if the gateway structure contains a <gateway_item/> as first element, technically speaking $config->gateways->gateway_item is empty. Better to check for children when gateway isn't empty to prevent none of the gateways being rendered in these cases.
setconf can fail for DNS resolution reasons. It is being considered
a configuration parsing error so nothing gets set on the instance.
However, our code remembers that the instance was fully set up although
that is not the case. The newwanip event was handling DNS renew but
does not understand that the configuration is not complete.
Replacing reresolve-dns.py by doing syncconf works, but this is used
as a cron-based script and likely does the job it is intended for.
Instead rehook the newwanip event into a simple syncconf invoke which
takes "more" time (according to the man page) but won't touch existing
peers being connected while still fixing any configuration mismatch
in the (possibly stale) instance.
Channels for "list chan" and "list txpower" may be in a side by side
2 column layout which makes the current parsing fail and miss half
the channels. Replace the parsing with "sturdy" regex to collect all
the results and also make sure that all modes and fallback modes have
the actual channel information. Also clean the templating in the
static PHP file a little in related areas.
This commit addresses a couple of possible issues.
1. When a sequence of carp events is being processed and these processes lock eachother, its possible that collected interface state via legacy_interfaces_details() doesn't match the active one anymore. To prevent this from happening, only fetch the wireguard interface we're interested in inside the lock.
2. To limit the number of events being handled in wg-service-control.php it's likely cleaner to push the vhid as well when we're handling carp events. This means that we should switch between server id (current parameter) and vhid by looking at its format.
3. In case the target (wg) interface doesn't exist, make sure to create it. Although in practice this shouldn't happen (as the stat file is being removed on boot), dropping an interface manually should preferably lead to a funcitonal setup anyway (otherwise it will crash trying to pull it up)
4. When a vhid is passed and affects the interface in question, log relevant information to syslog.
When migrating Category this fails with an error:
Fatal error: Uncaught Error: Call to undefined method OPNsense\Firewall\Category::flushCache() in /usr/local/opnsense/mvc/app/library/OPNsense/Firewall/Util.php:176
Stack trace:
#0 /usr/local/opnsense/mvc/app/models/OPNsense/Firewall/Migrations/M1_0_0.php(103): OPNsense\Firewall\Util::attachAliasObject(Object(OPNsense\Firewall\Category))
#1 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(711): OPNsense\Firewall\Migrations\M1_0_0->run(Object(OPNsense\Firewall\Category))
#2 /usr/core/src/opnsense/mvc/script/run_migrations.php(54): OPNsense\Base\BaseModel->runMigrations()
#3 {main}
thrown in /usr/local/opnsense/mvc/app/library/OPNsense/Firewall/Util.php on line 176
We don't even need the full rc.configure_firmware script as that
is for after a core package was updated. Rather we just want the
actual firmware settings to reload so we add a different path for
it. Now it is faster than it ever was.
When children are not of ArrayField type we're only cloning an empty structure which should be relativly safe and can be practical to offer grouping inside the model.
Add iterateRecursiveItems() as easy to use "dig" function to crawl through the model from any given point.
It's a bit of an experiment, but being able to drag the modal is practical sometimes. This commit attaches mouse events to drag on the header of the model so we can move the modal offset, when reopening the same it resets back to its starting position.
The VIPs are bound to the scope so we need to add it to the
address lookup. From the controller emit the same "@" usage
which is used to indicatge a scope, but not no a network
device. If encountered translate the scope back to a network
device and use the proper "%" syntax.
This is a bit of a tricky one, delBase() always locks, which enforces the proper sequence in concurrent operations, but when reading the config first with getModel(), we are locking the wrong state (memory doesn't equal disk anymore).
The new physical_interfaces() helper simplifies the constructions where we just need a list of configured device names, skipping the ones that don't exist.
Refactor existing core templates to remove the use of the interface.macro file.
Ok, so now we work with 1.20 but cannot use it because we can't render
the repo file before pkg updates itself and causes it to malfunction.
That means we cannot add 1.20 before 24.1.1.
Even if we fixed our mirror to be SRV compatible two facts remain:
1. We cannot control third party mirrors which will likely all be
plain HTTP(S).
2. pkg 1.20.x from FreeBSD will still break firewall operation and
upgrades if left on the system so we make the situation better now
to bite the user later on.
flushed states are propagated to pfsync, which means a machine
in backup state is still vulnerable to any event that hooks
into the interface_bring_down logic on the primary machine.
