OPNSense/core ff0393bsrc/etc/inc interfaces.inc

interfaces: adjust and annotate interface_dhcpv6_id() #7647

This does not change the output unless an unknown or empty interface
is passed which is mostly to protect future GUI use from returning a
wrong IAID.  This means from a functional perspective this is risk-
free.

Also note that this is the "default_id" and not always the resulting
ID due to what was already worked on for this ticket.
DeltaFile
+17-15src/etc/inc/interfaces.inc
+17-151 files

OPNSense/core da9068dsrc/etc/inc filter.lib.inc

firewall: openvpn legacy safe iteration from master
DeltaFile
+2-1src/etc/inc/filter.lib.inc
+2-11 files

OPNSense/core 8edd6eesrc/opnsense/mvc/app/controllers/OPNsense/Kea/forms dialogReservation4.xml, src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.xml KeaDhcpv4.php

Services: Kea DHCPv4: Add client-id to reservations (#10288)

* Services: Kea DHCPv4: Add client-id to reservations

* Should be client_id in the row

* Add client_id to dhcpv4 config generator

* client-id is stored differently in the running configuration and the lease endpoint, it must be normalized here so we can return a correct match in is_reserved

* Fix typo in client_id

* Use MAC address instead of Ether address in validation message, fix missing back reference in DHCPv6 reservation validation

* Update src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php

Co-authored-by: Franco Fichtner <franco at opnsense.org>

* Update src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php

    [5 lines not shown]
DeltaFile
+16-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+11-1src/opnsense/mvc/app/views/OPNsense/Kea/leases4.volt
+7-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+6-0src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/dialogReservation4.xml
+4-2src/opnsense/scripts/kea/get_kea_leases.py
+2-2src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+46-62 files not shown
+50-68 files

OPNSense/core fe8c0f2src/opnsense/mvc/app/controllers/OPNsense/Kea/Api Dhcpv4Controller.php Dhcpv6Controller.php

Services: Kea DHCPv4/6: Enable internalModelSafeDelete due to increased model relation field usage (#10287)
DeltaFile
+1-0src/opnsense/mvc/app/controllers/OPNsense/Kea/Api/Dhcpv4Controller.php
+1-0src/opnsense/mvc/app/controllers/OPNsense/Kea/Api/Dhcpv6Controller.php
+2-02 files

OPNSense/core a43360dsrc/www interfaces.php

interafaces: amendment to previous to use correct default
DeltaFile
+9-11src/www/interfaces.php
+9-111 files

OPNSense/core 18b63ebsrc/etc/inc interfaces.inc, src/www interfaces.php

interfaces: bring back interface_dhcpv6_id() and improve use a bit #7647

Keep this as $default_id but allow the overrides already implemented.
Do not emit a default IAID when the interface is not set or faulty so
that we can use it in the GUI safely for a placeholder.

PR: https://forum.opnsense.org/index.php?topic=51148.0
DeltaFile
+36-11src/etc/inc/interfaces.inc
+11-11src/www/interfaces.php
+47-222 files

OPNSense/core db0e57bsrc/etc/inc interfaces.inc, src/www interfaces.php

interfaces: bring back interface_dhcpv6_id() and improve use a bit #7647

Keep this as $default_id but allow the overrides already implemented.

PR: https://forum.opnsense.org/index.php?topic=51148.0
DeltaFile
+36-11src/etc/inc/interfaces.inc
+11-11src/www/interfaces.php
+47-222 files

OPNSense/core 0f78f69src/opnsense/mvc/app/views/OPNsense/Kea leases4.volt

Fix typo in client_id
DeltaFile
+2-2src/opnsense/mvc/app/views/OPNsense/Kea/leases4.volt
+2-21 files

OPNSense/core ba9ed8bsrc/etc/inc filter.inc interfaces.inc

backend: use bridges/bridged safe iteration

(cherry picked from commit 9cd352e408a0f2bb874ad3bd0035fb932f305c7b)
DeltaFile
+7-6src/etc/inc/filter.inc
+3-9src/etc/inc/interfaces.inc
+10-152 files

OPNSense/core 14eadfcsrc/etc/inc interfaces.inc

interafces: safe gres/gifs iteration

(cherry picked from commit 3d7cbd8079ddeb1febbad9cd1bd0467c6931e23e)
DeltaFile
+4-16src/etc/inc/interfaces.inc
+4-161 files

OPNSense/core d5f7b99src/etc/inc interfaces.inc

interfaces: use safe iteration in backend code

(cherry picked from commit 295c05cad94a746b8dd24dbaeac0d5a325259ef1)
DeltaFile
+5-5src/etc/inc/interfaces.inc
+5-51 files

OPNSense/core 295c05csrc/etc/inc interfaces.inc

interfaces: use safe iteration in backend code
DeltaFile
+5-5src/etc/inc/interfaces.inc
+5-51 files

OPNSense/core 6246b48src/etc/inc/plugins.inc.d captiveportal.inc

Captive Portal: remove redirection on HTTPS, ditch non-functional pass statement as well

In theory, clients only use HTTP to detect the presence of a portal.
If they were to use HTTPS, the 302 redirect would in most cases
not be accessible, as the certificate presented is most likely not
valid, cutting off the communication before any redirect to a login
page can happen.

The portal itself can and should remain accessible on HTTPS, as this
is the URL the redirect is pointing to. This may be attached to a
valid certificate as well, but the key point is that access to
this URL doesn't strictly need redirection for everything on port
443.

This should prevent clients opening bogus connections to the
captive portal, which consumes a lot of TLS traffic on the network
stack, bogging down lighttpd in bigger setups and creating
a lot of established states in pf.
DeltaFile
+44-47src/etc/inc/plugins.inc.d/captiveportal.inc
+44-471 files

OPNSense/core 6991129src/opnsense/scripts/kea get_kea_leases.py

client-id is stored differently in the running configuration and the lease endpoint, it must be normalized here so we can return a correct match in is_reserved
DeltaFile
+4-2src/opnsense/scripts/kea/get_kea_leases.py
+4-21 files

OPNSense/core c039f64src/etc/inc interfaces.inc, src/opnsense/scripts/interfaces rtsold_script.sh

interfaces: multi-dhcp6c support #7647

This splits off rtsold and dhcp6c into separate processes.

I'm not entirely sure why we settled for a single deamon of
dhcp6c back in the day, but there are certianly downsides to
it and I don't see something that wasn't fixed in the meantime
that makes this not work.
DeltaFile
+6-20src/etc/inc/interfaces.inc
+6-6src/opnsense/scripts/interfaces/rtsold_script.sh
+12-262 files

OPNSense/core d404edesrc/etc/inc interfaces.inc, src/opnsense/scripts/interfaces rtsold_script.sh

interfaces: revert multi-dhcp6c support #7647

This appears to have some real world drawbacks we haven't looked
closer at.

PR: https://forum.opnsense.org/index.php?topic=51148.0
DeltaFile
+20-6src/etc/inc/interfaces.inc
+6-6src/opnsense/scripts/interfaces/rtsold_script.sh
+26-122 files

OPNSense/core 00b1481src/opnsense/scripts/captiveportal/lib ipfw.py

src: style
DeltaFile
+2-2src/opnsense/scripts/captiveportal/lib/ipfw.py
+2-21 files

OPNSense/core 39ee3e4src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api ServiceController.php, src/opnsense/scripts/captiveportal cp-background-process.py

Captive Portal: re-introduce hash lookup for accounting purposes (#10275)

* Captive Portal: re-introduce hash lookup for accounting purposes

Table redirection allowed for constant time lookups, with the
migration to pf this was changed to a linear time lookup. This commit
changes this back, but retrofits it on top of the ipv6 compatibility change.

While here:

- fix a small edge case that kills states for ips
flipping primary IPs according to hostwatch.
- make sure only the most recent arp entry is considered
- make sure to clear empty addresses from the set

Cherry-picked from 1bf1c69
Cherry-picked from 3c2780e
DeltaFile
+70-25src/opnsense/scripts/captiveportal/lib/ipfw.py
+26-0src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
+14-9src/opnsense/scripts/captiveportal/cp-background-process.py
+18-0src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/ServiceController.php
+3-1src/opnsense/scripts/captiveportal/lib/arp.py
+131-355 files

OPNSense/core 35a837fsrc/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.php

Add client_id to dhcpv4 config generator
DeltaFile
+2-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+2-01 files

OPNSense/core d077c08src/opnsense/mvc/app/views/OPNsense/Kea leases4.volt

Should be client_id in the row
DeltaFile
+2-2src/opnsense/mvc/app/views/OPNsense/Kea/leases4.volt
+2-21 files

OPNSense/core 8c0e92fsrc/opnsense/mvc/app/controllers/OPNsense/Kea/forms dialogReservation4.xml, src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.xml KeaDhcpv4.php

Services: Kea DHCPv4: Add client-id to reservations
DeltaFile
+16-1src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+11-1src/opnsense/mvc/app/views/OPNsense/Kea/leases4.volt
+6-0src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/dialogReservation4.xml
+5-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+1-0src/opnsense/mvc/app/views/OPNsense/Kea/dhcpv4.volt
+39-25 files

OPNSense/core 3c2780esrc/opnsense/scripts/captiveportal cp-background-process.py, src/opnsense/scripts/captiveportal/lib ipfw.py arp.py

Captive Portal: re-introduce hash lookup for accounting purposes (#10275)

* Captive Portal: re-introduce hash lookup for accounting purposes

Table redirection allowed for constant time lookups, with the
migration to pf this was changed to a linear time lookup. This commit
changes this back, but retrofits it on top of the ipv6 compatibility change.

While here:

- fix a small edge case that kills states for ips
flipping primary IPs according to hostwatch.
- make sure only the most recent arp entry is considered
- make sure to clear empty addresses from the set
DeltaFile
+70-25src/opnsense/scripts/captiveportal/lib/ipfw.py
+26-0src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
+14-9src/opnsense/scripts/captiveportal/cp-background-process.py
+3-1src/opnsense/scripts/captiveportal/lib/arp.py
+113-354 files

OPNSense/core 8d894adsrc/opnsense/scripts/captiveportal cp-background-process.py, src/opnsense/scripts/captiveportal/lib ipfw.py

Captive Portal: change sort placement, only cosider pf for deletion and always insert all client ips
DeltaFile
+4-2src/opnsense/scripts/captiveportal/cp-background-process.py
+2-2src/opnsense/scripts/captiveportal/lib/ipfw.py
+6-42 files

OPNSense/core 3bcccc0src/opnsense/mvc/app/controllers/OPNsense/Kea/Api Dhcpv4Controller.php Dhcpv6Controller.php

Services: Kea DHCPv4/6: Enable internalModelSafeDelete due to increased model relation field usage
DeltaFile
+1-0src/opnsense/mvc/app/controllers/OPNsense/Kea/Api/Dhcpv4Controller.php
+1-0src/opnsense/mvc/app/controllers/OPNsense/Kea/Api/Dhcpv6Controller.php
+2-02 files

OPNSense/core 96e0e43src/opnsense/mvc/app/models/OPNsense/Unbound/ACL ACL.xml

Rename Unbound service display name in ACL.xml (#10278)

(cherry picked from commit 48da1ce7b901f09b8359f68238fcd026d83e13cc)
DeltaFile
+1-1src/opnsense/mvc/app/models/OPNsense/Unbound/ACL/ACL.xml
+1-11 files

OPNSense/core 01ac41fsrc/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api GifSettingsController.php GreSettingsController.php

Interfaces: add some missing config locks, reading the configuration requires it being locked first to ensure setBase() can't be raced with another caller.

(cherry picked from commit d81dcd37e223649c7a5d7bc3adbb61a4dd65e089)
DeltaFile
+1-0src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/GifSettingsController.php
+1-0src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/GreSettingsController.php
+1-0src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/LaggSettingsController.php
+1-0src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/VipSettingsController.php
+1-0src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/VlanSettingsController.php
+5-05 files

OPNSense/core a46d57csrc/opnsense/mvc/app/controllers/OPNsense/Interfaces AssignmentController.php, src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api AssignmentController.php

Interfaces: Assignments - work in progress for https://github.com/opnsense/core/issues/9945

In order to migrate the interface assignments, we need to think of a way to use the differently named xml nodes for interfaces (wan, lan, ..) into something that closely resembles a standard model implementation.
Since we can't match these nodes in our statically defined model xmls, the main idea is to flush all via an in-memory model with a separate load [construct] and save hook.
DeltaFile
+77-0src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/AssignmentController.php
+48-0src/opnsense/mvc/app/models/OPNsense/Interfaces/Assignment.php
+45-0src/opnsense/mvc/app/views/OPNsense/Interface/assignment.volt
+40-0src/opnsense/mvc/app/controllers/OPNsense/Interfaces/AssignmentController.php
+10-0src/opnsense/mvc/app/models/OPNsense/Interfaces/Assignment.xml
+8-0src/opnsense/mvc/app/controllers/OPNsense/Interfaces/forms/dialogAssignment.xml
+228-01 files not shown
+234-07 files

OPNSense/core d81dcd3src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api GifSettingsController.php GreSettingsController.php

Interfaces: add some missing config locks, reading the configuration requires it being locked first to ensure setBase() can't be raced with another caller.
DeltaFile
+1-0src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/GifSettingsController.php
+1-0src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/GreSettingsController.php
+1-0src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/LaggSettingsController.php
+1-0src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/VipSettingsController.php
+1-0src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/VlanSettingsController.php
+5-05 files

OPNSense/core f4a0759src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv6.php

Add comment about issue if interfaces vanish or become deconfigured by the user, but the KEA config is not adjusted accordingly.
DeltaFile
+4-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+4-01 files

OPNSense/core daed0e3src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv6.php

Fix the NO_LEASES_PLEASE client-classes test
DeltaFile
+2-3src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+2-31 files