gateways: several changes

* Plug gateway fixup "feature" into filter_configure_sync(), the
  only point where it should matter as everything else is GUI
  trigger-happy disruption.

* Discourage the use of the "feature" by moving it into the firewall
  advanced settings, adding a deprecated note.

* Use the new system_default_route() call to avoid code drift.

src/etc/inc/filter.inc

@@ -394,6 +394,13 @@ function filter_configure_sync($verbose = false)
         flush();
     }
 
+    /* XXX deprectated feature, only called on reconfigure */
+    if (isset($config['system']['gw_switch_default'])) {
+        $gateways_status = return_gateways_status(true);
+        $gateways_arr = return_gateways_array();
+        fixup_default_gateway($gateways_status, $gateways_arr);
+    }
+
     /* generate aliases */
     update_filter_reload_status(gettext("Creating aliases"));
     $aliases = filter_generate_aliases($FilterIflist);
@@ -424,7 +431,7 @@ function filter_configure_sync($verbose = false)
 
     /* enable pf if we need to, otherwise disable */
     update_filter_reload_status(gettext("Loading filter rules"));
-    if (!isset ($config['system']['disablefilter'])) {
+    if (!isset($config['system']['disablefilter'])) {
         mwexec("/sbin/pfctl -e", true);
     } else {
         mwexec("/sbin/pfctl -d", true);

src/etc/inc/gwlb.inc

@@ -768,22 +768,18 @@ function fixup_default_gateway($gateways_status, $gateways_arr)
         }
 
         $defaultif = get_real_interface($gateways_arr[$dfltgwname]['friendlyiface']);
+        $gwipmatch = $gwip;
         if (is_linklocal($gwip)) {
             /* correct match in IPv6 case */
-            $gwip .= "%{$defaultif}";
+            $gwipmatch .= "%{$defaultif}";
         }
 
         $tmpcmd = "/sbin/route -n get -{$ipprotocol} default 2>/dev/null | /usr/bin/awk '/gateway:/ {print $2}'";
         $defaultgw = trim(exec($tmpcmd), " \n");
-        if ($defaultgw != $gwip) {
+        if ($defaultgw != $gwipmatch) {
             log_error("Switching default gateway to $dfltgwname ($gwip)");
-
-            mwexecf('/sbin/route delete -%s default', array($ipprotocol), true);
-            if ($gateways_arr[$dfltgwname]['fargw']) {
-                mwexecf('/sbin/route delete -%s %s -interface %s', array($ipprotocol, $gwip, $defaultif), true);
-                mwexecf('/sbin/route add -%s %s -interface %s', array($ipprotocol, $gwip, $defaultif));
-            }
-            mwexecf('/sbin/route add -%s default %s', array($ipprotocol, $gwip));
+            /* XXX fargw and IPv6 should be cleaned up to make it easier to read */
+            system_default_route($gwip, !isset($gateways_arr[$dfltgwname]['fargw']) && $ipprotocol == 'inet' ? null : $defaultif);
         }
     }
 }
@@ -801,9 +797,6 @@ function return_gateway_groups_array()
     $gateways_arr = return_gateways_array();
     $gateway_groups_array = array();
 
-    if (isset($config['system']['gw_switch_default'])) {
-        fixup_default_gateway($gateways_status, $gateways_arr);
-    }
     if (isset($config['gateways']['gateway_group'])) {
         $carplist = get_configured_carp_interface_list();
         foreach ($config['gateways']['gateway_group'] as $group) {

src/www/system_advanced_firewall.php

@@ -57,6 +57,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     $pconfig['schedule_states'] = isset($config['system']['schedule_states']);
     $pconfig['kill_states'] = isset($config['system']['kill_states']);
     $pconfig['skip_rules_gw_down'] = isset($config['system']['skip_rules_gw_down']);
+    $pconfig['gw_switch_default'] = isset($config['system']['gw_switch_default']);
     $pconfig['lb_use_sticky'] = isset($config['system']['lb_use_sticky']);
     $pconfig['pf_share_forward'] = isset($config['system']['pf_share_forward']);
     $pconfig['srctrack'] = !empty($config['system']['srctrack']) ? $config['system']['srctrack'] : null;
@@ -204,6 +205,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             unset($config['system']['skip_rules_gw_down']);
         }
 
+        if (!empty($pconfig['gw_switch_default'])) {
+            $config['system']['gw_switch_default'] = true;
+        } elseif (isset($config['system']['gw_switch_default'])) {
+            unset($config['system']['gw_switch_default']);
+        }
+
         write_config();
 
         // Kill filterdns when value changes, filter_configure() will restart it
@@ -355,6 +362,16 @@ include("head.inc");
                     </div>
                   </td>
                 </tr>
+                <tr>
+                  <td><a id="help_for_gw_switch_default" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext('Gateway switching') ?></td>
+                  <td>
+                    <input name="gw_switch_default" type="checkbox" id="gw_switch_default" value="yes" <?= !empty($pconfig['gw_switch_default']) ? 'checked="checked"' : '' ?> />
+                    <strong><?=gettext("Allow default gateway switching"); ?></strong><br />
+                    <div class="hidden" for="help_for_gw_switch_default">
+                      <?= gettext('If the link where the default gateway resides fails switch the default gateway to another available one. This feature has been deprecated.') ?>
+                    </div>
+                  </td>
+                </tr>
                 <tr>
                   <th colspan="2" valign="top" class="listtopic"><?= gettext('Multi-WAN') ?></th>
                 </tr>

src/www/system_general.php

@@ -44,7 +44,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     $pconfig['language'] = null;
     $pconfig['timezone'] = 'Etc/UTC';
     $pconfig['prefer_ipv4'] = isset($config['system']['prefer_ipv4']);
-    $pconfig['gw_switch_default'] = isset($config['system']['gw_switch_default']);
     $pconfig['hostname'] = $config['system']['hostname'];
     $pconfig['domain'] = $config['system']['domain'];
 
@@ -136,12 +135,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             unset($config['system']['prefer_ipv4']);
         }
 
-        if (!empty($pconfig['gw_switch_default'])) {
-            $config['system']['gw_switch_default'] = true;
-        } elseif (isset($config['system']['gw_switch_default'])) {
-            unset($config['system']['gw_switch_default']);
-        }
-
         $config['system']['dnsallowoverride'] = !empty($pconfig['dnsallowoverride']);
 
         if($pconfig['dnslocalhost'] == "yes") {
@@ -346,17 +339,6 @@ include("head.inc");
                 </div>
               </td>
             </tr>
-            <tr>
-              <td><a id="help_for_gw_switch_default" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Gateway switching");?> </td>
-              <td>
-                <input name="gw_switch_default" type="checkbox" id="gw_switch_default" value="yes" <?= !empty($pconfig['gw_switch_default']) ? "checked=\"checked\"" : "";?> />
-                <strong><?=gettext("Allow default gateway switching"); ?></strong><br />
-                <div class="hidden" for="help_for_gw_switch_default">
-                  <?=gettext("If the link where the default gateway resides fails " .
-                                      "switch the default gateway to another available one."); ?>
-                </div>
-              </td>
-            </tr>
             <tr>
               <td><a id="help_for_dnsservers" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("DNS servers"); ?></td>
               <td>