merge from v3_1

2026-03-20 10:17:16 +01:00 · 2009-10-03 19:21:45 +00:00 · 2009-10-03 19:21:45 +00:00 · 0bc7e9ff38
commit 0bc7e9ff38
parent a6e9f7d393 1f5ab1b9ec
7 changed files with 138 additions and 29 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-#define BUILD_NUM 1540
+#define BUILD_NUM 1541
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,3 +1,14 @@
+2009-10-03  vadim  <vadim@vk.crocodile.org>
+
+	* PolicyCompiler_ipt.cpp (PolicyCompiler_ipt::insertFailoverRule):
+	Added support for heartbeat over unicast. Protocol options dialog
+	for heartbeat offers checkbox "Use unicast" (off by default, when
+	checked, address input field for the multicast heartbeat address
+	becomes disabled). When checkbox is checked, compiler
+	automatically adds rules to permit unicast heartbeat health checks
+	between addresses of interfaces which are members of the failover
+	group.
+
 2009-10-02  Vadim Kurland  <vadim@vk.crocodile.org>

 	* ProjectPanel.cpp (topLevelChangedForTreePanel): Main window
--- a/src/gui/heartbeatOptionsDialog.cpp
+++ b/src/gui/heartbeatOptionsDialog.cpp
@ -68,6 +68,9 @@ heartbeatOptionsDialog::heartbeatOptionsDialog(QWidget *parent, FWObject *o)
    string port = gropt->getStr("heartbeat_port");
    if (port.empty()) gropt->setStr("heartbeat_port", default_port);

+    data.registerOption(m_dialog->use_unicast,
+                        gropt,
+                        "heartbeat_unicast");
    data.registerOption(m_dialog->heartbeat_address,
                        gropt,
                        "heartbeat_address");
@ -75,6 +78,8 @@ heartbeatOptionsDialog::heartbeatOptionsDialog(QWidget *parent, FWObject *o)
                        gropt,
                        "heartbeat_port");
    data.loadAll();
+
+    toggleUseUnicast();
 }

 heartbeatOptionsDialog::~heartbeatOptionsDialog()
@ -118,3 +123,10 @@ bool heartbeatOptionsDialog::validate()
    return true;
 }

+void heartbeatOptionsDialog::toggleUseUnicast()
+{
+    bool onoff = m_dialog->use_unicast->isChecked();
+    m_dialog->heartbeat_address->setEnabled( ! onoff );
+    m_dialog->heartbeat_address_label->setEnabled( ! onoff );
+}
+
--- a/src/gui/heartbeatOptionsDialog.h
+++ b/src/gui/heartbeatOptionsDialog.h
@ -53,6 +53,7 @@ private:
 protected slots:
    virtual void accept();
    virtual void reject();
+    virtual void toggleUseUnicast();
 };

 #endif // __HEARTBEATOPTIONSDIALOG_H_
--- a/src/gui/heartbeatoptionsdialog_q.ui
+++ b/src/gui/heartbeatoptionsdialog_q.ui
@ -6,7 +6,7 @@
    <x>0</x>
    <y>0</y>
    <width>402</width>
-    <height>282</height>
+    <height>263</height>
   </rect>
  </property>
  <property name="windowTitle" >
@ -79,17 +79,33 @@
        <normaloff>:/Icons/Options</normaloff>:/Icons/Options</iconset>
      </attribute>
      <layout class="QGridLayout" name="gridLayout" >
-       <item row="0" column="0" >
-        <widget class="QLabel" name="label" >
+       <item row="0" column="0" colspan="4" >
+        <widget class="QCheckBox" name="use_unicast" >
+         <property name="toolTip" >
+          <string>Heartbeat should be configured to use unicast address
+of each firewall member for health checks. Firewall Builder
+will add policy rules to permit these automatically.</string>
+         </property>
+         <property name="text" >
+          <string>Use unicast address for heartbeat</string>
+         </property>
+        </widget>
+       </item>
+       <item row="1" column="0" >
+        <widget class="QLabel" name="heartbeat_address_label" >
         <property name="text" >
          <string>Address:</string>
         </property>
        </widget>
       </item>
-       <item row="0" column="1" colspan="2" >
-        <widget class="QLineEdit" name="heartbeat_address" />
+       <item row="1" column="1" colspan="2" >
+        <widget class="QLineEdit" name="heartbeat_address" >
+         <property name="toolTip" >
+          <string>Enter multicat address used for heartbeat health checks here.</string>
+         </property>
+        </widget>
       </item>
-       <item row="0" column="3" >
+       <item row="1" column="3" >
        <spacer name="horizontalSpacer_2" >
         <property name="orientation" >
          <enum>Qt::Horizontal</enum>
@ -102,21 +118,21 @@
         </property>
        </spacer>
       </item>
-       <item row="1" column="0" >
+       <item row="2" column="0" >
        <widget class="QLabel" name="label_2" >
         <property name="text" >
          <string>Port number (udp):</string>
         </property>
        </widget>
       </item>
-       <item row="1" column="1" >
+       <item row="2" column="1" >
        <widget class="QSpinBox" name="heartbeat_port" >
         <property name="maximum" >
          <number>65535</number>
         </property>
        </widget>
       </item>
-       <item row="1" column="2" colspan="2" >
+       <item row="2" column="2" colspan="2" >
        <spacer name="horizontalSpacer" >
         <property name="orientation" >
          <enum>Qt::Horizontal</enum>
@ -129,7 +145,7 @@
         </property>
        </spacer>
       </item>
-       <item row="2" column="0" colspan="4" >
+       <item row="3" column="0" colspan="4" >
        <spacer>
         <property name="orientation" >
          <enum>Qt::Vertical</enum>
@ -190,5 +206,24 @@
    </hint>
   </hints>
  </connection>
+  <connection>
+   <sender>use_unicast</sender>
+   <signal>toggled(bool)</signal>
+   <receiver>heartbeatOptionsDialog_q</receiver>
+   <slot>toggleUseUnicast()</slot>
+   <hints>
+    <hint type="sourcelabel" >
+     <x>204</x>
+     <y>51</y>
+    </hint>
+    <hint type="destinationlabel" >
+     <x>200</x>
+     <y>131</y>
+    </hint>
+   </hints>
+  </connection>
 </connections>
+ <slots>
+  <slot>toggleUseUnicast()</slot>
+ </slots>
 </ui>
--- a/src/iptlib/PolicyCompiler_ipt.cpp
+++ b/src/iptlib/PolicyCompiler_ipt.cpp
@ -74,10 +74,14 @@

 #include <assert.h>

+#include <QString>
+
+
 using namespace libfwbuilder;
 using namespace fwcompiler;
 using namespace std;

+
 static int chain_no=0;
 static std::list<std::string> standard_chains;

@ -4748,6 +4752,29 @@ void PolicyCompiler_ipt::insertFailoverRule()

            if (failover_group->getStr("type") == "heartbeat")
            {
+                /*
+                 * Note that iface is a copy of the cluster inetrface.
+                 * Find interface of the member firewall fw that corresponds
+                 * to the cluster interface iface
+                 */
+
+                string fw_iface_id = iface->getOptionsObject()->getStr("base_interface_id");
+                Interface *fw_iface =
+                    Interface::cast(
+                        dbcopy->findInIndex(FWObjectDatabase::getIntId(fw_iface_id)));
+                if (fw_iface == NULL)
+                {
+                    warning(
+                        QString("Can not find interface of the firewall "
+                                "for the cluster failover group %1. "
+                                "Falling back using cluster interface object.")
+                        .arg(failover_group->getName().c_str()).toStdString());
+                    fw_iface = iface;
+                }
+
+                bool ucast = FailoverClusterGroup::cast(failover_group)->
+                    getOptionsObject()->getBool("heartbeat_unicast");
+
                string addr = FailoverClusterGroup::cast(failover_group)->
                    getOptionsObject()->getStr("heartbeat_address");
                if (addr.empty()) addr = default_heartbeat_address;
@ -4774,12 +4801,35 @@ void PolicyCompiler_ipt::insertFailoverRule()
                heartbeat_srv->setComment("HEARTBEAT UDP port");
                dbcopy->add(heartbeat_srv);

-                rule = addMgmtRule(NULL, heartbeat_dst, heartbeat_srv, iface,
-                                   PolicyRule::Inbound, PolicyRule::Accept,
-                                   "heartbeat");
-                rule = addMgmtRule(fw, heartbeat_dst, heartbeat_srv, iface,
-                                   PolicyRule::Outbound, PolicyRule::Accept,
-                                   "heartbeat");
+                // Heartbeat can use either multicast or unicast
+                if (ucast)
+                {
+                    for (FWObjectTypedChildIterator it =
+                             failover_group->findByType(FWObjectReference::TYPENAME);
+                         it != it.end(); ++it)
+                    {
+                        Interface *other_iface =
+                            Interface::cast(FWObjectReference::getObject(*it));
+                        assert(other_iface);
+                        rule = addMgmtRule(other_iface,
+                                           fw_iface,
+                                           heartbeat_srv,
+                                           fw_iface,
+                                           PolicyRule::Inbound,
+                                           PolicyRule::Accept,
+                                           "heartbeat");
+                    }
+                } else
+                {
+                    rule = addMgmtRule(NULL, heartbeat_dst, heartbeat_srv,
+                                       fw_iface,
+                                       PolicyRule::Inbound, PolicyRule::Accept,
+                                       "heartbeat");
+                    rule = addMgmtRule(fw, heartbeat_dst, heartbeat_srv,
+                                       fw_iface,
+                                       PolicyRule::Outbound, PolicyRule::Accept,
+                                       "heartbeat");
+                }
            }

            if (failover_group->getStr("type") == "openais")
@ -4830,12 +4880,12 @@ void PolicyCompiler_ipt::insertFailoverRule()


 /* TODO: Add error-handling (exceptions) */
-PolicyRule* PolicyCompiler_ipt::addMgmtRule(Address* const src,
-                                            Address* const dst,
-                                            Service* const service,
-                                            Interface* const iface,
-                                            PolicyRule::Direction direction,
-                                            PolicyRule::Action action,
+PolicyRule* PolicyCompiler_ipt::addMgmtRule(Address* src,
+                                            Address* dst,
+                                            Service* service,
+                                            Interface* iface,
+                                            const PolicyRule::Direction direction,
+                                            const PolicyRule::Action action,
                                            const string label,
                                            const bool related)
 {
--- a/src/iptlib/PolicyCompiler_ipt.h
+++ b/src/iptlib/PolicyCompiler_ipt.h
@ -94,12 +94,12 @@ namespace fwcompiler
 	void insertFailoverRule();

        libfwbuilder::PolicyRule* addMgmtRule(
-            libfwbuilder::Address* const src,
-            libfwbuilder::Address* const dst,
-            libfwbuilder::Service* const service,
-            libfwbuilder::Interface* const iface,
-            libfwbuilder::PolicyRule::Direction direction,
-            libfwbuilder::PolicyRule::Action action,
+            libfwbuilder::Address* src,
+            libfwbuilder::Address* dst,
+            libfwbuilder::Service* service,
+            libfwbuilder::Interface* iface,
+            const libfwbuilder::PolicyRule::Direction direction,
+            const libfwbuilder::PolicyRule::Action action,
            const std::string label,
            const bool related = false);