From 0eb267f04855712fe8a4ce297f9b91a010f53cb9 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Thu, 14 Mar 2024 13:00:13 +0100
Subject: [PATCH] dhcrelay: patch the last spot for rule generation #6983

---
 src/etc/inc/filter.lib.inc             |  8 +++----
 src/etc/inc/plugins.inc.d/dhcrelay.inc | 33 ++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/src/etc/inc/filter.lib.inc b/src/etc/inc/filter.lib.inc
index 03ccac6f2..01f83651f 100644
--- a/src/etc/inc/filter.lib.inc
+++ b/src/etc/inc/filter.lib.inc
@@ -202,6 +202,9 @@ function filter_core_rules_system($fw, $defaults)
 {
     global $config;
 
+    $dhcrelay6_interfaces = plugins_run('dhcrelay_interfaces', ['inet6']);
+    $dhcrelay6_interfaces = !empty($dhcrelay6_interfaces['dhcrelay']) ? $dhcrelay6_interfaces['dhcrelay'] : [];
+
     // block All IPv6 except loopback traffic
     $fw->registerFilterRule(
         1,
@@ -481,10 +484,7 @@ function filter_core_rules_system($fw, $defaults)
             default:
                 $dhcpdv6_enabled = isset($config['dhcpdv6'][$intf]['enable']);
                 $track6_enabled = isset($intfinfo['track6-interface']);
-                $dhcrelay6_interfaces = array();
-                if (!empty($config['dhcrelay6']['interface']) && isset($config['dhcrelay6']['enable'])) {
-                    $dhcrelay6_interfaces = explode(',', $config['dhcrelay6']['interface']);
-                }
+
                 if ($dhcpdv6_enabled || $track6_enabled || in_array($intf, $dhcrelay6_interfaces)) {
                     $fw->registerFilterRule(
                         1,
diff --git a/src/etc/inc/plugins.inc.d/dhcrelay.inc b/src/etc/inc/plugins.inc.d/dhcrelay.inc
index 62e05c914..937b7753d 100644
--- a/src/etc/inc/plugins.inc.d/dhcrelay.inc
+++ b/src/etc/inc/plugins.inc.d/dhcrelay.inc
@@ -35,6 +35,13 @@ function dhcrelay_configure()
     ];
 }
 
+function dhcrelay_run()
+{
+    return [
+        'dhcrelay_interfaces' => 'dhcrelay_interfaces',
+    ];
+}
+
 function dhcrelay_services()
 {
     $services = [];
@@ -153,3 +160,29 @@ function dhcrelay_configure_do($verbose = false, $id = null)
 
     service_log("done.\n", $verbose);
 }
+
+function dhcrelay_interfaces($family = null)
+{
+    $mdl = new \OPNsense\DHCRelay\DHCRelay();
+    $interfaces = [];
+
+    foreach ($mdl->relays->iterateItems() as $relay) {
+        if ((string)$relay->enabled != '1') {
+            continue;
+        }
+
+        $destination = $mdl->getNodeByReference("destinations.{$relay->destination}");
+        if ($destination == null) {
+            continue;
+        }
+
+        $dstfamily = strpos((string)$destination->server, '.') !== false ? 'inet' : 'inet6';
+        if ($family !== null && $family != $dstfamily) {
+            continue;
+        }
+
+        $interfaces[(string)$relay->interface] = 1;
+    }
+
+    return array_keys($interfaces);
+}