Feature #12702
Updated by Jim Pingle over 2 years ago
On @system_hasync.php@ we should add a GUI field to set a custom pf @hostid@ value. This value is a 32-bit number which uniquely identifies the host which created a given pf state. It doesn't need to be globally unique, only unique within a given set of nodes participating in HA sync (e.g. primary and secondary nodes would have a different ID, but it could be as simple as 1 and 2) By default pf uses a random 32-bit value that changes on each filter reload. Using a custom static value would make it easier to spot in the state data, CARP status page, and so on. It also allows us to kill a state only if it was created on a specific host. We could try to automatically set an ID based on some criteria (LAN IP address, etc) but it may be hard to ensure it's unique between nodes participating in pfsync without letting the user have a manual way to override the value. In the GUI this field would go on @system_hasync.php@ in the "State Synchronization Settings" section. It should be labeled "Filter Host ID" and be a text box entry. pf allows it to be set as an integer (e.g. @222@) or hex string (@0x12345678@) but it seems happier with a hex string as that's what it displays in the state data. Sticking to hex strings would make the GUI input and status output more consistent. In pf.conf the ID is set like this: <pre> set hostid 0x12345678 </pre> That would go around line 336 425 in @filter.inc@ where we generate the ruleset (at the start of (above limitrules) or near there and should only be set if the configuration contains a valid value. Similar to this, but with better validation: <pre><code class="php"> if (!empty($config['hasync']['pfhostid'])) { $limitrules .= $rules = "set hostid 0x{$config['hasync']['pfhostid']}\n"; } </code></pre>