From b53995761ab71a014f8a49e2faac1a63bb783a56 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Fri, 3 Mar 2023 09:12:52 +0100
Subject: [PATCH] system: introduce system_switch_route() #6366

Shield the logic from seeping over into firewall code and moves
system_default_route() into system code.

Small overhead here calling up information again but we want to
verify the interface address beforehand and perhaps finally move
the default gateway switching to the right spot that is perhaps
system_routing_configure()?
---
 src/etc/inc/filter.inc | 19 ++++++-------------
 src/etc/inc/system.inc | 21 +++++++++++++++++++++
 2 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index d4ad7a3b5..de4b4bd4d 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -253,19 +253,12 @@ function filter_configure_sync($verbose = false, $load_aliases = true, $switch_g
     }
 
     if ($switch_gw && isset($config['system']['gw_switch_default'])) {
-        // When gateway switching is enabled, we might consider a different default gateway.
-        // although this isn't really the right spot for the feature (it's a monitoring/routing decision),
-        // we keep it here for now (historical reasons).
-        $down_gateways = return_down_gateways();
-        foreach (array("inet", "inet6") as $ipprotocol) {
-            if (!empty($down_gateways)) {
-                log_msg(sprintf("Ignore down %s gateways : %s", $ipprotocol, implode(",", $down_gateways)), LOG_DEBUG);
-            }
-            $default_gw = $fw->getGateways()->getDefaultGW($down_gateways, $ipprotocol);
-            if ($default_gw !== null && !empty($default_gw['gateway'])) {
-                system_default_route($default_gw['gateway'], $default_gw['if'], isset($default_gw['fargw']));
-            }
-        }
+        /*
+         * XXX When gateway switching is enabled we consider different default
+         * gateways.  Although this isn't the right spot for the feature (it's
+         * a monitoring/routing decision), we keep it here for historical reasons.
+         */
+        system_switch_route();
     }
 
     openlog("firewall", LOG_DAEMON, LOG_LOCAL4);
diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
index d6b827820..d4d2e5d0c 100644
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -586,6 +586,27 @@ function system_default_route($gateway, $interface, $far = false)
     mwexecf('/sbin/route add -%s default %s', [$family, $gateway]);
 }
 
+function system_switch_route()
+{
+    $ifdetails = legacy_interfaces_details();
+    $gateways = new \OPNsense\Routing\Gateways($ifdetails);
+    $down_gateways = return_down_gateways();
+
+    if (!empty($down_gateways)) {
+        log_msg(sprintf('ROUTING: ignoring down gateways: %s', $ipprotocol, implode(', ', $down_gateways)), LOG_DEBUG);
+    }
+
+    foreach (['inet', 'inet6'] as $ipprotocol) {
+        /* determine default gateway by considering monitor status */
+        $gateway = $gateways->getDefaultGW($down_gateways, $ipprotocol);
+        if ($gateway == null) {
+            continue;
+        }
+
+        system_default_route($gateway['gateway'], $gateway['if'], isset($gateway['fargw']));
+    }
+}
+
 function system_routing_configure($verbose = false, $interface = null, $monitor = true, $family = null)
 {
     service_log('Setting up routes...', $verbose);