Projet

Général

Profil

Télécharger (7,51 ko) Statistiques
| Branche: | Tag: | Révision:

univnautes / etc / rc.newwanip @ master

1
#!/usr/local/bin/php -f
2
<?php
3
/*
4
	rc.newwanip
5
	Copyright (C) 2006 Scott Ullrich (sullrich@gmail.com)
6
	part of pfSense (https://www.pfsense.org)
7

    
8
	Originally part of m0n0wall (http://m0n0.ch)
9
	Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
10
	All rights reserved.
11

    
12
	Redistribution and use in source and binary forms, with or without
13
	modification, are permitted provided that the following conditions are met:
14

    
15
	1. Redistributions of source code must retain the above copyright notice,
16
	this list of conditions and the following disclaimer.
17

    
18
	2. Redistributions in binary form must reproduce the above copyright
19
	notice, this list of conditions and the following disclaimer in the
20
	documentation and/or other materials provided with the distribution.
21

    
22
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31
	POSSIBILITY OF SUCH DAMAGE.
32
*/
33

    
34
/* parse the configuration and include all functions used below */
35
require_once("globals.inc");
36
require_once("config.inc");
37
require_once("functions.inc");
38
require_once("filter.inc");
39
require_once("shaper.inc");
40
require_once("ipsec.inc");
41
require_once("vpn.inc");
42
require_once("openvpn.inc");
43
require_once("IPv6.inc");
44
require_once("rrd.inc");
45

    
46
// Do not process while booting
47
if($g['booting'])
48
	return;
49

    
50
function restart_packages() {
51
	global $oldip, $curwanip, $g;
52

    
53
	/* restart packages */
54
	system_ntp_configure(false);
55
	mwexec_bg("/usr/local/sbin/ntpdate_sync_once.sh", true);
56
	log_error("{$g['product_name']} package system has detected an IP change or dynamic WAN reconnection - $oldip ->  $curwanip - Restarting packages.");
57
	send_event("service reload packages");
58
}
59

    
60
/* Interface IP address has changed */
61
if (isset($_GET['interface']))
62
	$argument = $_GET['interface'];
63
else
64
	$argument = str_replace("\n", "", $argv[1]);
65

    
66
log_error("rc.newwanip: Info: starting on {$argument}.");
67

    
68
if (empty($argument)) {
69
	$interface = "wan";
70
	$interface_real = get_real_interface();
71
} else {
72
	$interface = convert_real_interface_to_friendly_interface_name($argument);
73
	$interface_real = $argument;
74
}
75

    
76
$interface_descr = convert_friendly_interface_to_friendly_descr($interface);
77

    
78
/* If the interface is configured and not enabled, bail. We do not need to change settings for disabled interfaces. #3313 */
79
if (is_array($config['interfaces'][$interface]) && !isset($config['interfaces'][$interface]['enable'])) {
80
	log_error("Interface is disabled, nothing to do.");
81
	return;
82
}
83

    
84
if (empty($argument))
85
	$curwanip = get_interface_ip();
86
else {
87
	$curwanip = find_interface_ip($interface_real, true);
88
	if($curwanip == "")
89
		$curwanip = get_interface_ip($interface);
90
}
91

    
92
log_error("rc.newwanip: on (IP address: {$curwanip}) (interface: {$interface_descr}[{$interface}]) (real interface: {$interface_real}).");
93

    
94
/*
95
 * NOTE: Take care of openvpn, no-ip or similar interfaces if you generate the event to reconfigure an interface.
96
 *      i.e. OpenVPN might be in tap mode and not have an ip.
97
 */
98
if ($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) {
99
	if (substr($interface_real, 0, 4) != "ovpn") {
100
		if (!empty($config['interfaces'][$interface]['ipaddr'])) {
101
			log_error("rc.newwanip: Failed to update {$interface} IP, restarting...");
102
			send_event("interface reconfigure {$interface}");
103
			return;
104
		}
105
	}
106
}
107

    
108
/* XXX: This really possible? */
109
if (empty($interface)) {
110
	filter_configure();
111
	restart_packages();
112
	return;
113
}
114

    
115
$oldip = "0.0.0.0";
116
if (file_exists("{$g['vardb_path']}/{$interface}_cacheip"))
117
	$oldip = file_get_contents("{$g['vardb_path']}/{$interface}_cacheip");
118

    
119
/* regenerate resolv.conf if DNS overrides are allowed */
120
system_resolvconf_generate(true);
121

    
122
/* write current WAN IP to file */
123
if (is_ipaddr($curwanip))
124
	@file_put_contents("{$g['vardb_path']}/{$interface}_ip", $curwanip);
125

    
126
link_interface_to_vips($interface, "update");
127

    
128
unset($gre);
129
$gre = link_interface_to_gre($interface);
130
if (!empty($gre))
131
	array_walk($gre, 'interface_gre_configure');
132
unset($gif);
133
$gif = link_interface_to_gif($interface);
134
if (!empty($gif))
135
	array_walk($gif, 'interface_gif_configure');
136

    
137
$grouptmp = link_interface_to_group($interface);
138
if (!empty($grouptmp))
139
	array_walk($grouptmp, 'interface_group_add_member');
140

    
141
unset($bridgetmp);
142
$bridgetmp = link_interface_to_bridge($interface);
143
if (!empty($bridgetmp))
144
	interface_bridge_add_member($bridgetmp, $interface_real);
145

    
146
/* make new hosts file */
147
system_hosts_generate();
148

    
149
/* check tunneled IPv6 interface tracking */
150
switch($config['interfaces'][$interface]['ipaddrv6']) {
151
	case "6to4":
152
		interface_6to4_configure($interface, $config['interfaces'][$interface]);
153
		break;
154
	case "6rd":
155
		interface_6rd_configure($interface, $config['interfaces'][$interface]);
156
		break;
157
	case "dhcp6":
158
		if (isset($config['interfaces'][$interface]['dhcp6usev4iface']))
159
			interface_dhcpv6_configure($interface, $config['interfaces'][$interface]);
160
		break;
161
}
162

    
163
/* Check Gif tunnels */
164
if(is_array($config['gifs']['gif'])){
165
	foreach($config['gifs']['gif'] as $gif) {
166
		if($gif['if'] == $interface) {
167
			foreach($config['interfaces'] as $ifname => $ifparent) {
168
				// echo "interface $ifparent, ifname $ifname, gif {$gif['gifif']}\n";
169
				if(($ifparent['if'] == $gif['gifif']) && (isset($ifparent['enable']))) {
170
					// echo "Running routing configure for $ifname\n";
171
					$gif['gifif'] = interface_gif_configure($gif);
172
					$confif = convert_real_interface_to_friendly_interface_name($gif['gifif']);
173
					if ($confif <> "")
174
						interface_configure($confif);
175
					system_routing_configure($ifname);
176
				}
177
			}
178
		}
179
	}
180
}
181

    
182
/*
183
 * We need to force sync VPNs on such even when the IP is the same for dynamic interfaces.
184
 * Even with the same IP the VPN software is unhappy with the IP disappearing, and we
185
 * could be failing back in which case we need to switch IPs back anyhow.
186
 */
187
if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interfaces'][$interface]['ipaddr'])) {
188
	/* IP changed, kill states accordingly */
189
	if ($curwanip != $oldip) {
190
		log_error("IP has changed, killing states on former IP $oldip.");
191
		mwexec_bg("/sbin/pfctl -k $oldip");
192
		if (isset($config['system']['ip_change_kill_states'])) {
193
			/* hidden config option to wipe all states if needed */
194
			log_error("Killing all states post-IP change.");
195
			filter_flush_state_table();
196
		}
197
	}
198
	
199
	/* reconfigure static routes (kernel may have deleted them) */
200
	system_routing_configure($interface);
201

    
202
	/* reconfigure our gateway monitor */
203
	setup_gateways_monitor();
204

    
205
	if (is_ipaddr($curwanip))
206
		@file_put_contents("{$g['vardb_path']}/{$interface}_cacheip", $curwanip);
207

    
208
	/* perform RFC 2136 DNS update */
209
	services_dnsupdate_process($interface);
210

    
211
	/* signal dyndns update */
212
	services_dyndns_configure($interface);
213

    
214
	/* reconfigure IPsec tunnels */
215
	vpn_ipsec_force_reload($interface);
216

    
217
	/* start OpenVPN server & clients */
218
	if (substr($interface_real, 0, 4) != "ovpn")
219
		openvpn_resync_all($interface);
220

    
221
	/* reload graphing functions */
222
	enable_rrd_graphing();
223

    
224
	/* reload igmpproxy */
225
	services_igmpproxy_configure();
226

    
227
	/* restart snmp */
228
	services_snmpd_configure();
229

    
230
	restart_packages();
231
}
232

    
233
/* signal filter reload */
234
filter_configure();
235

    
236
?>
(74-74/103)