diff options
author | Ermal <eri@pfsense.org> | 2014-04-12 06:20:32 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2014-04-12 06:21:12 +0000 |
commit | 91571af53adba6d3f5472e72fca6256c53766abe (patch) | |
tree | 5eace1bf688bcd97cfb2157648ca6ec40e4623e3 /etc | |
parent | d6fa556643af9b7b6479ea5e4e082a80795d8d56 (diff) | |
download | pfsense-91571af53adba6d3f5472e72fca6256c53766abe.zip pfsense-91571af53adba6d3f5472e72fca6256c53766abe.tar.gz |
Take care of the loops reported for OpenVPN in tap mode. Also fixes the problems of tap disappearing from bridge if its a member.
Diffstat (limited to 'etc')
-rwxr-xr-x | etc/rc.linkup | 3 | ||||
-rwxr-xr-x | etc/rc.newwanip | 21 | ||||
-rwxr-xr-x | etc/rc.newwanipv6 | 17 |
3 files changed, 29 insertions, 12 deletions
diff --git a/etc/rc.linkup b/etc/rc.linkup index 213dd92..6f7d158 100755 --- a/etc/rc.linkup +++ b/etc/rc.linkup @@ -60,7 +60,8 @@ function handle_argument_group($iface, $argument2) { interfaces_staticarp_configure($iface); $iface = get_real_interface($iface); interfaces_bring_up($iface); - if ($argument2 == "start" || $argument2 == "up") + /* NOTE: Do not generate event for OpenVPN since the daemon does that for us. */ + if (($argument2 == "start" || $argument2 == "up") && substr($iface, 0, 4) != "ovpn") send_event("interface newip {$iface}"); } else { switch ($argument2) { diff --git a/etc/rc.newwanip b/etc/rc.newwanip index 8874a03..e84c467 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -65,7 +65,7 @@ else log_error("rc.newwanip: Informational is starting {$argument}."); -if(empty($argument)) { +if (empty($argument)) { $interface = "wan"; $interface_real = get_real_interface(); } else { @@ -73,13 +73,15 @@ if(empty($argument)) { $interface_real = $argument; } +$interface_descr = convert_friendly_interface_to_friendly_descr($interface); + /* If the interface is configured and not enabled, bail. We do not need to change settings for disabled interfaces. #3313 */ if (is_array($config['interfaces'][$interface]) && !isset($config['interfaces'][$interface]['enable'])) { log_error("Interface is disabled, nothing to do."); return; } -if(empty($argument)) +if (empty($argument)) $curwanip = get_interface_ip(); else { $curwanip = find_interface_ip($interface_real, true); @@ -91,14 +93,19 @@ else { } } -log_error("rc.newwanip: on (IP address: {$curwanip}) (interface: {$interface}) (real interface: {$interface_real})."); +log_error("rc.newwanip: on (IP address: {$curwanip}) (interface: {$interface_descr}[{$interface}]) (real interface: {$interface_real})."); -if($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) { +/* + * NOTE: Take care of openvpn and similar if you generate the event to reconfigure an interface. + * i.e. OpenVPN might be in tap mode and not have an ip. + */ +if (($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) && susbstr($interface_real, 0, 4) != "ovpn") { log_error("rc.newwanip: Failed to update {$interface} IP, restarting..."); send_event("interface reconfigure {$interface}"); return; } +/* XXX: This really possible? */ if (empty($interface)) { filter_configure(); restart_packages(); @@ -113,7 +120,8 @@ if (file_exists("{$g['vardb_path']}/{$interface}_cacheip")) system_resolvconf_generate(true); /* write current WAN IP to file */ -file_put_contents("{$g['vardb_path']}/{$interface}_ip", $curwanip); +if (is_ipaddr($curwanip)) + @file_put_contents("{$g['vardb_path']}/{$interface}_ip", $curwanip); link_interface_to_vips($interface, "update"); @@ -183,7 +191,8 @@ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interface /* reconfigure our gateway monitor */ setup_gateways_monitor(); - file_put_contents("{$g['vardb_path']}/{$interface}_cacheip", $curwanip); + if (is_ipaddr($curnwanip)) + @file_put_contents("{$g['vardb_path']}/{$interface}_cacheip", $curwanip); /* perform RFC 2136 DNS update */ services_dnsupdate_process($interface); diff --git a/etc/rc.newwanipv6 b/etc/rc.newwanipv6 index 1c91a9b..25295e5 100755 --- a/etc/rc.newwanipv6 +++ b/etc/rc.newwanipv6 @@ -62,7 +62,7 @@ else log_error("rc.newwanipv6: Informational is starting {$argument}."); -if(empty($argument)) { +if (empty($argument)) { $interface = "wan"; $interface_real = get_real_interface($interface, "inet6"); $curwanipv6 = get_interface_ipv6($interface, true); @@ -72,6 +72,8 @@ if(empty($argument)) { $curwanipv6 = get_interface_ipv6($interface, true); } +$interface_descr = convert_friendly_interface_to_friendly_descr($interface); + if (empty($interface)) { filter_configure(); // restart_packages(); @@ -82,8 +84,12 @@ if (empty($interface)) { if ($g['booting'] && $config['interfaces'][$interface]['ipaddrv6'] != "dhcp6") return; +/* + * NOTE: Take care of openvpn and similar if you generate the event to reconfigure an interface. + * i.e. OpenVPN might be in tap mode and not have an ip. + */ if (empty($curwanipv6) || !is_ipaddrv6($curwanipv6)) { - log_error("rc.newwanipv6: Failed to update {$interface} IPv6, restarting..."); + log_error("rc.newwanipv6: Failed to update {$interface_descr}[{$interface}] IPv6, restarting..."); // send_event("interface reconfigure {$interface}"); return; } @@ -111,7 +117,8 @@ if (!empty($new_domain_name)) file_put_contents("{$g['varetc_path']}/searchdomain_v6{$interface}", $new_domain_name); /* write current WAN IPv6 to file */ -file_put_contents("{$g['vardb_path']}/{$interface}_ipv6", $curwanipv6); +if (is_ipaddrv6($curwanipv6)) + @file_put_contents("{$g['vardb_path']}/{$interface}_ipv6", $curwanipv6); log_error("rc.newwanipv6: on (IP address: {$curwanipv6}) (interface: {$interface}) (real interface: {$interface_real})."); @@ -151,9 +158,9 @@ if (is_ipaddrv6($oldipv6)) { return; } else if (does_interface_exist($interface_real)) mwexec("/sbin/ifconfig {$interface_real} inet6 {$oldipv6} delete"); -} -file_put_contents("{$g['vardb_path']}/{$interface}_cacheipv6", $curwanipv6); + file_put_contents("{$g['vardb_path']}/{$interface}_cacheipv6", $curwanipv6); +} /* perform RFC 2136 DNS update */ services_dnsupdate_process($interface); |