This commit adds a new component linked in Interfaces/Neighbors which offers the ability to manually register static leases and provides application control from other modules such as dhcpd. To minimize the risk, we're reusing the existing interfaces_staticarp_configure() hooks while only adjusting how static arp entries are being attached to the interface (match on addresses assigned when triggering with an interface).
Entries registered via dhcp will be visible from the ui as well together with its origin.
The previous version didn't cleanup old static entries, this version triggers a cleanup when executed for all interfaces using all earlier modifications processed via the same function (interfaces_neighbors_configure()).
This commit imports part of the changes from @swhite2 which will keep the legacy handling intact for the first stage of the migration. It should be backwards compatible with the previous (23.7.x) code.
Changes new in this commit which where not in the original PR:
1) dpinger_status() missed $gwitem which rendered gateways statusses down
2) Model version number set to 0.0.1 so we can use the migration later to step into 1.0.0
3) Gateways->gatewayIterator() do not yield MVC records ensuring we are still using legacy config data when being called.
Omit the dependency on wireguard-kmod as we will be targeting the kernel
module with 24.1. Some people may run into this but it's safer than
trying to rely on a package that won't be available going from 23.7 to
24.1.
When \Deciso\OPNcentral\Central exists, there might be multiple providers to select from, so we can easily reuse the same component in both versions.
closes https://github.com/opnsense/core/issues/6828
The idea of list_interfaces.php was good so let's take it further
and inline the use into legacy_interfaces_details() and moving the
patterns to a shared function. Also add a device name hint in case
the array key is not passed for some reason which can help when
inspecting debug data. Since legacy_interfaces_details() is already
available in pluginctl -D replace the action command and drop the
obsolete script.
Migrate ui to MVC, wrap model around existing configuration area to remain backward compatibility.
To avoid laggs configured via console not being reachable from the gui, add a uuid to it.
To allow legacy services without a model to hook into the `ApiMutableServiceController`, we define a protected `serviceEnabled` function that by default checks the given `internalServiceEnabled` property to see if a service is enabled, but allows derived classes to override the functionality. We loosen the property restrictions in `initialize()` by moving the checks to their runtime implementations.
DHCPv4/v6 is modified here to hook into this change, but since the `actions_services` requires the keyword `service`, which isn't used by the mutable service controller, we define start/stop/restart/status actions in the `actions_dhcpd.conf` and the new `actions_dhcpd6.conf` files.
- reworks the get_leases.py script to accomodate the "last declaration is the current one" logic from dhcpd.leases(5). (neither core nor plugins is currently using this action)
- includes binding states for failover setups in dhcpd.py lease file parsing. These are included in the leases page if show inactive is selected.
- adds small utility function in Firewall/Utility to check wheter a given IP (4 or 6) is within the bounds of a given CIDR block. Needed to bind a lease declaration to an interface in the front end.
- remove dhcpleaseinlocaltime property from services_dhcp.php. dhcpd.py works with epochs, so we only need to convert to a sensible local date in the controller.
- implements multiselect lease deletion
- implements multiselect interface filtering
- does not yet hook into ApiMutableServiceControllerBase, since the legacy configuration makes it a bit tricky.
* VPN: OpenVPN: Instances (MVC)
bugfixes and additions:
o fix lookup in tls_verify.php
o add auth attribute
o fix connection status reporting non existing clients
* VPN: OpenVPN: Instances (MVC)
bugfixes and additions:
o add missing syshook for startup at boot
o show instances in connection states when not connected
1. The process runs forever to retain proper state, periodically
syncing the configuration data in order to react correctly.
2. Missing gateways are not an issue. They will not alert or stick
to their last verified value.
3. We stop reacting unless a default gatway switch action will follow
or the gateway is part of a gateway group. Triggers are not refined
for now so we just let it run in full processing if a candidate.
4. Emulate the strange monitor alarm output although I don't see the
use for all of this cryptic goo. The alarm state (0, 1) was changed
to reflect the observed transition causing the alarm script to run.
5. Move the action for the script alarm to the script itself. Requires
a bit of backend shuffling as well.
6. Only create one script to watch all monitors. Easier to manage and
to present as service (which can be stopped and started if needed).
- The "internally generated" ACL entries have been removed in favor of a wildcard (well, a wildcard and localhost)
- Users can now change the default action used by the wildcard: either allow, deny or refuse.
- The legacy implementation wasn't very strict (you could add an entry without any input), this does at least require a name and at least one network. To facilitate the migration, if the 'name' property was empty, it will be set to 'Unnamed ACL'. Entries without defined networks will be discarded without notice.
o add new mvc module
o migrate existing data
o add getOverwrite() in OpenVPN model to retrieve data structured as legacy data to make this an easy drop-in
o rename virtual_addr --> virtual_address in status call out
o add new endpoints to search connections and routes, kill sessions and service control
o remove old status page status_openvpn.php and change ACL and Menu registration
o offer two tab view on sessions / routes
o service controls (restart/start/stop) are shown for non client based records (p2p and client mode) or when no clients are connected.
We do have to jump through a few hoops to make this work. First and
foremost during validation the model should have a "cleansed" view
of its data which means we add the subscription as a separate field
and append it to the mirror after validation.
It might be good to straighten this out later, also in the get path
so that we can hide all required translation in the controller until
we can move this to a standard GUI component and straighten out the
mirror read on the other end when subscriptions are required (but
currently no appended).
