rc.newwanip 7.24 KB
Newer Older
1
#!/usr/local/bin/php
Ad Schellevis's avatar
Ad Schellevis committed
2
<?php
Franco Fichtner's avatar
Franco Fichtner committed
3

Ad Schellevis's avatar
Ad Schellevis committed
4
/*
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
  Copyright (C) 2006 Scott Ullrich <sullrich@gmail.com>
  Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
  All rights reserved.

  Redistribution and use in source and binary forms, with or without
  modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice,
  this list of conditions and the following disclaimer.

  2. Redistributions in binary form must reproduce the above copyright
  notice, this list of conditions and the following disclaimer in the
  documentation and/or other materials provided with the distribution.

  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
  AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
  AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
  OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  POSSIBILITY OF SUCH DAMAGE.
Ad Schellevis's avatar
Ad Schellevis committed
29 30 31 32 33 34 35 36
*/

/* parse the configuration and include all functions used below */
require_once("config.inc");
require_once("filter.inc");
require_once("vpn.inc");
require_once("openvpn.inc");
require_once("rrd.inc");
37
require_once("util.inc");
38 39
require_once("system.inc");
require_once("interfaces.inc");
40
require_once("pfsense-utils.inc");
41
require_once("services.inc");
42
require_once("unbound.inc");
Ad Schellevis's avatar
Ad Schellevis committed
43 44

// Do not process while booting
45
if (file_exists('/var/run/booting')) {
46
    return;
Ad Schellevis's avatar
Ad Schellevis committed
47
}
Ad Schellevis's avatar
Ad Schellevis committed
48 49

/* Interface IP address has changed */
50
if (isset($argv[1])) {
51
    $argument = str_replace("\n", "", $argv[1]);
52
} else {
53
    $argument = null;
54
}
Ad Schellevis's avatar
Ad Schellevis committed
55 56 57
log_error("rc.newwanip: Informational is starting {$argument}.");

if (empty($argument)) {
58 59
    $interface = "wan";
    $interface_real = get_real_interface();
Ad Schellevis's avatar
Ad Schellevis committed
60
} else {
61 62
    $interface = convert_real_interface_to_friendly_interface_name($argument);
    $interface_real = $argument;
Ad Schellevis's avatar
Ad Schellevis committed
63 64 65 66 67 68
}

$interface_descr = convert_friendly_interface_to_friendly_descr($interface);

/* If the interface is configured and not enabled, bail. We do not need to change settings for disabled interfaces. #3313 */
if (is_array($config['interfaces'][$interface]) && !isset($config['interfaces'][$interface]['enable'])) {
69 70
    log_error("Interface is disabled, nothing to do.");
    return;
71
} elseif (empty($interface)) {
72 73
    log_error("Interface is empty, nothing to do.");
    return;
Ad Schellevis's avatar
Ad Schellevis committed
74 75
}

76 77 78
if (empty($argument)) {
    $curwanip = get_interface_ip();
} else {
79
    $curwanip = find_interface_ip($interface_real);
80 81 82
    if(empty($curwanip)) {
        $curwanip = get_interface_ip($interface);
    }
Ad Schellevis's avatar
Ad Schellevis committed
83 84 85 86 87 88 89 90 91
}

log_error("rc.newwanip: on (IP address: {$curwanip}) (interface: {$interface_descr}[{$interface}]) (real interface: {$interface_real}).");

/*
 * NOTE: Take care of openvpn, no-ip or similar interfaces if you generate the event to reconfigure an interface.
 *      i.e. OpenVPN might be in tap mode and not have an ip.
 */
if ($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) {
92 93 94 95 96 97 98
    if (substr($interface_real, 0, 4) != "ovpn") {
        if (!empty($config['interfaces'][$interface]['ipaddr'])) {
            log_error("rc.newwanip: Failed to update {$interface} IP, restarting...");
            configd_run("interface reconfigure {$interface}");
            return;
        }
    }
Ad Schellevis's avatar
Ad Schellevis committed
99 100 101
}


102 103 104 105 106 107 108

if (file_exists("/var/db/{$interface}_cacheip")) {
    $oldip = file_get_contents("/var/db/{$interface}_cacheip");
} else {
    $oldip = "0.0.0.0";
}

Ad Schellevis's avatar
Ad Schellevis committed
109 110 111 112

/* regenerate resolv.conf if DNS overrides are allowed */
system_resolvconf_generate(true);

Jos Schellevis's avatar
Jos Schellevis committed
113
/* write the current interface IP to file */
114 115 116 117 118
/* used in src/sbin/dhclient-script.ext */
if (is_ipaddr($curwanip)) {
    @file_put_contents("/var/db/{$interface}_ip", $curwanip);
}

Ad Schellevis's avatar
Ad Schellevis committed
119 120 121 122

link_interface_to_vips($interface, "update");

$gre = link_interface_to_gre($interface);
123 124 125
if (!empty($gre)) {
    array_walk($gre, 'interface_gre_configure');
}
Ad Schellevis's avatar
Ad Schellevis committed
126
$gif = link_interface_to_gif($interface);
127 128 129
if (!empty($gif)) {
    array_walk($gif, 'interface_gif_configure');
}
Ad Schellevis's avatar
Ad Schellevis committed
130 131

$grouptmp = link_interface_to_group($interface);
132 133 134
if (!empty($grouptmp)) {
    array_walk($grouptmp, 'interface_group_add_member');
}
Ad Schellevis's avatar
Ad Schellevis committed
135 136 137

unset($bridgetmp);
$bridgetmp = link_interface_to_bridge($interface);
138 139 140
if (!empty($bridgetmp)) {
    interface_bridge_add_member($bridgetmp, $interface_real);
}
Ad Schellevis's avatar
Ad Schellevis committed
141 142 143 144 145

/* make new hosts file */
system_hosts_generate();

/* check tunneled IPv6 interface tracking */
146
if (isset($config['interfaces'][$interface]['ipaddrv6'])) {
147 148 149 150 151 152 153 154 155 156 157 158 159
    switch($config['interfaces'][$interface]['ipaddrv6']) {
        case "6to4":
            interface_6to4_configure($interface, $config['interfaces'][$interface]);
            break;
        case "6rd":
            interface_6rd_configure($interface, $config['interfaces'][$interface]);
            break;
        case "dhcp6":
            if (isset($config['interfaces'][$interface]['dhcp6usev4iface'])) {
                interface_dhcpv6_configure($interface, $config['interfaces'][$interface]);
            }
            break;
    }
Ad Schellevis's avatar
Ad Schellevis committed
160 161 162
}

/* Check Gif tunnels */
163
if(isset($config['gifs']['gif']) && is_array($config['gifs']['gif'])){
164 165 166 167 168 169 170 171 172 173 174 175 176 177
    foreach($config['gifs']['gif'] as $gif) {
        if($gif['if'] == $interface) {
            foreach($config['interfaces'] as $ifname => $ifparent) {
                if(($ifparent['if'] == $gif['gifif']) && (isset($ifparent['enable']))) {
                  $gif['gifif'] = interface_gif_configure($gif);
                  $confif = convert_real_interface_to_friendly_interface_name($gif['gifif']);
                  if (!empty($confif)) {
                      interface_configure($confif);
                  }
                  system_routing_configure($ifname);
                }
            }
        }
    }
Ad Schellevis's avatar
Ad Schellevis committed
178 179 180 181 182 183 184 185
}

/*
 * We need to force sync VPNs on such even when the IP is the same for dynamic interfaces.
 * Even with the same IP the VPN software is unhappy with the IP disappearing, and we
 * could be failing back in which case we need to switch IPs back anyhow.
 */
if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interfaces'][$interface]['ipaddr'])) {
186 187
    /* reconfigure static routes (kernel may have deleted them) */
    system_routing_configure($interface);
Ad Schellevis's avatar
Ad Schellevis committed
188

189 190
    /* reconfigure our gateway monitor */
    setup_gateways_monitor();
Ad Schellevis's avatar
Ad Schellevis committed
191

192 193 194
    if (is_ipaddr($curwanip)) {
        @file_put_contents("/var/db/{$interface}_cacheip", $curwanip);
    }
Ad Schellevis's avatar
Ad Schellevis committed
195

196 197
    /* perform RFC 2136 DNS update */
    services_dnsupdate_process($interface);
Ad Schellevis's avatar
Ad Schellevis committed
198

199 200
    /* signal dyndns update */
    services_dyndns_configure($interface);
Ad Schellevis's avatar
Ad Schellevis committed
201

202 203
    /* reconfigure IPsec tunnels */
    vpn_ipsec_force_reload($interface);
Ad Schellevis's avatar
Ad Schellevis committed
204

205 206 207 208
    /* start OpenVPN server & clients */
    if (substr($interface_real, 0, 4) != "ovpn") {
        openvpn_resync_all($interface);
    }
Ad Schellevis's avatar
Ad Schellevis committed
209

210 211
    /* reload graphing functions */
    enable_rrd_graphing();
Ad Schellevis's avatar
Ad Schellevis committed
212

213 214
    /* reload igmpproxy */
    services_igmpproxy_configure();
Ad Schellevis's avatar
Ad Schellevis committed
215

216 217
    /* restart snmp */
    services_snmpd_configure();
218

219 220
    /* reconfigure ntpd */
    system_ntp_configure(false);
Ad Schellevis's avatar
Ad Schellevis committed
221 222
}

223 224
/* reload filter, don't try to sync to carp slave */
filter_configure_sync();