Removal of the exit_with_hooks() function and its calls from src/opnsense/scripts/interfaces/dhclient-script

[marciorp-br]

With the removal of the exit_with_hooks() function and its calls from src/opnsense/scripts/interfaces/dhclient-script, I am stuck on version 23.7 because I used the /etc/dhclient-exit-hooks script to capture options received from my ISP's DHCP and forward them to the IPBX (Asterisk) server via DNS.

Below is an excerpt from my /etc/dhclient-exit-hooks.

How can I migrate to version 24.7 without losing this functionality? It is crucial for my environment.

#!/bin/sh

update_ipbx() {
    filedns="/usr/local/etc/unbound.opnsense.d/sipsrv.conf"

    if [ -f $filedns ]; then
        rm -rf $filedns
    fi

    echo '# Last update: ' $(date +'%d/%m/%Y %k:%M:%S %z') > $filedns

    if [ $1 == "1" ]; then
        for ip in ${2}; do
            echo 'local-data-ptr: "'$ip' sip-srv.lan"' >> $filedns
            echo 'local-data: "sip-srv.lan IN A '$ip'"' >> $filedns
        done
    else
        echo 'local-zone: sip-srv.lan redirect' >> $filedns
        echo 'local-data: "sip-srv.lan. CNAME '$2'."' >> $filedns
    fi

    /usr/local/sbin/pluginctl -c unbound_start
}


fileopts="/tmp/"$interface"_dhcp-options"

if [ -f $fileopts ]; then
        rm -rf $fileopts
fi

if [ "$interface" = "vlan0.nnn" ]; then
    case "${reason}" in
        BOUND|RENEW|REBIND|REBOOT)

            echo "reason="$reason >> $fileopts

            for option in $(printenv | grep -E '(new|old)_option_[0-9]{1,3}='); do

                value=$(echo $option | cut -d '=' -f 2)
                option=$(echo $option | grep -Eo '(new|old)_option_[0-9]{1,3}')

                if [ -n "$option" ] && [ "$option" == "new_option_120" ] || [ "$option" == "old_option_120" ]; then
                    type=$(echo $value | cut -d ':' -f 1)

                    if [ $type == 1 ]; then
                        host_sip=$(echo $value | cut -d ':' -f 2-)
                        host_sip=$(printf "%d.%d.%d.%d " `echo ':'$host_sip | sed "s/:/ 0x/g"`)
                        echo $option"="$host_sip >> $fileopts
                    else
                        host_sip=$(echo $value | cut -d ':' -f 2-)
                        echo $option"="$host_sip >> $fileopts
                    fi

                    if [ "$option" == "new_option_120" ]; then
                        update_ipbx $type "$host_sip" $fileopts
                    fi
                else
                    echo $option"="$value >> $fileopts
                fi
            done
        ;;
    esac
fi

exit

[AdSchellevis]

newwanip is probably the event you're looking for (https://docs.opnsense.org/development/backend/legacy.html#configure), but the code above looks awful hackery to be honest...

[marciorp-br]

Before writing this awful hack :-|, I tried using the newwanip event but was unsuccessful.

I’m not concerned about the quality of my code since this firewall is a simple setup for domestic use, so code quality isn’t an issue. Besides, it’s working fine.

What I need is to update to version 24.7, but with the removal of the exit_with_hooks() function, I first need to find a solution to this problem.

If the solution is the newwanip event, could someone provide an example implementation to achieve what I’m currently doing with this awful hack?

[AdSchellevis]

You might be able to put something together with the lease information collected in /var/db/dhclient.leases.<interface>, the lease script collects its received data in that file.

[marciorp-br]

Indeed, the file /var/db/dhclient.leases. contains the information I need. Thank you!

lease {
  interface "vlan0.nnn";
  fixed-address nnn.nnn.nnn.nnn;
  next-server nnn.nnn.nnn.nnn;
  option subnet-mask nnn.nnn.nnn.nnn;
  option routers nnn.nnn.nnn.nnn;
  option domain-name-servers nnn.nnn.nnn.nnn,nnn.nnn.nnn.nnn;
  option host-name "XXXXXXXXXXX";
  option dhcp-lease-time 3600;
  option dhcp-message-type 5;
  option dhcp-server-identifier nnn.nnn.nnn.nnn;
  option dhcp-renewal-time 1800;
  option dhcp-rebinding-time 2700;
  option option-120 1:xx:xx:xx:xx; <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  renew 6 2025/1/4 05:35:23;
  rebind 6 2025/1/4 05:50:23;
  expire 6 2025/1/4 06:05:23;
}

However, how will I know when the IP address changes on the monitored WAN interface so I can then read the new IP and proceed with updating the DNS?

This was the main advantage of using the exit_with_hooks() function—it was triggered immediately after the IP change on the WAN interface, leaving me only to read the new IP and update the DNS.

I don’t mean to be difficult, but I’ve searched extensively and still don’t understand the actual need to remove this code from src/opnsense/scripts/interfaces/dhclient-script. Was there a security issue with it? If so, what was it?

I’m even considering updating to version 24.7 and then restoring the original content of the dhclient-script, as I believe that would be the simplest and quickest solution, given that I couldn’t find any plausible justification for removing this code.