interfaces: put back DUID validity for faulty setup
Since DUID is part of interface settings it's better to not invalidate
existing values and/or rewrite them later on.
Services: Kea DHCPv4: Add client-id to reservations (#10288)
* Services: Kea DHCPv4: Add client-id to reservations
* Should be client_id in the row
* Add client_id to dhcpv4 config generator
* client-id is stored differently in the running configuration and the lease endpoint, it must be normalized here so we can return a correct match in is_reserved
* Fix typo in client_id
* Use MAC address instead of Ether address in validation message, fix missing back reference in DHCPv6 reservation validation
* Update src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
Co-authored-by: Franco Fichtner <franco at opnsense.org>
* Update src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
[7 lines not shown]
Firewall: Rules [new] - refactor searchRuleAction() to use the same filtering and sorting logic on MVC and legacy data.
The current implementation is applying our filter logic twice for MVC records, first it uses the default searchBase() construct, which it then needs to pipe through searchRecordsetBase() again. There are a couple of downsides here, it's more expensive (although the user likely won't notice), but also requires duplication of filter logic.
With the logic introduced in https://github.com/opnsense/core/commit/c81417f26747a9e4e46f608c2791bbae805e79fd , we can extract the exact same content from our model so we can merge all at once and push it through our filtering and sorting logic.
The idea is to be able to "smarten" searchRecordsetBase() a bit so we can apply some additional logic based on types at some point in time, which requires all data to passthrough the same pipeline at least.
This commit should be backwards compatible with the previous code.
(cherry picked from commit dad956e3143e7aa26f6be140e4c0ff48d1758e22)
(cherry picked from commit c2dcb5ba2fb4716d0e7880fac0c62680293d1b21)
firewall: make getRealInterface() a static utility function #10251 (#10258)
Align implementation with get_real_interface() except that we shall
not give a fallback of $device = $interface since we want better
integrity in MVC code (and don't deal with devices in configuration
data there).
(cherry picked from commit dc357ece1a5e6f9b5713b7cc1e986f6483c91931)
Services: Kea DHCPv4/6: Build reservation status from control socket output, so it matches the scope of individual subnet (#10276)
* Services: Kea DHCPv4/6: Build reservation status from control socket output, so it matches the scope of individual subnets as well. Add client-id since it's relevant for IPv4 leases as well in default configuration.
We return an array now, change frontend detection if it's dynamic or static lease
Missed a closing bracket
Typo in client_id
Remove unused imports in LeasesController
Add comment to build_reserved_matches() to explain why the subnet-id logic exists now
* Add state as well, helpful for troubleshooting
* Add a state formatter to convert number status into their documented meaning
* Some data-width micro management
[2 lines not shown]
Services: Kea DHCPv4/6: Enable internalModelSafeDelete due to increased model relation field usage (#10287)
(cherry picked from commit fe8c0f27cab78631130d27ddc3e73ee4efc4ebbb)
interfaces: adjust and annotate interface_dhcpv6_id() #7647
This does not change the output unless an unknown or empty interface
is passed which is mostly to protect future GUI use from returning a
wrong IAID. This means from a functional perspective this is risk-
free.
Also note that this is the "default_id" and not always the resulting
ID due to what was already worked on for this ticket.
Services: Kea DHCPv4: Add client-id to reservations (#10288)
* Services: Kea DHCPv4: Add client-id to reservations
* Should be client_id in the row
* Add client_id to dhcpv4 config generator
* client-id is stored differently in the running configuration and the lease endpoint, it must be normalized here so we can return a correct match in is_reserved
* Fix typo in client_id
* Use MAC address instead of Ether address in validation message, fix missing back reference in DHCPv6 reservation validation
* Update src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
Co-authored-by: Franco Fichtner <franco at opnsense.org>
* Update src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
[5 lines not shown]
interfaces: bring back interface_dhcpv6_id() and improve use a bit #7647
Keep this as $default_id but allow the overrides already implemented.
Do not emit a default IAID when the interface is not set or faulty so
that we can use it in the GUI safely for a placeholder.
PR: https://forum.opnsense.org/index.php?topic=51148.0
Captive Portal: remove redirection on HTTPS, ditch non-functional pass statement as well
In theory, clients only use HTTP to detect the presence of a portal.
If they were to use HTTPS, the 302 redirect would in most cases
not be accessible, as the certificate presented is most likely not
valid, cutting off the communication before any redirect to a login
page can happen.
The portal itself can and should remain accessible on HTTPS, as this
is the URL the redirect is pointing to. This may be attached to a
valid certificate as well, but the key point is that access to
this URL doesn't strictly need redirection for everything on port
443.
This should prevent clients opening bogus connections to the
captive portal, which consumes a lot of TLS traffic on the network
stack, bogging down lighttpd in bigger setups and creating
a lot of established states in pf.
client-id is stored differently in the running configuration and the lease endpoint, it must be normalized here so we can return a correct match in is_reserved
