OPNSense/core fe1a8ecsrc/opnsense/www/themes/opnsense/assets/stylesheets main.scss

ui: prevent vertical modal overflows and instead present a scrollbar
DeltaFile
+5-0src/opnsense/www/themes/opnsense/assets/stylesheets/main.scss
+5-01 files

OPNSense/core 0739a2asrc/opnsense/mvc/app/controllers/OPNsense/Firewall/forms dialogFilterRule.xml, src/opnsense/mvc/app/views/OPNsense/Firewall filter.volt

Firewall: Automation: Filter - remove unused code to support input+select entry and start using the new $.replaceInputWithSelector() for source/destination networks.
DeltaFile
+1-66src/opnsense/mvc/app/views/OPNsense/Firewall/filter.volt
+2-0src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
+3-662 files

OPNSense/core 1247297src/opnsense/mvc/app/views/OPNsense/Trust cert.volt

System: Trust: Certificates - accidentally broke template in https://github.com/opnsense/core/commit/bc2ca23c9384e301fd2605661d0c3adca30a7a93 , revert this change.
DeltaFile
+2-2src/opnsense/mvc/app/views/OPNsense/Trust/cert.volt
+2-21 files

OPNSense/core 0a7a7ffsrc/opnsense/www/js opnsense_ui.js

mvc / frontend - Javascript code: add $.replaceInputWithSelector() action to easily replace single inputs for (grouped) selects. In some cases a set of options is available which we do want the user to choose from, but also manual input is an option. (for example known networks vs manual netblocks)

Using this commit you can fetch the options from a different source and replace <input> tags for a combination of <input>/<select>, example usage:

ajaxGet('/api/my/endpoint', [], function(data, status){
   $(".net_selector").replaceInputWithSelector(data);
});
DeltaFile
+82-0src/opnsense/www/js/opnsense_ui.js
+82-01 files

OPNSense/core 9b981b7src/opnsense/mvc/app/views/layout_partials form_input_tr.volt

mvc/views - minor regression in https://github.com/opnsense/core/commit/c8adc2921235f8f37b6709343526596e46281440, allownew needs a default
DeltaFile
+1-1src/opnsense/mvc/app/views/layout_partials/form_input_tr.volt
+1-11 files

OPNSense/core 489b5d6src/opnsense/mvc/app/controllers/OPNsense/Base ApiControllerBase.php, src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api CpuUsageController.php

mvc: configdStream: poll_timeout should be configurable on controller layer

The default of 2 is fine for predictable processes or direct data
passthrough, but any event-based mechanism might need to change this.
DeltaFile
+5-5src/opnsense/mvc/app/library/OPNsense/Core/Backend.php
+4-2src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
+0-2src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/CpuUsageController.php
+9-93 files

OPNSense/core 14ea1b9src/opnsense/mvc/app/models/OPNsense/Base BaseModel.php

mvc - change exception handling in runMigrations() to avoid mismatches in attributes being silently ignored.

When a migration tries to address an non existing attribute, a InvalidArgumentException is thrown, but only partially noted in the log.
It's likely safer to abort the migration if steps fail and send the error to the log for further inspection.
DeltaFile
+5-2src/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php
+5-21 files

OPNSense/core e23fee9src/opnsense/mvc/app/controllers/OPNsense/Base ApiControllerBase.php

mvc: configdStream: actually, ob_end_flush() is still necessary

Turns out there is still implicit buffering happening, the exception
thrown is due to a lack of error handling on the Phalcon side. Even
the PHP docs suggest silencing this with '@'.

This reverts commit 7c05e524b047e6d915b80994855a4e69d365645c.
DeltaFile
+1-1src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
+1-11 files

OPNSense/core 7c05e52src/opnsense/mvc/app/controllers/OPNsense/Base ApiControllerBase.php

mvc: configdStream: remove ob_end_flush()

Our default PHP configuration already has output buffering set to 0,
and since there is no explicit buffering start, the ob_end_flush()
will throw two exceptions on development mode when streaming a log
file. We likely don't need this anymore so removing it here.
DeltaFile
+1-1src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
+1-11 files

OPNSense/core 51a4f0asrc/etc/inc/plugins.inc.d ipsec.inc

VPN: IPsec: Tunnel Settings [legacy] - fix typo in cnofig generation. closes https://github.com/opnsense/core/issues/7344

(cherry picked from commit caf83e598d2d945c79a9b3f0fe01aa15d66aba68)
DeltaFile
+1-1src/etc/inc/plugins.inc.d/ipsec.inc
+1-11 files

OPNSense/core caf83e5src/etc/inc/plugins.inc.d ipsec.inc

VPN: IPsec: Tunnel Settings [legacy] - fix typo in cnofig generation. closes https://github.com/opnsense/core/issues/7344
DeltaFile
+1-1src/etc/inc/plugins.inc.d/ipsec.inc
+1-11 files

OPNSense/core 550dacfsrc/opnsense/mvc/app/controllers/OPNsense/Wireguard/forms dialogConfigBuilder.xml

VPN: WireGuard / Peer config builder - typo in previous.
DeltaFile
+1-1src/opnsense/mvc/app/controllers/OPNsense/Wireguard/forms/dialogConfigBuilder.xml
+1-11 files

OPNSense/core 768d900. plist

pkg: fix plist
DeltaFile
+1-0plist
+1-01 files

OPNSense/core 13b685asrc/opnsense/mvc/app/controllers/OPNsense/Wireguard GeneralController.php, src/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api ClientController.php

VPN: WireGuard / Peer config builder - add a new option to generate client configs and store their public parts on this firewall. closes https://github.com/opnsense/core/issues/7308

Endpoints are stored in the instance option as these are only relevant for the client (e.g. servers fqdn:port). Default allowed ip's for clients are all, we might consider storing these in the instance at some point as well, but lets avoid toggles nobody asked for yet.
DeltaFile
+142-20src/opnsense/mvc/app/views/OPNsense/Wireguard/general.volt
+61-0src/opnsense/mvc/app/controllers/OPNsense/Wireguard/forms/dialogConfigBuilder.xml
+10-0src/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/ClientController.php
+10-0src/opnsense/mvc/app/controllers/OPNsense/Wireguard/GeneralController.php
+3-2src/opnsense/mvc/app/models/OPNsense/Wireguard/Menu/Menu.xml
+2-1src/opnsense/mvc/app/models/OPNsense/Wireguard/Server.xml
+228-236 files

OPNSense/core 28162b0src/opnsense/mvc/app/models/OPNsense/Routes Route.php

system: fix PHP warnings and spurious validation

Now the beloved "make validate" goes full force ahead complaining
about handling null in explode and giving us an IP family mismatch
on a gateway that already has a fatal flaw not being in the system
anymore which the model can also complain about:

=> Specify a valid gateway from the list matching the networks ip protocol.

Thus just get rid of the spurious pass causing warnings.

(cherry picked from commit 97bcc257983afd2141822615f9aef005039d8ad7)
DeltaFile
+26-24src/opnsense/mvc/app/models/OPNsense/Routes/Route.php
+26-241 files

OPNSense/core 1d593fesrc/opnsense/mvc/app/views/OPNsense/Core dashboard.volt, src/opnsense/scripts/system cpu.py

dashboard: add CPU Usage widget

Also allow for each widget to override the resize handles in case
they should be more restrictive in terms of dimensions.
DeltaFile
+126-0src/opnsense/www/js/widgets/Cpu.js
+16-2src/opnsense/scripts/system/cpu.py
+6-0src/opnsense/www/js/opnsense_widget_manager.js
+5-0src/opnsense/www/css/dashboard.css
+5-0src/opnsense/www/js/widgets/BaseWidget.js
+2-1src/opnsense/mvc/app/views/OPNsense/Core/dashboard.volt
+160-32 files not shown
+162-38 files

OPNSense/core af459ffsrc/opnsense/mvc/app/controllers/OPNsense/Base ApiMutableModelControllerBase.php, src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api CategoryController.php

mvc: style sweep
DeltaFile
+2-1src/opnsense/mvc/app/controllers/OPNsense/Base/ApiMutableModelControllerBase.php
+1-1src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/CategoryController.php
+3-22 files

OPNSense/core 89d4af5. plist, src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api CpuUsageController.php

configd: extend streaming support for blocking processes

This allows for hooking into the EventSource mechanism on the client side,
enabling server-sent events without busylooping on the backend.
This will reduce stateless network chatter and eliminates the need for
polling and many other benefits.

Continuation of https://github.com/opnsense/core/commit/f25e1214dc138a2e54d57a65c5ee435bac2e2df8,
which disables buffering on the webserver side. This change in particular also
removes implicit buffering on the configd side.

As an example, the polling of CPU usage is included with a backend script here.
Granted, this could easily be replaced by `iostat -w 1 cpu | egrep -v "tty|tin" --line-buffered`,
but the client will eventually need some form of per-event formatting which is already
being handled in this example. When implementing these types of scripts, make sure
that all output that encapsulates a single event is flushed at all times to prevent
OS buffering. A new controller (without any consumers) is also implemented to showcase
the passthrough mechanism on the controller side.
DeltaFile
+65-0src/opnsense/scripts/system/cpu.py
+52-0src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/CpuUsageController.php
+15-3src/opnsense/service/modules/actions/stream_output.py
+6-0src/opnsense/service/conf/actions.d/actions_system.conf
+4-1src/opnsense/service/configd_ctl.py
+2-0plist
+144-46 files

OPNSense/core d27eb42src/etc/inc/plugins.inc.d webgui.inc

webui: fix previous

configuration requires forward slashes here
DeltaFile
+1-1src/etc/inc/plugins.inc.d/webgui.inc
+1-11 files

OPNSense/core f25e121src/etc/inc/plugins.inc.d webgui.inc

webui - In order to allow streaming to the client, we like to prevent Lighttpd buffering our responses. This commit is a proposal to only enable streaming responses on api endpoints, as we do need to wait for the script to exit anyway. In theory we could do the same for /ui, but that's less important at the moment.

Documented in https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_stream-response-bodyDetails
DeltaFile
+2-1src/etc/inc/plugins.inc.d/webgui.inc
+2-11 files

OPNSense/core ff1991csrc/www interfaces.php

Interfaces - change help text to reflect reality. closes https://github.com/opnsense/core/issues/7339

For dhcp type interfaces, gateways are being pushed by the server and we automatically assume these are "external". For static ones you can configure similar behavior, but only explicit. When selecting a gateway, both reply-to and source nat rules are affected.
When nothing is chosen (now default, earlier "auto-detect"), normal routing rules apply and nothing special happens.
DeltaFile
+6-6src/www/interfaces.php
+6-61 files

OPNSense/core fd35aeesrc/opnsense/www/js/widgets Interfaces.js

dashboard: use 'super' for clarity, also minor cleanup
DeltaFile
+1-14src/opnsense/www/js/widgets/Interfaces.js
+1-141 files

OPNSense/core fb2a9b8src/opnsense/mvc/app/controllers/OPNsense/IDS/Api SettingsController.php

Service: IDS - query all fields for searchBase actions (implemented by https://github.com/opnsense/core/commit/2d45b78f744059089078d56b3c108765b2d23608)

sample for for https://github.com/opnsense/core/issues/7094
DeltaFile
+3-3src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php
+3-31 files

OPNSense/core 1d03941src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api CategoryController.php, src/www/javascript opnsense_legacy.js

Firewall: Categories / cleanup search action.

* remove searchNoCategoryItemAction() introduced in https://github.com/opnsense/core/commit/c7d2488034618ee72345b35b682c7626266494dd
* use new "return all fields" introduced in https://github.com/opnsense/core/commit/2d45b78f744059089078d56b3c108765b2d23608
DeltaFile
+8-13src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/CategoryController.php
+1-1src/www/javascript/opnsense_legacy.js
+9-142 files

OPNSense/core 2d45b78src/opnsense/mvc/app/controllers/OPNsense/Base ApiMutableModelControllerBase.php

mvc/controller - extend searchBase() to return all fields when no list is provided, for https://github.com/opnsense/core/issues/7094
DeltaFile
+17-2src/opnsense/mvc/app/controllers/OPNsense/Base/ApiMutableModelControllerBase.php
+17-21 files

OPNSense/core 3b138c3src/opnsense/www/css dashboard.css, src/opnsense/www/js opnsense_widget_manager.js

dashboard: async call should be awaited, make sure observer can trigger on content load
DeltaFile
+14-14src/opnsense/www/js/opnsense_widget_manager.js
+6-2src/opnsense/www/css/dashboard.css
+1-4src/opnsense/www/js/widgets/Interfaces.js
+21-203 files

OPNSense/core ea90af0src/opnsense/mvc/app/controllers/OPNsense/Core/Api DashboardController.php, src/opnsense/www/css dashboard.css

src: style sweep
DeltaFile
+7-4src/opnsense/mvc/app/controllers/OPNsense/Core/Api/DashboardController.php
+3-4src/opnsense/www/js/smoothie.js
+3-3src/opnsense/www/css/dashboard.css
+2-2src/opnsense/www/js/opnsense_widget_manager.js
+1-1src/opnsense/www/js/widgets/BaseTableWidget.js
+16-145 files

OPNSense/core 92bd601. Makefile

make: remove the sourceMapping awareness

It's been a couple of years and Chrome should behave now.
DeltaFile
+0-4Makefile
+0-41 files

OPNSense/core 419fec6src/opnsense/mvc/app/controllers/OPNsense/Core/Api DashboardController.php, src/opnsense/www/css dashboard.css

Dashboard: boilerplate for new widgets (#7328)

DeltaFile
+1,176-0src/opnsense/www/js/smoothie.js
+362-0src/opnsense/www/js/opnsense_widget_manager.js
+249-0src/opnsense/www/css/dashboard.css
+194-0src/opnsense/www/js/widgets/BaseTableWidget.js
+157-0src/opnsense/mvc/app/controllers/OPNsense/Core/Api/DashboardController.php
+140-0src/opnsense/www/js/widgets/Interfaces.js
+2,278-010 files not shown
+2,449-316 files

OPNSense/core 16a6dcbsrc/opnsense/mvc/app/controllers/OPNsense/Trust/Api CertController.php

System/Trust/Certificates - oops, there is no toggle on certs...
DeltaFile
+0-4src/opnsense/mvc/app/controllers/OPNsense/Trust/Api/CertController.php
+0-41 files