pfSense

fixed indent according to the style guide.

Currently pfsense enforces unique unqualified hostnames for static dhcp leases, which is not correct as only the fully qualified hostname (hostname + domainname) must be unique. With this commit the old validation logic for uniqeness is modified such that hostnames no longer need to be unique and at the same time the fully qualified hostname hast to be unique....

Encode server name before displaying back to the user.

Fixes #4633 Enable carp packets to flow on the first carp interface creation. This is needed only when the system is booted up without any carp vip configured

Ticket #4131 before formatting the mac extract the needed statistics from below

Show correct selection for noshuntlan option. Ticket #4655

Merge pull request #1631 from phil-davis/patch-5

Merge pull request #1630 from phil-davis/patch-4

Merge pull request #1629 from ExolonDX/master

Merge pull request #1625 from phil-davis/www-e

Merge pull request #1623 from phil-davis/code-style-diag

Merge pull request #1622 from phil-davis/usr-local-www

Merge pull request #1618 from phil-davis/www-widgets

Remove the DHCP static lease overlap cleanup and associated function and kill, as it can cause problems with failover scenarios.

Add static mapping interface not set when IP in a pool

If the DHCP IP address is in a pool (not in the main DHCP range for the interface) then the interface that corresponds to the IP address is not found. This results in the link to "add static mapping for this MAC address" not having any value for "if=" and thus clicking on the "+" button does not work....

Do not process dhcpd implementation if input errors

If I go to Service->DHCP Server, make some edits that are invalid (e.g. change range start or end to some invalid string) and press Save then the page comes back displaying the input error(s). But it also says:...

Trying to submit a symlink as part of crash reports will cause a failed
submission. Remove symlinks first. Also properly set user agent while
here, consistent with others. Fix some style and whitespace too. Ticket

Tidy up "status_upnp.php" XHTML

Remove double line from table

Tidy up "services_unbound.php" XHTML

Add missing closing TD tag

More www code style oddments

Fix #4640 IPsec Auto-exclude LAN address toggles

every time save is pressed.
Actually the GUI is displaying the opposite setting to what is in the config. When the user pressed save that opposite setting was saved, but then again it displays the opposite of the opposite...

Code style usr-local-www diag

Code style xmlrpc

Code style usr-local-www back-end

files that do stuff in mostly in the background.

Implement make bofre break feature avaliable on strongswan 5.3.0 useful for IKEv2. Fixes #4626

Make diag_smart back button look like other buttons

The back button here was just a piece of text with no nice formatting.
This change codes it as a button in the same way that "Cancel" buttons are done elsewhere. It makes the SMART Diag results page look a bit more consistent with the rest of the pfSense GUI.

Widgets code style

Add support for EAP-RADIUS to IKEv2 Mobile Clients

Merge pull request #1601 from phil-davis/check-overlapping-subnets

Remove pre-check and post-check from Cache-Control

If both `post-check` and `pre-check` are specified and set to `0`, both
are entirely ignored:

http://blogs.msdn.com/b/ieinternals/archive/2009/07/20/using-post_2d00_check-and-pre_2d00_check-cache-directives.aspx

Combine Cache-Control header in one line

Sorted by RFC 2616:

Section 14.9.1 `no-cache`
Section 14.9.2 `no-store`
Section 14.9.4 `must-revalidate`

Combined into one line with IE's `pre-check` and `post-check`. However,
when both set to `0`, both are entirely ignored:...

Merge pull request #1609 from phil-davis/www-bits

Code style for small things in usr-local-www

When deleting a VIP check it is not used by OpenVPN

I noticed this when cleaning up VIPs and OpenVPN server when testing for this forum post https://forum.pfsense.org/index.php?topic=92174.0
The system let me delete my test VIP before I deleted the OpenVPN server using, probably not a good thing....

Domain override with multiple authoritative DNS servers

Tell users that this is possible in DNS Resolver and how to achieve it. The code in unbound.inc already supports it and works.
I had asked for this in Redmine feature request #4350 and when I went to look at coding to implement it I found code that already did it....

Check for overlapping subnets when saving interface addresses

This checks if a static IP address entered for an interface has a subnet
that overlaps with any other configured subnet. e.g.:
LAN is IPv4 10.10.12.1/24
Then try to set OPT1 to 10.10.13.1/23 - it overlaps with LAN because...

Allow single interface bridges. Useful with span port option, and when shuffling configuration around.

Merge pull request #1597 from phil-davis/Common-typos

diag_sockets show sockets listening on localhost
this helps pick a free port for services using sockets bound to localhost, and helps determine if the service has at least started and bound the port without needing to go through all 'connected' sockets as well

Fix up Ticket #4504 implementation. Match config style with other areas. Use a config setting to disable, rather than enable, this functionality since it's enabled by default so the tag isn't necessary in the default config. Remove now unnecessary config upgrade code.

Few minor text typos

Note that advertise is spelt with an "s" in other places in the GUI, so
making it consistent in services_ntpd - but maybe Americans do spell it
"advertize" these days?

shouldn't need this as its own inc anymore, but only changing in master since 2_2 nearing release

There is no longer any need to restrict protocols for IPv4+IPv6 rules, the appropriate ruleset is generated and problem scenarios that would otherwise break here are prevented by other input validation.

remove dead code, clean up excess white space a bit.

Fixes #4504 use correct key index

Fixes #4504 Allow the bypass policy for LAN to be enabled and prevent traffic sent to lan ip to go to the ipsec tunnel

Fixes #4259 Use proper variable to do calculations

Add SCTP to protocol list for filtering.

Fix IPsec Advanced Settings uniqueids. It was neither set in strongswan config, nor picked up correctly in the UI.

Fix encoding issues in Configuration History list.

Fix a few misc encoding issues in load balancer code.

Fixed minor spelling error

Merge pull request #1578 from Robert-Nelson/rfc2136_ignore_ipv4_ipv6

Change to Record Type with A and AAAA as values.

Merge pull request #1587 from Gertjanpfsense/master

Merge pull request #1581 from phil-davis/patch-1

Use address types instead of addresses.

Merge branch 'master' into rfc2136_ignore_ipv4_ipv6

Merge pull request #1582 from k-paulius/fix-get_possible_traffic_source_addresses

Merge pull request #1559 from phil-davis/status-dhcp-leases

Voucher messages using wrong config field name

https://forum.pfsense.org/index.php?topic=91168.msg505273#msg505273
$config['voucher'][$cpzone]['msgnoaccess']
and
$config['voucher'][$cpzone]['msgexpired']
do not exist.
These should be
$config['voucher'][$cpzone]['descrmsgnoaccess']...

Fixes an issue wherein an alias could be added only if some other alias already exists in the system.

Commit 89f171b changed result returned by get_possible_traffic_source_addresses() from indexed to associative array. Updating affected code.

Use radio buttons to select between IPv4, IPv6 or Both.

RRD Graph Custom Tab display friendly description

The other tabs of Status:RRD Graphs put the friendly description of each interface into the drop-down list for selection.
This change makes the Custom tab do that also.

Merge pull request #1577 from k-paulius/fix-dhcp6-validation

Add missing encoding, as suggested by yakar

Add option to not register IPv4 and/or IPv6 addresses.

Use is_numericint() instead of empty() to check if value has been entered because empty() does not allow 0, which is a valid value.

Make sure 'DHCPv6 Prefix Delegation size' is provided if 'Send IPv6 prefix hint' flag is checked to avoid generating invalid dhcp6c configuration file.

Handle release number in installer

This code just looked wrong. It was considering 10.1-RELEASE-p6 to be release number "1" and comparing it to "9".
These changes to do what it seems to intend. This will make that UFS+J stuff appear, if that is of any consequence.

Add option for wireless standard "auto", to omit "mode" entirely from ifconfig. This shouldn't be necessary, but specifying mode has proven to trigger driver problems that don't exist if it's left unspecified (such as FreeBSD PR 198680). Chosing "auto" fixes ath(4) BSS mode issues otherwise preventing it from connecting.

change the location of jquery-ui images in each theme's css file

Merge pull request #1571 from phil-davis/patch-2

Cleanup code path when adding a new user

1) Only attempt to delete the oldusername if it actually was non-empty - at the moment errors are logged in the system log when adding a new user, because the code was trying to delete the user name "".
2) Call local_user_set() first to create (change, whatever) the user record. This makes the user record exist for a new user. Then call local_user_set_groups() to sort out what groups the user should be in or not in. The existing code would fail to add a new user to the specified group/s because local_user_set_groups() was called too early, before the user actually existed....

Do not allow VLAN tag zero

At the moment you can make a VLAN with tag 0. The input validation does not catch it because when $_POST['tag'] = "0" that evaluates to false by PHP.
Always make the checks on 'tag' value whenever the 'tag' key is set at all. If the (required) 'tag' key is not set, then that is already checked for by do_input_validation().

Merge pull request #1562 from phil-davis/usr-review1

Code Style sbin tmp usr

Bits and pieces from sbin tmp and usr but not yet usr/local/www

pfSsh.php readline function return value

This just looks wrong. But I guess the code path never comes through here because function readline() already exists in the environment of this script.

Status DHCP Leases handle expire never

Note: We can let the code pass "never" (or any other unexpected stuff)
to adjust_gmt()
adjust_gmt() should anyway handle the case when strtotime() cannot
understand the input string and thus returns false. In that case we...

txpower was disabled for good reason it would appear, it triggers syntax errors in some configurations. Disable it again since it's been disabled for years, and comment out the user-facing config portion for now since it doesn't do anything. Ticket #4516

Apply WME input validation to all modes, not just hostap. Ticket #4516

Default to 11ng if an option hasn't been configured. Previously we let the browser pick the first in the list (the first the card reported as available), which ended up being 802.11b. Ticket #4516

Default to WPA2, AES for new wireless interface configs. Ticket #4516

Auto-size the interface box on the bridge edit page.

touch up interfaces.php text

Require WPA PSK where WPA-PSK is enabled. Clean up some other text. Ticket #4516

clean up input errors text

Fix up text, remove "only for Atheros" since the option is only shown if a compatible card exists.

"Auto" channel with hostap doesn't work correctly at the moment, force choosing a specific channel with hostap mode for now.

add more wireless validation. Ticket #4516

Add more validation for wireless config settings. Ticket #4516

Add more input validation for wireless parameters. Ticket #4516

Touch up wifi text

clean up unique IDs text a bit.

Proper fix #4443, do not unset carp entry when content differ, also set correct real interface and use subnet to check IP protocol

Save vip interface and subnet to use to delete old vips from secondary nodes. Fixes #4446

Revert "Use a consistent variable name here. related to Ticket #4446"

This reverts commit 309162b96d6ad0db09c132cc0aabc890bfe1909f.

add granular control of state timeouts. Ticket #4509

Conflicts:
etc/inc/filter.inc

Remove BEAST protection option since default cipher is now good and works with hifn cards