This PR pulls query forwarding over the current dot setup, so visually nothing changes.
All API calls are redirected to new Forward functions, which slightly modifies what is returned based on whether "Query Forwarding" or "DNS over TLS" is selected from the menu. This way backwards compatibility is preserved.
As an addition, a user is now able to specify a specific domain for a forward zone as well. Meaning that queries for this specific domain will skip a catch-all (".") domain (if specified), and instead use the server specified for this domain.
Entering a forward zone with a catch-all domain (".") in both Query Forwading and DNS over TLS is considered a duplicate by Unbound, so a static warning for this has been attached in the grid - however, it might be possible for a user to be warned dynamically over this.
Detach the OpenVPN filter reload a little so we make sure it only
executes once if the reconfigure all. Not sure if these are strictly
neeeded but better to keep them now.
I'm not sure why interface_bring_down() is needed when both
IPv4 and IPV6 are empty. It sort of means "handle this the
hard way when doing tunnel configurations" althoug the code
disagrees about the historic comment and the code that was
introduced... "set to none" vs. "ipaddr <> none" and later
"empty(ipaddr)" to match the comment. In the grand scheme of
things this does not matter at all...
So in 22.1.3 we removed the inline configuration of GIF and GRE
which causes interface configuration to strip the addresses
added by device configuration instead of refixing it on the
fly (executing code twice all the time). The code flow was
always correct but in practice tripping over itself so now try
a more sensible approach by stripping addresses when we have
assignments going on individually for IPv4 and IPv6.
PR: https://forum.opnsense.org/index.php?topic=27553.0
Under normal circumstances a tunnel that is assigned to an
interface will be restarted when said interface becimes
available. This is to fix the previous load of the device
when the actual interface wasn't yet ready.
Historic oversight of wedging in a loopback interface in virtual IP
section while not making sure the actual configuration receives a
virtual IP when it needs to. This was previously fixed by a batch
VIP regeneration in interfaces_configure() but we already saw that
this is not needed in 99% of the cases.
PR: https://forum.opnsense.org/index.php?topic=27547.0
Ideally rc.newwanip should be as lightweight as possible, with 8c49c7bfdd in place normal execution doesn't take much time, but it likely doesn't make sense to hook gif|gre interfaces either when nothing has changed.
closes https://github.com/opnsense/core/issues/5624
It might be possible to skip the whole !is_ipaddr(), but the side affects aren't fully clear hence the != dhcp[6] to ease implementation.
Before this commit, dhcp[6] interfaces always tried to reconfigure, which makes the whole comparison quite useless.
related to https://github.com/opnsense/core/issues/5624
We add this here to ensure consistency between the functionalities
of these interface helper files. Not all instances have been
converted, but they can be as time permits. Tested on IPv6.
While here settle on "prefix" for pdinfo as a thing since we
renamed it already anyway.
Looking for things that could go wrong with root.key in Unbound
this could be one of those. Still, at this point we may not have
received DNS servers from the ISP since these are registered much
later (10-newwanip).
Great opportunity to ditch prefer_ipv4_or_ipv6() since we need it
for resolving which we set up alongside and in the right spot.
Not sure about nameserver.sh name and scope yet so try to
hide it under a link. We can always change the name later
although having .sh suffix helps us lint the script more easily.
Historically both make sense but nothing calls configd_ctl.py
directly anymore so we can either leave it at that or merge
the code and behaviour into configctl. (Or better yet set a
symlink to configctl).
Also now we can grep for "interfaces_vlan_configure" to see both
and "interfaces" is the actual prefix to be used from interfaces.inc.
Later we should try to avoid calling "_" prefix functions from code
not in interfaces.inc.
Now we circle back from dnspython2 to dnspython "just because".
This is too tedious to even complain about. All it does is
wreck opnsense-revert usage... congrats to all involved.
Cite the manual page on the MTU requirement of (additional) interfaces.
This isn't the first time we add to a bridge since we make sure that
both interfaces exist which can only happen at the end of the boot sequence.
Speed up the reading of ifconfig values by only obtaining it once.
According to history at one point around 2011 FreeBSD removed
a special feature from GIF being able to attach to a bridge
with a lower MTU but althoug those times are long gone and
efforts to retain a patch in project history have made this
silly code stick around for over a decade when the better half
of this decade this didn't work and also nobody reported it.
* Interfaces: Other Types: VLAN - Add stacked VLAN support (IEEE 802.1ad / QinQ) for https://github.com/opnsense/core/issues/5560
This commit adds QinQ to the new VLAN MVC implementation.
o Implement new interface nameing, vlan_XXX for vlans and qinq_XXX for QinQ interfaces, to keep the names static its much easier to cope with changes.
o For backwards compatibilty keep existing interface naming for old entries.
o interfaces_vlan_configure() is only called during bootup and should enforce proper ordering in device creation (vlans first stacked later)
o interface_vlan_configure() remove pcp tricker around 0 as the model will enforce zero's anyway
o lock vlan when being used in QinQ interfaces
We can now safely check packages kernel and base set version from
opnsense-update. The basic idea is still that a packages set marker
is included now so we can refrain from updating packages once we
are crossing over a major version barrier using said packages set.
