BSD Commit Log Search

config: rebase for 24.7

config: adjust build config accordingly

config: bootstrap a 24.7 config

VPN: IPsec: Virtual Tunnel Interfaces - safeguard config access in updown_event.py as get() doesn't have a default. (https://github.com/opnsense/core/issues/6781#issuecomment-2073439667)

(cherry picked from commit b0bf317640c17874fa781846a81a39e76517fc05)

security/openconnect: sync with master

security/openconnect: fiddle with wording

net/relayd: sync with master

net/relayd: make new version

interfaces: hmm, dead code in core.inc ?

VPN: IPsec: Virtual Tunnel Interfaces - safeguard config access in updown_event.py as get() doesn't have a default. (https://github.com/opnsense/core/issues/6781#issuecomment-2073439667)

Framework: sync with upstream

Taken from: FreeBSD

www/serf: sync with upstream

Taken from: FreeBSD

www/py-gunicorn: sync with upstream

Taken from: FreeBSD

textproc/libucl: sync with upstream

Taken from: FreeBSD

security/vuxml: sync with upstream

Taken from: FreeBSD

net/libzmq4: sync with upstream

Taken from: FreeBSD

net/google-cloud-sdk: sync with upstream

Taken from: FreeBSD

net-mgmt/telegraf: sync with upstream

Taken from: FreeBSD

devel/subversion: sync with upstream

Taken from: FreeBSD

interfaces: move radvd and rtsold to system log where they belong

We've long moved dhcp6c to this spot but we're still missing a bit of
context during debugging, e.g. why rtsold keeps restarting dhcp6c with
a SIGHUP.

*/*: sync with upstream

Taken from: FreeBSD

security/suricata: update to 7.0.5

pf|ipfw|netinet6?: shared IP forwarding

This removes the if_output calls in the pf(4) code that escape further
processing by defering the forwarding execution to the network stack
using on/off style sysctls for both IPv4 and IPv6.

Also see: https://reviews.freebsd.org/D8877

pf|ipfw|netinet6?: shared IP forwarding

This removes the if_output calls in the pf(4) code that escape further
processing by defering the forwarding execution to the network stack
using on/off style sysctls for both IPv4 and IPv6.

Also see: https://reviews.freebsd.org/D8877

pf|ipfw|netinet6?: shared IP forwarding

This removes the if_output calls in the pf(4) code that escape further
processing by defering the forwarding execution to the network stack
using on/off style sysctls for both IPv4 and IPv6.

Also see: https://reviews.freebsd.org/D8877

System: Trust: Revocation - forgot to persist new lifetime, causing the following exception:

Exception: Failed to parse time string (+ days) at position 0 (+): Unexpected character in /usr/local/opnsense/mvc/app/controllers/OPNsense/Trust/Api/CrlController.php:347
Stack trace:

System: Trust: Revocation - check input before use on revoked selectors

pf: show differences between route functions

wg: Add netmap support

When in netmap (emulated) mode, wireguard interfaces prepend or strip a
dummy ethernet header when interfacing with netmap.  The netmap
application thus sees unencrypted, de-encapsulated frames with a fixed
header.

In this mode, netmap hooks the if_input and if_transmit routines of the
ifnet.  Packets from the host TX ring are handled by wg_if_input(),
which simply hands them to the netisr layer; packets which would
otherwise be tunneled are intercepted in wg_output() and placed in the
host RX ring.

The "physical" TX ring is processed by wg_transmit(), which behaves
identically to wg_output() when netmap is not enabled, and packets
appear in the "physical" RX ring by hooking wg_deliver_in().

Reviewed by:    vmaffione
MFC after:      1 month

    [3 lines not shown]

sys/dev/ixgbe - workaround to prevent an i2c bus read to keep trying to read an empty slot.

When executing `ifconfig -v` this will lead to stalls for a second per interface due to the timeout being set to a static 10 without a module placed, this patch makes sure this is only allowed once per insertion.