From 6395bed8a4d621e2ed5b4e1417934c34ddc9a9a3 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 29 Jun 2022 18:27:23 +0000 Subject: [PATCH] aliases: Add support to assign aliases to multiple RED interfaces MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This is a little patch which will extend the aliases page to offer an interface selection if there are more than one RED interfaces. This is a little hack to make configuration easier for users who have manually set up more than one RED interface (e.g. for load balancing or fail-over) and want to use the UI to configure firewall rules. As a little benefit on the side, I had to rewrite setaliases.c to use ip(8) instead of ifconfig(8). Signed-off-by: Michael Tremer Acked-by: Peter Müller --- config/cfgroot/network-functions.pl | 20 +++++++++ html/cgi-bin/aliases.cgi | 63 +++++++++++++++++++++++++---- langs/en/cgi-bin/en.pl | 1 + src/misc-progs/setaliases.c | 38 ++++++++++------- 4 files changed, 99 insertions(+), 23 deletions(-) diff --git a/config/cfgroot/network-functions.pl b/config/cfgroot/network-functions.pl index d503228231..4ac6d86708 100644 --- a/config/cfgroot/network-functions.pl +++ b/config/cfgroot/network-functions.pl @@ -332,6 +332,26 @@ sub setup_upstream_proxy() { } } +sub get_red_interfaces() { + my $default = &General::get_red_interface(); + + my @intfs = ( + $default, + ); + + opendir(INTERFACES, "/sys/class/net"); + + while (my $intf = readdir(INTERFACES)) { + if ($intf =~ m/^red[0-9]+$/) { + push(@intfs, $intf); + } + } + + closedir(INTERFACES); + + return &General::uniq(@intfs); +} + sub list_wireless_interfaces() { my %interfaces = (); diff --git a/html/cgi-bin/aliases.cgi b/html/cgi-bin/aliases.cgi index 7b80b3c844..def03ff9b2 100644 --- a/html/cgi-bin/aliases.cgi +++ b/html/cgi-bin/aliases.cgi @@ -34,6 +34,7 @@ require '/var/ipfire/general-functions.pl'; # replace /var/ipcop with /var/ipcop require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; require "${General::swroot}/ids-functions.pl"; +require "${General::swroot}/network-functions.pl"; my $configfwdfw = "${General::swroot}/firewall/config"; my $configinput = "${General::swroot}/firewall/input"; @@ -52,6 +53,11 @@ undef (@dummy); my $setting = "${General::swroot}/ethernet/settings"; our $datafile = "${General::swroot}/ethernet/aliases"; +# Fetch the name of the main RED interface +my $RED_INTERFACE = &General::get_red_interface(); + +# Fetch all RED interfaces +my @RED_INTERFACES = &Network::get_red_interfaces(); our %settings=(); #Settings1 @@ -61,7 +67,8 @@ our %settings=(); $settings{'IP'} = ''; $settings{'ENABLED'} = 'off'; # Every check box must be set to off $settings{'NAME'} = ''; -my @nosaved=('IP','ENABLED','NAME'); # List here ALL setting2 fields. Mandatory +$settings{'INTERFACE'} = ''; +my @nosaved=('IP','ENABLED','NAME','INTERFACE'); # List here ALL setting2 fields. Mandatory $settings{'ACTION'} = ''; # add/edit/remove $settings{'KEY1'} = ''; # point record for ACTION @@ -215,10 +222,10 @@ if ($settings{'ACTION'} eq $Lang::tr{'add'}) { } unless ($errormessage) { if ($settings{'KEY1'} eq '') { #add or edit ? - unshift (@current, "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'}\n"); + unshift (@current, "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'},$settings{'INTERFACE'}\n"); &General::log($Lang::tr{'ip alias added'}); } else { - @current[$settings{'KEY1'}] = "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'}\n"; + @current[$settings{'KEY1'}] = "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'},$settings{'INTERFACE'}\n"; $settings{'KEY1'} = ''; # End edit mode &General::log($Lang::tr{'ip alias changed'}); } @@ -250,6 +257,7 @@ if ($settings{'ACTION'} eq $Lang::tr{'edit'}) { $settings{'IP'}=$temp[0]; # Prepare the screen for editing $settings{'ENABLED'}=$temp[1]; $settings{'NAME'}=$temp[2]; + $settings{'INTERFACE'}=$temp[3]; } if ($settings{'ACTION'} eq $Lang::tr{'remove'}) { @@ -295,6 +303,7 @@ if ($settings{'ACTION'} eq '' ) { # First launch from GUI &Header::openpage($Lang::tr{'external aliases configuration'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); my %checked =(); # Checkbox manipulations +my %selected = (); if ($errormessage) { &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); @@ -320,6 +329,11 @@ END # $checked{'ENABLED'}{'on'} = ($settings{'ENABLED'} eq 'on') ? "checked='checked'" : '' ; +$selected{'INTERFACE'} = (); +foreach my $intf (@RED_INTERFACES) { + $selected{'INTERFACE'}{$intf} = ($settings{'INTERFACE'} eq $intf) ? "selected" : ""; +} + my $buttontext = $Lang::tr{'add'}; if ($settings{'KEY1'} ne '') { $buttontext = $Lang::tr{'update'}; @@ -329,7 +343,7 @@ if ($settings{'KEY1'} ne '') { } #Edited line number (KEY1) passed until cleared by 'save' or 'remove' or 'new sort order' -print < @@ -340,6 +354,33 @@ print < $Lang::tr{'alias ip'}:  +END + +if (scalar @RED_INTERFACES >= 2) { + print <$Lang::tr{'interface'}: + + @@ -353,7 +394,7 @@ print < END -; + &Header::closebox(); # Add visual indicators to column headings to show sort order - EO @@ -419,9 +460,15 @@ foreach my $line (@current) { } print ""; + my $address = $temp[0]; + + if ($temp[3] ne "") { + $address .= " @ $temp[3]"; + } + print <$temp[2] -$temp[0] +$address
@@ -542,7 +589,7 @@ sub SortDataFile # The KEY,key record permits doublons. If removed, then F1 becomes the key without doublon permitted. - my @record = ('KEY',$key++,'IP',$temp[0],'ENABLED',$temp[1],'NAME',$temp[2]); + my @record = ('KEY',$key++,'IP',$temp[0],'ENABLED',$temp[1],'NAME',$temp[2],'INTERFACE',$temp[3]); my $record = {}; # create a reference to empty hash %{$record} = @record; # populate that hash with @record $entries{$record->{KEY}} = $record; # add this to a hash of hashes @@ -552,7 +599,7 @@ sub SortDataFile # Each field value is printed , with the newline ! Don't forget separator and order of them. foreach my $entry (sort fixedleasesort keys %entries) { - print FILE "$entries{$entry}->{IP},$entries{$entry}->{ENABLED},$entries{$entry}->{NAME}\n"; + print FILE "$entries{$entry}->{IP},$entries{$entry}->{ENABLED},$entries{$entry}->{NAME},$entries{$entry}->{INTERFACE}\n"; } close(FILE); diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 2c79f1cbc8..99698948de 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -422,6 +422,7 @@ 'alcatelusb upload' => 'Upload Speedtouch USB firmware', 'alias ip' => 'Alias IP', 'aliases' => 'Aliases', +'aliases default interface' => '- Default Interface -', 'aliases not active' => 'Aliases will not be active unless your RED interface is STATIC', 'all' => 'All', 'all interfaces' => 'All Interfaces', diff --git a/src/misc-progs/setaliases.c b/src/misc-progs/setaliases.c index 4ba6816aff..4d59aa0a8c 100644 --- a/src/misc-progs/setaliases.c +++ b/src/misc-progs/setaliases.c @@ -28,6 +28,8 @@ struct keyvalue *kv = NULL; FILE *file = NULL; +#define SCOPE 128 + void exithandler(void) { if (kv) freekeyvalues(kv); @@ -45,6 +47,7 @@ int main(void) char *enabled; char *sptr; char *comment; + char* intf = NULL; int alias; int count; @@ -118,13 +121,12 @@ int main(void) exit(1); } - /* down the aliases in turn until ifconfig complains */ - alias=0; - do - { - memset(command, 0, STRING_SIZE); - snprintf(command, STRING_SIZE-1, "/sbin/ifconfig %s:%d down 2>/dev/null", red_dev, alias++); - } while (safe_system(command)==0); + // Flush all previous aliases + alias = 0; + do { + snprintf(command, STRING_SIZE - 1, + "ip addr flush dev red%d scope %d 2>/dev/null", alias++, SCOPE); + } while (safe_system(command) == 0); /* Now set up the new aliases from the config file */ if (!(file = fopen(CONFIG_ROOT "/ethernet/aliases", "r"))) @@ -144,15 +146,18 @@ int main(void) aliasip = NULL; enabled = NULL; comment = NULL; + intf = NULL; sptr = strtok(s, ","); while (sptr) { if (count == 0) aliasip = sptr; - if (count == 1) + else if (count == 1) enabled = sptr; - else + else if (count == 2) comment = sptr; + else if (count == 3) + intf = sptr; count++; sptr = strtok(NULL, ","); } @@ -175,15 +180,18 @@ int main(void) exit(1); } - memset(command, 0, STRING_SIZE); - snprintf(command, STRING_SIZE-1, - "/sbin/ifconfig %s:%d %s netmask %s up", - red_dev, alias, aliasip, red_netmask); + // Default to RED_DEV if intf isn't set + if (!intf) + intf = red_dev; + + snprintf(command, STRING_SIZE - 1, "ip addr add %s/%s dev %s scope %d", + aliasip, red_netmask, intf, SCOPE); safe_system(command); - memset(command, 0, STRING_SIZE); + + // Send an ARP broadcast snprintf(command, STRING_SIZE-1, "/usr/sbin/arping -q -c 1 -w 1 -i %s -S %s %s", - red_dev, aliasip, default_gateway); + intf, aliasip, default_gateway); safe_system(command); alias++; } -- 2.39.2