opnsense-update can read the upgrade hint itself. We may have
to stash an ABI in there to reach to a different location without
the need to publish a symbolic link.
Move the firmware message to a data location for cleanliness.
We need to make sure both the local and the remote IP belong to
the same CIDR range, which might not be the case if we just
calculate the subnet size required by their direct distance.
Rewrite find_smallest_cidr() to take an array of IPs to calculate
their smallest shared subnet mask. Code is actually pretty simple
and fast. However, we are not going to account for network and
broadcast address reservation unless that turns out to be an issue.
In the IPv6 case assume that /64 is a good approximation of the
result.
Remove code cruft in utilities while at it also replacing a simple
function only called once in setaddr.sh.
commit 46e0383625acfa59e723c390d0b5b2feed8a53aa
Author: Ad Schellevis <ad@opnsense.org>
Date: Mon Aug 23 11:05:53 2021 +0200
Firewall / Log - Live log : support rfc5424 format for https://github.com/opnsense/core/pull/5175
commit 0cf3030724d02181991436b324fe5fc70118d4d5
Author: Ad Schellevis <ad@opnsense.org>
Date: Sat Aug 21 09:36:56 2021 +0200
System logging - switch local logging to rfc5424 format.
Allow custom destinations to choose for rfc5424. closes https://github.com/opnsense/core/issues/4911
commit a46e39bcecca6dab1d5a68a0e7f481ea42c16034
Author: Ad Schellevis <ad@opnsense.org>
Date: Fri Aug 20 18:23:22 2021 +0200
System logging - switch local logging to rfc5424 format.
add severity filter to api and log pages
commit b0f38003d7745a01202ffca5e7b5b697ff211f1e
Author: Ad Schellevis <ad@opnsense.org>
Date: Fri Aug 20 15:42:58 2021 +0200
System logging - switch local logging to rfc5424 format.
Split BaseLogFormat into a generic LogFormat and a child NewBaseLogFormat to be able to support both property and method based parsers to keep (external) plugins compatible.
commit 264513f148185faf4a4509bc19aa35739c9844f9
Author: Ad Schellevis <ad@opnsense.org>
Date: Thu Aug 19 19:56:19 2021 +0200
System logging - switch local logging to rfc5424 format.
Refactor log parser (BaseLogFormat), since the plugins use this as well we might have to undo a bit or refactor those as well.
This will need a new version of py-dnspython (py-dnspython2 in ports) for dns.asyncresolver support. Some additional log messages have been added to gain more insights into the resolving process via the general log.
Intermediate results aren't saved to disk anymore, which also simplifies the resolve() function in the Alias class. An address parser can queue hostname lookups for later retrieval (see _parse_address()) so we can batch process the list of hostnames to be collected.
o add "Automatic user creation" option in System/Access/Servers (for ldap + derivatives)
o simple detached flow, updatePolicies() calculates differences between local and remote group membership, when there is something to sync (remote groups exists) and a local user doesn't exist a configd signal is send to create a new empty user without rights and a random password.
The user_dn field isn't populated, although this will cost additional queries to the remote host, it might be worth the flexibility of allowing to move users to different auth scopes.
* Allow DNS resolver to skip entry on EmptyLabel
A name like '.example.com' is not a valid name, but should be handled like a non existant name instead of throwing an exception
CARP in IPv4 and IPv6 uses the IP header's "ttl" or "hoplimit" so
that we use the same name for reading it to avoid duplication.
The values are the same in any case.
Change "flowlabel" to "flow" to avoid confusion with "label".
Change IP "version" to "ipversion" and consolidate CARP "version(2)"
into "version".
o Create a persistent directory to feed the unbound includes
o Move runtime data to /tmp directory
After reboot we use the old persistent list still available.
I am not sure if it's clear enough that the blacklists cannot
auto-update and therefore require a cron job or manual update
from the respective GUI page ("apply" essentially is "download
and apply").
o add api endpoint and ui to kill states using filter (kill by host or network as well)
o show ruleids in service control spot to filter states for a specific (auto-generated) rule
o support passing a ruleid to the ui page to limit selection, e.g. /ui/diagnostics/firewall/states#d0953c4424f27d5249027086b4599999
