www/caddy: Selectpicker that can filter the Domain, Subdomain and Handlers by selected Domain (#3937)
* Update reverse_proxy.volt
Add a first version of a filter functionality by domain. In this version, only handlers are filtered by domain.
A selectpicker with multi selection can choose domains, and the filter function compares these UUIDs to the UUIDs of the "reverse" UUIDs of the model relation fields. Either all domains are shown, or only elements where the UUIDs match.
* Update ReverseProxyController.php
A new api endpoint for the domain search selectpicker has been created. It returns the ID and a Domain+Port combination.
The search function for the Handler now returns all fields if no filter has been set, or only the referenced UUIDs when a filter has been set.
* Update ReverseProxyController.php - Add search function to subdomains
* Update reverse_proxy.volt - Reference Search Filter in Handlers, Domains and Subdomains
* Update ReverseProxyController.php - Add the search function to domains
[9 lines not shown]
Update caddy_control.py (#3944)
Forces the reload even if the config in the Caddyfile is unchanged, using an extra command of the rc.d script, forcing certificates in the filesystem to reload.
Fixes: {"info","ts":"2024-04-26T06:13:06Z","msg":"config is unchanged"}
Otherwise, if the config is unchanged, and the certificates are replaced, the names of the certificates in the Caddyfile stay the same, thus implying the config has been unchanged.
mvc/model/ContainerField - pass isFieldChanged() to children.
Noticed this issue while working on filter validations, which seemed to re-validate each item on every migration due to FieldTypes inheriting from ContainerField.
This is a minor change, but will prevent record validations from triggering unnecessary.
rss: add sysctl enable toggle
This commit also includes the original refactoring changes
This change allows the kernel to operate with the default netisr cpu-affinity settings while having RSS compiled in. Normally, RSS changes quite a bit of the behaviour of the kernel dispatch service - this change allows for reducing impact on incompatible hardware while preserving the option to boost throughput speeds based on packet flow CPU affinity.
Make sure to compile the following options in the kernel:
options RSS
options PCBGROUP
As well as setting the following sysctls:
net.inet.rss.enabled: 1
net.isr.bindthreads: 1
net.isr.maxthreads: -1 (automatically sets it to the number of CPUs)
And optionally (to force a 1:1 mapping between CPUs and buckets):
[4 lines not shown]
mvc/model - implement getDescription() in NetworkAliasField. As this field type acts as a single (non-list) type, we need to return the description from here as well as BaseListField's implementation doesn't apply here.
mvc/model - BaseListField replace array_map+strval for loop with cast to preserve execution time. The mapping with strval seems to be rather slow, a simple cast seems to be roughly 4 times faster.
MVC: deal with explicit buffering on Phalcon side
The start() and finish() methods in Phalcon start and close an output buffer respectively. If we clear this buffer prematurely, as is needed for streaming data, we must handle the exception that pops up as a result of Phalcon trying to close the buffer again. In cases where such control over the output is needed, we must also assume that the headers have already been sent, so silence the output in this case to prevent a PHP fatal error.
pf|ipfw|netinet6?: shared IP forwarding
This removes the if_output calls in the pf(4) code that escape further
processing by defering the forwarding execution to the network stack
using on/off style sysctls for both IPv4 and IPv6.
Also see: https://reviews.freebsd.org/D8877
pf|ipfw|netinet6?: shared IP forwarding
This removes the if_output calls in the pf(4) code that escape further
processing by defering the forwarding execution to the network stack
using on/off style sysctls for both IPv4 and IPv6.
Also see: https://reviews.freebsd.org/D8877
sys/dev/ixgbe - workaround to prevent an i2c bus read to keep trying to read an empty slot.
When executing `ifconfig -v` this will lead to stalls for a second per interface due to the timeout being set to a static 10 without a module placed, this patch makes sure this is only allowed once per insertion.
wg: Add netmap support
When in netmap (emulated) mode, wireguard interfaces prepend or strip a
dummy ethernet header when interfacing with netmap. The netmap
application thus sees unencrypted, de-encapsulated frames with a fixed
header.
In this mode, netmap hooks the if_input and if_transmit routines of the
ifnet. Packets from the host TX ring are handled by wg_if_input(),
which simply hands them to the netisr layer; packets which would
otherwise be tunneled are intercepted in wg_output() and placed in the
host RX ring.
The "physical" TX ring is processed by wg_transmit(), which behaves
identically to wg_output() when netmap is not enabled, and packets
appear in the "physical" RX ring by hooking wg_deliver_in().
Reviewed by: vmaffione
MFC after: 1 month
[3 lines not shown]
stand: add EFI support for mmio serial consoles
When no legacy serial is found, we may be looking at a non-legacy mmio
serial device mapping, in which case the efi_devpath_name() for name
ConOutDev looks like this:
VenHw(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,0090DCFE00000000)/Uart(115200,8,N,1)/VenVt100()
Which should tell the kernel to attach a console to 0xfedc9000
(little endian 64 bit value). The value is stored behind the
VENDOR_DEVICE_PATH struct as a byte stream hence we need to check
if said address is appended behind the node. Also enforce use for
uart by requiring the console speed read from the same device.
There is no scientific process for "rs:2" derivation, but evidence would
indicate that this is the correct setting for existing MMIO EFI consoles.
See also: http://bsdimp.blogspot.com/2018/07/how-to-get-memory-mapped-serial-console.html
axgbe: enable RSF to prevent zero-length packets while in Netmap mode
Initially, RSF (Receive Queue Store and Forward) was disabled for
unknown reasons, but the cut-through mode that's enabled as a result
seems to send 0 length packets up to the DMA when the RX queue is
full.
axgbe: gracefully handle i2c bus failures
In (unknown) situations it seems the i2c bus can have trouble,
while nothing about the current link state has changed, the driver
would react by going into a link down state, and start busylooping
on up to 4 cores. Even if there was a valid link, such spinning
on a cpu by a kernel thread would wreak havoc to existing and
new connections.
This patch does the following:
1. If such a bus failure occurs, we keep the last known link state.
2. Prevent busy looping by implementing the lockmgr() facility to
be able to sleep while the i2c code waits on the i2c ISR. We cap
this with a timeout.
3. Pin the admin queues to the last CPU in the system, to prevent
other scenarios where busy looping might occur from landing on CPU
0, which especially seems to cause a lot of issues.
Given the design constraints both in hardware and in software,
[9 lines not shown]
axgbe: LED control for A30 platform
Since the I/O expander chip does not do a reset when soft power
cycling, the driver will first turn off all LEDs when initializing,
although no specific routine seems to be called when powering down.
This means that the LEDs will stay on until the driver has booted up,
after which the driver will be in a consistent state.
axgbe: also validate configuration register in GPIO expander
It is possible for a machine to boot into a state in which the configuration register,
responsible for controlling wether an I/O signal is considered an input or output,
contains randomized values. It was assumed this was programmed by the BIOS.
If I/O is reversed, it's possible for the driver to think an SFPP module has been inserted
when there is none, leading to unrecoverable I2C errors.
The configuration register should contain a state which is determined and provided by the BIOS,
hence no hard-coded values are programmed here.
axgbe: move phy_stop to axgbe_if_detach()
Since the iflib interface needs axgbe_pci_init() and its phy starting capabilities, no data was passed in its absence.
With the NULL check of the axgbe_miibus we also resort back to an MDIO read as a module might be capable of both
clause 22 and clause 45 methods of communication.
with the move of phy_stop() to if_detach() in https://github.com/opnsense/src/commit/d50d4e8cd499882d4ac77765797a81306e316795, it's better to prevent reconfiguring the phy should the pci_init() callout trigger more than once.