This is strange, but no the strangest thing to happen. Partially
restore the old functionality but this time make sure we only
flip IPv4 on IPv4 and IPv6 on IPv6 changes instead of everything
all the time.
To limit the impact, make sure to only alter vlans now, eventually we should fix the other models as well as they are using // too (but are less likely to overlap)
(take 2)
To limit the impact, make sure to only alter vlans now, eventually we should fix the other models as well as they are using // too (but are less likely to overlap)
Although the prepended 0 might look less intuitive it prevents overlaps when creating new vlans using "ifconfig vlan create" (2637e6ebca/src/etc/inc/interfaces.lib.inc (L77)), to keep qinq and vlan's consistent prepend on both types.
ref 2637e6ebca
Since we also change the vlan names here for new devices to eventually
avoid overlong vlan interface names (#3222) we need to make sure the
rest of the system knows the new prefixes.
Some related style changes in code and text.
This PR pulls query forwarding over the current dot setup, so visually nothing changes.
All API calls are redirected to new Forward functions, which slightly modifies what is returned based on whether "Query Forwarding" or "DNS over TLS" is selected from the menu. This way backwards compatibility is preserved.
As an addition, a user is now able to specify a specific domain for a forward zone as well. Meaning that queries for this specific domain will skip a catch-all (".") domain (if specified), and instead use the server specified for this domain.
Entering a forward zone with a catch-all domain (".") in both Query Forwading and DNS over TLS is considered a duplicate by Unbound, so a static warning for this has been attached in the grid - however, it might be possible for a user to be warned dynamically over this.
Detach the OpenVPN filter reload a little so we make sure it only
executes once if the reconfigure all. Not sure if these are strictly
neeeded but better to keep them now.
I'm not sure why interface_bring_down() is needed when both
IPv4 and IPV6 are empty. It sort of means "handle this the
hard way when doing tunnel configurations" althoug the code
disagrees about the historic comment and the code that was
introduced... "set to none" vs. "ipaddr <> none" and later
"empty(ipaddr)" to match the comment. In the grand scheme of
things this does not matter at all...
So in 22.1.3 we removed the inline configuration of GIF and GRE
which causes interface configuration to strip the addresses
added by device configuration instead of refixing it on the
fly (executing code twice all the time). The code flow was
always correct but in practice tripping over itself so now try
a more sensible approach by stripping addresses when we have
assignments going on individually for IPv4 and IPv6.
PR: https://forum.opnsense.org/index.php?topic=27553.0
Under normal circumstances a tunnel that is assigned to an
interface will be restarted when said interface becimes
available. This is to fix the previous load of the device
when the actual interface wasn't yet ready.
Historic oversight of wedging in a loopback interface in virtual IP
section while not making sure the actual configuration receives a
virtual IP when it needs to. This was previously fixed by a batch
VIP regeneration in interfaces_configure() but we already saw that
this is not needed in 99% of the cases.
PR: https://forum.opnsense.org/index.php?topic=27547.0
Ideally rc.newwanip should be as lightweight as possible, with 8c49c7bfdd in place normal execution doesn't take much time, but it likely doesn't make sense to hook gif|gre interfaces either when nothing has changed.
closes https://github.com/opnsense/core/issues/5624
It might be possible to skip the whole !is_ipaddr(), but the side affects aren't fully clear hence the != dhcp[6] to ease implementation.
Before this commit, dhcp[6] interfaces always tried to reconfigure, which makes the whole comparison quite useless.
related to https://github.com/opnsense/core/issues/5624
We add this here to ensure consistency between the functionalities
of these interface helper files. Not all instances have been
converted, but they can be as time permits. Tested on IPv6.
While here settle on "prefix" for pdinfo as a thing since we
renamed it already anyway.
Looking for things that could go wrong with root.key in Unbound
this could be one of those. Still, at this point we may not have
received DNS servers from the ISP since these are registered much
later (10-newwanip).
Great opportunity to ditch prefer_ipv4_or_ipv6() since we need it
for resolving which we set up alongside and in the right spot.
Not sure about nameserver.sh name and scope yet so try to
hide it under a link. We can always change the name later
although having .sh suffix helps us lint the script more easily.
Historically both make sense but nothing calls configd_ctl.py
directly anymore so we can either leave it at that or merge
the code and behaviour into configctl. (Or better yet set a
symlink to configctl).
Also now we can grep for "interfaces_vlan_configure" to see both
and "interfaces" is the actual prefix to be used from interfaces.inc.
Later we should try to avoid calling "_" prefix functions from code
not in interfaces.inc.
