It would be better if we didn't clean up as a side effect when running
a per-device configuration but the way vxlan/loopback were written that
only happens in batch mode so at least try to keep the other devices
as is and clean up any stray objects.
We could push this further, but as we can see the risk of regression
is real so do not try to touch the code any further for now.
This brings it in line with migrations although both hinge on
the idea that rc.configure_firmware is called to execute this
code. Both need a better integration but bringing them to the
same level seems to make the most sense.
After reboot the config is in a consistent state now too...
Remove previous plugins_interfaces() call and always use full
path to pluginctl like most spots already do.
We should catch $fp == null for whatever reason it
happens. Make sure the file exists and open for
read-only. Close pointer afterwards to avoid other
wonkiness.
When using multiple aliases per interface, disabling binding on one could
potentially disable binding for other aliases on the same interface, depending
on the order of the VIPs in the config. The 'alias' setting was evaluated
regardless of whether the subnet matched, so if a previous VIP for a matching
interface had matched on subnet, the current VIP's 'bind' setting would be
applied to the interface address even though the current VIP's subnet didn't
match.
o provide option to delete entries
o show Ikeid and Reqid including optional phase[1|2] description when provided
o extend fields with data provided from setkey -D
As we stopped using "required" in our spd entries we need other means to remove previously manually added ones.
This commit collects all policies that are likely inserted manually and removes the ones that are being used in active phase 2 entries (reqid) configured with manual entries.
Combined with the new diagnostics page a user should be able to manually remove entries we couldn't automatically cleanup due to the risk of removing unrelated manual entries.
Also cleanup the logging a bit as the previous messaged where added for temporary use.
o Since $records can contain all sorts of data, we need to make sure we're not trying to cast arrays to string as it would raise an error
o When applying, we need to do so before searching and splicing to avoid only sorting the visible items
o add a remove button hooking spddelete to remove entries when not cleanedup correctly for some reason to ease maintenance
o add reqid to IPsec phase 2 tunnel view for clarity so we can easily inspect if traffic is trying to pass the right policy
o show Ikeid and Reqid including optional phase[1|2] description when provided
o extend fields with data provided from setkey -DP, but keep them deselected in the default view (e.g. Upperspec, Mode, Type, ..)
