/src/etc/inc/gwlb.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/etc/inc/gwlb.inc @ c489213a

1	17623ab5	Bill Marquette	<?php
2			/*
3	ac24dc24	Renato Botelho	* gwlb.inc
4			*
5			* part of pfSense (https://www.pfsense.org)
6	c5d81585	Renato Botelho	* Copyright (c) 2008 Bill Marquette, Seth Mos
7	38809d47	Renato Botelho do Couto	* Copyright (c) 2008-2013 BSD Perimeter
8			* Copyright (c) 2013-2016 Electric Sheep Fencing
9	a68f7a3d	Luiz Otavio O Souza	* Copyright (c) 2014-2024 Rubicon Communications, LLC (Netgate)
10	ac24dc24	Renato Botelho	* All rights reserved.
11			*
12	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
13			* you may not use this file except in compliance with the License.
14			* You may obtain a copy of the License at
15	ac24dc24	Renato Botelho	*
16	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
17	ac24dc24	Renato Botelho	*
18	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
19			* distributed under the License is distributed on an "AS IS" BASIS,
20			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21			* See the License for the specific language governing permissions and
22			* limitations under the License.
23	c1191d5b	Ermal	*/
24	6aa3723a	Renato Botelho
25	c5e53ee6	jim-p	require_once("config.inc");
26	d55cba63	N0YB	require_once("rrd.inc");
27	bd4c337c	jim-p	require_once("ipsec.inc");
28	3b85b43b	Viktor G	require_once("interfaces.inc");
29	83cec26e	Marcos Mendoza	require_once("util.inc");
30	17623ab5	Bill Marquette
31	c5d0d75d	Jim Pingle	global $gateway_state_kill_modes;
32			$gateway_state_kill_modes = array(
33			'' => gettext("Use global behavior (default)"),
34			'none' => gettext("Do not kill states on gateway failure"),
35			'down' => gettext("Kill states using this gateway when it is down"),
36			);
37
38	4bbbcc36	Marcos Mendoza	// Initialize the gateways cache variables
39			define('GW_CACHE_DISABLED', 1); // include gateways that are disabled
40			define('GW_CACHE_LOCALHOST', 2); // include "Null" entries for localhost IP addresses
41			define('GW_CACHE_INACTIVE', 4); // include gateways on inactive interfaces
42			define('GW_CACHE_INDEXED', 8); // index the returned array by integers instead of the name
43			define('GW_CACHE_ALL', GW_CACHE_DISABLED \| GW_CACHE_LOCALHOST \| GW_CACHE_INACTIVE); // all possible gateways
44			if (!array_key_exists('GatewaysCache', $GLOBALS)) {
45			$GLOBALS['GatewaysCache'] = null;
46			}
47
48			/**
49			* Caches the gateway list and filters the result. Changes to gateways should
50	17e64d8d	Marcos Mendoza	* call refresh_gateways(), e.g. when adding or removing dynamic gateways.
51	4bbbcc36	Marcos Mendoza	*
52			* @param array $flags Additional gateways to include.
53			*
54			* @return array filtered list of gateways
55			*/
56			function get_gateways(int $flags = 0): array {
57			if (!is_array($GLOBALS['GatewaysCache'])) {
58	17e64d8d	Marcos Mendoza	refresh_gateways(); // create the gateway list cache
59	4bbbcc36	Marcos Mendoza	}
60			$gateways = $GLOBALS['GatewaysCache'];
61			$indexed = boolval($flags & GW_CACHE_INDEXED);
62			if ($indexed) {
63			$remove_disabled = false;
64			$remove_localhost = true;
65			$remove_inactive = false;
66			} elseif (boolval($flags & GW_CACHE_ALL)) {
67			$remove_disabled = false;
68			$remove_localhost = false;
69			$remove_inactive = false;
70			} else {
71			$remove_disabled = !boolval($flags & GW_CACHE_DISABLED);
72			$remove_localhost = !boolval($flags & GW_CACHE_LOCALHOST);
73			$remove_inactive = !boolval($flags & GW_CACHE_INACTIVE);
74			}
75
76			if ($remove_localhost) {
77			unset($gateways['Null4']);
78			unset($gateways['Null6']);
79			}
80
81			if ($remove_disabled \|\| $remove_inactive) {
82			foreach ($gateways as $idx => &$gw) {
83			if ($remove_disabled && !config_path_enabled("interfaces/{$gw['friendlyiface']}")) {
84			unset($gateways[$idx]);
85			}
86			if ($remove_inactive && isset($gw['inactive'])) {
87			unset($gateways[$idx]);
88			}
89			}
90			}
91
92			if ($indexed) {
93			$gateways = array_values($gateways);
94			}
95
96			if ($remove_disabled \|\| $remove_localhost \|\| $remove_inactive \|\| $indexed) {
97			$gateways = order_gateways_as_configured($gateways);
98			}
99
100			return $gateways;
101			}
102
103	17e64d8d	Marcos Mendoza	/**
104			* Generates a list of all gateways and adds them to the config if missing.
105			*/
106			function refresh_gateways(): void {
107			// Generate all gateways and cache the result
108	4bbbcc36	Marcos Mendoza	$GLOBALS['GatewaysCache'] = return_gateways_array(true, true, true);
109	17e64d8d	Marcos Mendoza
110			// Get gateways that exist in the config
111			$saved_gateways = array_column(config_get_path('gateways/gateway_item', []), 'name', 'name');
112
113			// Exclude null gateways from being saved to config
114			foreach (array_diff_key($GLOBALS["GatewaysCache"], array_fill_keys(['Null4', 'Null6'], null)) as $gateway) {
115			// Save any of the generated gateways that are not found in config
116			if (!array_key_exists($gateway['name'], $saved_gateways)) {
117			// Build the gateway elements and save the gateway to config
118			config_set_path('gateways/gateway_item',
119			array_merge(config_get_path('gateways/gateway_item', []), [[
120			'interface' => $gateway['friendlyiface'],
121			'gateway' => $gateway['dynamic'] ? 'dynamic' : $gateway['gateway'],
122			'name' => $gateway['name'],
123			'weight' => $gateway['weight'] ?? 1,
124			'ipprotocol' => $gateway['ipprotocol'],
125			'descr' => $gateway['descr'],
126			'gw_down_kill_states' => $gateway['gw_down_kill_states'] ?? ''
127			]])
128			);
129			if (!isset($write_config)) {
130			$write_config = true;
131			}
132			}
133			}
134			if ($write_config) {
135			write_config(gettext('Synced configured gateways'), true, true);
136			}
137	4bbbcc36	Marcos Mendoza	}
138
139	69eefb50	Renato Botelho	/* Returns an array of default values used for dpinger */
140			function return_dpinger_defaults() {
141	14661668	Phil Davis	return array(
142			"latencylow" => "200",
143			"latencyhigh" => "500",
144			"losslow" => "10",
145			"losshigh" => "20",
146	d711fbbc	Denny Page	"interval" => "500",
147			"loss_interval" => "2000",
148			"time_period" => "60000",
149	85a2b065	Renato Botelho	"alert_interval" => "1000",
150	ea0d5cbe	Luiz Souza	"data_payload" => "1");
151	a99547e4	Ermal	}
152	14661668	Phil Davis
153	69eefb50	Renato Botelho	function running_dpinger_processes() {
154			global $g;
155	ffe76308	Seth Mos
156	69eefb50	Renato Botelho	$pidfiles = glob("{$g['varrun_path']}/dpinger_*.pid");
157	cdcea13f	Seth Mos
158	69eefb50	Renato Botelho	$result = array();
159			if ($pidfiles === FALSE) {
160			return $result;
161	9ba87997	Phil Davis	}
162	a99547e4	Ermal
163	69eefb50	Renato Botelho	foreach ($pidfiles as $pidfile) {
164	b225d003	Daniel Hoffend	if (preg_match('/^dpinger_(.+)~([^~]+)~([^~]+)\.pid$/',
165	73e3aa21	Renato Botelho	basename($pidfile), $matches)) {
166			$socket_file = preg_replace('/\.pid$/', '.sock',
167			$pidfile);
168			$result[$matches[1]] = array(
169			'srcip' => $matches[2],
170			'targetip' => $matches[3],
171	b76cb978	Renato Botelho	'pidfile' => $pidfile,
172	73e3aa21	Renato Botelho	'socket' => $socket_file
173			);
174			unset($gwinfo);
175			}
176	69eefb50	Renato Botelho	}
177	cdcea13f	Seth Mos
178	69eefb50	Renato Botelho	return $result;
179	cdcea13f	Seth Mos	}
180
181	69eefb50	Renato Botelho	/*
182			* Stop one or more dpinger process
183			* default parameter $gwname is '*' that will kill all running sessions
184			* If a gateway name is passed, only this one will be killed
185			*/
186	73e3aa21	Renato Botelho	function stop_dpinger($gwname = '') {
187	69eefb50	Renato Botelho	global $g;
188	cdcea13f	Seth Mos
189	73e3aa21	Renato Botelho	$running_processes = running_dpinger_processes();
190	cdcea13f	Seth Mos
191	73e3aa21	Renato Botelho	foreach ($running_processes as $running_gwname => $process) {
192			if ($gwname != '' && $running_gwname != $gwname) {
193			continue;
194			}
195	cdcea13f	Seth Mos
196	73e3aa21	Renato Botelho	if (isvalidpid($process['pidfile'])) {
197	66491555	PiBa-NL	killbypid($process['pidfile'], 3);
198	69eefb50	Renato Botelho	} else {
199	73e3aa21	Renato Botelho	@unlink($process['pidfile']);
200	69eefb50	Renato Botelho	}
201			}
202	cdcea13f	Seth Mos	}
203
204	69eefb50	Renato Botelho	function start_dpinger($gateway) {
205			global $g;
206
207	73e3aa21	Renato Botelho	if (!isset($gateway['gwifip'])) {
208	363a5c4c	Luiz Souza	return (false);
209	73e3aa21	Renato Botelho	}
210
211	69eefb50	Renato Botelho	$dpinger_defaults = return_dpinger_defaults();
212
213	40588fc4	Daniel Hoffend	$prefix = "{$g['varrun_path']}/dpinger_{$gateway['name']}~" .
214			"{$gateway['gwifip']}~{$gateway['monitor']}";
215			# dpinger socket path should not be longer then uaddr.sun_path
216	4aaf3874	Daniel Hoffend	if (strlen($prefix) > 95) {
217	40588fc4	Daniel Hoffend	$prefix = "{$g['varrun_path']}/dpinger_{$gateway['name']}~" .
218			substr(md5($gateway['gwifip']),0,8) . "~" .
219			$gateway['monitor'];
220			}
221			$pidfile = $prefix . ".pid";
222			$socket = $prefix . ".sock";
223	73e3aa21	Renato Botelho	$alarm_cmd = "{$g['etc_path']}/rc.gateway_alarm";
224	69eefb50	Renato Botelho
225	73e3aa21	Renato Botelho	$params = "-S "; /* Log warnings via syslog */
226	7e1d7724	Renato Botelho	$params .= "-r 0 "; /* Disable unused reporting thread */
227	73e3aa21	Renato Botelho	$params .= "-i {$gateway['name']} "; /* Identifier */
228			$params .= "-B {$gateway['gwifip']} "; /* Bind src address */
229			$params .= "-p {$pidfile} "; /* PID filename */
230			$params .= "-u {$socket} "; /* Status Socket */
231	f396d2b7	Phil Davis	if (!$gateway['action_disable']) {
232			$params .= "-C \"{$alarm_cmd}\" "; /* Command to run on alarm */
233			}
234	69eefb50	Renato Botelho
235	85a2b065	Renato Botelho	$params .= "-d " .
236			(isset($gateway['data_payload']) && is_numeric($gateway['data_payload'])
237			? $gateway['data_payload']
238			: $dpinger_defaults['data_payload']
239			) . " ";
240
241	69eefb50	Renato Botelho	$params .= "-s " .
242			(isset($gateway['interval']) && is_numeric($gateway['interval'])
243			? $gateway['interval']
244			: $dpinger_defaults['interval']
245			) . " ";
246
247			$params .= "-l " .
248	0aeb97d2	Phil Davis	(isset($gateway['loss_interval']) && is_numeric($gateway['loss_interval'])
249	69eefb50	Renato Botelho	? $gateway['loss_interval']
250			: $dpinger_defaults['loss_interval']
251			) . " ";
252
253			$params .= "-t " .
254			(isset($gateway['time_period']) && is_numeric($gateway['time_period'])
255			? $gateway['time_period']
256			: $dpinger_defaults['time_period']
257			) . " ";
258
259			$params .= "-A " .
260			(isset($gateway['alert_interval']) && is_numeric($gateway['alert_interval'])
261			? $gateway['alert_interval']
262			: $dpinger_defaults['alert_interval']
263			) . " ";
264
265			$params .= "-D " .
266			(isset($gateway['latencyhigh']) && is_numeric($gateway['latencyhigh'])
267			? $gateway['latencyhigh']
268			: $dpinger_defaults['latencyhigh']
269			) . " ";
270
271			$params .= "-L " .
272			(isset($gateway['losshigh']) && is_numeric($gateway['losshigh'])
273			? $gateway['losshigh']
274			: $dpinger_defaults['losshigh']
275			) . " ";
276
277	4fc47b2f	Renato Botelho	/* Make sure we don't end up with 2 process for the same GW */
278			stop_dpinger($gateway['name']);
279
280	269677a9	Renato Botelho	/* Do not try to bind IPv6 where interface is in tentative state */
281			if (is_ipaddrv6($gateway['gwifip'])) {
282	363a5c4c	Luiz Souza	$err = interface_wait_tentative(get_real_interface(
283	269677a9	Renato Botelho	$gateway['interface']));
284	363a5c4c	Luiz Souza	if ($err == false) {
285			log_error(gettext("Timeout waiting for IPv6 address in tentative state. dpinger will not run."));
286			return (false);
287			}
288	269677a9	Renato Botelho	}
289
290	61c45d84	Renato Botelho	/* Redirect stdout to /dev/null to avoid exec() to wait for dpinger */
291			return mwexec("/usr/local/bin/dpinger {$params} {$gateway['monitor']} >/dev/null");
292	cdcea13f	Seth Mos	}
293
294	69eefb50	Renato Botelho	/*
295	99c1e285	Chris Buechler	* Starts dpinger processes and adds appropriate static routes for monitor IPs
296	69eefb50	Renato Botelho	*/
297			function setup_gateways_monitor() {
298			global $config, $g;
299	cdcea13f	Seth Mos
300	17e64d8d	Marcos Mendoza	refresh_gateways(); // dynamic gateways may have changed so refresh the cache
301	4bbbcc36	Marcos Mendoza	$gateways_arr = get_gateways();
302	69eefb50	Renato Botelho	if (!is_array($gateways_arr)) {
303	d18f3f6e	Phil Davis	log_error(gettext("No gateways to monitor. dpinger will not run."));
304	69eefb50	Renato Botelho	stop_dpinger();
305			return;
306			}
307	a0892760	Viktor G	if (platform_booting()) {
308			echo "Setting up gateway monitors...";
309			}
310	74c834f1	smos	$monitor_ips = array();
311	69eefb50	Renato Botelho	foreach ($gateways_arr as $gwname => $gateway) {
312	33c06ef7	Ermal	/* Do not monitor if such was requested */
313	9ba87997	Phil Davis	if (isset($gateway['monitor_disable'])) {
314	33c06ef7	Ermal	continue;
315	9ba87997	Phil Davis	}
316	3d471a14	Ermal	if (empty($gateway['monitor']) \|\| !is_ipaddr($gateway['monitor'])) {
317	9ba87997	Phil Davis	if (is_ipaddr($gateway['gateway'])) {
318	3f4e6035	Renato Botelho	$gateways_arr[$gwname]['monitor'] = $gateway['gateway'];
319	9ba87997	Phil Davis	} else { /* No chance to get an ip to monitor skip target. */
320	f31ab121	Ermal	continue;
321	9ba87997	Phil Davis	}
322	3d471a14	Ermal	}
323	f31ab121	Ermal
324	f040882c	Renato Botelho	/* if the monitor address is already used before, skip */
325	9ba87997	Phil Davis	if (in_array($gateway['monitor'], $monitor_ips)) {
326	74c834f1	smos	continue;
327	9ba87997	Phil Davis	}
328	f040882c	Renato Botelho
329	69eefb50	Renato Botelho	/* Interface ip is needed since dpinger will bind a socket to it.
330	9ba87997	Phil Davis	* However the config GUI should already have checked this and when
331	99c1e285	Chris Buechler	* PPPoE is used the IP address is set to "dynamic". So using is_ipaddrv4
332	8c7e38ff	Camlin	* or is_ipaddrv6 to identify packet type would be wrong, especially as
333			* further checks (that can cope with the "dynamic" case) are present inside
334			* the if block. So using $gateway['ipprotocol'] is the better option.
335			*/
336			if ($gateway['ipprotocol'] == "inet") { // This is an IPv4 gateway...
337	640b3a9a	Seth Mos	$gwifip = find_interface_ip($gateway['interface'], true);
338	9ba87997	Phil Davis	if (!is_ipaddrv4($gwifip)) {
339	e9d156fd	Ermal	continue; //Skip this target
340	9ba87997	Phil Davis	}
341	32a9eb18	Ermal
342	9ba87997	Phil Davis	if ($gwifip == "0.0.0.0") {
343	2d793d01	Phil Davis	continue; //Skip this target - the gateway is still waiting for DHCP
344	9ba87997	Phil Davis	}
345	2d793d01	Phil Davis
346	32a9eb18	Ermal	/*
347			* If the gateway is the same as the monitor we do not add a
348			* route as this will break the routing table.
349			* Add static routes for each gateway with their monitor IP
350			* not strictly necessary but is a added level of protection.
351			*/
352	dd965531	luckman212	if (!isset($config['system']['dpinger_dont_add_static_routes']) &&
353			!isset($gateway['dpinger_dont_add_static_route'])) {
354			if (is_ipaddrv4($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) {
355			log_error(sprintf(gettext('Removing static route for monitor %1$s and adding a new route through %2$s'), $gateway['monitor'], $gateway['gateway']));
356			if (interface_isppp_type($gateway['friendlyiface'])) {
357			route_add_or_change($gateway['monitor'],
358			'', $gateway['interface']);
359			system_staticroutes_configure($gateway['friendlyiface']);
360			} else {
361			route_add_or_change($gateway['monitor'],
362			$gateway['gateway']);
363			}
364	7a63d5d0	Ermal LUÇI
365	e79a872f	Christian McDonald	pfSense_kill_states("0.0.0.0/0", $gateway['monitor'], $gateway['interface'], "icmp");
366	dd965531	luckman212	}
367	32a9eb18	Ermal	}
368	8c7e38ff	Camlin	} else if ($gateway['ipprotocol'] == "inet6") { // This is an IPv6 gateway...
369	3f4e6035	Renato Botelho	if (is_linklocal($gateway['gateway']) &&
370			get_ll_scope($gateway['gateway']) == '') {
371	a4b55d11	Chris Buechler	$gateway['gateway'] .= '%' . $gateway['interface'];
372	3f4e6035	Renato Botelho	}
373
374			if (is_linklocal($gateway['monitor'])) {
375			if (get_ll_scope($gateway['monitor']) == '') {
376	dd2fd981	Renato Botelho do Couto	$gateways_arr[$gwname]['monitor'] .= '%' . $gateway['interface'];
377	3f4e6035	Renato Botelho	}
378
379			$gwifip = find_interface_ipv6_ll($gateway['interface'], true);
380
381			if (get_ll_scope($gwifip) == '') {
382			$gwifip .= '%' . $gateway['interface'];
383	dd8d9bdc	Camlin	}
384	81a3b6f5	smos	} else {
385			$gwifip = find_interface_ipv6($gateway['interface'], true);
386			}
387	3f6525c1	Renato Botelho
388	9ba87997	Phil Davis	if (!is_ipaddrv6($gwifip)) {
389	e9d156fd	Ermal	continue; //Skip this target
390	9ba87997	Phil Davis	}
391	32a9eb18	Ermal
392			/*
393			* If the gateway is the same as the monitor we do not add a
394			* route as this will break the routing table.
395			* Add static routes for each gateway with their monitor IP
396			* not strictly necessary but is a added level of protection.
397			*/
398	7a63d5d0	Ermal LUÇI
399	dd965531	luckman212	if (!isset($config['system']['dpinger_dont_add_static_routes']) &&
400			!isset($gateway['dpinger_dont_add_static_route'])) {
401			if ($gateway['gateway'] != $gateways_arr[$gwname]['monitor']) {
402			log_error(sprintf(gettext('Removing static route for monitor %1$s and adding a new route through %2$s'), $gateway['monitor'], $gateway['gateway']));
403			if (interface_isppp_type($gateway['friendlyiface'])) {
404			route_add_or_change($gateway['monitor'],
405			'', $gateway['interface']);
406			system_staticroutes_configure($gateway['friendlyiface']);
407			} else {
408			route_add_or_change($gateway['monitor'],
409			$gateway['gateway']);
410			}
411
412	e79a872f	Christian McDonald	pfSense_kill_states("::0.0.0.0/0", $gateway['monitor'], $gateway['interface'], "icmpv6");
413	dd965531	luckman212	}
414	32a9eb18	Ermal	}
415	9ba87997	Phil Davis	} else {
416	e9d156fd	Ermal	continue;
417	9ba87997	Phil Davis	}
418	3d471a14	Ermal
419	45eb8aeb	Renato Botelho	$monitor_ips[] = $gateway['monitor'];
420	69eefb50	Renato Botelho	$gateways_arr[$gwname]['enable_dpinger'] = true;
421			$gateways_arr[$gwname]['gwifip'] = $gwifip;
422			}
423	3c6787ed	N0YB
424	69eefb50	Renato Botelho	stop_dpinger();
425	3c6787ed	N0YB
426	69eefb50	Renato Botelho	/* Start new processes */
427			foreach ($gateways_arr as $gateway) {
428	3a335f07	Renato Botelho	if (!isset($gateway['enable_dpinger'])) {
429			continue;
430			}
431
432			if (start_dpinger($gateway) != 0) {
433	d18f3f6e	Phil Davis	log_error(sprintf(gettext("Error starting gateway monitor for %s"), $gateway['name']));
434	3c6787ed	N0YB	}
435	69eefb50	Renato Botelho	}
436	a0892760	Viktor G	if (platform_booting()) {
437			echo "done.\n";
438			}
439	3c6787ed	N0YB
440	b42177b9	Renato Botelho	return;
441	69eefb50	Renato Botelho	}
442	3c6787ed	N0YB
443	30d46b63	Marcos Mendoza	/**
444	bedd340c	Marcos Mendoza	* Looks for the highest priority failover tier that is currently online in a
445			* failover gateway group. A failover tier is any tier number greater than the
446			* lowest configured tier number. A failover gateway group must consist of at
447			* least two different tiers.
448			*
449			* @param string $gateway_group Name of an existing failover gateway group
450			*
451			* @return int The tier number - returns 0 if no matches are found
452			* @return false Not a valid failover gateway group
453	30d46b63	Marcos Mendoza	*/
454	bedd340c	Marcos Mendoza	function get_highest_failover_tier_online(?string $gateway_group): int\|false {
455			if (empty($gateway_group)) {
456			return false;
457			}
458
459			foreach (config_get_path('gateways/gateway_group', []) as $group) {
460			// check if this is the gateway group being queried
461			if ($group['name'] != $gateway_group) {
462			continue;
463			}
464
465			// make sure there are expected values and at least two gateways in the gateway group
466			if (!is_array($group['item']) \|\| empty($group['item']) \|\| (count($group['item']) < 2)) {
467			continue;
468			}
469			// build a list of gateways and their tiers
470			$group_gateways = [];
471			foreach ($group['item'] as $item) {
472			$gateway_item = explode("\|", $item);
473			// at least a gateway name and tier is expected
474			if (count($gateway_item) < 2) {
475			continue;
476			}
477
478			$group_gateways[$gateway_item[0]] = intval($gateway_item[1]);
479			}
480
481			// make sure it's a failover group by checking for different tiers
482			$group_tiers = array_unique(array_values($group_gateways));
483			if (count($group_tiers) < 2) {
484			break;
485			}
486
487			if (!isset($gateways_states)) {
488			// get a list of all relevant gateway states
489			$gateways_states = return_gateways_status(true);
490			}
491
492			$highest_tier = min($group_tiers);
493			// remove offline gateways
494			foreach (array_keys($group_gateways) as $gateway_name) {
495			if ($gateways_states[$gateway_name]['status'] != 'online') {
496			unset($group_gateways[$gateway_name]);
497			}
498			}
499
500	42267161	Marcos Mendoza	// no online gateways
501			if (empty($group_gateways)) {
502			return 0;
503			}
504
505			// highest online is highest tier
506	bedd340c	Marcos Mendoza	$highest_online_tier = min(array_values($group_gateways));
507	42267161	Marcos Mendoza	if ($highest_online_tier == $highest_tier) {
508	bedd340c	Marcos Mendoza	return 0;
509			}
510
511	42267161	Marcos Mendoza	// return the highest-priority failover tier of online gateways
512			return $highest_online_tier;
513	bedd340c	Marcos Mendoza	}
514
515			return false;
516			}
517
518			/**
519			* Loops through each gateway group and kills states for lower-priority gateways.
520			* Supports the same gateway at different tiers in different gateway groups. A
521			* failover gateway group name may be provided to restrict the state removal.
522			*
523			* @param string $gateway_name Gateway group name to remove failover states for
524			*/
525			function remove_failover_states(?string $gateway_name = null): void {
526			// get the global default for gateway groups
527			$keep_failover_states = config_path_enabled('system', 'keep_failover_states');
528
529	30d46b63	Marcos Mendoza	// if killing states from the firewall itself, check for default failover gateway groups
530			$remove_states_default = config_get_path('system/remove_failover_states_default');
531			if ($remove_states_default) {
532			$default_gateways = [];
533
534			$default_gateway4 = config_get_path('gateways/defaultgw4', '');
535			if (!empty($default_gateway4)) {
536			$default_gateways[$default_gateway4] = null;
537			}
538			$default_gateway6 = config_get_path('gateways/defaultgw6', '');
539			if (!empty($default_gateway6)) {
540			$default_gateways[$default_gateway6] = null;
541			}
542			}
543
544			foreach (config_get_path('gateways/gateway_group', []) as $group) {
545			// skip if states don't need to be killed for this gateway group
546	bedd340c	Marcos Mendoza	if ((!empty($gateway_name) && ($group['name'] != $gateway_name)) \|\|
547			($keep_failover_states && ($group['keep_failover_states'] != 'kill'))) {
548	30d46b63	Marcos Mendoza	continue;
549			}
550
551			// make sure there are expected values and at least two gateways in the gateway group
552			if (!is_array($group['item']) \|\| empty($group['item']) \|\| (count($group['item']) < 2)) {
553			continue;
554			}
555	bedd340c	Marcos Mendoza	// build a list gateway interfaces and tiers
556			$gateway_interfaces = [];
557	30d46b63	Marcos Mendoza	foreach ($group['item'] as $item) {
558			$gateway_item = explode("\|", $item);
559			// at least a gateway name and tier is expected
560			if (count($gateway_item) < 2) {
561			continue;
562			}
563
564			if (!isset($gateways_states)) {
565			// get a list of all relevant gateway states
566			$gateways_states = return_gateways_status(true);
567			}
568
569	bedd340c	Marcos Mendoza	// only process online gateways
570			if ($gateways_states[$gateway_item[0]]['status'] != 'online') {
571			continue;
572			}
573	30d46b63	Marcos Mendoza
574	bedd340c	Marcos Mendoza	if (!isset($all_gateways)) {
575			// get a list of all relevant gateways
576			$all_gateways = get_gateways();
577	30d46b63	Marcos Mendoza	}
578
579	bedd340c	Marcos Mendoza	// get the gateway's interface and tier
580			$gateway_interfaces[$all_gateways[$gateway_item[0]]['interface']] = intval($gateway_item[1]);
581	30d46b63	Marcos Mendoza	}
582
583	bedd340c	Marcos Mendoza	// make sure there are at least two online gateways (interfaces) in this gateway group
584			if (empty($gateway_interfaces) \|\| (count($gateway_interfaces) < 2)) {
585			continue;
586	30d46b63	Marcos Mendoza	}
587
588	bedd340c	Marcos Mendoza	// build a list of interfaces, used to kill states from the firewall itself
589	30d46b63	Marcos Mendoza	if ($remove_states_default && array_key_exists($group['name'], $default_gateways)) {
590	bedd340c	Marcos Mendoza	// get the interfaces of the default gateway group
591			$default_gateways[$group['name']] = $gateway_interfaces;
592	30d46b63	Marcos Mendoza
593	bedd340c	Marcos Mendoza	// for states from the firewall itself (when the default gateway is set to a failover gateway group)
594			foreach (array_keys($gateway_interfaces, min(array_values($gateway_interfaces))) as $gateway_interface) {
595			// exclude the interface of the highest priority gateway(s)
596	30d46b63	Marcos Mendoza	unset($default_gateways[$group['name']][$gateway_interface]);
597			}
598
599	bedd340c	Marcos Mendoza	// all states are to be killed for this gateway group, skip killing only policy routing states
600	30d46b63	Marcos Mendoza	continue;
601			}
602
603	bedd340c	Marcos Mendoza	// build a list of tiers to kill policy routing states for
604			$tiers_to_kill = array_unique(array_values($gateway_interfaces));
605			// avoid killing states for the higher-tier gateway(s)
606			$tiers_to_kill = array_diff($tiers_to_kill, [min($tiers_to_kill)]);
607			foreach ($tiers_to_kill as $tier) {
608			mwexec_bg('/sbin/pfctl -M -k label -k ' . escapeshellarg("gw{$tier}:{$group['name']}") . ' -q');
609	30d46b63	Marcos Mendoza	}
610			}
611
612			// kill all states for the default failover gateway groups
613			if (!$remove_states_default) {
614			return;
615			}
616			foreach ($default_gateways as $gateway_name => $gateway_interfaces) {
617			if (empty($gateway_interfaces)) {
618			continue;
619			}
620
621			/* filtering for the address family allows states that have been created by user
622			rules with a gateway of a different IP family on the same interface to remain */
623			if ($remove_states_default == 'ipfamily') {
624			$host_prefix = ($gateway_name == $default_gateway4) ? '-k 0.0.0.0/0' : '-k ::/0';
625			} else {
626			$host_prefix = '';
627			}
628			foreach (array_keys($gateway_interfaces) as $gateway_interface) {
629			mwexec_bg('/sbin/pfctl -M -i ' . escapeshellarg($gateway_interface) . " {$host_prefix} -q");
630			}
631			}
632			}
633
634	4bbbcc36	Marcos Mendoza	function get_dpinger_status($gwname, $action_disable = false) {
635	69eefb50	Renato Botelho	global $g;
636	3d471a14	Ermal
637	73e3aa21	Renato Botelho	$running_processes = running_dpinger_processes();
638
639			if (!isset($running_processes[$gwname])) {
640	a9fc44f0	Renato Botelho do Couto	log_error(sprintf(gettext(
641			'dpinger: No dpinger session running for gateway %s'),
642			$gwname));
643	73e3aa21	Renato Botelho	return false;
644			}
645
646			$proc = $running_processes[$gwname];
647			unset($running_processes);
648	81f19476	Renato Botelho
649	2100cd0b	Renato Botelho do Couto	$timeoutcounter = 0;
650			while (true) {
651			if (!file_exists($proc['socket'])) {
652			log_error("dpinger: status socket {$proc['socket']} not found");
653			return false;
654			}
655			$fp = @stream_socket_client("unix://{$proc['socket']}", $errno, $errstr, 10);
656			if (!$fp) {
657			log_error(sprintf(gettext('dpinger: cannot connect to status socket %1$s - %2$s (%3$s)'), $proc['socket'], $errstr, $errno));
658			return false;
659			}
660
661			$status = '';
662			while (!feof($fp)) {
663			$status .= fgets($fp, 1024);
664			}
665			fclose($fp);
666
667	29fa6f0f	PiBa-NL	$r = array();
668			list(
669			$r['gwname'],
670			$r['latency_avg'],
671			$r['latency_stddev'],
672			$r['loss']
673	2100cd0b	Renato Botelho do Couto	) = explode(' ', preg_replace('/\n/', '', $status));
674	179377b0	robjarsen
675	2100cd0b	Renato Botelho do Couto	// dpinger returns '<gwname> 0 0 0' when queried directly after it starts.
676			// while a latency of 0 and a loss of 0 would be perfect, in a real world it doesnt happen.
677			// or does it, anyone? if so we must 'detect' the initialization period differently..
678			$ready = $r['latency_stddev'] != '0' \|\| $r['loss'] != '0';
679	5affb137	vsquared56
680	2100cd0b	Renato Botelho do Couto	if ($ready) {
681			break;
682			} else {
683			$timeoutcounter++;
684			if ($timeoutcounter > 300) {
685			log_error(sprintf(gettext('dpinger: timeout while retrieving status for gateway %s'), $gwname));
686			return false;
687	5affb137	vsquared56	}
688	2100cd0b	Renato Botelho do Couto	usleep(10000);
689	29fa6f0f	PiBa-NL	}
690	cdcea13f	Seth Mos	}
691
692	73e3aa21	Renato Botelho	$r['srcip'] = $proc['srcip'];
693			$r['targetip'] = $proc['targetip'];
694
695	4bbbcc36	Marcos Mendoza	$gateways_arr = get_gateways(GW_CACHE_ALL);
696	1cf01478	Steve Beaver
697	69eefb50	Renato Botelho	unset($gw);
698			if (isset($gateways_arr[$gwname])) {
699			$gw = $gateways_arr[$gwname];
700	746f0afb	Ermal	}
701	4f060616	Ermal
702	08e18c83	Renato Botelho	$r['latency_avg'] = round($r['latency_avg']/1000, 3);
703			$r['latency_stddev'] = round($r['latency_stddev']/1000, 3);
704
705	04a72a97	vsquared56	$r['status'] = "online";
706			$r['substatus'] = "none";
707	69eefb50	Renato Botelho	if (isset($gw) && isset($gw['force_down'])) {
708	04a72a97	vsquared56	$r['status'] = "down";
709			$r['substatus'] = "force_down";
710	69eefb50	Renato Botelho	} else if (isset($gw)) {
711	73e3aa21	Renato Botelho	$settings = return_dpinger_defaults();
712
713			$keys = array(
714			'latencylow',
715			'latencyhigh',
716			'losslow',
717			'losshigh'
718			);
719
720			/* Replace default values by user-defined */
721			foreach ($keys as $key) {
722			if (isset($gw[$key]) && is_numeric($gw[$key])) {
723			$settings[$key] = $gw[$key];
724			}
725	d8f89cce	Renato Botelho	}
726
727	f396d2b7	Phil Davis	if ($r['latency_avg'] > $settings['latencyhigh']) {
728	04a72a97	vsquared56	if (!$action_disable) {
729	f396d2b7	Phil Davis	$r['status'] = "down";
730			}
731	04a72a97	vsquared56	$r['substatus'] = "highdelay";
732	f396d2b7	Phil Davis	} else if ($r['loss'] > $settings['losshigh']) {
733	04a72a97	vsquared56	if (!$action_disable) {
734	f396d2b7	Phil Davis	$r['status'] = "down";
735			}
736	04a72a97	vsquared56	$r['substatus'] = "highloss";
737	73e3aa21	Renato Botelho	} else if ($r['latency_avg'] > $settings['latencylow']) {
738	04a72a97	vsquared56	$r['substatus'] = "delay";
739	73e3aa21	Renato Botelho	} else if ($r['loss'] > $settings['losslow']) {
740	04a72a97	vsquared56	$r['substatus'] = "loss";
741	69eefb50	Renato Botelho	}
742			}
743
744			return $r;
745	cdcea13f	Seth Mos	}
746
747	0aeb97d2	Phil Davis	/* return the status of the dpinger targets as an array */
748	4bbbcc36	Marcos Mendoza	function return_gateways_status($byname = false) {
749	ae9618af	Ermal	global $config, $g;
750	cdcea13f	Seth Mos
751	69eefb50	Renato Botelho	$dpinger_gws = running_dpinger_processes();
752	67ee1ec5	Ermal Luçi	$status = array();
753	69eefb50	Renato Botelho
754	4bbbcc36	Marcos Mendoza	$gateways_arr = get_gateways(GW_CACHE_ALL);
755	69eefb50	Renato Botelho
756	73e3aa21	Renato Botelho	foreach ($dpinger_gws as $gwname => $gwdata) {
757	a9fc44f0	Renato Botelho do Couto	/*
758			* If action is disabled for this gateway, then we want a
759			* detailed status. That reports "highdelay" or "highloss"
760			* rather than just "down". Because reporting the gateway
761			* down would be misleading (gateway action is disabled)
762			*/
763	04a72a97	vsquared56	$action_disable = $gateways_arr[$gwname]['action_disable'];
764	4bbbcc36	Marcos Mendoza	$dpinger_status = get_dpinger_status($gwname, $action_disable);
765	69eefb50	Renato Botelho	if ($dpinger_status === false) {
766			continue;
767			}
768
769	9ba87997	Phil Davis	if ($byname == false) {
770	69eefb50	Renato Botelho	$target = $dpinger_status['targetip'];
771	9ba87997	Phil Davis	} else {
772	69eefb50	Renato Botelho	$target = $gwname;
773	9ba87997	Phil Davis	}
774	47c48e28	smos
775	dea0921d	Ermal	$status[$target] = array();
776	69eefb50	Renato Botelho	$status[$target]['monitorip'] = $dpinger_status['targetip'];
777			$status[$target]['srcip'] = $dpinger_status['srcip'];
778			$status[$target]['name'] = $gwname;
779	a9fc44f0	Renato Botelho do Couto	$status[$target]['delay'] =
780			empty($dpinger_status['latency_avg'])
781			? "0ms"
782			: $dpinger_status['latency_avg'] . "ms";
783			$status[$target]['stddev'] =
784			empty($dpinger_status['latency_stddev'])
785			? "0ms"
786			: $dpinger_status['latency_stddev'] . "ms";
787			$status[$target]['loss'] = empty($dpinger_status['loss'])
788			? "0.0%"
789			: round($dpinger_status['loss'], 1) . "%";
790	69eefb50	Renato Botelho	$status[$target]['status'] = $dpinger_status['status'];
791	04a72a97	vsquared56	$status[$target]['substatus'] = $dpinger_status['substatus'];
792	cdcea13f	Seth Mos	}
793	68f291ff	Ermal
794	47c48e28	smos	/* tack on any gateways that have monitoring disabled
795			* or are down, which could cause gateway groups to fail */
796	9ba87997	Phil Davis	foreach ($gateways_arr as $gwitem) {
797			if (!isset($gwitem['monitor_disable'])) {
798	fd34d6a9	Ermal	continue;
799	9ba87997	Phil Davis	}
800	69eefb50	Renato Botelho	if (!is_ipaddr($gwitem['monitor'])) {
801	fd34d6a9	Ermal	$realif = $gwitem['interface'];
802			$tgtip = get_interface_gateway($realif);
803	9ba87997	Phil Davis	if (!is_ipaddr($tgtip)) {
804	fd34d6a9	Ermal	$tgtip = "none";
805	9ba87997	Phil Davis	}
806	fd34d6a9	Ermal	$srcip = find_interface_ip($realif);
807			} else {
808	69eefb50	Renato Botelho	$tgtip = $gwitem['monitor'];
809	fd34d6a9	Ermal	$srcip = find_interface_ip($realif);
810			}
811	9ba87997	Phil Davis	if ($byname == true) {
812	fd34d6a9	Ermal	$target = $gwitem['name'];
813	9ba87997	Phil Davis	} else {
814	fd34d6a9	Ermal	$target = $tgtip;
815	9ba87997	Phil Davis	}
816	fd34d6a9	Ermal
817			/* failsafe for down interfaces */
818	9ba87997	Phil Davis	if ($target == "none") {
819	fd34d6a9	Ermal	$target = $gwitem['name'];
820			$status[$target]['name'] = $gwitem['name'];
821			$status[$target]['delay'] = "0.0ms";
822			$status[$target]['loss'] = "100.0%";
823			$status[$target]['status'] = "down";
824	04a72a97	vsquared56	$status[$target]['substatus'] = "down";
825	fd34d6a9	Ermal	} else {
826			$status[$target]['monitorip'] = $tgtip;
827			$status[$target]['srcip'] = $srcip;
828			$status[$target]['name'] = $gwitem['name'];
829	aeb87745	Chris Buechler	$status[$target]['delay'] = "";
830			$status[$target]['loss'] = "";
831	04a72a97	vsquared56	$status[$target]['status'] = "online";
832			$status[$target]['substatus'] = "none";
833	16106d2e	smos	}
834	0c5d4e8d	Phil Davis
835			$status[$target]['monitor_disable'] = true;
836	16106d2e	smos	}
837	cdcea13f	Seth Mos	return($status);
838	17623ab5	Bill Marquette	}
839
840	a4867a30	jim-p	function return_gateways_status_text($byname = false, $brief = false) {
841			$gwstat = return_gateways_status($byname);
842			$output = "";
843			$widths = array();
844			$col_sep = 2;
845			if ($brief) {
846			$collist = array('status' => "Status");
847			} else {
848			$collist = array('monitorip' => "Monitor",
849			'srcip' => "Source",
850			'delay' => "Delay",
851			'stddev' => "StdDev",
852			'loss' => "Loss",
853	04a72a97	vsquared56	'status' => "Status",
854			'substatus' => "Substatus");
855	a4867a30	jim-p	}
856			foreach ($gwstat as $gw) {
857			foreach ($gw as $gwdidx => $gwdata) {
858			if (strlen($gwdata) > $widths[$gwdidx]) {
859			$widths[$gwdidx] = strlen($gwdata);
860			}
861			}
862			}
863
864			$output .= str_pad("Name", $widths['name'] + $col_sep, " ", STR_PAD_RIGHT);
865			foreach ($collist as $hdrcol => $hdrdesc) {
866			if (strlen($hdrdesc) > $widths[$hdrcol]) {
867			$widths[$hdrcol] = strlen($hdrdesc);
868			}
869			$output .= str_pad($hdrdesc, $widths[$hdrcol] + $col_sep, " ", (substr($hdrcol, -2, 2) == "ip") ? STR_PAD_RIGHT : STR_PAD_LEFT);
870			}
871			$output .= "\n";
872
873			foreach ($gwstat as $idx => $gw) {
874			$output .= str_pad($gw['name'], $widths['name'] + $col_sep, " ", STR_PAD_RIGHT);
875			foreach (array_keys($collist) as $col) {
876			$output .= str_pad($gw[$col], $widths[$col] + $col_sep, " ", (substr($col, -2, 2) == "ip") ? STR_PAD_RIGHT : STR_PAD_LEFT);
877			}
878			$output .= "\n";
879			}
880
881			return $output;
882			}
883
884	e311cb79	PiBa-NL	function compare_gateway_order_configured($a, $b) {
885	c38de34b	Renato Botelho	/* XXX WAN always has precedence */
886			if ($a['friendlyiface'] == "wan") {
887			return -1;
888			} elseif ($b['friendlyiface'] == "wan") {
889			return 1;
890			}
891
892	e311cb79	PiBa-NL	if ($a['attribute'] === $b['attribute']) {
893			if ($a['attribute'] === 'system') {
894			$res = (($a['name'] < $b['name'])) ? -1 : 1;
895			return $res;
896			}
897			return 0;
898			}
899			if ($a['attribute'] === 'system' \|\| $b['attribute'] === 'system') {
900			$res = (($b['attribute'] === 'system')) ? -1 : 1;
901			return $res;
902			}
903			$res = ($a['attribute'] < $b['attribute']) ? -1 : 1;
904			return $res;
905			}
906
907			function order_gateways_as_configured($gateways_arr) {
908			uasort($gateways_arr, 'compare_gateway_order_configured');
909			return $gateways_arr;
910			}
911
912	161cd113	Phil Davis	/* Return all configured gateways on the system
913			$disabled = true - include gateways that are disabled
914			$localhost = true - include "Null" entries for localhost IP addresses
915			$inactive = true - include gateways on inactive interfaces
916			*/
917	4bbbcc36	Marcos Mendoza	function return_gateways_array($disabled = false, $localhost = false, $inactive = false) {
918	8d3556c2	gnhb	global $config, $g;
919	7901dff5	Ermal Luçi
920	c66b4242	Seth Mos	$gateways_arr = array();
921	8d848bdf	Phil Davis	$gateways_arr_temp = array();
922	c428cdf4	Renato Botelho do Couto	$cgw4 = route_get_default('inet');
923			$cgw6 = route_get_default('inet6');
924	74c834f1	smos	$found_defaultv4 = 0;
925			$found_defaultv6 = 0;
926
927	33e71f10	jim-p	// Ensure the interface cache is up to date first
928			$interfaces = get_interface_arr(true);
929	3930a9c0	smos
930	23d9f686	Renato Botelho	$i = -1;
931	3d471a14	Ermal	/* Process/add all the configured gateways. */
932	27e329ce	jim-p	if (is_array($config['gateways']) && is_array($config['gateways']['gateway_item'])) {
933	ac0a027f	Christian McDonald	foreach (config_get_path('gateways/gateway_item', []) as $gateway) {
934	a155dc5e	Steve Beaver	if (!is_array($gateway) \|\| empty($gateway)) {
935			continue;
936			}
937	ded59fb6	Kapmeister
938	23d9f686	Renato Botelho	/* Increment it here to do not skip items */
939			$i++;
940	27e329ce	jim-p	if (isset($gateway['defaultgw'])) {
941			unset($gateway['defaultgw']);
942			}
943	23d9f686	Renato Botelho
944	d250c083	jim-p	if (empty($config['interfaces'][$gateway['interface']])) {
945	9ba87997	Phil Davis	if ($inactive === false) {
946	06b8d43c	Renato Botelho	continue;
947	9ba87997	Phil Davis	} else {
948	06b8d43c	Renato Botelho	$gateway['inactive'] = true;
949	9ba87997	Phil Davis	}
950	06b8d43c	Renato Botelho	}
951	829322b3	Christian McDonald	$wancfg = config_get_path("interfaces/{$gateway['interface']}");
952	1500614c	Ermal
953			/* skip disabled interfaces */
954	9ba87997	Phil Davis	if ($disabled === false && (!isset($wancfg['enable']))) {
955	1500614c	Ermal	continue;
956	9ba87997	Phil Davis	}
957	c1d36d26	smos
958	3930a9c0	smos	/* if the gateway is dynamic and we can find the IPv4, Great! */
959	d07bc322	Renato Botelho	if (empty($gateway['gateway']) \|\| $gateway['gateway'] == "dynamic") {
960	1500614c	Ermal	if ($gateway['ipprotocol'] == "inet") {
961			/* we know which interfaces is dynamic, this should be made a function */
962	65cfd0ca	Renato Botelho	$gateway['gateway'] = get_interface_gateway($gateway['interface']);
963			/* no IP address found, set to dynamic */
964	9ba87997	Phil Davis	if (!is_ipaddrv4($gateway['gateway'])) {
965	65cfd0ca	Renato Botelho	$gateway['gateway'] = "dynamic";
966	9ba87997	Phil Davis	}
967	65cfd0ca	Renato Botelho	$gateway['dynamic'] = true;
968	74c834f1	smos	}
969	c1d36d26	smos
970	d07bc322	Renato Botelho	/* if the gateway is dynamic and we can find the IPv6, Great! */
971	8e78c82c	Renato Botelho	else if ($gateway['ipprotocol'] == "inet6") {
972	1500614c	Ermal	/* we know which interfaces is dynamic, this should be made a function, and for v6 too */
973	65cfd0ca	Renato Botelho	$gateway['gateway'] = get_interface_gateway_v6($gateway['interface']);
974	d07bc322	Renato Botelho	/* no IPv6 address found, set to dynamic */
975	9ba87997	Phil Davis	if (!is_ipaddrv6($gateway['gateway'])) {
976	d07bc322	Renato Botelho	$gateway['gateway'] = "dynamic";
977	9ba87997	Phil Davis	}
978	65cfd0ca	Renato Botelho	$gateway['dynamic'] = true;
979	7671c940	Seth Mos	}
980	1500614c	Ermal	} else {
981			/* getting this detection right is hard at this point because we still don't
982			* store the address family in the gateway item */
983	9ba87997	Phil Davis	if (is_ipaddrv4($gateway['gateway'])) {
984	1500614c	Ermal	$gateway['ipprotocol'] = "inet";
985	9ba87997	Phil Davis	} else if (is_ipaddrv6($gateway['gateway'])) {
986	1500614c	Ermal	$gateway['ipprotocol'] = "inet6";
987	9ba87997	Phil Davis	}
988	2328dcc5	Seth Mos	}
989	c1d36d26	smos
990	9ba87997	Phil Davis	if (isset($gateway['monitor_disable'])) {
991	33c06ef7	Ermal	$gateway['monitor_disable'] = true;
992	9ba87997	Phil Davis	} else if (empty($gateway['monitor'])) {
993	2328dcc5	Seth Mos	$gateway['monitor'] = $gateway['gateway'];
994	9ba87997	Phil Davis	}
995	3d471a14	Ermal
996	f396d2b7	Phil Davis	if (isset($gateway['action_disable'])) {
997			$gateway['action_disable'] = true;
998			}
999
1000	883c53c9	Ermal Lu?i	$gateway['friendlyiface'] = $gateway['interface'];
1001	a2ec7b0a	Steve Beaver	$gateway['friendlyifdescr'] = convert_friendly_interface_to_friendly_descr($gateway['interface']);
1002	c1d36d26	smos
1003			/* special treatment for tunnel interfaces */
1004	1500614c	Ermal	if ($gateway['ipprotocol'] == "inet6") {
1005	33e71f10	jim-p	$gateway['interface'] = get_real_interface($gateway['interface'], "inet6", false, false);
1006	1500614c	Ermal	} else {
1007	2a5960b0	Luiz Otavio O Souza	$gateway['interface'] = get_real_interface($gateway['interface'], "inet", false, false);
1008	1500614c	Ermal	}
1009	74c834f1	smos
1010	35298a2f	Steve Beaver	if ($gateway['ipprotocol'] == "inet" &&
1011	3cd21b4e	PiBa-NL	($gateway['gateway'] == $cgw4)) {
1012	43a9b03d	PiBa-NL	$gateway['isdefaultgw'] = true;
1013			$found_defaultv4 = 1;
1014	35298a2f	Steve Beaver	} else if ($gateway['ipprotocol'] == "inet6" &&
1015	3cd21b4e	PiBa-NL	($gateway['gateway'] == $cgw6)) {
1016	43a9b03d	PiBa-NL	$gateway['isdefaultgw'] = true;
1017			$found_defaultv6 = 1;
1018	74c834f1	smos	}
1019	3d471a14	Ermal	/* include the gateway index as the attribute */
1020			$gateway['attribute'] = $i;
1021	2328dcc5	Seth Mos
1022	8d848bdf	Phil Davis	/* Remember all the gateway names, even ones to be skipped because they are disabled. */
1023			/* Then we can easily know and match them later when attempting to add dynamic gateways to the list. */
1024			$gateways_arr_temp[$gateway['name']] = $gateway;
1025
1026			/* skip disabled gateways if the caller has not asked for them to be returned. */
1027	9ba87997	Phil Davis	if (!($disabled === false && isset($gateway['disabled']))) {
1028	8d848bdf	Phil Davis	$gateways_arr[$gateway['name']] = $gateway;
1029	9ba87997	Phil Davis	}
1030	2328dcc5	Seth Mos	}
1031	c1d36d26	smos	}
1032	1500614c	Ermal	unset($gateway);
1033	179377b0	robjarsen
1034	065bd33d	Chris Rowe	//Sort the array by GW name before moving on.
1035			ksort($gateways_arr, SORT_STRING \| SORT_FLAG_CASE);
1036	883c53c9	Ermal Lu?i
1037	ef05ae5f	Ermal	/* Loop through all interfaces with a gateway and add it to a array */
1038	9ba87997	Phil Davis	if ($disabled == false) {
1039	ef05ae5f	Ermal	$iflist = get_configured_interface_with_descr();
1040	9ba87997	Phil Davis	} else {
1041	f593f80b	Phil Davis	$iflist = get_configured_interface_with_descr(true);
1042	9ba87997	Phil Davis	}
1043	ef05ae5f	Ermal
1044	c3a0d2a5	Seth Mos	/* Process/add dynamic v4 gateways. */
1045	086cf944	Phil Davis	foreach ($iflist as $ifname => $friendly) {
1046			if (!interface_has_gateway($ifname)) {
1047	883c53c9	Ermal Lu?i	continue;
1048	9ba87997	Phil Davis	}
1049	3d471a14	Ermal
1050	9ba87997	Phil Davis	if (empty($config['interfaces'][$ifname])) {
1051	86df2846	jim-p	continue;
1052	9ba87997	Phil Davis	}
1053	86df2846	jim-p
1054			$ifcfg = &$config['interfaces'][$ifname];
1055	9ba87997	Phil Davis	if (!isset($ifcfg['enable'])) {
1056	e62fe748	Ermal	continue;
1057	9ba87997	Phil Davis	}
1058	e62fe748	Ermal
1059	9ba87997	Phil Davis	if (!empty($ifcfg['ipaddr']) && is_ipaddrv4($ifcfg['ipaddr'])) {
1060	74c834f1	smos	continue;
1061	9ba87997	Phil Davis	}
1062	3930a9c0	smos
1063	74c834f1	smos	$ctype = "";
1064	9ba87997	Phil Davis	switch ($ifcfg['ipaddr']) {
1065	74c834f1	smos	case "dhcp":
1066			case "pppoe":
1067	3343571b	jim-p	case "l2tp":
1068	74c834f1	smos	case "pptp":
1069	b2ff5d17	smos	case "ppp":
1070	74c834f1	smos	$ctype = strtoupper($ifcfg['ipaddr']);
1071			break;
1072	daac437f	jim-p	default:
1073	11fb4543	Chris Buechler	$tunnelif = substr($ifcfg['if'], 0, 3);
1074	6c07db48	Phil Davis	if (substr($ifcfg['if'], 0, 4) == "ovpn") {
1075	4f62b7c0	luckman212	switch (substr($ifcfg['if'], 4, 1)) {
1076			case "c":
1077			$ovpntype = "openvpn-client";
1078			break;
1079			case "s":
1080			$ovpntype = "openvpn-server";
1081			break;
1082			default:
1083			// unknown ovpn type
1084	05221142	jim-p	continue 3;
1085	4f62b7c0	luckman212	}
1086			$ovpnid = substr($ifcfg['if'], 5);
1087	0dbc2d6a	jim-p	foreach (config_get_path("openvpn/{$ovpntype}", []) as $ovpnconf) {
1088			if (empty($ovpnconf)) {
1089			continue;
1090			}
1091			if ($ovpnconf['vpnid'] == $ovpnid) {
1092			// skip IPv6-only interfaces
1093			if ($ovpnconf['create_gw'] == "v6only") {
1094			continue 3;
1095			}
1096			// skip tap interfaces
1097			if ($ovpnconf['dev_mode'] == "tap") {
1098			continue 3;
1099	687ff78c	Chris Buechler	}
1100			}
1101			}
1102	daac437f	jim-p	$ctype = "VPNv4";
1103	bd4c337c	jim-p	} elseif (substr($ifcfg['if'], 0, 5) == "ipsec") {
1104			$ikeid = substr($ifcfg['if'], 5);
1105	0dbc2d6a	jim-p	if (!empty(config_get_path('ipsec/phase1', [])) &&
1106			!empty(config_get_path('ipsec/phase2', []))) {
1107			foreach (config_get_path('ipsec/phase1', []) as $ph1ent) {
1108			if (empty($ph1ent) \|\| $ph1ent['disabled']) {
1109	bd4c337c	jim-p	continue;
1110			}
1111	aea2a0c3	jim-p	$vtisubnet_spec = ipsec_vti($ph1ent, true);
1112	bd4c337c	jim-p	// Skip non-VTI tunnels
1113	aea2a0c3	jim-p	if (!$vtisubnet_spec \|\| !is_array($vtisubnet_spec)) {
1114	bd4c337c	jim-p	continue;
1115			}
1116	aea2a0c3	jim-p	if (!isset($ph1ent['mobile']) && ($keyexchange == 'ikev1' \|\| isset($ph1ent['splitconn']))) {
1117			foreach ($vtisubnet_spec as $idx => $vtisub) {
1118	bec6dcfb	jim-p	if ($ifcfg['if'] == ipsec_get_ifname($ph1ent, $vtisub['reqid'])) {
1119	aea2a0c3	jim-p	// If this specific VTI remote is v4, then we can make a v4 gw
1120			if (is_ipaddrv4($vtisub['right'])) {
1121			$ctype = "VTIv4";
1122			}
1123			}
1124			}
1125			} else {
1126	bec6dcfb	jim-p	if ($ifcfg['if'] == ipsec_get_ifname($ph1ent)) {
1127	aea2a0c3	jim-p	// If any of the VTI remotes are v4, then we can make a v4 gw
1128			foreach ($vtisubnet_spec as $vtisub) {
1129			if (is_ipaddrv4($vtisub['right'])) {
1130			$ctype = "VTIv4";
1131			}
1132			}
1133	bd4c337c	jim-p	}
1134			}
1135			}
1136			if (empty($ctype)) {
1137			continue 2;
1138			}
1139			}
1140			} elseif ($tunnelif == "gif" \|\| $tunnelif == "gre") {
1141	bac17444	Chris Buechler	$ctype = "TUNNELv4";
1142	9ba87997	Phil Davis	}
1143	daac437f	jim-p	break;
1144	74c834f1	smos	}
1145			$ctype = "_". strtoupper($ctype);
1146
1147	883c53c9	Ermal Lu?i	$gateway = array();
1148			$gateway['dynamic'] = false;
1149	c3a0d2a5	Seth Mos	$gateway['ipprotocol'] = "inet";
1150	883c53c9	Ermal Lu?i	$gateway['gateway'] = get_interface_gateway($ifname, $gateway['dynamic']);
1151			$gateway['interface'] = get_real_interface($ifname);
1152			$gateway['friendlyiface'] = $ifname;
1153	a2ec7b0a	Steve Beaver	$gateway['friendlyifdescr'] = convert_friendly_interface_to_friendly_descr($ifname);
1154	74c834f1	smos	$gateway['name'] = "{$friendly}{$ctype}";
1155	883c53c9	Ermal Lu?i	$gateway['attribute'] = "system";
1156	f040882c	Renato Botelho
1157	74c834f1	smos	if (($gateway['dynamic'] === "default") && ($found_defaultv4 == 0)) {
1158	43a9b03d	PiBa-NL	$gateway['isdefaultgw'] = true;
1159	999111cb	Ermal	$gateway['dynamic'] = true;
1160	74c834f1	smos	$found_defaultv4 = 1;
1161	999111cb	Ermal	}
1162	43a9b03d	PiBa-NL
1163	883c53c9	Ermal Lu?i	/* Loopback dummy for dynamic interfaces without a IP */
1164	9ba87997	Phil Davis	if (!is_ipaddrv4($gateway['gateway']) && $gateway['dynamic'] == true) {
1165	999111cb	Ermal	$gateway['gateway'] = "dynamic";
1166	9ba87997	Phil Davis	}
1167	3439b033	Seth Mos
1168	8d848bdf	Phil Davis	/* automatically skip known static and dynamic gateways that were previously processed */
1169	9ba87997	Phil Davis	foreach ($gateways_arr_temp as $gateway_item) {
1170	c3a0d2a5	Seth Mos	if ((($ifname == $gateway_item['friendlyiface'] && $friendly == $gateway_item['name'])&& ($gateway['ipprotocol'] == $gateway_item['ipprotocol'])) \|\|
1171	918bdf0d	Phil Davis	(($ifname == $gateway_item['friendlyiface'] && $gateway_item['dynamic'] == true) && ($gateway['ipprotocol'] == $gateway_item['ipprotocol']))) {
1172	9ba87997	Phil Davis	continue 2;
1173			}
1174	883c53c9	Ermal Lu?i	}
1175	c66b4242	Seth Mos
1176	9ba87997	Phil Davis	if (is_ipaddrv4($gateway['gateway'])) {
1177	883c53c9	Ermal Lu?i	$gateway['monitor'] = $gateway['gateway'];
1178	9ba87997	Phil Davis	}
1179	c65e1e0d	Ermal
1180	74c834f1	smos	$gateway['descr'] = "Interface {$friendly}{$ctype} Gateway";
1181	c3a0d2a5	Seth Mos	$gateways_arr[$gateway['name']] = $gateway;
1182			}
1183	1500614c	Ermal	unset($gateway);
1184	c3a0d2a5	Seth Mos
1185			/* Process/add dynamic v6 gateways. */
1186	086cf944	Phil Davis	foreach ($iflist as $ifname => $friendly) {
1187	0715ad50	jim-p	/* If the user has disabled IPv6, they probably don't want any IPv6 gateways. */
1188	9ba87997	Phil Davis	if (!isset($config['system']['ipv6allow'])) {
1189	0715ad50	jim-p	break;
1190	9ba87997	Phil Davis	}
1191	0715ad50	jim-p
1192	086cf944	Phil Davis	if (!interface_has_gatewayv6($ifname)) {
1193	c3a0d2a5	Seth Mos	continue;
1194	9ba87997	Phil Davis	}
1195	c3a0d2a5	Seth Mos
1196	9ba87997	Phil Davis	if (empty($config['interfaces'][$ifname])) {
1197	c3a0d2a5	Seth Mos	continue;
1198	9ba87997	Phil Davis	}
1199	c3a0d2a5	Seth Mos
1200			$ifcfg = &$config['interfaces'][$ifname];
1201	9ba87997	Phil Davis	if (!isset($ifcfg['enable'])) {
1202	74c834f1	smos	continue;
1203	9ba87997	Phil Davis	}
1204	74c834f1	smos
1205	9ba87997	Phil Davis	if (!empty($ifcfg['ipaddrv6']) && is_ipaddrv6($ifcfg['ipaddrv6'])) {
1206	1500614c	Ermal	continue;
1207	9ba87997	Phil Davis	}
1208	f040882c	Renato Botelho
1209	74c834f1	smos	$ctype = "";
1210	9ba87997	Phil Davis	switch ($ifcfg['ipaddrv6']) {
1211	c0b1bc81	smos	case "slaac":
1212	74c834f1	smos	case "dhcp6":
1213			case "6to4":
1214			case "6rd":
1215			$ctype = strtoupper($ifcfg['ipaddrv6']);
1216			break;
1217	daac437f	jim-p	default:
1218	bf36dafa	Renato Botelho	$tunnelif = substr($ifcfg['if'], 0, 3);
1219	6c07db48	Phil Davis	if (substr($ifcfg['if'], 0, 4) == "ovpn") {
1220	4f62b7c0	luckman212	switch (substr($ifcfg['if'], 4, 1)) {
1221			case "c":
1222			$ovpntype = "openvpn-client";
1223			break;
1224			case "s":
1225			$ovpntype = "openvpn-server";
1226			break;
1227			default:
1228			// unknown ovpn type
1229	05221142	jim-p	continue 3;
1230	4f62b7c0	luckman212	}
1231			$ovpnid = substr($ifcfg['if'], 5);
1232	0dbc2d6a	jim-p	foreach (config_get_path("openvpn/{$ovpntype}", []) as $ovpnconf) {
1233			if (empty($ovpnconf)) {
1234			continue;
1235			}
1236			if ($ovpnconf['vpnid'] == $ovpnid) {
1237			// skip IPv4-only interfaces
1238			if ($ovpnconf['create_gw'] == "v4only") {
1239			continue 3;
1240			}
1241			// skip tap interfaces
1242			if ($ovpnconf['dev_mode'] == "tap") {
1243			continue 3;
1244	687ff78c	Chris Buechler	}
1245			}
1246			}
1247	daac437f	jim-p	$ctype = "VPNv6";
1248	bd4c337c	jim-p	} elseif (substr($ifcfg['if'], 0, 5) == "ipsec") {
1249			$ikeid = substr($ifcfg['if'], 5);
1250	0dbc2d6a	jim-p	if (!empty(config_get_path('ipsec/phase1', [])) &&
1251			!empty(config_get_path('ipsec/phase2', []))) {
1252			foreach (config_get_path('ipsec/phase1', []) as $ph1ent) {
1253			if (empty($ph1ent) \|\| $ph1ent['disabled']) {
1254	bd4c337c	jim-p	continue;
1255			}
1256	aea2a0c3	jim-p	$vtisubnet_spec = ipsec_vti($ph1ent, true);
1257	bd4c337c	jim-p	// Skip non-VTI tunnels
1258	aea2a0c3	jim-p	if (!$vtisubnet_spec \|\| !is_array($vtisubnet_spec)) {
1259	bd4c337c	jim-p	continue;
1260			}
1261	aea2a0c3	jim-p	if (!isset($ph1ent['mobile']) && ($keyexchange == 'ikev1' \|\| isset($ph1ent['splitconn']))) {
1262			foreach ($vtisubnet_spec as $idx => $vtisub) {
1263	bec6dcfb	jim-p	if ($ifcfg['if'] == ipsec_get_ifname($ph1ent, $vtisub['reqid'])) {
1264	aea2a0c3	jim-p	// If this specific VTI remote is v6, then we can make a v6 gw
1265			if (is_ipaddrv6($vtisub['right'])) {
1266			$ctype = "VTIv6";
1267			}
1268			}
1269			}
1270			} else {
1271	bec6dcfb	jim-p	if ($ifcfg['if'] == ipsec_get_ifname($ph1ent)) {
1272	aea2a0c3	jim-p	// If any of the VTI remotes are v6, then we can make a v6 gw
1273			foreach ($vtisubnet_spec as $vtisub) {
1274			if (is_ipaddrv6($vtisub['right'])) {
1275			$ctype = "VTIv6";
1276			}
1277			}
1278	bd4c337c	jim-p	}
1279			}
1280			}
1281			if (empty($ctype)) {
1282			continue 2;
1283			}
1284			}
1285	9ba87997	Phil Davis	} else if ($tunnelif == "gif" \|\| $tunnelif == "gre") {
1286	c32a6b82	Ermal	$ctype = "TUNNELv6";
1287	9ba87997	Phil Davis	}
1288	daac437f	jim-p	break;
1289	74c834f1	smos	}
1290			$ctype = "_". strtoupper($ctype);
1291	c3a0d2a5	Seth Mos
1292			$gateway = array();
1293			$gateway['dynamic'] = false;
1294			$gateway['ipprotocol'] = "inet6";
1295			$gateway['gateway'] = get_interface_gateway_v6($ifname, $gateway['dynamic']);
1296	909de400	Ermal	$gateway['interface'] = get_real_interface($ifname, "inet6");
1297	9ba87997	Phil Davis	switch ($ifcfg['ipaddrv6']) {
1298	d500e296	smos	case "6rd":
1299	909de400	Ermal	case "6to4":
1300	d500e296	smos	$gateway['dynamic'] = "default";
1301			break;
1302			}
1303	c3a0d2a5	Seth Mos	$gateway['friendlyiface'] = $ifname;
1304	a2ec7b0a	Steve Beaver	$gateway['friendlyifdescr'] = convert_friendly_interface_to_friendly_descr($ifname);
1305	74c834f1	smos	$gateway['name'] = "{$friendly}{$ctype}";
1306	c3a0d2a5	Seth Mos	$gateway['attribute'] = "system";
1307	f040882c	Renato Botelho
1308	6c07db48	Phil Davis	if (($gateway['dynamic'] === "default") && ($found_defaultv6 == 0)) {
1309	43a9b03d	PiBa-NL	$gateway['isdefaultgw'] = true;
1310	c3a0d2a5	Seth Mos	$gateway['dynamic'] = true;
1311	74c834f1	smos	$found_defaultv6 = 1;
1312	c3a0d2a5	Seth Mos	}
1313
1314			/* Loopback dummy for dynamic interfaces without a IP */
1315	9ba87997	Phil Davis	if (!is_ipaddrv6($gateway['gateway']) && $gateway['dynamic'] == true) {
1316	d07bc322	Renato Botelho	$gateway['gateway'] = "dynamic";
1317	9ba87997	Phil Davis	}
1318	c3a0d2a5	Seth Mos
1319	8d848bdf	Phil Davis	/* automatically skip known static and dynamic gateways that were previously processed */
1320	9ba87997	Phil Davis	foreach ($gateways_arr_temp as $gateway_item) {
1321	c3a0d2a5	Seth Mos	if ((($ifname == $gateway_item['friendlyiface'] && $friendly == $gateway_item['name']) && ($gateway['ipprotocol'] == $gateway_item['ipprotocol'])) \|\|
1322	918bdf0d	Phil Davis	(($ifname == $gateway_item['friendlyiface'] && $gateway_item['dynamic'] == true) && ($gateway['ipprotocol'] == $gateway_item['ipprotocol']))) {
1323	9ba87997	Phil Davis	continue 2;
1324			}
1325	c3a0d2a5	Seth Mos	}
1326
1327	9ba87997	Phil Davis	if (is_ipaddrv6($gateway['gateway'])) {
1328	c3a0d2a5	Seth Mos	$gateway['monitor'] = $gateway['gateway'];
1329	9ba87997	Phil Davis	}
1330	c3a0d2a5	Seth Mos
1331	74c834f1	smos	$gateway['descr'] = "Interface {$friendly}{$ctype} Gateway";
1332	c3a0d2a5	Seth Mos	$gateways_arr[$gateway['name']] = $gateway;
1333	c66b4242	Seth Mos	}
1334	1500614c	Ermal	unset($gateway);
1335	6fdea6a2	smos
1336	08c3810c	Renato Botelho	/* FIXME: Should this be enabled.
1337			* Some interface like wan might be default but have no info recorded
1338			* the config. */
1339			/* this is a fallback if all else fails and we want to get packets out @smos */
1340			if ($found_defaultv4 == 0 \|\| $found_defaultv6 == 0) {
1341			foreach ($gateways_arr as &$gateway) {
1342			if (($gateway['friendlyiface'] == "wan") && ($found_defaultv4 == 0) && (!isset($gateway['ipprotocol']) \|\| ($gateway['ipprotocol'] == "inet"))) {
1343			if (file_exists("{$g['tmp_path']}/{$gateway['interface']}_defaultgw")) {
1344	43a9b03d	PiBa-NL	$gateway['isdefaultgw'] = true;
1345	08c3810c	Renato Botelho	$found_defaultv4 = 1;
1346			}
1347			}
1348	6704590b	Ermal	else if (($gateway['friendlyiface'] == "wan") && ($found_defaultv6 == 0) && ($gateway['ipprotocol'] == "inet6")) {
1349	08c3810c	Renato Botelho	if (file_exists("{$g['tmp_path']}/{$gateway['interface']}_defaultgwv6")) {
1350	43a9b03d	PiBa-NL	$gateway['isdefaultgw'] = true;
1351	08c3810c	Renato Botelho	$found_defaultv6 = 1;
1352			}
1353			}
1354			}
1355			}
1356
1357	9ba87997	Phil Davis	if ($localhost === true) {
1358	6fdea6a2	smos	/* attach localhost for Null routes */
1359			$gwlo4 = array();
1360			$gwlo4['name'] = "Null4";
1361			$gwlo4['interface'] = "lo0";
1362			$gwlo4['ipprotocol'] = "inet";
1363			$gwlo4['gateway'] = "127.0.0.1";
1364	e311cb79	PiBa-NL	$gwlo4['attribute'] = "system";
1365	6fdea6a2	smos	$gwlo6 = array();
1366			$gwlo6['name'] = "Null6";
1367			$gwlo6['interface'] = "lo0";
1368			$gwlo6['ipprotocol'] = "inet6";
1369			$gwlo6['gateway'] = "::1";
1370	e311cb79	PiBa-NL	$gwlo6['attribute'] = "system";
1371	6fdea6a2	smos	$gateways_arr['Null4'] = $gwlo4;
1372			$gateways_arr['Null6'] = $gwlo6;
1373			}
1374	161cd113	Phil Davis
1375	43a9b03d	PiBa-NL	if ($found_defaultv4 != 1 && is_ipaddr($cgw4)) {
1376			foreach($gateways_arr as &$gw) {
1377			if ($gw['gateway'] == $cgw4) {
1378			$gw['isdefaultgw'] = true;
1379			}
1380			}
1381			}
1382			if ($found_defaultv6 != 1 && is_ipaddr($cgw6)) {
1383			foreach($gateways_arr as &$gw) {
1384			if ($gw['gateway'] == $cgw6) {
1385			$gw['isdefaultgw'] = true;
1386			}
1387			}
1388			}
1389	2cff9cf0	Steve Beaver
1390			$gways = order_gateways_as_configured($gateways_arr);
1391
1392	32750350	Steve Beaver	// Add the tier names here so that system_gateways.php doesn't need to
1393	2cff9cf0	Steve Beaver	foreach ($gways as $idx => $gway) {
1394			$gways[$idx]['tiername'] = gateway_getgwtiername($gways, $idx);
1395			}
1396
1397			return $gways;
1398	c66b4242	Seth Mos	}
1399
1400	fd3515f2	jim-p	function fixup_default_gateway($ipprotocol, $gateways_status, $gateways_arr) {
1401			global $config, $g;
1402			/*
1403			* NOTE: The code below is meant to replace the default gateway when it goes down.
1404			* This facilitates services running on pfSense itself and are not handled by a PBR to continue working.
1405			*/
1406	e311cb79	PiBa-NL	$set_dfltgwname = '';
1407	1303150b	Stephen Jones
1408	43a9b03d	PiBa-NL	if ($ipprotocol == 'inet') {
1409	a25e9691	Reid Linnemann	$gwdefault = config_get_path('gateways/defaultgw4', "");
1410	43a9b03d	PiBa-NL	} else {
1411	a25e9691	Reid Linnemann	$gwdefault = config_get_path('gateways/defaultgw6', "");
1412	43a9b03d	PiBa-NL	}
1413	de739376	Viktor G	/* do not delete dynamic (frr/bgp/ospf) route
1414			* see https://redmine.pfsense.org/issues/12536 */
1415	e311cb79	PiBa-NL	if ($gwdefault == "-") {
1416	f016f149	Marcos Mendoza	if (!is_dynamic_route('default', $ipprotocol)) {
1417	e79a872f	Christian McDonald	route_del('default', $ipprotocol);
1418	de739376	Viktor G	}
1419	e311cb79	PiBa-NL	return;
1420			}
1421	96b15e44	PiBa-NL	if (isset($gateways_arr[$gwdefault])) {
1422	43a9b03d	PiBa-NL	// the configured gateway is a regular one. (not a gwgroup) use it as is..
1423	e311cb79	PiBa-NL	$set_dfltgwname = $gwdefault;
1424			} elseif (empty($gwdefault)) {
1425			// 'automatic' mode, pick the first one thats 'up' or 'unmonitored' which is always considered up
1426			$gateways_arr = order_gateways_as_configured($gateways_arr);
1427	742cc9ae	PiBa-NL	$fallback = "";
1428	e311cb79	PiBa-NL	foreach($gateways_arr as $gwname => $gwsttng) {
1429	aa159178	Viktor G	if (($gwsttng['ipprotocol'] != $ipprotocol) \|\| isset($gwsttng['force_down'])) {
1430	e311cb79	PiBa-NL	continue;
1431			}
1432	ded59fb6	Kapmeister
1433	f511939a	Viktor G	if (isset($gwsttng['monitor_disable']) \|\| isset($gwsttng['action_disable']) \|\|
1434			($gateways_status[$gwname]['status'] == "online")) {
1435	e311cb79	PiBa-NL	$set_dfltgwname = $gwname;
1436			break;
1437			}
1438	742cc9ae	PiBa-NL	if (empty($fallback) && $gwsttng['interface'] != 'lo0') {
1439			$fallback = $gwname;
1440			}
1441			}
1442	aa159178	Viktor G	if (empty($set_dfltgwname) && !empty($fallback)) {
1443	742cc9ae	PiBa-NL	log_error(sprintf("Gateway, none 'available' for %s, use the first one configured. '%s'", $ipprotocol, $fallback));
1444			$set_dfltgwname = $fallback;
1445	aa159178	Viktor G	} else {
1446			log_error("Gateway, NONE AVAILABLE");
1447	e311cb79	PiBa-NL	}
1448	43a9b03d	PiBa-NL	} else {
1449	e311cb79	PiBa-NL	// a gwgroup is selected
1450	43a9b03d	PiBa-NL	// find the best available gateway given options available..
1451	e311cb79	PiBa-NL	$gwg_members = array();
1452			$viplist = get_configured_vip_list();
1453			if (is_array($config['gateways']['gateway_group'])) {
1454	ac0a027f	Christian McDonald	foreach (config_get_path('gateways/gateway_group', []) as $group) {
1455	e311cb79	PiBa-NL	if ($group['name'] == $gwdefault) {
1456			// finds the gw members of the best available tier for this group.
1457			$gwg_members = get_gwgroup_members_inner($group, $gateways_status, $gateways_arr, $viplist);
1458	43a9b03d	PiBa-NL	}
1459			}
1460			}
1461	e311cb79	PiBa-NL
1462			if (count($gwg_members) > 0) {
1463	c428cdf4	Renato Botelho do Couto	$currentdefaultgwip = route_get_default($ipprotocol);
1464	e311cb79	PiBa-NL	$found_current = false;
1465			foreach($gwg_members as $gwgroupitem) {
1466	380e3c85	jim-p	if (!empty($currentdefaultgwip) &&
1467			is_array($gwgroupitem) &&
1468			($gwgroupitem['gwip'] == $currentdefaultgwip)) {
1469	e311cb79	PiBa-NL	$set_dfltgwname = $gwgroupitem['gw'];
1470			$found_current = true;
1471	f406f896	luckman212	if (isset($config['system']['gw-debug'])) {
1472			log_error("Keep current gateway, its already part of the group members.");
1473			}
1474	43a9b03d	PiBa-NL	break;
1475			}
1476			}
1477	e311cb79	PiBa-NL	if (!$found_current) {
1478			$set_dfltgwname = $gwg_members[0]['gw'];
1479			log_error(sprintf("Gateway, switch to: %s", $set_dfltgwname));
1480	9ba87997	Phil Davis	}
1481	e311cb79	PiBa-NL	} else {
1482			log_error("Gateway, NONE AVAILABLE");
1483	fd3515f2	jim-p	}
1484	43a9b03d	PiBa-NL	}
1485	e311cb79	PiBa-NL	if (!empty($set_dfltgwname) && isset($gateways_arr[$set_dfltgwname])) {
1486			setdefaultgateway($gateways_arr[$set_dfltgwname]);
1487	aa159178	Viktor G	} elseif (empty($set_dfltgwname)) {
1488	e79a872f	Christian McDonald	route_del('default', $ipprotocol);
1489	43a9b03d	PiBa-NL	}
1490			}
1491
1492			function setdefaultgateway($gw) {
1493	e311cb79	PiBa-NL	global $g, $config;
1494	fecb8603	jim-p	if (isset($config['system']['route-debug'])) {
1495			file_put_contents("/dev/console", "\n[".getmypid()."] SET DEF GW: {$gw['name']}");
1496			}
1497	43a9b03d	PiBa-NL	$ipprotocol = $gw['ipprotocol'];
1498			if ($gw['gateway'] == "dynamic") {
1499			if ($ipprotocol == 'inet') {
1500			$gw['gateway'] = get_interface_gateway($gw['friendlyiface']);
1501			} else {
1502			$gw['gateway'] = get_interface_gateway_v6($$gw['friendlyiface']);
1503	9ba87997	Phil Davis	}
1504	43a9b03d	PiBa-NL	}
1505			if ($ipprotocol == 'inet6' && !is_ipaddrv6($gw['gateway'])) {
1506			return;
1507			}
1508			if ($ipprotocol == 'inet' && !is_ipaddrv4($gw['gateway'])) {
1509			return;
1510			}
1511			if ($ipprotocol == 'inet6') {
1512			if (is_linklocal($gw['gateway']) && get_ll_scope($gw['gateway']) == '') {
1513			$gw['gateway'] .= "%" . $gw['interface'];
1514	9ba87997	Phil Davis	}
1515	fd3515f2	jim-p	}
1516	c428cdf4	Renato Botelho do Couto	$currentdefaultgwip = route_get_default($ipprotocol);
1517	43a9b03d	PiBa-NL	if ($currentdefaultgwip != $gw['gateway']) {
1518			log_error("Default gateway setting {$gw['descr']} as default.");
1519	35298a2f	Steve Beaver
1520	43a9b03d	PiBa-NL	if ($ipprotocol == 'inet') {
1521	583062bf	Viktor G	$inet = '';
1522	43a9b03d	PiBa-NL	} else {
1523	583062bf	Viktor G	$inet = 'v6';
1524	43a9b03d	PiBa-NL	}
1525	83cec26e	Marcos Mendoza	unlink_if_exists("{$g['tmp_path']}/*_defaultgw{$inet}");
1526	43a9b03d	PiBa-NL	$defaultif = get_real_interface($gw['interface']);
1527			if ($defaultif) {
1528	583062bf	Viktor G	@file_put_contents("{$g['tmp_path']}/{$defaultif}_defaultgw{$inet}", $gw['gateway']);
1529	9ba87997	Phil Davis	}
1530	35298a2f	Steve Beaver
1531	43a9b03d	PiBa-NL	if (isset($gw["nonlocalgateway"])) {
1532			if (is_ipaddr($gw['gateway']) && !empty($gw['interface'])) {
1533	c428cdf4	Renato Botelho do Couto	route_add_or_change($gw['gateway'], '',
1534			$gw['interface']);
1535	43a9b03d	PiBa-NL	}
1536			}
1537	fecb8603	jim-p	if (isset($config['system']['route-debug'])) {
1538			file_put_contents("/dev/console", "\n[".getmypid()."] SET DEF GW: {$gw['name']} ({$gw['gateway']})");
1539			}
1540	c428cdf4	Renato Botelho do Couto	route_add_or_change("default", $gw['gateway'], '', '',
1541			$ipprotocol);
1542	43a9b03d	PiBa-NL	return true;
1543	fd3515f2	jim-p	}
1544	43a9b03d	PiBa-NL	}
1545
1546			function get_gwgroup_members_inner($group, $gateways_status, $gateways_arr, $viplist){
1547			$result = array();
1548			/* create array with group gateways members separated by tier */
1549			$tiers = array();
1550			$backupplan = array();
1551			$gwvip_arr = array();
1552			foreach ($group['item'] as $item) {
1553			list($gwname, $tier, $vipname) = explode("\|", $item);
1554
1555			if (is_ipaddr($viplist[$vipname])) {
1556			if (!is_array($gwvip_arr[$group['name']])) {
1557			$gwvip_arr[$group['name']] = array();
1558			}
1559			$gwvip_arr[$group['name']][$gwname] = $vipname;
1560			}
1561
1562			/* Do it here rather than reiterating again the group in case no member is up. */
1563			if (!is_array($backupplan[$tier])) {
1564			$backupplan[$tier] = array();
1565			}
1566			$backupplan[$tier][] = $gwname;
1567
1568			/* check if the gateway is available before adding it to the array */
1569			if (is_array($gateways_status[$gwname])) {
1570			$status = $gateways_status[$gwname];
1571			$gwdown = false;
1572			if (stristr($status['status'], "down")) {
1573			$gwdown = true;
1574	04a72a97	vsquared56	switch ($status['substatus']) {
1575			case "highloss":
1576			$msg = sprintf(gettext('MONITOR: %1$s has packet loss, omitting from routing group %2$s'), $gwname, $group['name']);
1577			break;
1578			case "highdelay":
1579			$msg = sprintf(gettext('MONITOR: %1$s has high latency, omitting from routing group %2$s'), $gwname, $group['name']);
1580			break;
1581			default:
1582			$msg = sprintf(gettext('MONITOR: %1$s is down, omitting from routing group %2$s'), $gwname, $group['name']);
1583			}
1584	a9fc44f0	Renato Botelho do Couto	}
1585	43a9b03d	PiBa-NL	$statuschanged = false;
1586			$pluginparams = array();
1587			$pluginparams['type'] = 'gateway';
1588	b5e93be6	Stephen Jones	$pluginparams['name'] = $gwname;
1589	43a9b03d	PiBa-NL	if ($gwdown == true) {
1590			if (!file_exists("/tmp/.down.{$gwname}")) {
1591	83794361	jim-p	@touch("/tmp/.down.{$gwname}");
1592	43a9b03d	PiBa-NL	$msg .= "\n".implode("\|", $status);
1593			$pluginparams['event'] = 'gateway.down';
1594			$statuschanged = true;
1595	ea940381	Chris Buechler	}
1596	fd3515f2	jim-p	} else {
1597	43a9b03d	PiBa-NL	/* Online add member */
1598			if (!is_array($tiers[$tier])) {
1599			$tiers[$tier] = array();
1600			}
1601			$tiers[$tier][] = $gwname;
1602			if (unlink_if_exists("/tmp/.down.{$gwname}")) {
1603	094db492	vsquared56	$msg = sprintf(gettext('MONITOR: %1$s is available now, adding to routing group %2$s'), $gwname, $group['name']);
1604	43a9b03d	PiBa-NL	$msg .= "\n".implode("\|", $status);
1605			$pluginparams['event'] = 'gateway.up';
1606			$statuschanged = true;
1607			}
1608	fd3515f2	jim-p	}
1609	43a9b03d	PiBa-NL	if ($statuschanged) {
1610			log_error($msg);
1611	ded59fb6	Kapmeister	notify_all_remote($msg);
1612	43a9b03d	PiBa-NL	if (isset($gateways_arr[$gwname]['interface'])) {
1613			$pluginparams['interface'] = $gateways_arr[$gwname]['interface'];
1614			}
1615			pkg_call_plugins('plugin_gateway', $pluginparams);
1616	ea940381	Chris Buechler	}
1617	43a9b03d	PiBa-NL	} else if (isset($gateways_arr[$gwname]['monitor_disable']) \|\| isset($gateways_arr[$gwname]['action_disable'])) {
1618			$tiers[$tier][] = $gwname;
1619			}
1620			}
1621			$tiers_count = count($tiers);
1622			if ($tiers_count == 0) {
1623			/* Oh dear, we have no members! Engage Plan B */
1624	b974f79a	luckman212	if (isset($config['system']['gw-debug']) && (!platform_booting())) {
1625	43a9b03d	PiBa-NL	$msg = sprintf(gettext('Gateways status could not be determined, considering all as up/active. (Group: %s)'), $group['name']);
1626			log_error($msg);
1627			}
1628			$tiers = $backupplan;
1629			}
1630			/* sort the tiers array by the tier key */
1631			ksort($tiers);
1632
1633			/* we do not really foreach the tiers as we stop after the first tier */
1634			foreach ($tiers as $tieridx => $tier) {
1635			/* process all gateways in this tier */
1636			foreach ($tier as $member) {
1637			/* determine interface gateway */
1638			if (isset($gateways_arr[$member])) {
1639			$gateway = $gateways_arr[$member];
1640			$int = $gateway['interface'];
1641			$gatewayip = "";
1642			if (is_ipaddr($gateway['gateway'])) {
1643			$gatewayip = $gateway['gateway'];
1644	90f21a78	Viktor G	} elseif (!empty($int)) {
1645			if ($gateway['ipprotocol'] == 'inet') {
1646			$gatewayip = get_interface_gateway($gateway['friendlyiface']);
1647			} else {
1648			$gatewayip = get_interface_gateway_v6($gateway['friendlyiface']);
1649			}
1650	43a9b03d	PiBa-NL	}
1651
1652			if (!empty($int)) {
1653			$result['ipprotocol'] = $gateway['ipprotocol'];
1654			if (is_ipaddr($gatewayip)) {
1655			$groupmember = array();
1656			$groupmember['gw'] = $member;
1657			$groupmember['int'] = $int;
1658			$groupmember['gwip'] = $gatewayip;
1659	671fd0d1	Loren McQuade	/* set correct linklocal gateway address,
1660			* see https://redmine.pfsense.org/issues/12721 */
1661			if (is_ipaddrv6($gatewayip) && is_linklocal($gatewayip) && empty(get_ll_scope($gatewayip))) {
1662			$groupmember['gwip'] .= '%' . $int;
1663	1e7b9b4a	Loren McQuade	}
1664	43a9b03d	PiBa-NL	$groupmember['weight'] = isset($gateway['weight']) ? $gateway['weight'] : 1;
1665			if (is_array($gwvip_arr[$group['name']]) && !empty($gwvip_arr[$group['name']][$member])) {
1666			$groupmember['vip'] = $gwvip_arr[$group['name']][$member];
1667			}
1668			$result[] = $groupmember;
1669			}
1670			}
1671	ea940381	Chris Buechler	}
1672			}
1673	43a9b03d	PiBa-NL	/* we should have the 1st available tier now, exit stage left */
1674			if (count($result) > 0) {
1675			break;
1676			} else {
1677			log_error(sprintf(gettext('GATEWAYS: Group %1$s did not have any gateways up on tier %2$s!'), $group['name'], $tieridx));
1678	9ba87997	Phil Davis	}
1679	fd3515f2	jim-p	}
1680	43a9b03d	PiBa-NL	// Add description field last to not influence the count() above
1681			$result['descr'] = $group['descr'];
1682			return $result;
1683			}
1684
1685			function get_gwgroup_members($groupname) {
1686			global $config;
1687			$gateways_status = return_gateways_status(true);
1688	4bbbcc36	Marcos Mendoza	$gateways_arr = get_gateways();
1689	43a9b03d	PiBa-NL	$viplist = get_configured_vip_list();
1690	ac0a027f	Christian McDonald	foreach (config_get_path('gateways/gateway_group', []) as $group) {
1691	43a9b03d	PiBa-NL	if ($group['name'] == $groupname) {
1692			return get_gwgroup_members_inner($group, $gateways_status, $gateways_arr, $viplist);
1693			}
1694			}
1695			return array();
1696	fd3515f2	jim-p	}
1697
1698	3d471a14	Ermal	/*
1699			* Return an array with all gateway groups with name as key
1700	fd8eeda5	Seth Mos	* All gateway groups will be processed before returning the array.
1701	3d471a14	Ermal	*/
1702	4bbbcc36	Marcos Mendoza	function return_gateway_groups_array($fixup = false) {
1703	43a9b03d	PiBa-NL	global $config;
1704	fd8eeda5	Seth Mos
1705			/* fetch the current gateways status */
1706	4bbbcc36	Marcos Mendoza	$gateways_status = return_gateways_status(true);
1707			$gateways_arr = get_gateways();
1708	fd8eeda5	Seth Mos	$gateway_groups_array = array();
1709	43a9b03d	PiBa-NL	if ($fixup == true) {
1710	4bbbcc36	Marcos Mendoza	$gw4 = lookup_gateway_or_group_by_name(config_get_path('gateways/defaultgw4', ""));
1711			$gw6 = lookup_gateway_or_group_by_name(config_get_path('gateways/defaultgw6', ""));
1712	43a9b03d	PiBa-NL	if ($gw4 && $gw4['type'] == 'gatewaygroup') {
1713			fixup_default_gateway("inet", $gateways_status, $gateways_arr);
1714			}
1715			if ($gw6 && $gw6['type'] == 'gatewaygroup') {
1716			fixup_default_gateway("inet6", $gateways_status, $gateways_arr);
1717			}
1718	ee7f1647	Ermal	}
1719	dbc1b8ee	jim-p	init_config_arr(array('gateways', 'gateway_group'));
1720			if (!empty($config['gateways']['gateway_group'])) {
1721	2a5960b0	Luiz Otavio O Souza	$viplist = get_configured_vip_list();
1722	ac0a027f	Christian McDonald	foreach (config_get_path('gateways/gateway_group', []) as $group) {
1723	43a9b03d	PiBa-NL	$gateway_groups_array[$group['name']] = get_gwgroup_members_inner($group, $gateways_status, $gateways_arr, $viplist);
1724	fd8eeda5	Seth Mos	}
1725			}
1726	1500614c	Ermal
1727	fe22a89b	Ermal	return ($gateway_groups_array);
1728	fd8eeda5	Seth Mos	}
1729
1730	2468ae76	Scott Ullrich	/* Update DHCP WAN Interface ip address in gateway group item */
1731			function dhclient_update_gateway_groups_defaultroute($interface = "wan") {
1732	6ae5d9cb	Renato Botelho	global $config;
1733
1734			if (is_array($config['gateways']['gateway_item'])) {
1735	ac0a027f	Christian McDonald	$gwlist = config_get_path('gateways/gateway_item', []);
1736			foreach ($gwlist as & $gw) {
1737	6ae5d9cb	Renato Botelho	if ($gw['interface'] != $interface) {
1738			continue;
1739			}
1740
1741	2468ae76	Scott Ullrich	$current_gw = get_interface_gateway($interface);
1742	9ba87997	Phil Davis	if ($gw['gateway'] <> $current_gw) {
1743	2468ae76	Scott Ullrich	$gw['gateway'] = $current_gw;
1744			$changed = true;
1745			}
1746			}
1747	ac0a027f	Christian McDonald	config_set_path('gateways/gateway_item', $gwlist);
1748	2468ae76	Scott Ullrich	}
1749	6ae5d9cb	Renato Botelho
1750	9ba87997	Phil Davis	if ($changed && $current_gw) {
1751	6ae5d9cb	Renato Botelho	write_config(sprintf(gettext(
1752			'Updating gateway group gateway for %1$s - new gateway is %2$s'),
1753			$interface, $current_gw));
1754	9ba87997	Phil Davis	}
1755	2468ae76	Scott Ullrich	}
1756	fd8eeda5	Seth Mos
1757	4bbbcc36	Marcos Mendoza	function lookup_gateway_or_group_by_name($gwname) {
1758	43a9b03d	PiBa-NL	global $config;
1759	1303150b	Stephen Jones
1760	4bbbcc36	Marcos Mendoza	$gateways_arr = get_gateways(GW_CACHE_ALL);
1761	1cf01478	Steve Beaver
1762	092abdb6	PiBa-NL	foreach ($gateways_arr as $gw) {
1763			if ($gw['name'] == $gwname) {
1764			$gw['type'] = 'gateway';
1765			return $gw;
1766	43a9b03d	PiBa-NL	}
1767			}
1768	6ae5d9cb	Renato Botelho
1769	dbc1b8ee	jim-p	init_config_arr(array('gateways', 'gateway_group'));
1770	ac0a027f	Christian McDonald	foreach (config_get_path('gateways/gateway_group', []) as $gwg) {
1771	dbc1b8ee	jim-p	if ($gwg['name'] == $gwname) {
1772			$gwg['type'] = 'gatewaygroup';
1773			return $gwg;
1774	43a9b03d	PiBa-NL	}
1775			}
1776	6ae5d9cb	Renato Botelho
1777	43a9b03d	PiBa-NL	return false;
1778			}
1779
1780	028ff8f8	Phil Davis	function lookup_gateway_ip_by_name($name, $disabled = false) {
1781	fe22a89b	Ermal
1782	4bbbcc36	Marcos Mendoza	$gateways_arr = get_gateways(($disabled ? GW_CACHE_DISABLED : 0) \| GW_CACHE_LOCALHOST);
1783	f040882c	Renato Botelho	foreach ($gateways_arr as $gname => $gw) {
1784	9ba87997	Phil Davis	if ($gw['name'] === $name \|\| $gname === $name) {
1785	f040882c	Renato Botelho	return $gw['gateway'];
1786	9ba87997	Phil Davis	}
1787	f040882c	Renato Botelho	}
1788	66a96e72	Ermal
1789			return false;
1790	6dc3a5c2	Ermal Lu?i	}
1791
1792			function lookup_gateway_monitor_ip_by_name($name) {
1793	fe22a89b	Ermal
1794	4bbbcc36	Marcos Mendoza	$gateways_arr = get_gateways(GW_CACHE_LOCALHOST);
1795	fe22a89b	Ermal	if (!empty($gateways_arr[$name])) {
1796			$gateway = $gateways_arr[$name];
1797	9ba87997	Phil Davis	if (!is_ipaddr($gateway['monitor'])) {
1798	68f291ff	Ermal	return $gateway['gateway'];
1799	9ba87997	Phil Davis	}
1800	6dc3a5c2	Ermal Lu?i
1801	9fd19334	gnhb	return $gateway['monitor'];
1802	f040882c	Renato Botelho	}
1803	fe22a89b	Ermal
1804	f040882c	Renato Botelho	return (false);
1805	6dc3a5c2	Ermal Lu?i	}
1806
1807			function lookup_gateway_interface_by_name($name) {
1808
1809	4bbbcc36	Marcos Mendoza	$gateways_arr = get_gateways(GW_CACHE_LOCALHOST);
1810	fe22a89b	Ermal	if (!empty($gateways_arr[$name])) {
1811	be2a18bf	Phil Davis	$interfacegw = $gateways_arr[$name]['friendlyiface'];
1812	fe22a89b	Ermal	return ($interfacegw);
1813	f040882c	Renato Botelho	}
1814	fe22a89b	Ermal
1815	f040882c	Renato Botelho	return (false);
1816	6dc3a5c2	Ermal Lu?i	}
1817
1818	3290c9e6	PiBa-NL	function get_root_interface($interface) {
1819	9ba87997	Phil Davis	if (substr($interface, 0, 4) == '_vip') {
1820	2a5960b0	Luiz Otavio O Souza	$interface = get_configured_vip_interface($interface);
1821	d9901ff4	Chris Buechler	if (substr($interface, 0, 4) == '_vip') {
1822	2a5960b0	Luiz Otavio O Souza	$interface = get_configured_vip_interface($interface);
1823	d9901ff4	Chris Buechler	}
1824	9ba87997	Phil Davis	}
1825	3290c9e6	PiBa-NL	return $interface;
1826			}
1827
1828			function get_interface_gateway($interface, &$dynamic = false) {
1829			global $config, $g;
1830	ded59fb6	Kapmeister
1831	3290c9e6	PiBa-NL	$interface = get_root_interface($interface);
1832	6dc3a5c2	Ermal Lu?i
1833	89f171b0	Ermal LUÇI	$gw = NULL;
1834	829322b3	Christian McDonald	$gwcfg = config_get_path("interfaces/{$interface}");
1835	5a5413bb	Seth Mos	if (!empty($gwcfg['gateway']) && is_array($config['gateways']['gateway_item'])) {
1836	ac0a027f	Christian McDonald	foreach (config_get_path('gateways/gateway_item', []) as $gateway) {
1837	9ba87997	Phil Davis	if (($gateway['name'] == $gwcfg['gateway']) && (is_ipaddrv4($gateway['gateway']))) {
1838	5a5413bb	Seth Mos	$gw = $gateway['gateway'];
1839	66a96e72	Ermal	break;
1840			}
1841	5a5413bb	Seth Mos	}
1842	66a96e72	Ermal	}
1843	6dc3a5c2	Ermal Lu?i
1844	5a5413bb	Seth Mos	// for dynamic interfaces we handle them through the $interface_router file.
1845	d3c269d3	Ermal	if (($gw == NULL \|\| !is_ipaddrv4($gw)) && !is_ipaddrv4($gwcfg['ipaddr'])) {
1846	5a5413bb	Seth Mos	$realif = get_real_interface($interface);
1847			if (file_exists("{$g['tmp_path']}/{$realif}_router")) {
1848	b505e3ae	jim-p	$gw = trim(@file_get_contents("{$g['tmp_path']}/{$realif}_router"), " \n");
1849	5a5413bb	Seth Mos	$dynamic = true;
1850			}
1851	9ba87997	Phil Davis	if (file_exists("{$g['tmp_path']}/{$realif}_defaultgw")) {
1852	5a5413bb	Seth Mos	$dynamic = "default";
1853	9ba87997	Phil Davis	}
1854	f040882c	Renato Botelho
1855	5a5413bb	Seth Mos	}
1856
1857			/* return gateway */
1858			return ($gw);
1859			}
1860
1861	719da3ee	jim-p	function get_interface_gateway_last($interface, $family = 'inet') {
1862			global $config, $g;
1863			$interface = get_root_interface($interface);
1864			$realif = get_real_interface($interface);
1865			$suffix = ($family == 'inet6') ? 'v6' : '';
1866			if (file_exists("{$g['tmp_path']}/{$realif}_router{$suffix}.last")) {
1867			return trim(@file_get_contents("{$g['tmp_path']}/{$realif}_router{$suffix}.last"), " \n");
1868			}
1869			return '';
1870			}
1871
1872	5a5413bb	Seth Mos	function get_interface_gateway_v6($interface, &$dynamic = false) {
1873			global $config, $g;
1874	6dc3a5c2	Ermal Lu?i
1875	3290c9e6	PiBa-NL	$interface = get_root_interface($interface);
1876	89f171b0	Ermal LUÇI
1877	5a5413bb	Seth Mos	$gw = NULL;
1878	829322b3	Christian McDonald	$gwcfg = config_get_path("interfaces/{$interface}");
1879	ed5c640d	Seth Mos	if (!empty($gwcfg['gatewayv6']) && is_array($config['gateways']['gateway_item'])) {
1880	ac0a027f	Christian McDonald	foreach (config_get_path('gateways/gateway_item', []) as $gateway) {
1881	9ba87997	Phil Davis	if (($gateway['name'] == $gwcfg['gatewayv6']) && (is_ipaddrv6($gateway['gateway']))) {
1882	5a5413bb	Seth Mos	$gw = $gateway['gateway'];
1883			break;
1884			}
1885			}
1886			}
1887
1888			// for dynamic interfaces we handle them through the $interface_router file.
1889	d3c269d3	Ermal	if (($gw == NULL \|\| !is_ipaddrv6($gw)) && !is_ipaddrv6($gwcfg['ipaddrv6'])) {
1890	9ba87997	Phil Davis	$realif = get_real_interface($interface);
1891			if (file_exists("{$g['tmp_path']}/{$realif}_routerv6")) {
1892			$gw = trim(file_get_contents("{$g['tmp_path']}/{$realif}_routerv6"), " \n");
1893			$dynamic = true;
1894			}
1895			if (file_exists("{$g['tmp_path']}/{$realif}_defaultgwv6")) {
1896			$dynamic = "default";
1897			}
1898	5a5413bb	Seth Mos	}
1899			/* return gateway */
1900			return ($gw);
1901	6dc3a5c2	Ermal Lu?i	}
1902
1903	318189b6	smos	/* Check a IP address against a gateway IP or name
1904			* to verify it's address family */
1905	028ff8f8	Phil Davis	function validate_address_family($ipaddr, $gwname, $disabled = false) {
1906	318189b6	smos	$v4ip = false;
1907			$v6ip = false;
1908			$v4gw = false;
1909			$v6gw = false;
1910
1911	9ba87997	Phil Davis	if (is_ipaddrv4($ipaddr)) {
1912	318189b6	smos	$v4ip = true;
1913	9ba87997	Phil Davis	}
1914			if (is_ipaddrv6($ipaddr)) {
1915	318189b6	smos	$v6ip = true;
1916	9ba87997	Phil Davis	}
1917			if (is_ipaddrv4($gwname)) {
1918	318189b6	smos	$v4gw = true;
1919	9ba87997	Phil Davis	}
1920			if (is_ipaddrv6($gwname)) {
1921	318189b6	smos	$v6gw = true;
1922	9ba87997	Phil Davis	}
1923	318189b6	smos
1924	9ba87997	Phil Davis	if ($v4ip && $v4gw) {
1925	318189b6	smos	return true;
1926	9ba87997	Phil Davis	}
1927			if ($v6ip && $v6gw) {
1928	318189b6	smos	return true;
1929	9ba87997	Phil Davis	}
1930	318189b6	smos
1931			/* still no match, carry on, lookup gateways */
1932	028ff8f8	Phil Davis	if (is_ipaddrv4(lookup_gateway_ip_by_name($gwname, $disabled))) {
1933	318189b6	smos	$v4gw = true;
1934	9ba87997	Phil Davis	}
1935	028ff8f8	Phil Davis	if (is_ipaddrv6(lookup_gateway_ip_by_name($gwname, $disabled))) {
1936	318189b6	smos	$v6gw = true;
1937	9ba87997	Phil Davis	}
1938	96cd928b	smos
1939	e9c88ff2	jim-p	/* Check gateways including disabled gateways and gateways for disabled
1940			* interfaces.
1941			* https://redmine.pfsense.org/issues/8846
1942			*/
1943	4bbbcc36	Marcos Mendoza	$gw_array = get_gateways(GW_CACHE_DISABLED \| GW_CACHE_INACTIVE);
1944	9ba87997	Phil Davis	if (is_array($gw_array[$gwname])) {
1945			switch ($gw_array[$gwname]['ipprotocol']) {
1946	96cd928b	smos	case "inet":
1947			$v4gw = true;
1948			break;
1949			case "inet6":
1950			$v6gw = true;
1951			break;
1952			}
1953	748ff86f	Seth Mos	}
1954	318189b6	smos
1955	9ba87997	Phil Davis	if ($v4ip && $v4gw) {
1956	318189b6	smos	return true;
1957	9ba87997	Phil Davis	}
1958			if ($v6ip && $v6gw) {
1959	318189b6	smos	return true;
1960	9ba87997	Phil Davis	}
1961	f040882c	Renato Botelho
1962	318189b6	smos	return false;
1963			}
1964
1965	cdb0df65	smos	/* check if a interface is part of a gateway group */
1966	3b41c8f3	Pulcov	function interface_gateway_group_member($interface, $gwgroup_name = "") {
1967	cdb0df65	smos	global $config;
1968	c447a9fe	Ermal
1969	9ba87997	Phil Davis	if (is_array($config['gateways']['gateway_group'])) {
1970	1e45d13f	Christian McDonald	$groups = config_get_path('gateways/gateway_group');
1971	9ba87997	Phil Davis	} else {
1972	cdb0df65	smos	return false;
1973	9ba87997	Phil Davis	}
1974	cdb0df65	smos
1975	4bbbcc36	Marcos Mendoza	$gateways_arr = get_gateways(GW_CACHE_LOCALHOST);
1976	9ba87997	Phil Davis	foreach ($groups as $group) {
1977			if (is_array($group['item'])) {
1978			foreach ($group['item'] as $item) {
1979	cdb0df65	smos	$elements = explode("\|", $item);
1980			$gwname = $elements[0];
1981	3b41c8f3	Pulcov	if ($interface == $gateways_arr[$gwname]['interface'] &&
1982			(empty($gwgroup_name) \|\| $gwgroup_name == $group['name'])) {
1983	c447a9fe	Ermal	unset($gateways_arr);
1984	017817c2	smos	return true;
1985	c447a9fe	Ermal	}
1986	cdb0df65	smos	}
1987			}
1988			}
1989	c447a9fe	Ermal	unset($gateways_arr);
1990
1991	cdb0df65	smos	return false;
1992			}
1993	318189b6	smos
1994	43a9b03d	PiBa-NL	function gateway_is_gwgroup_member($name, $detail=false) {
1995	58b1112f	Ermal	global $config;
1996
1997	9ba87997	Phil Davis	if (is_array($config['gateways']['gateway_group'])) {
1998	1e45d13f	Christian McDonald	$groups = config_get_path('gateways/gateway_group');
1999	9ba87997	Phil Davis	} else {
2000	58b1112f	Ermal	return false;
2001	9ba87997	Phil Davis	}
2002	58b1112f	Ermal
2003			$members = array();
2004	9ba87997	Phil Davis	foreach ($groups as $group) {
2005	58b1112f	Ermal	if (is_array($group['item'])) {
2006	9ba87997	Phil Davis	foreach ($group['item'] as $item) {
2007	43a9b03d	PiBa-NL	list($gwname, $tier, $vipname) = explode("\|", $item);
2008			if ($name == $gwname) {
2009			if ($detail) {
2010			$newitem = array();
2011			$newitem['name'] = $group['name'];
2012			$newitem['tier'] = $tier;
2013			$newitem['vipname'] = $vipname;
2014			$members[] = $newitem;
2015			} else {
2016			$members[] = $group['name'];
2017			}
2018	9ba87997	Phil Davis	}
2019	58b1112f	Ermal	}
2020			}
2021			}
2022
2023			return $members;
2024			}
2025	f1bb5c7f	Phil Davis	/*
2026			Check the proposed gateway settings to see if they are valid.
2027			$gateway_settings - the proposed array of proposed gateway settings
2028			$id - the index of the gateway proposed to be modified (otherwise "" if adding a new gateway)
2029			$parent_ip - the IP (v4 or v6) address about to be set on the corresponding interface (if any)
2030			$parent_sn - the subnet about to be set on the corresponding interface (if any)
2031			(Note: the above 2 parameters allow gateway parameters to be validated concurrently with saving
2032			an interface, before the new interface parameters are actually saved in the config.)
2033			Return completed $input_errors array if there is any problem.
2034			Otherwise return an empty $input_errors array
2035			*/
2036	221fc6d2	Marcos Mendoza	function validate_gateway($gateway_settings, $id = "", $parent_ip = "", $parent_sn = "", $json = false) {
2037			if ($json) {
2038			$gateway_settings = json_decode($gateway_settings, true);
2039			}
2040	c5d0d75d	Jim Pingle	global $config, $gateway_state_kill_modes;
2041	161cd113	Phil Davis
2042	17e64d8d	Marcos Mendoza	refresh_gateways(); // make sure we're validating against a current gateway list
2043	4bbbcc36	Marcos Mendoza	$a_gateways = get_gateways(GW_CACHE_INDEXED);
2044	161cd113	Phil Davis	$input_errors = array();
2045
2046			/* input validation */
2047			$reqdfields = explode(" ", "name interface");
2048			$reqdfieldsn = array(gettext("Name"), gettext("Interface"));
2049
2050			do_input_validation($gateway_settings, $reqdfields, $reqdfieldsn, $input_errors);
2051
2052			if (!isset($gateway_settings['name'])) {
2053			$input_errors[] = "A valid gateway name must be specified.";
2054			}
2055			if (!is_validaliasname($gateway_settings['name'])) {
2056			$input_errors[] = invalidaliasnamemsg($gateway_settings['name'], gettext("gateway"));
2057			} else if (isset($gateway_settings['disabled'])) {
2058			// We have a valid gateway name that the user wants to mark as disabled.
2059			// Check if the gateway name is used in any gateway group.
2060	9178a649	R. Christian McDonald	foreach (config_get_path('gateways/gateway_group', []) as $group) {
2061			foreach ($group['item'] as $item) {
2062			$items = explode("\|", $item);
2063			if ($items[0] == $gateway_settings['name']) {
2064			$input_errors[] = sprintf(gettext('Gateway "%1$s" cannot be disabled because it is in use on Gateway Group "%2$s"'), $gateway_settings['name'], $group['name']);
2065	161cd113	Phil Davis	}
2066			}
2067			}
2068
2069			// Check if the gateway name is used in any enabled Static Route.
2070	9178a649	R. Christian McDonald	foreach (config_get_path('staticroutes/route', []) as $route) {
2071			if ($route['gateway'] == $gateway_settings['name']) {
2072			if (!isset($route['disabled'])) {
2073			// There is a static route that uses this gateway and is enabled (not disabled).
2074			$input_errors[] = sprintf(gettext('Gateway "%1$s" cannot be disabled because it is in use on Static Route "%2$s"'), $gateway_settings['name'], $route['network']);
2075	161cd113	Phil Davis	}
2076			}
2077			}
2078	d6bbbf35	Viktor G
2079			// Check if the gateway name is used by any DNS Server
2080			$dnsgw_counter = 1;
2081			while (isset($config["system"]["dns{$dnsgw_counter}gw"])) {
2082			if ($gateway_settings['name'] == $config["system"]["dns{$dnsgw_counter}gw"]) {
2083			// The user wants to disable this gateway, but there is a static route to the DNS server that refers to the gateway.
2084			$input_errors[] = sprintf(gettext('Gateway "%1$s" cannot be disabled because it is in use by DNS Server "%2$s"'), $gateway_settings['name'], $config["system"]["dns{$dnsgw_counter}gw"]);
2085			}
2086			$dnsgw_counter++;
2087			}
2088	161cd113	Phil Davis	}
2089			/* skip system gateways which have been automatically added */
2090			if (($gateway_settings['gateway'] && (!is_ipaddr($gateway_settings['gateway'])) && ($gateway_settings['attribute'] !== "system")) && ($gateway_settings['gateway'] != "dynamic")) {
2091			$input_errors[] = gettext("A valid gateway IP address must be specified.");
2092			}
2093
2094	de145400	Phil Davis	if ($gateway_settings['gateway'] && is_ipaddr($gateway_settings['gateway'])) {
2095	161cd113	Phil Davis	if (is_ipaddrv4($gateway_settings['gateway'])) {
2096	f1bb5c7f	Phil Davis	if ($parent_ip == '') {
2097			$parent_ip = get_interface_ip($gateway_settings['interface']);
2098			$parent_sn = get_interface_subnet($gateway_settings['interface']);
2099			}
2100	161cd113	Phil Davis	if (empty($parent_ip) \|\| empty($parent_sn)) {
2101			$input_errors[] = gettext("Cannot add IPv4 Gateway Address because no IPv4 address could be found on the interface.");
2102			} elseif (!isset($gateway_settings["nonlocalgateway"])) {
2103			$subnets = array(gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn);
2104			$vips = link_interface_to_vips($gateway_settings['interface']);
2105			if (is_array($vips)) {
2106			foreach ($vips as $vip) {
2107			if (!is_ipaddrv4($vip['subnet'])) {
2108			continue;
2109			}
2110			$subnets[] = gen_subnet($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'];
2111			}
2112			}
2113
2114			$found = false;
2115			foreach ($subnets as $subnet) {
2116			if (ip_in_subnet($gateway_settings['gateway'], $subnet)) {
2117			$found = true;
2118			break;
2119			}
2120			}
2121
2122			if ($found === false) {
2123			$input_errors[] = sprintf(gettext("The gateway address %s does not lie within one of the chosen interface's subnets."), $gateway_settings['gateway']);
2124			}
2125			}
2126			} else if (is_ipaddrv6($gateway_settings['gateway'])) {
2127			/* do not do a subnet match on a link local address, it's valid */
2128			if (!is_linklocal($gateway_settings['gateway'])) {
2129	f1bb5c7f	Phil Davis	if ($parent_ip == '') {
2130			$parent_ip = get_interface_ipv6($gateway_settings['interface']);
2131			$parent_sn = get_interface_subnetv6($gateway_settings['interface']);
2132			}
2133	161cd113	Phil Davis	if (empty($parent_ip) \|\| empty($parent_sn)) {
2134			$input_errors[] = gettext("Cannot add IPv6 Gateway Address because no IPv6 address could be found on the interface.");
2135			} elseif (!isset($gateway_settings["nonlocalgateway"])) {
2136			$subnets = array(gen_subnetv6($parent_ip, $parent_sn) . "/" . $parent_sn);
2137			$vips = link_interface_to_vips($gateway_settings['interface']);
2138			if (is_array($vips)) {
2139			foreach ($vips as $vip) {
2140			if (!is_ipaddrv6($vip['subnet'])) {
2141			continue;
2142			}
2143			$subnets[] = gen_subnetv6($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'];
2144			}
2145			}
2146
2147			$found = false;
2148			foreach ($subnets as $subnet) {
2149			if (ip_in_subnet($gateway_settings['gateway'], $subnet)) {
2150			$found = true;
2151			break;
2152			}
2153			}
2154
2155			if ($found === false) {
2156			$input_errors[] = sprintf(gettext("The gateway address %s does not lie within one of the chosen interface's subnets."), $gateway_settings['gateway']);
2157			}
2158			}
2159			}
2160			}
2161
2162			if (!empty($config['interfaces'][$gateway_settings['interface']]['ipaddr'])) {
2163			if (is_ipaddr($config['interfaces'][$gateway_settings['interface']]['ipaddr']) && (empty($gateway_settings['gateway']) \|\| $gateway_settings['gateway'] == "dynamic")) {
2164			$input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv4 configuration.");
2165			}
2166			}
2167			if (!empty($config['interfaces'][$gateway_settings['interface']]['ipaddrv6'])) {
2168			if (is_ipaddr($config['interfaces'][$gateway_settings['interface']]['ipaddrv6']) && (empty($gateway_settings['gateway']) \|\| $gateway_settings['gateway'] == "dynamic")) {
2169			$input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv6 configuration.");
2170			}
2171			}
2172			}
2173			if (($gateway_settings['monitor'] != "") && ($gateway_settings['monitor'] != "dynamic")) {
2174			validateipaddr($gateway_settings['monitor'], IPV4V6, "Monitor IP", $input_errors, false);
2175			}
2176			if (isset($gateway_settings['data_payload']) && is_numeric($gateway_settings['data_payload']) && $gateway_settings['data_payload'] < 0) {
2177			$input_errors[] = gettext("A valid data payload must be specified.");
2178			}
2179	c5d0d75d	Jim Pingle	if (!empty($gateway_settings['skip_rules_gw_down']) && !array_key_exists($gateway_settings['skip_rules_gw_down'], $gateway_state_kill_modes)) {
2180			$input_errors[] = gettext("Please select a valid State Killing on Gateway Failure mode.");
2181			}
2182	161cd113	Phil Davis	/* only allow correct IPv4 and IPv6 gateway addresses */
2183			if (($gateway_settings['gateway'] <> "") && is_ipaddr($gateway_settings['gateway']) && $gateway_settings['gateway'] != "dynamic") {
2184			if (is_ipaddrv6($gateway_settings['gateway']) && ($gateway_settings['ipprotocol'] == "inet")) {
2185			$input_errors[] = sprintf(gettext("The IPv6 gateway address '%s' can not be used as a IPv4 gateway."), $gateway_settings['gateway']);
2186			}
2187			if (is_ipaddrv4($gateway_settings['gateway']) && ($gateway_settings['ipprotocol'] == "inet6")) {
2188			$input_errors[] = sprintf(gettext("The IPv4 gateway address '%s' can not be used as a IPv6 gateway."), $gateway_settings['gateway']);
2189			}
2190			}
2191			/* only allow correct IPv4 and IPv6 monitor addresses */
2192			if (($gateway_settings['monitor'] <> "") && is_ipaddr($gateway_settings['monitor']) && $gateway_settings['monitor'] != "dynamic") {
2193			if (is_ipaddrv6($gateway_settings['monitor']) && ($gateway_settings['ipprotocol'] == "inet")) {
2194			$input_errors[] = sprintf(gettext("The IPv6 monitor address '%s' can not be used on a IPv4 gateway."), $gateway_settings['monitor']);
2195			}
2196			if (is_ipaddrv4($gateway_settings['monitor']) && ($gateway_settings['ipprotocol'] == "inet6")) {
2197			$input_errors[] = sprintf(gettext("The IPv4 monitor address '%s' can not be used on a IPv6 gateway."), $gateway_settings['monitor']);
2198			}
2199			}
2200
2201			if (isset($gateway_settings['name'])) {
2202			/* check for overlaps */
2203			foreach ($a_gateways as $gateway) {
2204			if (isset($id) && ($a_gateways[$id]) && ($a_gateways[$id] === $gateway)) {
2205			if ($gateway['name'] != $gateway_settings['name']) {
2206			$input_errors[] = gettext("Changing name on a gateway is not allowed.");
2207			}
2208			continue;
2209			}
2210			if ($gateway_settings['name'] <> "") {
2211			if (($gateway['name'] <> "") && ($gateway_settings['name'] == $gateway['name']) && ($gateway['attribute'] !== "system")) {
2212			$input_errors[] = sprintf(gettext('The gateway name "%s" already exists.'), $gateway_settings['name']);
2213			break;
2214			}
2215			}
2216			if (is_ipaddr($gateway_settings['gateway'])) {
2217			if (($gateway['gateway'] <> "") && ($gateway_settings['gateway'] == $gateway['gateway']) && ($gateway['attribute'] !== "system")) {
2218			$input_errors[] = sprintf(gettext('The gateway IP address "%s" already exists.'), $gateway_settings['gateway']);
2219			break;
2220			}
2221			}
2222			if (is_ipaddr($gateway_settings['monitor'])) {
2223			if (($gateway['monitor'] <> "") && ($gateway_settings['monitor'] == $gateway['monitor']) && ($gateway['attribute'] !== "system")) {
2224			$input_errors[] = sprintf(gettext('The monitor IP address "%s" is already in use. A different monitor IP must be chosen.'), $gateway_settings['monitor']);
2225			break;
2226			}
2227			}
2228			}
2229			}
2230
2231			/* input validation of dpinger advanced parameters */
2232
2233			$dpinger_default = return_dpinger_defaults();
2234			$latencylow = $dpinger_default['latencylow'];
2235			if ($gateway_settings['latencylow']) {
2236			if (!is_numeric($gateway_settings['latencylow'])) {
2237			$input_errors[] = gettext("The low latency threshold needs to be a numeric value.");
2238			} else if ($gateway_settings['latencylow'] < 1) {
2239			$input_errors[] = gettext("The low latency threshold needs to be positive.");
2240			} else {
2241			$latencylow = $gateway_settings['latencylow'];
2242			}
2243			}
2244
2245			$latencyhigh = $dpinger_default['latencyhigh'];
2246			if ($gateway_settings['latencyhigh']) {
2247			if (!is_numeric($gateway_settings['latencyhigh'])) {
2248			$input_errors[] = gettext("The high latency threshold needs to be a numeric value.");
2249			} else if ($gateway_settings['latencyhigh'] < 1) {
2250			$input_errors[] = gettext("The high latency threshold needs to be positive.");
2251			} else {
2252			$latencyhigh = $gateway_settings['latencyhigh'];
2253			}
2254			}
2255
2256			$losslow = $dpinger_default['losslow'];
2257			if ($gateway_settings['losslow']) {
2258			if (!is_numeric($gateway_settings['losslow'])) {
2259			$input_errors[] = gettext("The low Packet Loss threshold needs to be a numeric value.");
2260			} else if ($gateway_settings['losslow'] < 1) {
2261			$input_errors[] = gettext("The low Packet Loss threshold needs to be positive.");
2262			} else if ($gateway_settings['losslow'] >= 100) {
2263			$input_errors[] = gettext("The low Packet Loss threshold needs to be less than 100.");
2264			} else {
2265			$losslow = $gateway_settings['losslow'];
2266			}
2267			}
2268
2269			$losshigh = $dpinger_default['losshigh'];
2270			if ($gateway_settings['losshigh']) {
2271			if (!is_numeric($gateway_settings['losshigh'])) {
2272			$input_errors[] = gettext("The high Packet Loss threshold needs to be a numeric value.");
2273			} else if ($gateway_settings['losshigh'] < 1) {
2274			$input_errors[] = gettext("The high Packet Loss threshold needs to be positive.");
2275			} else if ($gateway_settings['losshigh'] > 100) {
2276			$input_errors[] = gettext("The high Packet Loss threshold needs to be 100 or less.");
2277			} else {
2278			$losshigh = $gateway_settings['losshigh'];
2279			}
2280			}
2281
2282			$time_period = $dpinger_default['time_period'];
2283			if ($gateway_settings['time_period']) {
2284			if (!is_numeric($gateway_settings['time_period'])) {
2285			$input_errors[] = gettext("The time period over which results are averaged needs to be a numeric value.");
2286			} else if ($gateway_settings['time_period'] < 1) {
2287			$input_errors[] = gettext("The time period over which results are averaged needs to be positive.");
2288			} else {
2289			$time_period = $gateway_settings['time_period'];
2290			}
2291			}
2292
2293			$interval = $dpinger_default['interval'];
2294			if ($gateway_settings['interval']) {
2295			if (!is_numeric($gateway_settings['interval'])) {
2296			$input_errors[] = gettext("The probe interval needs to be a numeric value.");
2297			} else if ($gateway_settings['interval'] < 1) {
2298			$input_errors[] = gettext("The probe interval needs to be positive.");
2299			} else {
2300			$interval = $gateway_settings['interval'];
2301			}
2302			}
2303
2304			$loss_interval = $dpinger_default['loss_interval'];
2305			if ($gateway_settings['loss_interval']) {
2306			if (!is_numeric($gateway_settings['loss_interval'])) {
2307			$input_errors[] = gettext("The loss interval needs to be a numeric value.");
2308			} else if ($gateway_settings['loss_interval'] < 1) {
2309			$input_errors[] = gettext("The loss interval setting needs to be positive.");
2310			} else {
2311			$loss_interval = $gateway_settings['loss_interval'];
2312			}
2313			}
2314
2315			$alert_interval = $dpinger_default['alert_interval'];
2316			if ($gateway_settings['alert_interval']) {
2317			if (!is_numeric($gateway_settings['alert_interval'])) {
2318			$input_errors[] = gettext("The alert interval needs to be a numeric value.");
2319			} else if ($gateway_settings['alert_interval'] < 1) {
2320			$input_errors[] = gettext("The alert interval setting needs to be positive.");
2321			} else {
2322			$alert_interval = $gateway_settings['alert_interval'];
2323			}
2324			}
2325
2326			if ($latencylow >= $latencyhigh) {
2327			$input_errors[] = gettext(
2328			"The high latency threshold needs to be greater than the low latency threshold");
2329			}
2330
2331			if ($losslow >= $losshigh) {
2332			$input_errors[] = gettext(
2333			"The high packet loss threshold needs to be higher than the low packet loss threshold");
2334			}
2335
2336			// If the loss interval is less than latencyhigh, then high latency could never be recorded
2337			// because those high latency packets would be considered as lost. So do not allow that.
2338			if ($latencyhigh > $loss_interval) {
2339			$input_errors[] = gettext("The loss interval needs to be greater than or equal to the high latency threshold.");
2340			}
2341
2342			// Ensure that the time period is greater than 2 times the probe interval plus the loss interval.
2343			if (($interval * 2 + $loss_interval) >= $time_period) {
2344			$input_errors[] = gettext("The time period needs to be greater than twice the probe interval plus the loss interval.");
2345			}
2346
2347			// There is no point recalculating the average latency and loss more often than the probe interval.
2348			// So the alert interval needs to be >= probe interval.
2349			if ($interval > $alert_interval) {
2350			$input_errors[] = gettext("The alert interval needs to be greater than or equal to the probe interval.");
2351			}
2352
2353	221fc6d2	Marcos Mendoza	if ($json) {
2354			return json_encode($input_errors);
2355			}
2356	161cd113	Phil Davis	return $input_errors;
2357			}
2358	7e45af77	Phil Davis
2359			// Save gateway settings.
2360			// $gateway_settings - the array of gateway setting parameters
2361			// $realid - the index of the gateway to be modified (otherwise "" if adding a new gateway)
2362
2363			// This function is responsible to:
2364			// Setup the gateway parameter structure from the gateway settings input parameter
2365			// Save the structure into the config
2366			// Remove any run-time settings from gateway parameters that are changed (e.g. remove routes to addresses that are changing)
2367
2368			// A subsequent "apply" step will implement the added/changed gateway.
2369
2370	221fc6d2	Marcos Mendoza	function save_gateway($gateway_settings, $realid = "", $json = false) {
2371			if ($json) {
2372			$gateway_settings = json_decode($gateway_settings, true);
2373			}
2374	7e45af77	Phil Davis	global $config;
2375
2376	c6c398c6	jim-p	init_config_arr(array('gateways', 'gateway_item'));
2377	7e45af77	Phil Davis	$a_gateway_item = &$config['gateways']['gateway_item'];
2378			$reloadif = "";
2379			$gateway = array();
2380
2381			if (empty($gateway_settings['interface'])) {
2382			$gateway['interface'] = $gateway_settings['friendlyiface'];
2383			} else {
2384			$gateway['interface'] = $gateway_settings['interface'];
2385			}
2386			if (is_ipaddr($gateway_settings['gateway'])) {
2387			$gateway['gateway'] = $gateway_settings['gateway'];
2388			} else {
2389			$gateway['gateway'] = "dynamic";
2390			}
2391			$gateway['name'] = $gateway_settings['name'];
2392			$gateway['weight'] = $gateway_settings['weight'];
2393			$gateway['ipprotocol'] = $gateway_settings['ipprotocol'];
2394			if ($gateway_settings['interval']) {
2395			$gateway['interval'] = $gateway_settings['interval'];
2396			}
2397
2398			if ($gateway_settings['time_period']) {
2399			$gateway['time_period'] = $gateway_settings['time_period'];
2400			}
2401			if ($gateway_settings['alert_interval']) {
2402			$gateway['alert_interval'] = $gateway_settings['alert_interval'];
2403			}
2404
2405			$gateway['descr'] = $gateway_settings['descr'];
2406			if ($gateway_settings['monitor_disable'] == "yes") {
2407			$gateway['monitor_disable'] = true;
2408			}
2409			if ($gateway_settings['action_disable'] == "yes") {
2410			$gateway['action_disable'] = true;
2411			}
2412			if ($gateway_settings['nonlocalgateway'] == "yes") {
2413			$gateway['nonlocalgateway'] = true;
2414			}
2415	dd965531	luckman212	if ($gateway_settings['dpinger_dont_add_static_route'] == "yes") {
2416			$gateway['dpinger_dont_add_static_route'] = true;
2417			}
2418	7e45af77	Phil Davis	if ($gateway_settings['force_down'] == "yes") {
2419			$gateway['force_down'] = true;
2420			}
2421	c5d0d75d	Jim Pingle	$gateway['gw_down_kill_states'] = $gateway_settings['gw_down_kill_states'];
2422	7e45af77	Phil Davis	if (is_ipaddr($gateway_settings['monitor'])) {
2423			$gateway['monitor'] = $gateway_settings['monitor'];
2424			}
2425	ea0d5cbe	Luiz Souza	if (isset($gateway_settings['data_payload']) && is_numeric($gateway_settings['data_payload']) && $gateway_settings['data_payload'] >= 0) {
2426	7e45af77	Phil Davis	$gateway['data_payload'] = $gateway_settings['data_payload'];
2427			}
2428
2429			/* NOTE: If gateway ip is changed need to cleanup the old static interface route */
2430	c428cdf4	Renato Botelho do Couto	if ($gateway_settings['monitor'] != "dynamic" &&
2431			!empty($a_gateway_item[$realid]) &&
2432			is_ipaddr($a_gateway_item[$realid]['gateway']) &&
2433			$gateway['gateway'] != $a_gateway_item[$realid]['gateway'] &&
2434			isset($a_gateway_item[$realid]["nonlocalgateway"])) {
2435			route_del($a_gateway_item[$realid]['gateway']);
2436	7e45af77	Phil Davis	}
2437
2438			/* NOTE: If monitor ip is changed need to cleanup the old static route */
2439	c428cdf4	Renato Botelho do Couto	if ($gateway_settings['monitor'] != "dynamic" &&
2440			!empty($a_gateway_item[$realid]) &&
2441			is_ipaddr($a_gateway_item[$realid]['monitor']) &&
2442			$gateway_settings['monitor'] != $a_gateway_item[$realid]['monitor'] &&
2443			$gateway['gateway'] != $a_gateway_item[$realid]['monitor']) {
2444			route_del($a_gateway_item[$realid]['monitor']);
2445	7e45af77	Phil Davis	}
2446
2447			if ($gateway_settings['defaultgw'] == "yes" \|\| $gateway_settings['defaultgw'] == "on") {
2448	43a9b03d	PiBa-NL	// a new default gateway is being saved.
2449	7e45af77	Phil Davis	$i = 0;
2450			/* remove the default gateway bits for all gateways with the same address family */
2451	d540ed34	Phil Davis	if (is_array($a_gateway_item)) {
2452			foreach ($a_gateway_item as $gw) {
2453			if ($gateway['ipprotocol'] == $gw['ipprotocol']) {
2454	35298a2f	Steve Beaver	if ($gw['interface'] != $gateway_settings['interface'] &&
2455	a25e9691	Reid Linnemann	($gw['name'] == config_get_path('gateways/defaultgw4', "") \|\|
2456			$gw['name'] == config_get_path('gateways/defaultgw6', ""))) {
2457	43a9b03d	PiBa-NL	// remember the old default gateway interface to call with a "interface reconfigure" event.
2458	d540ed34	Phil Davis	$reloadif = $gw['interface'];
2459			}
2460	7e45af77	Phil Davis	}
2461	d540ed34	Phil Davis	$i++;
2462	7e45af77	Phil Davis	}
2463			}
2464	43a9b03d	PiBa-NL	if ($gateway['ipprotocol'] == "inet") {
2465	a25e9691	Reid Linnemann	config_set_path('gateways/defaultgw4', $gateway['name']);
2466	43a9b03d	PiBa-NL	} elseif ($gateway['ipprotocol'] == "inet6") {
2467	a25e9691	Reid Linnemann	config_set_path('gateways/defaultgw4', $gateway['name']);
2468	43a9b03d	PiBa-NL	}
2469	7e45af77	Phil Davis	}
2470
2471			if ($gateway_settings['latencylow']) {
2472			$gateway['latencylow'] = $gateway_settings['latencylow'];
2473			}
2474			if ($gateway_settings['latencyhigh']) {
2475			$gateway['latencyhigh'] = $gateway_settings['latencyhigh'];
2476			}
2477			if ($gateway_settings['losslow']) {
2478			$gateway['losslow'] = $gateway_settings['losslow'];
2479			}
2480			if ($gateway_settings['losshigh']) {
2481			$gateway['losshigh'] = $gateway_settings['losshigh'];
2482			}
2483			if ($gateway_settings['loss_interval']) {
2484			$gateway['loss_interval'] = $gateway_settings['loss_interval'];
2485			}
2486	336edf72	Viktor G
2487			/* reload IPsec and OpenVPN on gateway IP, 'Mark Gateway as Down', or 'Disabled' option change
2488			* see https://redmine.pfsense.org/issues/13076 */
2489			if (!empty($a_gateway_item[$realid]) &&
2490			(isset($gateway['disabled']) ^ isset($a_gateway_item[$realid]['disabled'])) \|\|
2491			(!isset($a_gateway_item[$realid]['disabled']) &&
2492			((($gateway['monitor'] != "dynamic") &&
2493			is_ipaddr($a_gateway_item[$realid]['gateway']) &&
2494			($gateway['gateway'] != $a_gateway_item[$realid]['gateway'])) \|\|
2495			(isset($gateway['force_down']) ^ isset($a_gateway_item[$realid]['force_down']))))) {
2496			$reloadvpn = true;
2497			}
2498
2499	7e45af77	Phil Davis	/* when saving the manual gateway we use the attribute which has the corresponding id */
2500			if (isset($realid) && $a_gateway_item[$realid]) {
2501	43a9b03d	PiBa-NL	$preserve_disabled = isset($a_gateway_item[$realid]['disabled']);
2502	7e45af77	Phil Davis	$a_gateway_item[$realid] = $gateway;
2503	43a9b03d	PiBa-NL	if ($preserve_disabled) {
2504			$a_gateway_item[$realid]['disabled'] = true;
2505			}
2506	7e45af77	Phil Davis	} else {
2507			$a_gateway_item[] = $gateway;
2508			}
2509	43a9b03d	PiBa-NL	gateway_set_enabled($gateway_settings['name'], !isset($gateway_settings['disabled']));
2510	7e45af77	Phil Davis
2511			mark_subsystem_dirty('staticroutes');
2512
2513	e85ae672	Renato Botelho do Couto	write_config("Gateway settings changed");
2514	7e45af77	Phil Davis
2515	336edf72	Viktor G	if ($reloadvpn) {
2516			send_event("service reload ipsec " . escapeshellarg($gateway['name']));
2517			send_event("service reload openvpn " . escapeshellarg($gateway['name']));
2518			}
2519
2520	7e45af77	Phil Davis	if (!empty($reloadif)) {
2521			send_event("interface reconfigure {$reloadif}");
2522			}
2523			}
2524	43a9b03d	PiBa-NL
2525			function gateway_set_enabled($name, $enabled) {
2526	ac0a027f	Christian McDonald	$gwlist = config_get_path('gateways/gateway_item', []);
2527			if (is_array($gwlist)) {
2528			foreach($gwlist as $key => $item) {
2529	43a9b03d	PiBa-NL	if ($item['name'] == $name) {
2530	ac0a027f	Christian McDonald	$gateway = &$gwlist[$key];
2531	43a9b03d	PiBa-NL	}
2532			}
2533			}
2534			if (!isset($gateway)) {
2535			return;
2536			}
2537			if ($enabled) {
2538			unset($gateway['disabled']);
2539			} else {
2540			/* Check if the gateway was enabled but changed to disabled. */
2541			if (!isset($gateway['disabled'])) {
2542			/* If the disabled gateway was the default route, remove the default route */
2543			if (is_ipaddr($gateway['gateway'])) {
2544			$inet = (!is_ipaddrv4($gateway['gateway']) ? 'inet6' : 'inet');
2545			if ($inet == 'inet') {
2546	c428cdf4	Renato Botelho do Couto	$cgw = route_get_default('inet');
2547	43a9b03d	PiBa-NL	} else {
2548	c428cdf4	Renato Botelho do Couto	$cgw = route_get_default('inet6');
2549	43a9b03d	PiBa-NL	}
2550			if ($gateway['gateway'] == $cgw) {
2551	c428cdf4	Renato Botelho do Couto	route_del("default", $inet);
2552	43a9b03d	PiBa-NL	}
2553			}
2554			$gateway['disabled'] = true;
2555			}
2556			}
2557	ac0a027f	Christian McDonald	unset($gateway);
2558			config_set_path('gateways/gateway_item', $gwlist);
2559	43a9b03d	PiBa-NL	}
2560
2561			function gateway_or_gwgroup_exists($name) {
2562			global $config;
2563			if (is_array($config['gateways']['gateway_item'])) {
2564	ac0a027f	Christian McDonald	foreach(config_get_path('gateways/gateway_item', []) as $item) {
2565	43a9b03d	PiBa-NL	if ($item['name'] == $name) {
2566			return true;
2567			}
2568			}
2569			}
2570			if (is_array($config['gateways']['gateway_group'])) {
2571	ac0a027f	Christian McDonald	foreach(config_get_path('gateways/gateway_group', []) as $item) {
2572	43a9b03d	PiBa-NL	if ($item['name'] == $name) {
2573			return true;
2574			}
2575			}
2576			}
2577			return false;
2578			}
2579
2580	2cff9cf0	Steve Beaver	// These two replacement functions avoid the need to call return_gateways_array() multiple times and
2581			// allow system_gateways.php to get everything it needs in a single function call
2582			function gateway_getgwtiername($gways, $idx) {
2583	8b348d2b	Steve Beaver	global $config;
2584
2585			$result = "";
2586			$gwname = $gways[$idx]['name'];
2587
2588			$gw = get_gateway_or_group_by_name($gwname, $gways);
2589	e79a872f	Christian McDonald
2590	dbc1b8ee	jim-p	init_config_arr(array('gateways'));
2591	a25e9691	Reid Linnemann	$gw4 = config_get_path('gateways/defaultgw4', "");
2592			$gw6 = config_get_path('gateways/defaultgw6', "");
2593			if ($gw4 == $gwname \|\| $gw6 == $gwname) {
2594	8b348d2b	Steve Beaver	$result = "Default";
2595			} else {
2596			if ($gw['ipprotocol'] == 'inet') {
2597	a25e9691	Reid Linnemann	$defgw = get_gateway_or_group_by_name($gw4, $gways);
2598	8b348d2b	Steve Beaver	} else {
2599	a25e9691	Reid Linnemann	$defgw = get_gateway_or_group_by_name($gw6, $gways);
2600	8b348d2b	Steve Beaver	}
2601
2602			if ($defgw['type'] == "gatewaygroup") {
2603			$detail = gateway_is_gwgroup_member($gwname, true);
2604			foreach($detail as $gwitem) {
2605			if ($gwitem['name'] == $defgw['name']) {
2606			if (isset($gwitem['tier'])) {
2607			$result = "Tier " . $gwitem['tier'];
2608	a2ec7b0a	Steve Beaver	break;
2609			}
2610	8b348d2b	Steve Beaver	}
2611			}
2612			}
2613			}
2614
2615			if (!empty($result)) {
2616			if ($gw['ipprotocol'] == "inet") {
2617			$result .= " (IPv4)";
2618			} elseif ($gw['ipprotocol'] == "inet6") {
2619			$result .= " (IPv6)";
2620			}
2621			}
2622
2623			return $result;
2624	2cff9cf0	Steve Beaver	}
2625
2626			function get_gateway_or_group_by_name($gwname, $gateways_arr) {
2627	8b348d2b	Steve Beaver	global $config;
2628
2629			foreach ($gateways_arr as $gw) {
2630			if ($gw['name'] == $gwname) {
2631			$gw['type'] = 'gateway';
2632			return $gw;
2633			}
2634			}
2635
2636	dbc1b8ee	jim-p	init_config_arr(array('gateways', 'gateway_group'));
2637	ac0a027f	Christian McDonald	foreach (config_get_path('gateways/gateway_group', []) as $gwg) {
2638	dbc1b8ee	jim-p	if ($gwg['name'] == $gwname) {
2639			$gwg['type'] = 'gatewaygroup';
2640			return $gwg;
2641	8b348d2b	Steve Beaver	}
2642			}
2643
2644			return false;
2645	2cff9cf0	Steve Beaver	}
2646
2647	1cf01478	Steve Beaver	// Compose a list of available gateways but without the need to call return_gateways_array() multiple times
2648			// Previously that function could be called eight times per gateway!
2649			function available_default_gateways() {
2650			global $config;
2651
2652	4bbbcc36	Marcos Mendoza	$gways = get_gateways(GW_CACHE_DISABLED \| GW_CACHE_INACTIVE);
2653	1cf01478	Steve Beaver
2654			$items4 = array();
2655			$items6 = array();
2656			$items4[''] = "Automatic";
2657			$items6[''] = "Automatic";
2658			foreach($gways as $gw) {
2659			$gwn = $gw['name'];
2660			if ($gw['ipprotocol'] == "inet6") {
2661			$items6[$gwn] = $gwn;
2662			} else {
2663			$items4[$gwn] = $gwn;
2664			}
2665			}
2666
2667	4bbbcc36	Marcos Mendoza	$groups = return_gateway_groups_array(false);
2668	1cf01478	Steve Beaver	foreach ($groups as $key => $group) {
2669			$gwn = $group['descr'];
2670			if ($group['ipprotocol'] == "inet6") {
2671			$items6[$key] = "$key ($gwn)";
2672			} else {
2673			$items4[$key] = "$key ($gwn)";
2674			}
2675			}
2676			$items4['-'] = "None";
2677			$items6['-'] = "None";
2678
2679			$defaults = array();
2680			$defaults['v4'] = $items4;
2681			$defaults['v6'] = $items6;
2682	a25e9691	Reid Linnemann	$defaults['defaultgw4'] = config_get_path('gateways/defaultgw4', "");
2683			$defaults['defaultgw6'] = config_get_path('gateways/defaultgw6', "");
2684	1cf01478	Steve Beaver
2685			return $defaults;
2686			}
2687
2688	4bbbcc36	Marcos Mendoza	function get_interface_gateway_name($friendlyiface, $family = 'inet') {
2689	49d0874f	Jim Pingle	/* Try to locate gateway directly (e.g. static) */
2690			if ($family == 'inet') {
2691			$gw = config_get_path("interfaces/{$friendlyiface}/gateway", '');
2692			} else {
2693			$gw = config_get_path("interfaces/{$friendlyiface}/gatewayv6", '');
2694			}
2695
2696			/* If the gateway is empty that means it's dynamic so we have to hunt it down */
2697			if (empty($gw)) {
2698			/* Check each gateway entry for a dynamic gateway matching
2699			* this interface and the requested address family.
2700			*/
2701	4bbbcc36	Marcos Mendoza	foreach (get_gateways(GW_CACHE_ALL) as $gwname => $gwcfg) {
2702	49d0874f	Jim Pingle	if (empty($gwcfg) \|\|
2703			!is_array($gwcfg) \|\|
2704			($gwcfg['dynamic'] == false) \|\|
2705			($gwcfg['friendlyiface'] != $friendlyiface) \|\|
2706			($gwcfg['ipprotocol'] != $family)) {
2707			continue;
2708			}
2709			$gw = $gwname;
2710			break;
2711			}
2712			}
2713			return $gw;
2714			}
2715	1cf01478	Steve Beaver
2716	69eefb50	Renato Botelho	?>

Project

General

Profile

pfSense