OPNSense/core 5c51ecdsrc/etc/inc/plugins.inc.d kea.inc

kea: align newwanip hook with reality
DeltaFile
+2-2src/etc/inc/plugins.inc.d/kea.inc
+2-21 files

OPNSense/core fbba9a9src/opnsense/www/js opnsense.js

ui: improve form validation error append

Since this iterates over a lot of irrelevant IDs and then mismatches
with the target change this by safeguarding against fields that are
likely not going to work without help_block_<id> and switch target
to a suffix match.
DeltaFile
+10-5src/opnsense/www/js/opnsense.js
+10-51 files

OPNSense/core 3557f8dsrc/opnsense/www/js opnsense_bootgrid.js

bootgrid: name it what it is
DeltaFile
+4-4src/opnsense/www/js/opnsense_bootgrid.js
+4-41 files

OPNSense/core d741236src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api FilterController.php

firewall: whitespace
DeltaFile
+5-5src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterController.php
+5-51 files

OPNSense/core ff20a2fsrc/opnsense/mvc/app/controllers/OPNsense/Firewall/Api FilterController.php

Firewall: Rules - missed a spot in https://github.com/opnsense/core/commit/9b8ee2a92f14092f6971a96c86ca2fe138cd7b89
DeltaFile
+1-1src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterController.php
+1-11 files

OPNSense/core 7d52ccfsrc/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv6.php

kea: style sweep
DeltaFile
+4-2src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+4-21 files

OPNSense/core 5b7c8e6src/etc/inc/plugins.inc.d kea.inc, src/opnsense/mvc/app/controllers/OPNsense/Kea/forms dialogSubnet6.xml

Services: Kea DHCPv6: Dynamic prefix delegation (#10252)

* Add a dynamic_prefix key to the user-context so we know which subnet6 should be enriched in a post apply hook later

* Also add dynamic_prefix to subnet6 dialog

* Add prefix source interface and resolve current prefix via Autoconf::getPrefix

* model bump not needed anymore

* Add validations that disallow users to configure subnet value, pool value and reservations for a dynamic prefix subnet. The subnet must be empty since it is auto configured, the pool is auto configured as ::1000-::2000 and seeded with initial prefix, reservations cannot be created because that would blow up as there is no concept like partial IPv6 addresses in KEA. We always want to bootstrap KEA with an initial working configuration.

* Since the prefix_source is verbatim to a subnet, we only allow its usage once per unique constraint

* Add a mvp for the dynamic pd_pool, the pool is auto generated from the largets possible prefix that does not include the IA_NA generated address pool. Validation ensures the user can only change the delegated prefix length, but not anything about the pool itself. KEA is very strict about validations, auto generation is required here to ensure the model stays sane.

* Make prefix pool validation stricter, if only a /64 prefix exists there is nothing we can do if we offer both IA_NA and IA_PD, at least /63 would be required for one IA_NA and one IA_PD pool.

* Remove config instantiation inside loops

    [89 lines not shown]
DeltaFile
+227-15src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+183-0src/opnsense/mvc/app/library/OPNsense/Interface/Idassoc.php
+54-17src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/dialogSubnet6.xml
+70-0src/opnsense/scripts/kea/kea_prefix_renew.py
+59-9src/opnsense/mvc/app/views/OPNsense/Kea/dhcpv6.volt
+31-5src/etc/inc/plugins.inc.d/kea.inc
+624-464 files not shown
+683-5210 files

OPNSense/core 141f5a6Mk version.mk

Revert "pkg: fix numpy version name"

This reverts commit 06291661ef1290b2b6c7a30cd18c0d4a563a0cf0.

Flippety-flop the ports tree went!

(cherry picked from commit 9dcd63d3e5ee8154ce8389108e6f7308b4b00bde)
DeltaFile
+1-1Mk/version.mk
+1-11 files

OPNSense/core 9dcd63dMk version.mk

Revert "pkg: fix numpy version name"

This reverts commit 06291661ef1290b2b6c7a30cd18c0d4a563a0cf0.

Flippety-flop the ports tree went!
DeltaFile
+1-1Mk/version.mk
+1-11 files

OPNSense/core b73465csrc/opnsense/mvc/app/controllers/OPNsense/Firewall/Api FilterController.php, src/opnsense/mvc/app/models/OPNsense/Firewall Filter.xml

Firewall: Rules [new]: Fix action, ipprotocol and protocol translations (legacy rules) (#10299)

* Firewall: Rules [new]: Fix action, ipprotocol and protocol translations. Fix Automatically generated rules category.

* Ensure translations are passed through all the way to icon formatter in view

* Ensure inet46 always shows as Any or *

* Update src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml

Co-authored-by: Franco Fichtner <franco at opnsense.org>

* Update src/opnsense/scripts/filter/list_non_mvc_rules.php

Co-authored-by: Franco Fichtner <franco at opnsense.org>

---------

Co-authored-by: Franco Fichtner <franco at opnsense.org>
DeltaFile
+13-13src/opnsense/mvc/app/views/OPNsense/Firewall/filter_rule.volt
+10-3src/opnsense/scripts/filter/list_non_mvc_rules.php
+7-3src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterController.php
+1-1src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
+31-204 files

OPNSense/core bf685c2src/opnsense/scripts/filter list_non_mvc_rules.php

Update src/opnsense/scripts/filter/list_non_mvc_rules.php

Co-authored-by: Franco Fichtner <franco at opnsense.org>
DeltaFile
+0-1src/opnsense/scripts/filter/list_non_mvc_rules.php
+0-11 files

OPNSense/core 02b1b47src/opnsense/mvc/app/models/OPNsense/Firewall Filter.xml

Update src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml

Co-authored-by: Franco Fichtner <franco at opnsense.org>
DeltaFile
+1-1src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
+1-11 files

OPNSense/core 7caec8asrc/opnsense/scripts/interfaces reconfigure_vlans.php reconfigure_vips.php

interfaces: a few "foreach ($config" iterations switched to config_read_array()
DeltaFile
+6-7src/opnsense/scripts/interfaces/reconfigure_vlans.php
+6-2src/opnsense/scripts/interfaces/reconfigure_vips.php
+12-92 files

OPNSense/core 138bff5src/etc/inc/plugins.inc.d captiveportal.inc, src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api AccessController.php

Captive Portal: remove redirection on HTTPS, ditch non-functional pass statement as well

In theory, clients only use HTTP to detect the presence of a portal.
If they were to use HTTPS, the 302 redirect would in most cases
not be accessible, as the certificate presented is most likely not
valid, cutting off the communication before any redirect to a login
page can happen.

The portal itself can and should remain accessible on HTTPS, as this
is the URL the redirect is pointing to. This may be attached to a
valid certificate as well, but the key point is that access to
this URL doesn't strictly need redirection for everything on port
443.

This should prevent clients opening bogus connections to the
captive portal, which consumes a lot of TLS traffic on the network
stack, bogging down lighttpd in bigger setups and creating
a lot of established states in pf.


    [2 lines not shown]
DeltaFile
+34-31src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/AccessController.php
+10-10src/etc/inc/plugins.inc.d/captiveportal.inc
+11-7src/opnsense/service/templates/OPNsense/Captiveportal/lighttpd-zone.conf
+55-483 files

OPNSense/core e44a05asrc/opnsense/mvc/app/views/OPNsense/IPsec settings.volt

ipsec: move swanctl.conf download button to the tab

This aligns with the aliases actions tab.
DeltaFile
+10-9src/opnsense/mvc/app/views/OPNsense/IPsec/settings.volt
+10-91 files

OPNSense/core ff62effsrc/opnsense/mvc/app/views/OPNsense/Diagnostics traffic.volt

Reporting: Traffic - add Max on Y axis for traffic graphs, closes https://github.com/opnsense/core/pull/10277

(cherry picked from commit 6d94603bb92dc6fb25ed9038230b53bacad153b8)
DeltaFile
+67-16src/opnsense/mvc/app/views/OPNsense/Diagnostics/traffic.volt
+67-161 files

OPNSense/core 3a5befdsrc/opnsense/mvc/app/views/OPNsense/CaptivePortal vouchers.volt, src/opnsense/mvc/app/views/OPNsense/Diagnostics routes.volt systemactivity.volt

bootgrid: replace 'append' with 'replace' for ajax: false grids

Noticed while documenting.

replaceData() is a lot more performant through Tabulator, and since
there are only 3 callers and all of them expect a clear before
updating any data, use a replace instead.

In time these pages should use the default search endpoint anyway,
but this requires an API change.

make sure to keep the append() function for compatibility

(cherry picked from commit d8b07eb02eba635fc253a948b7800cfa40a2be60)
DeltaFile
+1-4src/opnsense/mvc/app/views/OPNsense/Diagnostics/routes.volt
+4-0src/opnsense/www/js/opnsense_bootgrid.js
+1-3src/opnsense/mvc/app/views/OPNsense/CaptivePortal/vouchers.volt
+1-3src/opnsense/mvc/app/views/OPNsense/Diagnostics/systemactivity.volt
+7-104 files

OPNSense/core 0e054basrc/opnsense/mvc/app/views/OPNsense/CaptivePortal vouchers.volt, src/opnsense/mvc/app/views/OPNsense/Diagnostics systemactivity.volt routes.volt

bootgrid: clean up converter compatibility code

Only other consumer is Nginx in plugins, but worst case scenario
these timestamps will render as... timestamps, which in that form
are sortable anyway. It's likely this was throwing an error anyway

The "sorters" weren't actually accounted for in the compat
translation, so this wasn't overridable. Fix this here.

(cherry picked from commit a7ec18550d8cbb4b2a750a5860c3da52bd1d81d7)
DeltaFile
+5-18src/opnsense/www/js/opnsense_bootgrid.js
+3-13src/opnsense/mvc/app/views/OPNsense/CaptivePortal/vouchers.volt
+2-2src/opnsense/mvc/app/views/OPNsense/Diagnostics/systemactivity.volt
+1-1src/opnsense/mvc/app/views/OPNsense/Diagnostics/routes.volt
+11-344 files

OPNSense/core a118274src/opnsense/mvc/app/views/OPNsense/CaptivePortal clients.volt, src/opnsense/mvc/app/views/OPNsense/Dnsmasq leases.volt

ui: clean up useRequestHandlerOnGet usage

This has no use anymore with the current bootgrid code. If a
handler should be overridden, simply defining the function is enough

(cherry picked from commit 4a67e91f0b32f78a2a4de2a792ffba0da4a4e2d2)
DeltaFile
+0-1src/opnsense/mvc/app/views/OPNsense/CaptivePortal/clients.volt
+0-1src/opnsense/mvc/app/views/OPNsense/Dnsmasq/leases.volt
+0-1src/opnsense/mvc/app/views/OPNsense/IPsec/connections.volt
+0-1src/opnsense/mvc/app/views/OPNsense/IPsec/sessions.volt
+0-1src/opnsense/mvc/app/views/OPNsense/IPsec/tunnels.volt
+0-1src/opnsense/mvc/app/views/OPNsense/Kea/leases4.volt
+0-62 files not shown
+0-88 files

OPNSense/core d713a14src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv6.xml

Services: Kea DHCPv6: Clean up allocator and pd-allocator terminology (#10330)

(cherry picked from commit 0bd232447b7dfafcd696ec083207188f4848d523)
DeltaFile
+6-5src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.xml
+6-51 files

OPNSense/core dc59e5dsrc/opnsense/mvc/app/controllers/OPNsense/Kea/forms dialogSubnet4.xml, src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.xml KeaDhcpv4.php

Services: Kea DHCP: Kea DHCPv4 - add subnet allocator field (#10327)

(cherry picked from commit 6188aa8902429ea7ff690744799df8c32562ac9c)
(cherry picked from commit 153818d94babffcfb9a2c01933673cc109723939)
DeltaFile
+10-0src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/dialogSubnet4.xml
+8-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+4-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+22-03 files

OPNSense/core ecc01c7src/opnsense/mvc/app/controllers/OPNsense/Kea/forms generalSettings6.xml generalSettings4.xml, src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv6.xml KeaDhcpv4.xml

Services: Kea DHCPv4/6: Add decline_probation_period and set lower default to mitigate faulty client implementations to consume the whole pool (#10294)

* Services: Kea DHCPv4/6: Add decline_probation_period and set lower default to mitigate faulty client implementations to consume the whole pool.

* Use isSet() since 0 is allowed

(cherry picked from commit b80995f2135476b7fbeb2f650d74eebca55ad5b3)
DeltaFile
+8-0src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings6.xml
+8-0src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings4.xml
+3-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.xml
+3-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+2-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+2-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+26-06 files

OPNSense/core 35dd72csrc/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.xml KeaDhcpv6.xml

Services: Kea DHCPv4/6: Some cleanup regarding isEmpty) usage when 0 is allowed in IntegerFields, and ensure no IntegerField accepts negative values. (#10295)

(cherry picked from commit 5aa76c203035d41b1b9de10f61367f668ec8be4c)
DeltaFile
+10-3src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+10-3src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.xml
+3-3src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+3-3src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php
+26-124 files

OPNSense/core be288cf. plist, src/opnsense/mvc/app/models/OPNsense/Auth/FieldTypes UsernameField.php

mvc: stricten Email address validation and add a test case for it. filter_var(..,FILTER_VALIDATE_EMAIL) might align more with RFC's, but since RFC 5322 accepts almost everything, might not be the best option in reality.

(cherry picked from commit cf7836fe7fe2c9b4b2034b56414adc481dda8d31)
(cherry picked from commit db081565aeac90fc553d2e16f1242d1f72059871)
(cherry picked from commit b5ba8da0f3061b0c19b7dc8ed940072c515e16f1)
(cherry picked from commit 986b01d240fe86ce69c8e5aaca8a04f744e772fc)
DeltaFile
+89-0src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/EmailFieldTest.php
+0-56src/opnsense/mvc/app/models/OPNsense/Base/Validators/Email.php
+9-3src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/EmailField.php
+4-4src/opnsense/mvc/app/models/OPNsense/Auth/FieldTypes/UsernameField.php
+1-1plist
+103-645 files

OPNSense/core df42e1bsrc/opnsense/mvc/app/controllers/OPNsense/Routes/Api GatewayController.php

system: lowercase this one
DeltaFile
+1-1src/opnsense/mvc/app/controllers/OPNsense/Routes/Api/GatewayController.php
+1-11 files

OPNSense/core 9bdf568src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api VipSettingsController.php

interfaces: account for multiple UUIDs in VIP deletion

PR: https://github.com/opnsense/core/issues/10269

(cherry picked from commit afa7434044419f84513012d915aa0496bc3542e5)
(cherry picked from commit 91eb9f904f2acaed2cfe752f6ed258990a374511)
(cherry picked from commit 28ac053aaf4a5079841d7484a0775dc1c99867c0)
DeltaFile
+34-22src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/VipSettingsController.php
+34-221 files

OPNSense/core 6fa4011src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api FilterController.php

Firewall: Rules [new] - fix unintended change in filtering logic caused by https://github.com/opnsense/core/commit/c4aefc08f41167b921595cd3f606aadc72b46730

When inspect mode is not selected, only full matches are expected when filtering specific interfaces.
This also means when selecting the inverse of an interface, it automatically belongs to the "floating" group for not being a direct match.

To explain the options a bit better, comments are inserted in the filtereing block.

(cherry picked from commit 9b8ee2a92f14092f6971a96c86ca2fe138cd7b89)
(cherry picked from commit 49b54ef032124e36eed2ad6fb19a9cc518f576a1)
DeltaFile
+15-8src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterController.php
+15-81 files

OPNSense/core c6dc6fesrc/opnsense/mvc/app/controllers/OPNsense/Firewall/Api AliasController.php

Firewall: Aliases - regression in https://github.com/opnsense/core/commit/c0569f86d5538b4312dd7fd8f8613664db8dbed7, closes https://github.com/opnsense/core/issues/10291

(cherry picked from commit ae68650455acd6c35d464e35eb7d6a0e1f032f11)
DeltaFile
+14-12src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasController.php
+14-121 files

OPNSense/core 6812702src/opnsense/mvc/app/controllers/OPNsense/Auth/forms dialogUser.xml, src/opnsense/mvc/app/models/OPNsense/Auth User.xml

system: tighten landing page redirect (#10239)

PR: https://github.com/opnsense/core/issues/10238
(cherry picked from commit dd63dd1a8e506658c0d4742c7b3790e28ee601e3)
DeltaFile
+6-4src/opnsense/mvc/app/models/OPNsense/Core/ACL.php
+4-1src/opnsense/mvc/app/models/OPNsense/Auth/User.xml
+1-0src/opnsense/mvc/app/controllers/OPNsense/Auth/forms/dialogUser.xml
+11-53 files

OPNSense/core f6730bfsrc/etc/inc/plugins.inc.d pf.inc

firewall: use safe config iteration in interface registration

Some more style updates while here.
DeltaFile
+39-43src/etc/inc/plugins.inc.d/pf.inc
+39-431 files