pfSense

Restore default description behavior. Fix #13739

Prevent get_pf_rules() from indexing a string error. Fixes #13660

pfSense_get_pf_rules(), which populates the $rulescnt variable sent to
get_pf_rules(), will terminate its loop fetching rules if a call to
pfctl_get_rule() returns nonzero, adding to the associative array return value...

Remove leftover debug prints.

Work around for empty config tags. Fixes #13564.

Related to issue #13642, the serialization of route maps was broken for a time
in such a way that the frrglobalroutemaps tag would contain only a single empty
config tag. The xml parser element handler considers 'config' to be a 'list...

globals.inc needs to be sourced in auth_func.inc

Improve visibility of select fields in dark theme. Fix #11730

Rector direct global g accesses

Use correct UPnP enabled test. Fixes #13735

Add ifmcstat to status.php. Implements #13731

Use rtrim for trimming whitespace and EOLs from version files

Cleanup globals.inc. Use single quotes on scalar strings.

Eliminate some direct config access in util.inc, add some documentation

Add append hook to globals.inc.

Fix a regression caused by Rector: Fixes #13712

Replace direct config access in services_dhcp.php. Fix #13719

Eliminate backticks shell execution operator in diag_system_activity.php.

Fix unnecessarily duplicated work. Issue #13250

Introduce public accessors for $g: g_has, g_get, and g_set.

Improve LDAP debug logs. Implements #13718

Revert "Remove unused global $config_extra"

This reverts commit e36bc382ae1e0533c328b9dcd99959b17171de2e

Remove unused global $config_extra

Remove unused xmlreader implementation and conditional sourcing

Disable MTU input for a bridged interface

Bridge member interfaces cannot have their MTU configured independently from a
bridge, this change disables the MTU input for an interface that is configured
as a bridge member and replaces any configured value with the bridge's actual...

Add ovpn qinqs to bridges instead of rebuilding them. Fixes #13666

qinq interfaces defined with parent openvpn interfaces are configured late in
rc.bootup, after qinqs for other physical and logical interfaces and bridges are
configured. The resolution to #13225 ensured that these late interfaces were...

rc.ipsec: Strip bonus quotes. Fixes #13076

The string was coming from check_reload_status wrapped in quotes that
were not necessary, and were causing the string to not match when it
should have.

$usedmacs should never be a string, default should be an array. For #13705

Rector some direct config gets with complex paths.

Pass reloadall flag to dhcp6c config. Fixes #13253

This ensures that if the interface is being configured in a way that requires a reload, that the DHCP6 client is also restarted. This allows the DHCP6 client to restart when applying settings and during other necessary events.

Rector some config unsets with complex paths.

DDNS Save+Force timeout improvements. Fixes #12870

• In PHP8, curl_close is a no-op, so remove it.
• Now that curl_close does nothing, we have to set CURLOPT_FORBID_REUSE
  to prevent connections from getting stuck in a pool waiting for reuse.
• Add a couple more debug log entries for when certain functions end,...

Rector some direct config sets with pure scalar paths.

DHCP6 Adv field validation errors. Fixes #13493

A few fields were being validated but not informing the user when the
values were bad. This commit lets the user know when they have entered
invalid data in the affected fields.

Rector some direct config gets with pure scalar paths.

Rector some more direct config unsets with pure scalar paths

Rector some direct config unsets with pure scalar string paths.

IPsec cert SAN improvements. Fixes #13373

• Improve descriptions of IPsec P1 cert fields.
• Allow using a cert with a wildcard SAN so long as there is at least
  one non-wildcard SAN.

Add CA/Cert invalid descr char list to help. Fixes #13387

Fix regression in URL alias parsing. Fixes #13685

Correct special net NPt dst prefix handling. Fixes #13240

Disables prefix length drop-down when using a special net (e.g. track6
delegated prefix) because that already has its own prefix length.

Being able to specify a custom prefix was of dubious use and served to...

Use 'ip' when copying+converting addr rules. Fixes #13364

Ensure copied rules get unique IDs. Fixes #13507

Omit RAM disk size check when disabled. Fixes #13479

Remove unused deprecated code from dhclient script. Fixes #13501

Add CDATA protection to "hint". Fixes #13388

rc.linkup code refresh and fixes. Fixes #13254

• Update code to be more compatible with PHP 8.1
• Consistency changes to code and logging so every path has similar
  output instead of some being unusually different.
• Do not restart unbound on linkup as other mechanisms already do that...

Fix more Rector foreach fallout

Restore unintentionally removed line. Issue NG 9247

captiveportal: actually allocate a pipe number for new clients

When a client authenticates to the captive portal we generate a pipe
number (actually two) for it. However, we did this with
'check_only = true', so the next client got assigned the same pipe...

Fix gif interface _routerv6 files not being created. Fixes #11545

interface_gif_configure() uses the global variable $g to look up the temp
directory in which to write the router/gateway files used for gateway
monitoring. The declaration of $g in this scope was inadvertently removed in...

Add iface to some resolver restarts. Fixes #12612

A few interface-specific calls to restart the resolver were not passing
the interface name to ensure it was only restarted when necessary.

Fix PPP reset hr/min blank vs 0. Fixes #13307

Replace direct config accesses in services_dhcpv6_relay.php. Fixes #13676

Fix PPP interface regression

Correct console set IP addr script. Fixes #12632

• Prompt to replace default gateway instead of only setting if it was
  empty before.
• Correct faulty assumptions about WAN or LAN interfaces and either
  remove unnecessary checks or change so they look for presence of a...

Fix descr for unbound network ifs. Fixes #13453

Fix Adv DHCP6 f/multiple interfaces. Fixes #13462

Improve set_ipv6routes_mtu checks. Fixes #13675

Define curl CAPath for trusted CAs. Fixes 12737

Detect/set default primary console. Fixes #12960

If the user has not chosen a primary console, use the current active
console type as the default.

This prevents a user from unintentionally switching from video to serial
without making an explicit choice to do so.

Disabled service status correction. Fixes #13604

Correct QAT active reporting. Fixes #13674

Account for cases where the module(s) are loaded but the driver failed
to attach.

fix pciconf output parsing

In FreeBSD 14 the output format of pciconf changed. It now splits up the
device and vendor fields.

Simplify this code by using the column output. Concatenate device and
vendor fields to match the previous output (with awk).

See https://cgit.freebsd.org/src/commit/?id=635cfe5b819f60f28b7e21b94322b0237c13244b...

Replace direct config accesses to system/webgui paths in system_advanced_admin.inc. Fixes #13659

Also move default assignment of $pconfig['webguiproto'] to 'http' from
system_advanced_admin.php to system_advanced_admin.inc and remove unneccessary
init_config_arr() calls from system_advanced_admin.php.

Merge pull request #4604 from luckman212/fix-func-args-in-gwlb.inc

Removed unused filter_flush_nat_table, fix typo. Fixes #12757

RemoveUnusedForeachKeyRector runresults

Remove dead statement as per rector

Spelling fixes. Fix #13357

• Incorrect input validation for `dhcp6c` `keyinfo expire` `forever` keyword in `interfaces.inc`.
• Incorrect input validation for associated rule's `Source Port` in `firewall_rules_edit.php`.
• Incorrect `voucher*.` file lock reference in `status_captiveportal_voucher_rolls.php`....

Cleanup some unreachable statements as per Rector.

Merge pull request #4596 from luckman212/update-rc.initial-202206

Merge pull request #4606 from KoenZomers/DNSExitFix

Merge pull request #4605 from kaedros/master

Remove duplicate reserved alias names. Fix #13524

Respect bind interfaces in unbound. Fix #13393

Also create DHCPv6 rules for interfaces with static IPv6. Fix #13633

Update/cleanup DHCP 4/6 server text. Fixes #13250

Correct typo. Fixes #13663

While here, reduce a few differences with Plus.

Update the loader.conf filter list.

This remove the duplicate entries for the settings added by pfSense.

Sync with the current Plus defaults.

Correct codelq shaper input validation for firewall_shaper.php. Fixes #13661

Ensure all bandwidth values are cast to int before applying arithmetic to the
return value of get_bandwidth_typescale(). This alleviates failed validation
when the bandwidth is blank....

Misc EasyRule updates/fixes.

• Addresses several known issues in EasyRule. Fixes #13445
• Updates syntax to new style for PHP 8.1. Fixes #13627

Fix config_del_path() if the node doesn't exist

If the node we're trying to delete with config_del_path() doesn't exist
array_del_path() will fail as follows:

Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /etc/inc/util.inc:3459...

Add bxe to the ALTQ capable interfaces list

Redmine: #13304

Backup/Restore fixes for dup SSH/RRD. Issue #13132

Fixes for multiple SSHDATA or RRDDATA sections in config.xml

• On backup, strip out any existing SSH and RRD data sections before
  adding new ones.
• On restore, remove any empty data sections and if there is more than...

Rewrite functions for toggle & delete NAT. Fixes #13545

Refine IPsec deprecation behavior. Issue #13648

P1 and P2 entries are only disabled if they have no remaining valid combinations of options. This way tunnels that just had one bad entry selected can continue working.

Replace direct config accesses regarding ssh configuration. Fixes #13645

In system_advanced_admin.inc, use config interface funcs instead of direct
$config access regarding ssh configuration nodes. Also initialize the ssh
section as an array if it doesn't exist in system_advanced_admin.php to prevent...

Replace some direct config accesses in util.inc. Fixes #13640

Remove cxgbe (cc) from the ALTQ capable list

Despite what the relevant man page claimed (now fixed) the cxgbe driver
has not supported ALTQ since 2012. Do not allow ALTQ to be enabled on
those interfaces.

This reverts b3979f4abe9ecb2bdd59cbbcb61e3eccf9180b79....

Remove invalid quotes from charon attr plugin attributes. Fixes #13579

Fix setting EFI boot console type. Issue #13080

For some reason the EFI loader is forcing boot_serial=YES when it is not
set in the loader configuration. To work around this, we must set it to
NO explicitly. The loader menu displays the wrong type still but it...

ipsec: remove warnings about now removed algorithms

Redmine: #9247

ipsec: disable any tunnels using 3des, blowfish, cast128 or md5 during upgrades

Redmine: #9247

ipsec: remove obsolete algorithms

These are no longer supported in FreeBSD main. Ensure they can no longer be configured.

Redmine: #9247

ipsec: allow CHACHA20-POLY1305 to be configured

Redmine: #9246

Replace direct config accesses in firewall_rules_edit.php. Fixes #13614

Revert "Change OpenVPN auth to php-cgi for the time being. Fixes #4521"

This reverts commit 1bfdb794cb2a06932da0029ca37f9727c3f74274.

openvpn: don't IFF_UP the new tun interface

New openvpn versions set TUNSIFMODE, which FreeBSD's if_tuntap only
allows on interfaces which are not up.

So, don't up the tap interface when we create it. Leave that to openvpn
itself.

Redmine: #13602

Fix malformed format strings in French translation. Fixes #13607

Fix config path typo when installing firewall schedule cron job. Fixes #13605