Add connection child as option for manual SPDs, to make sure these are easily selectable we'll extend ModelRelationField to include a method to return it's value (so we can combine parent descriptions)
in cases where e.g. an internet connection is down, a reply will not be present should unbounds' iterator module return.
normally we marked this as a SERVFAIL, but Unbound already does this for us in the servfail callback.
This means entries were logged twice, once with a "Pass, Recursion, servfail", another one with "Drop, Local, servfail".
This is ambiguous and would skew the relevant statistics.
minor modifications for e08a96c6cd
[*] separate logger.stats_enabled and rrset handling so cnames are also resolved when logging is disabled
[*] set MODULE_FINISHED as default exit state, toggle to MODULE_ERROR when needed
[*] simplify logic a bit in operate()
There can be multiple CNAMEs in a RRset, so iterate the chain and check every fqdn. If one is encountered in any iteration that matches one in the blocklists, unconditionally block it.
This code unfortunately is utterly broken, the plain Javascript code is lenghty and buggy, this only tries to solve the escape issue, but it would be much better if all of this would be replaced with some simple jQuery constructtions.
Two things here:
1. I think historically the port was always missing since it must
be 53 somewhere to work correctly. This actually fixed that.
2. Bind could be integrated more tightly into this when both Unbound
and Dnsmasq are not used.
3. We assume that port 53 is actually a DNS service and not some
other misconfiguration, but it seems from previous code that
this is more than acceptable in the situation we are in.
Ok, that's three things then. ;)
service_by_name('*', ['ports' => ['53']]);
The filter has drawbacks with structured data, but this is good enough
for now and easy to change with only two consumers using it.
Add a new status although we didn't want to extend the functionality,
but this does look like a bug when loss indicator is used but not
properly reported.
PR: https://github.com/opnsense/core/issues/6231
As we rather don't want to change the api dataformat too much at the moment, we could sort by description in the controller for packets and traffic and move the interface mapping into the getRRDlistAction() response. This should keep all backwards compatible and offers improved sorting with limited impact.
Looks like improvements in 23.1.4 made the problem worse, indicating
that the direction this is going is a bit doubtful. Instead, funnel
the restart through configd to reach some state of serialization
similar to what filter_configure() is doing.
While here move the service definition to the correct file.
o rename virtual_addr --> virtual_address in status call out
o add new endpoints to search connections and routes, kill sessions and service control
o remove old status page status_openvpn.php and change ACL and Menu registration
o offer two tab view on sessions / routes
o service controls (restart/start/stop) are shown for non client based records (p2p and client mode) or when no clients are connected.
This reverts commit ffc1c438e02ae209b8ad690907d3fad8f74a6248 to be able
to test the migration easily. We didn't set the full data (at least
local_zone_type was missing) but then again we do not have to.
Also seeing that we did not have OPNsense section before or version
attribute let us try to keep this status quo for a little longer.
