lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-17 01:54:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
14,474 Commits 1 Branch 0 Tags
Commit Graph

14474 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ad Schellevis
85bc68df66 Firewall/NAT/Port Forward - simplify logic for delete and toggle and make sure to toggle firewall rule as well. closes https://github.com/opnsense/core/issues/5548 
while here, also remove the dblclick behaviour on <tr/> as we have removed that on firewall rules years ago (d52fc47acc)
 2022-09-19 11:45:06 +02:00
Wagner Sartori Junior
3c59ce3b61
VPN/IPsec - Fix bug when tunnel isolation is disabled (#6033) 
Fix #6022 that will add multiple phase 2 IPs to the same interface when tunnel isolation is disabled.
 2022-09-19 10:15:41 +02:00
kulikov-a
98f21ed601
unbound: reduce blocklist read timeout (#6030) 2022-09-18 10:14:12 +02:00
Ad Schellevis
1ba8910df4 System/Trust/Revocation - remove unnecessary crl_update() calls in crl export and openvpn as the contents in the text field should be populated in earlier calls (e.g. cert_revoke(), cert_unrevoke()). closes https://github.com/opnsense/core/issues/6005 2022-09-17 20:04:36 +02:00
Ad Schellevis
67e4a1dd99 System / Trust / Revocation - only use withPadding() for RSA based public keys. regression in 9606957ef8 2022-09-16 10:34:35 +02:00
kulikov-a
24aa099509
Dashboard / widgets / OpenVPN - link event before scripts stripping (#6023) 2022-09-14 18:43:59 +02:00
Ad Schellevis
2aaffc372d Merge branch 'kulikov-a-pftop_formats' 2022-09-14 11:14:39 +02:00
Ad Schellevis
f22c05ec61 Firewall/Diagnostics/Sessions: parse pftop internal data conversion (minor cleanups for https://github.com/opnsense/core/pull/6020) 2022-09-14 11:13:55 +02:00
kulikov-a
0f84667e37 parse pftop internal data conversion 2022-09-13 17:53:24 +03:00
kulikov-a
f4f05f23d5
OpenSSL: follow RFC on basicConstraints too (#6018) 2022-09-13 13:24:54 +02:00
Ad Schellevis
e4be9320a9 Merge branch 'soif-arp_table_hostname' 2022-09-13 11:56:33 +02:00
Ad Schellevis
1548ae0eb7 Interfaces / Diagnostics / ARP Table - small cleanups for https://github.com/opnsense/core/pull/6016 2022-09-13 11:55:05 +02:00
moi
d2ee799998 Merge commit '7a06f387ca7fd6dea91a9c94adeaf44cf7d6fd8e' into arp_table_hostname 2022-09-12 23:17:20 +02:00
moi
5f4cd3306f ARP table: IP addresses natural sort 2022-09-12 23:12:15 +02:00
moi
cdc4189b1b Optionally use reverse DNS resolution for ARP table hostnames 2022-09-12 23:07:46 +02:00
moi
f2f158d884 list.arp additional parameter 2022-09-12 23:05:17 +02:00
moi
d5d837487f Resolves DNS only when -r arg is set + use Arp Internal DNS resolution 2022-09-12 23:03:51 +02:00
kulikov-a
7a06f387ca
OpenSSL: add keyUsage extension in CA config (#6017) 
see https://www.rfc-editor.org/rfc/rfc5280.html#section-4.2.1.3
 2022-09-12 19:42:56 +02:00
gacekjk
a256ae1a8d
Services / Proxy - update pattern to zst for the Arch packages (#6014) 2022-09-12 19:23:56 +02:00
soif
de07e8dcf1 ARP Table: hostname uses reverse DNS lookup as fallback 2022-09-12 12:30:33 +02:00
Franco Fichtner
745d46c4ee interfaces: reload newwanip event for IPv6 for each tracked LAN as well #5966 2022-09-08 14:00:48 +02:00
Franco Fichtner
42caf521af system: 'host' shall not be empty 2022-09-07 08:21:45 +02:00
Franco Fichtner
144a9c64b8 interfaces: whitespace 2022-09-07 08:08:53 +02:00
kulikov-a
7e8ac1eb59
certs: misleading message (#6004) 2022-09-06 12:36:58 +02:00
Stephan de Wit
96229a2e23 traffic widget: fix missing tooltip 2022-09-06 09:36:11 +02:00
Ad Schellevis
9606957ef8 System: Trust: Revocation - phpseclib3 UnsupportedAlgorithmException() issue. 
According to the notes in https://phpseclib.com/docs/x509 the signCRL() method previously set the signatureAlgorithm by default (sha1WithRSAEncryption), without specific request we now seem to be using SIGNATURE_PSS by default.

```
Note that whereas in the 1.0 and 2.0 branches, the signature algorithm was set by using an additional parameter in the sign method (or signCSR, signCRL, etc) in this case it's set based on the key. So if you want to create an rsaEncryption X509 cert you'd need to do $publicKey = $publicKey->withHashing(RSA::SIGNATURE_PKCS1) since, by default, RSA keys use RSA::SIGNATURE_PSS.
```

This commit implements the suggested approach to revert the default hashing back to what it was, which at least generates CRL's and is properly handled in validateSignature().

Most likely this fixes https://forum.opnsense.org/index.php?topic=30164.msg145633#msg145633

cc @swhite2
 2022-09-04 15:13:29 +02:00
Ad Schellevis
76fb91f071 System: Trust: Revocation - Consider dates after 2050 as lifetime in GeneralizedTime format (rfc5280#section-4.1.2.5) to prevent generating invalid certificates. 
Our current default of 9999 days will calculate to a date in 2050, we could either choose to cap on 20491231 here or set to lifetime, the latter seems to be more logical when the number of days is higher than a couple of years.

fix a small php 8 notice as well in the same scope.

noted here https://forum.opnsense.org/index.php?topic=30164.msg145665#msg145665
 2022-09-04 11:28:40 +02:00
Ad Schellevis
e1d8b471d0 Interfaces/Other Types/VLAN - pass proto to vlan interface for 802.1ad (QinQ) interface types. 
Currently this doesn't work (yet), likely needs https://reviews.freebsd.org/D35848 so vlanproto can be set after the interface creation phase (now it's only possible to set proto there).
If `ifconfig XXXX vlanproto 802.1ad` sets the property, we do need this code to make sure we set these on QinQ parent vlan tags. As a workaround we could pass proto in legacy_interface_create() as well to make this (only) work on boot, but looking at the upstream fix, this might be something easy to pull in the near future.

for https://github.com/opnsense/core/issues/5893
 2022-09-03 15:31:25 +02:00
Stephan de Wit
f6cebb421b phpseclib: also include version 3 in certmanager for CSR parsing 2022-09-02 11:15:46 +02:00
Franco Fichtner
1f567a418a interfaces: ipfw(8) explains that ipfw0 is a logging device 2022-09-02 09:54:50 +02:00
Franco Fichtner
111540815d system: give autoloader a chance to try and load it 2022-09-01 20:08:25 +02:00
Ad Schellevis
fc46a52682 certs.inc - safeguard phpseclib3 loading in crl_update() 2022-09-01 17:24:44 +02:00
Ad Schellevis
3b39e2d1f6 OpenVPN / CRL - trap validateSignature() exceptions to syslog 2022-09-01 16:46:21 +02:00
Franco Fichtner
08e39cb0df src: style sweep 2022-09-01 12:41:26 +02:00
Ad Schellevis
006d79521f Interfaces / Traffic capture - help text fix in https://github.com/opnsense/core/issues/5981 2022-09-01 10:56:16 +02:00
Stephan de Wit
cc6efa4a16
Reporting / Traffic: Upgrade chart.js to v3.9.1 and improve UX (#6000) 
* Reporting / Traffic: Bump chart.js version and improve UX
 2022-09-01 10:21:15 +02:00
Franco Fichtner
8cb79d511b interfaces: fix warning in PHP 8 
'group' property not set when parsing, likely also happens for 'remote'.
 2022-08-31 20:50:22 +02:00
Franco Fichtner
7607a6d968 system: for consistency add -c argument (the default) to pluginctl invokes 
Some facilities might overlap in naming so make it less confusing from
the internal scripting side. "webproxy" had me doubting for a second.
 2022-08-31 09:19:01 +02:00
Franco Fichtner
c1ff59ea02 system: users might miss this so put it back 
rc.resolv_conf_generate like most rc.* scripting magic should
eventually go way.
 2022-08-31 09:05:07 +02:00
Franco Fichtner
683747ddb3 src: style sweep 2022-08-30 21:31:32 +02:00
Ad Schellevis
d0ea4449b2 plist 2022-08-30 17:36:14 +02:00
Ad Schellevis
d8bf03d2e9 Interfaces/Diagnostics/Packet Capture - replace legacy version with new mvc variant. closes ehttps://github.com/opnsense/core/issues/5981 2022-08-30 17:35:45 +02:00
Franco Fichtner
5eb4ac6143 interaces: killed wrong note 2022-08-30 15:35:51 +02:00
Franco Fichtner
2f1a92c075 interfaces: interfaces_hardware() for interface settings page 2022-08-30 15:31:14 +02:00
Patrik Kernstock
07e684310d
ipsec: fixed widget link (#5994) 2022-08-30 15:18:33 +02:00
Franco Fichtner
a9c514d857 interfaces: we split on numeric ID so we have to give full prefix 2022-08-30 08:54:17 +02:00
Franco Fichtner
e82896026c system: tweak validation message 2022-08-30 08:49:49 +02:00
Franco Fichtner
366b7161f2 src: style sweep 2022-08-30 08:45:47 +02:00
Ad Schellevis
4070ad0e2e Interfaces/Diagnostics/Packet Capture - work in progress for https://github.com/opnsense/core/issues/5981 
o host field logic validator
o add remove job action
o add view action (initial version)
 2022-08-29 21:16:49 +02:00
Franco Fichtner
87b3d351ab dnsmasq: restart durng newwanip event 
PR: https://forum.opnsense.org/index.php?topic=29956.0
 2022-08-29 11:20:29 +02:00