opnsense/core
1
0
Fork 0
mirror of https://github.com/opnsense/core.git synced 2026-05-31 05:53:42 -05:00
Code Issues Packages Projects Releases Wiki Activity
19,147 Commits 47 Branches 410 Tags
command-backport
Commit Graph

19147 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stephan de Wit
7bcfd7d7c5 bootgrid: swap order of custom commands placement making sure they participate in command binding 2026-02-13 11:41:00 +01:00
Franco Fichtner
2e9ac2defb firmware: add upgrade hint and fingerprint for 26.1, isc-dhcp plugin migration 
While here also deprecate the old 25.1 fingerprint that wasn't
needed in a while now.
 2026-01-28 17:11:17 +01:00
Stephan de Wit
a653517786 interfaces: host discovery: make sure the full dump includes NDP output if hostwatch is disabled 
(cherry picked from commit f7fac5a6f4)
 2026-01-28 16:54:44 +01:00
Ad Schellevis
bf44c03828 Firewall: Aliases - expire geoip aliases when there's either no database installed or its newer than the alias contents populated. closes https://github.com/opnsense/core/issues/9374 
In the long run we should probably refactor the alias class so different types can have their own implementations, but this has a lot more impact than injecting a specific expire() implementation for geoip information at its current spot.

The additional advantage of this change is it will update aliases before their TTL expires when the geoip database is newer than the alias content.

(cherry picked from commit 7bb4008986)
 2026-01-26 14:26:49 +01:00
Franco Fichtner
8d7629d9bf isc-dhcp: check if device we try to configure exists in the system 
PR: https://github.com/opnsense/plugins/issues/5169
 2026-01-26 11:05:35 +01:00
Monviech
4516d410eb Firewall: Rules [new]: Escape selector in rule_protocol (#9642) 
(cherry picked from commit b3fa25ee01)
 2026-01-23 12:30:23 +01:00
Stephan de Wit
bfd819f092 openvpn: account for CARP status in start and restart cases as well (#9634) 
(cherry picked from commit 0b7c06f3a6)
 2026-01-23 12:28:41 +01:00
Monviech
3668d87f5d dnsmasq: Fix log conditions and some whitespace cleanup (#9632) 
(cherry picked from commit 664c80e7ca)
 2026-01-21 10:07:15 +01:00
Franco Fichtner
9bcc48111d system: fix edge case in tunable reset with one single tunable in the default config 2026-01-19 05:45:04 +01:00
Franco Fichtner
c0e339ff60 system: fix vsprintf() error on stray % invoke; closes #9618 
(cherry picked from commit 8d3a96e956)
 2026-01-15 22:39:51 +01:00
Franco Fichtner
41587bb2d4 interfaces: add a workaround for one-time sefgault in hostwatch 
Seen this during testing but it's hard to debug in that post-update state
during bootup.  In principle nothin g even changed between "50" and "90".

(cherry picked from commit b75dccbf59)
25.7.11 		2026-01-15 15:17:07 +01:00
Franco Fichtner
33461a871b interfaces: get hostwatch status by process name 
The PID takes a few ms to materialize, long enough for an apply to
show the service as red while still restarting.

The issue is reproducible via:

    # service hostwatch restart && service hostwatch status

It shows the service as stopped.

(cherry picked from commit 55f34d8feb)
 2026-01-15 12:08:37 +01:00
Franco Fichtner
390f772cfe interfaces: update version of hostwatch model 
(cherry picked from commit 5ef22164e4)
 2026-01-15 10:08:20 +01:00
Franco Fichtner
8da4a37128 interfaces: rename two "hostdiscovery" instances 
These better reflect that "hostwatch" is used although the
service has been coined "Host discovery" or even "Automatic
Discovery".

(cherry picked from commit 48426a39e6)
 2026-01-15 09:51:32 +01:00
Franco Fichtner
a505fe0ad6 interfaces: fix hostwatch internal service name 
(cherry picked from commit 8ab1130f07)
 2026-01-15 09:01:08 +01:00
Franco Fichtner
0fd0daefac firmware: typo 
(cherry picked from commit eef31ec6c0)
 2026-01-14 17:32:43 +01:00
Franco Fichtner
301141709f system: sort to retain order in Syslog source definitions 
The files are numbered but the glob will throw the files into
the array like it finds them on the disk.

(cherry picked from commit adc5b7a482)
 2026-01-14 15:22:35 +01:00
Franco Fichtner
861ffbd277 firewall: simplify port alias check loosely refs #8806 
(cherry picked from commit 7e0600ab02)
(cherry picked from commit a09d2b7019)
(cherry picked from commit f0da2b63a3)
 2026-01-09 12:30:18 +01:00
Franco Fichtner
0f5c34d3e0 suricata: style update 2026-01-09 12:30:18 +01:00
Ad Schellevis
8582c7d098 Firewall: Aliases - use new hostdiscovery (with arp/ndp fallback) in mac type aliases. 
While here, cleanup some redundant code, if a mac address is in the local cache, the local cache should be complete at anytime.
Technically, for legacy ndp, this might be a bit worse than before, but as hostdiscovery is more complete, that should be a small price to pay.

Eventually, when hostdiscoverty is the standard, we should be able to ditch the /tmp/alias_filter_arp.cache construction as hostdiscovery has its own database.

(cherry picked from commit b2a30fc560)
 2026-01-09 12:30:18 +01:00
Ad Schellevis
bf91b63576 Services: Captive Portal - use new hostwatch service introduced in https://github.com/opnsense/core/pull/9354 to collect mac addresses for 26.1 
(cherry picked from commit dad25b534f)
 2026-01-09 12:30:18 +01:00
Ad Schellevis
8f9309eb7f Interfaces: Neighbors: Automatic Discovery - add new hostdiscovery feature (#9354) 
(cherry picked from commit 61663d0858)
(cherry picked from commit 94b786c4e8)
(cherry picked from commit 5909ccc0b2)
(cherry picked from commit 6c325c94a8)
(cherry picked from commit 1894c6133b)
(cherry picked from commit 8d6439a611)
(cherry picked from commit 650b5ab17a)
(cherry picked from commit e3714d3f43)
(cherry picked from commit de09b458f5)
(cherry picked from commit 1c1c494f93)
 2026-01-09 12:30:12 +01:00
Franco Fichtner
8f918f51d8 mvc: BaseField: add isSet() and shift tests 
Keeps isEmptyAndRequired() plus avoids other code changes for now.
 2026-01-09 12:12:46 +01:00
Franco Fichtner
f52c58c36a openvpn: fix archive export 
(cherry picked from commit 00687dbeb5)
 2026-01-09 11:57:27 +01:00
Stephan de Wit
632d5bbdf5 bootgrid: allow conditional command rendering through a filter function 
(cherry picked from commit 3fe0cc4a28)
(cherry picked from commit 3736489db2)
(cherry picked from commit 1356068da4)
(cherry picked from commit d25a8acd8e)
 2026-01-09 11:14:45 +01:00
Franco Fichtner
132dfbe79b interfaces: migrate sharednet to their respective sysctls 2026-01-08 10:09:32 +01:00
Franco Fichtner
cba897b590 ipsec: typos spotted by eagle eye user 
(cherry picked from commit 14410cfab1)
 2026-01-08 10:09:32 +01:00
Franco Fichtner
d391f8bc4c mvc: use asInt() in GidField and UidField 2026-01-08 09:08:41 +01:00
Franco Fichtner
381ee3fdec mvc: uppercase all form labels 
(cherry picked from commit c4cfc24e0e)
 2026-01-08 09:07:10 +01:00
Franco Fichtner
0821d4de95 openvpn: two more exec() calls #9325 
(cherry picked from commit 2f05dc5f0c)
 2026-01-08 08:56:28 +01:00
Franco Fichtner
4a76078c6c interfaces: move configure_interface_hardware() 
The function does not belong to the library potion of the interface
code because that part is $config-agnostic which this function is not.

This also makes the diff against master easier since the function
has been changed as the settings shifted in the confuguration.
 2026-01-08 08:52:11 +01:00
Franco Fichtner
7cb3e3e794 system: numerous safe execution changes 
No more callers for mwexec_bg() left now too.
 2026-01-08 08:40:47 +01:00
Franco Fichtner
49cd45dce0 ipsec: most safe execution transformations done 2026-01-08 08:39:53 +01:00
Franco Fichtner
4f0d9ed98e interfaces: use mwexecfb() in two instances 2026-01-08 08:38:58 +01:00
Franco Fichtner
b8a0e501f6 isc-dhcp: safeguard this access 
While playing with the dhcpdv6 -> radvd migration I sort of broke
this, but it's safer to check if we should really read the property.

(cherry picked from commit 61f6b3c135)
 2026-01-08 08:20:37 +01:00
Franco Fichtner
5021b503e2 isc-dhcp: interalize interfaces_staticarp_configure(); closes #9476 
Instead of making the interface code pluggable, push the code that
causes the persistent side effect to the ISC DHCP plugin which then
gets to fix the stuck static ARP flag after disable/deinstall and a
reboot.  The situation isn't ideal, but much better than before.

(cherry picked from commit 05abe1367b)
(cherry picked from commit 9c161e3165)
 2026-01-08 08:19:09 +01:00
Franco Fichtner
55d4de443b kea: refactor daemon(8) call to mwexecfb() 2026-01-08 08:17:10 +01:00
Franco Fichtner
8afd32d1a7 interfaces: prefer longer lifetimes if multiple exist #9521 
(cherry picked from commit c015b71c62)
(cherry picked from commit f70a9537b8)
 2026-01-08 08:13:06 +01:00
Monviech
8d7e9f85f7 System: Snapshots: Add tooltip explaining active status (#9588) 
(cherry picked from commit 02215bd944)
 2026-01-07 20:41:05 +01:00
Ad Schellevis
9db3590e9f Services: Intrusion Detection: Administration / Alerts - replace "all" with explicit maximum choices, closes https://github.com/opnsense/core/issues/9586 
All for a possibly very lengthy file is not a very good idea, in the log view "all" is actually replaced with 5000, a bit more is likely not an issue, but lets make the choices explicit here.
For reference the "log" maximum number of items per page:

a0639859f5/src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/LogController.php (L61)
(cherry picked from commit 1ed4765cfd)
 2026-01-07 20:40:28 +01:00
Ad Schellevis
cfa9d9d551 Services: Unbound DNS: Overrides - remove delete selected button for single select grid. 
PR: https://github.com/opnsense/core/issues/9585

(cherry picked from commit a0639859f5)
(cherry picked from commit cac4171358)
 2026-01-07 20:39:12 +01:00
Stephan de Wit
0ceb705ffe unbound: add per-policy quick actions in reporting overview. (#9559) 
Fixes https://github.com/opnsense/core/issues/9483

(cherry picked from commit 9ac5b8e210)
 2026-01-07 20:37:45 +01:00
Franco Fichtner
8ae4d1ccb7 tests: remove this cruft 2026-01-07 20:35:06 +01:00
David Jack Wange Olrik
e98a552e2c system: rename sudoers file to make it more sortable (#9596) 
(cherry picked from commit b26e303325)
(cherry picked from commit ee5234ff38)
(cherry picked from commit 737228bd0e)
 2026-01-07 20:33:10 +01:00
Franco Fichtner
5e0073c53d system: provide util.inc for is_ipv6_allowed() 
(cherry picked from commit ba18303239)
 2026-01-07 20:32:10 +01:00
Franco Fichtner
1de6bb8d48 interfaces: fix comparison in PPP check code introduced in 996e883836 
(cherry picked from commit 54a39205ce)
 2026-01-05 16:22:16 +01:00
Franco Fichtner
814210877c make: remove tests guard code 2026-01-05 12:38:36 +01:00
Franco Fichtner
56398f4f09 make: happy new year! 
Most of the glue in Makefile belongs to version nowadays, but we
haven't moved the barely moving parts yet.  Start with the copyright
block since we're touching it now for the obvious reason.

(cherry picked from commit b7af57327c)
 2026-01-05 12:38:06 +01:00
Franco Fichtner
9e896df0ed backend: exec() removal in auth scripts 2026-01-05 12:06:36 +01:00
Franco Fichtner
501918f278 tests: update the test code to the current development state 2026-01-05 11:52:19 +01:00