OPNSense/ports 3dc8e13opnsense/hostwatch/files hostwatch.in

opnsense/hostwatch - stylesweep
DeltaFile
+34-34opnsense/hostwatch/files/hostwatch.in
+34-341 files

OPNSense/core 3dd24ffsrc/etc/inc/plugins.inc.d openvpn.inc, src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms dialogInstance.xml dialogCSO.xml

OpenVPN: allow multiple domains settings for client connection (#9281)

* OpenVPN: allow multiple domains settings for client connection

* OpenVPN: allow multiple domains settings - update plugin files

---------

Co-authored-by: Krisztian Ivancso <dev at devopsoffice.com>
DeltaFile
+5-4src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogInstance.xml
+5-3src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogCSO.xml
+6-2src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
+3-1src/etc/inc/plugins.inc.d/openvpn.inc
+3-1src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
+22-115 files

OPNSense/ports ac52906opnsense/hostwatch Makefile, opnsense/hostwatch/files hostwatch.in

opnsense/hostwatch - add rc(8) file
DeltaFile
+74-0opnsense/hostwatch/files/hostwatch.in
+2-0opnsense/hostwatch/Makefile
+76-02 files

OPNSense/ports 6a87600opnsense/hostwatch distinfo Makefile

opnsense/hostwatch - use release tag (1.0.0)
DeltaFile
+3-3opnsense/hostwatch/distinfo
+1-1opnsense/hostwatch/Makefile
+4-42 files

OPNSense/plugins e19e3c9www/caddy pkg-descr, www/caddy/src/opnsense/scripts/OPNsense/Caddy setup.sh

www/caddy: fix setup.sh script not setting correct ownership in www user mode (#4976)

* www/caddy: Streamline setup.sh, since chown is skipped automatically when ownership matches

* add changelog
DeltaFile
+14-30www/caddy/src/opnsense/scripts/OPNsense/Caddy/setup.sh
+1-0www/caddy/pkg-descr
+15-302 files

OPNSense/plugins 72661a7www/caddy/src/opnsense/scripts/OPNsense/Caddy setup.sh

www/caddy: Streamline setup.sh, since chown is skipped automatically when ownership matches
DeltaFile
+14-30www/caddy/src/opnsense/scripts/OPNsense/Caddy/setup.sh
+14-301 files

OPNSense/plugins 27bd359security/q-feeds-connector/src/opnsense/mvc/app/controllers/OPNsense/QFeeds/Api SettingsController.php, security/q-feeds-connector/src/opnsense/mvc/app/views/OPNsense/QFeeds index.volt

security/q-feeds-connector - add initial version (ref: https://forum.opnsense.org/index.php?topic=49123.0)
DeltaFile
+179-0security/q-feeds-connector/src/opnsense/scripts/qfeeds/lib/__init__.py
+136-0security/q-feeds-connector/src/opnsense/mvc/app/views/OPNsense/QFeeds/index.volt
+117-0security/q-feeds-connector/src/opnsense/mvc/app/controllers/OPNsense/QFeeds/Api/SettingsController.php
+96-0security/q-feeds-connector/src/opnsense/www/js/widgets/QFeeds.js
+77-0security/q-feeds-connector/src/opnsense/scripts/qfeeds/lib/log.py
+72-0security/q-feeds-connector/src/opnsense/scripts/qfeeds/lib/api.py
+677-021 files not shown
+1,198-027 files

OPNSense/core f469cf8src/etc/inc/xmlrpc legacy.inc

System: High Availability - when nosync is set on the secondary machine for a vip, the record seems to be added twice as merge_config_attributes() solves this generically for all types. exclude no sync from the $vipbackup in the custom handling code to fix this.

closes https://github.com/opnsense/core/issues/8911
DeltaFile
+2-0src/etc/inc/xmlrpc/legacy.inc
+2-01 files

OPNSense/plugins a9c5f61www/caddy pkg-descr Makefile

www/caddy: Bump version to 2.0.4_1 (#4975)

DeltaFile
+1-0www/caddy/pkg-descr
+1-0www/caddy/Makefile
+2-02 files

OPNSense/plugins bcd2debwww/caddy/src/opnsense/service/templates/OPNsense/Caddy Caddyfile

www/caddy: Fix HTTP access log excluding the process logs accidentally (#4974)

When using "include" in the default global logger, all other logs get excluded, except those that get included.

Using a "log default" instead, sends the HTTP access logs to the default logger.

This allows process and HTTP access logs to coexist in the same logger.
DeltaFile
+2-9www/caddy/src/opnsense/service/templates/OPNsense/Caddy/Caddyfile
+2-91 files

OPNSense/plugins 6fe7670www/caddy/src/opnsense/service/templates/OPNsense/Caddy Caddyfile

www/caddy: Fix HTTP access log excluding the process logs accidentally

When using "include" in the default global logger, all other logs get excluded, except those that get included.

Using a "log default" instead, sends the HTTP access logs to the default logger.

This allows process and HTTP access logs to coexist in the same logger.
DeltaFile
+2-9www/caddy/src/opnsense/service/templates/OPNsense/Caddy/Caddyfile
+2-91 files

OPNSense/core 936c00esrc/opnsense/mvc/app/views/OPNsense/Firewall filter_rule.volt, src/opnsense/www/css opnsense-bootgrid.css

Fix margins a little
DeltaFile
+4-11src/opnsense/mvc/app/views/OPNsense/Firewall/filter_rule.volt
+0-1src/opnsense/www/css/opnsense-bootgrid.css
+0-1src/opnsense/www/themes/opnsense-dark/assets/stylesheets/opnsense-bootgrid.scss
+0-1src/opnsense/www/themes/opnsense-dark/build/css/opnsense-bootgrid.css
+0-1src/opnsense/www/themes/opnsense/assets/stylesheets/opnsense-bootgrid.scss
+0-1src/opnsense/www/themes/opnsense/build/css/opnsense-bootgrid.css
+4-166 files

OPNSense/core 5c845f4src/opnsense/mvc/app/models/OPNsense/IPsec IPsec.xml

VPN: IPsec: Pre-Shared Keys - allow underscores in identifiers, closes https://github.com/opnsense/core/issues/9276
DeltaFile
+2-2src/opnsense/mvc/app/models/OPNsense/IPsec/IPsec.xml
+2-21 files

OPNSense/core 75560d7src/opnsense/mvc/app/views/OPNsense/CaptivePortal clients.volt, src/opnsense/mvc/app/views/OPNsense/DHCPv4 leases.volt

Fix the last of these spots too
DeltaFile
+2-2src/opnsense/mvc/app/views/OPNsense/DHCPv6/leases.volt
+2-2src/opnsense/mvc/app/views/OPNsense/DHCPv4/leases.volt
+1-1src/opnsense/mvc/app/views/OPNsense/OpenVPN/status.volt
+1-1src/opnsense/mvc/app/views/OPNsense/CaptivePortal/clients.volt
+1-1src/opnsense/mvc/app/views/OPNsense/Diagnostics/vip.volt
+1-1src/opnsense/mvc/app/views/OPNsense/IPsec/leases.volt
+8-81 files not shown
+9-97 files

OPNSense/src bf2ff4esys/dev/virtio/network if_vtnet.c

vtnet: Do not compare boolean with integer

The type of variable promisc and allmulti was changed from int to bool
by commit [1].

[1] 7dce56596f36 Convert to if_foreach_llmaddr() KPI

MFC after:      3 days

(cherry picked from commit 80dfed11fc1c61ce9168db01dee263447619e859)
DeltaFile
+2-2sys/dev/virtio/network/if_vtnet.c
+2-21 files

OPNSense/src f0d7e7dsys/dev/virtio/network if_vtnet.c

vtnet: improve control of transmit offloading

Keep the hwassist flags for transmit checksum offload and transmit
segment offload in sync with the enabled capabilities.

Reported by:            Timo Völker
Reviewed by:            Timo Völker
Differential Revision:  https://reviews.freebsd.org/D52765

(cherry picked from commit f2575d56c8c9a8acad4a61a3586546dff4febce1)
DeltaFile
+12-4sys/dev/virtio/network/if_vtnet.c
+12-41 files

OPNSense/src 63f53b6share/man/man4 vtnet.4

vtnet.4: use transmit checksum offloading

Use transmit checksum offloading instead transmission checksum
offloading to be consistent with other man pages.

Reported by:    Peter Lei
Sponsored by:   Netflix, Inc.

(cherry picked from commit c7263f873ee9abb772f67b5536e2380a046e1b94)
DeltaFile
+5-5share/man/man4/vtnet.4
+5-51 files

OPNSense/src c7cd488share/man/man4 vtnet.4, sys/dev/virtio/network if_vtnet.c

vtnet: disable hardware TCP LRO by default

Hardware TCP LRO results in problems in settings with IP forwarding
being enabled. In case of nodes without IP forwarding, using
software LRO is also beneficial in general, since it can provide better
information about what was received on the wire.
Therefore, disable hardware TCP LRO by default.
By tuning the loader tunable, this can be changed.

PR:                     263229
Reviewed by:            Timo Völker
Differential Revision:  https://reviews.freebsd.org/D52684

(cherry picked from commit 6e4b811009d63f33c59d51f28fd4a030ca90843e)
DeltaFile
+17-5share/man/man4/vtnet.4
+1-1sys/dev/virtio/network/if_vtnet.c
+18-62 files

OPNSense/src b0b3245share/man/man4 vtnet.4, sys/dev/virtio/network if_vtnet.c

vtnet: improve interface capability handling

Enable the handling of the IFCAP_RXCSUM_IPV6 handling by handling
IFCAP_RXCSUM and IFCAP_RXCSUM_IPV6 as a pair. Also make clear, that
software and hardware LRO require receive checksum offload.

Reviewed by:            Timo Völker
Differential Revision:  https://reviews.freebsd.org/D52682

(cherry picked from commit eaf619fddcb21859311b895a0836da3171a01531)
DeltaFile
+11-20sys/dev/virtio/network/if_vtnet.c
+3-1share/man/man4/vtnet.4
+14-212 files

OPNSense/src 4ac0fb6share/man/man4 vtnet.4

vtnet: deprecate loader tunable fixup_needs_csum

If this tunable is enabled and vtnet receives a packet with
VIRTIO_NET_HDR_F_NEEDS_CSUM set, vtnet computes the TCP/UDP checksum
and writes it in the checksum field.
This was somewhat useful when vtnet pretended that such a packet has
a correct checksum and set the mbuf flag CSUM_DATA_VALID.
But this is not the case anymore.

Reviewed by:            tuexen
Differential Revision:  https://reviews.freebsd.org/D52546

(cherry picked from commit 5da388d93917f5fa74022960cc65452592f71539)
DeltaFile
+3-1share/man/man4/vtnet.4
+3-11 files

OPNSense/src d92ff32sys/dev/virtio/network if_vtnet.c

vtnet: Prefer "hardware" accounting for the multicast and total number of octets sent

When ALTQ is enabled, this driver does "hardware" accounting and soft
accounting at the same time. Prefer the "hardware" one to make the logic
simpler.

Reviewed by:    zlei
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D44817

(cherry picked from commit 2a346c8993cbb92a321a7c25bd9ac4dcaae352d1)
DeltaFile
+0-2sys/dev/virtio/network/if_vtnet.c
+0-21 files

OPNSense/src e71ace0sys/dev/virtio/network if_vtnet.c

vtnet: Do "hardware" accounting for the total number of received octets

While here, advertise the IFCAP_HWSTATS capability to avoid the net
stack from double counting it.

Co-authored-by: zlei
Reviewed by:    zlei
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D44816

(cherry picked from commit a14d561e58529c9686a2efc47f4828ad82026e63)
DeltaFile
+3-0sys/dev/virtio/network/if_vtnet.c
+3-01 files

OPNSense/src 244acf8sys/dev/virtio/network if_vtnet.c

vtnet: fix compilation for NOIP configs

Reported by:    bz
Fixes:          3008f30d2c2c ("vtnet: improve checksum offloading")

(cherry picked from commit 614e9b33bf5594d9d09b5d296afa4f3aa6971823)
DeltaFile
+9-0sys/dev/virtio/network/if_vtnet.c
+9-01 files

OPNSense/src 52cbb08share/man/man4 vtnet.4, sys/dev/virtio/network if_vtnet.c if_vtnetvar.h

vtnet: improve checksum offloading

When transmitting a packet over the vtnet interface, map the
csum flags CSUM_DATA_VALID | CSUM_PSEUDO_HDR to the virtio
flag VIRTIO_NET_HDR_F_DATA_VALID.
When receiving a packet over the virtio network channel, translate
the virtio flag VIRTIO_NET_HDR_F_NEEDS_CSUM not to CSUM_DATA_VALID |
CSUM_PSEUDO_HDR, but to CSUM_TCP, CSUM_TCP_IPV6, CSUM_UDP, or
CSUM_UDP_IPV6.
The second change fixes a series of issue related to checksum
offloading for if_vtnet.
While there, improve the stats counters to allow a detailed view
on what is going on in relation to checksum offloading.

PR:                     165059
Reviewed by:            tuexen, manpages
Differential Revision:  https://reviews.freebsd.org/D51686

(cherry picked from commit 3008f30d2c2cabdd7e17f7fb922139da8681ffbd)
DeltaFile
+123-119sys/dev/virtio/network/if_vtnet.c
+19-9share/man/man4/vtnet.4
+1-1sys/dev/virtio/network/if_vtnetvar.h
+143-1293 files

OPNSense/src 911cfd8share/man/man4 vtnet.4

vtnet.4: remove stray line

Reported by:    Timo Völker
Fixes:          ac87d70563f8 ("vtnet.4: improve existing descriptions and add missing ones")
Sponsored by:   Netflix, Inc.

(cherry picked from commit 491986942dd2b3be8a6f232c487b3bb7c1ea412b)
DeltaFile
+1-2share/man/man4/vtnet.4
+1-21 files

OPNSense/src 7941abcshare/man/man4 vtnet.4

vtnet.4: improve existing descriptions and add missing ones

Improve several descriptions for loader tunables and add descriptions
of the statistics provided by read only sysctl-variables.

Reviewed by:            bcr
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D51985

(cherry picked from commit ac87d70563f85d53575956c6fe40615b2e501c13)
DeltaFile
+136-6share/man/man4/vtnet.4
+136-61 files

OPNSense/src 69287adshare/man/man4 vtnet.4

vtnet.4: update description of loader tunables

This is based on the description of sysctl -d.

Reviewed by:            Timo Völker, bcr
Differential Revision:  https://reviews.freebsd.org/D51604

(cherry picked from commit 0ded4647215cffde9076ab4e82870b0f491bd0b2)
DeltaFile
+22-1share/man/man4/vtnet.4
+22-11 files

OPNSense/src 81907edsys/dev/virtio/network if_vtnet.c

vtnet: mark statistic counters with CTLFLAG_STATS

Reviewed by:    Timo Völker
Differential Revision:  https://reviews.freebsd.org/D51999

(cherry picked from commit e6253eac1ab346d70db79d638c200bffa65cae02)
DeltaFile
+42-28sys/dev/virtio/network/if_vtnet.c
+42-281 files

OPNSense/src eb0203bsys/dev/virtio/network if_vtnet.c

vtnet: fix computation of sysctl variables

Fix the aggregation of the interface level counters
* dev.vtnet.X.tx_task_rescheduled,
* dev.vtnet.X.tx_tso_offloaded,
* dev.vtnet.X.tx_csum_offloaded,
* dev.vtnet.X.rx_task_rescheduled,
* dev.vtnet.X.rx_csum_offloaded, and
* dev.vtnet.X.rx_csum_failed.
Also ensure that dev.vtnet.X.tx_defrag_failed only counts the number
of times m_defrag() fails.
While there, mark sysctl-variables used for exporting statistics as
such (CTLFLAG_STATS).

Reviewed by:            Timo Völker
Differential Revision:  https://reviews.freebsd.org/D51999

(cherry picked from commit 03da4395158d374b5e38623f6744ce31302b530c)
DeltaFile
+117-14sys/dev/virtio/network/if_vtnet.c
+117-141 files

OPNSense/core 562d28csrc/opnsense/mvc/app/views/OPNsense/Wireguard diagnostics.volt general.volt

wireguard general.volt diagnostics.volt fix flex behavior of selectpickers
DeltaFile
+1-1src/opnsense/mvc/app/views/OPNsense/Wireguard/diagnostics.volt
+1-1src/opnsense/mvc/app/views/OPNsense/Wireguard/general.volt
+2-22 files