Squashed commit of the following:
commit b256ed7fcfa5e36bfd29e08c479bd02b461b21f5
Author: Ad Schellevis <ad at opnsense.org>
Date: Sun Apr 12 14:31:54 2026 +0200
net/frr - Routing: STATIC, finish https://github.com/opnsense/plugins/pull/5390 and add diagnostics.
commit be8a53d3d2fc4a91e7834e68322dd295a41f6888
Author: Sven Scholle <sven at shelldog.de>
Date: Sat Apr 11 14:50:56 2026 +0200
net/frr: add BFD dependency support for static routes
We redistribute static routes from staticd into OSPF via WireGuard tunnels.
We want the redistribution to depend on whether the tunnel is actually up.
Since WireGuard interfaces remain up even when the tunnel is not functional, BFD appears to be the simplest solution for detecting tunnel failures.
Firewall: Rules [new] - refactor searchRuleAction() to use the same filtering and sorting logic on MVC and legacy data.
The current implementation is applying our filter logic twice for MVC records, first it uses the default searchBase() construct, which it then needs to pipe through searchRecordsetBase() again. There are a couple of downsides here, it's more expensive (although the user likely won't notice), but also requires duplication of filter logic.
With the logic introduced in https://github.com/opnsense/core/commit/c81417f26747a9e4e46f608c2791bbae805e79fd , we can extract the exact same content from our model so we can merge all at once and push it through our filtering and sorting logic.
The idea is to be able to "smarten" searchRecordsetBase() a bit so we can apply some additional logic based on types at some point in time, which requires all data to passthrough the same pipeline at least.
This commit should be backwards compatible with the previous code.
System: Access: Servers - RADIUS, implement NAS-IP-Address attribute. closes https://github.com/opnsense/core/pull/10089
Refactor PR a bit and implement the requested attribute.
For existing setups, the send attributes should be unchanged.
system: more natural cron escaping for command #10075
Changes command output from
/usr/local/sbin/configctl -d -- 'system remote backup'
to
/usr/local/sbin/configctl -d -- system remote backup
which is actually correct and needed since c491376.
Not sure what "\n" had to do with it but in the case of the
command it should be a normal string and risk of injection
is lower than parameter (but still mitigated properly).
MVC: add support for pluggable dynamic menu items and move some existing parts out of the MenuSystem class
In most cases we use static menu registartions, but there are exceptions which depend on interfaces for example.
While looking at https://github.com/opnsense/core/pull/10033, a longer standing wish came up again, which is the reason to add this support right now. It also helps in removing some legacy components for good via plugins.
To register new menu items, the following pattern may be used:
* In your model, derive a Menu class from MenuContainer
* implement a method collect() which should add new menu items via the appendItem() {bound to appendItem in MenuSystem}
Always try to minimize the amount of code inside these plugins as this code will be executed on each page load.
