We should catch $fp == null for whatever reason it
happens. Make sure the file exists and open for
read-only. Close pointer afterwards to avoid other
wonkiness.
When using multiple aliases per interface, disabling binding on one could
potentially disable binding for other aliases on the same interface, depending
on the order of the VIPs in the config. The 'alias' setting was evaluated
regardless of whether the subnet matched, so if a previous VIP for a matching
interface had matched on subnet, the current VIP's 'bind' setting would be
applied to the interface address even though the current VIP's subnet didn't
match.
o provide option to delete entries
o show Ikeid and Reqid including optional phase[1|2] description when provided
o extend fields with data provided from setkey -D
As we stopped using "required" in our spd entries we need other means to remove previously manually added ones.
This commit collects all policies that are likely inserted manually and removes the ones that are being used in active phase 2 entries (reqid) configured with manual entries.
Combined with the new diagnostics page a user should be able to manually remove entries we couldn't automatically cleanup due to the risk of removing unrelated manual entries.
Also cleanup the logging a bit as the previous messaged where added for temporary use.
o Since $records can contain all sorts of data, we need to make sure we're not trying to cast arrays to string as it would raise an error
o When applying, we need to do so before searching and splicing to avoid only sorting the visible items
o add a remove button hooking spddelete to remove entries when not cleanedup correctly for some reason to ease maintenance
o add reqid to IPsec phase 2 tunnel view for clarity so we can easily inspect if traffic is trying to pass the right policy
o show Ikeid and Reqid including optional phase[1|2] description when provided
o extend fields with data provided from setkey -DP, but keep them deselected in the default view (e.g. Upperspec, Mode, Type, ..)
Displaying changelogs requires a different menu flow but for now focus
on providing a changelog opportunistically before performing the update,
but intentionally after starting it to keep previous flow for now.
While set_single_sysctl() is still somewhat problematic as it
trashes things set by tunables GUI the amount of overlap is
minimal and to some degree unavoidable like the CARP handling
this manually according to user requirements set through related
configuration options.
