pfSense

Fix correction of openvpn parameters.

Spit verbose messages on schedules only if in debug mode.

Remove from filter load the captive portal module loading and move it to the captive portal functions where is its only place. Keep only the pass rule for the CP webserver will see later on if it can be removed at all.

Comment out supposed diff code that is not being used.

Move validation of dyndns username to the only place it uses it, the GUI page. There it makes sense. While there add ':' character to allow NO-ip subaccounts.

Remove another unused function.

Use exec_command instead of custom rolled function. Fix some logic here and there.

Move exec_command function to util.inc.

Rename filter_translate_type_to_real_interface to interface_translate_type_to_real
Move this function to interfaces.inc where it belongs.

Remove unused function and function that provide the same functionality as php built-in ones.

Remove function that is present on php5.

• Teach get_interface_subnet() about carp.
• Increase scope to all interfaces when searching for the carp parent since the later is used even on those scopes.
• General cleanup of unused vars and code.

Missed conversions.

Create a function to reduce duplicated code size.

Remove duplications.

Schedules are handled by pf(4) now.

• Convert from exec_command to `$command` to remove the only dependency of interfaces.inc.
• Remove the heavy require_once(functions.inc) from interfaces.inc it is really not neededo

This function may penalize too much so remove it.

Styling fixes.

Include crypt.inc explicitly.

Change the order of the includes its the way it should be.

• Shuffle functions around to reduce require_once() a little.

Remove extra $

Separate delete down actions on ifconfig to fix issues. Add L2TP virtual interafce to a list.

Use correct variable name.

Fix vlan creation to use the interface tags and not numbers without any meaning. Reported on http://forum.pfsense.org/index.php/topic,15861.0.html.

Fix typo to correctly load interface groups on startup.

Fix a spd.conf not loading changes issue.

• Convert schedules to pf(4).
  This allows to schedule the whole feature of the rules like queues/limiters/gateways/blocks/allows/etc...
• Whitespace cleaning on filter.inc
• Move schedule backend logic from pfsense-utils.inc to filter.inc and prefix with filter_....

• Move other functions around to where it makes sense.
• Reduce somewhat require_once() overhead by removing the includes from gwlb.inc they are not needed.
  Some more analysis is needed on the include path

More functions moving from pfsense-utils to interfaces.inc.

Create /var/run in chroot for dhcpd

Specify complete path to touch to avoid: apinger: command (touch /tmp/filter_dirty) exited with status: 1

Fix "disable checksum offloading", and some other bugs with certain combinations of options while here.

Call apc_clear_cache() on filter reload if the function exists to
ensure that we have fresh cache and not caching anything negatively.

• Make the carp ip fix for ipsec more general so other services that use the same methodology work.
  - Basically get_interface_ip() now knows how to handle carp(4).
• Move interface related function from pfsense-utils.inc to interfaces.inc that is their place....

• Do not apply the settings directly from hitting the SAVE button show the apply settings option for consistency with other pages.

• Fix ipsec over carp handling.
• do not useinterface in Upper case when working on the backends.
• Do not print Configuring IPSec during bootup if there is nothing configured.

Found several more variable name typos/mismatches

Another apparent variable name typo

Fix NAT reflection/TFTP Proxy. After Commit:1ab56363bbc910157191850b45d78f9ec98e5099 - inetd was being killed but never started.

Match 1.X behavior for PF macros for PPPoE and PPTP

Match 1.X behavior for PF macros. pptp and pppoe should be lowercase macros.

touch up text, prevent "The second argument should be array or object" error when there are no interfaces detected.

Fix polling.

Set skip on pfsync0

Remove extra tab

Avoid these errors: Warning: Invalid argument supplied for foreach() in /etc/inc/pkg-utils.inc on line 776 Warning: Invalid argument supplied for foreach() in /etc/inc/pkg-utils.inc on line 779 Warning: Invalid argument supplied for foreach() in /etc/inc/pkg-utils.inc on line 779

fix typo, clean up text

Merge branch 'master' of git@rcs.pfsense.org:pfsense/mainline

Set ipfw's state limit the same as pf's

Update my copyright.

Remove debug string.

Block all IPv6 traffic by default, since IPv6 isn't supported, there isn't any way to add such rules in the GUI, and nearly all users won't want IPv6 to traverse their firewall at this point. Add "Allow IPv6" checkbox to disable this behavior.

Adding PowerD knob to system -> advanced -> misc. This will be useful
for folks wishing for their firewall to use less power overall. Blurb
from the powerd man page from freebsd:

The powerd utility monitors the system state and sets various power con-...

• Convert the QinQ code to use a file where the commands are passed. This speeds up most of the vlan creation.
  Before you'd need 20min to create qinq with 1000 member now it adds 2000 members in just 1 minute
• Fix some cleanups when deleting QinQ

Raise tab char count to 82

Bumb value to > 70 for dropdown invocation.

Convert tab strips into a select dropdown when there are more than 50
characters appearing in the tab names combined.

Remove extra space

• Make it easier to switch back and forth between logging providers (clog, fifo)
• Add a $config['system']['usefifolog'] switch
• Switch back to defaulting to clog

Improve the matching of carp ints to IPs.
Previously this stristr substring match would return incorrect/unexpected results. 10.0.0.1 would also match 10.0.0.16, 10.0.0.135. Adding a space to the IP to check will only match the specific IP given, since it is followed by spaces in the ifconfig output.

Make sure to handle a empty settings array correctly

Add nat rules even for l2tp. While there fix some issues which might produce bad cidr notation for pppoe/l2tp/pptp.

When optimization is "conservative", also increase UDP timeouts. Helps prevent disconnects and drops with some VoIP services.

• Hide interfaces internals to other code and use the propper interfaces.
  Basically use get_interface*() functions instead of accessing fields like 'ipaddr'/'descr' etc...
• Make get_interfaces_with_gateway less heavyweight by getting information from the configuration stored in config.xml...

Use mwexec()

Bring in support for QinQ. At this time it is limited to only 2 levels.

Use -q to hopefully git rid of messages such as: pw: WARNING account 'admin' will have a valid id of 0 (superuser access!)

Use mwexec() to hide find *-quality.rrd messages

Use mwexec() so we do not see this error on fresh installation:

cp: /root/.. is a directory (not copied).
cp: /root/. is a directory (not copied).

Ensure $user_base directory exists and is writable. Kills ugly warning on
fresh installation.

Add function which returns the list of interfaces by realif index.

Add hideplatform directive useful for rebranding

Add secret option required on some setups.

• Keep only one function to return the mac address
• Bring the mac address function to interfaces.inc its the only consumer of those.

Add space after tabs

Cleanup and reduce code line count.

Ensure fifolog_writer is still not running after killing syslogd.

Update gateway group gateway IP for dhcp interface wan interfaces.

Make logging work. Investigated by jim-p

fifolog_create size needs to be a multiple of 512

Actually merge the part that does the real work with FreeBSD groups.

• Introduce interface groups. For now they are availble only on Firewall:Rules section maybe it would be usable to have tham on nat too.
• Some fixes and cleanup.

Remove ftp-proxy/pftpx/ftpsesame references we handle all of this in kernel now.(yay!)

We include ng_l2tp in kernel already, do not kldload

Use full path to fifolog_writer

Jettison clog. Man overboard!

Jettison clog and replace with fifolog which is included in FreeBSD 7.1

Correct a typo in vpn.inc that broke esp encryption algorithm configuration.

Modify IPsec code to allow for transport mode. All existing configurations are
marked as tunnel for backwards compatibility. There are problems with the spd
read code which Will likely choke on transport entries. We can fix this later.

Move the IPsec pinghost option from phase1 to phase2. Correct some
bugs that were preventing the local address from being selected.

missing semicolon

Move 1700 lines of config upgrade code into it's own include file that's only
brought in when we actually need to upgrade the config file

Remove duplicate config.xml and restore conf.default/config.xml if /conf/config.xml and no backups exist

Modify captive portal to use centralized user management. The user manager has
been modified to include an account expiration option to support this service.

Adding simplepie RSS system

Use writev.

Tested by uploading to Picture widget, firmware update with 45 megabyte upload on 128 megabytes of ram.

Use write a the network backend to avoid FreeBSD falling all over
itself when uploading.

cleanup minor javascript issues