#!/usr/local/bin/php-cgi -f
<?php
/*
 * rc.newwanipv6
 *
 * part of pfSense (https://www.pfsense.org)
 * Copyright (c) 2006-2016 Rubicon Communications, LLC (Netgate)
 * All rights reserved.
 *
 * Originally part of m0n0wall (http://m0n0.ch/wall)
 * Copyright (c) 2003-2005 Manuel Kasper <mk@neon1.net>.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgment:
 *    "This product includes software developed by the pfSense Project
 *    for use in the pfSense® software distribution. (http://www.pfsense.org/).
 *
 * 4. The names "pfSense" and "pfSense Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    coreteam@pfsense.org.
 *
 * 5. Products derived from this software may not be called "pfSense"
 *    nor may "pfSense" appear in their names without prior written
 *    permission of the Electric Sheep Fencing, LLC.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *
 * "This product includes software developed by the pfSense Project
 * for use in the pfSense software distribution (http://www.pfsense.org/).
 *
 * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/* parse the configuration and include all functions used below */
require_once("globals.inc");
require_once("config.inc");
require_once("functions.inc");
require_once("filter.inc");
require_once("shaper.inc");
require_once("ipsec.inc");
require_once("vpn.inc");
require_once("openvpn.inc");
require_once("IPv6.inc");
require_once("services.inc");
require_once("rrd.inc");

function restart_packages() {
	global $oldipv6, $curwanipv6, $g;

	/* restart packages */
	log_error("{$g['product_name']} package system has detected an IP change or dynamic WAN reconnection - $oldipv6 -> $curwanipv6 - Restarting packages.");
	send_event("service reload packages");
}

/* Interface IP address has changed */
if (isset($_GET['interface'])) {
	$argument = $_GET['interface'];
} else {
	$argument = trim($argv[1], " \n\t");
}

log_error("rc.newwanipv6: Info: starting on {$argument}.");

if (empty($argument)) {
	$interface = "wan";
	$interface_real = get_real_interface($interface, "inet6");
	$curwanipv6 = get_interface_ipv6($interface, true);
} else {
	$interface_real = $argument;
	$interface = convert_real_interface_to_friendly_interface_name($interface_real);
	$curwanipv6 = get_interface_ipv6($interface, true);
}

$interface_descr = convert_friendly_interface_to_friendly_descr($interface);

if (empty($interface)) {
	log_error("rc.newwanipv6 called with empty interface");
	filter_configure();
	return;
}

/*
 * NOTE: Take care of openvpn and similar if you generate the event to reconfigure an interface.
 *	i.e. OpenVPN might be in tap mode and not have an ip.
 */
if ((empty($curwanipv6) || !is_ipaddrv6($curwanipv6)) && substr($interface_real, 0, 4) != "ovpn") {
	log_error("rc.newwanipv6: No IPv6 address found for interface {$interface_descr} [{$interface}].");
	return;
}

if (isset($_GET['dmips'])) {
	$new_domain_name_servers = $_GET['dmips'];
} else {
	$new_domain_name_servers = getenv("new_domain_name_servers");
}

if (!empty($new_domain_name_servers)) {
	$name_servers = explode(" ", $new_domain_name_servers);
	$valid_ns = array();
	foreach ($name_servers as $ns) {
		if (is_ipaddrv6(trim($ns))) {
			$valid_ns[] = trim($ns);
		}
	}

	if (count($valid_ns > 0)) {
		file_put_contents("{$g['varetc_path']}/nameserver_v6{$interface}", implode("\n", $valid_ns));
	}
}
if (isset($_GET['dmnames'])) {
	$new_domain_name = $_GET['dmnames'];
} else {
	$new_domain_name = getenv("new_domain_name");
}

if (!empty($new_domain_name)) {
	file_put_contents("{$g['varetc_path']}/searchdomain_v6{$interface}", $new_domain_name);
}

/* write current WAN IPv6 to file */
if (is_ipaddrv6($curwanipv6)) {
	@file_put_contents("{$g['vardb_path']}/{$interface}_ipv6", $curwanipv6);
}

log_error("rc.newwanipv6: on (IP address: {$curwanipv6}) (interface: {$interface}) (real interface: {$interface_real}).");

$oldipv6 = '';
if (file_exists("{$g['vardb_path']}/{$interface}_cacheipv6")) {
	$oldipv6 = file_get_contents("{$g['vardb_path']}/{$interface}_cacheipv6");
}

$grouptmp = link_interface_to_group($interface);
if (!empty($grouptmp)) {
	array_walk($grouptmp, 'interface_group_add_member');
}

link_interface_to_track6($interface, "update");

/* regenerate resolv.conf if DNS overrides are allowed */
system_resolvconf_generate(true);

/* reconfigure static routes (kernel may have deleted them) */
system_routing_configure($interface);

/* reconfigure our gateway monitor */
setup_gateways_monitor();

if (platform_booting()) {
	// avoid race conditions in many of the below functions that occur during boot
	exit;
}

/* signal filter reload */
filter_configure();

if (empty($oldipv6) || is_ipaddrv6($oldipv6)) {
	if ($curwanipv6 == $oldipv6) {
		// Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing.
		if (in_array($config['interfaces'][$interface]['ipaddrv6'], array('pppoe', 'pptp', 'ppp'))) {
			/* reconfigure IPsec tunnels */
			vpn_ipsec_force_reload($interface);

			/* start OpenVPN server & clients */
			if (substr($interface_real, 0, 4) != "ovpn") {
				openvpn_resync_all($interface);
			}
		}
		return;
	} else if (does_interface_exist($interface_real) && !empty($oldipv6)) {
		mwexec("/sbin/ifconfig {$interface_real} inet6 {$oldipv6} delete");
	}

	file_put_contents("{$g['vardb_path']}/{$interface}_cacheipv6", $curwanipv6);
}

/* reload unbound */
services_unbound_configure();

/* perform RFC 2136 DNS update */
services_dnsupdate_process($interface);

/* signal dyndns update */
services_dyndns_configure($interface);

/* reconfigure IPsec tunnels */
vpn_ipsec_force_reload($interface);

/* start OpenVPN server & clients */
if (substr($interface_real, 0, 4) != "ovpn") {
	openvpn_resync_all($interface);
}

/* reload graphing functions */
enable_rrd_graphing();

/* reload igmpproxy */
services_igmpproxy_configure();

restart_packages();

?>