Recently did the same for Unbound. The context for the user is clear
and we shouldn't be too concerned for what the user thinks about disabled
interfaces since he disabled them in the first place.
Use the same interface description source in the overview page.
While we are not concerned with interfaces that have disappeared
we should keep track of disabled interfaces since there is no strict
link between this field and the interface (or OpenVPN) configuration
which would make validation fail for the wrong reasons and/or force
the user to deselect the interface in order to proceed.
Also exclude lo0 because it is always added to ensure local resolving
which had no complaints since 2018 when this was reworked. The abilty
to select it would cause the question of why it's not adhered to if
anyone started looking.
* Allow the bridge to come up without members. While the GUI made sure
to avoid empty bridges there is no reason for it and underneath if the
interface was disabled the GUI made the interface disappear from the
selection. So now allow an empty bridge (may be nice for migration)
and show disabled interfaces in the edit page. Fix all callers to not
assume the member property is always set. Can probably go away once
bridges are moved to MVC.
* Inline interface_bridge_add_member() since link_interface_to_bridge()
is the only caller. Improve the parameter passing a bit too.
* Add bridge interface return code to (_)interfaces_bridge_configure().
* Improve device resolution and a few mwexecf() replacements.
* Log the reason why a device could not be attached to bridge when one
device is not there as expected.
Now that we fail if we can't get the tunnel up improve this a bit more:
1. First order of business is adding removing/adding the device.
2. Return the device name when configuration was successful.
3. Use device name return to avoid "linking" failed devices. This
helps us to bring it up later when it is likely ready.
4. Remove the system_routing_configure() madness from device creation.
5. We may have static routes which were not adhered to previously. So now
use the same interfaces_restart_by_device() hook but omit the
interface_configure() to void unwantend recusion in that function.
This has the addded benefit of system_routing_configure() only being
called once for that interface by rc.newwanip(v6).
Formerly devices like GIF only worked on IPv4 dynamic links,
but with DS-Lite IPv6 is the only dynamic link so split the
execution on dynamic events according to what remote address
the tunnel requires. This should allow DS-Lite to work out
of the box (functional after bootup).
While here restructure link_interface_to_gif() to better fit
the caller's needs. Also feeling lucky about the stray
interfaces_bring_up() because if we check if the local address
is there we can be pretty sure the parent device is up.
PR: https://forum.opnsense.org/index.php?topic=35876.0
This is allowed nowadays with the proper escaping in the
template employed. However...
1. The parameter"s" are enforced by doing white-space
separated passing of individiual parts, but that breaks
backend scripts expecting either spaces to be part of
the parmeter or discarding additional parameters.
This matters, because...
2. https://docs.opnsense.org/manual/settingsmenu.html#cron
does not state any two parameter value of interest to
users apart from custom Cron glue.
I'd rather have "parameters" treated as a single first
parameter which can be passed with a %s to the shell, but
I'm unsure if configd will treat it that way? At least
the crontab part would not be the issue.
Let's test this theory:
# cat src/opnsense/service/conf/actions.d/actions_test.conf
[shell]
command:/bin/csh -c
parameters:%s
message:Running %s
type:script_output
description:Shell execution (use with care)
# configctl test shell "echo foo"
Parameter mismatch
# configctl test shell "echo\ foo"
foo
# configctl test shell "echo\ foo;echo\ bar"
foo
bar
So there seems to be a mishandling of spaces in general
which is probably why the parameters are treated as such
in the crontab file. Perhaps we need to discuss this.
Now an empty node name '' will stay on the same node allowing to
dump the full config.xml for whatever reason. Also change the
empty print behaviour to omit the spurious newline as that looks
better. Last but not least pretty-print JSON for better UX.
