| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
tcp:// as protocol for http. Fix issue reported at https://forum.pfsense.org/index.php?topic=105890.0
|
| |
|
|
|
|
| |
Matches behavior to what "apply changes" on interfaces.php does. Ticket #3997
|
| |
|
|
|
|
| |
option where gw_down_kill_states is set. Flip setting accordingly during config upgrade to not use confusing 'kill_states' tag to not kill states. Ticket #5815
|
|
|
|
| |
The SERVER_NAME variable is not available anymore, use HTTP_HOST instead.
|
|\ |
|
| | |
|
| |
| |
| |
| | |
may have not existed at the time of bridge interface's creation. interface_bridge_configure on the interface's bridge ensures all settings (private, etc.) are applied. Ticket #4312
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
1) Get rid of the stristr() checks to "guess" if an apply button should
be used.
2) Change print_info_box() so it can take a button name of "close"
, "apply" or none to decide which button to show.
3) Delete function print_info_box_np_undo() - nothing calls it.
4) Add new function print_apply_box() to provide an easy wrapper for
print_info_box() with the parameters to be 'warning' level and 'apply'
button.
5) Change print_info_box_np() calls to just print_info_box() or
print_apply_box() as appropriate.
There is 1 direct call to print_info_box_np() from vpn_ipsec_mobile.php
remaining. That tries to make a "create" button. It was not working
before this change. It needs to be sorted out and fixed separately.
After this change there is no dependency on a string containing text
like "apply" to make the apply button appear.
Then we can work on re-engineering the internal code of
print_info_box_np() print_info_box() and print_apply_box() to fit
together however we like. It should be easy to preserving the current
API to print_info_box() and print_apply_box().
|
| | |
|
| |
| |
| |
| | |
add a user login count option.
|
| | |
|
| |
| |
| |
| | |
console
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
- Remove parameters from set_language()
- Add a global variable for default language
- add env var for LANG, otherwise it won't work
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
CIDR less than 30.
|
| |
| |
| |
| | |
each iteration since it's changed inside loop. Reported on https://github.com/pfsense/pfsense/pull/2487
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
- Stop moving unity .so file around to make it not being loaded
- Include all modules default .conf file from strongswan.d/charon
- After default files are included, define custom settings
- When unity is disabled, add a rule to make strongswan to not load it
|
| | |
|
| | |
|
|\ \ |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \ |
|
| | | |
| | | |
| | | | |
add XXX prefix.
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\ \ \ |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | | |
added bcrypt auth as per #4120
|
| | | | | |
|
| |_|/ /
|/| | | |
|
| | | | |
|
|\ \ \ \ |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The subnet overlap functions came up as a concern while fixing redmine 5702.
Specifically -
The "canonical" function check_subnets_overlap() doesn't handle IPv6 (util.inc has standardised on v4/v6/agnostic versions, but this doesn't fit). Fixed by adding transparent detection of v4/v6 and a specific IPv4-only version
The IPv6 version is wrong (if sub1 *contains* sub2 then neither of sub1's endpoints will be detected as "inrange" of sub2 and result will be incorrect: this logic error has been fixed recently in other code too)
Bad data isn't detected - this still isn't detected for compatibility and is tagged "FIXME" instead to look at in future. Reason - not to break anything, at present always returns "overlap = true/false", not "true/false/invalid input".
because CIDR overlap implies containment, the IPv4 version uses a very efficient logic, namely calculates largest size subnet and checks this is same for both. Adopting this for both, and simplifying, makes these functions far "neater"
The old v4 version allowed for non-numeric $bits which doesn't make sense and I've omitted. Cannot think of a single situation where we would provide empty or bad data when we actually mean a /32 single IP.
Solution in this commit - a canonical "overlap" test (IPv4/IPv6 agnostic), IPv4/v6 "overlap" versions that actually do the work, in each case using the same logic as the old v4 (identify largest bit size and test if subnets created are valid and identical), and tag lack of "bad data" detection as fixme for now, returning FALSE instead to avoid breaking anything until fixed. Should be transparent from outside.
|
| | | | | |
|