interfaces: adjust and annotate interface_dhcpv6_id() #7647
This does not change the output unless an unknown or empty interface
is passed which is mostly to protect future GUI use from returning a
wrong IAID. This means from a functional perspective this is risk-
free.
Also note that this is the "default_id" and not always the resulting
ID due to what was already worked on for this ticket.
Services: Kea DHCPv4: Add client-id to reservations (#10288)
* Services: Kea DHCPv4: Add client-id to reservations
* Should be client_id in the row
* Add client_id to dhcpv4 config generator
* client-id is stored differently in the running configuration and the lease endpoint, it must be normalized here so we can return a correct match in is_reserved
* Fix typo in client_id
* Use MAC address instead of Ether address in validation message, fix missing back reference in DHCPv6 reservation validation
* Update src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
Co-authored-by: Franco Fichtner <franco at opnsense.org>
* Update src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
[5 lines not shown]
interfaces: bring back interface_dhcpv6_id() and improve use a bit #7647
Keep this as $default_id but allow the overrides already implemented.
Do not emit a default IAID when the interface is not set or faulty so
that we can use it in the GUI safely for a placeholder.
PR: https://forum.opnsense.org/index.php?topic=51148.0
Captive Portal: remove redirection on HTTPS, ditch non-functional pass statement as well
In theory, clients only use HTTP to detect the presence of a portal.
If they were to use HTTPS, the 302 redirect would in most cases
not be accessible, as the certificate presented is most likely not
valid, cutting off the communication before any redirect to a login
page can happen.
The portal itself can and should remain accessible on HTTPS, as this
is the URL the redirect is pointing to. This may be attached to a
valid certificate as well, but the key point is that access to
this URL doesn't strictly need redirection for everything on port
443.
This should prevent clients opening bogus connections to the
captive portal, which consumes a lot of TLS traffic on the network
stack, bogging down lighttpd in bigger setups and creating
a lot of established states in pf.
client-id is stored differently in the running configuration and the lease endpoint, it must be normalized here so we can return a correct match in is_reserved
interfaces: multi-dhcp6c support #7647
This splits off rtsold and dhcp6c into separate processes.
I'm not entirely sure why we settled for a single deamon of
dhcp6c back in the day, but there are certianly downsides to
it and I don't see something that wasn't fixed in the meantime
that makes this not work.
Captive Portal: re-introduce hash lookup for accounting purposes (#10275)
* Captive Portal: re-introduce hash lookup for accounting purposes
Table redirection allowed for constant time lookups, with the
migration to pf this was changed to a linear time lookup. This commit
changes this back, but retrofits it on top of the ipv6 compatibility change.
While here:
- fix a small edge case that kills states for ips
flipping primary IPs according to hostwatch.
- make sure only the most recent arp entry is considered
- make sure to clear empty addresses from the set
Cherry-picked from 1bf1c69
Cherry-picked from 3c2780e
Captive Portal: re-introduce hash lookup for accounting purposes (#10275)
* Captive Portal: re-introduce hash lookup for accounting purposes
Table redirection allowed for constant time lookups, with the
migration to pf this was changed to a linear time lookup. This commit
changes this back, but retrofits it on top of the ipv6 compatibility change.
While here:
- fix a small edge case that kills states for ips
flipping primary IPs according to hostwatch.
- make sure only the most recent arp entry is considered
- make sure to clear empty addresses from the set
Interfaces: add some missing config locks, reading the configuration requires it being locked first to ensure setBase() can't be raced with another caller.
(cherry picked from commit d81dcd37e223649c7a5d7bc3adbb61a4dd65e089)
Interfaces: Assignments - work in progress for https://github.com/opnsense/core/issues/9945
In order to migrate the interface assignments, we need to think of a way to use the differently named xml nodes for interfaces (wan, lan, ..) into something that closely resembles a standard model implementation.
Since we can't match these nodes in our statically defined model xmls, the main idea is to flush all via an in-memory model with a separate load [construct] and save hook.
Interfaces: add some missing config locks, reading the configuration requires it being locked first to ensure setBase() can't be raced with another caller.
