|
1
|
#!/usr/local/bin/php-cgi -f
|
|
2
|
<?php
|
|
3
|
/*
|
|
4
|
* rc.newwanip
|
|
5
|
*
|
|
6
|
* part of pfSense (https://www.pfsense.org)
|
|
7
|
* Copyright (c) 2006-2013 BSD Perimeter
|
|
8
|
* Copyright (c) 2013-2016 Electric Sheep Fencing
|
|
9
|
* Copyright (c) 2014-2020 Rubicon Communications, LLC (Netgate)
|
|
10
|
* All rights reserved.
|
|
11
|
*
|
|
12
|
* Originally part of m0n0wall (http://m0n0.ch/wall)
|
|
13
|
* Copyright (c) 2003-2005 Manuel Kasper <mk@neon1.net>.
|
|
14
|
* All rights reserved.
|
|
15
|
*
|
|
16
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
17
|
* you may not use this file except in compliance with the License.
|
|
18
|
* You may obtain a copy of the License at
|
|
19
|
*
|
|
20
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
21
|
*
|
|
22
|
* Unless required by applicable law or agreed to in writing, software
|
|
23
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
24
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
25
|
* See the License for the specific language governing permissions and
|
|
26
|
* limitations under the License.
|
|
27
|
*/
|
|
28
|
|
|
29
|
/* parse the configuration and include all functions used below */
|
|
30
|
require_once("globals.inc");
|
|
31
|
require_once("config.inc");
|
|
32
|
require_once("functions.inc");
|
|
33
|
require_once("filter.inc");
|
|
34
|
require_once("shaper.inc");
|
|
35
|
require_once("ipsec.inc");
|
|
36
|
require_once("vpn.inc");
|
|
37
|
require_once("openvpn.inc");
|
|
38
|
require_once("Net/IPv6.php");
|
|
39
|
require_once("rrd.inc");
|
|
40
|
|
|
41
|
function restart_packages() {
|
|
42
|
global $oldip, $curwanip, $g;
|
|
43
|
|
|
44
|
/* restart packages */
|
|
45
|
log_error("{$g['product_name']} package system has detected an IP change or dynamic WAN reconnection - $oldip -> $curwanip - Restarting packages.");
|
|
46
|
send_event("service reload packages");
|
|
47
|
}
|
|
48
|
|
|
49
|
/* Interface IP address has changed */
|
|
50
|
if (isset($_GET['interface'])) {
|
|
51
|
$argument = $_GET['interface'];
|
|
52
|
} else {
|
|
53
|
$argument = str_replace("\n", "", $argv[1]);
|
|
54
|
}
|
|
55
|
|
|
56
|
log_error("rc.newwanip: Info: starting on {$argument}.");
|
|
57
|
|
|
58
|
if (empty($argument)) {
|
|
59
|
$interface = "wan";
|
|
60
|
$interface_real = get_real_interface();
|
|
61
|
} else {
|
|
62
|
$interface = convert_real_interface_to_friendly_interface_name($argument);
|
|
63
|
$interface_real = $argument;
|
|
64
|
}
|
|
65
|
|
|
66
|
$interface_descr = convert_friendly_interface_to_friendly_descr($interface);
|
|
67
|
|
|
68
|
/* If the interface is configured and not enabled, bail. We do not need to change settings for disabled interfaces. #3313 */
|
|
69
|
if (is_array($config['interfaces'][$interface]) && !isset($config['interfaces'][$interface]['enable'])) {
|
|
70
|
log_error("Interface is disabled, nothing to do.");
|
|
71
|
return;
|
|
72
|
}
|
|
73
|
|
|
74
|
if (empty($argument)) {
|
|
75
|
$curwanip = get_interface_ip();
|
|
76
|
} else {
|
|
77
|
$curwanip = find_interface_ip($interface_real, true);
|
|
78
|
if ($curwanip == "") {
|
|
79
|
$curwanip = get_interface_ip($interface);
|
|
80
|
}
|
|
81
|
}
|
|
82
|
|
|
83
|
log_error("rc.newwanip: on (IP address: {$curwanip}) (interface: {$interface_descr}[{$interface}]) (real interface: {$interface_real}).");
|
|
84
|
|
|
85
|
/*
|
|
86
|
* NOTE: Take care of openvpn, no-ip or similar interfaces if you generate the event to reconfigure an interface.
|
|
87
|
* i.e. OpenVPN might be in tap mode and not have an ip.
|
|
88
|
*/
|
|
89
|
if ($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) {
|
|
90
|
if (substr($interface_real, 0, 4) != "ovpn") {
|
|
91
|
if (!empty($config['interfaces'][$interface]['ipaddr'])) {
|
|
92
|
log_error("rc.newwanip: Failed to update {$interface} IP, restarting...");
|
|
93
|
send_event("interface reconfigure {$interface}");
|
|
94
|
return;
|
|
95
|
}
|
|
96
|
}
|
|
97
|
}
|
|
98
|
|
|
99
|
/* XXX: This really possible? */
|
|
100
|
if (empty($interface)) {
|
|
101
|
if (platform_booting()) {
|
|
102
|
return;
|
|
103
|
}
|
|
104
|
log_error("rc.newwanip called with empty interface.");
|
|
105
|
filter_configure();
|
|
106
|
restart_packages();
|
|
107
|
return;
|
|
108
|
}
|
|
109
|
|
|
110
|
$oldip = "0.0.0.0";
|
|
111
|
if (file_exists("{$g['vardb_path']}/{$interface}_cacheip")) {
|
|
112
|
$oldip = file_get_contents("{$g['vardb_path']}/{$interface}_cacheip");
|
|
113
|
}
|
|
114
|
|
|
115
|
/* regenerate resolv.conf */
|
|
116
|
system_resolvconf_generate(true);
|
|
117
|
|
|
118
|
/* write the current interface IP to file */
|
|
119
|
if (is_ipaddr($curwanip)) {
|
|
120
|
@file_put_contents("{$g['vardb_path']}/{$interface}_ip", $curwanip);
|
|
121
|
}
|
|
122
|
|
|
123
|
link_interface_to_vips($interface, "update");
|
|
124
|
|
|
125
|
unset($gre);
|
|
126
|
$gre = link_interface_to_gre($interface);
|
|
127
|
if (!empty($gre)) {
|
|
128
|
array_walk($gre, 'interface_gre_configure');
|
|
129
|
}
|
|
130
|
|
|
131
|
unset($gif);
|
|
132
|
$gif = link_interface_to_gif($interface);
|
|
133
|
if (!empty($gif)) {
|
|
134
|
array_walk($gif, 'interface_gif_configure');
|
|
135
|
}
|
|
136
|
|
|
137
|
$grouptmp = link_interface_to_group($interface);
|
|
138
|
if (!empty($grouptmp)) {
|
|
139
|
array_walk($grouptmp, 'interface_group_add_member');
|
|
140
|
}
|
|
141
|
|
|
142
|
unset($bridgetmp);
|
|
143
|
$bridgetmp = link_interface_to_bridge($interface);
|
|
144
|
if (!empty($bridgetmp)) {
|
|
145
|
interface_bridge_add_member($bridgetmp, $interface_real);
|
|
146
|
}
|
|
147
|
|
|
148
|
/* make new hosts file */
|
|
149
|
system_hosts_generate();
|
|
150
|
|
|
151
|
/* check tunnelled IPv6 interface tracking */
|
|
152
|
switch ($config['interfaces'][$interface]['ipaddrv6']) {
|
|
153
|
case "6to4":
|
|
154
|
interface_6to4_configure($interface, $config['interfaces'][$interface]);
|
|
155
|
break;
|
|
156
|
case "6rd":
|
|
157
|
interface_6rd_configure($interface, $config['interfaces'][$interface]);
|
|
158
|
break;
|
|
159
|
case "dhcp6":
|
|
160
|
// N.B. PPP connections using PPP as the IPv6 parent interface are excluded because the ppp-ipv6 script calls
|
|
161
|
// interface_dhcpv6_configure() for these connections after IPv6CP is up
|
|
162
|
if (isset($config['interfaces'][$interface]['dhcp6usev4iface']) && !interface_isppp_type($interface)) {
|
|
163
|
interface_dhcpv6_configure($interface, $config['interfaces'][$interface]);
|
|
164
|
}
|
|
165
|
break;
|
|
166
|
}
|
|
167
|
|
|
168
|
/* Check Gif tunnels */
|
|
169
|
if (!empty($gif)) {
|
|
170
|
foreach ($gif as $giftun) {
|
|
171
|
$confif = convert_real_interface_to_friendly_interface_name($giftun['gifif']);
|
|
172
|
if (!empty($confif)) {
|
|
173
|
interface_configure($confif);
|
|
174
|
system_routing_configure($confif);
|
|
175
|
}
|
|
176
|
}
|
|
177
|
}
|
|
178
|
if (!empty($gre)) {
|
|
179
|
foreach ($gre as $gretun) {
|
|
180
|
$confif = convert_real_interface_to_friendly_interface_name($gretun['greif']);
|
|
181
|
if (!empty($confif)) {
|
|
182
|
interface_configure($confif);
|
|
183
|
system_routing_configure($confif);
|
|
184
|
}
|
|
185
|
}
|
|
186
|
}
|
|
187
|
|
|
188
|
if (platform_booting() && !in_array(substr($interface_real, 0, 3), array("ppp", "ppt", "l2t"))) {
|
|
189
|
// unlike dhcp interfaces which wait until they get an ip, a ppp connection lets the boot continue while
|
|
190
|
// trying to acquire a ip address so to avoid a race condition where it would be possible that the default
|
|
191
|
// route would not be set, this script must continue to use the new assigned ip even while booting
|
|
192
|
// https://redmine.pfsense.org/issues/8561
|
|
193
|
|
|
194
|
// avoid race conditions in many of the below functions that occur during boot
|
|
195
|
// setting up gateways monitor doesn't seem to have issues here, and fixes the
|
|
196
|
// most commonly encountered bugs from earlier versions when everything below
|
|
197
|
// was skipped during boot
|
|
198
|
setup_gateways_monitor();
|
|
199
|
exit;
|
|
200
|
}
|
|
201
|
|
|
202
|
/*
|
|
203
|
* We need to force sync VPNs on such even when the IP is the same for dynamic interfaces.
|
|
204
|
* Even with the same IP the VPN software is unhappy with the IP disappearing, and we
|
|
205
|
* could be failing back in which case we need to switch IPs back anyhow.
|
|
206
|
*/
|
|
207
|
if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interfaces'][$interface]['ipaddr'])) {
|
|
208
|
/*
|
|
209
|
* Some services (e.g. dyndns, see ticket #4066) depend on
|
|
210
|
* filter_configure() to be called before, otherwise pass out
|
|
211
|
* route-to rules have the old ip set in 'from' and connections
|
|
212
|
* do not go through the correct link
|
|
213
|
*/
|
|
214
|
filter_configure_sync();
|
|
215
|
|
|
216
|
/* reconfigure our gateway monitor, dpinger results need to be
|
|
217
|
* available when configuring the default gateway */
|
|
218
|
setup_gateways_monitor();
|
|
219
|
|
|
220
|
/* reconfigure static routes (kernel may have deleted them) */
|
|
221
|
system_routing_configure($interface);
|
|
222
|
|
|
223
|
/* If the IP address changed, kill old states after rules and routing have been updated */
|
|
224
|
if ($curwanip != $oldip) {
|
|
225
|
if (isset($config['system']['ip_change_kill_states'])) {
|
|
226
|
log_error("IP Address has changed, killing all states (ip_change_kill_states is set).");
|
|
227
|
pfSense_kill_states($oldip);
|
|
228
|
filter_flush_state_table();
|
|
229
|
} else {
|
|
230
|
log_error("IP Address has changed, killing states on former IP Address $oldip.");
|
|
231
|
pfSense_kill_states($oldip);
|
|
232
|
}
|
|
233
|
}
|
|
234
|
|
|
235
|
/* reload unbound */
|
|
236
|
services_unbound_configure();
|
|
237
|
|
|
238
|
if (is_ipaddr($curwanip)) {
|
|
239
|
@file_put_contents("{$g['vardb_path']}/{$interface}_cacheip", $curwanip);
|
|
240
|
}
|
|
241
|
|
|
242
|
/* perform RFC 2136 DNS update */
|
|
243
|
services_dnsupdate_process($interface);
|
|
244
|
|
|
245
|
/* signal dyndns update */
|
|
246
|
services_dyndns_configure($interface);
|
|
247
|
|
|
248
|
/* reconfigure IPsec tunnels */
|
|
249
|
ipsec_force_reload($interface);
|
|
250
|
|
|
251
|
/* start OpenVPN server & clients */
|
|
252
|
if (substr($interface_real, 0, 4) != "ovpn") {
|
|
253
|
openvpn_resync_all($interface);
|
|
254
|
}
|
|
255
|
|
|
256
|
/* reload graphing functions */
|
|
257
|
enable_rrd_graphing();
|
|
258
|
|
|
259
|
/* reload igmpproxy */
|
|
260
|
services_igmpproxy_configure();
|
|
261
|
|
|
262
|
/* restart snmp */
|
|
263
|
services_snmpd_configure();
|
|
264
|
|
|
265
|
restart_packages();
|
|
266
|
} else {
|
|
267
|
/* signal filter reload */
|
|
268
|
filter_configure();
|
|
269
|
}
|
|
270
|
|
|
271
|
?>
|