Firewall: Automation: Filter - remove unused code to support input+select entry and start using the new $.replaceInputWithSelector() for source/destination networks.
mvc / frontend - Javascript code: add $.replaceInputWithSelector() action to easily replace single inputs for (grouped) selects. In some cases a set of options is available which we do want the user to choose from, but also manual input is an option. (for example known networks vs manual netblocks)
Using this commit you can fetch the options from a different source and replace <input> tags for a combination of <input>/<select>, example usage:
ajaxGet('/api/my/endpoint', [], function(data, status){
$(".net_selector").replaceInputWithSelector(data);
});
mvc: configdStream: poll_timeout should be configurable on controller layer
The default of 2 is fine for predictable processes or direct data
passthrough, but any event-based mechanism might need to change this.
mvc - change exception handling in runMigrations() to avoid mismatches in attributes being silently ignored.
When a migration tries to address an non existing attribute, a InvalidArgumentException is thrown, but only partially noted in the log.
It's likely safer to abort the migration if steps fail and send the error to the log for further inspection.
mvc: configdStream: actually, ob_end_flush() is still necessary
Turns out there is still implicit buffering happening, the exception
thrown is due to a lack of error handling on the Phalcon side. Even
the PHP docs suggest silencing this with '@'.
This reverts commit 7c05e524b047e6d915b80994855a4e69d365645c.
mvc: configdStream: remove ob_end_flush()
Our default PHP configuration already has output buffering set to 0,
and since there is no explicit buffering start, the ob_end_flush()
will throw two exceptions on development mode when streaming a log
file. We likely don't need this anymore so removing it here.
VPN: WireGuard / Peer config builder - add a new option to generate client configs and store their public parts on this firewall. closes https://github.com/opnsense/core/issues/7308
Endpoints are stored in the instance option as these are only relevant for the client (e.g. servers fqdn:port). Default allowed ip's for clients are all, we might consider storing these in the instance at some point as well, but lets avoid toggles nobody asked for yet.
system: fix PHP warnings and spurious validation
Now the beloved "make validate" goes full force ahead complaining
about handling null in explode and giving us an IP family mismatch
on a gateway that already has a fatal flaw not being in the system
anymore which the model can also complain about:
=> Specify a valid gateway from the list matching the networks ip protocol.
Thus just get rid of the spurious pass causing warnings.
(cherry picked from commit 97bcc257983afd2141822615f9aef005039d8ad7)
dashboard: add CPU Usage widget
Also allow for each widget to override the resize handles in case
they should be more restrictive in terms of dimensions.
configd: extend streaming support for blocking processes
This allows for hooking into the EventSource mechanism on the client side,
enabling server-sent events without busylooping on the backend.
This will reduce stateless network chatter and eliminates the need for
polling and many other benefits.
Continuation of https://github.com/opnsense/core/commit/f25e1214dc138a2e54d57a65c5ee435bac2e2df8,
which disables buffering on the webserver side. This change in particular also
removes implicit buffering on the configd side.
As an example, the polling of CPU usage is included with a backend script here.
Granted, this could easily be replaced by `iostat -w 1 cpu | egrep -v "tty|tin" --line-buffered`,
but the client will eventually need some form of per-event formatting which is already
being handled in this example. When implementing these types of scripts, make sure
that all output that encapsulates a single event is flushed at all times to prevent
OS buffering. A new controller (without any consumers) is also implemented to showcase
the passthrough mechanism on the controller side.
webui - In order to allow streaming to the client, we like to prevent Lighttpd buffering our responses. This commit is a proposal to only enable streaming responses on api endpoints, as we do need to wait for the script to exit anyway. In theory we could do the same for /ui, but that's less important at the moment.
Documented in https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_stream-response-bodyDetails
Interfaces - change help text to reflect reality. closes https://github.com/opnsense/core/issues/7339
For dhcp type interfaces, gateways are being pushed by the server and we automatically assume these are "external". For static ones you can configure similar behavior, but only explicit. When selecting a gateway, both reply-to and source nat rules are affected.
When nothing is chosen (now default, earlier "auto-detect"), normal routing rules apply and nothing special happens.