]> git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/zoneconf.cgi
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
wlanap.cgi: Cosmetic fix - replace 'Save' image with 'Save' button
[ipfire-2.x.git] / html / cgi-bin / zoneconf.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # VLAN Management for IPFire #
5 # Copyright (C) 2019 Florian Bührle <fbuehrle@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23 use Scalar::Util qw(looks_like_number);
24
25 require '/var/ipfire/general-functions.pl';
26 require "${General::swroot}/lang.pl";
27 require "${General::swroot}/header.pl";
28
29 my $extraHead = <<END
30 <style>
31 table#zoneconf {
32 width: 100%;
33 border-collapse: collapse;
34 table-layout: fixed;
35 }
36
37 #zoneconf tr {
38 height: 4em;
39 }
40
41 #zoneconf td {
42 padding: 5px 10px;
43 border: 0.5px solid black;
44 text-align: center;
45 }
46
47 /* dark grey header cells */
48 #zoneconf td.heading {
49 background-color: grey;
50 color: white;
51 }
52 #zoneconf td.heading::first-line {
53 font-weight: bold;
54 line-height: 1.6;
55 }
56
57 /* narrow left column */
58 #zoneconf tr > td:first-child {
59 width: 11em;
60 }
61
62 /* alternating row background color */
63 #zoneconf tr:nth-child(2n+3) {
64 background-color: #F0F0F0;
65 }
66
67 #zoneconf td.green {
68 background-color: $Header::colourgreen;
69 }
70
71 #zoneconf td.red {
72 background-color: $Header::colourred;
73 }
74
75 #zoneconf td.blue {
76 background-color: $Header::colourblue;
77 }
78
79 #zoneconf td.orange {
80 background-color: $Header::colourorange;
81 }
82
83 #zoneconf td.topleft {
84 background-color: $Header::pagecolour;
85 border-top-style: none;
86 border-left-style: none;
87 }
88
89 input.vlanid {
90 width: 4em;
91 }
92
93 #submit-container {
94 width: 100%;
95 padding-top: 20px;
96 text-align: right;
97 color: red;
98 }
99
100 #submit-container.input {
101 margin-left: auto;
102 }
103 </style>
104
105 <script src="/include/zoneconf.js"></script>
106 END
107 ;
108
109 my %ethsettings = ();
110 my %vlansettings = ();
111 my %cgiparams = ();
112
113 my $restart_notice = "";
114
115 &General::readhash("${General::swroot}/ethernet/settings",\%ethsettings);
116 &General::readhash("${General::swroot}/ethernet/vlans",\%vlansettings);
117
118 &Header::getcgihash(\%cgiparams);
119 &Header::showhttpheaders();
120
121 # Define all zones we will check for NIC assignment
122 my @zones = ("green", "red", "orange", "blue");
123
124 # Get all physical NICs present
125 opendir(my $dh, "/sys/class/net/");
126 my @nics = ();
127
128 while (my $nic = readdir($dh)) {
129 if (-e "/sys/class/net/$nic/device") { # Indicates that the NIC is physical
130 push(@nics, [&Network::get_nic_property($nic, "address"), $nic, 0]);
131 }
132 }
133
134 closedir($dh);
135
136 @nics = sort {$a->[0] cmp $b->[0]} @nics; # Sort nics by their MAC address
137
138 # Name the physical NICs
139 # Even though they may not be really named like this, we will name them ethX or wlanX
140 my $ethcount = 0;
141 my $wlancount = 0;
142
143 foreach (@nics) {
144 my $nic = $_->[1];
145
146 if (-e "/sys/class/net/$nic/wireless") {
147 $_->[1] = "wlan$wlancount";
148 $_->[2] = 1;
149 $wlancount++;
150 } else {
151 $_->[1] = "eth$ethcount";
152 $ethcount++;
153 }
154 }
155
156 &Header::openpage($Lang::tr{"zoneconf title"}, 1, $extraHead);
157 &Header::openbigbox('100%', 'center');
158
159 ### Evaluate POST parameters ###
160
161 if ($cgiparams{"ACTION"} eq $Lang::tr{"save"}) {
162 my %VALIDATE_nic_check = ();
163 my $VALIDATE_error = "";
164
165 foreach (@zones) {
166 my $uc = uc $_;
167 my $slave_string = "";
168 my $zone_mode = $cgiparams{"MODE $uc"};
169 my $VALIDATE_vlancount = 0;
170 my $VALIDATE_zoneslaves = 0;
171
172 $ethsettings{"${uc}_MACADDR"} = "";
173 $ethsettings{"${uc}_MODE"} = "";
174 $ethsettings{"${uc}_SLAVES"} = "";
175 $vlansettings{"${uc}_PARENT_DEV"} = "";
176 $vlansettings{"${uc}_VLAN_ID"} = "";
177 $vlansettings{"${uc}_MAC_ADDRESS"} = "";
178
179 # If RED is not in DHCP or static mode, we only set its MACADDR property
180 if ($uc eq "RED" && ! $cgiparams{"PPPACCESS"} eq "") {
181 foreach (@nics) {
182 my $mac = $_->[0];
183
184 if ($mac eq $cgiparams{"PPPACCESS"}) {
185 $ethsettings{"${uc}_MACADDR"} = $mac;
186
187 # Check if this interface is already accessed by any other zone
188 # If this is the case, show an error message
189 if ($VALIDATE_nic_check{"ACC $mac"}) {
190 $VALIDATE_error = $Lang::tr{"zoneconf val ppp assignment error"};
191 }
192
193 $VALIDATE_nic_check{"RESTRICT $mac"} = 1;
194 last;
195 }
196 }
197
198 next;
199 }
200
201 foreach (@nics) {
202 my $mac = $_->[0];
203 my $nic_access = $cgiparams{"ACCESS $uc $mac"};
204
205 next unless ($nic_access);
206
207 if ($nic_access ne "NONE") {
208 if ($VALIDATE_nic_check{"RESTRICT $mac"}) { # If this interface is already assigned to RED in PPP mode, throw an error
209 $VALIDATE_error = $Lang::tr{"zoneconf val ppp assignment error"};
210 last;
211 }
212
213 if ($zone_mode ne "BRIDGE" && $VALIDATE_zoneslaves > 0 && $nic_access ne "") {
214 $VALIDATE_error = $Lang::tr{"zoneconf val zoneslave amount error"};
215 last;
216 }
217
218 $VALIDATE_nic_check{"ACC $mac"} = 1;
219 $VALIDATE_zoneslaves++;
220 }
221
222 if ($nic_access eq "NATIVE") {
223 if ($VALIDATE_nic_check{"NATIVE $mac"}) {
224 $VALIDATE_error = $Lang::tr{"zoneconf val native assignment error"};
225 last;
226 }
227
228 $VALIDATE_nic_check{"NATIVE $mac"} = 1;
229
230 if ($zone_mode eq "BRIDGE") {
231 $slave_string = "${slave_string}${mac} ";
232 } else {
233 $ethsettings{"${uc}_MACADDR"} = $mac;
234 }
235 } elsif ($nic_access eq "VLAN") {
236 my $vlan_tag = $cgiparams{"TAG $uc $mac"};
237
238 if ($VALIDATE_nic_check{"VLAN $mac $vlan_tag"}) {
239 $VALIDATE_error = $Lang::tr{"zoneconf val vlan tag assignment error"};
240 last;
241 }
242
243 $VALIDATE_nic_check{"VLAN $mac $vlan_tag"} = 1;
244
245 if (! looks_like_number($vlan_tag)) {
246 last;
247 }
248 if ($vlan_tag < 1 || $vlan_tag > 4095) {
249 last;
250 }
251
252 my $rnd_mac = &Network::random_mac();
253
254 $vlansettings{"${uc}_PARENT_DEV"} = $mac;
255 $vlansettings{"${uc}_VLAN_ID"} = $vlan_tag;
256 $vlansettings{"${uc}_MAC_ADDRESS"} = $rnd_mac;
257
258 if ($zone_mode eq "BRIDGE") {
259 $slave_string = "${slave_string}${rnd_mac} ";
260 }
261
262 $VALIDATE_vlancount++; # We can't allow more than one VLAN per zone
263 }
264 }
265
266 if ($VALIDATE_vlancount > 1) {
267 $VALIDATE_error = $Lang::tr{"zoneconf val vlan amount assignment error"};
268 last;
269 }
270
271 chop($slave_string);
272
273 if ($zone_mode eq "BRIDGE") {
274 $ethsettings{"${uc}_MODE"} = "bridge";
275 $ethsettings{"${uc}_SLAVES"} = $slave_string;
276 } elsif ($zone_mode eq "MACVTAP") {
277 $ethsettings{"${uc}_MODE"} = "macvtap";
278 }
279 }
280
281 if ($VALIDATE_error) {
282 &Header::openbox('100%', 'left', $Lang::tr{"error"});
283
284 print "$VALIDATE_error<br><br><a href='$ENV{'SCRIPT_NAME'}'>$Lang::tr{'back'}</a>\n";
285
286 &Header::closebox();
287 &Header::closebigbox();
288 &Header::closepage();
289
290 exit 0;
291 }
292
293 &General::writehash("${General::swroot}/ethernet/settings",\%ethsettings);
294 &General::writehash("${General::swroot}/ethernet/vlans",\%vlansettings);
295
296 $restart_notice = $Lang::tr{'zoneconf notice reboot'};
297 }
298
299 &Header::openbox('100%', 'left', $Lang::tr{"zoneconf nic assignment"});
300
301 ### START OF TABLE ###
302
303 print <<END
304 <form method='post' enctype='multipart/form-data'>
305 <table id="zoneconf">
306 <tr>
307 <td class="topleft"></td>
308 END
309 ;
310
311 # Fill the table header with all activated zones
312 foreach (@zones) {
313 my $uc = uc $_;
314 my $dev_name = $ethsettings{"${uc}_DEV"};
315
316 if ($dev_name eq "") { # If the zone is not activated, don't show it
317 next;
318 }
319
320 # If the zone is in PPP mode, don't show a mode dropdown
321 if ($uc eq "RED") {
322 my $red_type = $ethsettings{"RED_TYPE"};
323 my $red_restricted = ($uc eq "RED" && ! ($red_type eq "STATIC" || $red_type eq "DHCP"));
324
325 if ($red_restricted) {
326 print "\t\t<td class='heading $_'>$uc ($red_type)</td>\n";
327
328 next; # We're done here
329 }
330 }
331
332 my %mode_selected = ();
333 my $zone_mode = $ethsettings{"${uc}_MODE"};
334
335 if ($zone_mode eq "") {
336 $mode_selected{"DEFAULT"} = "selected";
337 } elsif ($zone_mode eq "bridge") {
338 $mode_selected{"BRIDGE"} = "selected";
339 } elsif ($zone_mode eq "macvtap") {
340 $mode_selected{"MACVTAP"} = "selected";
341 }
342
343 print <<END
344 <td class='heading $_'>$uc<br>
345 <select name="MODE $uc">
346 <option value="DEFAULT" $mode_selected{"DEFAULT"}>$Lang::tr{"zoneconf nicmode default"}</option>
347 <option value="BRIDGE" $mode_selected{"BRIDGE"}>$Lang::tr{"zoneconf nicmode bridge"}</option>
348 <option value="MACVTAP" $mode_selected{"MACVTAP"}>$Lang::tr{"zoneconf nicmode macvtap"}</option>
349 </select>
350 </td>
351 END
352 ;
353 }
354
355 print "\t</tr>\n";
356
357 foreach (@nics) {
358 my $mac = $_->[0];
359 my $nic = $_->[1];
360 my $wlan = $_->[2];
361
362 print "\t<tr>\n";
363 print "\t\t<td class='heading'>$nic<br>$mac</td>\n";
364
365 # Iterate through all zones and check if the current NIC is assigned to it
366 foreach (@zones) {
367 my $uc = uc $_;
368 my $dev_name = $ethsettings{"${uc}_DEV"};
369 my $highlight = "";
370
371 if ($dev_name eq "") { # Again, skip the zone if it is not activated
372 next;
373 }
374
375 if ($uc eq "RED") {
376 my $red_type = $ethsettings{"RED_TYPE"};
377 my $red_restricted = ($uc eq "RED" && ! ($red_type eq "STATIC" || $red_type eq "DHCP"));
378
379 # VLANs/Bridging is not possible if the RED interface is set to PPP, PPPoE, VDSL, ...
380 if ($red_restricted) {
381 my $checked = "";
382
383 if ($mac eq $ethsettings{"${uc}_MACADDR"}) {
384 $checked = "checked";
385 $highlight = $_;
386 }
387
388 print <<END
389 <td class="$highlight">
390 <input type="radio" name="PPPACCESS" value="$mac" data-zone="RED" data-mac="$mac" onchange="highlightAccess(this)" $checked>
391 </td>
392 END
393 ;
394 next; # We're done here
395 }
396 }
397
398 my %access_selected = ();
399 my $zone_mode = $ethsettings{"${uc}_MODE"};
400 my $zone_parent_dev = $vlansettings{"${uc}_PARENT_DEV"}; # ZONE_PARENT_DEV is set if this zone accesses any interface via a VLAN
401 my $field_disabled = "disabled"; # Only enable the VLAN ID input field if the current access mode is VLAN
402 my $zone_vlan_id = "";
403
404 # If ZONE_PARENT_DEV is set to a NICs name (e.g. green0 or eth0) instead of a MAC address, we have to find out this NICs MAC address
405 $zone_parent_dev = &Network::get_mac_by_name($zone_parent_dev);
406
407 # If the current NIC is accessed by the current zone via a VLAN, the ZONE_PARENT_DEV option corresponds to the current NIC
408 if ($mac eq $zone_parent_dev) {
409 $access_selected{"VLAN"} = "selected";
410 $field_disabled = "";
411 $zone_vlan_id = $vlansettings{"${uc}_VLAN_ID"};
412 } elsif ($zone_mode eq "bridge") { # If the current zone is in bridge mode, all corresponding NICs (Native as well as VLAN) are set via the ZONE_SLAVES option
413 my @slaves = split(/ /, $ethsettings{"${uc}_SLAVES"});
414
415 foreach (@slaves) {
416 # Slaves can be set to a NICs name so we have to find out its MAC address
417 $_ = &Network::get_mac_by_name($_);
418
419 if ($_ eq $mac) {
420 $access_selected{"NATIVE"} = "selected";
421 last;
422 }
423 }
424 } elsif ($mac eq $ethsettings{"${uc}_MACADDR"}) { # Native access via ZONE_MACADDR is only set if the zone does not access a NIC via a VLAN and the zone is not in bridge mode
425 $access_selected{"NATIVE"} = "selected";
426 }
427
428 $access_selected{"NONE"} = ($access_selected{"NATIVE"} eq "") && ($access_selected{"VLAN"} eq "") ? "selected" : "";
429 my $vlan_disabled = ($wlan) ? "disabled" : "";
430
431 # If the interface is assigned, hightlight table cell
432 if ($access_selected{"NONE"} eq "") {
433 $highlight = $_;
434 }
435
436 print <<END
437 <td class="$highlight">
438 <select name="ACCESS $uc $mac" data-zone="$uc" data-mac="$mac" onchange="highlightAccess(this)">
439 <option value="NONE" $access_selected{"NONE"}>- $Lang::tr{"zoneconf access none"} -</option>
440 <option value="NATIVE" $access_selected{"NATIVE"}>$Lang::tr{"zoneconf access native"}</option>
441 <option value="VLAN" $access_selected{"VLAN"} $vlan_disabled>$Lang::tr{"zoneconf access vlan"}</option>
442 </select>
443 <input type="number" class="vlanid" id="TAG-$uc-$mac" name="TAG $uc $mac" min="1" max="4095" value="$zone_vlan_id" $field_disabled>
444 </td>
445 END
446 ;
447 }
448
449 print "\t</tr>\n";
450 }
451
452 print <<END
453 </table>
454
455 <div id="submit-container">
456 $restart_notice
457 <input type="submit" name="ACTION" value="$Lang::tr{"save"}">
458 </div>
459 </form>
460 END
461 ;
462
463 ### END OF TABLE ###
464
465 &Header::closebox();
466 &Header::closebigbox();
467 &Header::closepage();
IPFire 2.x development tree