igmp: apply net.inet.igmp.default_version to existing interfaces
IGMP requires hosts to use the lowest version they have seen on the network.
When net.inet.igmp.default_version is changed, we do not change IGMP
version used by interface even if the interface use an higher version than
V_igmp_default_version. So we could send IGMPv3 even if the user has requested
IGMPv2 or IGMPv1 via the sysctl.
Change IGMP version for each interface when V_igmp_default_version is smaller
than the version used by the interface.
Pull Request: https://github.com/freebsd/freebsd-src/pull/1615
Differential Revision: https://reviews.freebsd.org/D50071
igmp: do not upgrade IGMP version beyond net.inet.igmp.default_version
IGMP requires hosts to use the lowest version they've seen on the
network. When the IGMP timers expire we take the opportunity to upgrade again.
However, we did not take the net.inet.igmp.default_version sysctl
setting into account, so we could end up switching to IGMPv3 even if the
user had requested IGMPv2 or IGMPv1 via the sysctl.
Check V_igmp_default_version before we upgrade the IGMP version.
Reviewed by: adrian
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D41628
Reduce complexity of firewall_rule_lookup, we have an all rules entrypoint now, so potentially we could just search for the UUID of the rule without concerning us with interfaces anymore
bootgrid: batch enable/disable-selected toggle by default, clean up IDS page (#9768)
The footer commands weren't taking into account the required properties, rendering unlinked buttons where they shouldn't be (e.g. in dnsmasq DHCP ranges etc.).
Take this opportunity to clean up and improve some front-end code, including batching of enable/disable-selected API calls. The arbitrary default limit of "40" has been set based on (40 * 36-character UUID + ~150-character URI out of a 2k URI character limit).
In the controller, change how rows are collected (use getNodeByReference only for rootnode) to save some cycles, throw an error if someone tries to swap multiple records at once as that is less likely intentional anyway (explicit on/off are acceptable values) and keep simplified result output.
Reference: https://forum.opnsense.org/index.php?topic=50806.0
---------
Co-authored-by: Ad Schellevis <ad at opnsense.org>
bootgrid: batch enable/disable-selected, minor update for https://github.com/opnsense/core/pull/9768
This commit changes how rows are collected (use getNodeByReference only for rootnode) to save some cycles, throw an error if someone tries to swap multiple records at once as that is less likely intentional anyway (explicit on/off are acceptable values) and keep simplified result output.
Change init entrypoint to always go through the filterChange() pipeline, but have a fast path in there that initializes without a filter. This adds the filter immediately when loading with the page with the URL hash
dns/dnscrypt-proxy: fix bootstrap_resolvers with multiple comma-separated servers (#5163)
When multiple bootstrap resolvers are configured in the "Fallback Resolver"
field (e.g., "1.1.1.1:53,9.9.9.9:53"), the generated config incorrectly
places the comma inside a single string:
bootstrap_resolvers = ['1.1.1.1:53,9.9.9.9:53']
This causes dnscrypt-proxy to fail with:
[FATAL] Bootstrap resolver [...]: Host does not parse as IP '1.1.1.1:53,9.9.9.9:53'
The fix applies the same split/join pattern already used for listen_addresses,
server_names, disabled_server_names, and relaylist in the same template:
bootstrap_resolvers = ['1.1.1.1:53','9.9.9.9:53']
This bug was introduced in commit 1eec51a65 which renamed fallback_resolver
to bootstrap_resolvers but did not update the template syntax from a single
string to a TOML array format.
security/stunnel: partially sync with upstream
We use the revision bump here to indicate that this port's
Makefile was reshuffled with changes to plist which seems
a bit strange.
Taken from: FreeBSD
