unbound: make default, associated code movements

plist

@@ -456,6 +456,8 @@
 /usr/local/opnsense/mvc/app/models/OPNsense/Diagnostics/Migrations/M1_0_0.php
 /usr/local/opnsense/mvc/app/models/OPNsense/Diagnostics/Netflow.php
 /usr/local/opnsense/mvc/app/models/OPNsense/Diagnostics/Netflow.xml
+/usr/local/opnsense/mvc/app/models/OPNsense/Dnsmasq/ACL/ACL.xml
+/usr/local/opnsense/mvc/app/models/OPNsense/Dnsmasq/Menu/Menu.xml
 /usr/local/opnsense/mvc/app/models/OPNsense/DynamicDNS/ACL/ACL.xml
 /usr/local/opnsense/mvc/app/models/OPNsense/DynamicDNS/Menu/Menu.xml
 /usr/local/opnsense/mvc/app/models/OPNsense/IDS/ACL/ACL.xml
@@ -477,6 +479,8 @@
 /usr/local/opnsense/mvc/app/models/OPNsense/TrafficShaper/Migrations/M1_0_0.php
 /usr/local/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.php
 /usr/local/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml
+/usr/local/opnsense/mvc/app/models/OPNsense/Unbound/ACL/ACL.xml
+/usr/local/opnsense/mvc/app/models/OPNsense/Unbound/Menu/Menu.xml
 /usr/local/opnsense/mvc/app/views/OPNsense/CaptivePortal/clients.volt
 /usr/local/opnsense/mvc/app/views/OPNsense/CaptivePortal/index.volt
 /usr/local/opnsense/mvc/app/views/OPNsense/CaptivePortal/vouchers.volt
@@ -552,6 +556,7 @@
 /usr/local/opnsense/scripts/filter/delete_table.py
 /usr/local/opnsense/scripts/filter/download_geoip.py
 /usr/local/opnsense/scripts/filter/kill_table.py
+/usr/local/opnsense/scripts/filter/list_counters.py
 /usr/local/opnsense/scripts/filter/list_osfp.py
 /usr/local/opnsense/scripts/filter/list_pfsync.py
 /usr/local/opnsense/scripts/filter/list_states.py
@@ -624,6 +629,7 @@
 /usr/local/opnsense/scripts/suricata/queryInstalledRules.py
 /usr/local/opnsense/scripts/suricata/rule-updater.py
 /usr/local/opnsense/scripts/suricata/setup.sh
+/usr/local/opnsense/scripts/system/list_interrupts.py
 /usr/local/opnsense/scripts/system/rfc5246_cipher_suites.csv
 /usr/local/opnsense/scripts/system/ssl_ciphers.py
 /usr/local/opnsense/scripts/systemhealth/activity.py
@@ -972,6 +978,7 @@
 /usr/local/www/diag_logs_auth.php
 /usr/local/www/diag_logs_common.inc
 /usr/local/www/diag_logs_dhcp.php
+/usr/local/www/diag_logs_dnsmasq.php
 /usr/local/www/diag_logs_filter.php
 /usr/local/www/diag_logs_filter_dynamic.php
 /usr/local/www/diag_logs_filter_plain.php

src/etc/inc/plugins.inc.d/dnsmasq.inc

@@ -63,6 +63,15 @@ function dnsmasq_services()
     return $services;
 }
 
+function dnsmasq_syslog()
+{
+    $logfacilities = array();
+
+    $logfacilities['dnsmasq'] = array('facility' => array('dnsmasq'), 'remote' => 'dns');
+
+    return $logfacilities;
+}
+
 function dnsmasq_xmlrpc_sync()
 {
     $result = array();

src/etc/inc/services.inc

@@ -1721,32 +1721,21 @@ function services_get()
     return $services;
 }
 
-function find_service_by_name($names, $filter = array())
+function find_service_by_name($name, $filter = array())
 {
-    if (!is_array($names)) {
-        $names = array($names);
-    }
-
     $services = services_get();
 
     foreach ($services as $service) {
-        foreach ($names as $name) {
-            if ($service['name'] != $name) {
-                continue;
-            }
-            if (!count($filter)) {
-                /* force match if filter wasn't set (standard behaviour) */
-                $filter['name'] = $name;
-            }
-            foreach ($filter as $key => $value) {
-                if (isset($service[$key]) && $service[$key] == $value) {
-                    /*
-                     * First match wins, $names is only used
-                     * to probe similar services that exclude
-                     * each other.
-                     */
-                    return $service;
-                }
+        if ($service['name'] != $name) {
+            continue;
+        }
+        if (!count($filter)) {
+            /* force match if filter wasn't set (standard behaviour) */
+            $filter['name'] = $name;
+        }
+        foreach ($filter as $key => $value) {
+            if (isset($service[$key]) && $service[$key] == $value) {
+                return $service;
             }
         }
     }

src/etc/inc/system.inc

@@ -760,7 +760,7 @@ function system_syslogd_start($verbose = false)
         $syslogconfs['gateways'] = array('facility' => array('apinger'), 'remote' => 'apinger');
         $syslogconfs['portalauth'] = array('facility' => array('captiveportal'), 'remote' => 'portalauth');
         $syslogconfs['ppps'] = array('facility' => array('ppp'));
-        $syslogconfs['resolver'] = array('facility' => array('dnsmasq', 'filterdns', 'unbound'));
+        $syslogconfs['resolver'] = array('facility' => array('filterdns', 'unbound'), 'remote' => 'dns');
         $syslogconfs['routing'] = array('facility' => array('radvd', 'routed', 'rtsold', 'olsrd', 'zebra', 'ospfd', 'bgpd', 'miniupnpd'));
         $syslogconfs['wireless'] = array('facility' => array('hostapd'), 'remote' => 'hostapd');
 
@@ -800,6 +800,10 @@ EOD;
             if (isset($syslogcfg['vpn'])) {
                 $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local3.*");
             }
+            if (isset($syslogcfg['dns'])) {
+                /* XXX needs testing */
+                $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local5.*");
+            }
             if (isset($syslogcfg['portalauth'])) {
                 $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local4.*");
             }

src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml

@@ -231,25 +231,7 @@
                 <Details url="/status_dhcpv6_leases.php?*" visibility="hidden"/>
             </Leases>
         </DHCPv6>
-        <DNSForwarder VisibleName="DNS Forwarder" url="/services_dnsmasq.php" cssClass="fa fa-tags fa-fw">
-            <Hosts url="/services_dnsmasq_edit.php*" visibility="hidden"/>
-            <Domains url="/services_dnsmasq_domainoverride_edit.php*" visibility="hidden"/>
-        </DNSForwarder>
-        <DNSResolver VisibleName="DNS Resolver" cssClass="fa fa-tags fa-fw">
-            <General order="10" url="/services_unbound.php"/>
-            <Overrides order="15" url="/services_unbound_overrides.php">
-                <Hosts url="/services_unbound_host_edit.php*" visibility="hidden"/>
-                <Domains url="/services_unbound_domainoverride_edit.php*" visibility="hidden"/>
-            </Overrides>
-            <Advanced order="20" url="/services_unbound_advanced.php"/>
-            <ACL VisibleName="Access Lists" order="30" url="/services_unbound_acls.php">
-                <All url="/services_unbound_acls.php*" visibility="hidden"/>
-            </ACL>
-        </DNSResolver>
-        <DNSTools VisibleName="DNS Tools" cssClass="fa fa-tags fa-fw">
-            <Filter order="20" url="/services_opendns.php"/>
-            <LogFile order="100" VisibleName="Log File" url="/diag_logs_resolver.php"/>
-        </DNSTools>
+        <OpenDNS VisibleName="OpenDNS" url="/services_opendns.php" cssClass="fa fa-tags fa-fw"/>
         <Diagnostics order="900" cssClass="fa fa-medkit fa-fw" url="/status_services.php">
           <All url="/status_services.php?*" visibility="hidden"/>
         </Diagnostics>

src/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml

@@ -106,12 +106,6 @@
             <pattern>diag_logs_gateways.php*</pattern>
         </patterns>
     </page-diagnostics-logs-gateways>
-    <page-diagnostics-logs-resolver>
-        <name>Diagnostics: Logs: Resolver</name>
-        <patterns>
-            <pattern>diag_logs_resolver.php*</pattern>
-        </patterns>
-    </page-diagnostics-logs-resolver>
     <page-diagnostics-logs-settings>
         <name>Diagnostics: Logs: Settings</name>
         <patterns>
@@ -497,60 +491,6 @@
             <pattern>services_opendns.php*</pattern>
         </patterns>
     </page-services-opendns>
-    <page-services-dnsforwarder>
-        <name>Services: DNS Forwarder</name>
-        <patterns>
-            <pattern>services_dnsmasq.php*</pattern>
-        </patterns>
-    </page-services-dnsforwarder>
-    <page-services-dnsforwarder-editdomainoverride>
-        <name>Services: DNS Forwarder: Edit Domain Override</name>
-        <patterns>
-            <pattern>services_dnsmasq_domainoverride_edit.php*</pattern>
-        </patterns>
-    </page-services-dnsforwarder-editdomainoverride>
-    <page-services-dnsforwarder-edithost>
-        <name>Services: DNS Forwarder: Edit host</name>
-        <patterns>
-            <pattern>services_dnsmasq_edit.php*</pattern>
-        </patterns>
-    </page-services-dnsforwarder-edithost>
-    <page-services-dnsresolver>
-        <name>Services: DNS Resolver</name>
-        <patterns>
-            <pattern>services_unbound.php*</pattern>
-        </patterns>
-    </page-services-dnsresolver>
-    <page-services-dnsresolver-acls>
-        <name>Services: DNS Resolver: Access Lists</name>
-        <patterns>
-            <pattern>services_unbound_acls.php*</pattern>
-        </patterns>
-    </page-services-dnsresolver-acls>
-    <page-services-dnsresolver-editacls>
-        <name>Services: DNS Resolver: Access Lists: Edit</name>
-        <patterns>
-            <pattern>services_unbound_acls_edit.php*</pattern>
-        </patterns>
-    </page-services-dnsresolver-editacls>
-    <page-services-dnsresolver-advanced>
-        <name>Services: DNS Resolver: Advanced</name>
-        <patterns>
-            <pattern>services_unbound_advanced.php*</pattern>
-        </patterns>
-    </page-services-dnsresolver-advanced>
-    <page-services-dnsresolver-editdomainoverride>
-        <name>Services: DNS Resolver: Edit Domain Override</name>
-        <patterns>
-            <pattern>services_unbound_domainoverride_edit.php*</pattern>
-        </patterns>
-    </page-services-dnsresolver-editdomainoverride>
-    <page-services-dnsresolver-edithost>
-        <name>Services: DNS Resolver: Edit host</name>
-        <patterns>
-            <pattern>services_unbound_host_edit.php*</pattern>
-        </patterns>
-    </page-services-dnsresolver-edithost>
     <page-services-router-advertisements>
         <name>Services: Router advertisements</name>
         <patterns>

src/opnsense/mvc/app/models/OPNsense/Dnsmasq/ACL/ACL.xml

+<acl>
+    <page-services-dnsforwarder>
+        <name>Services: Dnsmasq DNS: Settings</name>
+        <patterns>
+            <pattern>services_dnsmasq.php*</pattern>
+        </patterns>
+    </page-services-dnsforwarder>
+    <page-services-dnsforwarder-editdomainoverride>
+        <name>Services: Dnsmasq DNS: Edit Domain Override</name>
+        <patterns>
+            <pattern>services_dnsmasq_domainoverride_edit.php*</pattern>
+        </patterns>
+    </page-services-dnsforwarder-editdomainoverride>
+    <page-services-dnsforwarder-edithost>
+        <name>Services: Dnsmasq DNS: Edit Host</name>
+        <patterns>
+            <pattern>services_dnsmasq_edit.php*</pattern>
+        </patterns>
+    </page-services-dnsforwarder-edithost>
+    <page-diagnostics-logs-dnsmasq>
+        <name>Services: Dnsmasq DNS: Log File</name>
+        <patterns>
+            <pattern>diag_logs_dnsmasq.php*</pattern>
+        </patterns>
+    </page-diagnostics-logs-dnsmasq>
+</acl>

src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Menu/Menu.xml

+<menu>
+    <Services>
+        <Dnsmasq VisibleName="Dnsmasq DNS" cssClass="fa fa-tags fa-fw">
+          <Settings order="10" url="/services_dnsmasq.php">
+            <Hosts url="/services_dnsmasq_edit.php*" visibility="hidden"/>
+            <Domains url="/services_dnsmasq_domainoverride_edit.php*" visibility="hidden"/>
+          </Settings>
+          <LogFile VisibleName="Log File" order="50" url="/diag_logs_dnsmasq.php"/>
+        </Dnsmasq>
+    </Services>
+</menu>

src/opnsense/mvc/app/models/OPNsense/Unbound/ACL/ACL.xml

+<acl>
+    <page-services-dnsresolver>
+        <name>Services: Unbound DNS: General</name>
+        <patterns>
+            <pattern>services_unbound.php*</pattern>
+        </patterns>
+    </page-services-dnsresolver>
+    <page-services-dnsresolver-acls>
+        <name>Services: Unbound DNS: Access Lists</name>
+        <patterns>
+            <pattern>services_unbound_acls.php*</pattern>
+        </patterns>
+    </page-services-dnsresolver-acls>
+    <page-services-dnsresolver-editacls>
+        <name>Services: Unbound DNS: Access Lists Edit</name>
+        <patterns>
+            <pattern>services_unbound_acls_edit.php*</pattern>
+        </patterns>
+    </page-services-dnsresolver-editacls>
+    <page-services-dnsresolver-advanced>
+        <name>Services: Unbound DNS: Advanced</name>
+        <patterns>
+            <pattern>services_unbound_advanced.php*</pattern>
+        </patterns>
+    </page-services-dnsresolver-advanced>
+    <page-services-dnsresolver-editdomainoverride>
+        <name>Services: Unbound DNS: Edit Domain Override</name>
+        <patterns>
+            <pattern>services_unbound_domainoverride_edit.php*</pattern>
+        </patterns>
+    </page-services-dnsresolver-editdomainoverride>
+    <page-services-dnsresolver-edithost>
+        <name>Services: Unbound DNS: Edit Host</name>
+        <patterns>
+            <pattern>services_unbound_host_edit.php*</pattern>
+        </patterns>
+    </page-services-dnsresolver-edithost>
+    <page-diagnostics-logs-resolver>
+        <name>Services: Unbound DNS: Log File</name>
+        <patterns>
+            <pattern>diag_logs_resolver.php*</pattern>
+        </patterns>
+    </page-diagnostics-logs-resolver>
+</acl>

src/opnsense/mvc/app/models/OPNsense/Unbound/Menu/Menu.xml

+<menu>
+    <Services>
+        <Unbound VisibleName="Unbound DNS" cssClass="fa fa-tags fa-fw">
+            <General order="10" url="/services_unbound.php"/>
+            <Overrides order="20" url="/services_unbound_overrides.php">
+                <Hosts url="/services_unbound_host_edit.php*" visibility="hidden"/>
+                <Domains url="/services_unbound_domainoverride_edit.php*" visibility="hidden"/>
+            </Overrides>
+            <Advanced order="30" url="/services_unbound_advanced.php"/>
+            <ACL VisibleName="Access Lists" order="40" url="/services_unbound_acls.php">
+                <All url="/services_unbound_acls.php*" visibility="hidden"/>
+            </ACL>
+            <LogFile VisibleName="Log File" order="50" url="/diag_logs_resolver.php"/>
+        </Unbound>
+    </Services>
+</menu>

src/www/diag_logs_dnsmasq.php

+<?php
+
+$logfile = '/var/log/dnsmasq.log';
+$logclog = true;
+
+$service_hook = 'dnsmasq';
+
+require_once 'diag_logs_template.inc';

src/www/diag_logs_resolver.php

@@ -3,6 +3,6 @@
 $logfile = '/var/log/resolver.log';
 $logclog = true;
 
-$service_hook = array('dnsmasq', 'unbound');
+$service_hook = 'unbound';
 
 require_once 'diag_logs_template.inc';

src/www/diag_logs_settings.php

@@ -70,7 +70,6 @@ function clear_all_log_files()
         system_clear_clog("/var/log/{$lfile}.log", false);
     }
 
-
     foreach ($log_files as $lfile) {
         system_clear_log("/var/log/{$lfile}.log", false);
     }
@@ -100,6 +99,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     $pconfig['dhcp'] = isset($config['syslog']['dhcp']);
     $pconfig['portalauth'] = isset($config['syslog']['portalauth']);
     $pconfig['vpn'] = isset($config['syslog']['vpn']);
+    $pconfig['dns'] = isset($config['syslog']['dns']);
     $pconfig['apinger'] = isset($config['syslog']['apinger']);
     $pconfig['relayd'] = isset($config['syslog']['relayd']);
     $pconfig['hostapd'] = isset($config['syslog']['hostapd']);
@@ -159,6 +159,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             $config['syslog']['dhcp'] = !empty($pconfig['dhcp']);
             $config['syslog']['portalauth'] = !empty($pconfig['portalauth']);
             $config['syslog']['vpn'] = !empty($pconfig['vpn']);
+            $config['syslog']['dns'] = !empty($pconfig['dns']);
             $config['syslog']['apinger'] = !empty($pconfig['apinger']);
             $config['syslog']['relayd'] = !empty($pconfig['relayd']);
             $config['syslog']['hostapd'] = !empty($pconfig['hostapd']);
@@ -224,6 +225,7 @@ function enable_change(enable_over) {
     document.iform.dhcp.disabled = 0;
     document.iform.portalauth.disabled = 0;
     document.iform.vpn.disabled = 0;
+    document.iform.dns.disabled = 0;
     document.iform.apinger.disabled = 0;
     document.iform.relayd.disabled = 0;
     document.iform.hostapd.disabled = 0;
@@ -238,6 +240,7 @@ function enable_change(enable_over) {
     document.iform.dhcp.disabled = 1;
     document.iform.portalauth.disabled = 1;
     document.iform.vpn.disabled = 1;
+    document.iform.dns.disabled = 1;
     document.iform.apinger.disabled = 1;
     document.iform.relayd.disabled = 1;
     document.iform.hostapd.disabled = 1;
@@ -255,6 +258,8 @@ function check_everything() {
     document.iform.portalauth.checked = false;
     document.iform.vpn.disabled = 1;
     document.iform.vpn.checked = false;
+    document.iform.dns.disabled = 1;
+    document.iform.dns.checked = false;
     document.iform.apinger.disabled = 1;
     document.iform.apinger.checked = false;
     document.iform.relayd.disabled = 1;
@@ -268,6 +273,7 @@ function check_everything() {
     document.iform.dhcp.disabled = 0;
     document.iform.portalauth.disabled = 0;
     document.iform.vpn.disabled = 0;
+    document.iform.dns.disabled = 0;
     document.iform.apinger.disabled = 0;
     document.iform.relayd.disabled = 0;
     document.iform.hostapd.disabled = 0;
@@ -503,6 +509,8 @@ $(document).ready(function() {
                         <?=gettext("Firewall events");?><br />
                         <input name="dhcp" id="dhcp" type="checkbox" value="yes" <?=!empty($pconfig['dhcp']) ? "checked=\"checked\"" : ""; ?> />
                         <?=gettext("DHCP service events");?><br />
+                        <input name="dns" id="dns" type="checkbox" value="yes" <?=!empty($pconfig['dns']) ? "checked=\"checked\"" : ""; ?> />
+                        <?=gettext("DNS (Unbound, Dnsmasq, Bind) events");?><br />
                         <input name="portalauth" id="portalauth" type="checkbox" value="yes" <?=!empty($pconfig['portalauth']) ? "checked=\"checked\"" : ""; ?> />
                         <?=gettext("Portal Auth events");?><br />
                         <input name="vpn" id="vpn" type="checkbox" value="yes" <?=!empty($pconfig['vpn']) ? "checked=\"checked\"" : ""; ?> />