primary will move to tracking interfaces or pick up any
SLAAC related address even though that is not being
actively configured. Similar to the dashboard only print
the scoped address without the need to do the logic in
the caller.
Maybe we could even return the assigned prefix here for
clarity, but then the prefix isn't a reachable address.
... a.k.a. rc.resolv_conf_generate. While here protect more
code with the IP change guard and clear the IP address if the
address lookup came up empty.
This is a partial revert of 797c1864194 which has good intentions but rc.newwanip(v6)
isn't equipped with being called a lot of times yet. We want to improve this for 23.1.
Purge the file on all known dynamic spots that run a deconfigure
of some sort. We probably need something for a forced reload as
well but for now let's see if this works in general.
* MVC / System status: first draft for backend implementation
* fix copyright
* fix permissions
* MVC / System Status: modify backend implementation and setup front-end
* MVC / System Status: minor cleanup, ACL check and fix reporting in production mode
* MVC / System Status: copy status sytem to legacy as well, remove the notices system, finish up front-end work
* MVC / System Status: remove useless constructor
* fix plist
* System Status: shorten previous
* System Status: add ACL check
* System Status: also remove legacy part
* System Status: also clean up on legacy page
* System Status: ACL check on dismiss action as well
* System Status: add readonly privilege check to dismiss action
* System Status: do not trust input
* System Status: address security concerns
* add default return
* System Status: move js code to separate script and make sure a logLocation is always provided
* System Status: clean up callout in both legacy page and volt template
After dismissing a message and closing the dialog, the old message was still bound to the dialog instance. re-registering the onclick callback solves this.
* System Status: adjust log location and kick off status system on alias errors
* System Status: let's hold off on throwing notifications for aliases for now
* System Status: add ACL entry for the dismiss API call, adjust to new deployment situation
Without the ACL entry, /api/core/system/dismissStatus calls are rejected for non-root users even when they should have rights to dismiss.
Also do a minor consistency improvement and also adjust to the new situation of production & development deployment types. We need to account for the possibility of 'deployment' being empty in the configuration, therefore a direct check of the 'development' type seems most fitting as this is unlikely to change or be subjected to any additions.
* System Status: also error out when unable to write new rules
* System Status: account for users without permissions
* System Status: name collision in FirmwareController
* System Status: replace old notices system with a global one (https://github.com/opnsense/core/pull/5875)
Review feedback / modifications in this commit:
o filter.inc
-- remove wedged message, when locked during parallel reloads it likely doesn't help to disable/enable
-- flush message to error trigger file
o SystemStatus.php
-- str_contains --> strpos; eases testing on OPNsense 22.1.x as str_contains is php 8 only
o Status collectors
-- simplify logic and propagate messages received from status file
o CrashReporterStatus
- the existence of a /tmp/PHP_errors.log file should be enough to know some process signaled the crash reporter
- remove shell exec
o FirewallStatus
-- as only /tmp/rules.error remains, remove loop to read for non existing files
o opnsense_status.js
-- add opn-status-group class to container and point css modifications in that single direction to prevent other objects from being affected by our status popup modifications
-- windows file endings replaced (^M)
o css:
keep menu_messages container to ease migration for theme developers
NOTE : ** get_crash_report() could likely be simplified as well
* filter: change to mwexec, redirection is implied
* System Status: handle potential undefined array key
seems to be a one-off error: Exception: Error at /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/Api/SystemController.php:90 - Undefined array key 0 (errno=2) in /usr/local/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php:159
Co-authored-by: Ad Schellevis <ad@opnsense.org>
The default listing had an issue bringing in both the dhcp6c
and the slaac files. Now act according to what we implemented
as a fallback approach for reading data files.
Since "nameserver.sh" was a working title for when we just wanted
to make sense of the nameserver registration mess going on this
no longer fully applies for good reasons.
Change the name to ifctl.sh for leaving syntax parsing in place
and leave the symlink in sbin/ directory. The same works nicely
for configctl.
Since we already kill routes in nameserver registrations we can
also take on the arp/pfctl magic moving the "router" file check
to its native utility.
It's debatable if we even need the pfctl or arp flush here.
To be continued...
This breaks the new feature in the interim since the router file
read is not yet supposed to read :slaac counterpart since the router
file is still read manually. Refactor to follow.
We do want to eventually lean on exclusive ifctl use in order to
be able to improve logic in ifctl or make adjustments really easy in
the future without missing a spot (e.g. adding scope to link-local
routers).
New script to be invoked by rtsold when Router Advertisements with
RDNSS / DNSSL information are received. Uses ifctl to create the
/tmp/$if_routerv6 file and creates the /tmp/$if_defaultgwv6 file
directly. Fixes the issue that these files don't get created when
the M and O flags in RAs are not set. Also, passes RDNSS / DNSSL
info from RAs to ifctl.
Just make a MD5 sum of the file and change polling to 20 seconds.
Call backend on first run as well without waiting. Interval could
be lower still, but as said earlier it doesn't matter much all
things considered.
Gets rid of package dependency which for dhcpleases6 simply
listens on the DHCPD lease file and runs the prefix.php command
unconditionally.
For now emulate this by issuing the command every 60 seconds
which can be adjusted later if someone complains, but seeing
how many bugs this script has had vs. how many people noticed
it (basically none) I doult this will have much impact overall.
'prefix' was never a key so this got never executed for whatever reason.
It remains broken in other projects and the question is if this script
really has any useful value.
This brings it in line with migrations although both hinge on
the idea that rc.configure_firmware is called to execute this
code. Both need a better integration but bringing them to the
same level seems to make the most sense.
After reboot the config is in a consistent state now too...
Remove previous plugins_interfaces() call and always use full
path to pluginctl like most spots already do.
o provide option to delete entries
o show Ikeid and Reqid including optional phase[1|2] description when provided
o extend fields with data provided from setkey -D
o add a remove button hooking spddelete to remove entries when not cleanedup correctly for some reason to ease maintenance
o add reqid to IPsec phase 2 tunnel view for clarity so we can easily inspect if traffic is trying to pass the right policy
o show Ikeid and Reqid including optional phase[1|2] description when provided
o extend fields with data provided from setkey -DP, but keep them deselected in the default view (e.g. Upperspec, Mode, Type, ..)
