lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-17 01:54:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,258 Commits 1 Branch 0 Tags
Commit Graph

13258 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Frank Brendel
466ac29950
monit: add Link event to alert settings (#5242) 2021-09-28 09:29:10 +02:00
Franco Fichtner
13e311e057 firmware: make uprade testing easier 
For people who want to have fun upgrading into snapshot
releases:

    # opnsense-update -uz
 2021-09-28 08:10:27 +02:00
Franco Fichtner
7063dc9e02 firmware: shift away from old-style firmware-xxx files 
opnsense-update can read the upgrade hint itself.  We may have
to stash an ABI in there to reach to a different location without
the need to publish a symbolic link.

Move the firmware message to a data location for cleanliness.
 2021-09-28 07:38:21 +02:00
kulikov-a
b9de69fe44
configd_ctl.py: catch broken pipe on event handler (#5235) 2021-09-24 21:51:56 +02:00
Ad Schellevis
eb85feceb8 Firewall/NAT/Port Forward - fix non sticky filter rule association, closes https://github.com/opnsense/core/issues/5234 2021-09-23 22:35:36 +02:00
Ad Schellevis
0e10b291b2 Interfaces/Other Types/LAGG : add lagghash option, closes https://github.com/opnsense/core/issues/5208 2021-09-23 19:45:27 +02:00
Franco Fichtner
761871d8b6 openvpn: add tlsmode to copy fields #4592 2021-09-23 07:54:52 +02:00
kulikov-a
eaf378f269
diag_testport.php: set verbose (#5231) 2021-09-22 16:47:52 +02:00
Ad Schellevis
500c82f181 Firewall - refactor getInterfaceGateway() to support extracting a dynamic property instead of the fixed address, refactor route-to behaviour to match reply-to and outbound nat. remove getInterfaceGateways() from firewall plugin as being unused now. closes https://github.com/opnsense/core/issues/5230 2021-09-22 15:37:55 +02:00
Franco Fichtner
60eba47090 interfaces: on "dhcp6prefixonly" include tracking interfaces #5086 
This way we can get a GUA on a WAN that works anyway due to
IPv6 magic.  Also protect the return of addresses with the
actual existence of the interface, because otherwise the
VIP readings are inaccurate.  interfaces_addresses() still
works in both modes, but worst case won't map aliases.
 2021-09-22 11:20:32 +02:00
Franco Fichtner
f0aeb0eff1 interfaces: add all sorts of stuff to interfaces_addresses() #5086 
It allows us to do post-processing on returned addresses for
e.g. #5086 alias parsing for unwanted automatic bind mode.
 2021-09-22 11:12:12 +02:00
Franco Fichtner
48f24dfe86 src: style sweep 2021-09-22 11:12:12 +02:00
Ad Schellevis
d6be0bfdb4 Firewall / Aliases - add "virtual" properties to model representing the current pf table stats and represent these in the alias grid. 2021-09-21 19:45:56 +02:00
Ad Schellevis
c96e5f88b4 Firewall / Aliases - minor bugfix in "filter diag table_size" (caf4439cf0) 2021-09-21 16:34:03 +02:00
Ad Schellevis
9da5c28f40 Firewall / Rules - specify overload table on max new connections, closes https://github.com/opnsense/core/issues/5229 2021-09-21 15:27:44 +02:00
Franco Fichtner
ea7709e268 unbound: adjust help text since range domain is being used 2021-09-21 11:42:27 +02:00
Ad Schellevis
42e80e1c3a Unbound+dhcp: fix template, enforce list when querying pools 2021-09-21 11:11:43 +02:00
Franco Fichtner
3fc136b7bd firewall: add automatic outbound NAT logging option 
This is largely for testing our NAT log patch, but might be
useful for someone.

Inline filterlog restart since it uses syslog() and does not
need to be restarted when syslog settings change.
 2021-09-21 09:23:09 +02:00
Ad Schellevis
caf4439cf0 Firewall / Aliases - extend "filter diag table_size" command to include details as well. 2021-09-20 21:59:00 +02:00
Franco Fichtner
82b2ede99b ipsec: add shared function to simplify ipsec code #5201 2021-09-20 20:35:02 +02:00
Franco Fichtner
e2ad649886 ipsec: meh 2021-09-20 15:10:39 +02:00
Franco Fichtner
0cd0b8962d ipsec: add and use find_smallest_cidr6() variant #5201 2021-09-20 15:07:23 +02:00
Franco Fichtner
719b31bc80 src: replace __toString() calls with casts; closes #5225 2021-09-20 12:11:27 +02:00
Maurice Walker
3807cf8b73 router advertisements: remove AdvRDNSSLifetime / AdvDNSSLLifetime bounds; closes #4893 
RFC 8106 removes the bound of acceptable values:

https://tools.ietf.org/html/rfc8106#section-5.1
https://tools.ietf.org/html/rfc8106#section-5.2
 2021-09-17 12:36:31 +02:00
Franco Fichtner
c7c629945e dhcp: try to guide when subnets are too small; closes #4762 
Lots of loosely related changes addressing small bugs and
wrong assumptions of the available IP ranges.
 2021-09-17 12:18:37 +02:00
Franco Fichtner
cbb402cd0f unbound: never used this unbound cache flush spot 2021-09-17 10:53:22 +02:00
Franco Fichtner
d5d52ac975 system: add xc0 entry video console entry if node exists; closes #4688 2021-09-17 10:33:30 +02:00
Franco Fichtner
e9947f07cd mvc: may be better to hide "nothing to do" messages 2021-09-16 14:04:50 +02:00
Franco Fichtner
9e9971f464 mvc: vim is doing strange things nowadays wanting tabs over spaces ;( 2021-09-16 13:57:03 +02:00
Franco Fichtner
e7e955f573 mvc: retain attributes in single values; closes #4633 
Second try: retain attribute values as sibling nodes with
a name up front.  If the sibling does not exist fail silently
like before.  At least from testing this no longer produces
any shift in the config.xml between string nodes with attributes.

Test XML:

<?xml version="1.0"?>
<opnsense>
  <staticroutes version="1.0.0"/>
  <someotherthing version="1.0.0">
    <foo/>
  </someotherthing>
  <thing version="1.0.0"></thing>
  <alias version="1.0.0"/>
  <doesthisdoit></doesthisdoit>
</opnsense>

Test PHP:

<?php

require_once 'config.inc';

OPNsense\Core\Config::getInstance()->fromArray(load_config_from_file('foo.xml'));
print_r(OPNsense\Core\Config::getInstance()->__toString());

Result XML:

<?xml version="1.0"?>
<opnsense>
  <staticroutes version="1.0.0"/>
  <someotherthing version="1.0.0">
    <foo/>
  </someotherthing>
  <thing version="1.0.0"/>
  <alias version="1.0.0"/>
  <doesthisdoit/>
</opnsense>
 2021-09-16 13:46:58 +02:00
Franco Fichtner
ca6f461378 ipsec: clear irrelevant upper bits in previous #5201 
Shifting bits up has the effect of them lingering if not cleared.
Has no impact on operation on IP address but not good style anyway.
 2021-09-16 12:23:25 +02:00
Franco Fichtner
9e44d9a1a9 ipsec: rewrite netmask calculation #5201 
We need to make sure both the local and the remote IP belong to
the same CIDR range, which might not be the case if we just
calculate the subnet size required by their direct distance.

Rewrite find_smallest_cidr() to take an array of IPs to calculate
their smallest shared subnet mask.  Code is actually pretty simple
and fast.  However, we are not going to account for network and
broadcast address reservation unless that turns out to be an issue.

In the IPv6 case assume that /64 is a good approximation of the
result.

Remove code cruft in utilities while at it also replacing a simple
function only called once in setaddr.sh.
 2021-09-16 09:54:33 +02:00
Franco Fichtner
f51957afbb util: remove unused get_ll_scope() 2021-09-16 09:54:33 +02:00
Franco Fichtner
9b48085538 ipsec: inline only caller of this function 
Loosely related to #4749.
 2021-09-16 09:54:33 +02:00
kulikov-a
0ee3ecde53 allow /30 for p2p 2021-09-16 09:50:40 +02:00
Franco Fichtner
9335c87a6f interfaces: fix two refactors and remove irrelevant XXX #4749 2021-09-15 21:24:14 +02:00
Franco Fichtner
4583c32ee7 interfaces: find_interface_ip*() no longer in use #4749 2021-09-15 21:12:08 +02:00
Franco Fichtner
f97d35508f interfaces: replace laster callers of find_interface_ipv6() #4749 2021-09-15 21:11:42 +02:00
Franco Fichtner
5475d58b98 interfaces: zap find_interface_ip() in two spots #4749 2021-09-15 21:04:52 +02:00
Franco Fichtner
56467eb82e interfaces: improve naming #4749 2021-09-15 15:07:59 +02:00
Franco Fichtner
8ef7cac570 interfaces: remove primary addresses on down #4749 2021-09-15 14:25:05 +02:00
Franco Fichtner
9147c140b2 interfaces: whitespace for code alignment 2021-09-15 14:24:36 +02:00
Franco Fichtner
6f887fa213 interfaces: change get_interface_ip() internals #4749 2021-09-15 14:23:53 +02:00
Franco Fichtner
65779b80bb interfaces: remove find_interface_ipv6_ll() et al. #4749 2021-09-15 13:34:16 +02:00
Franco Fichtner
5ec2b43f46 system: fix "search" use in resolv.conf #5102 2021-09-15 12:14:28 +02:00
Franco Fichtner
cee9f6a7ba firewall: tweak wording in previous 2021-09-15 09:13:12 +02:00
Franco Fichtner
d2291d21d2 firewall: fixup prio texts and enable relevant sysctl for FreeBSD 13 
It only reads or writes VLAN header priority code points.

While here inline the forwarding sysctls instead of setting them all
the time.

PR: https://forum.opnsense.org/index.php?topic=24756.0
 2021-09-15 09:08:12 +02:00
Franco Fichtner
35ec0ae1c7 firewall: improve alias description/preview #5199 2021-09-14 16:16:15 +02:00
Franco Fichtner
c9c0055b8b openvpn: do not create empty router file 2021-09-14 10:46:30 +02:00
Franco Fichtner
0d5ef68694 interfaces: sync groups between possible create/destroy operations 
Had to tiptope around f2769fe099 which seems useful but counter-
intuitive.  Renaming live groups is a bad concept.

PR: https://github.com/opnsense/core/issues/5189
 2021-09-13 14:07:24 +02:00