new call `configctl ipfw stats`
There are some assumptions in parsing these stats, ipfw/dummynet man page doesn't seem to provide mich insights on the details delivered by the various "show" commands.
for https://github.com/opnsense/core/issues/3994
Some tunnel interface types, such as Wireguard and Tinc do support sending traffic to the interface without an intermediate host. Since we don't want to add different static checks (and would like to get rid of the ones there for legacy reasons), it's probably better to add an option here.
old content:
Mar 17 18:19:01 OPNsense filterlog: ,,,,,
new content:
Mar 17 17:11:36 OPNsense filterlog[40511]: ,,,,
Use a regexp to match both in the log parser.
Probably to be included in 20.7. This includes enabling more logging and parsers, our template has been unmodified for quite some time, while the upstream version was improved and better structured.
It doesn't really seem to make sense to try to link groups on different places, if they're only usable for pf which is always reloaded when new interfaces are connected.
The new ifgroup_setup() synchonizes attached interfaces for all configured groups, only rename and delete are still being served from the management pages (to avoid dropping static groups like openvpn).
Currently the API has a strange behavior when we try to add or delete in parallel several addresses in the same alias
For example, while we want to delete multiple address (1 request = 1 address) all the request returns a 200 OK {"status": "done »}, but some address stay in the alias content
The same logic apply for the alias_utils/add endpoint
This behavior can be reproduced with this python script
import os
import subprocess
addr_list = ["10.1.0.0", "10.1.0.1", "10.1.0.2", "10.1.0.3", "10.1.0.4",
"10.1.0.5", "10.1.0.6", "10.1.0.7", "10.1.0.8", "10.1.0.9", "10.1.0.10"]
secret = ""
key = ""
host = ""
existing_alias = ""
for addr in addr_list:
subprocess.Popen(
["curl --header \"Content-Type: application/json\" --basic --user \"" + secret + ":" + key + "\" --request POST --data '{\"address\":\"" + addr + "\"}' http://" + host + "/api/firewall/alias_util/add/" + existing_alias], shell=True, stdin=None, stdout=None, stderr=None, close_fds=True)
With this fix, adding and removing addresses works correctly in parallel
A minor change, previously we requested microtime() twice which always lead to a small difference in revision and backup. If we sync these two timestamps, it's easier to find the previous sitation updated.time matches /conf/backup/config-[updated.time].xml
