interfaces: force newip calls through DHCP/PPP/OVPN on IPv4

In case addresses are removed and reapplied the routes are gone
and other related interface configuration is missing.  In these
cases do a full recycle even though the address did not change
visibly (which is good that we can detect it).

Also address the "miss" of the cached address clean now that we
know DHCP should not force-update us into a missing address
scenario during a renew.

PR: #6338

(cherry picked from 4950460)
(cherry picked from bf97cdf)

src/etc/inc/interfaces.inc

@@ -892,7 +892,6 @@ function interface_bring_down($interface = 'wan', $ifacecfg = false)
             break;
         case 'dhcp':
             killbypid("/var/run/dhclient.{$realif}.pid", 'TERM', true);
-            @unlink("/tmp/{$realif}_oldip"); /* XXX dhclient cannot signal a release */
             break;
         default:
             break;
@@ -3099,7 +3098,6 @@ function interface_dhcp_configure($interface = 'wan')
     }
 
     killbypid("/var/run/dhclient.{$wanif}.pid", 'TERM', true);
-    @unlink("/tmp/{$wanif}_oldip"); /* XXX dhclient cannot signal a release */
 
     $fd = fopen("/var/etc/dhclient_{$interface}.conf", "w");
     if (!$fd) {

src/etc/inc/plugins.inc.d/openvpn/ovpn-linkup

@@ -27,6 +27,6 @@ fi
 /usr/local/sbin/ifctl -4rd -i ${1} ${ROUTERV4}
 /usr/local/sbin/ifctl -6rd -i ${1} ${ROUTERV6}
 
-/usr/local/sbin/configctl -d interface newip ${1}
+/usr/local/sbin/configctl -d interface newip ${1} force
 
 exit 0

src/etc/rc.newwanip

@@ -2,7 +2,7 @@
 <?php
 
 /*
- * Copyright (C) 2017-2022 Franco Fichtner <franco@opnsense.org>
+ * Copyright (C) 2017-2023 Franco Fichtner <franco@opnsense.org>
  * Copyright (C) 2006 Scott Ullrich <sullrich@gmail.com>
  * Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>
  * All rights reserved.
@@ -38,6 +38,7 @@ require_once("system.inc");
 require_once("interfaces.inc");
 
 $argument = isset($argv[1]) ? trim($argv[1]) : '';
+$force = !empty($argv[2]) ? 'yes' : 'no';
 
 exit_on_bootup(function ($argument) {
     log_msg("IP renewal deferred during boot on '{$argument}'");
@@ -61,15 +62,24 @@ $interface_descr = convert_friendly_interface_to_friendly_descr($interface);
 $ip = get_interface_ip($interface);
 
 $cacheip_file = "/tmp/{$device}_oldip";
+$cacheip = trim(@file_get_contents($cacheip_file));
 
 if (!is_ipaddr($ip)) {
+    if (is_ipaddr($cacheip)) {
+        log_msg("IP address change detected, killing states of old ip $cacheip");
+        mwexecf('/sbin/pfctl -k 0.0.0.0/0 -k %s', $cacheip);
+        mwexecf('/sbin/pfctl -k %s', $cacheip);
+    }
+
     /* remove previously cached IP since it is gone */
     @unlink($cacheip_file);
 
     /*
      * Take care of OpenVPN and similar if you generate the event
      * to reconfigure an interface.  OpenVPN might be in tap(4)
      * mode and not have an IP address.
+     *
+     * XXX we actually force continuation for ip = null
      */
     if (substr($device, 0, 4) != 'ovpn') {
         log_msg("Failed to detect IP for {$interface_descr}[{$interface}]", LOG_WARNING);
@@ -81,13 +91,12 @@ if (!is_ipaddr($ip)) {
 system_resolvconf_generate();
 system_hosts_generate();
 
-$cacheip = trim(@file_get_contents($cacheip_file));
-if ($ip == $cacheip) {
+if ($force == 'no' && $ip == $cacheip) {
     log_msg("No IP change detected for {$interface_descr}[{$interface}]", LOG_INFO);
     return;
 }
 
-log_msg("IP renwal starting (new: {$ip}, old: ${cacheip}, interface: {$interface_descr}[{$interface}], device: {$device})");
+log_msg("IP renewal starting (new: {$ip}, old: {$cacheip}, interface: {$interface_descr}[{$interface}], device: {$device}, force: {$force})");
 
 interfaces_vips_configure($interface, 4);
 
@@ -159,11 +168,9 @@ foreach (array_keys($restartifs) as $ifname) {
  */
 ifgroup_setup();
 
-$cacheip_file = "/tmp/{$device}_oldip";
-$cacheip = trim(@file_get_contents($cacheip_file));
 $intf_ipaddr = $config['interfaces'][$interface]['ipaddr'] ?? 'none';
 
-if ($ip != $cacheip || (!is_ipaddr($intf_ipaddr) && $intf_ipaddr != 'dhcp')) {
+if ($force == 'yes' || $ip != $cacheip || (!is_ipaddr($intf_ipaddr) && $intf_ipaddr != 'dhcp')) {
     system_routing_configure(false, $interface);
     filter_configure_sync();
 
@@ -175,7 +182,7 @@ if ($ip != $cacheip || (!is_ipaddr($intf_ipaddr) && $intf_ipaddr != 'dhcp')) {
 
     @file_put_contents($cacheip_file, $ip . PHP_EOL);
 
-    plugins_configure('vpn', false, array($interface));
-    plugins_configure('newwanip', false, array($interface));
+    plugins_configure('vpn', false, [$interface]);
+    plugins_configure('newwanip', false, [$interface]);
     rrd_configure();
 }

src/opnsense/scripts/interfaces/dhclient-script

@@ -307,7 +307,7 @@ BOUND|RENEW|REBIND|REBOOT)
 		add_new_resolv_conf
 	#fi
 	if [ "$changes" = "yes" ] ; then
-		/usr/local/sbin/configctl -d interface newip $interface
+		/usr/local/sbin/configctl -d interface newip $interface force
 	fi
 	;;
 

src/opnsense/scripts/interfaces/ppp-linkup.sh

@@ -21,7 +21,7 @@ fi
 if [ "${2}" = "inet" ]; then
 	/usr/local/sbin/ifctl -i ${1} -4nd ${DNS1} ${DNS2}
 	/usr/local/sbin/ifctl -i ${1} -4rd ${ROUTER}
-	/usr/local/sbin/configctl -d interface newip ${1}
+	/usr/local/sbin/configctl -d interface newip ${1} force
 elif [ "${2}" = "inet6" ]; then
 	/usr/local/sbin/ifctl -i ${1} -6nd ${DNS1} ${DNS2}
 	/usr/local/sbin/ifctl -i ${1} -6rd ${ROUTER}

src/opnsense/service/conf/actions.d/actions_interface.conf

@@ -7,9 +7,9 @@ description:Periodic interface reset
 
 [newip]
 command:/usr/local/etc/rc.newwanip
-parameters:%s
+parameters:%s %s
 type:script
-message:New IPv4 on %s
+message:New IPv4 on %s %s
 
 [newipv6]
 command:/usr/local/etc/rc.newwanipv6