]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - html/cgi-bin/zoneconf.cgi
projects / people / pmueller / ipfire-2.x.git / blob
? search:


ad0ec85fa83ce9b7ce5c759219c22750892996d3
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / zoneconf.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # VLAN Management for IPFire #
5 # Copyright (C) 2019 Florian Bührle <fbuehrle@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23 use Scalar::Util qw(looks_like_number);
24
25 require '/var/ipfire/general-functions.pl';
26 require "${General::swroot}/lang.pl";
27 require "${General::swroot}/header.pl";
28 require "${General::swroot}/network-functions.pl";
29
30 ###--- HTML HEAD ---###
31 my $extraHead = <<END
32 <style>
33 table#zoneconf {
34 width: 100%;
35 border-collapse: collapse;
36 border-style: hidden;
37 table-layout: fixed;
38 }
39
40 /* row height */
41 #zoneconf tr {
42 height: 4em;
43 }
44 #zoneconf tr.half-height {
45 height: 2em;
46 }
47 #zoneconf tr.half-height > td {
48 padding: 2px 10px;
49 }
50
51 /* section separators */
52 #zoneconf tr.divider-top {
53 border-top: 2px solid $Header::bordercolour;
54 }
55 #zoneconf tr.divider-bottom {
56 border-bottom: 2px solid $Header::bordercolour;
57 }
58
59 /* table cells */
60 #zoneconf td {
61 padding: 5px 10px;
62 border-left: 0.5px solid $Header::bordercolour;
63 text-align: center;
64 }
65
66 /* grey header cells */
67 #zoneconf td.heading {
68 background-color: lightgrey;
69 color: white;
70 }
71 #zoneconf td.heading.bold::first-line {
72 font-weight: bold;
73 line-height: 1.6;
74 }
75
76 /* narrow left column with background color */
77 #zoneconf tr > td:first-child {
78 width: 11em;
79 }
80 #zoneconf tr.nic-row > td:first-child {
81 background-color: darkgray;
82 }
83 #zoneconf tr.nic-row {
84 border-bottom: 0.5px solid $Header::bordercolour;
85 }
86 #zoneconf tr.option-row > td:first-child {
87 background-color: gray;
88 }
89
90 /* alternating row background color */
91 #zoneconf tr {
92 background-color: $Header::table2colour;
93 }
94 #zoneconf tr:nth-child(2n+3) {
95 background-color: $Header::table1colour;
96 }
97
98 /* special cell colors */
99 #zoneconf td.green {
100 background-color: $Header::colourgreen;
101 }
102
103 #zoneconf td.red {
104 background-color: $Header::colourred;
105 }
106
107 #zoneconf td.blue {
108 background-color: $Header::colourblue;
109 }
110
111 #zoneconf td.orange {
112 background-color: $Header::colourorange;
113 }
114
115 #zoneconf td.topleft {
116 background-color: $Header::pagecolour;
117 }
118
119 input.vlanid {
120 width: 4em;
121 }
122 input.stp-priority {
123 width: 5em;
124 }
125
126 #submit-container {
127 width: 100%;
128 padding-top: 20px;
129 text-align: right;
130 color: red;
131 }
132
133 #submit-container.input {
134 margin-left: auto;
135 }
136 </style>
137
138 <script src="/include/zoneconf.js"></script>
139 END
140 ;
141 ###--- END HTML HEAD ---###
142
143 ### Read configuration ###
144 my %ethsettings = ();
145 my %vlansettings = ();
146 my %cgiparams = ();
147
148 my $restart_notice = "";
149
150 &General::readhash("${General::swroot}/ethernet/settings",\%ethsettings);
151 &General::readhash("${General::swroot}/ethernet/vlans",\%vlansettings);
152
153 &Header::getcgihash(\%cgiparams);
154 &Header::showhttpheaders();
155
156 # Get all network zones that are currently enabled
157 my @zones = Network::get_available_network_zones();
158
159 # Get all physical NICs present
160 opendir(my $dh, "/sys/class/net/");
161 my @nics = ();
162
163 while (my $nic = readdir($dh)) {
164 if (-e "/sys/class/net/$nic/device") { # Indicates that the NIC is physical
165 push(@nics, [&Network::get_nic_property($nic, "address"), $nic, 0]);
166 }
167 }
168
169 closedir($dh);
170
171 @nics = sort {$a->[0] cmp $b->[0]} @nics; # Sort nics by their MAC address
172
173 # Name the physical NICs
174 # Even though they may not be really named like this, we will name them ethX or wlanX
175 my $ethcount = 0;
176 my $wlancount = 0;
177
178 foreach (@nics) {
179 my $nic = $_->[1];
180
181 if (-e "/sys/class/net/$nic/wireless") {
182 $_->[1] = "wlan$wlancount";
183 $_->[2] = 1;
184 $wlancount++;
185 } else {
186 $_->[1] = "eth$ethcount";
187 $ethcount++;
188 }
189 }
190
191 ### START PAGE ###
192 &Header::openpage($Lang::tr{"zoneconf title"}, 1, $extraHead);
193 &Header::openbigbox('100%', 'center');
194
195 ### Evaluate POST parameters ###
196
197 if ($cgiparams{"ACTION"} eq $Lang::tr{"save"}) {
198 my %VALIDATE_nic_check = (); # array of flags (assigned, restricted/pppoe, vlan, ...) per NIC
199 my $VALIDATE_error = ""; # contains an error message if the config validation failed
200
201 # Loop trough all known zones to ensure a complete configuration file is created
202 foreach (@Network::known_network_zones) {
203 my $uc = uc $_;
204 my $slave_string = ""; # list of interfaces attached to the bridge
205 my $zone_mode = $cgiparams{"MODE $uc"};
206 my $VALIDATE_vlancount = 0;
207 my $VALIDATE_zoneslaves = 0;
208
209 # Each zone can contain up to one bridge and up to one VLAN,
210 # cache their mac addresses to prevent unnecessary changes
211 my $bridge_mac = $ethsettings{"${uc}_MACADDR"};
212 my $vlan_mac = $vlansettings{"${uc}_MAC_ADDRESS"};
213
214 # Clear old configuration
215 $ethsettings{"${uc}_MACADDR"} = "";
216 $ethsettings{"${uc}_MODE"} = "";
217 $ethsettings{"${uc}_SLAVES"} = "";
218 $vlansettings{"${uc}_PARENT_DEV"} = "";
219 $vlansettings{"${uc}_VLAN_ID"} = "";
220 $vlansettings{"${uc}_MAC_ADDRESS"} = "";
221
222 # If RED is not in DHCP or static mode, we only set its MACADDR property
223 if ($uc eq "RED" && ! $cgiparams{"PPPACCESS"} eq "") {
224 foreach (@nics) {
225 my $mac = $_->[0];
226
227 if ($mac eq $cgiparams{"PPPACCESS"}) {
228 $ethsettings{"${uc}_MACADDR"} = $mac;
229
230 # Check if this interface is already accessed by any other zone
231 # If this is the case, show an error message
232 if ($VALIDATE_nic_check{"ACC $mac"}) {
233 $VALIDATE_error = $Lang::tr{"zoneconf val ppp assignment error"};
234 }
235
236 $VALIDATE_nic_check{"RESTRICT $mac"} = 1;
237 last;
238 }
239 }
240
241 # skip NIC/VLAN assignment and additional zone options for RED in PPP mode
242 next;
243 }
244
245 # Zone in bridge mode: Always assign a MAC to the bridge
246 if($zone_mode eq "BRIDGE") {
247 # Ensure that the bridge's cached MAC does not come from a real NIC
248 # (this could happen if the zone was in default mode before)
249 foreach (@nics) {
250 my $nic_mac = $_->[0];
251 if(Network::is_mac_equal($bridge_mac, $nic_mac)) {
252 $bridge_mac = "";
253 last;
254 }
255 }
256
257 # Generate random MAC if none was configured
258 if(! Network::valid_mac($bridge_mac)) {
259 $bridge_mac = Network::random_mac();
260 }
261
262 # Assign the address to the bridge
263 $ethsettings{"${uc}_MACADDR"} = $bridge_mac;
264 }
265
266 foreach (@nics) {
267 my $mac = $_->[0];
268 my $nic_access = $cgiparams{"ACCESS $uc $mac"};
269
270 next unless ($nic_access);
271
272 # This NIC is to be assigned: check preconditions
273 if ($nic_access ne "NONE") {
274 if ($VALIDATE_nic_check{"RESTRICT $mac"}) { # If this interface is already assigned to RED in PPP mode, throw an error
275 $VALIDATE_error = $Lang::tr{"zoneconf val ppp assignment error"};
276 last;
277 }
278
279 # Enforce bridge mode when you try to assign multiple NICs to a zone
280 if ($zone_mode ne "BRIDGE" && $VALIDATE_zoneslaves > 0 && $nic_access ne "") {
281 $VALIDATE_error = $Lang::tr{"zoneconf val zoneslave amount error"};
282 last;
283 }
284
285 # Mark this NIC as "accessed by zone"
286 $VALIDATE_nic_check{"ACC $mac"} = 1;
287 $VALIDATE_zoneslaves++;
288 }
289
290 if ($nic_access eq "NATIVE") {
291 if ($VALIDATE_nic_check{"NATIVE $mac"}) {
292 $VALIDATE_error = $Lang::tr{"zoneconf val native assignment error"};
293 last;
294 }
295
296 $VALIDATE_nic_check{"NATIVE $mac"} = 1;
297
298 # Zone in bridge mode: Add NIC to slave list. Otherwise access NIC directly
299 if ($zone_mode eq "BRIDGE") {
300 $slave_string = "${slave_string}${mac} ";
301 } else {
302 $ethsettings{"${uc}_MACADDR"} = $mac;
303 }
304 } elsif ($nic_access eq "VLAN") {
305 my $vlan_tag = $cgiparams{"TAG $uc $mac"};
306
307 if ($VALIDATE_nic_check{"VLAN $mac $vlan_tag"}) {
308 $VALIDATE_error = $Lang::tr{"zoneconf val vlan tag assignment error"};
309 last;
310 }
311
312 $VALIDATE_nic_check{"VLAN $mac $vlan_tag"} = 1;
313
314 # check VLAN tag range: 1..4094 (0, 4095 are reserved)
315 unless (looks_like_number($vlan_tag) && ($vlan_tag >= 1) && ($vlan_tag <= 4094)) {
316 $VALIDATE_error = $Lang::tr{"zoneconf val vlan tag range error"};
317 last;
318 }
319
320 # Generate random MAC if none was configured
321 if(! Network::valid_mac($vlan_mac)) {
322 $vlan_mac = Network::random_mac();
323 }
324
325 $vlansettings{"${uc}_PARENT_DEV"} = $mac;
326 $vlansettings{"${uc}_VLAN_ID"} = $vlan_tag;
327 $vlansettings{"${uc}_MAC_ADDRESS"} = $vlan_mac; # Generated MAC
328
329 # Zone in bridge mode: Add VLAN to slave list
330 if ($zone_mode eq "BRIDGE") {
331 $slave_string = "${slave_string}${vlan_mac} ";
332 }
333
334 $VALIDATE_vlancount++; # We can't allow more than one VLAN per zone
335 }
336 }
337
338 if ($VALIDATE_vlancount > 1) {
339 $VALIDATE_error = $Lang::tr{"zoneconf val vlan amount assignment error"};
340 last;
341 }
342
343 chop($slave_string);
344
345 if ($zone_mode eq "BRIDGE") {
346 $ethsettings{"${uc}_MODE"} = "bridge";
347 $ethsettings{"${uc}_SLAVES"} = $slave_string;
348 } elsif ($zone_mode eq "MACVTAP") {
349 $ethsettings{"${uc}_MODE"} = "macvtap";
350 }
351
352 # STP options
353 # (this has already been skipped when RED is in PPP mode, so we don't need to check for PPP here)
354 $ethsettings{"${uc}_STP"} = "";
355 my $stp_enabled = $cgiparams{"STP-$uc"} eq "on";
356 my $stp_priority = $cgiparams{"STP-PRIORITY-$uc"};
357
358 if($stp_enabled) {
359 unless($ethsettings{"${uc}_MODE"} eq "bridge") { # STP is only available in bridge mode
360 $VALIDATE_error = $Lang::tr{"zoneconf val stp zone mode error"};
361 last;
362 }
363 unless (looks_like_number($stp_priority) && ($stp_priority >= 1) && ($stp_priority <= 65535)) { # STP bridge priority range: 1..65535
364 $VALIDATE_error = $Lang::tr{"zoneconf val stp priority range error"};
365 last;
366 }
367 $ethsettings{"${uc}_STP"} = "on"; # network-hotplug-bridges expects "on"
368 $ethsettings{"${uc}_STP_PRIORITY"} = $stp_priority;
369 }
370 }
371
372 # validation failed, show error message and exit
373 if ($VALIDATE_error) {
374 &Header::openbox('100%', 'left', $Lang::tr{"error"});
375
376 print "$VALIDATE_error<br><br><a href='$ENV{'SCRIPT_NAME'}'>$Lang::tr{'back'}</a>\n";
377
378 &Header::closebox();
379 &Header::closebigbox();
380 &Header::closepage();
381
382 exit 0;
383 }
384
385 # new settings are valid, write configuration files
386 &General::writehash("${General::swroot}/ethernet/settings",\%ethsettings);
387 &General::writehash("${General::swroot}/ethernet/vlans",\%vlansettings);
388
389 $restart_notice = $Lang::tr{'zoneconf notice reboot'};
390 }
391
392 ### START OF TABLE ###
393
394 &Header::openbox('100%', 'left', $Lang::tr{"zoneconf nic assignment"});
395
396 print <<END
397 <form method='post' enctype='multipart/form-data'>
398 <table id="zoneconf">
399 <tr class="divider-bottom">
400 <td class="topleft"></td>
401 END
402 ;
403
404 # Fill the table header with all activated zones
405 foreach (@zones) {
406 my $uc = uc $_;
407
408 # If the red zone is in PPP mode, don't show a mode dropdown
409 if ($uc eq "RED") {
410 my $red_type = $ethsettings{"RED_TYPE"};
411
412 unless (Network::is_red_mode_ip()) {
413 print "\t\t<td class='heading bold $_'>$uc ($red_type)</td>\n";
414
415 next; # We're done here
416 }
417 }
418
419 my %mode_selected = ();
420 my $zone_mode = $ethsettings{"${uc}_MODE"};
421
422 if ($zone_mode eq "") {
423 $mode_selected{"DEFAULT"} = "selected";
424 } elsif ($zone_mode eq "bridge") {
425 $mode_selected{"BRIDGE"} = "selected";
426 } elsif ($zone_mode eq "macvtap") {
427 $mode_selected{"MACVTAP"} = "selected";
428 }
429
430 print <<END
431 <td class='heading bold $_'>$uc<br>
432 <select name="MODE $uc" data-zone="$uc" onchange="changeZoneMode(this)">
433 <option value="DEFAULT" $mode_selected{"DEFAULT"}>$Lang::tr{"zoneconf nicmode default"}</option>
434 <option value="BRIDGE" $mode_selected{"BRIDGE"}>$Lang::tr{"zoneconf nicmode bridge"}</option>
435 <option value="MACVTAP" $mode_selected{"MACVTAP"}>$Lang::tr{"zoneconf nicmode macvtap"}</option>
436 </select>
437 </td>
438 END
439 ;
440 }
441
442 print "\t</tr>\n";
443
444 # NIC assignment matrix
445 foreach (@nics) {
446 my $mac = $_->[0];
447 my $nic = $_->[1];
448 my $wlan = $_->[2];
449
450 print "\t<tr class='nic-row'>\n";
451 print "\t\t<td class='heading bold'>$nic<br>$mac</td>\n";
452
453 # Iterate through all zones and check if the current NIC is assigned to it
454 foreach (@zones) {
455 my $uc = uc $_;
456 my $highlight = "";
457
458 if ($uc eq "RED") {
459 # VLANs/Bridging is not possible if the RED interface is set to PPP, PPPoE, VDSL, ...
460 unless (Network::is_red_mode_ip()) {
461 my $checked = "";
462
463 if ($mac eq $ethsettings{"${uc}_MACADDR"}) {
464 $checked = "checked";
465 $highlight = $_;
466 }
467
468 print <<END
469 <td class="$highlight">
470 <input type="radio" name="PPPACCESS" value="$mac" data-zone="RED" data-mac="$mac" onchange="highlightAccess(this)" $checked>
471 </td>
472 END
473 ;
474 next; # We're done here
475 }
476 }
477
478 my %access_selected = ();
479 my $zone_mode = $ethsettings{"${uc}_MODE"};
480 my $zone_parent_dev = $vlansettings{"${uc}_PARENT_DEV"}; # ZONE_PARENT_DEV is set if this zone accesses any interface via a VLAN
481 my $field_disabled = "disabled"; # Only enable the VLAN ID input field if the current access mode is VLAN
482 my $zone_vlan_id = "";
483
484 # If ZONE_PARENT_DEV is set to a NICs name (e.g. green0 or eth0) instead of a MAC address, we have to find out this NICs MAC address
485 $zone_parent_dev = &Network::get_mac_by_name($zone_parent_dev);
486
487 # If the current NIC is accessed by the current zone via a VLAN, the ZONE_PARENT_DEV option corresponds to the current NIC
488 if ($mac eq $zone_parent_dev) {
489 $access_selected{"VLAN"} = "selected";
490 $field_disabled = "";
491 $zone_vlan_id = $vlansettings{"${uc}_VLAN_ID"};
492 } elsif ($zone_mode eq "bridge") { # If the current zone is in bridge mode, all corresponding NICs (Native as well as VLAN) are set via the ZONE_SLAVES option
493 my @slaves = split(/ /, $ethsettings{"${uc}_SLAVES"});
494
495 foreach (@slaves) {
496 # Slaves can be set to a NICs name so we have to find out its MAC address
497 $_ = &Network::get_mac_by_name($_);
498
499 if ($_ eq $mac) {
500 $access_selected{"NATIVE"} = "selected";
501 last;
502 }
503 }
504 } elsif ($mac eq $ethsettings{"${uc}_MACADDR"}) { # Native access via ZONE_MACADDR is only set if the zone does not access a NIC via a VLAN and the zone is not in bridge mode
505 $access_selected{"NATIVE"} = "selected";
506 }
507
508 $access_selected{"NONE"} = ($access_selected{"NATIVE"} eq "") && ($access_selected{"VLAN"} eq "") ? "selected" : "";
509 my $vlan_disabled = ($wlan) ? "disabled" : "";
510
511 # If the interface is assigned, hightlight table cell
512 if ($access_selected{"NONE"} eq "") {
513 $highlight = $_;
514 }
515
516 print <<END
517 <td class="$highlight">
518 <select name="ACCESS $uc $mac" data-zone="$uc" data-mac="$mac" onchange="highlightAccess(this)">
519 <option value="NONE" $access_selected{"NONE"}>- $Lang::tr{"zoneconf access none"} -</option>
520 <option value="NATIVE" $access_selected{"NATIVE"}>$Lang::tr{"zoneconf access native"}</option>
521 <option value="VLAN" $access_selected{"VLAN"} $vlan_disabled>$Lang::tr{"zoneconf access vlan"}</option>
522 </select>
523 <input type="number" class="vlanid" id="TAG-$uc-$mac" name="TAG $uc $mac" min="1" max="4094" value="$zone_vlan_id" required $field_disabled>
524 </td>
525 END
526 ;
527 }
528
529 print "\t</tr>\n";
530 }
531
532 # STP options
533 my @stp_html = (); # form fields buffer (two rows)
534
535 foreach (@zones) { # load settings and prepare form elements for each zone
536 my $uc = uc $_;
537
538 # STP is not available if the RED interface is set to PPP, PPPoE, VDSL, ...
539 if ($uc eq "RED") {
540 unless (Network::is_red_mode_ip()) {
541 push(@stp_html, ["\t\t<td></td>\n", "\t\t<td></td>\n"]); # print empty cell
542 next;
543 }
544 }
545
546 # load configuration
547 my $stp_available = $ethsettings{"${uc}_MODE"} eq "bridge"; # STP is only available in bridge mode
548 my $stp_enabled = $ethsettings{"${uc}_STP"} eq "on";
549 my $stp_priority = $ethsettings{"${uc}_STP_PRIORITY"};
550
551 # set priority to default value if no numerical value is configured
552 $stp_priority = 32768 unless looks_like_number($stp_priority);
553
554 # form element modifiers
555 my $checked = "";
556 my $disabled = "";
557 $checked = "checked" if ($stp_available && $stp_enabled);
558 $disabled = "disabled" unless $stp_available;
559
560 # enable checkbox HTML
561 my $row_1 = <<END
562 <td>
563 <input type="checkbox" id="STP-$uc" name="STP-$uc" data-zone="$uc" onchange="changeEnableSTP(this)" $disabled $checked>
564 </td>
565 END
566 ;
567 $disabled = "disabled" unless $stp_enabled; # STP priority can't be entered if STP is disabled
568
569 # priority input box HTML
570 my $row_2 = <<END
571 <td>
572 <input type="number" class="stp-priority" id="STP-PRIORITY-$uc" name="STP-PRIORITY-$uc" min="1" max="65535" value="$stp_priority" required $disabled>
573 </td>
574 END
575 ;
576 # add fields to buffer
577 push(@stp_html, [$row_1, $row_2]);
578 }
579
580 # print two rows of prepared form elements
581 print <<END
582 <tr class="half-height divider-top option-row">
583 <td class="heading bold">$Lang::tr{"zoneconf stp enable"}</td>
584 END
585 ;
586 foreach (@stp_html) {
587 print $_->[0]; # row 1
588 }
589 print <<END
590 </tr>
591 <tr class="half-height option-row">
592 <td class="heading">$Lang::tr{"zoneconf stp priority"}</td>
593 END
594 ;
595 foreach (@stp_html) {
596 print $_->[1]; # row 2
597 }
598 print "\t</tr>\n";
599
600 # footer and submit button
601 print <<END
602 </table>
603
604 <div id="submit-container">
605 $restart_notice
606 <input type="submit" name="ACTION" value="$Lang::tr{"save"}">
607 </div>
608 </form>
609 END
610 ;
611
612 ### END OF TABLE ###
613
614 &Header::closebox();
615 &Header::closebigbox();
616 &Header::closepage();
Peter's tree of IPFire 2.x