Ticket #5471 another convert batch to font-awesome icons
System update settings UI implemented
filter_log.inc - use full paths to executables
pfsense-utils.inc - use full paths to executables
interfaces.inc - use full paths to executables
Use full path to executable in mwexec() call
Add a new function pkg_switch_repo() to change between stable and devel pkg repo
Retire system_firmware.php, system_firmware_auto.php and system_firmware_check.php
Retire /etc/rc.create_full_backup and usr/local/www/system_firmware_restorefullbackup.php
Stop creating /var/etc/cfdevice, it's not being used
Replace all update_output_window() calls by update_status() that now only print on console. While here, also remove all use of $static_output
Change update_status to only print on console
Ticket #5471 partial convert to font-awesome fonts
Create symlinks when target doesn't exist, not only when it's not a link
Fixed #5123
Fix typo in variable name
Alternate way to correct rules for ticket #5451
The code here build up each clause in $tmprule and always adds a space at the end of the clause, in case there is another clause to come. The only place that did not do this was "from any" at line 131. Fixing that should fix the issue and keep it all consistent. There should be no need to add a space before all of the "to..." clauses....
Correct AVPair rules. Ticket #5451
Add broken information on get_pkg_info(), it means config.xml contain package but binary pkg is not installed
Add get_system_pkg_version(), that return main pkg name, version and installed_version
Stop forcing pkg_prefix on is_pkg_installed() and pkg_install()
Remove unused functions install_package() and delete_package()
Remove pfSense_BUILDER_BINARIES
Fixes upgrade of config file on already upgraded 2.3 Alpha systems
Add shortname and changeloglink to get_pkg_info()
Changes after testing on real hardware
Revert "Fix upgrade_126_to_127()" partialy
The first item was wrong, thoe items should be discarded
- Do not discard items with $display already set to open or close
This reverts commit 303d345dd5e7ead6975bd3140b213219d7e0f4f0.
Fix upgrade_126_to_127()
- Do not discard items with $display already set to open or close- Call continue 2 to move to next widget
Fixed #5432
Reinstall packages from old versions when upgrading to 2.3
platform is always defined in global
Remove fastforwarding from config upgrade. Ticket #5370
The net.enc.in sysctls should be 2, for only the inner portion of the VPN. Ticket #5421
Revert "Use --conf when call ipsec start/stop, this make it work with regular package, without changing sysconfdir"
It's not necessary after creating all symlinks
This reverts commit d92c10130df38e264c7c77367cf0d542d10794c0.
add require of ipsec.inc so convert_config doesn't fail when invoked by gitsync. #5350.
Fix #5350. Correct issues with strongswan logging (setting changes did not persist across reboots, setting silent did not work).
Make sure symlink is created
Make sure symlinks is created
Merge pull request #2054 from heper/patch-1
strongswan.d symlink was created the opposite way, pointy hat to me
Create symlinks of ipsec files and directories under /usr/local to deal with hardcoded paths in strongswan
Use --conf when call ipsec start/stop, this make it work with regular package, without changing sysconfdir
add dhcp-range
Change ipsec_dump_mobile() to parse regular output of ipsec leases, we are removing patch that made it to output xml
Fix calls to ipsec_enabled() added in 179ab6b364
Eliminate a few more cases of $config['ipsec']['enable'].
Mostly when dealing with enc0 interface.
Catch one more possibility for the IPSEC interface name, this match the code used in other places.
Merge pull request #2036 from heper/patch-1
Merge pull request #2048 from phil-davis/patch-3
Merge pull request #2052 from phil-davis/r8
Add a new function that returns the current state of IPSEC.
Whenever we have phase1 entries, IPSEC is considered enabled.
etc inc delete $Id comments
and bits of white space.Note: There are plenty of files still with old-format copyright sectionsin here.
unbound_statistics section should be written to unbound.conf
The stuff generated by unbound_statistics() goes into unbound.confIt had got separated out and was going nowhere. This puts the behavior back the way it was yesterday.
Note: There is a separate issue about this because the UI has no place to actually select the statistics settings. There is some upgrade code that looks like it was converting statistics settings from the old Unbound package into custom commands in the integrated Unbound. So it looks like the unbound_statistics() function can/should be removed???
Add global so that unbound.conf gets written
to the correct place based on $g setting.
Rearrange calls in unbound.inc so config text can be generated without writing the actual file and a syntax check can be run. Rearrange services_unbound.php to wait until input checking is complete before saving things to global config and run syntax check as part of input checking. Implements #4411.
Try to use default timezone from globals.inc when possible. Stop setting timezone on pkg_mgr_installed.php
add static leases
Copyright and license cleanup
- Remove personal copyright from people who assigned it to employer (ESF)- Remove $Id$- Remove extra spaces
Restored simplepie files
add dhcpd rrd graph
Removed simplepie files (and update obsoleted files list)
Copyright updates ( 3 of 3)
A new fix for #4130:
The fix added for this bug, that check xml file size is < 200 to decideif file must or not be read created a new issue, single entry is notshowed.
Instead of doing this, check parse_xml_config() return and return emptyarray when it's -1...
Only call pfSense_ipsec_list_sa() when IPsec is enabled
changes for #5219 accidentally reverted unrelated changes made by other commits. Restore those & remove some dead code that was commented out.
Don't allow IPsec mobile clients user auth source to not be a RADIUS server ifthe phase1 auth method is EAP-RADIUS. Properly handle selection of multipleRADIUS servers when using EAP-RADIUS. Fixes #5219.
Restore ipsec_dump_spd() accidentally removed on 7fcd5ea8bb2e7c9c94e1f38008fc3da440eb14e8. Pointy hat to: garga
Retire ipsec_smp_dump_status()
Filter log dynamic pass/block button
This should fix up the last bits here:1) Make the button be red cross, green tick depending and block or pass rule.2) Put all the necessary bits in the getURL - now the rule display popup works when the button is clicked.
Dynamism restored, but etc/inc/filter_log.inc still needs work around line 455
Fix firewall log dynamic rule lookup master
for rows that are dynamically added as time goes by.See https://github.com/pfsense/pfsense/pull/2014 for version for RELENG_2_2.
This is theoretically the fix. But due to other issues that mean dynamic updates to not happen at all in 2.3-ALPHA, I haven't been able to actually test it just yet.
It is not necessary manually disable the IPSEC processing when not used.
With the recent IPSEC changes by gnn@, there is no more performance penaltyfor 1G networks if you have IPSEC compiled in kernel but not used.
TAG: tryforward
The net.inet.ip.fastforward sysctl is retired now.
Tryforward instead, is always on and is compatible with IPSEC.
Apply a different fix to issue #2993.
Instead of forcing the encrypted traffic in transport mode as ENC_AFTER,just change the mask to allow ENC_BEFORE events.
Theoretically, this eliminate the need of ipsec_transport_filterfix.diff.
Issue: #2993
Set leftsendcert=always for IKEv2 configurations with certificates to better accommodate OS X and iOS manual configurations. Fixes #5353
Require notices.inc only if it's going to be used
IKE auto mode is back, remove this config upgrade code unsetting it.
Rework the way GUI reads packages tabs, it fixes #5311
Remove more references to theme, ticket #5333
Fix function name, spotted by mgsmith
Remove config stuff for WEP. on upgrade, disable WEP on interfaces that have it configured and disable those interfaces and generate a notice. Fixes #5123.
Remove a leftover from merge
Completed #5333
Check unbound root.key file contents, and remove it if invalid, before unbound-anchor runs otherwise it will fail and unbound will fail to start. fsync the file after writing to prevent the problem. Ticket #5334
Make setting charon.plugins.attr.subnet conditional on net_list being set. Setit's value to list of subnets configured as P2's for mobile IPsec. Fixes #5327.
Disable strongswan logging under auth since it's all logged under daemon,so nothing is duplicated. Ticket #5242
Sort return of get_pkg_info()
Change get_pkg_info() to also return installed_version
Make get_pkg_info() add a tag saying when package is installed
Remove unnecessary functions verify_all_package_servers() and check_package_server_ssl()
Teach get_pkg_info() to deal with an array of packages
Remove WWW: line from pkg desc
Add pkg_version_compare()
Remove fifo debug from internal functions
Check whether the P2 or its associated P1 are disabled before adding NATrules. Ticket #5320
Cleanup unused code:
- Remove xmlrpcbaseurl from globals- Remove xmlrpcpath from globals- Remove embeddedbootupslice from globals- Remove call_pfsense_method()- Remove check_firmware_version()- Remove get_active_xml_rpc_base_url()- Remove zeromq.inc...
Disable zero copy buffers in bpf.
This was a no-op before my changes (so this was never really enabled) andnow it is known to cause issues with tcpdump and hostapd.
Disable this until we fix all the raised issues.
Issue: #5257
Fix the captive portal rules after 98bf4991dc31f97fc7315a6b8aba433de9d39cea.
The malformed rules breaks the parsing of initialisation rules.
Issue: #4746
Fixed bogus "Beginning package installation" message from the install_package_XML() function