pfSense

Cast to string before ctype_digit() testing. Fixes #14702

Extend support for SCTP in firewall and NAT rules. Implement #14640

Add safety belts around memory size checks. Fixes #14648

• Add safety checks when fetching the memory size
• Also ensure the state table size is sane if the memory check fails

"OpenVPN clients" is not a valid rule src/dst, remove it.

Refactor display of special networks

Allow use of interface groups in firewall rule source/destination fields. Implement #14448

Refactor usage of special networks
Pre-requisite for easier implementation of interface group in firewall rules.

Validate all URL alias types when expanding URL aliases. Fix #13068

Update util.inc

Add additional check to correctly display "Alias-on-CARP"-style Virtual IPs in Gateway Group VIP dropdown selection. Fixes #14524

Correct the filter when validating URLs. Fix #14356

Ignore ngeth and wg interfaces when performing interface mismatch detection. For #14410

Correct alias bulk import regression. Fixes #14412

While here, ensure that a broken alias configuration does not cause PHP
errors which prevent users from using the GUI or console.

Expose new utility function to validate ethertype. redmine #14308

refactor is_module_loaded to first check by module name, then by file name

refactor format_number and eliminate trailing space on unitless numbers

Load if_gif if needed when creating a gif interface. Fixes #14035

Normalize IPv6 prefix prior to use in ip_in_subnet(). Fixes #14256

Cast to float in format_number(). Fixes #14236

Improve alias sorting (again). Issue #14015

asort does not handle natural case-insensitive sorting of
multi-dimensional arrays properly, so it needs a custom sort but also
has to preserve the index keys or else making changes in the GUI won't
use the correct IDs....

Auth log behavior update. Fixes #12464

Aliases config access refactor by brd

Fix PHP errors from empty DHCP configs. Fixes #13983

Fix if descr case handling. Fixes #14057

Match the behavior of this new statement with the intent of the code on
previous versions.

Refresh linker hints at each boot. Fixes #13963

Update copyright years to include 2023

util.inc: fix incorrect resource test in unlock()

Fix copy/paste error. Issue #13831

Fix catch syntax and variable usage. Fixes #13831

• Add variable back to catch statement
• Use the exception message
• Correct error message when this exception is thrown
• Fix inaccurate/inconsistent error message when catching

Restore default description behavior. Fix #13739

Rector direct global g accesses

Cleanup globals.inc. Use single quotes on scalar strings.

Eliminate some direct config access in util.inc, add some documentation

Introduce public accessors for $g: g_has, g_get, and g_set.

Improve set_ipv6routes_mtu checks. Fixes #13675

Spelling fixes. Fix #13357

• Incorrect input validation for `dhcp6c` `keyinfo expire` `forever` keyword in `interfaces.inc`.
• Incorrect input validation for associated rule's `Source Port` in `firewall_rules_edit.php`.
• Incorrect `voucher*.` file lock reference in `status_captiveportal_voucher_rolls.php`....

Fix config_del_path() if the node doesn't exist

If the node we're trying to delete with config_del_path() doesn't exist
array_del_path() will fail as follows:

Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /etc/inc/util.inc:3459...

Replace some direct config accesses in util.inc. Fixes #13640

Prevent array/config_get_path() from overriding 0 values

Change the semantics of array_get_path() and config_get_path() so that only
empty strings at a path are overridden by $default if non-null, so that
legitimate 0 values set in the config are not overridden as empty() returns true...

Fix array_get_path() not returning $default for null-like values. #13446

In array_get_path(), a $default provided that is not null is intended to invoke
alternate behavior where if the path exists and is empty, $default should be
returned. This requires not identical compare as opposed to a not equal compare,...

Make *_get_path() return $default for empty values. Issue #13446.

When $default is non-null and the path resolves to an empty element, return
$default instead of the value. This allows callers to intentionally ignore empty
values by specifying $default and simplifies the expressions needed to determine...

Update external http links

Fix array/config path functions to handle key 0 correctly. Issue #13446

Make array/config path funcs handle empty path elements. #13446

Introduce array_init_path, refactor init_config_arr, and fix potential race. For #13446

Avoid creating empty ciscoavpair rules files. Fix #13243

Replace all direct $config accesses in util.inc. #13446

Make array/config_set_path() create intermediary paths

Restore scope to address sent to Net_IPv6::compress now that it is fixed

Add config/array_del_path helper function and associated test

In get_ll_scope(), remove intermediate $scope variable

Fix unused and undefined variable warnings in util.inc

Fix multilevel array access outside config in util.inc

• Add generic array get/set path and path_exists functions to util.inc
• Wrap these more generic versions with the confg_* equivalents

Fix text_to_compressed_ipv6() to omit %ifname from v6 addresses

Prior to this, v6 addresses would be considered by Net_IPv6::compress() to have
an ipv4 part consisting of all text from the address from the final colon
separator, and try to treat it as such. This is now problematic in php 8 as when...

Add missing require of interfaces.inc to util.inc

Use dnctl(8) to control limiter rules. Feature #12579

Allow to assign L2TP VPN server interface. Issue #13099

Captive Portal ipfw->pf transition. Todo #13100

USB NIC handling improvements. Fixes #12606 #9393

Allow auto prefix with manual prefix-length in NPT. Implements #13070

Reject multiple IPv6 compressions. Fixes #13069

Having :: in an IPv6 address more than once is not valid, even if it
expands to an unambiguous result.

Clear aliases,filter,shaper and natconf flags on filter_configure(). Fixes #12678

Delete static default route if default gateway is NONE. Fixes #12536 #11692

Initialize $cmp with an empty array. Fixes #12749

Display interface interrupts. Fixes #12735

Update the Copyright year of the files owned by Rubicon/Netgate.

SNMP IPv6 support. Implements #12325

Regex cleanup should also kill {}. Fixes #12257

It's not used often (and less in the GUI) and can be a source of
problems with large numbers of repetitions even outside of grouped
expressions.

Regex cleanup change. Fixes #12257

Rather than attempting to cleanup group repetition, just discard the
unwanted pattern.

VLAN/QinQ-only interface mismatch detection. Fixes #12170

More route display changes. Fixes #12257

• Move escape_filter_regex() from syslog.inc to util.inc since it will
  be used by things other than syslog.
• Add some basic regex sanity and consistency check functions
• Cleanup diag_routes.php route filter before use...

Fix is_hostname() regression. Issue #12245

Set $retries=10 in resolve_retry() to improve resolution timeout. Fixes #12196

Portal Redir URL scheme check. Fixes #11843

• Add support to is_URL() to check that the scheme only matches HTTP or
  HTTPS
• Use the new is_URL() feature in Captive Portal redirect URL tests

Fixes Redmine #12111

Skip empty URLTable (Ports) aliases. Fixes #4893

Changes requested

- if formatting
- removing temporary variable

Cisco-AVPair + Framed-IP-Address: correcting clientip

Workaround to substitute Framed-IP-Address value in Cisco-AVPair ACL's where {clientip} is used

Merge pull request #4522 from fl0l0u/patch-1

Interpret numeric-only addresses as invalid in is_hostname(). Fixes #12000

Cisco-AVPair ACL rule: port range operator change

Previous operator ( `><` ) prevented inserting port range with min/max port.
Ex.
`ip:inacl#1=permit tcp host {clientip} host 1.1.1.1 range 10000 65535`
produced the following invalid rule:
`pass in quick on ovpns1 inet proto tcp from 192.168.1.2 to 1.1.1.1 port 9999 >< 65536`

Correctly change default IPv6 route MTU if both IPv4/IPv6 gateways are configured on interface. Fixes #11855

Merge branch 'viktor/pfSense-nat11ipsecfix'

1:1 NAT IPsec/OpenVPN/L2TP/PPPoE and interface groups input validation fix. Issue #11751

IPv4 link-local (169.254.x.x) gateway fix. Issue #11806

Fix missing ';'

Move protocol setup outside of foreach. It only needs to happen once

Revise resolve_retry timing/action to avoid long delays in ipsec status results

OpenVPN Cisco AVPair {clientipv6} template. Implements #11596

route_add_or_change() add linklocal gateway scope. Fixes #11713

Remove WireGuard support

Out of an abundance of caution while we investigate the claims about
WireGuard in public, we need to remove it from pfSense Plus and CE in
order to shield customers from potential risk.

Reject IPv4-mapped IPv6 addresses on Mobile IPsec DNS server input validation. Fixes #11446

Supress route no found error. Issue #11475

route_del() optimization. Issue #11475

Static IPv6 /128 routes fix. Issue #11594

Revise firewall_nat_edit for MVC

route_get() optimization. Fixes #11475

Cisco AVPair parse {clientip}. Fixes #11561

Fixed bug parsing netmask cisco acl

Non local gateways fix. Issue #11433

Style fixes