pfSense

Remove wireless cards from ALTQ-capable interfaces, since ALTQ is broken on wlandev in FreeBSD 10.x at the moment. Ticket #4406

Merge pull request #1572 from jlduran/no-server-header

Merge pull request #1578 from Robert-Nelson/rfc2136_ignore_ipv4_ipv6

Include net.key.preferred_oldsa in the sysctl list, set to 0 (disable) so
it doesn't fall through to the default (1).

Change to Record Type with A and AAAA as values.

Use address types instead of addresses.

Merge branch 'master' into rfc2136_ignore_ipv4_ipv6

Merge pull request #1586 from phil-davis/patch-6

Merge pull request #1584 from phil-davis/patch-2

Merge pull request #1575 from k-paulius/misc-dhcp6c

Always include general setup DNS servers in unbound.conf

when forwarding mode is on.
The General Setup setting "Allow DNS server list to be overridden by DHCP/PPP on WAN" has always been used in dnsmasq to ADD DHCP/PPP provided DNS servers to the list, while also keeping the DNS servers specified in General Setup. That behavior is needed if:...

Disable lighttpd server header

Set the `server.tag` to an empty string to prevent lighttpd from
displaying the version number in the header.

Only list nameservers once in resolv.conf

I was on a test system and had an upstream DNS server IP specified in System-General Setup. WAN was setup with a static IP and a gateway to that upstream device. All good.
Then I also checked "Allow DNS server list to be overridden by DHCP/PPP on WAN" and changed WAN to be DHCP. It received by DHCP the same DNS server IP that already happened to be in General Setup (and the same gateway IP - not the issue here)....

Supress errors when opening custom DHCP config file and check if content was successfully retrieved. Prevents PHP from throwing error in case file does not exist.

Log to syslog and get rid of useless variable.

Use radio buttons to select between IPv4, IPv6 or Both.

Be consistent about Unbound service descriptive name

Forum: https://forum.pfsense.org/index.php?topic=91075.0

For DNS Forwarder (dnsmasq)
1) dnsmasq is the name of the service
2) DNS Forwarder is the text description

Make Unbound consistent with that, so that menu names and services status display and... work in the same way:...

Add option to not register IPv4 and/or IPv6 addresses.

Remove old dhcp6c and rtsold config scripts when bringing down interface.

Supress errors when opening custom DHCP6 config file and check if content was successfully retrieved.
Prevents PHP from throwing error in case file does not exist.

A mix of literal tabs, spaces and \t is used in dhcp6c config file code. Convert evertyhing to use \t.

DHCP6 config file override, advanced and basic settings override each other so put them in single
if/else statement rather than always generating all three setting types.

Add option for wireless standard "auto", to omit "mode" entirely from ifconfig. This shouldn't be necessary, but specifying mode has proven to trigger driver problems that don't exist if it's left unspecified (such as FreeBSD PR 198680). Chosing "auto" fixes ath(4) BSS mode issues otherwise preventing it from connecting.

Merge pull request #1564 from phil-davis/patch-2

Use subnet address in OPT net rules

Example: LAN IP 10.0.1.1/24 OPT1 IP 10.0.2.1/24
Rules with SRC or DST LANnet correctly have 10.0.0.0/24 (the subnet base address) in /tmp/rules.debug
Rules with SRC or DST OPT1net have 10.0.2.1/24 (the OPT1 IP address with OPT1 net mask) in /tmp/rules.debug...

Update get_possible_traffic_source_addresses returned array format

With this change it looks to me like the way it is intended to be, based
on what was done to get_possible_listen_ips()
Please review and check if this is what was intended for the code. With...

txpower was disabled for good reason it would appear, it triggers syntax errors in some configurations. Disable it again since it's been disabled for years, and comment out the user-facing config portion for now since it doesn't do anything. Ticket #4516

correct missing == in ipsec.inc

Merge pull request #1557 from phil-davis/patch-3

Set txpower since that seems to work fine now. Explicitly set authmode wpa here, though it's also handled by the supplicant/authenticator. Ticket #4516

Conflicts:
etc/inc/interfaces.inc

Missin double equals in captiveportal.inc

Looking at where this is nested inside various if statements, I do not think this error did too much harm - only to the $mac['descr'] - in this particular code flow $username is not used for important stuff after this point.

Do not start filterdns during boot until a proper fix is done. Ticket #4296

If we bail not being able to find the P1 source, log an error.

Conflicts:
etc/inc/vpn.inc

Merge pull request #1556 from phil-davis/patch-5

Merge pull request #1554 from phil-davis/patch-3

White space in ipsec.inc

use-compression is no longer a valid config option in lighttpd, it can't be enabled. This just throws an error in the log, remove it.

Fix IPsec on CARP IPs, broken when fixing IPsec with gateway groups and VIPs.

Move libstrongswan-unity.so when Unity plugin is disabled so it can't modify the P2. Workaround for Ticket #4178

White space in filter.inc

add granular control of state timeouts. Ticket #4509

Conflicts:
etc/inc/filter.inc

Explicit disable ssl.use-compression on lighty config. It should fix #4230

Remove BEAST protection option since default cipher is now good and works with hifn cards

Add a log message when hostres SNMP module is ignored on APU boards

Disable SNMP hostres module on APU boards until we figure out why it's crashing on this specific board. Ticket #4403

Leave adaptive.start and end at their defaults (60% and 120% of the state limit, respectively) if not user-overridden.

Update cipher-list in web interface to prefer PFS. Ticket #4230

Check for not up, rather than down, as there are a variety of potential
statuses that are not up. Ticket #4502

Need global $ipsec_idhandling here.

Don't enable interfaces_use by default. Add checkbox to enable on Advanced
tab, in case there are scenarios where it's desirable. Ticket #4341

Code style etc inc vwx3

rebased version with conflicts resolved due to a bunch of recent changes
in vpn.inc

Merge pull request #1541 from phil-davis/Code-Style-etc-inc-z

Check if it's an array before call foreach(). Ticket

Stop trying to fix dns_split during strongswan config generation, we have an upgrade code in place for that, it should fix #4418

dns_split was a comma separated list and moved to use space as separator, provide upgrade code to make sure old configs are converted. Since there was a config upgrade version 11.7 only on master, I pushed it to 11.8 and used dns_split one as 11.7 to be able to backport it to RELENG_2_2. Ticket #4418

Use get_failover_interface here to find appropriate interface. Ticket #4482

same change as previous commit, for IPv6. Ticket #4482

Use the parent interface, not the _vip for interfaces_use. Part of Ticket #4482

Destroy stf interface when 6rd or 6to4 tunnel is disabled. Fixes #4471

Be nicer when checking if alias is numeric

Because an ordinary port can be numeric here.
Forum https://forum.pfsense.org/index.php?topic=89906.0

Remove the harden-glue option entirely and hard code it to yes. Ticket #4402

Skip any numeric-only aliases in the ruleset to prevent errors from those
who configured them on previous versions where that was allowed. Ticket

Add missing comma. Fixes #4485

Enable UnicastOnly in radvd for ovpn* interfaces. Ticket #4455

Tweak the carp demotion factors slightly to avoid CARP transitions that are most likely unnecessary.

Code style etc inc z

end of code style review for the etc folder tree

Merge pull request #1533 from phil-davis/Code-Style-etc-inc-u

Merge pull request #1532 from phil-davis/Code-Style-etc-inc-r-s

Merge pull request #1531 from phil-davis/patch-2

Remove "Prefer old SA" option, and ignore it in all existing configurations. Breaks things in many cases with strongSwan. For the very rare circumstances where this is actually desirable, it's just a sysctl that can be set in tunables.

Code style etc inc u

Code style etc in r s

Be safe use require_once in zeromq

I was testing code and just doing stuff like:
require_once("zeromq.inc");
in Diagnostics->Command Prompt, PHP Execute
That brings an error because underneath that PHP Execute code it has already included auth.inc
I guess zeromq.inc is used quite separately to the rest of the system, and must be OK just having a "require" here. But it seems safer to always use require_once, just in case it gets called in a new way/sequence....

Merge pull request #1529 from phil-davis/Code-Style-pkg-utils

Merge pull request #1528 from phil-davis/Code-Style-putil

Merge pull request #1526 from phil-davis/Code-Style-openvpn

Merge pull request #1525 from phil-davis/Code-Style-etc-inc-i-to-p

Ancient bug on upgrade_014_to_015

This code looked silly the way it was, with the construct:
$var = $var;
unset($var);

Seems it was accidentally changed to this way many years ago by https://github.com/pfsense/pfsense/commit/588a183b0e58f09932ffef35cc0003cca2313aba...

Code style for pkg-utils

Code style for pfsense-utils

Semi-colon went AWOL in dyndns.class

after putting it back the code runs much better :)

Code style openvpn.inc

Code style for etc inc i to p

Merge pull request #1524 from phil-davis/Code-Style-Guide-Interfaces-inc

Merge pull request #1523 from phil-davis/patch-2

Merge pull request #1522 from phil-davis/Code-Style-Guide-etc-inc-f-to-g

Code style guide interfaces.inc

This is another big file that has many diffs so Github refuses to
display them. I thought it best to keep doing individual commit-pull for
ones like this.

More style guide changes

In gwlb.inc at line 676 and 779 I added an extra set of brackets. In the
"if" clause as a whole there were a mix of && and || used that were
relying on the PHP standard that && has precedence over ||
In actual fact the original code should have been working fine, the...

Code style guide changes for filter.inc 2nd version

This is the changes to filter.inc as per the commits in https://github.com/pfsense/pfsense/pull/1521 but done in just 1 clean commit.

Fix type (trime->trim)

Fix indent and remove some unecessary ()

Merge pull request #1520 from phil-davis/Code-Style-Guide-etc-inc-a-to-e

Merge pull request #1516 from phil-davis/patch-2

Code Style Guide etc inc f to g

remove unused legacy code

Log ifconfig commands used to setup wireless interfaces

Code style guide etc in a to e

Put the bits to use the new reset utility

interface_netgraph_needed can miss setting found equals true

This routine seems to go looking to see if the passed-in interface is PPP-style. At the end, if it is not PPP-style then it calls pfsense_ngctl_detach.
This foreach loop in its current state will always exit after the first iteration that is not mode "server". But it looks like it should look through all the 'pppoe' entries until it finds the interface or gets to the end....

Ticket #4418 Actually make each entry a clear token to strongswan parser for dns_split