Respect 'States' option from Advanced/Misc

- Respect this option and do not clean states when it's configured
- Create /etc/rc.kill_states to be easier to check $config

It helps ticket #2887

2 files changed, 74 insertions, 10 deletions

diff --git a/etc/rc.kill_states b/etc/rc.kill_states
new file mode 100755
index 0000000..d7e92d6
--- /dev/null
+++ b/etc/rc.kill_states
@@ -0,0 +1,72 @@
+#!/usr/local/bin/php -f
+<?php
+/*
+	rc.newwanip
+	Copyright (C) 2013 Renato Botelho (garga@pfsense.org)
+	part of pfSense (http://www.pfsense.com)
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	notice, this list of conditions and the following disclaimer in the
+	documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/* parse the configuration and include all functions used below */
+require_once("globals.inc");
+require_once("config.inc");
+require_once("interfaces.inc");
+require_once("util.inc");
+
+// Do not process while booting
+if($g['booting'])
+	exit;
+
+/* Interface address to cleanup states */
+$interface = str_replace("\n", "", $argv[1]);
+
+/* IP address to cleanup states */
+$local_ip = str_replace("\n", "", $argv[2]);
+
+if (empty($interface) || !does_interface_exist($interface)) {
+	log_error("rc.kill_states: Invalid interface '{$interface}'");
+	exit;
+}
+
+if (!empty($local_ip)) {
+	list($local_ip, $subnet_bits) = explode("/", $local_ip);
+
+	if (empty($subnet_bits))
+		$subnet_bits = "32";
+
+	if (!is_ipaddr($local_ip)) {
+		log_error("rc.kill_states: Invalid IP address '{$local_ip}'");
+		exit;
+	}
+}
+
+if (!isset($config['system']['kill_states'])) {
+	if (!empty($local_ip)) {
+		log_error("rc.kill_states: Removing states for IP {$local_ip}/{$subnet_bits}");
+		mwexec("/sbin/pfctl -k 0.0.0.0/0 -k {$local_ip}/{$subnet_bits}", true);
+		mwexec("/sbin/pfctl -k {$local_ip}/{$subnet_bits}", true);
+		mwexec("/sbin/pfctl -K {$local_ip}/{$subnet_bits}", true);
+	}
+	log_error("rc.kill_states: Removing states for interface {$interface}");
+	mwexec("/sbin/pfctl -i {$interface} -Fs", true);
+}
diff --git a/usr/local/sbin/ppp-linkdown b/usr/local/sbin/ppp-linkdown
index c0d2f3f..54807ac 100755
--- a/usr/local/sbin/ppp-linkdown
+++ b/usr/local/sbin/ppp-linkdown
@@ -7,17 +7,9 @@ if [ -f /tmp/${IF}up ] && [ -f /conf/${IF}.log ]; then
 	seconds=$((`date -j +%s` - `/usr/bin/stat -f %m /tmp/${IF}up`))
 	/usr/local/sbin/ppp-log-uptime.sh $seconds ${IF} &
 fi
-if [ -n "${LOCAL_IP}" ]; then
-	if ! echo "${LOCAL_IP}" | grep -q "/"; then
-		LOCAL_IP="${LOCAL_IP}/32"
-	fi
-	echo "Removing states from ${LOCAL_IP}" | /usr/bin/logger -t ppp-linkdown
-	/sbin/pfctl -k 0.0.0.0/0 -k ${LOCAL_IP}
-	/sbin/pfctl -k ${LOCAL_IP}
-	/sbin/pfctl -K ${LOCAL_IP}
-fi
 
-/sbin/pfctl -i ${IF} -Fs
+/etc/rc.kill_states ${IF} ${LOCAL_IP}
+
 if [ -f "/tmp/${IF}_defaultgw" ]; then
 	/sbin/route delete default `/usr/bin/head -n 1 /tmp/${IF}_defaultgw`;
 fi