add some debug info
dont add cert to crl if cert_revoke() / crl_update() failed
check if CA can sign anything before CRL create
set "method" param to set Method select value
Later we want ifctl to add the scope to the link-local gateway
by default which will remove a more code, but for now we are
bound to undo the internal magic.
Interface name stops with first ":" or last "_". For the exclude
check use the correct array index, not the array itself.
In order to prevent the unpredictable behaviour of random PTR records being returned, which is not explicitly prohibited in RFC1035, it is best to restrict the creation of PTR records from every single host and alias (except for wildcard entries, no PTR records are created here), to only non-alias overrides (edit: the exception here is an alias whose parent does not create a PTR record, a wildcard entry). We also further restrict it to unique IP addresses so there can be no confusion in how to maintain the entries within the running Unbound instance.
Hopefully this can pave the way for adding PTR records as a separate type instead of generating them under the hood, as is done currently.
This change should at least address inconsistencies regarding random PTR records being returned as mentioned in https://github.com/opnsense/core/issues/5477
A slight refactor of the existing unbound code is also included here for code reduction purposes.
In some instances a suboptimal pattern was used missing several
networks included in the actual fe80::/10. The reference is
is_linklocal() function nowadays. Sync all patterns.
Tiptoeing around interface_configure() when the resulting
work is the same is counter-intuitive and the static ARP
case probably has some more side effects since we do not
check for static ARP flag?!
filter_configure() can take a long time. Skip alias stuff.
primary will move to tracking interfaces or pick up any
SLAAC related address even though that is not being
actively configured. Similar to the dashboard only print
the scoped address without the need to do the logic in
the caller.
Maybe we could even return the assigned prefix here for
clarity, but then the prefix isn't a reachable address.
... a.k.a. rc.resolv_conf_generate. While here protect more
code with the IP change guard and clear the IP address if the
address lookup came up empty.
The wireless code "integration" is horrible even by moderate standards
in our code base. In the future the best way would be to ditch all of
it and rebuild (parts) required by users.
Try to not update immediately as page is still
rendering/filling up contents therein.
It makes the status indicator color change more
visible to the eye.
Even though we're currently not able to offer other options than round-robin as pfctl seems to prevent that, it might still be a good idea to make the current options explicit and leave room for future enhancements.
This commits adds poolopts to gateway groups and explains options. If users want to mix sticky and non-sticky, this will be possible with this change. Other options (random, source-hash, ..) unfortunately not.
* Merge SLAAC interface dhcp6c config
Stateless DHCPv6 config for SLAAC WANs was generated, but not merged into dhcp6c.conf file.
* Add support for stateless DHCPv6 to dhcp6c script
Script had no code for processing stateless DHCPv6 replies (required for SLAAC without RDNSS / DNSSL).
* dhcp6c script, pass all search domains to ifctl
Only the first domain was used, all others were disregarded.
