#!/usr/local/bin/php-cgi -f
<?php
/*
 * rc.newwanip
 *
 * part of pfSense (https://www.pfsense.org)
 * Copyright (c) 2006-2016 Rubicon Communications, LLC (Netgate)
 * All rights reserved.
 *
 * Originally part of m0n0wall (http://m0n0.ch/wall)
 * Copyright (c) 2003-2005 Manuel Kasper <mk@neon1.net>.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgment:
 *    "This product includes software developed by the pfSense Project
 *    for use in the pfSense® software distribution. (http://www.pfsense.org/).
 *
 * 4. The names "pfSense" and "pfSense Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    coreteam@pfsense.org.
 *
 * 5. Products derived from this software may not be called "pfSense"
 *    nor may "pfSense" appear in their names without prior written
 *    permission of the Electric Sheep Fencing, LLC.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *
 * "This product includes software developed by the pfSense Project
 * for use in the pfSense software distribution (http://www.pfsense.org/).
 *
 * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/* parse the configuration and include all functions used below */
require_once("globals.inc");
require_once("config.inc");
require_once("functions.inc");
require_once("filter.inc");
require_once("shaper.inc");
require_once("ipsec.inc");
require_once("vpn.inc");
require_once("openvpn.inc");
require_once("IPv6.inc");
require_once("rrd.inc");

function restart_packages() {
	global $oldip, $curwanip, $g;

	/* restart packages */
	log_error("{$g['product_name']} package system has detected an IP change or dynamic WAN reconnection - $oldip ->  $curwanip - Restarting packages.");
	send_event("service reload packages");
}

/* Interface IP address has changed */
if (isset($_GET['interface'])) {
	$argument = $_GET['interface'];
} else {
	$argument = str_replace("\n", "", $argv[1]);
}

log_error("rc.newwanip: Info: starting on {$argument}.");

if (empty($argument)) {
	$interface = "wan";
	$interface_real = get_real_interface();
} else {
	$interface = convert_real_interface_to_friendly_interface_name($argument);
	$interface_real = $argument;
}

$interface_descr = convert_friendly_interface_to_friendly_descr($interface);

/* If the interface is configured and not enabled, bail. We do not need to change settings for disabled interfaces. #3313 */
if (is_array($config['interfaces'][$interface]) && !isset($config['interfaces'][$interface]['enable'])) {
	log_error("Interface is disabled, nothing to do.");
	return;
}

if (empty($argument)) {
	$curwanip = get_interface_ip();
} else {
	$curwanip = find_interface_ip($interface_real, true);
	if ($curwanip == "") {
		$curwanip = get_interface_ip($interface);
	}
}

log_error("rc.newwanip: on (IP address: {$curwanip}) (interface: {$interface_descr}[{$interface}]) (real interface: {$interface_real}).");

/*
 * NOTE: Take care of openvpn, no-ip or similar interfaces if you generate the event to reconfigure an interface.
 *      i.e. OpenVPN might be in tap mode and not have an ip.
 */
if ($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) {
	if (substr($interface_real, 0, 4) != "ovpn") {
		if (!empty($config['interfaces'][$interface]['ipaddr'])) {
			log_error("rc.newwanip: Failed to update {$interface} IP, restarting...");
			send_event("interface reconfigure {$interface}");
			return;
		}
	}
}

/* XXX: This really possible? */
if (empty($interface)) {
	if (platform_booting()) {
		return;
	}
	log_error("rc.newwanip called with empty interface.");
	filter_configure();
	restart_packages();
	return;
}

$oldip = "0.0.0.0";
if (file_exists("{$g['vardb_path']}/{$interface}_cacheip")) {
	$oldip = file_get_contents("{$g['vardb_path']}/{$interface}_cacheip");
}

/* regenerate resolv.conf */
system_resolvconf_generate(true);

/* write the current interface IP to file */
if (is_ipaddr($curwanip)) {
	@file_put_contents("{$g['vardb_path']}/{$interface}_ip", $curwanip);
}

link_interface_to_vips($interface, "update");

unset($gre);
$gre = link_interface_to_gre($interface);
if (!empty($gre)) {
	array_walk($gre, 'interface_gre_configure');
}

unset($gif);
$gif = link_interface_to_gif($interface);
if (!empty($gif)) {
	array_walk($gif, 'interface_gif_configure');
}

$grouptmp = link_interface_to_group($interface);
if (!empty($grouptmp)) {
	array_walk($grouptmp, 'interface_group_add_member');
}

unset($bridgetmp);
$bridgetmp = link_interface_to_bridge($interface);
if (!empty($bridgetmp)) {
	interface_bridge_add_member($bridgetmp, $interface_real);
}

/* make new hosts file */
system_hosts_generate();

/* check tunnelled IPv6 interface tracking */
switch ($config['interfaces'][$interface]['ipaddrv6']) {
	case "6to4":
		interface_6to4_configure($interface, $config['interfaces'][$interface]);
		break;
	case "6rd":
		interface_6rd_configure($interface, $config['interfaces'][$interface]);
		break;
	case "dhcp6":
		// N.B. PPP connections using PPP as the IPv6 parent interface are excluded because the ppp-ipv6 script calls
		// interface_dhcpv6_configure() for these connections after IPv6CP is up
		if (isset($config['interfaces'][$interface]['dhcp6usev4iface']) && !interface_isppp_type($interface)) {
			interface_dhcpv6_configure($interface, $config['interfaces'][$interface]);
		}
		break;
}

/* Check Gif tunnels */
if (!empty($gif)) {
	foreach ($gif as $giftun) {
		$confif = convert_real_interface_to_friendly_interface_name($giftun['gifif']);
		if (!empty($confif)) {
			interface_configure($confif);
			system_routing_configure($confif);
		}
	}
}
if (!empty($gre)) {
	foreach ($gre as $gretun) {
		$confif = convert_real_interface_to_friendly_interface_name($gretun['greif']);
		if (!empty($confif)) {
			interface_configure($confif);
			system_routing_configure($confif);
		}
	}
}

if (platform_booting()) {
	// avoid race conditions in many of the below functions that occur during boot
	// setting up gateways monitor doesn't seem to have issues here, and fixes the
	// most commonly encountered bugs from earlier versions when everything below
	// was skipped during boot
	setup_gateways_monitor();
	exit;
}

/*
 * We need to force sync VPNs on such even when the IP is the same for dynamic interfaces.
 * Even with the same IP the VPN software is unhappy with the IP disappearing, and we
 * could be failing back in which case we need to switch IPs back anyhow.
 */
if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interfaces'][$interface]['ipaddr'])) {
	/* IP changed, kill states accordingly */
	if ($curwanip != $oldip) {
		log_error("IP has changed, killing states on former IP $oldip.");
		pfSense_kill_states($oldip);
		if (isset($config['system']['ip_change_kill_states'])) {
			/* hidden config option to wipe all states if needed */
			log_error("Killing all states post-IP change.");
			filter_flush_state_table();
		}
	}

	/*
	 * Some services (e.g. dyndns, see ticket #4066) depend on
	 * filter_configure() to be called before, otherwise pass out
	 * route-to rules have the old ip set in 'from' and connections
	 * do not go through the correct link
	 */
	filter_configure_sync();

	/* reconfigure static routes (kernel may have deleted them) */
	system_routing_configure($interface);

	/* reconfigure our gateway monitor */
	setup_gateways_monitor();

	/* reload unbound */
	services_unbound_configure();

	if (is_ipaddr($curwanip)) {
		@file_put_contents("{$g['vardb_path']}/{$interface}_cacheip", $curwanip);
	}

	/* perform RFC 2136 DNS update */
	services_dnsupdate_process($interface);

	/* signal dyndns update */
	services_dyndns_configure($interface);

	/* reconfigure IPsec tunnels */
	vpn_ipsec_force_reload($interface);

	/* start OpenVPN server & clients */
	if (substr($interface_real, 0, 4) != "ovpn") {
		openvpn_resync_all($interface);
	}

	/* reload graphing functions */
	enable_rrd_graphing();

	/* reload igmpproxy */
	services_igmpproxy_configure();

	/* restart snmp */
	services_snmpd_configure();

	restart_packages();
} else {
	/* signal filter reload */
	filter_configure();
}

?>