This could under the worst case cause the system to hang forever,
but for the time being in development it would be better to find
the issue than glossing over with a -w 30 or so...
o make sure we are not going to exit the start script if rm fails for whatever reason
o add stop action which stops the service and unmounts volumes mounted by start, the current state only kills unbounds primary pid (without optional dhcp integration or mountpoints)
o When row-id isn't specified on a "edit" target, use an empty string
o On form <input> tags support the "type_formatter" attribute, which defines the function to call in order to convert data before sending it to the server. This eases type conversions when needed (e.g. '1' --> 1 using a wrapper which uses parseInt())
o Add support for list type <select> content which offers a sorted list of key,value,selected attributes in addition to the current named array store.
Full example to offer properly typed integers to a backend:
function form_format_integer(payload)
{
if (/^[+-]?[0-9]*$/.test(payload)) {
return parseInt(payload);
} else {
return payload;
}
}
<input type="text" type_formatter="form_format_integer" id="myform.quantity">
Sample data for list type <select> options:
"status":[{"key":null,"value":"-","selected":0},{"key":"PEN","value":"Pending","selected":1}]
* Don't suggest using unreserved top-level domains.
* Use the reserved example.com|net domains for other examples.
* Encourage adoption of the special-purpose internal/site home.arpa (RFC 8375) domain.
o fixes some bugs in default form handling (UIModelGrid), get() vs getPost()
o when properly encoded, sort is an empty array in ApiControllerBase->searchRecordsetBase()
Replaces the current blocklist implementation to use python instead of relying on unbound-control. The latter had the drawback of a very long execution time to administrate the local-data entries both locally and in Unbound. The memory footprint was also considerably larger due to unbound internals, while the python module keeps it all in memory in a simple dictionary - reducing the total amount of memory consumption by more than a factor of 10. A drawback is a potential decrease in performance of ~15%, although most setups shouldn't be affected by this as most hardware which is capable of running this should be scaled towards its intended use.
The option of returning NXDOMAIN has also been added (fixes#6027), which in this implementation is a lot easier than what we would have to do if local-data were to be used.
This is due to e5bace2969c, but since we view the overview page here
I'm not even sure the decision about forward/dot can be correct since
there will be no POST data about 'dot' or the type.
[14-Oct-2022 08:28:20 Europe/Berlin] Exception: Error at /usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/Api/SettingsController.php:67 - Trying to access array offset on value of type null (errno=2) in /usr/local/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php:159
Stack trace:
o minor style fixes and more strict json handling
o easier handle to add commands using a commands named array
$().UIBootgrid({
....
commands: {
myaction: {
method: function(){};
classname: 'fa fa-fw fa-remove',
sequence: 10
},
copy: {
classname: undefined // hide button
}
}
});
Without gettext() wrapping we never produce a string in the
translation for it. It gets passed to gettext() twice then
but that is matters not as the target string cannot be translated
again when called a second time.
* VPN/IPsec - work in progress refactoring ipsec.conf to swanctl.conf for https://github.com/opnsense/core/issues/5636
Wrap the following blocks in functions:
o generation of strongswan.conf
o write and cleanup IPsec's CA database
o write certificates used by IPsec
o write RSA Key Pairs
o construct ipsec.secrets for swanctl, combining different sources, phase1 PSK's, certificates, keypairs
o replace VPN: IPsec: Lease Status with new mvc version that uses swanctl underneath
Remap ipsec.conf to swanctl.conf attributes using https://wiki.strongswan.org/projects/strongswan/wiki/Fromipsecconf
Remove lifetime defaults from phase 1 and 2 so new connections will use Strongswan's defaults and move the option in phase above Margintime/Rekeyfuzz as these combined are being migrated (see margintime in Fromipsecconf doc).
Restructure used path directives so we can use the default structure as descried in https://docs.strongswan.org/docs/5.9/swanctl/swanctlDir.html and installed via ports.
IPsec status overview needs a small fix as well (passthrough network seems to be returned by vici, but doesn't contain a class (which crashes list_status.py).)
While here, also remove some php warnings.
6255148,en,EU,Europe,,,0
Although the same applies for Asia, we can't use AS as country code here, so we do have to skip this for now until we find a better alternative.
6255147,en,AS,Asia,,,0
closes https://github.com/opnsense/core/issues/6063
