summaryrefslogtreecommitdiffstats
path: root/src/etc/rc.newwanip
diff options
context:
space:
mode:
Diffstat (limited to 'src/etc/rc.newwanip')
-rwxr-xr-xsrc/etc/rc.newwanip268
1 files changed, 268 insertions, 0 deletions
diff --git a/src/etc/rc.newwanip b/src/etc/rc.newwanip
new file mode 100755
index 0000000..01d211c
--- /dev/null
+++ b/src/etc/rc.newwanip
@@ -0,0 +1,268 @@
+#!/usr/local/bin/php-cgi -f
+<?php
+/*
+ rc.newwanip
+ Copyright (C) 2006 Scott Ullrich (sullrich@gmail.com)
+ part of pfSense (https://www.pfsense.org)
+
+ Originally part of m0n0wall (http://m0n0.ch)
+ Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/* parse the configuration and include all functions used below */
+require_once("globals.inc");
+require_once("config.inc");
+require_once("functions.inc");
+require_once("filter.inc");
+require_once("shaper.inc");
+require_once("ipsec.inc");
+require_once("vpn.inc");
+require_once("openvpn.inc");
+require_once("IPv6.inc");
+require_once("rrd.inc");
+
+function restart_packages() {
+ global $oldip, $curwanip, $g;
+
+ /* restart packages */
+ system_ntp_configure(false);
+ mwexec_bg("/usr/local/sbin/ntpdate_sync_once.sh", true);
+ log_error("{$g['product_name']} package system has detected an IP change or dynamic WAN reconnection - $oldip -> $curwanip - Restarting packages.");
+ send_event("service reload packages");
+}
+
+/* Interface IP address has changed */
+if (isset($_GET['interface'])) {
+ $argument = $_GET['interface'];
+} else {
+ $argument = str_replace("\n", "", $argv[1]);
+}
+
+log_error("rc.newwanip: Info: starting on {$argument}.");
+
+if (empty($argument)) {
+ $interface = "wan";
+ $interface_real = get_real_interface();
+} else {
+ $interface = convert_real_interface_to_friendly_interface_name($argument);
+ $interface_real = $argument;
+}
+
+$interface_descr = convert_friendly_interface_to_friendly_descr($interface);
+
+/* If the interface is configured and not enabled, bail. We do not need to change settings for disabled interfaces. #3313 */
+if (is_array($config['interfaces'][$interface]) && !isset($config['interfaces'][$interface]['enable'])) {
+ log_error("Interface is disabled, nothing to do.");
+ return;
+}
+
+if (empty($argument)) {
+ $curwanip = get_interface_ip();
+} else {
+ $curwanip = find_interface_ip($interface_real, true);
+ if ($curwanip == "") {
+ $curwanip = get_interface_ip($interface);
+ }
+}
+
+if (!platform_booting()) {
+ log_error("rc.newwanip: on (IP address: {$curwanip}) (interface: {$interface_descr}[{$interface}]) (real interface: {$interface_real}).");
+}
+
+/*
+ * NOTE: Take care of openvpn, no-ip or similar interfaces if you generate the event to reconfigure an interface.
+ * i.e. OpenVPN might be in tap mode and not have an ip.
+ */
+if ($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) {
+ if (substr($interface_real, 0, 4) != "ovpn") {
+ if (!empty($config['interfaces'][$interface]['ipaddr'])) {
+ log_error("rc.newwanip: Failed to update {$interface} IP, restarting...");
+ send_event("interface reconfigure {$interface}");
+ return;
+ }
+ }
+}
+
+/* XXX: This really possible? */
+if (empty($interface)) {
+ if (platform_booting()) {
+ return;
+ }
+ filter_configure();
+ restart_packages();
+ return;
+}
+
+$oldip = "0.0.0.0";
+if (file_exists("{$g['vardb_path']}/{$interface}_cacheip")) {
+ $oldip = file_get_contents("{$g['vardb_path']}/{$interface}_cacheip");
+}
+
+/* regenerate resolv.conf if DNS overrides are allowed */
+if (!platform_booting()) {
+ system_resolvconf_generate(true);
+}
+
+/* write the current interface IP to file */
+if (is_ipaddr($curwanip)) {
+ @file_put_contents("{$g['vardb_path']}/{$interface}_ip", $curwanip);
+}
+
+link_interface_to_vips($interface, "update");
+
+unset($gre);
+$gre = link_interface_to_gre($interface);
+if (!empty($gre)) {
+ array_walk($gre, 'interface_gre_configure');
+}
+
+unset($gif);
+$gif = link_interface_to_gif($interface);
+if (!empty($gif)) {
+ array_walk($gif, 'interface_gif_configure');
+}
+
+$grouptmp = link_interface_to_group($interface);
+if (!empty($grouptmp)) {
+ array_walk($grouptmp, 'interface_group_add_member');
+}
+
+unset($bridgetmp);
+$bridgetmp = link_interface_to_bridge($interface);
+if (!empty($bridgetmp)) {
+ interface_bridge_add_member($bridgetmp, $interface_real);
+}
+
+// Do not process while booting
+if (platform_booting()) {
+ return;
+}
+
+/* make new hosts file */
+system_hosts_generate();
+
+/* check tunnelled IPv6 interface tracking */
+switch ($config['interfaces'][$interface]['ipaddrv6']) {
+ case "6to4":
+ interface_6to4_configure($interface, $config['interfaces'][$interface]);
+ break;
+ case "6rd":
+ interface_6rd_configure($interface, $config['interfaces'][$interface]);
+ break;
+ case "dhcp6":
+ if (isset($config['interfaces'][$interface]['dhcp6usev4iface'])) {
+ interface_dhcpv6_configure($interface, $config['interfaces'][$interface]);
+ }
+ break;
+}
+
+/* Check Gif tunnels */
+if (!empty($gif)) {
+ foreach ($gif as $giftun) {
+ $confif = convert_real_interface_to_friendly_interface_name($giftun['gifif']);
+ if (!empty($confif)) {
+ interface_configure($confif);
+ system_routing_configure($confif);
+ }
+ }
+}
+if (!empty($gre)) {
+ foreach ($gre as $gretun) {
+ $confif = convert_real_interface_to_friendly_interface_name($gretun['greif']);
+ if (!empty($confif)) {
+ interface_configure($confif);
+ system_routing_configure($confif);
+ }
+ }
+}
+
+/*
+ * We need to force sync VPNs on such even when the IP is the same for dynamic interfaces.
+ * Even with the same IP the VPN software is unhappy with the IP disappearing, and we
+ * could be failing back in which case we need to switch IPs back anyhow.
+ */
+if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interfaces'][$interface]['ipaddr'])) {
+ /* IP changed, kill states accordingly */
+ if ($curwanip != $oldip) {
+ log_error("IP has changed, killing states on former IP $oldip.");
+ pfSense_kill_states($oldip);
+ if (isset($config['system']['ip_change_kill_states'])) {
+ /* hidden config option to wipe all states if needed */
+ log_error("Killing all states post-IP change.");
+ filter_flush_state_table();
+ }
+ }
+
+ /*
+ * Some services (e.g. dyndns, see ticket #4066) depend on
+ * filter_configure() to be called before, otherwise pass out
+ * route-to rules have the old ip set in 'from' and connection
+ * do not go through correct link
+ */
+ filter_configure_sync();
+
+ /* reconfigure static routes (kernel may have deleted them) */
+ system_routing_configure($interface);
+
+ /* reconfigure our gateway monitor */
+ setup_gateways_monitor();
+
+ /* reload unbound */
+ services_unbound_configure();
+
+ if (is_ipaddr($curwanip)) {
+ @file_put_contents("{$g['vardb_path']}/{$interface}_cacheip", $curwanip);
+ }
+
+ /* perform RFC 2136 DNS update */
+ services_dnsupdate_process($interface);
+
+ /* signal dyndns update */
+ services_dyndns_configure($interface);
+
+ /* reconfigure IPsec tunnels */
+ vpn_ipsec_force_reload($interface);
+
+ /* start OpenVPN server & clients */
+ if (substr($interface_real, 0, 4) != "ovpn") {
+ openvpn_resync_all($interface);
+ }
+
+ /* reload graphing functions */
+ enable_rrd_graphing();
+
+ /* reload igmpproxy */
+ services_igmpproxy_configure();
+
+ /* restart snmp */
+ services_snmpd_configure();
+
+ restart_packages();
+} else {
+ /* signal filter reload */
+ filter_configure();
+}
+
+?>
OpenPOWER on IntegriCloud