system: configure all host routes through system_host_route()

a21ca542 · Franco Fichtner · 611d9722 · a21ca542 · a21ca542 · a21ca542
Commit a21ca542 authored May 31, 2017 by Franco Fichtner
5 changed files
--- a/src/etc/inc/gwlb.inc
+++ b/src/etc/inc/gwlb.inc
@@ -176,7 +176,7 @@ EOD;
            /* flush the monitor unconditionally */
            if (is_ipaddrv4($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) {
                log_error("Removing static route for monitor {$gateway['monitor']} via {$gateway['gateway']}");
-                mwexec("/sbin/route delete -host " . escapeshellarg($gateway['monitor']), true);
+                system_host_route($gateway['monitor'], $gateway['gateway'], true, false);
            }

            /* Do not monitor if such was requested */
@@ -192,8 +192,7 @@ EOD;
             */
            if (is_ipaddrv4($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) {
                log_error("Adding static route for monitor {$gateway['monitor']} via {$gateway['gateway']}");
-                mwexec("/sbin/route add -host " . escapeshellarg($gateway['monitor']) .
-                  " " . escapeshellarg($gateway['gateway']), true);
+                system_host_route($gateway['monitor'], $gateway['gateway'], false, true);
            }
        } elseif ($gateway['ipprotocol'] == "inet6") { // This is an IPv6 gateway...
            if ($gateway['monitor'] == $gateway['gateway']) {
@@ -227,7 +226,7 @@ EOD;
            /* flush the monitor unconditionally */
            if (is_ipaddrv6($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) {
                log_error("Removing static route for monitor {$gateway['monitor']} via {$gateway['gateway']}");
-                mwexec("/sbin/route delete -host -inet6 " . escapeshellarg($gateway['monitor']), true);
+                system_host_route($gateway['monitor'], $gateway['gateway'], true, false);
            }

            /* Do not monitor if such was requested */
@@ -243,8 +242,7 @@ EOD;
             */
            if (is_ipaddrv6($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) {
                log_error("Adding static route for monitor {$gateway['monitor']} via {$gateway['gateway']}");
-                mwexec("/sbin/route add -host -inet6 " . escapeshellarg($gateway['monitor']) .
-                  " " . escapeshellarg($gateway['gateway']), true);
+                system_host_route($gateway['monitor'], $gateway['gateway'], false, true);
            }
        } else {
            continue;

--- a/src/etc/inc/interfaces.inc
+++ b/src/etc/inc/interfaces.inc
@@ -3026,9 +3026,9 @@ function interface_6rd_configure($interface = "wan", $wancfg)

    $ip4gateway = get_interface_gateway($interface);
    if (is_ipaddrv4($ip4gateway)) {
-        mwexec("/sbin/route delete -host " . escapeshellarg($wancfg['gateway-6rd']));
-        mwexec("/sbin/route add -host " . escapeshellarg($wancfg['gateway-6rd']) . " {$ip4gateway}");
+        system_host_route($wancfg['gateway-6rd'], $ip4gateway);
    }
+
    /* configure dependent interfaces */
    if (!file_exists("/var/run/booting")) {
        link_interface_to_track6($interface, "update");
@@ -3126,8 +3126,7 @@ function interface_6to4_configure($interface = 'wan', $wancfg)

    $ip4gateway = get_interface_gateway($interface);
    if (is_ipaddrv4($ip4gateway)) {
-        mwexec("/sbin/route delete -host 192.88.99.1");
-        mwexec("/sbin/route add -host 192.88.99.1 {$ip4gateway}");
+        system_host_route('192.88.99.1', $ip4gateway);
    }

    if (!file_exists("/var/run/booting")) {

--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -211,14 +211,12 @@ function system_resolvconf_generate($verbose = false)
                if (is_ipaddrv4($gatewayip)) {
                    /* dns server array starts at 0 */
                    $dnscountermo = $dnscounter - 1;
-                    mwexec("/sbin/route delete -host " . $syscfg['dnsserver'][$dnscountermo]);
-                    mwexec("/sbin/route add -host " . $syscfg['dnsserver'][$dnscountermo] . " {$gatewayip}");
+                    system_host_route($syscfg['dnsserver'][$dnscountermo], $gatewayip);
                }
                if (is_ipaddrv6($gatewayip)) {
                    /* dns server array starts at 0 */
                    $dnscountermo = $dnscounter - 1;
-                    mwexec("/sbin/route delete -host -inet6 " . $syscfg['dnsserver'][$dnscountermo]);
-                    mwexec("/sbin/route add -host -inet6 " . $syscfg['dnsserver'][$dnscountermo] . " {$gatewayip}");
+                    system_host_route($syscfg['dnsserver'][$dnscountermo], $gatewayip);
                }
            }
        }
@@ -425,18 +423,23 @@ function system_hostname_configure($verbose = false)
    }
 }

-function system_host_route($host, $gateway)
+function system_host_route($host, $gateway, $delete = true, $add = true)
 {
-    if (is_ipaddrv4($realifgw)) {
+    if (is_ipaddrv4($gateway)) {
        $family = 'inet';
-    } elseif (is_ipaddrv6($realifgw)) {
+    } elseif (is_ipaddrv6($gateway)) {
        $family = 'inet6';
    } else {
        return;
    }

-    mwexecf('/sbin/route delete -host -%s %s', array($family, $host), true);
-    mwexecf('/sbin/route add -host -%s %s %s', array($family, $host, $gateway));
+    if ($delete) {
+        mwexecf('/sbin/route delete -host -%s %s', array($family, $host), true);
+    }
+
+    if ($add) {
+        mwexecf('/sbin/route add -host -%s %s %s', array($family, $host, $gateway));
+    }
 }

 function system_routing_configure($interface = '', $verbose = false)

--- a/src/www/vpn_ipsec.php
+++ b/src/www/vpn_ipsec.php
@@ -29,6 +29,7 @@
 */

 require_once("guiconfig.inc");
+require_once("system.inc");
 require_once("filter.inc");
 require_once("plugins.inc.d/ipsec.inc");
 require_once("services.inc");
@@ -104,7 +105,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        foreach ($del_items as $p1entrydel) {
            /* remove static route if interface is not WAN */
            if ($a_phase1[$p1entrydel]['interface'] <> "wan") {
-                mwexec('/sbin/route delete -host ' . escapeshellarg($a_phase1[$p1entrydel]['remote-gateway']));
+                /* XXX does this even apply? only use of system.inc at the top! */
+                system_host_route($a_phase1[$p1entrydel]['remote-gateway'], $a_phase1[$p1entrydel]['remote-gateway'], true, false);
            }
            /* remove all phase2 entries that match the ikeid */
            $ikeid = $a_phase1[$p1entrydel]['ikeid'];

--- a/src/www/vpn_ipsec_phase1.php
+++ b/src/www/vpn_ipsec_phase1.php
@@ -30,6 +30,7 @@
 */

 require_once("guiconfig.inc");
+require_once("system.inc");
 require_once("filter.inc");
 require_once("plugins.inc.d/ipsec.inc");
 require_once("services.inc");
@@ -416,7 +417,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        /* if the remote gateway changed and the interface is not WAN then remove route */
        if ($pconfig['interface'] <> "wan") {
            if ($old_ph1ent['remote-gateway'] <> $pconfig['remote-gateway']) {
-                mwexec("/sbin/route delete -host {$old_ph1ent['remote-gateway']}");
+                /* XXX does this even apply? only use of system.inc at the top! */
+                system_host_route($old_ph1ent['remote-gateway'], $old_ph1ent['remote-gateway'], true, false);
            }
        }