Be nicer when checking if alias is numeric
Because an ordinary port can be numeric here.Forum https://forum.pfsense.org/index.php?topic=89906.0
Skip any numeric-only aliases in the ruleset to prevent errors from thosewho configured them on previous versions where that was allowed. Ticket
Code style etc inc u
Three minor improvements to IP functions
1) Most is_ip***() functions can return 4 or 6 to indicate type of IP, for benefit of calling code (both evaluate to boolean TRUE for backwards compatibility). But is_ipddr() doesn't. Fix is_ipaddr() so it follows same result schema. This saves calling code having to retest same data to determine type....
Ticket #4390 Return only the subnet bits not the full network in cidr format.
speedup 'function is_port($port)' speed by skipping calls to getservbyname when possible
Fix #4318 - gen_subnetv4_max() not working on 32bit
Validate if both IP address and subnet are valid and the same version. Fixes #4223
Ticket #3997, teach code to track carp through uniqids(). Missing carp GUI changes and upgrade code
"Like with like" - move a few functions to better places in the code (they are placed strangely)
A few functions such as ipcmp(), subnet_expand(), and check_subnets_overlap() are in illogical places - away from all the other ip comparison and subnet basic functions and in the middle of alias handling and interface enumeration....
Remove some extra spaces
Fix typo on variable name
Tighten and IPv6-ify gen_subnet() etc
Tightens, canonicalises and improves for IPv6, the functionsgen_subnet(), gen_subnetv6(), gen_subnet_max(), gen_subnetv6_max()
Changes are transparent to calling code.
Issues:
1) gen_subnet() and gen_subnet_max() will validate both IPv4 and IPv6 as valid args, but will then try to process an IPv6 subnet bitwise as x32 LONG without further checking, causing erroneous but apparently valid responses....
Allow dot at end of FQDN for a host
Redmine #4124 has discussion of this.
Use the undocumented -q options of devd to reduce spamming on logs. pfSense scripts do their logging so not necessary to have devd in there.
Add is_unqualified_hostname function
Fixes #3967, configure ip alias on top of carp by joining them to the same vhid as its parent
Fix to SMART disk matching
preg_match returns 0 when the string does not match the regex.0 does not "===" FALSESo this check is not always working.preg_match returns 1 when the string matches the regex.IMO it is better to check for !== 1 - then anything that is not success (0 or false or...) will be unset.
Use a better method of finding disks for SMART.Old code was inaccurate and also listed entries that were symlinks to other disks
Support converting an IP range to an array of addresses
so that it can be used for expanding ranges in host alias input.
Add a function to redirect to a page passing parameters through POST
Change is_port() to only validate a single port, we have is_portrange() for specific cases. Make necessary adjustments after check all is_port() calls. It fixes #3857
Convert almost all /sbin/sysctl calls to php functions
Fix sysctl name
Add set_single_sysctl(), a wrapper to set_sysctl() to make it simple to set value of a single sysctl
Add get_single_sysctl(), a wrapper to get_sysctl() to make it simple to get value of a single sysctl
Remove unused function color()
Silent kldstat
Fix kldstat match/output to check for a running module. It was claiming all modules were loaded so none were being loaded.
Fix PBI symlink creation and deletion under /usr/local following .pbiopt files, also drop setup_library_paths() since it's not necessary anymore
Unload the ZFS module if its not in use to not consume uselss memory
standardize on https://www.pfsense.org
Make is_linklocal case-insensitive and fix #3433
Merge pull request #959 from stilez/patch-3
Tighten is_subnet() functions
Tighten is_validaliasname()
is_validaliasname() treats "empty string" as a valid alias name, it probably shouldn't.
I suspect it also should not allow purely numeric names ('53'), or pure underscore ('_'), or reserved port names ('tcp', 'http'), as valid alias names for other things. Too much risk of issue/ambiguity which isn't helpful in a router/security device, and no obvious upside to it....
The is_subnet(), is_subnetv4() and is_subnetv6() functions have significant issues in their coding logic.
1) Functions use is_numeric(), so they validate invalid bitcount parts such as '1.1.1.1/6.5' or '::8000/94.7' as valid subnet strings...
Tighten is_numeric()
Improvements:
1) avoids 'expensive' preg_match() and is a more exact test2) fixes logic whereby an empty string or anything converted to an empty string, is deemed a valid 'numeric' value
(If an empty string can validate as numeric, it's possible that in some cases a number is expected and missing in a string, but not detected, causing malformed rules or subnet bitcounts, and unexpected issues or vulnerabilities)...
Add escapeshellarg() calls on exec parameters. While I'm here, replace some exec() calls by php functions like symlink, copy, unlink, mkdir
Sprinkle some more unsets
Correct displaying states status and avoid divison by zero due to wrong data collected
Correct curlies yet again
Use _vip as identified for CARP vip IPs to allow easier upgrade code. This way only ipaliases on carp need to be upgraded.
Add a knob to prefer IPv4 over IPv6, it fixes #2833
Add function is_inrange() that calls is_inrange_v6 or is_inrange_v4 accordingly
Correct syntax
Handle more carp enahancements for FreeBSD 10. the interface vips will be names $if@$vhid since the interface name is the same as other ips.
Use proper interface here
Remove references to _vip interface and provide proper configuration for carp on FreeBSD 10. Still some places to deal with this and certainly missing upgrade code
Introduce two new functions to be used on locking.
- try_lock: used for trying to get an EXCLUSIVE lock for a specified timeout by default of 5- unlock_force: which just releases any locks held on a specified lock
Use this new functions on rc.openvpn to avoid spurious stale locks around.
Fix #3004:
. Create a function to replace strings on deep associative arrays. Use the recent created function array_replace_values_recursive to fix VIP interface names instead of touch config.xml directly
Improve var names in get_memory
realmem is the amount of actual (real) memory installed - the size of the RAM card - e.g. 256MBphysmem is the amount of memory available to FreeBSD after BIOS, video... has stolen some of realmem.The variable names currently used are not very helpful for code readability. This standardises them. No functional change here.
Add scope to target when it is a link-local, it helps ticket #3150
Handle link local addresses with embedded interface scope on is_ipaddrv6 and also on dnsmasq which is not yet there for these addresses
Use pfSense module functions for finding interface v6 addresses. The addresses will be not in friendly format as returned by getnameinfo
Implement URL Table aliases for ports instead of IP addresses
Add a new alias type, URLs containing Ports
Add group_ports()
If the script_name is blank, try another method to locate what our filename is so we don't log an empty script name.
Add extra param, off by default, to make get_staticroutes() return hostnames too
Fix whitespace and indent
Create is_linklocal() to validate ll addresses
Make get_static routes behave correctly with aliases
Added IE mobile for WP8
Also do checks for ipv6 on is_ipaddr_configured
Check for the right function name since the previous was present in util.inc not interfaces.inc
Restore require_once(interfaces.inc) on get_configured_ip_addresses(), it's required by get_interface_ip()
Two interfaces, carp, ip aliases might be on the same subnet as their parent. What needs to be checked is the ip itself
Use full path to nohup
Assign the output of exec to a var to avoid any issues
Check interfaces and VIP IP address overlap
- Check if interface IP overlaps other interfaces or localip from mpd based services- Check if VIPs IP overlaps interfaces or other VIPs address
It fixes #1723
Correct name of function call and use directly its return value as its boolean as needed. Also correct the function to be more readble and put a note for v4 checks that might be needed
Make gen_subnetv6 return a compressed form IPv6 address/net representation. This removes some issues reported during Ticket #2746 and solve the issue on some cases
IPv6 subnet check
Add check_subnetsv6_overlap()
Make more strict checks during is_ip* functions. Helps http://forum.pfsense.org/index.php/topic,58399.0.html and http://forum.pfsense.org/index.php/topic,58273.0.html
Add option filter to return_dir_as_array()
- Add a 2nd parameter, default empty, that allows to pass a regex to filter files it'll return- While I'm here, simplify code removinf $canadd var
Move is_inrange() to util.inc and rename it to is_inrange_v6()
Move is_inrange() to util.inc and rename it to is_inrange_v4()
Forgotten -n option
Use sysctl for this since its better rather than going thorugh dmesg
Prevent no such file message when pid file does not exist
Add the PPPoE Server IP addresses to the locally configured addresses, this prevents the HTTP_REFERER check from triggering.
Just check the file_exists let pkill decide if its a vaild file or not.
code comment typo ('log_error' should have been 'log_auth')
Add refcount_read to util.inc
Add refcount_read so other code can easily find out how many things have the file system mounted.
Make a function to get the current theme and use it everywhere rather than duplicating code or missing functions. (Fixes forced themes using the wrong theme for login screen)
Allow/deny access to DHCP by partial MAC matching.
Unlock on return
There is no need to remove the @ from function names. Also properly unlock in case of exception. Size is constant and we know it no need for extra call to shmop. Put some more error checking just in case
Make access to shared memory atomic
Use lock and unlock to make sure that all incrementing and decrementing of the reference count in the shared memory section is atomic. This ensures that there are not unusual timing conditions that could see 2 callers trying to update the reference count at the same time, which could result in the count never returning to zero. If that happened, then the filesystems would never be restored to read-only. (this is really just relevant to nanobsd) (note that shmop_* calls in php do not do any locking themselves - callers must coordinate their own access to the shared memory section)...
Fix negative test
Pad data when adding to refcount reference, to avoid some oddities with how php handles such data. http://forum.pfsense.org/index.php/topic,51188.msg278141.html#msg278141
Fix get_staticroutes() function to handle IPv6 subnets properly
Do not directly print out a message when checking the interfaces, instead saving the list to use later. Display this list before the interface mismatch message. Fixes #2468 and fixes #2531
Catch libraries from subdirectories of PBI lib dirs too
Setup library paths to include /usr/pbi/*/lib as a last resort to make sure things can find libraries. We may eventually replace this with a better method as this can lead to conflicts, but for now it will allow packages to find their proper libraries.
Make mac_format aware of cpzone but also friendly to previous code!
Revert "Make mac_format aware of multiple Captiveportal instances"
This reverts commit 54df925b9ea447bdd10f88a886e2ef11d44c3059.
Revert "Make sure mac_format is always defined"
This reverts commit 56f9032170d3130c2066e5eebbe18b96398073ca.
Make sure mac_format is always defined