lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-13 08:09:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,270 Commits 1 Branch 0 Tags
Commit Graph

16270 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ad Schellevis
528b7df875 Syslog / archive - add maxfilesize option to enforce a log rotate when files exceed their limit. 
The combination of preserve logs and max file size help to guard the boundaries of the log storage being used, an archive action is already being performed hourly, which should be enough in normal situations (although that would be easy to change if needed).

In order to make room for the new additional files per day, we add a sequence to the file, for example the first rotate of a filter log exceeding its limit named /var/log/filter/filter_20231204.log  would be moved to /var/log/filter/filter_20231204.0001.log . The syslog-ng reload handles the flush to a new file, which automatically would result in a new filter_20231204.log file after rotate.
 2024-01-25 17:14:11 +01:00
Ad Schellevis
042f71db12 configctl: with the support of our stream reader (42fd27df77), we didn't collect the results when used as an event handler, in which case the action is silently dropped. let's wait for configd's result and add it to the log message as well. closes https://github.com/opnsense/core/issues/7164 2024-01-25 14:07:56 +01:00
Stephan de Wit
d6a95767e3 IPsec: Connections: remove AEAD algorithms without a PRF for IKE proposals 
Any AEAD algorithm selected for the IKE proposal requires a PRF function.
Internally strongSwan will prepend the selected hash algorithm with 'prf'.
Children do not require a hash algorithm to be selected, so the common
options are listed without one.
 2024-01-25 11:27:51 +01:00
Franco Fichtner
ec8002cbb2 system: shuffle auth templates to the end 
One of the main reasons of this function used to be writing
/boot/loader.conf so make sure it does that before going into
something else.  There is still account info writing but to
some degree rendering accounts before changing ttys appears to
be favourable.
 2024-01-25 10:52:40 +01:00
Ad Schellevis
e1139109c8 System: Access: Tester - handle case insensitivty while reading groups. closes https://github.com/opnsense/core/issues/7140 2024-01-24 20:53:38 +01:00
Ad Schellevis
407be7c546 VPN: OpenVPN: Instances - add optional "route-metric" push option for server instances. closes https://github.com/opnsense/core/issues/7160 2024-01-24 15:46:26 +01:00
Ad Schellevis
9da29cfb9f Core/Backend - only parse stream results when configd socket could be opened. closes https://github.com/opnsense/core/issues/7142 
Although this isn't the reason why configd wasn't running, it should not crash either when already sending messages to syslog about the startup issue.
 2024-01-24 15:15:01 +01:00
Ad Schellevis
4530da743c Reporting: Unbound DNS - print upgrade message when db not found, closes https://github.com/opnsense/core/issues/7147 2024-01-24 15:00:44 +01:00
Ad Schellevis
41b3881a73 Services: Kea DHCP [new]: Leases DHCPv4 - deduplicate records. apparantly kea leases from memory can be duplicated (see also https://gitlab.isc.org/isc-projects/kea/-/issues/2293), use the first two fields (ip+mac) to deduplicate them. closes https://github.com/opnsense/core/issues/7136 2024-01-24 14:03:01 +01:00
Franco Fichtner
b407f5e81a mvc: style issue 2024-01-24 08:13:41 +01:00
Ad Schellevis
68d5b81cb3 Services: Kea DHCP [new]: Kea DHCPv4 - Reservations : allow less strict hostnames, closes https://github.com/opnsense/core/issues/7137 2024-01-23 20:38:20 +01:00
Ad Schellevis
fdc72727a8 MVC - HostnameField : add IsDNSName to support DNS names as specified by RFC2181. When the hostname field is used to specify a DNS name, less strict rules apply. needed for https://github.com/opnsense/core/issues/7137 2024-01-23 20:36:00 +01:00
Ad Schellevis
e21b1a8fe5 System: Gateways: Configuration - fix migration issue introduced in 7be65661f7. gateway container contains both "gateway_item" and "gateway_group" items, so we need to be explicit when removing old values. closes https://github.com/opnsense/core/issues/7150 2024-01-23 15:49:13 +01:00
Franco Fichtner
98878a9eb9 openvpn: trailing commas make life easier 2024-01-19 11:32:42 +01:00
Franco Fichtner
684c8c6bec mvc: update filter model 2024-01-19 11:28:45 +01:00
Franco Fichtner
70d6dc03b8 Framework: use LOCALBASE where possible 2024-01-17 09:00:15 +01:00
Stephan de Wit
4d383db1d2 IPsec: Connections: extend Proposals tooltip to children, fix tooltip style issue 
It seems bootstrap-select is inserting a dropdown div before the <select> element
and copying the classes from said select element causing the tooltip to load twice
on two separate elements. Therefore restrict the tooltip activation to the
selectpicker class only. While here, since the ESP proposals field follows the same
pattern, activate the tooltip here as well.
 2024-01-16 12:01:54 +01:00
Franco Fichtner
703d9938ce mvc: missing trailing comma makes me sad, also copyright header style 2024-01-16 09:20:36 +01:00
Franco Fichtner
5b5cf45846 mvc: copyright style update 2024-01-15 13:39:16 +01:00
Franco Fichtner
29eaa909d0 mvc: stray whitespace 2024-01-15 10:05:36 +01:00
Ad Schellevis
415f53cef7
Services: Kea - remove test remnant in get_kea_leases.py 
should fix https://github.com/opnsense/core/issues/7135
 2024-01-13 10:43:15 +01:00
Franco Fichtner
60ee4a4b9a src: style sweep, meh 2024-01-12 12:33:18 +01:00
Franco Fichtner
eccf93e2fd firewall: put the validation back lost in the refactor; closes #6383 
We may have to extend to SLAAC as well, but let's see how this works
in practice first.
 2024-01-12 12:27:09 +01:00
Franco Fichtner
cfc2c709e4 LICENSE: sync 2024-01-12 11:16:46 +01:00
Franco Fichtner
a4213fc4d8 src: style sweep 2024-01-11 15:48:08 +01:00
Stephan de Wit
8846037d93
MVC: Add IPPortField type (#7134) 
Useful for Netflow and plugins. Tests included.
 2024-01-11 15:41:40 +01:00
Franco Fichtner
587375aaed unbound: move back to upgrade hook which requires the old duckdb version only found there 2024-01-11 15:28:58 +01:00
Ad Schellevis
13408c8206 Reporting: Unbound DNS - move duckdb export functionality to helper and always dump before system shutdown to be able to ship duckdb library upgrades on minor releases in the future. 
In an attempt to keep the database clean and hopefully error prone, the logger will export/import now every ~24 hours. As these operations are rather quick it should help to minimize the footprint as well (duckdb files keep growing after deletes).

closes https://github.com/opnsense/core/issues/7049
 2024-01-11 15:05:41 +01:00
Stephan de Wit
340b314f57
MVC: migrate CSVListField types to more sensible fields where possible (#7118) 
Extend the MacAddressField as a list type for usage in Captive Portal. Also set MaskPerItem to "Y" on Netflow destinations for now.
 2024-01-11 13:08:15 +01:00
Franco Fichtner
57312292ee firewall: remove last "pfplugin" use #6390 2024-01-11 10:19:48 +01:00
Franco Fichtner
2cfe2fdc1c firmware: allow os-squid install during major upgrade; closes #7030 2024-01-11 10:15:06 +01:00
Franco Fichtner
713809efeb firewall: src sweep 2024-01-11 10:14:49 +01:00
Franco Fichtner
0803a233d0 firewall: fix a warning and integrate menu nicer #6383 2024-01-11 09:37:51 +01:00
Franco Fichtner
6ab8f8cf2d firewall: patch in missing sync sections #6383 2024-01-11 09:27:56 +01:00
Franco Fichtner
b121118fc1 system: mark new tunables as required 2024-01-10 11:53:09 +01:00
Ad Schellevis
d766ae211c System: Settings: Tunables - change zfs transcation group defaults. (timeout from 5 --> 90 seconds, dirty data sync percentage from 20 --> 5) 
Usually firewalls are not processing a lot of disk write operations, in which case a forced every 5 second flush will lead to quite some wear on the underlying storage device (usually a solid state one these days).
Roughly 20GB per day is being written when using the upstream defaults and without much actual load. To compensate a bit for the reduction of forced syncs, we lower the threshold on the dirty data.
 2024-01-10 11:36:02 +01:00
Franco Fichtner
b339f21817 filter: remove pfplugin use from below backend #6390 2024-01-09 16:25:31 +01:00
Franco Fichtner
f78549137a mvc: style sweep 2024-01-09 16:15:17 +01:00
Ad Schellevis
4d8c9d1c4f MVC: ditch phalcon's syslog implementation for a simple wrapper of our own. for https://github.com/opnsense/core/issues/6389 2024-01-09 14:23:01 +01:00
Ad Schellevis
84e43caf2d MVC - add a field type for descriptions and uniform description uses in core modules. 2024-01-08 16:24:25 +01:00
Ad Schellevis
135a663e33 Firewall: NAT: NPTv6 - allow ip addresses without subnet and fix migration. for https://github.com/opnsense/core/issues/6390 2024-01-08 10:01:23 +01:00
Franco Fichtner
dfc834dabb src: style sweep and plist fix 2024-01-07 21:03:04 +01:00
Franco Fichtner
490efb1e97 firewall: merge pfplugin.inc into pf.inc 2024-01-07 20:51:27 +01:00
Ad Schellevis
8591377778 Firewall: NAT: NPTv6 - add MVC migration and cleanup old legacy pages. 2024-01-07 18:29:00 +01:00
Ad Schellevis
8e299d3efe import net/os-firewall from plugins (https://github.com/opnsense/core/issues/6390) 2024-01-07 16:56:35 +01:00
Ad Schellevis
3daff54655 Services: Intrusion Detection: Policy - show rule origin in rule adjustments grid. As we need to fetch all rule labels in order to link them and the number of installed rules may be quite large (>100k) we need a small work-around here to prevent other model callers from always having to wait for [msg, source] being populated. 
closes https://github.com/opnsense/core/issues/7121
 2024-01-07 16:22:17 +01:00
Ad Schellevis
e385b1cd3e VPN: WireGuard: Settings - ad unique constrain on pubkey fields in model. closes https://github.com/opnsense/core/issues/7110 2024-01-07 11:46:27 +01:00
Ad Schellevis
b5008a9cbf VPN: WireGuard: Settings - API cleanup for 24.1 [2] 2024-01-07 11:43:20 +01:00
Ad Schellevis
4dacd81ab0 VPN: WireGuard: Settings - API cleanup for 24.1 2024-01-07 11:32:41 +01:00
Ad Schellevis
7b599680bc VPN: WireGuard: Settings - add button to generate a pre-shared key (wg genpsk). closes https://github.com/opnsense/plugins/issues/3164 2024-01-07 11:27:28 +01:00