Cleanup would be better but ifctl is not the place for it (no symmetry).
Maybe in the future we can use output from
# pluginctl -r host_routes
to remove the routes safelty as they don't show if not used.
PR: https://forum.opnsense.org/index.php?topic=33831.0
Do not "leak" state transitions and also always log them to the
gateway log if they aren't being pushed through the rc.syshook
alarm path. While here consolidate the logging into the script
and make 10-dpinger script a stub for the "monitor" facility.
1. The process runs forever to retain proper state, periodically
syncing the configuration data in order to react correctly.
2. Missing gateways are not an issue. They will not alert or stick
to their last verified value.
3. We stop reacting unless a default gatway switch action will follow
or the gateway is part of a gateway group. Triggers are not refined
for now so we just let it run in full processing if a candidate.
4. Emulate the strange monitor alarm output although I don't see the
use for all of this cryptic goo. The alarm state (0, 1) was changed
to reflect the observed transition causing the alarm script to run.
5. Move the action for the script alarm to the script itself. Requires
a bit of backend shuffling as well.
6. Only create one script to watch all monitors. Easier to manage and
to present as service (which can be stopped and started if needed).
While adding noticed that it wasn't added which was due to
ending interation one cycle too early (last word on the line)
so changed the parsing to slightly. Reaching forward with
certain keywords in place is safe, just need to make sure to
skip what we have read then. Same for IPv4 although less
relevant.
"primary" now works like its IPv4 counterpart not using tracking
interface addresses to suggest a different derived listening address.
OTOH "routed" and "scoped" variants are only relevant for services
listening on a particularly connected (functional) address. Its use
is relatively low but better to have these variants than handroll each
required spot.
This should lower the chances of accidental restores when reader processes are active very frequently triggering a restore on a faulty read.
It should be possible to read the configuration while the config is exclusively locked, as these operations may take much more time than the actual write process takes.
After this commit the reader first tries to read unconditionally and if this fails, waits until a lock can be acquired.
To increase visibilty of restore invents, send these to the audit log in stead of the general system log.
Shift away from get_interface_ip() as we don't need to handle VIPs or
plain addresses here and make sure that we do not reach for tracked
interface addresses. This will make link-local end up as the current
IP being cached, but that's fine since previously we fixed the shifting
prefix detection during RENEW/REBIND and that looks to be working.
Eventually we need to rename "prefix" variant to "primary" as that is
what it is doing and the current "primary" one is more of a listen
IP helper in case the WAN does not have a routable address. But deal
with that later to avoid overcomplicating the current patch.
PR: https://forum.opnsense.org/index.php?topic=26832.0
Not yet the case but support inside dhcp6c is likely coming
soon. At this point the prefix is just recorded, but not used
operationally. Display of multiple PDs is still broken.
