lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 16:44:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,282 Commits 1 Branch 0 Tags
Commit Graph

13282 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Franco Fichtner
a137d96af8 firmware: in case of fs integrity issues try not to break upgrades 
File is always packaged, but we cannot trust the file system.
 2021-10-14 14:49:11 +02:00
Franco Fichtner
0c0a2fec3b interfaces: undo restricting lookups to configured interfaces only 
In practice call stack above get_interface_ip*() is too messy and
this will likely break a number of lookups.
 2021-10-14 11:11:37 +02:00
Ad Schellevis
38efe9d9d6 IPSec - VTI, ignore tunnel devices if local or remote endpoint can't be found. 2021-10-14 10:56:42 +02:00
Ad Schellevis
bb9b8820c6 VPN / IPsec / Phase1 = add closeaction parameter, partly taken from https://github.com/opnsense/core/pull/5275 by @pmhausen 2021-10-12 22:29:09 +02:00
kulikov-a
2e5d8ecf75
jquery.bootgrid.js: convert on append (#5269) 2021-10-12 09:28:51 +02:00
Ad Schellevis
a16fbdf2c5 VPN / IPsec / Advanced settings - add charon.max_ikev1_exchanges option, closes https://github.com/opnsense/core/issues/5268 2021-10-11 20:23:23 +02:00
Ad Schellevis
d54a1c386b configd - static parameters ignored when no dynamic ones exist. closes https://github.com/opnsense/core/issues/5270 
Although the command parameter may also contain parameters (as they are eventually concatenated), for single commands it is cleared if commands and params are defined separately.
When no parameters are supplied, we should assume empy as we do with all other access parameters.
 2021-10-11 20:22:38 +02:00
Franco Fichtner
bb40865287 src: style sweep 2021-10-11 08:05:15 +02:00
Ad Schellevis
b209212fb1 Services / Unbound DNS / Blocklist - add Abuse.ch ThreatFox list. closes https://github.com/opnsense/core/issues/5266 2021-10-10 16:13:49 +02:00
Ad Schellevis
973881da8c Services / DHCPvX - while looking at https://github.com/opnsense/core/issues/5264, noticed devices that moved across interfaces aren't treated accordingly as the code assumes a mac/duid is unique. 
(this might trigger other edge-cases as this all is a rather simplified look on reality, but at least updates all instances in stead of a random one)
 2021-10-08 20:34:35 +02:00
Ad Schellevis
8547872c4b Services / DHCPvX - refactor dhcpd_staticmap() so it takes empty (descriptive) only leases and protocol family into account. closes https://github.com/opnsense/core/issues/5264 
Although dhcpd_staticmap() is a great idea from the resolvers point of view, the status pages have a bit different requirements. The easiest fix is to merge requirements, although this has the downside of making the function a bit more convoluted, which is a price we probably better pay for now.

My original suspicion that the line "if (!empty($value) || $key == 'start' || $key == 'end') {" looked odd seemd to be right, as it will omit lease information when actually there.
 2021-10-08 20:09:13 +02:00
Franco Fichtner
40f9c20e9c firmware: looks nicer this way 2021-10-07 10:44:35 +02:00
Franco Fichtner
9ccc46c8d7 firmware: since opnsense-update is silent for scripting make some noise here 2021-10-07 10:39:38 +02:00
Ad Schellevis
1b336f3ccc firewall - CARP defaults. our default has always been to allow carp unconditional, which currently doesn't seem to make sense changing. However the "block carp from self" rule was translated incorrectly when changing our plugin structure and doesn't seem to be that useful at all (anymore). 
This commit removes the rule, which originated from 986a3accd4

(https://forum.opnsense.org/index.php?topic=25019.msg120273#msg120273)
 2021-10-06 17:31:36 +02:00
Ad Schellevis
56e66ec809 System / Trust / Authorities - flush certs when "Store intermediate" changes. closes https://github.com/opnsense/core/issues/5257 2021-10-06 15:53:35 +02:00
Ad Schellevis
5b9d7baccb System / Trust / Authorities - do not flush intermediate certificates by default into the local trust store. as discussed in https://github.com/opnsense/core/issues/5257 
When someone adds an intermediate certificate into the trust store leading either into a missing or expired root, other paths aren't being evaluated anymore, leading into verification errors.
In case someone would like to enforce saving the intermediates, System->Settings->General introduces a new trust section to revert back to the old behaviour.
 2021-10-06 12:43:29 +02:00
Ad Schellevis
d8ddef45e8 Trust / Authorities - prevent expired certificates from being flushed to disk to avoid non valid paths being trusted. (ref https://github.com/opnsense/core/issues/5257) 
ca-root-nss should be valid at all times, we shouldn't (ever) try to cleanse whats being shipped as part of the system, but user input can be unsafe leading to dangerous situations.

Eventually we could also consider preventing bundles being imported in the authorities section, but that wouldn't fix issues with already deployed certificates and user input can still lead to broken chains easily.
 2021-10-05 11:40:54 +02:00
Franco Fichtner
f129c4682b interfaces: deprecate *up(v6) files, PPP is only user 
Create a more distinguished file _uptime which could be used later
for other things.  Adjust scripting and remove unneeded cruft.
 2021-10-05 10:09:12 +02:00
Franco Fichtner
662e241eed src: minor syntax issues here 2021-10-05 08:46:10 +02:00
Franco Fichtner
14b46feee2 make: use slight modify for checking all potential files 2021-10-05 08:45:43 +02:00
Franco Fichtner
062d51889e contrib: add parallel-lint 1.3.1 
Avoid pulling in composer.  Looks easy enough to manually load classes.
 2021-10-05 07:59:17 +02:00
Franco Fichtner
cff444c9df firmware: forward alpha snapshot 2021-09-30 10:12:04 +02:00
Franco Fichtner
63790b1660 interfaces: exclude "tentative" like "deprecated" 
Deprecated shouldn't be used, tentative can't be used (yet).
 2021-09-29 11:27:34 +02:00
Franco Fichtner
e0bcb7bd23 interfaces: support disabling bind to IP aliases; closes #5086 2021-09-29 10:50:15 +02:00
Frank Brendel
466ac29950
monit: add Link event to alert settings (#5242) 2021-09-28 09:29:10 +02:00
Franco Fichtner
13e311e057 firmware: make uprade testing easier 
For people who want to have fun upgrading into snapshot
releases:

    # opnsense-update -uz
 2021-09-28 08:10:27 +02:00
Franco Fichtner
7063dc9e02 firmware: shift away from old-style firmware-xxx files 
opnsense-update can read the upgrade hint itself.  We may have
to stash an ABI in there to reach to a different location without
the need to publish a symbolic link.

Move the firmware message to a data location for cleanliness.
 2021-09-28 07:38:21 +02:00
kulikov-a
b9de69fe44
configd_ctl.py: catch broken pipe on event handler (#5235) 2021-09-24 21:51:56 +02:00
Ad Schellevis
eb85feceb8 Firewall/NAT/Port Forward - fix non sticky filter rule association, closes https://github.com/opnsense/core/issues/5234 2021-09-23 22:35:36 +02:00
Ad Schellevis
0e10b291b2 Interfaces/Other Types/LAGG : add lagghash option, closes https://github.com/opnsense/core/issues/5208 2021-09-23 19:45:27 +02:00
Franco Fichtner
761871d8b6 openvpn: add tlsmode to copy fields #4592 2021-09-23 07:54:52 +02:00
kulikov-a
eaf378f269
diag_testport.php: set verbose (#5231) 2021-09-22 16:47:52 +02:00
Ad Schellevis
500c82f181 Firewall - refactor getInterfaceGateway() to support extracting a dynamic property instead of the fixed address, refactor route-to behaviour to match reply-to and outbound nat. remove getInterfaceGateways() from firewall plugin as being unused now. closes https://github.com/opnsense/core/issues/5230 2021-09-22 15:37:55 +02:00
Franco Fichtner
60eba47090 interfaces: on "dhcp6prefixonly" include tracking interfaces #5086 
This way we can get a GUA on a WAN that works anyway due to
IPv6 magic.  Also protect the return of addresses with the
actual existence of the interface, because otherwise the
VIP readings are inaccurate.  interfaces_addresses() still
works in both modes, but worst case won't map aliases.
 2021-09-22 11:20:32 +02:00
Franco Fichtner
f0aeb0eff1 interfaces: add all sorts of stuff to interfaces_addresses() #5086 
It allows us to do post-processing on returned addresses for
e.g. #5086 alias parsing for unwanted automatic bind mode.
 2021-09-22 11:12:12 +02:00
Franco Fichtner
48f24dfe86 src: style sweep 2021-09-22 11:12:12 +02:00
Ad Schellevis
d6be0bfdb4 Firewall / Aliases - add "virtual" properties to model representing the current pf table stats and represent these in the alias grid. 2021-09-21 19:45:56 +02:00
Ad Schellevis
c96e5f88b4 Firewall / Aliases - minor bugfix in "filter diag table_size" (caf4439cf0) 2021-09-21 16:34:03 +02:00
Ad Schellevis
9da5c28f40 Firewall / Rules - specify overload table on max new connections, closes https://github.com/opnsense/core/issues/5229 2021-09-21 15:27:44 +02:00
Franco Fichtner
ea7709e268 unbound: adjust help text since range domain is being used 2021-09-21 11:42:27 +02:00
Ad Schellevis
42e80e1c3a Unbound+dhcp: fix template, enforce list when querying pools 2021-09-21 11:11:43 +02:00
Franco Fichtner
3fc136b7bd firewall: add automatic outbound NAT logging option 
This is largely for testing our NAT log patch, but might be
useful for someone.

Inline filterlog restart since it uses syslog() and does not
need to be restarted when syslog settings change.
 2021-09-21 09:23:09 +02:00
Ad Schellevis
caf4439cf0 Firewall / Aliases - extend "filter diag table_size" command to include details as well. 2021-09-20 21:59:00 +02:00
Franco Fichtner
82b2ede99b ipsec: add shared function to simplify ipsec code #5201 2021-09-20 20:35:02 +02:00
Franco Fichtner
e2ad649886 ipsec: meh 2021-09-20 15:10:39 +02:00
Franco Fichtner
0cd0b8962d ipsec: add and use find_smallest_cidr6() variant #5201 2021-09-20 15:07:23 +02:00
Franco Fichtner
719b31bc80 src: replace __toString() calls with casts; closes #5225 2021-09-20 12:11:27 +02:00
Maurice Walker
3807cf8b73 router advertisements: remove AdvRDNSSLifetime / AdvDNSSLLifetime bounds; closes #4893 
RFC 8106 removes the bound of acceptable values:

https://tools.ietf.org/html/rfc8106#section-5.1
https://tools.ietf.org/html/rfc8106#section-5.2
 2021-09-17 12:36:31 +02:00
Franco Fichtner
c7c629945e dhcp: try to guide when subnets are too small; closes #4762 
Lots of loosely related changes addressing small bugs and
wrong assumptions of the available IP ranges.
 2021-09-17 12:18:37 +02:00
Franco Fichtner
cbb402cd0f unbound: never used this unbound cache flush spot 2021-09-17 10:53:22 +02:00