Combine is_subnet to check for both v4 and v6 subnets
Add is_subnetv6 for checking of IPv6 subnets
Implement correct gen_subnetv6_max function that you can throw random prefix lengths in. Fixes Ticket #1725
Fix the referrer checks for IPv6 addresses Ticket #1583
Ticket #1279. Decrease the refcount even though we're in booting phase. This helps the refcount to work as intended and help in making filesystem read only correctly on embedded platfroms. While here put some exceptions to refcount API and silent any related errors that might trigger. Also take not of the NOTE on the php manual that after a share memory is opened further references to it for size and access mode should be 0.
Make initial changes to allow pfSense to work in a jail.
This mostly avoids starting things that will not work and gets theinitial config. Most of the pfSense functionality will not work(pf rules, routing, etc) but it can be used for testing.
Remove trailing newline
Merge remote-tracking branch 'upstream/master'
Conflicts: etc/inc/easyrule.inc etc/inc/filter.inc etc/inc/interfaces.inc etc/inc/services.inc etc/inc/xmlrpc_client.inc usr/local/www/fbegin.inc usr/local/www/services_dhcp.php
Merge remote branch 'upstream/master'
Merge remote-tracking branch 'mainline/master' into inc
Feature #1603. Correct nested urltable alias code to be more fullproof to errors and does not break the ruleset on large lists of urltables. Though this needs a revisit to work properly since it breaks urltable alias property of reloading contents.
Conflicts: etc/inc/filter.inc etc/inc/util.inc
More whitespace fixes.
If no event_address in globals.inc specified assume the default. Also fixed whitespaces.
Conflicts: etc/version
Do not check dynamic and special interfaces for a complete interface mismatch error
Reject alias names that are too long. Fixes #1510
Conflicts: etc/inc/auth.inc etc/inc/config.lib.inc etc/inc/filter.inc etc/inc/pfsense-utils.inc etc/inc/pkg-utils.inc etc/inc/priv.defs.inc etc/inc/services.inc...
Make sure to note the limitations to gethostbyname, it does not work for Quad A records. Fix resolve_retry in the process, use that.
Resolve merge conflict
Simplify is_macaddr regex.
Slight regex fix on is_macaddr - the previous regex was letting through a mac without : separators, leading to improper validation and potentially invalid dhcp configs. Seen here http://forum.pfsense.org/index.php/topic,33830.0.html
Pass the -a parameters to pgrep to be certain we search ancestors as well. The side effects might be inoquos from the pfSense context.
Remove this compress line, it breaks the dhcpv6 config
Fix the subnet check for gif tunnels by dropping the bits to 126.Always compress the subnet address for easier reading
Merge branch 'master' into inc
Conflicts: etc/inc/captiveportal.inc etc/inc/config.console.inc etc/inc/config.lib.inc etc/inc/easyrule.inc etc/inc/filter.inc etc/inc/ipsec.inc etc/inc/pkg-utils.inc etc/inc/shaper.inc...
Conflicts: etc/inc/interfaces.inc etc/inc/system.inc
Ticket #802. During a config restore detect if the vlan interfaces need reassignment too. This might be problematic for other type of interfaces on 2.0!
Conflicts: etc/inc/interfaces.inc etc/inc/vslb.inc usr/local/www/interfaces.php
Merge remote branch 'mainline/master' into inc
Conflicts: etc/inc/auth.inc etc/inc/config.lib.inc etc/inc/filter.inc etc/inc/gwlb.inc etc/inc/interfaces.inc etc/inc/pfsense-utils.inc etc/inc/pkg-utils.inc...
Add log_auth() which with send items to syslogd using LOG_AUTH facilities. Use this new log_authh() for login error and success entries
Do not spam console with useless messages. Also remove killall not needed anymore.
Ensure returned item is an array.
Return CARP IP Addresses in get_configured_ip_addresses()
Conflicts: etc/inc/PEAR.inc etc/inc/filter.inc
Conflicts: etc/inc/filter.inc etc/inc/system.inc usr/local/www/interfaces.php usr/local/www/interfaces_gif_edit.php
Fix filter_rules_sort's compare function to know about floating rules so it won't change their order.
Remove trailing carriage return
This will prevent HTML pages from crafting HTML GETs against the web interface and will prevent firewall admins from being "tricked" into clicking on links that may be harmful to their firewall.
Conflicts: etc/inc/auth.inc etc/inc/config.lib.inc etc/inc/priv.defs.inc etc/inc/system.inc etc/inc/upgrade_config.inc etc/inc/vpn.inc
Protect from strange situations on bootup by testing for is_array(). Do not add anymore the 127.0.0.2 route its not needed anymore. Also during bootup bring up all interfaces so the assignment process can deal with them(Possibly should be done in another code flow!).
Conflicts: etc/inc/filter.inc
Add function for generating ipv6 subnet mask end, hook into ipv4 subnet mask check as well.
Make isvalidpid() know about pidfile the same as the other *pid functions do.(consistency)
Switch over the IPv6 functions from IPv6.inc, these are from the PHP PEAR library
Change the firewall rule generation to look for the ipprotocol tag which defines inet or inet6. This makes sure that we use ipv6 addresses and change to the correct ipv6-icmp tag.
Allow for configuring a IPv6 address on the interfaces page.Add code to verify a ipv6 addressLet is_ipaddr() return true on a v4 and v6 address.Change system gateways edit to fetch the global ipv6 interface ipv6 addresses and subnetsThe current ipv6 function might need folding into filter_var() when that catches some documented corner cases....
Fix quotes to use %N$X on gettext calls
Make safe_mkdir() create directories recursively
If we fail to send an event to check_reload_status consider its not running and try restarting it.
Return list with WAN and LAN interfaces in the configured order rather than giving special treatment, as is already done with the OPTx interfaces.
Revert "Reorder the way this list (get_configured_interface_list) is generated to make it more beautiful."
This reverts commit 144d0e793de61366340758b28f169c3afeeba922.
Reorder the way this list (get_configured_interface_list) is generated to make it more beautiful.
I know you guys said don't bother, but it's just cosmetic, and it took 10 seconds.
Do stricter validation of host names and domain names.
Conflicts: etc/inc/filter.inc etc/inc/pkg-utils.inc etc/inc/service-utils.inc etc/inc/system.inc etc/inc/vpn.inc
Use the new events mechanisms to dispatch events.
Use exec() for is_process_running since system() displays command output(not sure why). Also handle captiveportal specially and use proper function to start/stop it.
Ticket #485. Correct code and use pkill/pgrep to match or kill process. Since these utilities know how to handle pidfiles and exact matches on process names.
Fix gettext calls with printf to permit change strings order
Implement gettext() calls on util.inc
Add l2tp where missing. Also add l2tp and igb to altq capable interfaces.
Add sysctl functions that support getting/setting multiple values in a single call.
use more efficient is_macaddr from bblacey on forum
This code returned the size in kilobytes, while the part usually used returns megabytes.
Be more strict when doing checks for empty values.
Add array_merge_recursive_unique which was called in xmlrpc.php but did not yet exist. Fixes #645
Do not show ipfw0 for assignment.
Various fixes to usage of ip2long, long2ip, and negated subnet masks, mostly affecting 64-bit. Ticket #459
Ticket #544. Restore locking, seems w+ migh already lock the file sometimes. While there improve the locking to a read/write locking schema. Make the default locking a read only lock and if explicitly specified a write locking can be specified through LOCK_EX optional parameter to lock(). During config manipulation do the filesystem mounting in rw, if needed, before doing any locking to avoid possible problems and also to be consistent through out the code on the method used. Also update calls to config to lock exclusively where required.
Ensure the URL table file is not empty at this step.
Add a new alias type, urltable, which downloads a file of IP/CIDR addresses and loads them into a pf persist table instead of importing the addresses directly into a traditional alias. This allows for using huge tables of addresses that would otherwise break the GUI and/or fail to load into pf. Part of ticket #512
Remove bogus char. Spotted-by:gnoahb@
Restore tun interface because it is still used by openvpn.
Changes to make PPP work again. mpd5 fails to establish a ppp link withoutsome username and password, so defaults are set if user enters nothing.Removed interface_ppp_configure call from interfaces_ppp_edit.php. It wasuseless there with the new structure, and it caused all PPP links to attempt...
Use alias style when creating aliases in wizards.
Ticket #417. Fix installation on embedded by using a refcount system for the mount command.
Generalize.
Use procatat instead of ps as the latter always prints a header, alsouse full paths.
'\b' is not the word boundary on BSD, its actually '[[:<:]]' and '[[:>:]]',change these functions to use better syntax and not grep at all.
Return the data after unreference, it might be needed.
Use shmop module to implement reference count calls.
Adding support for using IP ranges aliases. If you input an IP Range such as 192.168.0.1-192.168.0.254, it will instead turn that into a number of CIDR networks which will completely fill the range.
Till the flock issue is fixed open the races doors, place your bets please!
Do not show pppoe/pptp/l2tp interfaces for assignment.
Change method of displaying wireless clone interfaces on the assignment page.
Move most of the code for dealing with wireless clone interface names to separate functions.
Missing a part of the last change. Also use bssid for the first wireless clone.
For now, don't count any wireless clones as mismatches unless the base interface doesn't exist.
Allow secondary wireless clones in interface list.
Ticket #309. Correctly fix the problems of intermediate config lost because of inclusion of config.inc. This might have speed impacts to be measured.
Ticket #315. Do not show the cloned wireless devices for assignment.
if gzsig is missing, return error verifying signature rather than invalid signature.