| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
Hexadecimal numbers without the '0' padding are also valid, e.g:
a:b:c:d:e:f
|
| |
|
|
|
|
|
|
| |
Until 2.3.x pfSense carried a patch that changed the behavior of 'route
change' command, making it add the route when it fails to change.
On 2.4 this patch was removed and will not be added back. This change
adjust PHP code to deal with route add / change and make it work
without the patch
|
| |
|
|
|
|
|
|
|
| |
Verify if addresses are valid IP address before convert them to make
numeric comparison.
While here, adjust indent.
Inspired by: @phil-davis patch at PR #3189
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows the caller to do a single "atomic" call to unlink_if_exists.
If it returns true, then they know that the file existed and that it has
been unlinked successfully.
This should help avoid race conditions where multiple code paths try
sequences like:
if (file_exists("somefile") {
unlink("somefile");
do_other_stuff();
}
in the case where we really only want do_other_stuff() to happen for the
code path that is the first one to actually unlink the file.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
- ip6_to_bin() and bin_to_ip6() are copies obtained from pear-Net_IPv6
since the version available in the class is protected and we don't
want to add more patches to thirdy part software. If upstream accept
to change them to public we can retire them
- bin_to_compressed_ip6 is just a short way to conver binary direct to
a compressed IPv6 address
Reported at: https://forum.pfsense.org/index.php?topic=117601.0
|
| | |
|
| |
|
|
| |
No functional change - just making style consistent
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | |
| |
| | |
is_ipaddr() returns the type of IP if valid. Use this to simplify the function
|
| | |
| |
| |
| | |
include it in the ruleset regardless so it doesn't generate any filter errors. Ticket #6181
|
| |\ \ |
|
| | |/
| |
| |
| | |
This will add linklocal fallback where no IPv6 is otherwise configured to allow login using this IPs
|
| | | |
|
| |/
|
| |
Function isn't used in main or packages repo, and in any case would need a complete rewrite to handle IPv6.
|
| | |
|
| |
|
|
|
|
| |
is_unqualified_hostname as well."
This reverts commit 94ccdcb8a4d6f7789fd39c4b6e9876bb689de9a4.
|
| | |
|
| | |
|
| |
|
|
| |
Remove "you" personalizations.
|
| |
|
|
| |
custom restrictions for arbitrary networks. Fixes #4463
|
| |
|
|
|
|
|
|
| |
Handle URL table aliases similar to bogons tables. Suppress record remove buttons.
Update (download) only the selected URL table alias instead of all of them.
Retain full line comments in downloaded URL table files so we can view and use them.
When URL table file full line comments are present, provide view option in info box.
Increase ability to extract last update date from wider variety of URL table file comments.
|
| | |
|
| |
|
|
| |
at time of config restore. Ticket #5892
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Spotteb by @loos-br
|
| |
|
|
|
| |
This function takes an IPv6 subnet and return an array containing all
DNS PTR zones
|
| | |
|
| |
|
|
|
|
|
|
| |
selected type of VIP addresses: CARP, IP alias or all VIPs (default).
It seems that a few packages still rely on this.
Ticket #5885
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out that current CARP implementation is not much different from an IP alias.
This commit converts the IP alias to also use the CARP uniqid scheme, this simplify the code in all other places because now we have only two different cases to deal with:
- A friendly interface name (lan, wan, opt1, etc.);
- A Virtual IP - VIP alias (_vip{$uniqid}) - CARP or IP Alias.
The parent of a CARP is always a friendly interface. The parent of an IP alias can be a friendly interface or a CARP (this is the only case of recursion of a VIP).
This commit removes a few cases where CARP were still considered a interface (the old CARP implementation), fixes all the wrong cases of strpos() being used to detect a VIP address (wont work as it returns '0' which fails when tested as 'TRUE'), review the usage of CARP and IP alias as services bind addresses, fixes general issues of adding and editing VIP addresses.
The following subsystems were affected by this changes:
- IPSEC;
- OpenVPN;
- dnsmasq;
- NTP;
- gateways and gateway groups;
- IPv6 RA;
- GRE interfaces;
- CARP status;
- Referrer authentication.
Fixes (and/or revisit) the following tickets:
- Ticket #3257
- Ticket #3716
- Ticket #4450
- Ticket #4858
- Ticket #5441
- Ticket #5442
- Ticket #5500
- Ticket #5783
- Ticket #5844
|
| |
|
| |
See forum https://forum.pfsense.org/index.php?topic=106547.0 for discussion if this is wanted.
|
| |
|
|
|
|
| |
Forum: https://forum.pfsense.org/index.php?topic=106470.0
I believe that this should work OK on both 32 and 64 bit systems. A 32-bit system will convert big values of $bytes and big numbers like 1099511627776 to float first, then do the comparison. 64-bit systems will do (int) comparisons. Either way, in the end, the value is sprintf() into a float anyway.
I have tested on a 64-bit system.
I don't have access to a 32-bit system right now, so somebody should check that to make sure my theory works in practice.
|
| |\ |
|
| | |
| |
| | |
Used explode to array rather than to a list, and tested array size, so as not to assume it has exactly 2 parts separated by "/".
|
| | | |
|
| | | |
|
| | | |
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Resubmit of two PRs that couldn't be merged due to basecode conflicts
is_linklocal() - tightened and made correctly IPv4/v6 agnostic per RFCs
is_literalipaddrv6() - simplified
is_hostnamewithport() - simplified
IS_LINKLOCAL()
is_linklocal has a few issues, including validating as linklocal, addresses that aren't linklocal according to RFC 4291, validating as a linklocal address input that could contain arbitrary text/no validation of reasonableness on any %(scope/interface) present, and appearing from its function name to be suitable for all linklocal addresses but actually not IPv4/v6 agnostic.
1) IPv4/6 agnostic: while IPv4 linklocal testing isn't much needed, not it should probably be recognised because some code handling linklocal may reasonably expect is_linklocal() to be IPv4/IPv6 agnostic.
2) For IPv6, it tests at least, that the purported scope/interface is [0-9a-z]+ otherwise user input or other text such as "fe80::%\n;ARBIRARYTEXT;" would be validated as a linklocal address and inserted into pf and perhaps other places without further detection, leading to possible vulnerabilities. Also tests scope/interface for a reasonable length of <= 64 chars "just in case". But it doesn't test more than this (and probably should test for valid scope/interface if present).
3) Follows RFC 4291 exactly: IPv6 linklocal isn't just "fe80::", it requires the rest of the first 64 bits to be zero too. The RFC defines it as '1111111010' + 54 zeros (Ref: https://tools.ietf.org/html/rfc4291#section-2.5.6 )
4) Returns 4 or 6 to give a more exact response to the calling function as to whether the match was an IPv4 linklocal or IPv6 linklocal address (both evaluate to True for Boolean test purposes such as "if (is_linklocal(...))")
Note: Net_IPv6::_Ip2Bin() can return shorter binary strings for IPv4 or "junk" input. So this code tests that it returned a 128 bit length, which ensure it was meaningful IPv6.
IS_HOSTNAMEWITHPORT()
simplified - we don't need to pop() or assign a new variable just to test 2nd member of the array
IS_LITERALIPADDRV6()
simplified - we don't need an expensive preg_match() to test if it's a valid IPv6 wrapped in "[" ... "]"
|
| | | |
| | |
| | |
| | |
| | | |
Calculate colspans in casenumber of columns change again
"bytes" => "B" to reduce column width
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Inspired by pull request #1901 from marcelloc/hitcount_23_02.
State visualization and kill will be committed in a subsequent commit.
|
| | | | |
|
