BSD Commit Log Search

interfaces: bring back interface_dhcpv6_id() and improve use a bit #7647

Keep this as $default_id but allow the overrides already implemented.

PR: https://forum.opnsense.org/index.php?topic=51148.0

Fix typo in client_id

backend: use bridges/bridged safe iteration

(cherry picked from commit 9cd352e408a0f2bb874ad3bd0035fb932f305c7b)

interafces: safe gres/gifs iteration

(cherry picked from commit 3d7cbd8079ddeb1febbad9cd1bd0467c6931e23e)

interfaces: use safe iteration in backend code

(cherry picked from commit 295c05cad94a746b8dd24dbaeac0d5a325259ef1)

interfaces: use safe iteration in backend code

Captive Portal: remove redirection on HTTPS, ditch non-functional pass statement as well

In theory, clients only use HTTP to detect the presence of a portal.
If they were to use HTTPS, the 302 redirect would in most cases
not be accessible, as the certificate presented is most likely not
valid, cutting off the communication before any redirect to a login
page can happen.

The portal itself can and should remain accessible on HTTPS, as this
is the URL the redirect is pointing to. This may be attached to a
valid certificate as well, but the key point is that access to
this URL doesn't strictly need redirection for everything on port
443.

This should prevent clients opening bogus connections to the
captive portal, which consumes a lot of TLS traffic on the network
stack, bogging down lighttpd in bigger setups and creating
a lot of established states in pf.

client-id is stored differently in the running configuration and the lease endpoint, it must be normalized here so we can return a correct match in is_reserved

interfaces: multi-dhcp6c support #7647

This splits off rtsold and dhcp6c into separate processes.

I'm not entirely sure why we settled for a single deamon of
dhcp6c back in the day, but there are certianly downsides to
it and I don't see something that wasn't fixed in the meantime
that makes this not work.

interfaces: revert multi-dhcp6c support #7647

This appears to have some real world drawbacks we haven't looked
closer at.

PR: https://forum.opnsense.org/index.php?topic=51148.0

src: style

Captive Portal: re-introduce hash lookup for accounting purposes (#10275)

* Captive Portal: re-introduce hash lookup for accounting purposes

Table redirection allowed for constant time lookups, with the
migration to pf this was changed to a linear time lookup. This commit
changes this back, but retrofits it on top of the ipv6 compatibility change.

While here:

- fix a small edge case that kills states for ips
flipping primary IPs according to hostwatch.
- make sure only the most recent arp entry is considered
- make sure to clear empty addresses from the set

Cherry-picked from 1bf1c69
Cherry-picked from 3c2780e

Add client_id to dhcpv4 config generator

Should be client_id in the row

Services: Kea DHCPv4: Add client-id to reservations

Captive Portal: re-introduce hash lookup for accounting purposes (#10275)

* Captive Portal: re-introduce hash lookup for accounting purposes

Table redirection allowed for constant time lookups, with the
migration to pf this was changed to a linear time lookup. This commit
changes this back, but retrofits it on top of the ipv6 compatibility change.

While here:

- fix a small edge case that kills states for ips
flipping primary IPs according to hostwatch.
- make sure only the most recent arp entry is considered
- make sure to clear empty addresses from the set

Captive Portal: change sort placement, only cosider pf for deletion and always insert all client ips

Services: Kea DHCPv4/6: Enable internalModelSafeDelete due to increased model relation field usage

Rename Unbound service display name in ACL.xml (#10278)

(cherry picked from commit 48da1ce7b901f09b8359f68238fcd026d83e13cc)

Interfaces: add some missing config locks, reading the configuration requires it being locked first to ensure setBase() can't be raced with another caller.

(cherry picked from commit d81dcd37e223649c7a5d7bc3adbb61a4dd65e089)

Interfaces: Assignments - work in progress for https://github.com/opnsense/core/issues/9945

In order to migrate the interface assignments, we need to think of a way to use the differently named xml nodes for interfaces (wan, lan, ..) into something that closely resembles a standard model implementation.
Since we can't match these nodes in our statically defined model xmls, the main idea is to flush all via an in-memory model with a separate load [construct] and save hook.

Interfaces: add some missing config locks, reading the configuration requires it being locked first to ensure setBase() can't be raced with another caller.

Add comment about issue if interfaces vanish or become deconfigured by the user, but the KEA config is not adjusted accordingly.

Fix the NO_LEASES_PLEASE client-classes test

Services: Kea DHCPv4/6: Build reservation status from control socket output, so it matches the scope of individual subnet (#10276)

* Services: Kea DHCPv4/6: Build reservation status from control socket output, so it matches the scope of individual subnets as well. Add client-id since it's relevant for IPv4 leases as well in default configuration.

We return an array now, change frontend detection if it's dynamic or static lease

Missed a closing bracket

Typo in client_id

Remove unused imports in LeasesController

Add comment to build_reserved_matches() to explain why the subnet-id logic exists now

* Add state as well, helpful for troubleshooting

* Add a state formatter to convert number status into their documented meaning

* Some data-width micro management

Rename Unbound service display name in ACL.xml (#10278)

Reporting: Traffic - add Max on Y axis for traffic graphs, closes https://github.com/opnsense/core/pull/10277

Some data-width micro management

Add a state formatter to convert number status into their documented meaning

Add state as well, helpful for troubleshooting