diff options
Diffstat (limited to 'src/etc/rc.newwanip')
-rwxr-xr-x | src/etc/rc.newwanip | 268 |
1 files changed, 268 insertions, 0 deletions
diff --git a/src/etc/rc.newwanip b/src/etc/rc.newwanip new file mode 100755 index 0000000..01d211c --- /dev/null +++ b/src/etc/rc.newwanip @@ -0,0 +1,268 @@ +#!/usr/local/bin/php-cgi -f +<?php +/* + rc.newwanip + Copyright (C) 2006 Scott Ullrich (sullrich@gmail.com) + part of pfSense (https://www.pfsense.org) + + Originally part of m0n0wall (http://m0n0.ch) + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* parse the configuration and include all functions used below */ +require_once("globals.inc"); +require_once("config.inc"); +require_once("functions.inc"); +require_once("filter.inc"); +require_once("shaper.inc"); +require_once("ipsec.inc"); +require_once("vpn.inc"); +require_once("openvpn.inc"); +require_once("IPv6.inc"); +require_once("rrd.inc"); + +function restart_packages() { + global $oldip, $curwanip, $g; + + /* restart packages */ + system_ntp_configure(false); + mwexec_bg("/usr/local/sbin/ntpdate_sync_once.sh", true); + log_error("{$g['product_name']} package system has detected an IP change or dynamic WAN reconnection - $oldip -> $curwanip - Restarting packages."); + send_event("service reload packages"); +} + +/* Interface IP address has changed */ +if (isset($_GET['interface'])) { + $argument = $_GET['interface']; +} else { + $argument = str_replace("\n", "", $argv[1]); +} + +log_error("rc.newwanip: Info: starting on {$argument}."); + +if (empty($argument)) { + $interface = "wan"; + $interface_real = get_real_interface(); +} else { + $interface = convert_real_interface_to_friendly_interface_name($argument); + $interface_real = $argument; +} + +$interface_descr = convert_friendly_interface_to_friendly_descr($interface); + +/* If the interface is configured and not enabled, bail. We do not need to change settings for disabled interfaces. #3313 */ +if (is_array($config['interfaces'][$interface]) && !isset($config['interfaces'][$interface]['enable'])) { + log_error("Interface is disabled, nothing to do."); + return; +} + +if (empty($argument)) { + $curwanip = get_interface_ip(); +} else { + $curwanip = find_interface_ip($interface_real, true); + if ($curwanip == "") { + $curwanip = get_interface_ip($interface); + } +} + +if (!platform_booting()) { + log_error("rc.newwanip: on (IP address: {$curwanip}) (interface: {$interface_descr}[{$interface}]) (real interface: {$interface_real})."); +} + +/* + * NOTE: Take care of openvpn, no-ip or similar interfaces if you generate the event to reconfigure an interface. + * i.e. OpenVPN might be in tap mode and not have an ip. + */ +if ($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) { + if (substr($interface_real, 0, 4) != "ovpn") { + if (!empty($config['interfaces'][$interface]['ipaddr'])) { + log_error("rc.newwanip: Failed to update {$interface} IP, restarting..."); + send_event("interface reconfigure {$interface}"); + return; + } + } +} + +/* XXX: This really possible? */ +if (empty($interface)) { + if (platform_booting()) { + return; + } + filter_configure(); + restart_packages(); + return; +} + +$oldip = "0.0.0.0"; +if (file_exists("{$g['vardb_path']}/{$interface}_cacheip")) { + $oldip = file_get_contents("{$g['vardb_path']}/{$interface}_cacheip"); +} + +/* regenerate resolv.conf if DNS overrides are allowed */ +if (!platform_booting()) { + system_resolvconf_generate(true); +} + +/* write the current interface IP to file */ +if (is_ipaddr($curwanip)) { + @file_put_contents("{$g['vardb_path']}/{$interface}_ip", $curwanip); +} + +link_interface_to_vips($interface, "update"); + +unset($gre); +$gre = link_interface_to_gre($interface); +if (!empty($gre)) { + array_walk($gre, 'interface_gre_configure'); +} + +unset($gif); +$gif = link_interface_to_gif($interface); +if (!empty($gif)) { + array_walk($gif, 'interface_gif_configure'); +} + +$grouptmp = link_interface_to_group($interface); +if (!empty($grouptmp)) { + array_walk($grouptmp, 'interface_group_add_member'); +} + +unset($bridgetmp); +$bridgetmp = link_interface_to_bridge($interface); +if (!empty($bridgetmp)) { + interface_bridge_add_member($bridgetmp, $interface_real); +} + +// Do not process while booting +if (platform_booting()) { + return; +} + +/* make new hosts file */ +system_hosts_generate(); + +/* check tunnelled IPv6 interface tracking */ +switch ($config['interfaces'][$interface]['ipaddrv6']) { + case "6to4": + interface_6to4_configure($interface, $config['interfaces'][$interface]); + break; + case "6rd": + interface_6rd_configure($interface, $config['interfaces'][$interface]); + break; + case "dhcp6": + if (isset($config['interfaces'][$interface]['dhcp6usev4iface'])) { + interface_dhcpv6_configure($interface, $config['interfaces'][$interface]); + } + break; +} + +/* Check Gif tunnels */ +if (!empty($gif)) { + foreach ($gif as $giftun) { + $confif = convert_real_interface_to_friendly_interface_name($giftun['gifif']); + if (!empty($confif)) { + interface_configure($confif); + system_routing_configure($confif); + } + } +} +if (!empty($gre)) { + foreach ($gre as $gretun) { + $confif = convert_real_interface_to_friendly_interface_name($gretun['greif']); + if (!empty($confif)) { + interface_configure($confif); + system_routing_configure($confif); + } + } +} + +/* + * We need to force sync VPNs on such even when the IP is the same for dynamic interfaces. + * Even with the same IP the VPN software is unhappy with the IP disappearing, and we + * could be failing back in which case we need to switch IPs back anyhow. + */ +if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interfaces'][$interface]['ipaddr'])) { + /* IP changed, kill states accordingly */ + if ($curwanip != $oldip) { + log_error("IP has changed, killing states on former IP $oldip."); + pfSense_kill_states($oldip); + if (isset($config['system']['ip_change_kill_states'])) { + /* hidden config option to wipe all states if needed */ + log_error("Killing all states post-IP change."); + filter_flush_state_table(); + } + } + + /* + * Some services (e.g. dyndns, see ticket #4066) depend on + * filter_configure() to be called before, otherwise pass out + * route-to rules have the old ip set in 'from' and connection + * do not go through correct link + */ + filter_configure_sync(); + + /* reconfigure static routes (kernel may have deleted them) */ + system_routing_configure($interface); + + /* reconfigure our gateway monitor */ + setup_gateways_monitor(); + + /* reload unbound */ + services_unbound_configure(); + + if (is_ipaddr($curwanip)) { + @file_put_contents("{$g['vardb_path']}/{$interface}_cacheip", $curwanip); + } + + /* perform RFC 2136 DNS update */ + services_dnsupdate_process($interface); + + /* signal dyndns update */ + services_dyndns_configure($interface); + + /* reconfigure IPsec tunnels */ + vpn_ipsec_force_reload($interface); + + /* start OpenVPN server & clients */ + if (substr($interface_real, 0, 4) != "ovpn") { + openvpn_resync_all($interface); + } + + /* reload graphing functions */ + enable_rrd_graphing(); + + /* reload igmpproxy */ + services_igmpproxy_configure(); + + /* restart snmp */ + services_snmpd_configure(); + + restart_packages(); +} else { + /* signal filter reload */ + filter_configure(); +} + +?> |