From b61f21ae6b2716d0abdf03972ea4ae28339c3028 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Tue, 25 Mar 2025 13:49:07 +0100
Subject: [PATCH] System: Gateways: Configuration - move affected gateways into
 monitor event (introduced monitor_killstates in
 https://github.com/opnsense/core/commit/ff91932d5d7357ffa5e97512795860f8c6616aed)
 and kill states in 20-recover when configured. for
 https://github.com/opnsense/core/issues/6803

---
 src/etc/rc.routing_configure                              | 6 +++++-
 src/etc/rc.syshook.d/monitor/20-recover                   | 4 ++++
 src/opnsense/scripts/routes/gateway_watcher.php           | 8 +++-----
 .../service/conf/actions.d/actions_interface.conf         | 4 ++--
 4 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/src/etc/rc.routing_configure b/src/etc/rc.routing_configure
index 1ec17a489..6bf5322b4 100755
--- a/src/etc/rc.routing_configure
+++ b/src/etc/rc.routing_configure
@@ -50,7 +50,11 @@ foreach (glob("/tmp/delete_route_*.todo") as $filename) {
 system_routing_configure(true, null, !$monitor_hook);
 
 if ($monitor_hook) {
-    passthru('/usr/local/etc/rc.syshook monitor');
+    $cmd = ['/usr/local/etc/rc.syshook monitor'];
+    for ($i = 2; $i < count($argv); $i++) {
+        $cmd[] = escapeshellcmd($argv[$i]);
+    }
+    passthru(implode(' ', $cmd));
 }
 
 filter_configure_sync(true, false);
diff --git a/src/etc/rc.syshook.d/monitor/20-recover b/src/etc/rc.syshook.d/monitor/20-recover
index 075e56a8c..87b960206 100755
--- a/src/etc/rc.syshook.d/monitor/20-recover
+++ b/src/etc/rc.syshook.d/monitor/20-recover
@@ -33,11 +33,15 @@ require_once 'system.inc';
 require_once 'interfaces.inc';
 
 $gwnames = [];
+$affected_gateways = !empty($argv[1]) ? explode(',', $argv[1]) : [];
 
 foreach (return_gateways_status() as $status) {
     if ($status['status'] == 'down') {
         /* try to recover monitors stuck in down state ignoring "force_down" */
         $gwnames[] = $status['name'];
+        if (!empty($status['monitor_killstates']) && in_array($status['name'], $affected_gateways)) {
+            configdp_run('filter kill gateway_states', [$status['gateway']], true);
+        }
     }
 }
 
diff --git a/src/opnsense/scripts/routes/gateway_watcher.php b/src/opnsense/scripts/routes/gateway_watcher.php
index 449b9eb38..f3a06da85 100755
--- a/src/opnsense/scripts/routes/gateway_watcher.php
+++ b/src/opnsense/scripts/routes/gateway_watcher.php
@@ -76,6 +76,7 @@ while (1) {
     }
 
     /* run main watcher pass */
+    $alarm_gateways = [];
     foreach ($status as $report) {
         $ralarm = false;
 
@@ -131,10 +132,7 @@ while (1) {
                 $report['stddev'],
                 $report['loss']
             ));
-
-            if ($report['status'] == 'down' && !empty($report['monitor_killstates'])) {
-                configdp_run('filter kill gateway_states', [$report['gateway']], true);
-            }
+            $alarm_gateways[] = $report['name'];
 
             /* update cached state now */
             $mode[$report['name']] = $report['status'];
@@ -142,7 +140,7 @@ while (1) {
     }
 
     if ($alarm && $action != null) {
-        configd_run($action);
+        configdp_run($action, [implode(',', $alarm_gateways)]);
     }
 
     sleep($alarm ? $wait : $poll);
diff --git a/src/opnsense/service/conf/actions.d/actions_interface.conf b/src/opnsense/service/conf/actions.d/actions_interface.conf
index 809929ce8..8657ebcd3 100644
--- a/src/opnsense/service/conf/actions.d/actions_interface.conf
+++ b/src/opnsense/service/conf/actions.d/actions_interface.conf
@@ -135,9 +135,9 @@ message:reconfiguring routing
 
 [routes.alarm]
 command:/usr/local/bin/flock -n -E 0 -o /tmp/filter_reload_gateway.lock /usr/local/etc/rc.routing_configure alarm
-parameters:
+parameters: %s
 type:script
-message:reconfiguring routing due to gateway alarm
+message:reconfiguring routing due to gateway alarm  (%s)
 description:Manual gateway switch
 
 [route.del]