/src/etc/rc.newwanip - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/etc/rc.newwanip @ 23db45f6

1	cb7d18d5	Renato Botelho	#!/usr/local/bin/php-cgi -f
2	5b237745	Scott Ullrich	<?php
3			/*
4	ac24dc24	Renato Botelho	* rc.newwanip
5			*
6			* part of pfSense (https://www.pfsense.org)
7	38809d47	Renato Botelho do Couto	* Copyright (c) 2006-2013 BSD Perimeter
8			* Copyright (c) 2013-2016 Electric Sheep Fencing
9	a68f7a3d	Luiz Otavio O Souza	* Copyright (c) 2014-2024 Rubicon Communications, LLC (Netgate)
10	ac24dc24	Renato Botelho	* All rights reserved.
11			*
12			* Originally part of m0n0wall (http://m0n0.ch/wall)
13	c5d81585	Renato Botelho	* Copyright (c) 2003-2005 Manuel Kasper <mk@neon1.net>.
14	ac24dc24	Renato Botelho	* All rights reserved.
15			*
16	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
17			* you may not use this file except in compliance with the License.
18			* You may obtain a copy of the License at
19	ac24dc24	Renato Botelho	*
20	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
21	ac24dc24	Renato Botelho	*
22	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
23			* distributed under the License is distributed on an "AS IS" BASIS,
24			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
25			* See the License for the specific language governing permissions and
26			* limitations under the License.
27	ac24dc24	Renato Botelho	*/
28	5b237745	Scott Ullrich
29	0363c100	Scott Ullrich	/* parse the configuration and include all functions used below */
30			require_once("globals.inc");
31			require_once("config.inc");
32			require_once("functions.inc");
33	5f2d078e	Scott Ullrich	require_once("filter.inc");
34			require_once("shaper.inc");
35	f973148e	Ermal	require_once("ipsec.inc");
36			require_once("vpn.inc");
37	c7f60193	Ermal	require_once("openvpn.inc");
38	470fddb1	Renato Botelho	require_once("Net/IPv6.php");
39	76f5d95c	Scott Ullrich	require_once("rrd.inc");
40	0363c100	Scott Ullrich
41	9ccecb65	Ermal	function restart_packages() {
42	b82e4696	Renato Botelho	global $oldip, $curwanip, $g;
43	9ccecb65	Ermal
44			/* restart packages */
45	573ec19d	Renato Botelho do Couto	log_error("{$g['product_label']} package system has detected an IP change or dynamic WAN reconnection - $oldip -> $curwanip - Restarting packages.");
46	0042f5d9	Ermal	send_event("service reload packages");
47	9ccecb65	Ermal	}
48	0363c100	Scott Ullrich
49	9ccecb65	Ermal	/* Interface IP address has changed */
50	e173dd74	Phil Davis	if (isset($_GET['interface'])) {
51	c71b14fd	Ermal	$argument = $_GET['interface'];
52	e173dd74	Phil Davis	} else {
53	c71b14fd	Ermal	$argument = str_replace("\n", "", $argv[1]);
54	e173dd74	Phil Davis	}
55	0363c100	Scott Ullrich
56	002d286c	Chris Buechler	log_error("rc.newwanip: Info: starting on {$argument}.");
57	2aa80139	Scott Ullrich
58	91571af5	Ermal	if (empty($argument)) {
59	7488a9e0	Renato Botelho	$interface = "wan";
60			$interface_real = get_real_interface();
61	67ee1ec5	Ermal Luçi	} else {
62	66e17663	Marcos Mendoza	$interface = convert_real_interface_to_friendly_interface_name($argument);
63			if (empty($interface)) {
64			log_error("Interface is unassigned, nothing to do.");
65			return;
66			}
67	7488a9e0	Renato Botelho	$interface_real = $argument;
68	de8f0075	Renato Botelho	}
69
70	91571af5	Ermal	$interface_descr = convert_friendly_interface_to_friendly_descr($interface);
71
72	63f72828	jim-p	/* If the interface is configured and not enabled, bail. We do not need to change settings for disabled interfaces. #3313 */
73	63d6bb4f	Marcos Mendoza	if (is_array(config_get_path("interfaces/{$interface}")) && !config_path_enabled("interfaces/{$interface}")) {
74	63f72828	jim-p	log_error("Interface is disabled, nothing to do.");
75			return;
76			}
77
78	e173dd74	Phil Davis	if (empty($argument)) {
79	de8f0075	Renato Botelho	$curwanip = get_interface_ip();
80	e173dd74	Phil Davis	} else {
81	7488a9e0	Renato Botelho	$curwanip = find_interface_ip($interface_real, true);
82	086cf944	Phil Davis	if ($curwanip == "") {
83	7488a9e0	Renato Botelho	$curwanip = get_interface_ip($interface);
84	e173dd74	Phil Davis	}
85	b1f7e75e	Scott Ullrich	}
86
87	80d3cf1c	Chris Buechler	log_error("rc.newwanip: on (IP address: {$curwanip}) (interface: {$interface_descr}[{$interface}]) (real interface: {$interface_real}).");
88	a8840317	Scott Ullrich
89	91571af5	Ermal	/*
90	31dbd433	Ermal	* NOTE: Take care of openvpn, no-ip or similar interfaces if you generate the event to reconfigure an interface.
91	91571af5	Ermal	* i.e. OpenVPN might be in tap mode and not have an ip.
92			*/
93	31dbd433	Ermal	if ($curwanip == "0.0.0.0" \|\| !is_ipaddr($curwanip)) {
94			if (substr($interface_real, 0, 4) != "ovpn") {
95	63d6bb4f	Marcos Mendoza	if (!empty(config_get_path("interfaces/{$interface}/ipaddr"))) {
96	31dbd433	Ermal	log_error("rc.newwanip: Failed to update {$interface} IP, restarting...");
97			send_event("interface reconfigure {$interface}");
98			return;
99			}
100			}
101	45f2708c	Scott Ullrich	}
102
103	91571af5	Ermal	/* XXX: This really possible? */
104	9ccecb65	Ermal	if (empty($interface)) {
105	816fef25	Marcos Mendoza	if (is_platform_booting()) {
106	30a61a89	Ermal LUÇI	return;
107	e173dd74	Phil Davis	}
108	ef945b86	Chris Buechler	log_error("rc.newwanip called with empty interface.");
109	9ccecb65	Ermal	filter_configure();
110			restart_packages();
111	3e5933f2	Ermal	return;
112	9ccecb65	Ermal	}
113
114	40655051	Ermal	$oldip = "0.0.0.0";
115	9e6b1893	Marcos Mendoza	if (file_exists(g_get('vardb_path') . "/{$interface_real}_cacheip")) {
116			$oldip = file_get_contents(g_get('vardb_path') . "/{$interface_real}_cacheip");
117	e173dd74	Phil Davis	}
118	40655051	Ermal
119	80d3cf1c	Chris Buechler	/* regenerate resolv.conf */
120			system_resolvconf_generate(true);
121	0363c100	Scott Ullrich
122	aea7da2f	Phil Davis	/* write the current interface IP to file */
123	e173dd74	Phil Davis	if (is_ipaddr($curwanip)) {
124	9e6b1893	Marcos Mendoza	@file_put_contents(g_get('vardb_path') . "/{$interface_real}_ip", $curwanip);
125	e173dd74	Phil Davis	}
126	0363c100	Scott Ullrich
127	b5264f22	Ermal	link_interface_to_vips($interface, "update");
128
129	474b0fed	Viktor G	$gre = link_interface_to_tunnelif($interface, 'gre', 'inet');
130	a17e9816	Renato Botelho do Couto	array_walk($gre, 'interface_gre_configure');
131	e173dd74	Phil Davis
132	474b0fed	Viktor G	$gif = link_interface_to_tunnelif($interface, 'gif', 'inet');
133	a17e9816	Renato Botelho do Couto	array_walk($gif, 'interface_gif_configure');
134	48484aac	Ermal
135	ce04d03f	Viktor G	/* reconfigure L2TP/PPTP tunnels, see https://redmine.pfsense.org/issues/12072 */
136			$ppp = link_interface_to_ppp_tunnelif($interface);
137
138	ed62880b	Ermal	$grouptmp = link_interface_to_group($interface);
139	e173dd74	Phil Davis	if (!empty($grouptmp)) {
140	ed62880b	Ermal	array_walk($grouptmp, 'interface_group_add_member');
141	e173dd74	Phil Davis	}
142	ed62880b	Ermal
143	9ce0dd12	Ermal	unset($bridgetmp);
144			$bridgetmp = link_interface_to_bridge($interface);
145	e173dd74	Phil Davis	if (!empty($bridgetmp)) {
146	9af087de	Chris Buechler	interface_bridge_add_member($bridgetmp, $interface_real);
147	e173dd74	Phil Davis	}
148	b5264f22	Ermal
149			/* make new hosts file */
150	c9065c1e	Ermal	system_hosts_generate();
151	8614f335	Ermal
152	e173dd74	Phil Davis	/* check tunnelled IPv6 interface tracking */
153	63d6bb4f	Marcos Mendoza	switch (config_get_path("interfaces/{$interface}/ipaddrv6")) {
154	b5191708	smos	case "6to4":
155	63d6bb4f	Marcos Mendoza	interface_6to4_configure($interface, config_get_path("interfaces/{$interface}"));
156	b5191708	smos	break;
157			case "6rd":
158	63d6bb4f	Marcos Mendoza	interface_6rd_configure($interface, config_get_path("interfaces/{$interface}"));
159	b5191708	smos	break;
160	d4cde1bd	Viktor G	case "slaac":
161	0b18ef05	Ermal	case "dhcp6":
162	0c9b98c0	Chris Buechler	// N.B. PPP connections using PPP as the IPv6 parent interface are excluded because the ppp-ipv6 script calls
163			// interface_dhcpv6_configure() for these connections after IPv6CP is up
164	63d6bb4f	Marcos Mendoza	if ((((config_get_path("interfaces/{$interface}/ipaddrv6") == 'dhcp6') &&
165			config_path_enabled("interfaces/{$interface}", 'dhcp6usev4iface')) \|\|
166			((config_get_path("interfaces/{$interface}/ipaddrv6") == 'slaac') &&
167			config_path_enabled("interfaces/{$interface}", 'slaacusev4iface'))) &&
168	d4cde1bd	Viktor G	!interface_isppp_type($interface)) {
169	63d6bb4f	Marcos Mendoza	interface_dhcpv6_configure($interface, config_get_path("interfaces/{$interface}"));
170	e173dd74	Phil Davis	}
171	0b18ef05	Ermal	break;
172	d4cde1bd	Viktor G	default:
173			break;
174	b5191708	smos	}
175	b746dc61	Ermal
176	90c386ba	jim-p	/* Check Gif tunnels */
177	a17e9816	Renato Botelho do Couto	foreach ($gif as $giftun) {
178			$confif = convert_real_interface_to_friendly_interface_name($giftun['gifif']);
179			if (!empty($confif)) {
180			interface_configure($confif);
181			system_routing_configure($confif);
182	eb8ad408	Ermal LUÇI	}
183			}
184	a17e9816	Renato Botelho do Couto	foreach ($gre as $gretun) {
185			$confif = convert_real_interface_to_friendly_interface_name($gretun['greif']);
186			if (!empty($confif)) {
187			interface_configure($confif);
188			system_routing_configure($confif);
189	cf3096df	Viktor G	}
190			}
191	ce04d03f	Viktor G	foreach ($ppp as $ppptun) {
192			$confif = convert_real_interface_to_friendly_interface_name($ppptun['if']);
193			if (!empty($confif)) {
194			interface_configure($confif);
195			system_routing_configure($confif);
196			}
197			}
198	90c386ba	jim-p
199	816fef25	Marcos Mendoza	if (is_platform_booting() && !in_array(substr($interface_real, 0, 3), array("ppp", "ppt", "l2t"))) {
200	f54ca2e1	PiBa-NL	// unlike dhcp interfaces which wait until they get an ip, a ppp connection lets the boot continue while
201	f3f98e97	Phil Davis	// trying to acquire a ip address so to avoid a race condition where it would be possible that the default
202	f54ca2e1	PiBa-NL	// route would not be set, this script must continue to use the new assigned ip even while booting
203			// https://redmine.pfsense.org/issues/8561
204
205	c4b5c8be	Chris Buechler	// avoid race conditions in many of the below functions that occur during boot
206			// setting up gateways monitor doesn't seem to have issues here, and fixes the
207			// most commonly encountered bugs from earlier versions when everything below
208			// was skipped during boot
209	d34e5ee2	Marcos Mendoza	filter_configure_sync();
210	c4b5c8be	Chris Buechler	setup_gateways_monitor();
211	d34e5ee2	Marcos Mendoza
212			// Make sure the default gateway is set up after DHCP succeeds. See:
213			// https://redmine.pfsense.org/issues/15791
214			system_routing_configure($interface);
215	c4b5c8be	Chris Buechler	exit;
216			}
217
218	ef59836c	Ermal	/*
219			* We need to force sync VPNs on such even when the IP is the same for dynamic interfaces.
220			* Even with the same IP the VPN software is unhappy with the IP disappearing, and we
221			* could be failing back in which case we need to switch IPs back anyhow.
222			*/
223	ec73bb89	Viktor G	if (!is_ipaddr($oldip) \|\| ($curwanip != $oldip) \|\| file_exists("{$g['tmp_path']}/{$interface}_upstart4") \|\|
224	63d6bb4f	Marcos Mendoza	(!is_ipaddrv4(config_get_path("interfaces/{$interface}/ipaddr")) && (config_get_path("interfaces/{$interface}/ipaddr") != 'dhcp'))) {
225	6d744cc8	Renato Botelho	/*
226	e173dd74	Phil Davis	* Some services (e.g. dyndns, see ticket #4066) depend on
227	6d744cc8	Renato Botelho	* filter_configure() to be called before, otherwise pass out
228	4e322e2c	Phil Davis	* route-to rules have the old ip set in 'from' and connections
229			* do not go through the correct link
230	6d744cc8	Renato Botelho	*/
231	56c6993c	Renato Botelho	filter_configure_sync();
232	6d744cc8	Renato Botelho
233	742cc9ae	PiBa-NL	/* reconfigure our gateway monitor, dpinger results need to be
234			* available when configuring the default gateway */
235			setup_gateways_monitor();
236
237	ef59836c	Ermal	/* reconfigure static routes (kernel may have deleted them) */
238			system_routing_configure($interface);
239	69b54cbe	smos
240	86e6e0bc	jim-p	/* If the IP address changed, kill old states after rules and routing have been updated */
241			if ($curwanip != $oldip) {
242	63d6bb4f	Marcos Mendoza	if (config_path_enabled('system', 'ip_change_kill_states')) {
243	86e6e0bc	jim-p	log_error("IP Address has changed, killing all states (ip_change_kill_states is set).");
244			filter_flush_state_table();
245			} else {
246			log_error("IP Address has changed, killing states on former IP Address $oldip.");
247	e79a872f	Christian McDonald	pfSense_kill_states($oldip);
248	86e6e0bc	jim-p	}
249			}
250
251	36dbc3ae	Chris Buechler	/* reload unbound */
252	6ac625e8	Viktor G	services_unbound_configure(true, $interface);
253	da70dc36	jim-p
254	e173dd74	Phil Davis	if (is_ipaddr($curwanip)) {
255	9e6b1893	Marcos Mendoza	@file_put_contents(g_get('vardb_path') . "/{$interface_real}_cacheip", $curwanip);
256	e173dd74	Phil Davis	}
257	ef59836c	Ermal
258			/* perform RFC 2136 DNS update */
259			services_dnsupdate_process($interface);
260	2c6b0d67	Ermal
261	ef59836c	Ermal	/* signal dyndns update */
262			services_dyndns_configure($interface);
263	9c4c5e80	jim-p
264	611b65a8	jim-p	/* reconfigure IPsec tunnels */
265	7c97240f	Viktor G	ipsec_force_reload($interface, 'inet');
266	611b65a8	jim-p
267			/* start OpenVPN server & clients */
268	e173dd74	Phil Davis	if (substr($interface_real, 0, 4) != "ovpn") {
269	810f1026	Viktor G	openvpn_resync_all($interface, 'inet');
270	e173dd74	Phil Davis	}
271	611b65a8	jim-p
272	ef59836c	Ermal	/* reload graphing functions */
273			enable_rrd_graphing();
274	17649c87	Ermal
275	ef59836c	Ermal	/* reload igmpproxy */
276	1098cb94	Viktor G	services_igmpproxy_configure($interface);
277	0363c100	Scott Ullrich
278	ef59836c	Ermal	/* restart snmp */
279	dc6a9ddc	Viktor G	services_snmpd_configure($interface);
280	ebbae443	jim-p
281	2d82d2e3	Viktor G	/* restart L2TP VPN */
282			vpn_l2tp_configure($interface);
283
284	ef59836c	Ermal	restart_packages();
285	ec73bb89	Viktor G
286			unlink_if_exists("{$g['tmp_path']}/{$interface}_upstart4");
287	63d6bb4f	Marcos Mendoza	if (empty(config_get_path("interfaces/{$interface}/ipaddrv6"))) {
288	ec73bb89	Viktor G	unlink_if_exists("{$g['tmp_path']}/{$interface}_upstart6");
289			}
290	ef59836c	Ermal	}
291	77901966	Renato Botelho
292	ad20a68b	jim-p	/* Unconditional filter reload to ensure the correct rules and gateways are
293			* active after this script has processed all changes.
294			* See https://redmine.pfsense.org/issues/13228 */
295			filter_configure();
296	2c6b0d67	Ermal	?>

Project

General

Profile

pfSense