OPNSense/core a60c1afsrc/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.php, src/opnsense/mvc/app/views/OPNsense/Kea dhcpv6.volt

by Franco Fichtner on ⎇
kea: validate that DNS is running before auto-collect #9185
DeltaFile
+18-2src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+0-11src/opnsense/mvc/app/views/OPNsense/Kea/dhcpv6.volt
+18-132 files

OPNSense/core 6f47a0asrc/etc/inc/plugins.inc.d radvd.inc, src/opnsense/mvc/app/controllers/OPNsense/Radvd/forms dialogEntry.xml

by Franco Fichtner on ⎇
radvd: support nat64prefix; closes #7487 #8289
DeltaFile
+26-2src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.php
+10-0src/opnsense/mvc/app/controllers/OPNsense/Radvd/forms/dialogEntry.xml
+5-0src/etc/inc/plugins.inc.d/radvd.inc
+4-0src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.xml
+45-24 files

OPNSense/core 3621caasrc/opnsense/mvc/app/models/OPNsense/IPsec/FieldTypes IPsecProposalField.php

by Kota Shiratsuka via GitHub on ⎇
IPsec: expose ChaCha20-Poly1305 AEAD proposals in IKEv2 GUI (#9611)

* ipsec: add ChaCha20-Poly1305 AEAD proposals for IKEv2

* Update src/opnsense/mvc/app/models/OPNsense/IPsec/FieldTypes/IPsecProposalField.php

Apply suggested changes from code review

Co-authored-by: Franco Fichtner <franco at lastsummer.de>

* Also add "no PFS" to aes256gcm16 description in IPsecProposalField

---------

Co-authored-by: Franco Fichtner <franco at lastsummer.de>
Co-authored-by: Monviech <79600909+Monviech at users.noreply.github.com>
DeltaFile
+11-2src/opnsense/mvc/app/models/OPNsense/IPsec/FieldTypes/IPsecProposalField.php
+11-21 files

OPNSense/core 50ade96src/etc/inc interfaces.inc

by Franco Fichtner on ⎇
interface: POC for multi-dhcp6c support

I'm not entirely sure why we settled for a single deamon of
dhcp6c back in the day, but there are certianly downsides to
it and I don't see something that wasn't fixed in the meantime
that makes this not work.

At the moment this splits off dhcp6c only but we need to
change the daemon's print a bit to avoid complaining about
"other" devices since the situation to ignore a non-listening
interface is normal and not "ignoring" something obvious as
the INFO log message suggests.

rtsold still needs to be split to allow for HUP reload of
a single interface instead of forcing a restart of all
DHCPv6 WAN clients at the same time.
DeltaFile
+9-23src/etc/inc/interfaces.inc
+9-231 files

OPNSense/core e1cc266src/etc/inc/plugins.inc.d radvd.inc, src/opnsense/mvc/app/controllers/OPNsense/Radvd/forms dialogEntry.xml

by Franco Fichtner via GitHub on ⎇
router advertisements: migrate to MVC/API (#9603)

Migrate router advertisements to its own space. Although
the data shifts around a bit the end result should be equivalent.

Of note is that we currently do not have visibility for automatic
interface tracking when not disabled, but they can be disabled
manually by adding the interface configuration and unchecking
the service enable.

Co-authored-by: Monviech <gitacc at pischem.com>
DeltaFile
+0-613src/www/services_router_advertisements.php
+206-0src/opnsense/mvc/app/controllers/OPNsense/Radvd/forms/dialogEntry.xml
+194-0src/opnsense/mvc/app/models/OPNsense/Radvd/Migrations/M1_0_0.php
+85-85src/etc/inc/plugins.inc.d/radvd.inc
+120-0src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.xml
+99-0src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.php
+704-69816 files not shown
+1,122-72322 files

OPNSense/core 3aedef8src/www services_dhcpv6.php

by Franco Fichtner on ⎇
isc-dhcpv6: no loner operates ramode
DeltaFile
+0-4src/www/services_dhcpv6.php
+0-41 files

OPNSense/core b5e6193src/etc/inc/plugins.inc.d radvd.inc dhcpd.inc, src/opnsense/mvc/app/models/OPNsense/Radvd/Migrations M1_0_0.php

by Franco Fichtner on ⎇
radvd: forgot one spot where we wanted to disable automatic tracking

This also means we should not migrate empty nodes that existed because
they were not disabled or DHCPv6 was enabled there once.
DeltaFile
+13-10src/opnsense/mvc/app/models/OPNsense/Radvd/Migrations/M1_0_0.php
+11-11src/etc/inc/plugins.inc.d/radvd.inc
+5-5src/etc/inc/plugins.inc.d/dhcpd.inc
+29-263 files

OPNSense/core 2fa135bsrc/opnsense/mvc/app/controllers/OPNsense/Radvd/forms dialogEntry.xml

by Franco Fichtner on ⎇
radvd: fix labels and grid default
DeltaFile
+5-2src/opnsense/mvc/app/controllers/OPNsense/Radvd/forms/dialogEntry.xml
+5-21 files

OPNSense/core 984ff82src/opnsense/mvc/app/controllers/OPNsense/Radvd/forms dialogEntry.xml

by Franco Fichtner on ⎇
radvd: shuffle form around
DeltaFile
+76-74src/opnsense/mvc/app/controllers/OPNsense/Radvd/forms/dialogEntry.xml
+76-741 files

OPNSense/core 9978c37src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes IntegerField.php, src/opnsense/mvc/app/models/OPNsense/Radvd Radvd.php

by Franco Fichtner on ⎇
radvd: only validate extras when ramax is valid

Otherwise the calculations will tell us numbers that are not
correct.
DeltaFile
+18-0src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/IntegerField.php
+9-1src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.php
+27-12 files

OPNSense/core c7336afsrc/etc/inc/plugins.inc.d radvd.inc

by Franco Fichtner on ⎇
radvd: use configtest debug level

In practice this doesn't really matter.   I don't see any debug
messages in my installation.  Normal logging should go through
and this is also very sparse.
DeltaFile
+1-1src/etc/inc/plugins.inc.d/radvd.inc
+1-11 files

OPNSense/core f1323f6src/opnsense/service/conf/actions.d actions_filter.conf

by Franco Fichtner via GitHub on ⎇
Update src/opnsense/service/conf/actions.d/actions_filter.conf
DeltaFile
+0-1src/opnsense/service/conf/actions.d/actions_filter.conf
+0-11 files

OPNSense/core 5219572src/opnsense/mvc/app/models/OPNsense/Radvd Radvd.xml Radvd.php

by Monviech on ⎇
Fix some typos in validation messages of Radvd.xml and Radvd.php
DeltaFile
+5-5src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.xml
+1-1src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.php
+6-62 files

OPNSense/core d3e46b8src/opnsense/mvc/app/library/OPNsense/OpenVPN ArchiveOpenVPN.php, src/opnsense/mvc/app/models/OPNsense/Firewall Filter.php

by Franco Fichtner on ⎇
Merge branch 'master' into radvd_8351
DeltaFile
+0-17src/www/guiconfig.inc
+0-6src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.php
+3-0src/opnsense/scripts/suricata/setup.sh
+1-1src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
+1-1src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php
+1-1src/opnsense/mvc/app/models/OPNsense/IDS/IDS.php
+6-261 files not shown
+7-277 files

OPNSense/core 66f32cbsrc/opnsense/mvc/app/models/OPNsense/Interfaces Vip.php

by Franco Fichtner on ⎇
radvd: style on previous
DeltaFile
+12-12src/opnsense/mvc/app/models/OPNsense/Interfaces/Vip.php
+12-121 files

OPNSense/core c34d7f0src/opnsense/mvc/app/models/OPNsense/Radvd Radvd.php

by Franco Fichtner on ⎇
radvd: put this back
DeltaFile
+1-1src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.php
+1-11 files

OPNSense/core 861ffbdsrc/etc/inc legacy_bindings.inc, src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api FilterBaseController.php

by Franco Fichtner on ⎇
firewall: simplify port alias check loosely refs #8806

(cherry picked from commit 7e0600ab02dac48965eb741308d2f61875445013)
(cherry picked from commit a09d2b7019a3b361a448f7e58690f72216a53c7b)
(cherry picked from commit f0da2b63a39c7b632edfb40d09fd174af654f205)
DeltaFile
+2-2src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterBaseController.php
+2-2src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/PortField.php
+2-2src/etc/inc/legacy_bindings.inc
+2-2src/opnsense/mvc/app/library/OPNsense/Firewall/Util.php
+1-1src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php
+1-1src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/NetworkAliasField.php
+10-106 files

OPNSense/core 0f5c34dsrc/opnsense/mvc/app/models/OPNsense/IDS IDS.php

by Franco Fichtner on ⎇
suricata: style update
DeltaFile
+2-2src/opnsense/mvc/app/models/OPNsense/IDS/IDS.php
+2-21 files

OPNSense/core 8582c7dsrc/opnsense/scripts/filter/lib/alias arpcache.py

by Ad Schellevis via Franco Fichtner on ⎇
Firewall: Aliases - use new hostdiscovery (with arp/ndp fallback) in mac type aliases.

While here, cleanup some redundant code, if a mac address is in the local cache, the local cache should be complete at anytime.
Technically, for legacy ndp, this might be a bit worse than before, but as hostdiscovery is more complete, that should be a small price to pay.

Eventually, when hostdiscoverty is the standard, we should be able to ditch the /tmp/alias_filter_arp.cache construction as hostdiscovery has its own database.

(cherry picked from commit b2a30fc5606ce2d6c781ae9b7282b83e8ec35ac3)
DeltaFile
+17-32src/opnsense/scripts/filter/lib/alias/arpcache.py
+17-321 files

OPNSense/core bf91b63src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api AccessController.php, src/opnsense/service/conf/actions.d actions_hostwatch.conf

by Ad Schellevis via Franco Fichtner on ⎇
Services: Captive Portal - use new hostwatch service introduced in https://github.com/opnsense/core/pull/9354 to collect mac addresses for 26.1

(cherry picked from commit dad25b534f8470a0552ea96b91908d9b5e8fd05c)
DeltaFile
+7-5src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/AccessController.php
+8-0src/opnsense/service/conf/actions.d/actions_hostwatch.conf
+15-52 files

OPNSense/core 8f9309esrc/etc/inc/plugins.inc.d hostwatch.inc, src/opnsense/mvc/app/controllers/OPNsense/Hostdiscovery SettingsController.php

by Ad Schellevis via Franco Fichtner on ⎇
Interfaces: Neighbors: Automatic Discovery - add new hostdiscovery feature (#9354)

(cherry picked from commit 61663d08583b4afc20d80016183e73b595bd5923)
(cherry picked from commit 94b786c4e83a5f277e3f034f67e994f134625908)
(cherry picked from commit 5909ccc0b22cc7fdbf7daadc3bb77c375668ea7b)
(cherry picked from commit 6c325c94a8b08def236edd7cf8110f0698220da8)
(cherry picked from commit 1894c6133bd3f503c6298a823ff624c97a8ee735)
(cherry picked from commit 8d6439a61132807132f8c6f246f4c522211934ed)
(cherry picked from commit 650b5ab17a2cd98efe67bbce5bcaf0100df57a7b)
(cherry picked from commit e3714d3f4373030120d2905c6c3396b0119d3271)
(cherry picked from commit de09b458f55c63d07726638dcbafe6d9d3d38e58)
(cherry picked from commit 1c1c494f93d1fc65e5f6b7aad4a8021c8d51e534)
DeltaFile
+114-0src/opnsense/mvc/app/views/OPNsense/Hostdiscovery/settings.volt
+99-0src/opnsense/scripts/interfaces/list_hosts.py
+56-0src/opnsense/mvc/app/controllers/OPNsense/Hostdiscovery/Api/ServiceController.php
+52-0src/etc/inc/plugins.inc.d/hostwatch.inc
+38-0src/opnsense/mvc/app/controllers/OPNsense/Hostdiscovery/SettingsController.php
+37-0src/opnsense/mvc/app/controllers/OPNsense/Hostdiscovery/Api/SettingsController.php
+396-013 files not shown
+608-119 files

OPNSense/core 024a78dsrc/opnsense/mvc/app/models/OPNsense/Interfaces/ACL ACL.xml

by Franco Fichtner on ⎇
interfaces: update ACL
DeltaFile
+1-1src/opnsense/mvc/app/models/OPNsense/Interfaces/ACL/ACL.xml
+1-11 files

OPNSense/core ea955f4src/opnsense/mvc/app/models/OPNsense/IDS IDS.php

by Franco Fichtner on ⎇
suricata: for two small changes this isn't needed
DeltaFile
+1-1src/opnsense/mvc/app/models/OPNsense/IDS/IDS.php
+1-11 files

OPNSense/core 43eaa70src/opnsense/mvc/app/models/OPNsense/IDS IDS.xml

by Franco Fichtner on ⎇
suricata: uppercase
DeltaFile
+1-1src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
+1-11 files

OPNSense/core 8f918f5src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes BaseField.php, src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes TextFieldTest.php

by Franco Fichtner on ⎇
mvc: BaseField: add isSet() and shift tests

Keeps isEmptyAndRequired() plus avoids other code changes for now.
DeltaFile
+18-9src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/BaseField.php
+8-5src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/TextFieldTest.php
+26-142 files

OPNSense/core 1c9a2a1src/opnsense/scripts/suricata setup.sh

by Franco Fichtner on ⎇
suricata: mask "error" on loaded module
DeltaFile
+1-1src/opnsense/scripts/suricata/setup.sh
+1-11 files

OPNSense/core f52c58csrc/opnsense/mvc/app/library/OPNsense/OpenVPN ArchiveOpenVPN.php

by Franco Fichtner on ⎇
openvpn: fix archive export

(cherry picked from commit 00687dbeb5489ad2708ef7924c34186a38db2168)
DeltaFile
+1-1src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php
+1-11 files

OPNSense/core 00687dbsrc/opnsense/mvc/app/library/OPNsense/OpenVPN ArchiveOpenVPN.php

by Franco Fichtner on ⎇
openvpn: fix archive export
DeltaFile
+1-1src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php
+1-11 files

OPNSense/core 632d5bbsrc/opnsense/mvc/app/views/OPNsense/Kea dhcpv4.volt, src/opnsense/www/js opnsense_bootgrid.js

by Stephan de Wit via Franco Fichtner on ⎇
bootgrid: allow conditional command rendering through a filter function

(cherry picked from commit 3fe0cc4a28c37b874a53807abdb3a605db41d46e)
(cherry picked from commit 3736489db27e0f5a1406ba5d0bad0c4bf71153d7)
(cherry picked from commit 1356068da4043874475f6ed0a20b611d05ca6a70)
(cherry picked from commit d25a8acd8ed5f17c6cad005525af2245cf623ed9)
DeltaFile
+183-121src/opnsense/www/js/opnsense_bootgrid.js
+35-39src/opnsense/mvc/app/views/OPNsense/Kea/dhcpv4.volt
+218-1602 files

OPNSense/core 88e6e05src/www guiconfig.inc

by Franco Fichtner on ⎇
firewall: remove unused function pprint_address()
DeltaFile
+0-17src/www/guiconfig.inc
+0-171 files