pfSense

Revert "Make vips vhid be unique per parent interface!" - per cmb, this should not have been on RELENG_2_0 see ticket #2415

This reverts commit 4d0c032c528b10221a2ef894b5eca34f6fda39a7.

Conflicts:

etc/inc/openvpn.inc
        etc/inc/upgrade_config.inc...

Add alias support to static routes (needs some testing) Ticket #2239

Make vips vhid be unique per parent interface!

Remove unused code

Use the latest functions from pfSense module for getting interface list

Correct send_multiple_events to conform with new check_reload_status behaviour

Select the newest of processes to make the command better

Compenstate for the write_config calls sending the filesystem to ro during pacakge installation.

Prevent negative references to be used for the refcount API. This should help with misusage of it as may occur in mount rw/ro calls.

Ticket #1279. Decrease the refcount even though we're in booting phase. This helps the refcount to work as intended and help in making filesystem read only correctly on embedded platfroms. While here put some exceptions to refcount API and silent any related errors that might trigger. Also take not of the NOTE on the php manual that after a share memory is opened further references to it for size and access mode should be 0.

Revert "Make initial changes to allow pfSense to work in a jail."

This reverts commit a26d95383a6146734f67c9db21cd83534052843a.

Make initial changes to allow pfSense to work in a jail.

This mostly avoids starting things that will not work and gets the
initial config. Most of the pfSense functionality will not work
(pf rules, routing, etc) but it can be used for testing.

Revert "Feature #1603. Correct nested urltable alias code to be more fullproof to errors and does not break the ruleset on large lists of urltables. Though this needs a revisit to work properly since it breaks urltable alias property of reloading contents."...

Fix typo

Max procs should be 1 when using an op code cacher

Feature #1603. Correct nested urltable alias code to be more fullproof to errors and does not break the ruleset on large lists of urltables. Though this needs a revisit to work properly since it breaks urltable alias property of reloading contents.

More whitespace fixes.

If no event_address in globals.inc specified assume the default. Also fixed whitespaces.

Do not check dynamic and special interfaces for a complete interface mismatch error

Reject alias names that are too long. Fixes #1510

Simplify is_macaddr regex.

Slight regex fix on is_macaddr - the previous regex was letting through a mac without : separators, leading to improper validation and potentially invalid dhcp configs. Seen here http://forum.pfsense.org/index.php/topic,33830.0.html

Pass the -a parameters to pgrep to be certain we search ancestors as well. The side effects might be inoquos from the pfSense context.

Ticket #802. During a config restore detect if the vlan interfaces need reassignment too. This might be problematic for other type of interfaces on 2.0!

Add log_auth() which with send items to syslogd using LOG_AUTH facilities. Use this new log_authh() for login error and success entries

Do not spam console with useless messages. Also remove killall not needed anymore.

Ensure returned item is an array.

Return CARP IP Addresses in get_configured_ip_addresses()

Fix filter_rules_sort's compare function to know about floating rules so it won't change their order.

Remove trailing carriage return

• Adding function get_configured_ip_addresses() which returns all interfaces and their configured IP address
• Add checkbox to System -> Advanced -> Admin for HTTP_REFERER checks
• Add and enforce HTTP_REFERER check if checkbox is not checked.

This will prevent HTML pages from crafting HTML GETs against the web interface and will prevent firewall admins from being "tricked" into clicking on links that may be harmful to their firewall.

Protect from strange situations on bootup by testing for is_array(). Do not add anymore the 127.0.0.2 route its not needed anymore. Also during bootup bring up all interfaces so the assignment process can deal with them(Possibly should be done in another code flow!).

Make isvalidpid() know about pidfile the same as the other *pid functions do.(consistency)

Make safe_mkdir() create directories recursively

If we fail to send an event to check_reload_status consider its not running and try restarting it.

Return list with WAN and LAN interfaces in the configured order rather than giving special treatment, as is already done with the OPTx interfaces.

Revert "Reorder the way this list (get_configured_interface_list) is generated to make it more beautiful."

This reverts commit 144d0e793de61366340758b28f169c3afeeba922.

Reorder the way this list (get_configured_interface_list) is generated to make it more beautiful.

I know you guys said don't bother, but it's just cosmetic, and it took 10 seconds.

Do stricter validation of host names and domain names.

Use the new events mechanisms to dispatch events.

Use exec() for is_process_running since system() displays command output(not sure why). Also handle captiveportal specially and use proper function to start/stop it.

Ticket #485. Correct code and use pkill/pgrep to match or kill process. Since these utilities know how to handle pidfiles and exact matches on process names.

Add l2tp where missing. Also add l2tp and igb to altq capable interfaces.

Add sysctl functions that support getting/setting multiple values in a single call.

use more efficient is_macaddr from bblacey on forum

This code returned the size in kilobytes, while the part usually used returns megabytes.

Be more strict when doing checks for empty values.

Add array_merge_recursive_unique which was called in xmlrpc.php but did not yet exist. Fixes #645

Do not show ipfw0 for assignment.

Various fixes to usage of ip2long, long2ip, and negated subnet masks, mostly affecting 64-bit. Ticket #459

Ticket #544. Restore locking, seems w+ migh already lock the file sometimes. While there improve the locking to a read/write locking schema. Make the default locking a read only lock and if explicitly specified a write locking can be specified through LOCK_EX optional parameter to lock(). During config manipulation do the filesystem mounting in rw, if needed, before doing any locking to avoid possible problems and also to be consistent through out the code on the method used. Also update calls to config to lock exclusively where required.

Ensure the URL table file is not empty at this step.

Add a new alias type, urltable, which downloads a file of IP/CIDR addresses and loads them into a pf persist table instead of importing the addresses directly into a traditional alias. This allows for using huge tables of addresses that would otherwise break the GUI and/or fail to load into pf. Part of ticket #512

Remove bogus char. Spotted-by:gnoahb@

Restore tun interface because it is still used by openvpn.

Changes to make PPP work again. mpd5 fails to establish a ppp link without
some username and password, so defaults are set if user enters nothing.
Removed interface_ppp_configure call from interfaces_ppp_edit.php. It was
useless there with the new structure, and it caused all PPP links to attempt...

Use alias style when creating aliases in wizards.

Ticket #417. Fix installation on embedded by using a refcount system for the mount command.

Generalize.

Use procatat instead of ps as the latter always prints a header, also
use full paths.

'\b' is not the word boundary on BSD, its actually '[[:<:]]' and '[[:>:]]',
change these functions to use better syntax and not grep at all.

Return the data after unreference, it might be needed.

Use shmop module to implement reference count calls.

Adding support for using IP ranges aliases. If you input an IP Range such as 192.168.0.1-192.168.0.254, it will instead turn that into a number of CIDR networks which will completely fill the range.

Till the flock issue is fixed open the races doors, place your bets please!

Do not show pppoe/pptp/l2tp interfaces for assignment.

Change method of displaying wireless clone interfaces on the assignment page.

Move most of the code for dealing with wireless clone interface names to separate functions.

Missing a part of the last change. Also use bssid for the first wireless clone.

For now, don't count any wireless clones as mismatches unless the base interface doesn't exist.

Allow secondary wireless clones in interface list.

Ticket #309. Correctly fix the problems of intermediate config lost because of inclusion of config.inc. This might have speed impacts to be measured.

Ticket #315. Do not show the cloned wireless devices for assignment.

if gzsig is missing, return error verifying signature rather than invalid signature.

Resolves #279. Do not show vlans as parent interfaces for other vlans.

fix typo

Restore interface list for vlan interfaces.

Fix var names/

Ticket #261 Do not consider ports as hostnames. This changes the is_port function to consider ':'(ranges) as ports. This seems a previous feature i do not agree with much, but users decide right?!

Replace some occurrence of /tmp with the propper global variable in attempt to minimize the search for what changes /tmp permissions.

remove notice that unnecessarily appears on every clean install

If the port passed as argument is a range(having - in it) this function would still return true as a bad habit of intval. Fix this so it behaves correctly.

• Fix alias handling around the repo.
• Add new function filter_expand_alias to allow expanding single alias.
• Fix reflection rules generation(missing the target variable)
• Propperly identify duplicate lines in inetd.conf generated.

Add IP alias and 'any' support to OpenVPN. Feedback #69

Allow specifying services/ports in firewall rules or nat rules by their /etc/services name.

Revert "Correctly unset rules when switching disabling AON."

This reverts commit 989e5d62da2f7f6dad2bb55d20d2558cfb3fa34a.

Correctly unset rules when switching disabling AON.

Try to prevent empty interfaces.

Ticket #146 Fix typos ansd copy/pasto errors.

Do not output plugin name during boot:

Resolves #146 Add propper validation on alias usage. Allow port type aliases only on port side and other aliases in ip specifications and similar. Introduce a new function is_portoralias to ressemble the is_ipaddroralias to check for the cases.

Fix get_configured_carp_interface_list: use the right interface name using vhid

Add is_URL()

Nuke alert. Resolves #125

Cons25 supports color as well

Update doc header

Allow specifying colors by their name

Return color code, not echo

Add function header markup for doc generation. Add color() function that will output a color ansi sequence if the terminal supports it. No arguments to color will reset the terminal

Rework includes/require. This saves about 4 megabytes.
Simplify get_memory(). Tested on mips/i386