Migrate ui to MVC, wrap model around existing configuration area to remain backward compatibility.
To avoid laggs configured via console not being reachable from the gui, add a uuid to it.
To allow legacy services without a model to hook into the `ApiMutableServiceController`, we define a protected `serviceEnabled` function that by default checks the given `internalServiceEnabled` property to see if a service is enabled, but allows derived classes to override the functionality. We loosen the property restrictions in `initialize()` by moving the checks to their runtime implementations.
DHCPv4/v6 is modified here to hook into this change, but since the `actions_services` requires the keyword `service`, which isn't used by the mutable service controller, we define start/stop/restart/status actions in the `actions_dhcpd.conf` and the new `actions_dhcpd6.conf` files.
- reworks the get_leases.py script to accomodate the "last declaration is the current one" logic from dhcpd.leases(5). (neither core nor plugins is currently using this action)
- includes binding states for failover setups in dhcpd.py lease file parsing. These are included in the leases page if show inactive is selected.
- adds small utility function in Firewall/Utility to check wheter a given IP (4 or 6) is within the bounds of a given CIDR block. Needed to bind a lease declaration to an interface in the front end.
- remove dhcpleaseinlocaltime property from services_dhcp.php. dhcpd.py works with epochs, so we only need to convert to a sensible local date in the controller.
- implements multiselect lease deletion
- implements multiselect interface filtering
- does not yet hook into ApiMutableServiceControllerBase, since the legacy configuration makes it a bit tricky.
* VPN: OpenVPN: Instances (MVC)
bugfixes and additions:
o fix lookup in tls_verify.php
o add auth attribute
o fix connection status reporting non existing clients
* VPN: OpenVPN: Instances (MVC)
bugfixes and additions:
o add missing syshook for startup at boot
o show instances in connection states when not connected
1. The process runs forever to retain proper state, periodically
syncing the configuration data in order to react correctly.
2. Missing gateways are not an issue. They will not alert or stick
to their last verified value.
3. We stop reacting unless a default gatway switch action will follow
or the gateway is part of a gateway group. Triggers are not refined
for now so we just let it run in full processing if a candidate.
4. Emulate the strange monitor alarm output although I don't see the
use for all of this cryptic goo. The alarm state (0, 1) was changed
to reflect the observed transition causing the alarm script to run.
5. Move the action for the script alarm to the script itself. Requires
a bit of backend shuffling as well.
6. Only create one script to watch all monitors. Easier to manage and
to present as service (which can be stopped and started if needed).
- The "internally generated" ACL entries have been removed in favor of a wildcard (well, a wildcard and localhost)
- Users can now change the default action used by the wildcard: either allow, deny or refuse.
- The legacy implementation wasn't very strict (you could add an entry without any input), this does at least require a name and at least one network. To facilitate the migration, if the 'name' property was empty, it will be set to 'Unnamed ACL'. Entries without defined networks will be discarded without notice.
o add new mvc module
o migrate existing data
o add getOverwrite() in OpenVPN model to retrieve data structured as legacy data to make this an easy drop-in
o rename virtual_addr --> virtual_address in status call out
o add new endpoints to search connections and routes, kill sessions and service control
o remove old status page status_openvpn.php and change ACL and Menu registration
o offer two tab view on sessions / routes
o service controls (restart/start/stop) are shown for non client based records (p2p and client mode) or when no clients are connected.
We do have to jump through a few hoops to make this work. First and
foremost during validation the model should have a "cleansed" view
of its data which means we add the subscription as a separate field
and append it to the mirror after validation.
It might be good to straighten this out later, also in the get path
so that we can hide all required translation in the controller until
we can move this to a standard GUI component and straighten out the
mirror read on the other end when subscriptions are required (but
currently no appended).
This initial commit focusses on structuring the event flow around user and client registration, moving events to our new ovpn_event.py handler.
By supporting both deferred and direct authentication in user_pass_verify.php, we should be able to start with a cleanup patch for OpenVPN 2.5.x and work our way up to
a smaller fix for 2.6.x.
In preperation for 2.6, this commit also moves --cipher to --data-ciphers-fallback as suggested by the warning "DEPRECATED OPTION: --cipher set to '' but missing in --data-ciphers". Rename the option in the gui while there and add a note in the help text.
* unbound / overview: migrate to duckdb
* unbound: make ajax calls concurrent, no need to wait on each other
* unbound / overview: adjust to DataFrame optimization
While previous insert statements with SQLite had to be rate limited to prevent blocking on the
side of the logger, this limitation can be ditched entirely with the approach of appending DataFrames.
Also, the client chart expects timestamps for the entirety of the dataset, so make use of
the NaN value.
* unbound / overview: connection can be none
* unbound / overview: include DNSSEC and timing information and refactor logger
The logger was lacking some error handling due to it being daemonized. On a restart the process
will still produce a core dump likely associated with daemonization, but this will be addressed in a separate issue
To accomodate future additions, DNSSEC and RTT information is now also included in the data set.
* remove leftover syslog message
* unbound / overview: add UUID as well
* unbound / overview: account for null return_msg objects
* unbound / overview: Move DNS statistics to reporting->dns, add detailed grid
This also introduces the option to clear the DNS data. Also restructure the data to a more sensible flow representation.
