);
     add_rule_to_anchor("carp", "pass out quick on {$carp_int} keep state", $carp_int . "1");
-    if($carp_sync_int <> "") {
-	$already_handled = 0;
-	foreach($seen_sync_ints as $si) {
-	    if($si == $carp_sync_int) $already_handled = 1;
-	}
-	if($already_handled == 0) {
-	    array_push($seen_sync_ints, $carp_sync_int);
-	    add_rule_to_anchor("carp", "pass quick on {$carp_sync_int}", $carp_sync_int . "3");
-	    add_rule_to_anchor("carp", "pass quick on {$carp_sync_int} proto carp from {$carp_sync_int}:network to 224.0.0.18 keep state \(no-sync\)", $carp_sync_int . "2");
-	}
-    }
     if($int <> false and $int <> $wan_interface) {
 	$ipnet = convert_ip_to_network_format($ip, $carp['netmask']);
 	$rule = "nat on {$int} inet from {$ipnet} to any -> ({$carp_int}) \n";
 	add_rule_to_anchor("natrules", $rule, $ip);
     }
 }
+$carp_sync_int = convert_friendly_interface_to_real_interface_name($config['installedpackages']['carpsettings']['config']['pfsyncinterface']);
+if($carp_sync_int <> "") {
+    add_rule_to_anchor("carp", "pass quick on {$carp_sync_int}", $carp_sync_int . "3");
+    add_rule_to_anchor("carp", "pass quick on pfsync0", "pfsync0" . "3");
+    add_rule_to_anchor("carp", "pass quick on {$carp_sync_int} proto carp from {$carp_sync_int}:network to 224.0.0.18 keep state \(no-sync\)", $carp_sync_int . "2");
+}
 
diff --git a/packages/carp_settings.xml b/packages/carp_settings.xml
new file mode 100644
index 00000000..2ec27719
--- /dev/null
+++ b/packages/carp_settings.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<packagegui>
+	<name>carpsettings</name>
+	<version>0.1.0</version>
+	<title>Services: CARP Settings</title>
+	<!-- configpath gets expanded out automatically and config items will be
+         stored in that location -->
+	<configpath>['installedpackages']['carpsettings']['config']</configpath>
+	<!-- Menu is where this packages menu will appear -->
+	<menu>
+	    <name>CARP (failover)</name>
+	    <tooltiptext>CARP is a tool to help achieve system redundancy, by having multiple computers creating a single, virtual network interface between them, so that if any machine fails, another can respond instead, and/or allowing a degree of load sharing between systems. CARP is an improvement over the Virtual Router Redundancy Protocol (VRRP) standard. It was developed after VRRP was deemed to be not free enough because of a possibly-overlapping Cisco patent.</tooltiptext>
+	    <section>Services</section>
+	    <configfile>carp.xml</configfile>
+	</menu>
+	<tabs>
+	    <tab>
+		<text>CARP Virtual IPs</text>
+		<url>/pkg_edit.php?xml=carp.xml</url>
+		<active/>
+	    </tab>
+	    <tab>
+		<text>CARP Status</text>
+		<url>carp_status.php</url>
+	    </tab>
+	    <tab>
+		<text>CARP Settings</text>
+		<xml>carp_settings.xml</xml>
+		<active/>
+	    </tab>
+	</tabs>
+	<adddeleteeditpagefields>
+	    <columnitem>
+		    <fielddescr>PFSync Enabled</fielddescr>
+		    <fieldname>pfsyncenabled</fieldname>
+	    </columnitem>
+	    <columnitem>
+		    <fielddescr>PFSync IP</fielddescr>
+		    <fieldname>pfsyncip</fieldname>
+	    </columnitem>
+	    <columnitem>
+		    <fielddescr>PFSync Interface</fielddescr>
+		    <fieldname>pfsyncinterface</fieldname>
+	    </columnitem>
+	</adddeleteeditpagefields>
+	<!-- fields gets invoked when the user adds or edits a item.   the following items
+         will be parsed and rendered for the user as a gui with input, and selectboxes. -->
+	<fields>
+		<field>
+			<fielddescr>Synchrnoize Enabled</fielddescr>
+			<fieldname>pfsyncenabled</fieldname>
+			<description>PFSync transfers state insertion, update, and deletion messages between firewalls. Each firewall sends these messages out via multicast on a specified interface, using the PFSYNC protocol (IP Protocol 240). It also listens on that interface for similar messages from other firewalls, and imports them into the local state table.</description>
+			<type>checkbox</type>
+		</field>
+		<field>
+			<fielddescr>Synchronize IP Address</fielddescr>
+			<fieldname>pfsyncip</fieldname>
+			<description>PFSync IP Address</description>
+			<type>input</type>
+		</field>
+		<field>
+			<fielddescr>Synchronize Interface</fielddescr>
+			<fieldname>pfsyncinterface</fieldname>
+			<type>interfaces_selection</type>
+			<description>If Synchronize State is enabled, it will utilize this interface for communication.</description>
+		</field>
+	</fields>
+	<custom_php_command_before_form>
+	</custom_php_command_before_form>
+	<custom_php_resync_config_command>
+	</custom_php_resync_config_command>
+	<custom_delete_php_command>
+	</custom_delete_php_command>
+	<custom_php_install_command>
+	</custom_php_install_command>
+	<custom_php_deinstall_command>
+	</custom_php_deinstall_command>
+</packagegui>