rc: backport newwan changes from master

opnsense · Apr 25, 2017 · f31964a · f31964a · Woi · May 3, 2017
1 parent 7b2c48a
commit f31964a
Show file tree

Hide file tree

Showing 2 changed files with 100 additions and 119 deletions.
diff --git a/src/etc/rc.newwanip b/src/etc/rc.newwanip
@@ -2,40 +2,40 @@
 <?php
 
 /*
-    Copyright (C) 2006 Scott Ullrich <sullrich@gmail.com>
-    Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>
-    All rights reserved.
-
-    Redistribution and use in source and binary forms, with or without
-    modification, are permitted provided that the following conditions are met:
-
-    1. Redistributions of source code must retain the above copyright notice,
-    this list of conditions and the following disclaimer.
-
-    2. Redistributions in binary form must reproduce the above copyright
-    notice, this list of conditions and the following disclaimer in the
-    documentation and/or other materials provided with the distribution.
-
-    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-    POSSIBILITY OF SUCH DAMAGE.
-*/
+ * Copyright (C) 2006 Scott Ullrich <sullrich@gmail.com>
+ * Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
 
 require_once("config.inc");
-require_once('auth.inc');
+require_once("auth.inc");
 require_once("filter.inc");
+require_once("services.inc");
 require_once("rrd.inc");
 require_once("util.inc");
 require_once("system.inc");
 require_once("interfaces.inc");
-require_once("services.inc");
 
 // Do not process while booting
 if (file_exists('/var/run/booting')) {
@@ -48,59 +48,45 @@ if (isset($argv[1])) {
 } else {
     $argument = null;
 }
-log_error("rc.newwanip: Informational is starting {$argument}.");
+
+log_error("Informational is starting '{$argument}'");
 
 if (empty($argument)) {
     $interface = "wan";
-    $interface_real = get_real_interface();
+    $interface_real = get_real_interface($interface);
+    $curwanip = get_interface_ip($interface);
 } else {
     $interface = convert_real_interface_to_friendly_interface_name($argument);
     $interface_real = $argument;
+    $curwanip = find_interface_ip($interface_real);
+    if (empty($curwanip)) {
+        $curwanip = get_interface_ip($interface);
+    }
 }
 
-$interface_descr = convert_friendly_interface_to_friendly_descr($interface);
-
 /* If the interface is configured and not enabled, bail. We do not need to change settings for disabled interfaces. #3313 */
-if (is_array($config['interfaces'][$interface]) && !isset($config['interfaces'][$interface]['enable'])) {
-    log_error("Interface is disabled, nothing to do.");
-    return;
-} elseif (empty($interface)) {
-    log_error("Interface is empty, nothing to do.");
+if (!isset($config['interfaces'][$interface]['enable'])) {
+    log_error("Interface is disabled or empty, nothing to do.");
     return;
 }
 
-if (empty($argument)) {
-    $curwanip = get_interface_ip();
-} else {
-    $curwanip = find_interface_ip($interface_real);
-    if(empty($curwanip)) {
-        $curwanip = get_interface_ip($interface);
-    }
-}
+$interface_descr = convert_friendly_interface_to_friendly_descr($interface);
 
-log_error("rc.newwanip: on (IP address: {$curwanip}) (interface: {$interface_descr}[{$interface}]) (real interface: {$interface_real}).");
+log_error("On (IP address: {$curwanip}) (interface: {$interface_descr}[{$interface}]) (real interface: {$interface_real}).");
 
 /*
- * NOTE: Take care of openvpn, no-ip or similar interfaces if you generate the event to reconfigure an interface.
- *      i.e. OpenVPN might be in tap mode and not have an ip.
+ * NOTE: Take care of openvpn and similar if you generate the event to reconfigure an interface.
+ *    i.e. OpenVPN might be in tap mode and not have an ip.
  */
-if ($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) {
-    if (substr($interface_real, 0, 4) != "ovpn") {
-        if (!empty($config['interfaces'][$interface]['ipaddr'])) {
-            log_error("rc.newwanip: Failed to update {$interface} IP, restarting...");
-            configd_run("interface reconfigure {$interface}");
-            return;
-        }
+if ((empty($curwanip) || !is_ipaddr($curwanip)) && substr($interface_real, 0, 4) != "ovpn") {
+    if (!empty($config['interfaces'][$interface]['ipaddr'])) {
+        log_error("Failed to update {$interface} IP, restarting...");
+        configd_run("interface reconfigure {$interface}");
+        return;
     }
 }
 
-if (file_exists("/var/db/{$interface}_cacheip")) {
-    $oldip = file_get_contents("/var/db/{$interface}_cacheip");
-} else {
-    $oldip = "0.0.0.0";
-}
-
-system_resolvconf_generate();
+$oldip = @file_get_contents("/var/db/{$interface}_cacheip");
 
 /* write the current interface IP to file */
 /* used in src/sbin/dhclient-script.ext */
@@ -130,7 +116,7 @@ if (!empty($bridgetmp)) {
     interface_bridge_add_member($bridgetmp, $interface_real);
 }
 
-/* make new hosts file */
+system_resolvconf_generate();
 system_hosts_generate();
 
 /* check tunneled IPv6 interface tracking */

diff --git a/src/etc/rc.newwanipv6 b/src/etc/rc.newwanipv6
@@ -3,7 +3,7 @@
 
 /*
  * Copyright (C) 2006 Scott Ullrich <sullrich@gmail.com>
- * Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -29,18 +29,23 @@
  */
 
 require_once("config.inc");
-require_once("interfaces.inc");
+require_once("auth.inc");
 require_once("filter.inc");
 require_once("services.inc");
 require_once("rrd.inc");
 require_once("util.inc");
 require_once("system.inc");
 require_once("interfaces.inc");
 
+// Do not process while booting
+if (file_exists('/var/run/booting')) {
+    return;
+}
+
 /* Interface IP address has changed */
 $argument = trim($argv[1], " \n\t");
 
-log_error("rc.newwanipv6: Informational is starting {$argument}.");
+log_error("Informational is starting '{$argument}'");
 
 if (empty($argument)) {
     $interface = "wan";
@@ -52,25 +57,23 @@ if (empty($argument)) {
     $curwanipv6 = get_interface_ipv6($interface, true);
 }
 
-$interface_descr = convert_friendly_interface_to_friendly_descr($interface);
-
-if (empty($interface)) {
-    filter_configure();
+/* If the interface is configured and not enabled, bail. We do not need to change settings for disabled interfaces. #3313 */
+if (!isset($config['interfaces'][$interface]['enable'])) {
+    log_error("Interface is disabled or empty, nothing to do.");
     return;
 }
 
-//Do not process while booting
-if (file_exists("/var/run/booting") && $config['interfaces'][$interface]['ipaddrv6'] != "dhcp6") {
-    return;
-}
+$interface_descr = convert_friendly_interface_to_friendly_descr($interface);
+
+log_error("On (IP address: {$curwanipv6}) (interface: {$interface_descr}[{$interface}]) (real interface: {$interface_real}).");
 
 /*
  * NOTE: Take care of openvpn and similar if you generate the event to reconfigure an interface.
  *    i.e. OpenVPN might be in tap mode and not have an ip.
  */
 if ((empty($curwanipv6) || !is_ipaddrv6($curwanipv6)) && substr($interface_real, 0, 4) != "ovpn") {
-        log_error("rc.newwanipv6: Failed to detect IPv6 for {$interface_descr}[{$interface}]");
-        return;
+    log_error("Failed to detect IPv6 for {$interface_descr}[{$interface}]");
+    return;
 }
 
 $new_domain_name_servers = getenv("new_domain_name_servers");
@@ -83,25 +86,20 @@ if (!empty($new_domain_name_servers)) {
     }
 
     if (count($valid_ns) > 0) {
-        file_put_contents("/var/etc/nameserver_v6{$interface}", implode("\n", $valid_ns));
+        @file_put_contents("/var/etc/nameserver_v6{$interface}", implode("\n", $valid_ns));
     }
 }
 $new_domain_name = getenv("new_domain_name");
 if (!empty($new_domain_name)) {
-    file_put_contents("/var/etc/searchdomain_v6{$interface}", $new_domain_name);
+    @file_put_contents("/var/etc/searchdomain_v6{$interface}", $new_domain_name);
 }
 
 /* write current WAN IPv6 to file */
 if (is_ipaddrv6($curwanipv6)) {
     @file_put_contents("/var/db/{$interface}_ipv6", $curwanipv6);
 }
 
-log_error("rc.newwanipv6: on (IP address: {$curwanipv6}) (interface: {$interface}) (real interface: {$interface_real}).");
-
-$oldipv6 = "";
-if (file_exists("/var/db/{$interface}_cacheipv6")) {
-    $oldipv6 = file_get_contents("/var/db/{$interface}_cacheipv6");
-}
+$oldipv6 = @file_get_contents("/var/db/{$interface}_cacheipv6");
 
 $grouptmp = link_interface_to_group($interface);
 if (!empty($grouptmp)) {
@@ -110,46 +108,43 @@ if (!empty($grouptmp)) {
 
 link_interface_to_track6($interface, "update");
 system_resolvconf_generate();
-system_routing_configure($interface);
-setup_gateways_monitor();
-
-/* signal filter reload */
-filter_configure();
-
-if (is_ipaddrv6($oldipv6)) {
-    if ($curwanipv6 == $oldipv6) {
-        // Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing.
-        if (in_array($config['interfaces'][$interface]['ipaddrv6'], array('pppoe', 'pptp', 'ppp'))) {
-            /* reconfigure IPsec tunnels */
-            if (ipsec_configured_on_interface($interface)) {
-                ipsec_configure();
-            }
-
-            /* start OpenVPN server & clients */
-            if (substr($interface_real, 0, 4) != "ovpn") {
-                openvpn_resync_all($interface);
-            }
+system_hosts_generate();
+
+/*
+ * We need to force sync VPNs on such even when the IP is the same for dynamic interfaces.
+ * Even with the same IP the VPN software is unhappy with the IP disappearing, and we
+ * could be failing back in which case we need to switch IPs back anyhow.
+ */
+if (!is_ipaddr($oldipv6) || $curwanipv6 != $oldipv6 || !is_ipaddrv6($config['interfaces'][$interface]['ipaddrv6'])) {
+    system_routing_configure($interface);
+    setup_gateways_monitor();
+
+    if (is_ipaddrv6($oldipv6)) {
+        if (does_interface_exist($interface_real)) {
+            mwexec("/sbin/ifconfig {$interface_real} inet6 {$oldipv6} delete");
         }
-        return;
-    } elseif (does_interface_exist($interface_real)) {
-        mwexec("/sbin/ifconfig {$interface_real} inet6 {$oldipv6} delete");
     }
 
-    file_put_contents("/var/db/{$interface}_cacheipv6", $curwanipv6);
-}
+    if (is_ipaddrv6($curwanipv6)) {
+        @file_put_contents("/var/db/{$interface}_cacheipv6", $curwanipv6);
+    }
 
-/* reconfigure IPsec tunnels */
-if (ipsec_configured_on_interface($interface)) {
-    ipsec_configure();
-}
+    /* reconfigure IPsec tunnels */
+    if (ipsec_configured_on_interface($interface)) {
+        ipsec_configure();
+    }
 
-/* start OpenVPN server & clients */
-if (substr($interface_real, 0, 4) != 'ovpn') {
-    openvpn_resync_all($interface);
-}
+    /* start OpenVPN server & clients */
+    if (substr($interface_real, 0, 4) != "ovpn") {
+        openvpn_resync_all($interface);
+    }
+
+    /* reload graphing functions */
+    rrd_configure();
 
-/* reload graphing functions */
-rrd_configure();
+    /* reload plugins */
+    plugins_configure('interface');
+}
 
-/* reload plugins */
-plugins_configure('interface');
+/* reload filter, don't try to sync to carp slave */
+filter_configure_sync();