summaryrefslogtreecommitdiffstats
path: root/src/etc/inc
Commit message (Collapse)AuthorAgeFilesLines
* Fixed #6437RELENG_2_3_1Stephen Beaver2016-07-181-0/+2
| | | | (cherry picked from commit 7bba13e8d53adfe4beb03c8444e60848ae6e25e9)
* Protect get_dir from causing PHP errorsNewEraCracker2016-07-051-0/+3
| | | | https://forum.pfsense.org/index.php?topic=114570.0
* Handle more invalid IPv6 formatsPhil Davis2016-06-301-6/+12
|
* Shorten gwifip if whole socket path exceeds 100 charsDaniel Hoffend2016-06-281-4/+10
| | | | | | | | | | | dpinger stopps with an error when the socketname exceeds over (around) 100 characters. The dpinger will not start and not deliver monitoring results to the WebUI. These long socket names can get created when using link-local addresses and long gateway names / interface scopes. See Ticket 6505
* Use a different delimiter for dpinger socket namesDaniel Hoffend2016-06-281-5/+5
| | | | | | | Currently underscores are used to seperate gwifip, monitorip, etc, but underscors are also used in vlan subinterfaces like em0_vlan10 and therefore can't be used because the interface scope is appended to IPv6 link-local addresses.
* Set pipe_slot_limit to the maximum configured qlimit value. Move the ↵Chris Buechler2016-06-281-5/+13
| | | | set_sysctl out if the block where it only gets run if dummynet isn't already loaded. Ticket #6553
* Clean up limiter text. Remove old commented out bit.Chris Buechler2016-06-281-16/+7
|
* Fix matching of chars in IPv6 address segmentsPhil Davis2016-06-281-1/+1
| | | | | | | | | | | | | | | | | | | | The existing regex here is wrong, it matches 0 or more of the hex digits but then there can be other rubbish in the string, in fact anything at all! It matches "az", "z", "qwerty" and so on. So the "return false" inside this "if" never happens. In most cases the later code catches problems, because it converts the string from hex to decimal (and things like "z" end up as decimal 0), then it does some back-conversion of the answer to hex and realizes something is different and so does not count the entry as one of the needed 8 valid segments of the IPv6 address. This goes wrong if the user supplies a string with 8 valid IPv6 hex pieces and 1 or more extra invalid ones anywhere in the list. In that case the code finds 8 good chunks and thinks that all is well. Try using the pfSense is_ipaddrv6() with strings like: $ipaddr = "1:2:3:4:5:6:7:z:a"; $ret = is_ipaddrv6($ipaddr); var_dump($ret); That returns true - which is not good! You can put the invalid items anywhere you like, as long as you have 8 valid items, such as: "1:2:3:xy:4:5:6:7:8" "gh:1:2:3:xy:4:5:6:7:8" "1:2:3:xy:4:5:6:7:8:qw" This change makes this initial validity check on the characters actually work, so it avoids the later code having to deal with that at all. (cherry picked from commit 8a950b3c3765f5349983130611354bfead0abafb)
* Always use require_oncePhil Davis2016-06-273-4/+4
| | | | | | | | | The usage of require() and require_once() throughout the system is inconsistent, and "bugs" come up now and then when the order of "requires" is a bit different and some require() happens after the include file is already included/required. It seems to me that there is no harm at all in always using require_once().
* Run generate-privdefs.php to update priv.defs.incjim-p2016-06-271-1/+1
|
* Add include of functions.inc for declaration of gettextDenny Page2016-06-241-0/+1
|
* Include interface scope on IPv6 static routes to link local gateway IPs. ↵Chris Buechler2016-06-241-0/+4
| | | | Ticket #6506
* Revert "adding privileges and separating DNS Resolver overrides from general ↵Chris Buechler2016-06-231-8/+0
| | | | | | settings" This reverts commit fc76a1e390c8ce9579df31457c74d1d0e572b78d.
* Remove duplicate listtags() entry 'member'.NOYB2016-06-222-2/+2
| | | | (cherry picked from commit 40d7e4bee91246db09cc88141869abcd37390bc7)
* Remove subnet_expand()stilez2016-06-221-24/+0
| | | | | Function isn't used in main or packages repo, and in any case would need a complete rewrite to handle IPv6. (cherry picked from commit 6215902c4043726e633fcfac1c37c710ac398653)
* Fix bad escapeshellarg logic on mpd executionNewEraCracker2016-06-221-2/+3
| | | | | | With this change single-quotes are applied in correct places (cherry picked from commit 08cd022545be58a46b860500ff81bbe7438b6304)
* missing "("stilez2016-06-221-1/+1
| | | | (cherry picked from commit 70381d4803b9424c1a3f3ef518d8243062452d77)
* optional arg for old behaviourstilez2016-06-221-3/+4
| | | | (cherry picked from commit cf63f1638aab685cc956502f5ddd862a10bf3ff8)
* Simplify convert_seconds_to_hms() and show days for large numbers of hoursstilez2016-06-221-22/+12
| | | | | | | 1) Function can be simplified and all "if" statements removed, using intdiv (or casting result as int for PHP < 7) and % for calcs and sprintf for padding. 2) Input validity check before trying to convert format 3) If time represented is large (eg uptime might be several months) then hours becomes unhelpful, it's clearer to show "4921:02:06" as "205d 01:02:06". (Leading "days" value not shown unless >=1 for simplicity) (cherry picked from commit 0bde6d1057ed39c8ef650a5a505cf9ae5eb7199e)
* Use global backup count instead of hardcoded value and remove redundant functionstilez2016-06-221-12/+1
| | | | (cherry picked from commit 01b5410ae8391998ba560d40f447c7f556472c5b)
* set default_config_backup_count based on platformstilez2016-06-221-2/+8
| | | | | At the same time the platform is being detected for PHP/GUI purposes, set the default number of backups. Also handle the case where (for any reason) detection fails, which it shouldn't, so the variables are still created (cherry picked from commit 09a283948eada745bc10b852e63b7dec50fb69d4)
* Add missing recommended key lengths to OpenVPN optionsstilez2016-06-221-1/+2
| | | | | | | | | Add key lengths to the OpenVPN options, for asymmetric keys of size 3072 (for current use), 7680, 15360 (for long term resistance), 8192 and 16384 (common binary exponents). These are both supported by OpenVPN anyhow, and for certain uses are currently recommended (eg long term resistance to replay/decryption). See keylength.com for citations. This PR would only affect OpenVPN, and OpenVPN supports these key sizes, so should not cause any issue. (cherry picked from commit 0693c96797f7d5dfa097d24070e2bd4c9528d0e7)
* Make QinQ interfaces work againChris Rowe2016-06-221-8/+8
| | | | (cherry picked from commit 1322ee22354f1a6e184819fb7009a2996b63de97)
* Allow IGMP Proxy logging verbosity to be selected via system log settings ↵Stephen Beaver2016-06-221-1/+6
| | | | | | (PR 2901) (cherry picked from commit 2bd0585e30e5ec8fc3b79ca3f579bf9a7c1bcbc8)
* adding privileges and separating DNS Resolver overrides from general settingsJoe2016-06-221-0/+8
| | | | (cherry picked from commit fc76a1e390c8ce9579df31457c74d1d0e572b78d)
* Only call interfaces_vips_configure once if it's needed, rather than doing ↵Chris Buechler2016-06-211-1/+5
| | | | the same thing over and over for every VIP on an interface. Ticket #6515
* Fix styleChris Buechler2016-06-211-3/+5
|
* require_once auth.inc in vpn.inc since it uses functions from there, though ↵Chris Buechler2016-06-211-0/+1
| | | | normal use of the system won't require that, those who run certain things manually/custom may require it
* Only omit aggressive line from ipsec.conf where IKEv2. Ticket #6513Chris Buechler2016-06-211-1/+1
|
* Set kern.corefile, fixes #6510jim-p2016-06-211-1/+2
|
* Use escapeshellarg on shell calls in auth.inc. Ticket #6475jim-p2016-06-091-10/+18
|
* Implement pkg_valid_name()Renato Botelho2016-06-081-0/+8
|
* Set keepalive_timeout 0 where captive portal in use, and update otherwise to ↵Chris Buechler2016-06-031-1/+3
| | | | nginx's current default of 75. Ticket #6421
* Use 0 here if specified. Ticket #6413Chris Buechler2016-05-271-1/+1
|
* Fix this missed one.NOYB2016-05-251-1/+1
| | | | (cherry picked from commit f42ef69ab518237260a2e129cbdf391549c003ad)
* Firewall / Aliases / Edit - New URL Table Alias TypeNOYB2016-05-252-12/+13
| | | | | | Make the code cleaner and easier to follow by using the same alias type designations as config. (cherry picked from commit ebe833f6a9463b0e4add1d97c360af4a682d1add)
* Firewall / Aliases / Edit - New URL Table Alias TypeNOYB2016-05-251-2/+3
| | | | | | Need to pass alias type to process_alias_urltable() function when creating a new url table alias because it is not yet set/available from config. So the alias_get_type() function can't be successfully used yet. (cherry picked from commit 3b07f4feaf35e70700082240ef03966f74f5df97)
* Lower default LDAP timeout to 5 seconds. Idea from Sandeep1991 in PR 2971. ↵Chris Buechler2016-05-241-4/+4
| | | | Ticket #6367
* Set PHP's memory limit to 512M on 64 bit. Ticket #6364Chris Buechler2016-05-241-2/+2
|
* Customize limiter info messagePhil Davis2016-05-161-3/+8
| | | | | | The $dn_default_shaper_msg is what is displayed on the Limiters tab. It needs to talk about "limiter" rather than "queue". This code builds up each message using the same base template sentences, inserting "queue" or "limiter" in the appropriate place. (cherry picked from commit aadc135856a0dc2cb131aeda3fd7bc44c11ab123)
* Fix script name in error logChris Buechler2016-05-151-1/+1
|
* Fix misspellings.Chris Buechler2016-05-151-3/+3
|
* Disable ipcomp regardless of config setting to avoid problem. Ticket #6167Chris Buechler2016-05-131-1/+2
|
* Silence mwexec output. Now that the groupdel actually works, it spams the ↵Chris Buechler2016-05-131-1/+1
| | | | log when group isn't found. Ticket #6352
* Unbound and dnsmasq can both be enabled so restart both if need bek-paulius2016-05-131-4/+6
|
* Fix scope for IPv6 link local gateway IPs. Ticket #6353Chris Buechler2016-05-131-1/+1
|
* Handle link local IPv6 gateways and default gateway switching correctly. ↵Chris Buechler2016-05-131-0/+11
| | | | Ticket #6258
* Don't start unbound in track6 config if system is booting. Add dnsmasq here ↵Chris Buechler2016-05-121-1/+5
| | | | as well. Based on PR 2943. Ticket #6186
* Use -g with groupdel when passing a GID. Ticket #6352Chris Buechler2016-05-121-1/+1
|
* Fix #6278Renato Botelho2016-05-121-3/+3
| | | | | | | | | $cpzone is always in lowercase, it's used as the array key used in config.xml. Use it in two cases where the $cp['zone'] was being wrongly used: - To find out zoneid - To replace PORTAL_ACTION url
OpenPOWER on IntegriCloud