ui: improve form validation error append (#10333)
Since this iterates over a lot of irrelevant IDs and then mismatches
with the target change this by safeguarding against fields that are
likely not going to work without help_block_<id> and switch target
to a suffix match.
One spot where this matters: under kea v6 subnet add "DNS servers"
entry e.g. "::", click auto collect for check mark, click save. Interface
and subnet validation is red, the DNS server one shown is not.
ui: improve form validation error append
Since this iterates over a lot of irrelevant IDs and then mismatches
with the target change this by safeguarding against fields that are
likely not going to work without help_block_<id> and switch target
to a suffix match.
Services: Kea DHCPv6: Dynamic prefix delegation (#10252)
* Add a dynamic_prefix key to the user-context so we know which subnet6 should be enriched in a post apply hook later
* Also add dynamic_prefix to subnet6 dialog
* Add prefix source interface and resolve current prefix via Autoconf::getPrefix
* model bump not needed anymore
* Add validations that disallow users to configure subnet value, pool value and reservations for a dynamic prefix subnet. The subnet must be empty since it is auto configured, the pool is auto configured as ::1000-::2000 and seeded with initial prefix, reservations cannot be created because that would blow up as there is no concept like partial IPv6 addresses in KEA. We always want to bootstrap KEA with an initial working configuration.
* Since the prefix_source is verbatim to a subnet, we only allow its usage once per unique constraint
* Add a mvp for the dynamic pd_pool, the pool is auto generated from the largets possible prefix that does not include the IA_NA generated address pool. Validation ensures the user can only change the delegated prefix length, but not anything about the pool itself. KEA is very strict about validations, auto generation is required here to ensure the model stays sane.
* Make prefix pool validation stricter, if only a /64 prefix exists there is nothing we can do if we offer both IA_NA and IA_PD, at least /63 would be required for one IA_NA and one IA_PD pool.
* Remove config instantiation inside loops
[89 lines not shown]
Firewall: Rules [new]: Fix action, ipprotocol and protocol translations (legacy rules) (#10299)
* Firewall: Rules [new]: Fix action, ipprotocol and protocol translations. Fix Automatically generated rules category.
* Ensure translations are passed through all the way to icon formatter in view
* Ensure inet46 always shows as Any or *
* Update src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
Co-authored-by: Franco Fichtner <franco at opnsense.org>
* Update src/opnsense/scripts/filter/list_non_mvc_rules.php
Co-authored-by: Franco Fichtner <franco at opnsense.org>
---------
Co-authored-by: Franco Fichtner <franco at opnsense.org>
security/strongswan-legacy: follow core in naming IPv4+6 "any"
This will die eventually since "inet46" is only in the legacy code,
but in order to mark this spot as done we do the rename.
Captive Portal: remove redirection on HTTPS, ditch non-functional pass statement as well
In theory, clients only use HTTP to detect the presence of a portal.
If they were to use HTTPS, the 302 redirect would in most cases
not be accessible, as the certificate presented is most likely not
valid, cutting off the communication before any redirect to a login
page can happen.
The portal itself can and should remain accessible on HTTPS, as this
is the URL the redirect is pointing to. This may be attached to a
valid certificate as well, but the key point is that access to
this URL doesn't strictly need redirection for everything on port
443.
This should prevent clients opening bogus connections to the
captive portal, which consumes a lot of TLS traffic on the network
stack, bogging down lighttpd in bigger setups and creating
a lot of established states in pf.
[2 lines not shown]
bootgrid: replace 'append' with 'replace' for ajax: false grids
Noticed while documenting.
replaceData() is a lot more performant through Tabulator, and since
there are only 3 callers and all of them expect a clear before
updating any data, use a replace instead.
In time these pages should use the default search endpoint anyway,
but this requires an API change.
make sure to keep the append() function for compatibility
(cherry picked from commit d8b07eb02eba635fc253a948b7800cfa40a2be60)
bootgrid: clean up converter compatibility code
Only other consumer is Nginx in plugins, but worst case scenario
these timestamps will render as... timestamps, which in that form
are sortable anyway. It's likely this was throwing an error anyway
The "sorters" weren't actually accounted for in the compat
translation, so this wasn't overridable. Fix this here.
(cherry picked from commit a7ec18550d8cbb4b2a750a5860c3da52bd1d81d7)
ui: clean up useRequestHandlerOnGet usage
This has no use anymore with the current bootgrid code. If a
handler should be overridden, simply defining the function is enough
(cherry picked from commit 4a67e91f0b32f78a2a4de2a792ffba0da4a4e2d2)
Services: Kea DHCPv4/6: Add decline_probation_period and set lower default to mitigate faulty client implementations to consume the whole pool (#10294)
* Services: Kea DHCPv4/6: Add decline_probation_period and set lower default to mitigate faulty client implementations to consume the whole pool.
* Use isSet() since 0 is allowed
(cherry picked from commit b80995f2135476b7fbeb2f650d74eebca55ad5b3)
Services: Kea DHCPv4/6: Some cleanup regarding isEmpty) usage when 0 is allowed in IntegerFields, and ensure no IntegerField accepts negative values. (#10295)
(cherry picked from commit 5aa76c203035d41b1b9de10f61367f668ec8be4c)
