Commit Graph

24816 Commits

Author SHA1 Message Date
Chris Buechler
df92099cda Remove old write caching tunable as well. Ticket #4203 2015-01-12 12:43:34 -06:00
Chris Buechler
397009e99e Remove the settings to disable DMA, which have changed in FreeBSD 10.
Ticket #4203
2015-01-12 12:34:55 -06:00
Ermal LUÇI
f084049d71 Do not leak firewall rules as well when (re)creating rules 2015-01-12 19:25:24 +01:00
Renato Botelho
8ec853c3d5 Fix spell typo spotted by phil-davis 2015-01-12 12:35:59 -02:00
Ermal LUÇI
83b8ed6b2b Fix typos introduced by chaning to explicit id specification when necessary. Fixes #4202 2015-01-12 15:14:56 +01:00
Renato Botelho
b73e9bc28b Merge pull request #1431 from phil-davis/patch-1 2015-01-12 11:49:22 -02:00
Ermal LUÇI
a4cd8f03a8 Properly handle large passthrough entries even here. 2015-01-12 12:30:45 +01:00
Ermal LUÇI
9d89f78096 Use this generation now of committing pipes directly and only rules to put on ruleset to avoid memory pressure and the timelimit will than be enforced by the caller 2015-01-12 12:27:54 +01:00
Ermal LUÇI
fe9ec12b48 Revert "Ticket #3932 Use array_map to get more parallelism when there are many entries. This makes it not reach the execution timeout with large entries."
This reverts commit 7077addc5a.
2015-01-12 12:25:45 +01:00
Ermal LUÇI
fd9e606614 Actually improve the previous resource leak commit since the function is there but it was not being used during init_rules process. 2015-01-12 12:21:05 +01:00
Ermal LUÇI
18f4d6c90d * Try to autodetect if the execution limit needs to be raised on big number of passthrough entries.
Set the time limit to 0 and restore it back to default value when this is detected.

* Do not leak pipes when reloading ruleset for CP since this will consume available descriptors.
  This has been noted before but considered fixed, this is the real fix actually for dnpipes.
2015-01-12 12:17:00 +01:00
Ermal LUÇI
907cc718d1 Put the value of password under double quotes(") to avoid issues with special characters in passwords. Ticket #4177 2015-01-12 11:49:20 +01:00
Ermal LUÇI
c80ad8a892 Do not override the passwd string. First it prevents the md5 working if the crypt() check fails and also is useless to override it since the parameter is passed by value and not by reference. 2015-01-12 11:43:21 +01:00
Ermal LUÇI
5cd24cf110 Prevent echo to insert a newline(\n) at the secret string. Fixes #4177 2015-01-12 11:40:55 +01:00
Ermal LUÇI
7077addc5a Ticket #3932 Use array_map to get more parallelism when there are many entries. This makes it not reach the execution timeout with large entries. 2015-01-12 10:38:17 +01:00
Ermal LUÇI
f3f885aa91 Fix typos and set needed variable 2015-01-12 09:33:30 +01:00
Ermal LUÇI
330591f5f5 properly apply the passthrough entries when apply is hitr. 2015-01-12 09:30:46 +01:00
Ermal LUÇI
384deecb5c Fix inherent issues with isset and empty values set as true by our parser. This made the piep configuration to be wrong at least for passthrough entries. Ticket #3932 2015-01-12 09:27:17 +01:00
Chris Buechler
1aecc4daf8 Bring back showing of default value like previous versions. 2015-01-11 19:34:09 -06:00
Chris Buechler
7f52fdd27f Merge pull request #1433 from phil-davis/patch-3 2015-01-11 19:16:01 -06:00
Ermal LUÇI
619aa26f71 Remove debug code 2015-01-11 16:37:50 +01:00
Phil Davis
2d375e8156 Fix cut paste brain fade 2015-01-11 21:00:59 +05:45
Phil Davis
8d848bdfdf Do not return disabled dynamic gateways
When a dynamic gateway is disabled (by the user through the webGUI), it was still being returned by return_gateways_array(). But when called like that, disabled gateways should not be returned. The first part of the routine was correctly skipping disabled gateways, but then the later part would effectively re-generate those dynamic gateways on-the-fly and not realise they should be skipped because they were disabled.
This code now remembers gateway details of all the gateways, including skipped ones, so the dynamic gateway code can easily realise all gateways that have been already processed, even those that were processed and skipped.
Forum: https://forum.pfsense.org/index.php?topic=86565.0
It fixes Gateway Status Widget - now if a dynamic gateway is disabled, it does not appear on the display.
This will also stop disabled dynamic gateways from being returned to other callers. So there may/will be impacts on other parts of the system when a user disables a dynamic gateway. e.g. filter.inc - a gateway that has been disabled by a user canot be used in rules any more.
2015-01-11 20:54:31 +05:45
Renato Botelho
6bdb02d36c Merge pull request #1432 from phil-davis/patch-2 2015-01-11 11:03:34 -02:00
Phil Davis
3f6930f7e2 Fix POST typo in interfaces_assign.php
Obviously a typo. But this section is inside:
if (isset($_POST['add_x']) && isset($_POST['if_add'])) {
and I cannot find where 'add_x' is ever sent here, so I do not see how this whole code section is ever executed (and that will be why this typo bug has no symptoms). What is the history here? Can the whole block of code be removed?
The code normally executed is the section for 'Submit' lower down.
2015-01-11 18:40:09 +05:45
Ermal LUÇI
7de6a47f1d Fixes #3281 do not undo any changes already done for gif/gre interface. 2015-01-10 22:34:47 +01:00
Ermal LUÇI
e821f30e7d Fixes #4177 convert password to base64 to be submitted to avoid issues with special chars in shell and HTTP GET parameter passing. Probably should add POST support to fcgicli. 2015-01-10 22:17:28 +01:00
Ermal LUÇI
60370eb98f Properly rename the var Ticket #4164 2015-01-10 21:52:46 +01:00
Phil Davis
1d8c79cc1e Restart PHP-FPM allow to setup ini file
I was just using console menu option 16 Restart PHP-FPM and it hung on a nanoBSD system.
I found /tmp/php_errors.txt with this in it:
"override rw-r--r--  root/wheel for /usr/local/etc/php.ini?"
Flying blind at the console I entered "y", then /tmp/php_errors.txt had this:
--------
rm: /usr/local/etc/php.ini: Read-only file system
override rw-r--r--  root/wheel for /usr/local/lib/php.ini?
--------
Pressed return at the console and it proceeded, presumably without re-writing php.ini

It works much better when the file system is mounted RW :)
2015-01-10 21:38:50 +05:45
Chris Buechler
c39feb71c3 Default to only AES and SHA1 for new P2s. 2015-01-09 22:08:27 -06:00
Chris Buechler
c5ddb6ad4a Default IPsec to AES 2015-01-09 22:01:12 -06:00
Chris Buechler
460719c819 Default IPsec to main mode, unless mobile client. 2015-01-09 21:59:00 -06:00
Ermal LUÇI
9c0ec56ea8 Do not count twice the phase2 entries 2015-01-09 23:12:21 +01:00
Ermal LUÇI
7f48765aab Just some reshufling and cleanup 2015-01-09 22:47:52 +01:00
Ermal LUÇI
e8cb8b2937 Let the kernel handle REQID rather than handling it manually. The connection name is the one needed here. 2015-01-09 22:32:26 +01:00
jim-p
526e6c06f8 Add tracker and label to IPv4 Link-Local block rules. 2015-01-09 16:07:28 -05:00
Chris Buechler
3529ac320d After the other set of changes had unexpected complications, let's back this out too. Revert "PEAR static method call warning"
This reverts commit 4751f76a67.
2015-01-09 01:13:34 -06:00
Chris Buechler
23ca569527 This broke a variety of things. Revert "Deprecated and non-static method messages"
This reverts commit 91b9a02fb1.
2015-01-09 00:40:01 -06:00
Chris Buechler
79ac2ee0d2 Merge pull request #1427 from phil-davis/PEAR-static-methods 2015-01-09 00:20:25 -06:00
Chris Buechler
e8e494f30d disable this PHP error logging, errors that are really significant end up with a crash report, this is more noise than useful at this stage in 2.2. 2015-01-09 00:17:10 -06:00
Phil Davis
4751f76a67 PEAR static method call warning
Forum https://forum.pfsense.org/index.php?topic=86478.0
PEAR is used by
IPv6.inc
auth.inc
captiveportal.inc
radius.inc
xmlrpc_client.inc
radius_accounting.inc
radius_authentication.inc

I have just changed this 1 function to "public static"

Also used are:
PEAR::raiseError
PEAR::loadExtension (already has "static function")

Not sure if PEAR::raiseError will throw a similar "static method" call
warning, not game to touch it.
2015-01-09 10:04:28 +05:45
Ermal LUÇI
74fe0ef919 Make this code less memory hungry and fix route command generation 2015-01-08 23:57:47 +01:00
Ermal LUÇI
2ecb2dafa5 Catch packets on all iunterfaces and send them out the correct one. Fixes #4174 2015-01-08 22:49:36 +01:00
Chris Buechler
dd0ad62cc9 Merge pull request #1426 from phil-davis/deprecated-stuff 2015-01-08 14:25:49 -06:00
Phil Davis
91b9a02fb1 Deprecated and non-static method messages
Fix various files that can emit messages like:
PHP Strict Standards:  Non-static method SimplePie_Misc::array_unique()
should not be called statically, assuming $this from incompatible
context in /etc/inc/simplepie/simplepie.inc on line 5508
php-fpm[16262]: /rc.newipsecdns: PHP ERROR: Type: 8192, File:
/etc/inc/shaper.inc, Line: 4365, Message: Assigning the return value of
new by reference is deprecated

Some of these style messages have been reported on the forum, e.g.
https://forum.pfsense.org/index.php?topic=86448.0

I had RSS widget on, and simplepie sent the system beserk telling about
all this stuff.
2015-01-09 01:20:05 +05:45
Renato Botelho
6d1907a3d2 Improve URL and URL ports alias update data:
- Move redundant code to a function parse_aliases_file(). Before the max
number of items was not being respected when URL content is updated,
only when alias was saved. Same was happening with ip/subnet/port
validation and user could end up with a bad pf.conf
- Remove unused variables

These changes were based on Pull Request #1264. It should fix #4189

Submitted by:▸  PiBa-NL
2015-01-08 16:16:47 -02:00
jim-p
725d54bd9a Change OpenVPN CARP VIP test to be more accurate. The client should also not be run if the VIP is in the INIT state. 2015-01-08 10:41:37 -05:00
Renato Botelho
ae952a031c Unobsolete libcurl.so.4 since it's installed by recent versions of curl package 2015-01-08 12:26:19 -02:00
Renato Botelho
d10a166240 Fix check for cookies, the way it was implemented didn't work because it would need a refresh to check if cookie was set or not. Use javascript to do a simple test 2015-01-08 11:08:11 -02:00
Renato Botelho
ce997e6a88 Add a value to cookie, otherwise it's not set. Before my last change parameters were out of order and expiration time was being set as value. It should fix #4069 2015-01-08 10:15:18 -02:00