firewall: change interfage group render/apply order
Well, apply needs to be pushed to render interfaces. Make
sure that we render before reloading filter which actually
calls ifgroup_setup() to rename groups.
(cherry picked from commit d47802bc88388fa5e26a07b9451b0ee63e971a0b)
(cherry picked from commit fa96a9a57b0d922c3642322c0c140c8995f14cdd)
Services: Kea DHCPv4/6: Switch custom DHCP option config generation to libdhcp_flex_option.so (#10514)
* Services: Kea DHCPv4: emit custom DHCPv4 options via flex-option hook
Route custom DHCPv4 option rows through libdhcp_flex_option instead of
regular option-data. The custom option framework (KeaOptionDataField) already serializes values
to final wire-format hex, but Kea's native option-data path still applies
built-in option definitions and may reinterpret or drop payloads for standard
or container options (e.g. 43 and 125).
Use flex-option supersede expressions to inject the serialized bytes directly
during response construction. Preserve the existing scoping model by translating
subnet scope to an additional class, and reservation scope to either MAC address
or client-id matching. Existing option match rules are kept as client-class
membership checks inside the same expression.
Built-in option_data fields remain unchanged and continue to use native Kea
option-data generation.
* Services: Kea DHCPv6: Add same flex option hook library support as in DHCPv4, with the limitation that it reservations need to be DUID based here.
firewall: revisit previous
Well, apply needs to be pushed to render interfaces. Make
sure that we render before reloading filter which actually
calls ifgroup_setup() to rename groups.
dashboard: include interfaces widget in dashboard default. Closes https://github.com/opnsense/core/issues/10456
This is the only one that makes sense from a functional perspective.
While here, adjust the resize/style logic a bit such that
updates are also propagated on first load, which makes sure the
interfaces table renders the correct amount of columns to prevent
wasted space.
(cherry picked from commit 83236171bb98b61b2aeb97e273f8ee28a53385f8)
firewall: adjust alias rename according to address_to_pconfig(); closes #10024
Looking at stable/25.7 where all three components where still in
the tree they all use the function which could potentially write
'address'. It's better than not having those and strive for
consistency although in practice this will die with the removal
of legacy rules support.
dashboard: include interfaces widget in dashboard default. Closes https://github.com/opnsense/core/issues/10456
This is the only one that makes sense from a functional perspective.
While here, adjust the resize/style logic a bit such that
updates are also propagated on first load, which makes sure the
interfaces table renders the correct amount of columns to prevent
wasted space.
Services: Kea DHCPv4: emit custom DHCPv4 options via flex-option hook
Route custom DHCPv4 option rows through libdhcp_flex_option instead of
regular option-data. The custom option framework already serializes values
to final wire-format hex, but Kea's native option-data path still applies
built-in option definitions and may reinterpret or drop payloads for standard
or container options.
Use flex-option supersede expressions to inject the serialized bytes directly
during response construction. Preserve the existing scoping model by translating
subnet scope to an additional class, and reservation scope to either MAC address
or client-id matching. Existing option match rules are kept as client-class
membership checks inside the same expression.
Built-in option_data fields remain unchanged and continue to use native Kea
option-data generation.
firmware: cleansing using output_cmd is futile
Move the code back to where it was in early 26.1. A number of
regressions could have been avoided. The last straw was buffering
of "." characters for fetching.
The read-guard is still effective. As it reads the file it does
not need to run unbuffered. GUI reads are still properly filtered.
(cherry picked from commit 1eaefb6bc81052c5454d20333cbc32d1c1392ee1)
github: add AI disclosure to issue templates
As the growing conclusions on bug reports look to be AI suggestions
that can make oblivious claims according to how the user steeres
the scope to the core repo it's better to (try to) make this visible.
(cherry picked from commit 241088f1fdd1154291feec2c6a0f14be067f115a)
git: create AGENTS.md with agent guidelines (#10507)
Added guidelines for coding agents working on the OPNsense core repository, including mission, core principles, architecture, code style, security expectations, and review checklist.
(cherry picked from commit 094ca0fff425ea1dcd7120cc6454b769542a7a55)
firewall: avoid emitting reply-to on block rules as well (#10513)
Remove reply-to the same way that 20070de did it for route-to.
(cherry picked from commit d35b281636be5b06c7cb41e75603d36003a8d525)