Code style and comments
No functional change - just making style consistent
(cherry picked from commit 9d3e8723171c727cf43338bd8e95ab2bb7e6a66c)
Backport simplify subnet_size()
Original pull request to master was #3007
Review license / copyright on all files (final round)
Review license / copyright on all files (1st round)
Leave an empty file for URL Table aliases that return an empty file, and include it in the ruleset regardless so it doesn't generate any filter errors. Ticket #6181
Fix Redmine #6011
This will add linklocal fallback where no IPv6 is otherwise configured to allow login using this IPs
bring back subnetv4_expand function used by pfblockerng
Remove subnet_expand()
Function isn't used in main or packages repo, and in any case would need a complete rewrite to handle IPv6.(cherry picked from commit 6215902c4043726e633fcfac1c37c710ac398653)
This was right to begin with. Revert "Allow uppercase letters in is_unqualified_hostname as well."
This reverts commit 3d5fb131796ba6d9c5d53efe77080d7ddb334f22.
Allow uppercase letters in is_unqualified_hostname as well.
Provide better messages for invalid alias name errors
(cherry picked from commit e1f5381f4ecae20922a379b75820af1c9e57927e)
Merge pull request #2831 from NOYB/Includes_-_Remove_Personalizations
(cherry picked from commit 7a2c15f527459cc82aadaf23d06895174c008320)
Move NTP access restrictions to their own tab and add the ability to craft custom restrictions for arbitrary networks. Fixes #4463
Diagnostics / Tables - URL Table Aliases
Handle URL table aliases similar to bogons tables. Suppress record remove buttons.Update (download) only the selected URL table alias instead of all of them.Retain full line comments in downloaded URL table files so we can view and use them....
It is not necessary check for CARP interfaces.
Don't trigger an interface mismatch for lagg interfaces, they may not exist at time of config restore. Ticket #5892
Validate URL table ports aliases exist before using them in a rule. Ticket #5845
Internationalize etc inc uvx
Quote the 1st parameter (constant name) when calling define()
Simplify logic increasing value direct in hexa, PHP is smart to do it right. Spotteb by @loos-br
Implement get_v6_ptr_zones()
This function takes an IPv6 subnet and return an array containing allDNS PTR zones
Fix the return value if no matching VIP was found.
Implement a switch that allows get_configured_vip_list() return only the selected type of VIP addresses: CARP, IP alias or all VIPs (default).
It seems that a few packages still rely on this.
Ticket #5885
Fix style issues.
Review of CARP uniqid changes.
It turns out that current CARP implementation is not much different from an IP alias.
This commit converts the IP alias to also use the CARP uniqid scheme, this simplify the code in all other places because now we have only two different cases to deal with:...
Use IEC KiB MiB GiB TiB units
See forum https://forum.pfsense.org/index.php?topic=106547.0 for discussion if this is wanted.
Add support for TB when reporting bytes
Forum: https://forum.pfsense.org/index.php?topic=106470.0I believe that this should work OK on both 32 and 64 bit systems. A 32-bit system will convert big values of $bytes and big numbers like 1099511627776 to float first, then do the comparison. 64-bit systems will do (int) comparisons. Either way, in the end, the value is sprintf() into a float anyway....
Merge pull request #2435 from stilez/patch-7
Simplify is_linklocal()
Merge pull request #2320 from stilez/patch-3
Cosmetic changes - part deuxCalculate colspans in casenumber of columns change again"bytes" => "B" to reduce column width
Show rule state details in firewall rules.
Inspired by pull request #1901 from marcelloc/hitcount_23_02.
State visualization and kill will be committed in a subsequent commit.
should be min($bits1, $bits2) for 'largest subnet'
variable
Used explode to array rather than to a list, and tested array size, so as not to assume it has exactly 2 parts separated by "/".
fixing comment
Subnet size logic
5 or 6
fix $subnet1 should be $subnet2, thanks rbgarba
fix 4 should be 6 (thanks, good catch)
Fix logic for subnet overlap check + canonical for IPv6
The subnet overlap functions came up as a concern while fixing redmine 5702.Specifically - The "canonical" function check_subnets_overlap() doesn't handle IPv6 (util.inc has standardised on v4/v6/agnostic versions, but this doesn't fit). Fixed by adding transparent detection of v4/v6 and a specific IPv4-only version...
This broke things again. Revert "data sanitising: ip2long32, ip2ulong, long2ip32 (FIXED RESUBMIT of #2152)"
This reverts commit 4557e3fba627c91c37afba04681cdabf71eccf57.
data sanitising: ip2long32, ip2ulong, long2ip32 (FIXED RESUBMIT of #2152)
Self explanatory. If these functions find themselves trying to convert non-int data (or an x64 int with non-zeros in any bits >32) to dotted IPv4, or non-dotted IPv4 to integer IPv4 values, something's wrong and they shouldn't return a value that looks like they succeeded....
REBASE of #1786 and #1788, tightening three IP functions
Resubmit of two PRs that couldn't be merged due to basecode conflicts
is_linklocal() - tightened and made correctly IPv4/v6 agnostic per RFCsis_literalipaddrv6() - simplifiedis_hostnamewithport() - simplified...
Silence array_map() call to avoid getting unlink errors for directories
Reverts PR2152 reported as causing OpenVPN issues here: https://forum.pfsense.org/index.php?topic=104175.0
Fix gen_subnetv4_max
and use it in services_dhcp rather than trying to do the similarcalculation in-line.Should fix redmine #5654 and probably a bunch of other things that usegen_subnet_max
util.inc syntax error and code style
Line 578 of the previous commit had a bonus ")".Code style also fixed up.
Merge pull request #2151 from stilez/patch-11
Merge pull request #2152 from stilez/patch-12
Remove all pfSense_MODULE and pfSense_BUILDER_BINARIES definitions, whatever was the reason they were added, it was never finished and it's not being used
Retire verify_digital_signature() and pubkey.pem
Code style and white space in etc
unlink_if_exists() : minor enhancement
two minor enhancements -
1) add a comment for skim-readers, that patterns are allowed (but not arrays?) and that no error is returned2) use array_map rather than foreach loop
data sanitising: ip2long32, ip2ulong, long2ip32 (Resubmit of #1789)
Self explanatory. If these functions find themselves trying to convert non-int data (or an x64 int with non-zeros in any bits >32) to dotted IPv4, or non-dotted IPv4 to integer IPv4 values, something's wrong and they shouldn't return a value that looks like they succeeded.
IPv6-ify and rewrite ip_range_to_subnet_array() [resubmit of #1709 (was #974)]
Function cannot handle IPv6 ranges, and is horribly inefficient, because it uses splitting+function call recursion for each "half". Even if extended for IPv6, it is probably far too inefficient for IPv6 on low power hardware. As written it's simply unable to handle an IPv6 environment or IPv6 ranges. As a result, if used in an IPv6 context, it would fail....
Type up SCRIPT tags
Simplify get_configured_carp_interface_list().
No functional changes.
Convert CARP interface name to uniqid notation. Ticket #4858
Copyright updates ( 3 of 3)
Completed #5333
Merge pull request #1572 from stilez/patch-5
Fixed is_domain method call
Added the possibility to use wildcard hostnames in certificate manager SAN fields
Move main pfSense content to src/