Put TUN down on client disconnect.

On startup client creates TUN interface in UP state and kept it UP even
if connection to the server was lost. Creating interface in DOWN state,
turning it UP on successful (re-)connection to server and DOWN on either
disconnect or connection loss would enable DHCP client (say dhclient5)
to detect necessity for lease renewal.

Added a client configuration parameter to create TUN interface in DOWN
state and commands to enable, disable, and query the configuration
parameter.
Enabling the parameter causes client to put all unused TUN interfaces
DOWN, create new TUN interfaces in DOWN state, and turn TUN interfaces
corresponding to active sessions DOWN on connection loss or
disconnecting from server.
Disabling the parameter forces client to turn all TUN interfaces UP and
create new TUN interfaces in UP state.
Default value is 'Disable'.

src/Cedar/Client.c

@@ -3854,6 +3854,7 @@ void InRpcClientConfig(CLIENT_CONFIG *c, PACK *p)
 	c->KeepConnectProtocol = PackGetInt(p, "KeepConnectProtocol");
 	c->KeepConnectInterval = PackGetInt(p, "KeepConnectInterval");
 	c->AllowRemoteConfig = PackGetInt(p, "AllowRemoteConfig") == 0 ? false : true;
+	c->NicDownOnDisconnect = PackGetBool(p, "NicDownOnDisconnect");
 	PackGetStr(p, "KeepConnectHost", c->KeepConnectHost, sizeof(c->KeepConnectHost));
 }
 void OutRpcClientConfig(PACK *p, CLIENT_CONFIG *c)
@@ -3869,6 +3870,7 @@ void OutRpcClientConfig(PACK *p, CLIENT_CONFIG *c)
 	PackAddInt(p, "KeepConnectProtocol", c->KeepConnectProtocol);
 	PackAddInt(p, "KeepConnectInterval", c->KeepConnectInterval);
 	PackAddInt(p, "AllowRemoteConfig", c->AllowRemoteConfig);
+	PackAddBool(p, "NicDownOnDisconnect", c->NicDownOnDisconnect);
 	PackAddStr(p, "KeepConnectHost", c->KeepConnectHost);
 }
 
@@ -6657,7 +6659,7 @@ bool CtConnect(CLIENT *c, RPC_CLIENT_CONNECT *connect)
 
 					CLog(c, "LC_CONNECT", connect->AccountName);
 
-					r->ClientSession = NewClientSessionEx(c->Cedar, r->ClientOption, r->ClientAuth, pa, r);
+					r->ClientSession = NewClientSessionEx(c->Cedar, r->ClientOption, r->ClientAuth, pa, r, &c->Config.NicDownOnDisconnect);
 					Notify(r->ClientSession, CLIENT_NOTIFY_ACCOUNT_CHANGED);
 
 					ret = true;
@@ -6674,6 +6676,82 @@ bool CtConnect(CLIENT *c, RPC_CLIENT_CONNECT *connect)
 	return ret;
 }
 
+// Put all unused TUN interfaces down
+// Requires account and VLan lists of the CLIENT argument to be already locked
+bool CtVLansDown(CLIENT *c)
+{
+#ifndef UNIX_LINUX
+	return true;
+#else
+	int i;
+	LIST *tmpVLanList;
+	UNIX_VLAN t, *r;
+	bool result = true;
+
+	if (c == NULL)
+	{
+		return false;
+	}
+
+	tmpVLanList = CloneList(c->UnixVLanList);
+	if (tmpVLanList == NULL)
+	{
+		return false;
+	}
+
+	// Remove from tmpVLanList all VLans corresponding to active sessions
+	for (i = 0; i < LIST_NUM(c->AccountList); ++i)
+	{
+		ACCOUNT *a = LIST_DATA(c->AccountList, i);
+		if (a->ClientSession == NULL)
+		{
+			continue;
+		}
+
+		Zero(&t, sizeof(t));
+		StrCpy(t.Name, sizeof(t.Name), a->ClientOption->DeviceName);
+		r = Search(tmpVLanList, &t);
+		Delete(tmpVLanList, r);
+	}
+
+	// Set down every VLan in tmpVLanList
+	for (i = 0; i < LIST_NUM(tmpVLanList) && result; ++i)
+	{
+		r = LIST_DATA(tmpVLanList, i);
+		result = UnixVLanSetState(r->Name, false);
+		// [MP:] Should we report *critical* error on failure?
+	}
+
+	ReleaseList(tmpVLanList);
+	return result;
+#endif
+}
+
+// Put all TUN interfaces up
+// Requires VLan list of the CLIENT argument to be already locked
+bool CtVLansUp(CLIENT *c)
+{
+#ifndef UNIX_LINUX
+	return true;
+#else
+	int i;
+	UNIX_VLAN *r;
+
+	if (c == NULL)
+	{
+		return false;
+	}
+
+	for (i = 0; i < LIST_NUM(c->UnixVLanList); ++i)
+	{
+		r = LIST_DATA(c->UnixVLanList, i);
+		UnixVLanSetState(r->Name, true);
+	}
+
+	return true;
+#endif
+}
+
 // Get the account information
 bool CtGetAccount(CLIENT *c, RPC_CLIENT_GET_ACCOUNT *a)
 {
@@ -6894,6 +6972,20 @@ bool CtSetClientConfig(CLIENT *c, CLIENT_CONFIG *o)
 	}
 	Unlock(k->lock);
 
+	// Apply TAP state
+	LockList(c->AccountList);
+	LockList(c->UnixVLanList);
+	if (o->NicDownOnDisconnect)
+	{
+		CtVLansDown(c);
+	}
+	else
+	{
+		CtVLansUp(c);
+	}
+	UnlockList(c->UnixVLanList);
+	UnlockList(c->AccountList);
+
 	return true;
 }
 
@@ -8302,8 +8394,8 @@ bool CtCreateVLan(CLIENT *c, RPC_CLIENT_CREATE_VLAN *create)
 		GenMacAddress(r->MacAddress);
 		StrCpy(r->Name, sizeof(r->Name), create->DeviceName);
 
-		// Create a Tap
-		if (UnixVLanCreate(r->Name, r->MacAddress) == false)
+		// Create a TUN
+		if (UnixVLanCreate(r->Name, r->MacAddress, !c->Config.NicDownOnDisconnect) == false)
 		{
 			// Failure
 			Free(r);
@@ -9371,6 +9463,7 @@ void CiLoadClientConfig(CLIENT_CONFIG *c, FOLDER *f)
 	c->AllowRemoteConfig = CfgGetBool(f, "AllowRemoteConfig");
 	c->KeepConnectInterval = MAKESURE(CfgGetInt(f, "KeepConnectInterval"), KEEP_INTERVAL_MIN, KEEP_INTERVAL_MAX);
 	c->NoChangeWcmNetworkSettingOnWindows8 = CfgGetBool(f, "NoChangeWcmNetworkSettingOnWindows8");
+	c->NicDownOnDisconnect = CfgGetBool(f, "NicDownOnDisconnect");
 }
 
 // Read the client authentication data
@@ -9699,7 +9792,7 @@ void CiLoadVLan(CLIENT *c, FOLDER *f)
 	Add(c->UnixVLanList, v);
 
 #ifdef	OS_UNIX
-	UnixVLanCreate(v->Name, v->MacAddress);
+	UnixVLanCreate(v->Name, v->MacAddress, !c->Config.NicDownOnDisconnect);
 #endif	// OS_UNIX
 }
 
@@ -9923,6 +10016,7 @@ void CiWriteClientConfig(FOLDER *cc, CLIENT_CONFIG *config)
 	CfgAddBool(cc, "AllowRemoteConfig", config->AllowRemoteConfig);
 	CfgAddInt(cc, "KeepConnectInterval", config->KeepConnectInterval);
 	CfgAddBool(cc, "NoChangeWcmNetworkSettingOnWindows8", config->NoChangeWcmNetworkSettingOnWindows8);
+	CfgAddBool(cc, "NicDownOnDisconnect", config->NicDownOnDisconnect);
 }
 
 // Write the client authentication data