While we are not concerned with interfaces that have disappeared
we should keep track of disabled interfaces since there is no strict
link between this field and the interface (or OpenVPN) configuration
which would make validation fail for the wrong reasons and/or force
the user to deselect the interface in order to proceed.
Also exclude lo0 because it is always added to ensure local resolving
which had no complaints since 2018 when this was reworked. The abilty
to select it would cause the question of why it's not adhered to if
anyone started looking.
* Allow the bridge to come up without members. While the GUI made sure
to avoid empty bridges there is no reason for it and underneath if the
interface was disabled the GUI made the interface disappear from the
selection. So now allow an empty bridge (may be nice for migration)
and show disabled interfaces in the edit page. Fix all callers to not
assume the member property is always set. Can probably go away once
bridges are moved to MVC.
* Inline interface_bridge_add_member() since link_interface_to_bridge()
is the only caller. Improve the parameter passing a bit too.
* Add bridge interface return code to (_)interfaces_bridge_configure().
* Improve device resolution and a few mwexecf() replacements.
* Log the reason why a device could not be attached to bridge when one
device is not there as expected.
Now that we fail if we can't get the tunnel up improve this a bit more:
1. First order of business is adding removing/adding the device.
2. Return the device name when configuration was successful.
3. Use device name return to avoid "linking" failed devices. This
helps us to bring it up later when it is likely ready.
4. Remove the system_routing_configure() madness from device creation.
5. We may have static routes which were not adhered to previously. So now
use the same interfaces_restart_by_device() hook but omit the
interface_configure() to void unwantend recusion in that function.
This has the addded benefit of system_routing_configure() only being
called once for that interface by rc.newwanip(v6).
Formerly devices like GIF only worked on IPv4 dynamic links,
but with DS-Lite IPv6 is the only dynamic link so split the
execution on dynamic events according to what remote address
the tunnel requires. This should allow DS-Lite to work out
of the box (functional after bootup).
While here restructure link_interface_to_gif() to better fit
the caller's needs. Also feeling lucky about the stray
interfaces_bring_up() because if we check if the local address
is there we can be pretty sure the parent device is up.
PR: https://forum.opnsense.org/index.php?topic=35876.0
This is allowed nowadays with the proper escaping in the
template employed. However...
1. The parameter"s" are enforced by doing white-space
separated passing of individiual parts, but that breaks
backend scripts expecting either spaces to be part of
the parmeter or discarding additional parameters.
This matters, because...
2. https://docs.opnsense.org/manual/settingsmenu.html#cron
does not state any two parameter value of interest to
users apart from custom Cron glue.
I'd rather have "parameters" treated as a single first
parameter which can be passed with a %s to the shell, but
I'm unsure if configd will treat it that way? At least
the crontab part would not be the issue.
Let's test this theory:
# cat src/opnsense/service/conf/actions.d/actions_test.conf
[shell]
command:/bin/csh -c
parameters:%s
message:Running %s
type:script_output
description:Shell execution (use with care)
# configctl test shell "echo foo"
Parameter mismatch
# configctl test shell "echo\ foo"
foo
# configctl test shell "echo\ foo;echo\ bar"
foo
bar
So there seems to be a mishandling of spaces in general
which is probably why the parameters are treated as such
in the crontab file. Perhaps we need to discuss this.
Now an empty node name '' will stay on the same node allowing to
dump the full config.xml for whatever reason. Also change the
empty print behaviour to omit the spurious newline as that looks
better. Last but not least pretty-print JSON for better UX.
The terminology is confusing -- it's just a poll interval in
dpinger's alert thread like we have in gateway watcher (also
defaulting to 1 second). Since we do not want to expose
such values to the GUI without a pressing reason we better
do it this way than add more knobs that make support harder
and expectations less clear (reaction time suffers quickly when
increasing this value).
While here disable the alert thread completely in dpinger which
seems to be steered by passing the loss and delay. Also adjust
the default for the loss interval which is calculated by dpinger
as 4 times the probe interval, so the default was wrong also.
Under ideal circumstances (non-SIGKILL) the PID file and socket
are removed cleanly so they don't show up as readabe sockets in
dpinger_status(). When we kill the process the socket is there
but the open fails immediately. That only leaves a stuck process
not reacting to open, but we can deal with that by decreating the
timeout a bit more (from 3 to 1 seconds per socket). We still
want a sort of sensible timeout here that isn't too short and
assume that a system not being able to respond in time is having
other (and more criticial) issues to cope with.
Stop using the opportunistic "wan" gateway and emit a
log entry on failing to derive a viable interface name.
It's already somewhat questionable if we should use a
default gateway, but the code is what it is.
gatewaysIndexedByName() -> do not omit when defunct
getDefaultGW() -> omit when defunct
getInterfaceGateway() -> omit when defunct (debatable)
Otherwise strip gatewaysIndexedByName(true) where the behaviour
was likely to try and get defunct gateways as well and fix the
dpinger code accordingly to get rid of raw config access.
