From 4359fcbf1140eb9f41b7de1973ad31bf06c8b4a1 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Tue, 7 Mar 2023 12:12:10 +0100 Subject: [PATCH] ipsec: add a routing hook and use it for all ipsec devices #6354 --- src/etc/inc/plugins.inc | 16 ++++++++++++++-- src/etc/inc/plugins.inc.d/core.inc | 8 ++++++++ src/etc/inc/plugins.inc.d/ipsec.inc | 3 +++ src/etc/inc/system.inc | 14 ++++++++------ 4 files changed, 33 insertions(+), 8 deletions(-) diff --git a/src/etc/inc/plugins.inc b/src/etc/inc/plugins.inc index 22f828ac9..6d9904333 100644 --- a/src/etc/inc/plugins.inc +++ b/src/etc/inc/plugins.inc @@ -250,9 +250,21 @@ function plugins_firewall($fw) function plugins_configure($hook, $verbose = false, $args = []) { + $logargs = []; + array_unshift($args, $verbose); - log_msg(sprintf('plugins_configure %s (%s)', $hook, implode(',', $args)), LOG_INFO); + foreach ($args as $arg) { + if (is_null($arg)) { + $logargs[] = 'null'; + } elseif (is_array($arg)) { + $logargs[] = '[' . implode(',', $arg) . ']'; + } else { + $logargs[] = $arg; + } + } + + log_msg(sprintf('plugins_configure %s (%s)', $hook, implode(',', $logargs)), LOG_INFO); foreach (plugins_scan() as $name => $path) { try { @@ -286,7 +298,7 @@ function plugins_configure($hook, $verbose = false, $args = []) 'plugins_configure %s (execute task : %s(%s))', $hook, $argf, - implode(',', array_slice($args, 0, $argc)) + implode(',', array_slice($logargs, 0, $argc)) ), LOG_DEBUG); try { call_user_func_array($argf, array_slice($args, 0, $argc)); diff --git a/src/etc/inc/plugins.inc.d/core.inc b/src/etc/inc/plugins.inc.d/core.inc index 7ed5c9ea4..58a125603 100644 --- a/src/etc/inc/plugins.inc.d/core.inc +++ b/src/etc/inc/plugins.inc.d/core.inc @@ -477,6 +477,7 @@ function core_configure() { return [ 'dns_reload' => ['system_resolver_configure'], + 'route_reload' => ['core_routing_batch:2'], 'user_changed' => ['core_user_changed_groups:2'], ]; } @@ -488,6 +489,13 @@ function core_run() ]; } +function core_routing_batch($verbose, $interfaces = []) +{ + foreach ($interfaces as $interface) { + system_routing_configure($verbose, $interface); + } +} + /** * user changed event, synchronize attached system groups for requested user */ diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc index 581ab2b5f..4a660588f 100644 --- a/src/etc/inc/plugins.inc.d/ipsec.inc +++ b/src/etc/inc/plugins.inc.d/ipsec.inc @@ -1590,6 +1590,9 @@ function ipsec_configure_do($verbose = false, $interface = '') ipsec_configure_spd(); service_log("done.\n", $verbose); + + /* reload routes on all attached VTI devices */ + plugins_configure('route_reload', $verbose, [array_keys(array_merge(ipsec_get_configured_vtis(), (new \OPNsense\IPsec\Swanctl())->getVtiDevices()))]); } function generate_strongswan_conf(array $tree, $level = 0): string diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index 9db1b8fbd..99441c6a9 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -591,7 +591,7 @@ function system_routing_configure($verbose = false, $interface = null, $monitor { global $config; - service_log('Setting up routes...', $verbose); + service_log(sprintf('Setting up route%s...', empty($interface) ? 's' : " {$interface}"), $verbose); if (!empty($interface)) { log_msg("ROUTING: entering configure using '${interface}'", LOG_DEBUG); @@ -693,9 +693,9 @@ function system_routing_configure($verbose = false, $interface = null, $monitor service_log("done.\n", $verbose); if ($monitor) { - $reloads = []; - if (!empty($interface)) { + $reloads = []; + foreach ($gateways->gatewaysIndexedByName(true) as $name => $gateway) { if ($family !== null && $family !== $gateway['ipprotocol']) { continue; @@ -705,10 +705,12 @@ function system_routing_configure($verbose = false, $interface = null, $monitor $reloads[] = $name; } } - } - foreach (count($reloads) ? $reloads : [null] as $reload) { - plugins_configure('monitor', $verbose, [$reload]); + foreach ($reloads as $reload) { + plugins_configure('monitor', $verbose, [$reload]); + } + } else { + plugins_configure('monitor', $verbose); } } }