- forgot to mark fields virtual, which triggers a model save to create xml attributes
- if fields are missing in the datastream, UIModelGrid would crash out.
Since 2b7beb78b3804f6 it's possible to operate link-local addresses
in virtual IPs, but now these get picked up by radvd and that should
not be the case.
Reported by: @bimbar
Omit rule info as this is already visible in the Firewall/Rules section, nat as well, although the statistics could be of use eventuallly elsewhere (pfctl -vvsnat)
commit 8a3fd0057817836c0f0baaa28123b61ccd8b39fd
Author: Ad Schellevis <ad@opnsense.org>
Date: Sat Oct 16 14:24:12 2021 +0200
system activity: show all threads and correct WCPU, minor cleanups for https://github.com/opnsense/core/pull/5277
commit a2e3ad0b5e971b48687fc6f1291e420ad4caef6e
Author: Franco Fichtner <franco@opnsense.org>
Date: Fri Oct 15 07:55:23 2021 +0200
interfaces: style update in previous
commit 5ab238d32e4a3f5bdebf1e0d0786672636c1fc2b
Author: Jason Crowley <65243090+jasonpcrowley@users.noreply.github.com>
Date: Thu Oct 14 14:23:40 2021 -0500
Updated guess_interface_from_ip to more accurately identify the interface using the subnet with the largest mask in the route table. (#5281)
commit c87a39efd6833ae091f47e0faec6f9d5b1a937f6
Author: Franco Fichtner <franco@opnsense.org>
Date: Thu Oct 14 14:49:11 2021 +0200
firmware: in case of fs integrity issues try not to break upgrades
File is always packaged, but we cannot trust the file system.
commit cd0e482fc24183918e5a49b8b9c0d28f80d40274
Author: Franco Fichtner <franco@opnsense.org>
Date: Thu Oct 14 11:11:37 2021 +0200
interfaces: undo restricting lookups to configured interfaces only
In practice call stack above get_interface_ip*() is too messy and
this will likely break a number of lookups.
commit d9831296220e65aefaa375f9a06b91b995c001f6
Author: Ad Schellevis <ad@opnsense.org>
Date: Thu Oct 14 10:56:42 2021 +0200
IPSec - VTI, ignore tunnel devices if local or remote endpoint can't be found.
commit 680f189fe5db2d6074bb2786e9b6b2df5c2ddb23
Author: kulikov-a <36099472+kulikov-a@users.noreply.github.com>
Date: Thu Oct 14 22:44:49 2021 +0300
toggle 'top' to tid. get pid from 'procstat'
commit 355a337486bbc8a68cd193d091588119b4563b7f
Author: kulikov-a <36099472+kulikov-a@users.noreply.github.com>
Date: Thu Oct 14 22:38:15 2021 +0300
add tid column and make it key
commit efacc976e2b691798dfbccacf62e15d8bc657ef4
Author: kulikov-a <36099472+kulikov-a@users.noreply.github.com>
Date: Thu Oct 14 09:14:51 2021 +0300
Update src/opnsense/mvc/app/views/OPNsense/Diagnostics/systemactivity.volt
Co-authored-by: Franco Fichtner <franco@lastsummer.de>
commit c3bdf26795b9f276b1bbaa9f7355edbb8d3fa206
Author: kulikov-a <36099472+kulikov-a@users.noreply.github.com>
Date: Wed Oct 13 22:32:03 2021 +0300
show all threads
commit 7c98ddaea935edd6806e8febdcf021735cc38d2e
Author: kulikov-a <36099472+kulikov-a@users.noreply.github.com>
Date: Wed Oct 13 22:28:12 2021 +0300
request and grab second display
Although the command parameter may also contain parameters (as they are eventually concatenated), for single commands it is cleared if commands and params are defined separately.
When no parameters are supplied, we should assume empy as we do with all other access parameters.
Although dhcpd_staticmap() is a great idea from the resolvers point of view, the status pages have a bit different requirements. The easiest fix is to merge requirements, although this has the downside of making the function a bit more convoluted, which is a price we probably better pay for now.
My original suspicion that the line "if (!empty($value) || $key == 'start' || $key == 'end') {" looked odd seemd to be right, as it will omit lease information when actually there.
When someone adds an intermediate certificate into the trust store leading either into a missing or expired root, other paths aren't being evaluated anymore, leading into verification errors.
In case someone would like to enforce saving the intermediates, System->Settings->General introduces a new trust section to revert back to the old behaviour.
ca-root-nss should be valid at all times, we shouldn't (ever) try to cleanse whats being shipped as part of the system, but user input can be unsafe leading to dangerous situations.
Eventually we could also consider preventing bundles being imported in the authorities section, but that wouldn't fix issues with already deployed certificates and user input can still lead to broken chains easily.
