New script to be invoked by rtsold when Router Advertisements with
RDNSS / DNSSL information are received. Uses ifctl to create the
/tmp/$if_routerv6 file and creates the /tmp/$if_defaultgwv6 file
directly. Fixes the issue that these files don't get created when
the M and O flags in RAs are not set. Also, passes RDNSS / DNSSL
info from RAs to ifctl.
Just make a MD5 sum of the file and change polling to 20 seconds.
Call backend on first run as well without waiting. Interval could
be lower still, but as said earlier it doesn't matter much all
things considered.
Gets rid of package dependency which for dhcpleases6 simply
listens on the DHCPD lease file and runs the prefix.php command
unconditionally.
For now emulate this by issuing the command every 60 seconds
which can be adjusted later if someone complains, but seeing
how many bugs this script has had vs. how many people noticed
it (basically none) I doult this will have much impact overall.
'prefix' was never a key so this got never executed for whatever reason.
It remains broken in other projects and the question is if this script
really has any useful value.
This brings it in line with migrations although both hinge on
the idea that rc.configure_firmware is called to execute this
code. Both need a better integration but bringing them to the
same level seems to make the most sense.
After reboot the config is in a consistent state now too...
Remove previous plugins_interfaces() call and always use full
path to pluginctl like most spots already do.
o provide option to delete entries
o show Ikeid and Reqid including optional phase[1|2] description when provided
o extend fields with data provided from setkey -D
o add a remove button hooking spddelete to remove entries when not cleanedup correctly for some reason to ease maintenance
o add reqid to IPsec phase 2 tunnel view for clarity so we can easily inspect if traffic is trying to pass the right policy
o show Ikeid and Reqid including optional phase[1|2] description when provided
o extend fields with data provided from setkey -DP, but keep them deselected in the default view (e.g. Upperspec, Mode, Type, ..)
Displaying changelogs requires a different menu flow but for now focus
on providing a changelog opportunistically before performing the update,
but intentionally after starting it to keep previous flow for now.
This allows us to remove all DH handling remnants. If people
want to use a separate content they will have to let us know,
but it seems unlikely. The only impact seems to be a security
bump from 2k to 4k default.
as the previous version already build files in /var/db/aliastables and therefor future cleanup work, there might be some noise when patching this without a reboot (empty bogons or other external aliases). Without this patch the issue is only that aliases aren't removed, which doesn't make this a super high priority in my humble opinion.
o Since our filterlog does contain labels nowaydays (https://github.com/opnsense/core/issues/5014), we can stop parsing pfctl which can be quite time consuming
o Rate limit "filter rule stats" configd action to prevent excessive pfctl access on filter pages
* Unbound blocklists / OPNsense UI: strengthen error handling
Also changes the OPNsense UI error handling routine to display a 'status_msg' if provided. Otherwise just display 'status' to preserve backwards compatibility.
* unbound: make blocklist additions/removals dynamic to prevent a restart
This commit contains an optimization for the way unbound can be updated in its' configuration
without the need for restarting Unbound and by extension a loss of internet connectivity.
Hopefully this will pave the way for optimizations on other aspects of Unbounds' configuration as well.
We could for example look into making the provided wrapper function more generic.
The GUI has also been modified slightly to inform the user of the amount of RRs added/removed.
* Services: Unbound DNS: Blocklist, review comments for https://github.com/opnsense/core/pull/5747
Changed the following minor items:
o gettext() for human readable reponse message
o simplify comparison loop (only new or diff are actually the same operation)
o replace one-liner split into a loop with validation in case an empty record exists (or something that doesn't fit the pattern)
o remove optional (but always) set -f option
* unbound: blocklists: minor style fix and strip more agressively
Co-authored-by: Ad Schellevis <ad@opnsense.org>
Always prefer cpu temp as before, when not available consider the folowing options
o hw.acpi.thermal.tz0.temperature --> ACPI temp
o hw.temperature.CPU --> apparantly used for arm devices.
Firewall / Aliases - various usability and visibility improvements
o change /api/firewall/alias/listNetworkAliases endpoint to return name and address
o add alias description as subtext in network group dropdown
o exclude row buttons for internal aliases
o support nesting of external aliases
o attach statistics to external aliases (like bogons and new interface network types)
o add preprocess in alias to handle non gui defined types
o network aliases will flush :network into the table
o aliases which aren't managed via configured settings will be fetched for nesting
o gather pf tables which aren't generated into filter_tables.conf as being external so the new imported static_aliases are usable without the need to import the settings in the template language
o initial work to support interface networks, register internal types and flush to alias template
o support imported static aliases using json definitions and move core aliases in there
