pfSense

Use a uniqid() to track phase2 entries to avoid confustion and various mistakes when modifying and editing them.

Remove extra quote and fix syntax

Use a php function rather tan using exec. Suggested-by: garga

Remove all .xml file generated from upgrade since it makes /var full

Fix dscp values and provide a config upgrade to fix values stored in config.xml. This is a proper fix for #3688

Change the option for webconfig login autocomplete from opt-in to opt-out, also bump config version and write a function to keep the current status on upgrades

Properly handle this rename, and squelch errors if it fails.

Merge pull request #1032 from fichtner/contributions manually since it does not apply cleanly

Do not allow upgrade_101_to_102 to exit early

This upgrade step does both Captive Portal stuff and OpenVPN stuff. So do not return early just because there is no Captive Portal config.
Both Captive Portal and OpenVPN tests changed to be positive tests, to make sure that everything is checked/tested and there is no chance to return early.

Provide upgrade code after changes done for Ticket #3441

s/unlink/unlink_if_exists/

Merge 10 -> 10.1 and 10.1 -> 10.2 function upgrade since the recent changes done on 2.1.1 for Ticket #3441

Add escapeshellarg() calls on exec parameters. While I'm here, replace some exec() calls by php functions like symlink, copy, unlink, mkdir

Upgrade all firewall rules to include a tracker field. Add a tracker field even for nat for later usage while here.

Fix syntax

Make sure to give the zone a name during the upgrade, or else it comes through with a blank/null name.

Convert ipaliases over carp to new world order

Since zoneid need to be less then 4096 provide some upgrade code to handle that from existing configs

Many fixes on privileges, ticket #3216:

- Rename some privileges:
page-diag-system-activity => page-diagnostics-system-activity
page-interfacess-groups => page-interfaces-groups
page-interfacess-lagg => page-interfaces-lagg
page-interfacess-qinq => page-interfaces-qinq...

Add hybrid and disabled outbound NAT, fixes #2416:

- Add 2 new outbound NAT modes, hybrid and disabled, manual and advanced
keep working the same way
- Hybrid mode applies manual rules first, automatic after
- Disabled do no create any outbound NAT rules...

Change OpenVPN Compression settings to cover the full range of allowed settings on OpenVPN (unset, off, on, adaptive) rather than a simple off/on switch that either doesn't set the value or enables it with adaptive (OpenVPN's default).

Set default value to radius_protocol during upgrade, it should fix #3226

Needs parens

Add upgrade code to change the DHCP next-server value to nextserver since it was renamed sometime in 2.1 but upgrade code didn't follow. Also shuffle the upgrade code blocks a bit since we need these on 2.1.x and nobody should be on 2.2 yet, so the impact should be minimal to renumber the one bit specific to 2.2.

Remove newsyslog cron job on upgrade, if present.

Alix 2D6 crashes upgrade process withou out of diskspace

Updating the the RRD graphs causes two copies of each RRD's XML file to be stored in /tmp.

On Nanobsd, the default /tmp size is 40mb. It doesn't require very many RRD XML dumps before this is exhausted.

Set action = pass for configured mac addresses on CP passtrumac

Disable kill_states by default on upgrade, it fixes #3183

Fix #3004:

. Create a function to replace strings on deep associative arrays
. Use the recent created function array_replace_values_recursive to fix
VIP interface names instead of touch config.xml directly

Make sure RRD data is restored from backup before upgrading data and a new backup is done after. It should fix #2159

Add independent logging choices to disable logging of bogon network rules and private network rules. Add upgrade code to obey the existing behavior for users (if default block logging was disabled, so is bogon/private rule blocking). Also add a checkbox to disable the lighttpd log for people who don't want their system log spammed by lighty.

Repect global conf_path

Don't flip the IPv6 allow setting just because people are upgrading. Just upgrading versions shouldn't change this behavior. As much as most of us would like people to start deploying IPv6, the vast majority aren't going to be immediately post-upgrade, and changing this can change the firewall policy behavior by allowing v6 that previously wasn't allowed. Upgrades should never change the firewall behavior like that. At the time it was done, everyone using the 2.1 code base was using it for IPv6, so of course it tripped up quite a few people.

Fixes #2979

. Change max value for traffic and packets graphs to 20GigE
. Bump config version to 9.6
. Write a config upgrade function to tune current rrd files to the new
max value

Fix IPv6 Prefix ID default value

. Always initialize it to 0 when it's undefined
. Remove unecessary initializations and checks
. Bump config version to 9.5
. Write an upgrade config function to initialize old configs properly

Install Plan B for upgrading the RRD files to the newer format to add IPv6 fields.
We now perform a search and replace on the XML contents to add fields instead of reading the XML into a PHP array.
A conversion with a 2.0 config on a 128MB VM without swap is succesful, needs more testing....

Sprinkle some unset to reduce footprint

Upgrade code & config default version

Adjust RRD captive portal graphs for CP zones

- Create RRD configs per zone
- Add tabs to see graphs per zone
- Migrate existing rrd files to default cpZone
- While I'm here, call unset() for $rrdcreate and $rrdupdatesh

Resolves #2655

Fix rrd databases upgrade. Helps ticket #2651

- Replace find that was being called with wrong parameters at
upgrade_054_to_055() and upgrade_080_to_081() by return_dir_as_array()
call.

Fix indent and remove trailing tabs and whitespaces

Fix outbound NAT rules when interface is deleted:

- When delete interface, do not touch outbound NAT rules
- Skip outbound NAT rules when interface doesn't exist
- Bump latest_config to 9.2
- Since rules with no interface were considered as wan, convert old...

Make limiters have a schedule specified which applie bandwidth limits during that period

Due to the DHCP pool tag needing to be an array, rename the old LB "pool" variable to something else so it's not interpreted as an array.

Ensure this gets a set default value or things can break

Remove ca reference

Implement certificate chain in Captive Portal

Use Certificate Manager in Captive Portal settings

Change ereg_replace to preg_replace() function

Generalize the Crypto hardware option and add GUI support for AES-NI.

Make sure we tag all 2.0 gateways as being IPv4, in 2.1 we require this tag to be present for the gateways.
This should prevent duplicate gateway entries for people coming from 2.0 that have dynamic interfaces

Correct upgrade code from report of http://forum.pfsense.org/index.php/topic,50182.0.html

Fixes #2428. Reference limiters in rules by name to avoid issues. Also put upgrade code for existing configs. The same fix is necessary for 2.0.x though not sure how this should be committed there.

Include util.inc and IPv6.inc before config.lib.inc.
Several parts of the config upgrade relay on functions in these.

Make sure we include "util.inc" during config upgrade. We need is_ipaddrv4() during upgrade which is triggered from gwlb.inc

Rename old RRD quality database to the new GW name so we continue the graph.

Fix reference updating for when more than one carp vip exists. Skip the upgrade code if no carp vip defined. Ticket #2445

Add missing declaration for global variable $g where it is used.

Fix name of the config section for virtual IPs in upgrade code. Ticket #2445

Check the surrounding characters to not allow partial matches. Ticket #2445

Revert "Rather do a fix by going through vips in reverse order"

This reverts commit d996dfeab2ec40cf3fb44b51811333b40ed5073f.

Do this only for carp type vips

Rather do a fix by going through vips in reverse order

Since this is an interface to avoid issues arising from vip1 and vip11 existing and replacing vip1 will replace even vip11, put on the regex <(starting close tag).

Move vip upgrade code to be later, since it was backed out of 2.0.x it no longer needs to be so early, and otherwise there can be some breakage/fallout. Ticket #2445

Ooops use correct name for vips

Oops this should be sed and not sh. Fixes #2445

Make sure to push elements we don't recognize on the stack too.

Add upgrade code that updates the dynamic gateway names to their new format new $if_$type.
Redmine Ticket #2332. I've tested a simple upgrade with 3 dynamic Wans with varying names and that appears to have succeeded. Needs more testing.

Feature #2123 Backup RRD files using the xml dump and restore from RRD tools

http://redmine.pfsense.org/issues/2123

Remove slipped line

Make vips vhid be unique per parent interface!

Move CARP settings from pkg XML to a real PHP page

https://redmine.pfsense.org/issues/647

Unbreak the upgrade_config.inc, sorry

More memory optimizations for the RRD upgrade. Ticket #1758 #2159

Update the upgrade function so we use less memory here too to make sure it succeeds on Nano.
Related to ticket. #2159 #1758

Fixes #1999. Upgrade bvoucher config as well during CP upgrade to multi-instance

PPTP upgrade needs to declare $config a global.

Fix LZO setting for Upgraded OpenVPN (was turning compression on even if old config had it disabled.)

Fix upgrade code for 1.2.3 with assigned OpenVPN interface.

Don't ignore when multiple OpenVPN DNS, NTP, WINS, etc servers were specified in 1.2.3 when upgrading. 1.2.3 separated by ;, 2.x uses separate vars.

Safer for 1.2.3 upgrades to assume OpenVPN interface == any, since 1.2.3 didn't have a way to bind to an interface. Otherwise people accepting connections on opt interfaces on 1.2.3 will break on upgrade until the proper interface is selected in the GUI

Unbreak a number of explode() replacements which required preg_split()

The function split() is replaced by the function explode(). Starting with PHP 5.3 this is deprecated and with version 6 gone.
Replacing it surpresses all the warnings

Convert MTU from 1.2.3 to MSS on 2.0, fixes #1886

Fix SMTP monitor check in upgrade code, too.

Fix the 2nd grow command, add space
Ticket #1758

Ok, let's try not to corrupt the RRD files on upgrade. Leave the RRA arc
hives for the 720 minutes average at 1000.
Then run a rrdtool resize command to grow the RRA by 1000 and 2000 for the 60 and 720 average respectively.
Attempts to further fix ticket #1758

Add the OOM memory restructuring fix from Ticket #1758 into mainline for nanoBSD upgrades.

Move the old databases to the backup folder in conf
Fixes ticket #1758

Restore the RRD backup before attempting a migration as this bites the nanobsd users.
We immediately backup the new databases to a new rrd.tgz file. The old database will be moved to /root
Fix for ticket #1758

Add the multi instance CP to master branch. This allows to define CP with different properties on different interfaces.

Merge remote-tracking branch 'upstream/master'

Conflicts:
etc/inc/easyrule.inc
etc/inc/filter.inc
etc/inc/interfaces.inc
etc/inc/services.inc
etc/inc/xmlrpc_client.inc
usr/local/www/fbegin.inc
usr/local/www/services_dhcp.php

Merge remote-tracking branch 'mainline/master' into inc

Conflicts:
etc/inc/priv.defs.inc

Merge remote branch 'upstream/master'

Check if an item is an array before treating it as such in the upgrade code.

Merge remote-tracking branch 'mainline/master' into inc

Add proper checks in auth code for testing if the section has been set in the config. Also do the same in the ugprade code

Merge remote branch 'upstream/master'

In upgrade code for server load balancing, set redirect_mode. Also in the backend code, assume redirect_mode as the default if it's not set.