While set_single_sysctl() is still somewhat problematic as it
trashes things set by tunables GUI the amount of overlap is
minimal and to some degree unavoidable like the CARP handling
this manually according to user requirements set through related
configuration options.
As soon as rc.bootup execution ended it is safe to acquire
a shared lock on the file making it obsolete to check for
its existence with its previous caveats.
For the time before rc.bootup just assume that nothing
can happen around dynamic network backend reloads as
interfaces are only configured inside rc.bootup.
At last, we seem to be free...
To be precise here move staticarp configure before reload
block in interface_configure() to avoid passing a stale
ifconfig cache as that would trigger a transition twice.
Pass ifconfig cache from where it is available or read it
on the fly (e.g. rc.linkup).
With that cache we can figure out if a transition is required
and so can avoid most of the boot stalling except when staticarp
is enabled on a lot of interfaces, but that was always slow(er)
later on. It should even be faster now avoiding the ifconfig
in the common case.
There is a side effect that dhcp wants to populate the ARP
table and that is still unconditional because we do not know
whether we have new entries added or others removed. Having
them removed might leave them in the ARP table for longer
than necessary, however.
It's not that the current implementation is particularly bad,
but it relies heavily on implied regular flushing of ARP entries
just to keep a consistent functionality which is a big design
flaw. As a stopgap measure remove an ARP entry when we delete
the static mapping for it to keep the entries in sync.
/var/run/booting remains in backend scripts that should not
interfere with boot but we will clean these up later as they
do not need removal but rather a transition to a safer way
than checking for a file (that might not get deleted for
one reason or another.. it has been known to happen).
According to dhcp server the static arp setting persists through a
disabled server but doesn't trigger on disabled or when the staticarp
flag is actually set. To keep the current flow make the configuration
unconditional which makes the problem we are trying to solve worse.
There are 3 callers to the function interfaces_staticarp_configure()
and rc.linkup is one that is not called when booting so it's not our
problem. The remaining two in interfaces.inc and dhcpd.inc should get
to see if staticarp needs to be flipped and thus execute the arp flush
as well under this particular condition.
This allows us to remove all DH handling remnants. If people
want to use a separate content they will have to let us know,
but it seems unlikely. The only impact seems to be a security
bump from 2k to 4k default.
In some cases its practical to use the validation framework without the storage option, for example when it comes to writing diagnostics modules which require validated user input.
This commit adds the :memory: mountpoint which prevents storage to the config.xml and keeps data inside the model object only.
From a top-down perspective it only makes sense if ddns is enabled
globally, but in this case someone went copy+paste a bit too much.
Since now we force ddns-hostname from global state it makes sense
to tie the static override to this as well instead of making a sub-
switch for global functionality for an optional field to smoothen
the expected result.
If this override is actually useful is another question entirely.
* Wireless: Add EAP support for infrastructure mode
Add configuration for WPA2 Enterprise authentication for Wireless
infrastructure mode:
* EAP modes TLS, TTLS and PEAP
* Phase 2 modes MD5 and MSCHAPv2
* CA certificate for server verification
* Certificate for client authentication
* Wireless: dynamically show/hide relevant properties
For wireless interface configuration show/hide only currently
relevant settings to facilitate configuration.
* Show WEP settings only when WEP is enabled
* Show WPA settings only when WPA is enabled
* Show EAP settings only when EAP is enabled
* Show IEEE 802.1X settings only when relevant
* Hide AP-only/Adhoc-only settings when infrastructure mode
is selected
Reduce line wrap:
Remove "Dest " from the destination port header. Provides little value at the expense of increase line wrap. In this context and column position (to right of destination address) it is obvious to be the destination port. Source port in this context and column position would make no sense.
* Return a useful message to the UI if no mount is found in the model XML.
Otherwise this condition results in a SimpleXMLElement error, trying to
parse an empty string in toXml(), `$xml = new SimpleXMLElement($xml_root_node);`
Make sure selectpicker doesn't expand up underneath
the header making the first item not selectible under
certain conditions during expansion (scroll at 0).
The device reconfigure is done unconditionally before configuring the attached
interface. If we use reload we will configure the interface again, but if the
interface is disabled we wouldn't trigger the device creation. So go back to
the former code which didn't exhibit any real issue before we used $reload.
This goes for all "known" devices. We need to be careful of reload loops
that create a device and then reload it which could trigger another interface
configure, but at the moment at least all $reload consumers are outside of
the plugin device code / single action driggers.
Also see: 90f471cb19
ipaddr(v6) is not set when not configured which makes sense
but PHP wants us to acknowlege that we really want nothing
when the value doesn't exist. Stuffing it through the parse_config()
was another idea but in practice in legacy code null equals
<sometag/> and '' equals <sometag></sometag> so if we prime both
fields using null we write them back as empty which isn't bad per
se but also best avoided.
On failure of "pw" command the explode would split
"pw: no such user `foobar'" and then later check it.
If the user name was "pw" that would be suboptimal
for eligbility.
Instead ignore stderr and do not fill $userattrs which
is already handled by the if below but make it more
explicit using === null comparision.
interfaces_configure() is unaffected. While looking at the code
decided to make all callers except newwanip and vxlan hook use
$reload to request a full reconfiguration as that is most likely
what the user would expect in these cases in the first place.
We will be adding NPT logging support because the infrastructure
already supports it. 1:1 is a bit harder to deal with so hands
off for now and see how this works out.
Store debug and deployment and keep production as the implied default
if we want to change this later we can't get out of it without a migration
which we don't have for legacy configuration storage at the moment.
It's really not nice to fudge a link-local in dhcp code as the
bridge has a separate setting for it since 2019.
While here remove the restriction for bridge members on relay
that seems to originate from m0n0wall and abandoned by pfSense
in 2020.
