pfSense

Fix typo in upgrade_238_to_239()

Add a sequence number to each rule during rule sort. Fix #16076

The 'for' loop first checks if the rule at that iteration exists and
breaks if not. When the rules array contains a gap, the 'for' loop breaks
early and potentially misses additional rules that need to be sorted. Fix...

Sync admin group changes. Fix #15898

The admin group needs to be removed and readded for its settings to sync.

This reverts commit 3e0facb20fa46a13bf7b70d6ddb1970b00485eb2.

Add combined IPv4/6 system aliases

https://redmine.pfsense.org/issues/15776

Fall back to routing via the interface for dynamic gateway monitoring IPs

It's possible that when setup_gateways_monitor() is called, the gateway
address is not yet available. To avoid routing the monitoring address via
another gateway, fall back to routing via the gateway's interface instead.

Fix clobbered cron configuration on upgrade

Avoid using test -o and use || instead

Remove redundant call to dyndnsCheckIP()

The variable '$this->_dnsIP' is set when the object is constructed and
when the function '_detectChange()' is called. It is additionally set in
the function '_checkStatus()' - this is redundant since by this point the...

Respect the RR type implied by the DDNS Service Type. Fix #16045

Background:
In previous pfSense versions, the RR type and the IP address family used
to make the DDNS request were assumed to be the same and could be
overridden for specific DDNS services. The implementation of #11177 avoids...

kea: don't define pd-pools using ISC config

kea: ensure all (rogue) instances are terminated. For #16019

Compare system version using the pfSense-system package

This returns the previous behavior of comparing the package which has the
product dependencies.

Exclude the ramdisk restore log from the archive

The ramdisk restore log is meant to log the latest restore attempt. It
must be excluded from the archive to avoid clobbering the active log used
while the archive is being extracted.

Reduce rc.newwanipv6 actions on RENEW

This change passes the dhcp6c REASON to the script. The script uses this
to retain the previous behavior for REASONs other than RENEW. If the
reason is RENEW, action is only taken when there has been a change. Also
include the REASON in the info log message....

Trigger rc.newwanipv6 on dhcp6c RENEW

The upstream DHCPv6 server may respond to the RENEW with a different
prefix hence the rc.newwanipv6 script should be called. The script should
avoid taking action as appropriate when the address has not changed.

Part of https://redmine.pfsense.org/issues/12947

Fix regression when configuring the interface MAC address

Followup to dbb8c4840dbd75f28528a3ce4a0070091d95336a

Handle a null return from pfSense_get_ifaddrs()

- Update the usage of get_interface_addresses() to handle a null return
- Update the usage of get_interface_mac() to handle an empty string
- Remove unused argument from interface_qinq2_configure()

Improve various pieces here, properly quote variables, use = properly, and use || instead of -o

Simplify fetching the physical mem and do the calulation in shell instead of using expr(1)

let is not valid in shell and fix the calculation too

Remove useless use of cat

Fix spacing and use tabs consistently

Properly quote variables and switch to $( ) instead of backticks

Properly quote these variables

Improve these tests by avoiding -a which might cause commands to run on the right-hand side

Instead of using a negative -z test, use -n

Improve these tests by avoiding -a and -o which might cause commands to run on the right-hand side

Simplify checking the exit code from these commands

SC2086: Properly quote these variables

Simplify generating the random time to sleep by using jot(1)

Simplify this check

Remove unnecessary case statement since tar now uses libarchive and handles the different types of compression automatically

Fix the case where pfSense_get_ifaddrs() returns NULL.

It happens when the interface has no address (triggered with pppoe).

Simplify rc.restore_ramdisk_store

Reorganize how RAM disks are created

This improves things by moving the read of the sizes for the RAM disks
up before things are unmounted and so we have a good linker cache for
xmllint to run and also avoids spawning another shell just to mount the
RAM disks.

Setup the dynamic linker before we call xmllint

Shell exit codes are between 0-255

Simplify these calculations by doing them directly in the shell

Pet shellcheck SC2086 and properly quote variables

Replace cut with awk.

The awk can deal with multiple spaces and/or tabs as delimiters for the input.

While here, quote a couple of variables.

Consider the linklocal_fallback value when checking the interface cache

This is needed to make sure that callers to find_interface_ipv6() using
different linklocal_fallback values receive the correct data.

Followup to ec7c1879da64f8a39e4aa8103c351768118af03d...

Add the swap partition created by growfs to the system fstab.

Fixes the missing swap partition with the emmc-serial images.

Ticket: #10888

Fix condition check in get_interface_addresses()

Followup to ec7c1879da64f8a39e4aa8103c351768118af03d

kea: Introduce kea-specific UI and config for DHCP-PD

Don't include LL addresses by default in get_interface_addresses()

- Update get_interface_addresses() to make including the IPv6 LL address
optional. It defaults to the function's previous behavior.
- Update find_interface_ipv6() to pass the $linklocal_fallback preference...

unbound: filter link-local addrs from host_entries.conf. Fixes #16035

Fix regression with IPv6 LL addresses

- Update does_vip_exist() to correctly compare LL VIPs that include the
interface in the address (e.g. '%lo0').
- Return the previous find_interface_ipv6_ll() behavior of including the
the interface in the LL address....

Bump config version

Include Captive Portal zone description in messages

Remove the old Captive Portal configuration 'zone'

Consolidate Captive Portal zone name references from config

This change updates the code which uses the "captiveportal/<zone>/zone"
path to instead use "captiveportal/<zone>". The latter path is chosen
since most code that references the name uses this path and has the least...

Include all IPv6 address flags in get_interface_addresses()

Select an interface IPv6 address based on priority

pfSense_getall_interface_addresses() is deprecated

Use pfSense_get_ifaddrs() instead which now includes LL addresses.

Modernize this check as using x-prefix is not needed any longer

Respect binding to IPv6 when updating AAAA records using RFC2136. Fix #16028

- Move the "local" nsupdate configuration line condition so that it is
set when "recordtype" is AAAA.
- Don't clobber the "$if" variable with the loop since it's also used
later with "get_interface_ipv6($if)"; this fixes the IPv6 status....

Respect address family for RFC2136 when calling dyndnsCheckIP()

The "usepublicip" option is only used for IPv4.

Do not use the lua script on armv7, it is not supported.

Fixes the warnings at boot.

ACB Device Key Changes + General Refresh

- Changed default method of device key generation.
Implements #16016
- Added mechanism to change the device key.
Implements #16015
- Added download function for device key(s).
Implements #16015
- Fixed detection of changes since previous backup to skip redundant...

Handle potential errors with Net_IPv6::checkIPv6. Fix #16005

Don't process empty filter rules from packages

Packages may insert their own filter rules via a function referenced in
the package xml element "filter_rules_needed". Don't assume that rules
will be returned and instead skip trying to process empty rules.

Fix typo in function name on log error message

Style fixes

QNAME minimization default has changed. Fix #15925

Check value when setting config root

$value should always be an array when setting the configuration root.

Typo: Additional error handling for invalid cert config. Fix #15975

PREF64 support. Implement #15808

Allow up to 4 RDNSS addresses

Additional error handling for invalid cert config. Fix #15975

Bump up the year in the Copyright notice.

Don't translate the change description. Fix #15911

Revert to the previous behavior of not translating change descriptions.

Improve the logging on get_sysctl().

Also take into account the sysctl(8) return code when checking for errors.

This is not yet a fix, but the log output is going to help with the fix.

Ticket: #14648

Remove redundant calls in get_request_source_address()

Remove redundant calls in get_dpinger_status()

Don't call running_dpinger_processes() and get_gateways() in
get_dpinger_status() since it's already done in the calling function.

Also remove the error log for missing dpinger processes since
get_dpinger_status() is only called for existing dpinger processes.

Avoid printing pkill internal errors. Fix #15912

Also remove the file check from isvalidpid() since pkill can handle it.

Add an option to display text on the login page. Implement #9293

Determine the correct AF when DDNS uses a gateway group

Sort filter rules after changes. Fix #15935

When rules are added/removed, they should also be re-sorted.

Check subqueues when determining pipe slot limit. Fix #13662

Config access regession when disabling CP MAC filtering. Fix #15926

Add config upgrade support for new system aliases

Define additional system aliases. Implement #15776

Allow choosing when to use Check IP service in DDNS. Implement #14067

Add NAT64 support for firewall rules

Add initial GUI support for NAT64. The NAT64 source can be set to:
- Automatic (default): Use the rule's gateway or gateway group (use the
system's default if not specified) to determine the source interface.
Sets e.g. "from (vmx0)"....

Send picture widget image inline. Fixes #15767

kea: add initial DHCP-PD support. Implements #15652

Close PHP session when exiting early. Fixes #15873

Fix Captive Portal PHP error. Fixes #15907

kea: ignore default and max lease time within pool context. Fixes #15332

Add error handling for config xml parsing exceptions. Fix #15860

With this change, exceptions during a config restore will no longer
result in an unbootable instance.

Remove deprecated function use of xml_parser_free()

As of PHP 8.0.0, the function has no effect and is no longer needed.

kea: enable static arp support, Feature #15654

dhcp: fix static arp config access

Revert "dhcp: fix static arp config access"

This reverts commit c31cc5d0e1121e973abc0d58b4808f6d90762dba.

remove rogue character

dhcp: fix static arp config access

Handle null widget instance ID. Issue #15844

Fix config access regressions during config upgrades

- 122_to_123: outbound rule saved to wrong path
- 130_to_131: operate on same types
- 136_to_137: handle potentially empty path
- 150_to_151: operate on same types
- 169_to_170: save the new wireless interface name

Don't use config result by reference

The $settings variable is not changed within the loop.

Config access regession when restoring from config 19.1. Fix #15895