pfSense

#!/usr/local/bin/php-cgi -f

<?php

/*

 * rc.newwanip

 *

 * part of pfSense (https://www.pfsense.org)

 * Copyright (c) 2006-2016 Rubicon Communications, LLC (Netgate)

 * All rights reserved.

 *

 * Originally part of m0n0wall (http://m0n0.ch/wall)

 * Copyright (c) 2003-2005 Manuel Kasper <mk@neon1.net>.

 * All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions are met:

 *

 * 1. Redistributions of source code must retain the above copyright notice,

 *    this list of conditions and the following disclaimer.

 *

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * 3. All advertising materials mentioning features or use of this software

 *    must display the following acknowledgment:

 *    "This product includes software developed by the pfSense Project

 *    for use in the pfSense® software distribution. (http://www.pfsense.org/).

 *

 * 4. The names "pfSense" and "pfSense Project" must not be used to

 *    endorse or promote products derived from this software without

 *    prior written permission. For written permission, please contact

 *    coreteam@pfsense.org.

 *

 * 5. Products derived from this software may not be called "pfSense"

 *    nor may "pfSense" appear in their names without prior written

 *    permission of the Electric Sheep Fencing, LLC.

 *

 * 6. Redistributions of any form whatsoever must retain the following

 *    acknowledgment:

 *

 * "This product includes software developed by the pfSense Project

 * for use in the pfSense software distribution (http://www.pfsense.org/).

 *

 * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY

 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR

 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

 * OF THE POSSIBILITY OF SUCH DAMAGE.

 */

/* parse the configuration and include all functions used below */

require_once("globals.inc");

require_once("config.inc");

require_once("functions.inc");

require_once("filter.inc");

require_once("shaper.inc");

require_once("ipsec.inc");

require_once("vpn.inc");

require_once("openvpn.inc");

require_once("IPv6.inc");

require_once("rrd.inc");

function restart_packages() {

	global $oldip, $curwanip, $g;

	/* restart packages */

	log_error("{$g['product_name']} package system has detected an IP change or dynamic WAN reconnection - $oldip ->  $curwanip - Restarting packages.");

	send_event("service reload packages");

}

/* Interface IP address has changed */

if (isset($_GET['interface'])) {

	$argument = $_GET['interface'];

} else {

	$argument = str_replace("\n", "", $argv[1]);

}

log_error("rc.newwanip: Info: starting on {$argument}.");

if (empty($argument)) {

	$interface = "wan";

	$interface_real = get_real_interface();

} else {

	$interface = convert_real_interface_to_friendly_interface_name($argument);

	$interface_real = $argument;

}

$interface_descr = convert_friendly_interface_to_friendly_descr($interface);

/* If the interface is configured and not enabled, bail. We do not need to change settings for disabled interfaces. #3313 */

if (is_array($config['interfaces'][$interface]) && !isset($config['interfaces'][$interface]['enable'])) {

	log_error("Interface is disabled, nothing to do.");

	return;

}

if (empty($argument)) {

	$curwanip = get_interface_ip();

} else {

	$curwanip = find_interface_ip($interface_real, true);

	if ($curwanip == "") {

		$curwanip = get_interface_ip($interface);

	}

}

log_error("rc.newwanip: on (IP address: {$curwanip}) (interface: {$interface_descr}[{$interface}]) (real interface: {$interface_real}).");

/*

 * NOTE: Take care of openvpn, no-ip or similar interfaces if you generate the event to reconfigure an interface.

 *      i.e. OpenVPN might be in tap mode and not have an ip.

 */

if ($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) {

	if (substr($interface_real, 0, 4) != "ovpn") {

		if (!empty($config['interfaces'][$interface]['ipaddr'])) {

			log_error("rc.newwanip: Failed to update {$interface} IP, restarting...");

			send_event("interface reconfigure {$interface}");

			return;

		}

	}

}

/* XXX: This really possible? */

if (empty($interface)) {

	if (platform_booting()) {

		return;

	}

	log_error("rc.newwanip called with empty interface.");

	filter_configure();

	restart_packages();

	return;

}

$oldip = "0.0.0.0";

if (file_exists("{$g['vardb_path']}/{$interface}_cacheip")) {

	$oldip = file_get_contents("{$g['vardb_path']}/{$interface}_cacheip");

}

/* regenerate resolv.conf */

system_resolvconf_generate(true);

/* write the current interface IP to file */

if (is_ipaddr($curwanip)) {

	@file_put_contents("{$g['vardb_path']}/{$interface}_ip", $curwanip);

}

link_interface_to_vips($interface, "update");

unset($gre);

$gre = link_interface_to_gre($interface);

if (!empty($gre)) {

	array_walk($gre, 'interface_gre_configure');

}

unset($gif);

$gif = link_interface_to_gif($interface);

if (!empty($gif)) {

	array_walk($gif, 'interface_gif_configure');

}

$grouptmp = link_interface_to_group($interface);

if (!empty($grouptmp)) {

	array_walk($grouptmp, 'interface_group_add_member');

}

unset($bridgetmp);

$bridgetmp = link_interface_to_bridge($interface);

if (!empty($bridgetmp)) {

	interface_bridge_add_member($bridgetmp, $interface_real);

}

/* make new hosts file */

system_hosts_generate();

/* check tunnelled IPv6 interface tracking */

switch ($config['interfaces'][$interface]['ipaddrv6']) {

	case "6to4":

		interface_6to4_configure($interface, $config['interfaces'][$interface]);

		break;

	case "6rd":

		interface_6rd_configure($interface, $config['interfaces'][$interface]);

		break;

	case "dhcp6":

		// N.B. PPP connections using PPP as the IPv6 parent interface are excluded because the ppp-ipv6 script calls

		// interface_dhcpv6_configure() for these connections after IPv6CP is up

		if (isset($config['interfaces'][$interface]['dhcp6usev4iface']) && !interface_isppp_type($interface)) {

			interface_dhcpv6_configure($interface, $config['interfaces'][$interface]);

		}

		break;

}

/* Check Gif tunnels */

if (!empty($gif)) {

	foreach ($gif as $giftun) {

		$confif = convert_real_interface_to_friendly_interface_name($giftun['gifif']);

		if (!empty($confif)) {

			interface_configure($confif);

			system_routing_configure($confif);

		}

	}

}

if (!empty($gre)) {

	foreach ($gre as $gretun) {

		$confif = convert_real_interface_to_friendly_interface_name($gretun['greif']);

		if (!empty($confif)) {

			interface_configure($confif);

			system_routing_configure($confif);

		}

	}

}

if (platform_booting()) {

	// avoid race conditions in many of the below functions that occur during boot

	// setting up gateways monitor doesn't seem to have issues here, and fixes the

	// most commonly encountered bugs from earlier versions when everything below

	// was skipped during boot

	setup_gateways_monitor();

	exit;

}

/*

 * We need to force sync VPNs on such even when the IP is the same for dynamic interfaces.

 * Even with the same IP the VPN software is unhappy with the IP disappearing, and we

 * could be failing back in which case we need to switch IPs back anyhow.

 */

if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interfaces'][$interface]['ipaddr'])) {

	/* IP changed, kill states accordingly */

	if ($curwanip != $oldip) {

		log_error("IP has changed, killing states on former IP $oldip.");

		pfSense_kill_states($oldip);

		if (isset($config['system']['ip_change_kill_states'])) {

			/* hidden config option to wipe all states if needed */

			log_error("Killing all states post-IP change.");

			filter_flush_state_table();

		}

	}

	/*

	 * Some services (e.g. dyndns, see ticket #4066) depend on

	 * filter_configure() to be called before, otherwise pass out

	 * route-to rules have the old ip set in 'from' and connections

	 * do not go through the correct link

	 */

	filter_configure_sync();

	/* reconfigure static routes (kernel may have deleted them) */

	system_routing_configure($interface);

	/* reconfigure our gateway monitor */

	setup_gateways_monitor();

	/* reload unbound */

	services_unbound_configure();

	if (is_ipaddr($curwanip)) {

		@file_put_contents("{$g['vardb_path']}/{$interface}_cacheip", $curwanip);

	}

	/* perform RFC 2136 DNS update */

	services_dnsupdate_process($interface);

	/* signal dyndns update */

	services_dyndns_configure($interface);

	/* reconfigure IPsec tunnels */

	vpn_ipsec_force_reload($interface);

	/* start OpenVPN server & clients */

	if (substr($interface_real, 0, 4) != "ovpn") {

		openvpn_resync_all($interface);

	}

	/* reload graphing functions */

	enable_rrd_graphing();

	/* reload igmpproxy */

	services_igmpproxy_configure();

	/* restart snmp */

	services_snmpd_configure();

	restart_packages();

} else {

	/* signal filter reload */

	filter_configure();

}

?>