Ok so this might have been an issue in the past WRT DHCP client
and default route hanling which is now done another way but maybe
it shouldn't have. For now just see how this works in practice
and then decide later if more needs to be done or not.
* MVC / System status: first draft for backend implementation
* fix copyright
* fix permissions
* MVC / System Status: modify backend implementation and setup front-end
* MVC / System Status: minor cleanup, ACL check and fix reporting in production mode
* MVC / System Status: copy status sytem to legacy as well, remove the notices system, finish up front-end work
* MVC / System Status: remove useless constructor
* fix plist
* System Status: shorten previous
* System Status: add ACL check
* System Status: also remove legacy part
* System Status: also clean up on legacy page
* System Status: ACL check on dismiss action as well
* System Status: add readonly privilege check to dismiss action
* System Status: do not trust input
* System Status: address security concerns
* add default return
* System Status: move js code to separate script and make sure a logLocation is always provided
* System Status: clean up callout in both legacy page and volt template
After dismissing a message and closing the dialog, the old message was still bound to the dialog instance. re-registering the onclick callback solves this.
* System Status: adjust log location and kick off status system on alias errors
* System Status: let's hold off on throwing notifications for aliases for now
* System Status: add ACL entry for the dismiss API call, adjust to new deployment situation
Without the ACL entry, /api/core/system/dismissStatus calls are rejected for non-root users even when they should have rights to dismiss.
Also do a minor consistency improvement and also adjust to the new situation of production & development deployment types. We need to account for the possibility of 'deployment' being empty in the configuration, therefore a direct check of the 'development' type seems most fitting as this is unlikely to change or be subjected to any additions.
* System Status: also error out when unable to write new rules
* System Status: account for users without permissions
* System Status: name collision in FirmwareController
* System Status: replace old notices system with a global one (https://github.com/opnsense/core/pull/5875)
Review feedback / modifications in this commit:
o filter.inc
-- remove wedged message, when locked during parallel reloads it likely doesn't help to disable/enable
-- flush message to error trigger file
o SystemStatus.php
-- str_contains --> strpos; eases testing on OPNsense 22.1.x as str_contains is php 8 only
o Status collectors
-- simplify logic and propagate messages received from status file
o CrashReporterStatus
- the existence of a /tmp/PHP_errors.log file should be enough to know some process signaled the crash reporter
- remove shell exec
o FirewallStatus
-- as only /tmp/rules.error remains, remove loop to read for non existing files
o opnsense_status.js
-- add opn-status-group class to container and point css modifications in that single direction to prevent other objects from being affected by our status popup modifications
-- windows file endings replaced (^M)
o css:
keep menu_messages container to ease migration for theme developers
NOTE : ** get_crash_report() could likely be simplified as well
* filter: change to mwexec, redirection is implied
* System Status: handle potential undefined array key
seems to be a one-off error: Exception: Error at /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/Api/SystemController.php:90 - Undefined array key 0 (errno=2) in /usr/local/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php:159
Co-authored-by: Ad Schellevis <ad@opnsense.org>
IPv4 doesn't do this indicating that IPv6 shouldn't as well.
Also, ifctl is not handling this file either so we might as
well let system.inc deal with this.
PPPoE and DHCP still read the file but wouldn't consider this
a huge problem.
Also now makes sure the scope is added to link-local gateways,
which was a problem previously reported by @maurice-w.
The default listing had an issue bringing in both the dhcp6c
and the slaac files. Now act according to what we implemented
as a fallback approach for reading data files.
Since "nameserver.sh" was a working title for when we just wanted
to make sense of the nameserver registration mess going on this
no longer fully applies for good reasons.
Change the name to ifctl.sh for leaving syntax parsing in place
and leave the symlink in sbin/ directory. The same works nicely
for configctl.
Since we already kill routes in nameserver registrations we can
also take on the arp/pfctl magic moving the "router" file check
to its native utility.
It's debatable if we even need the pfctl or arp flush here.
To be continued...
Since these calls exist for the purpose of letting developers know about major issues or deprecation warnings, they can now be removed as a development setting was introduced. https://github.com/opnsense/core/issues/5904
This breaks the new feature in the interim since the router file
read is not yet supposed to read :slaac counterpart since the router
file is still read manually. Refactor to follow.
We do want to eventually lean on exclusive ifctl use in order to
be able to improve logic in ifctl or make adjustments really easy in
the future without missing a spot (e.g. adding scope to link-local
routers).
New script to be invoked by rtsold when Router Advertisements with
RDNSS / DNSSL information are received. Uses ifctl to create the
/tmp/$if_routerv6 file and creates the /tmp/$if_defaultgwv6 file
directly. Fixes the issue that these files don't get created when
the M and O flags in RAs are not set. Also, passes RDNSS / DNSSL
info from RAs to ifctl.
