[ipfire-2.x.git] / html / cgi-bin / zoneconf.cgi

#!/usr/bin/perl
###############################################################################
#                                                                             #
# VLAN Management for IPFire                                                  #
# Copyright (C) 2019 Florian Bührle <fbuehrle@ipfire.org>                     #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

use strict;
use Scalar::Util qw(looks_like_number);

require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";

my $css = <<END
<style>
	table {
		width: 100%;
	}

	tr {
		height: 4em;
	}

	td:first-child {
		width: 1px;
	}

	td {
		padding: 5px;
		padding-left: 10px;
		padding-right: 10px;
		border: 0.5px solid black;
	}

	table {
		border-collapse: collapse;
	}

	td.h {
		background-color: grey;
		color: white;
		font-weight: 800;
	}

	td.green {
		background-color: $Header::colourgreen;
	}

	td.red {
		background-color: $Header::colourred;
	}

	td.blue {
		background-color: $Header::colourblue;
	}

	td.orange {
		background-color: $Header::colourorange;
	}

	td.topleft {
		background-color: white;
		border-top-style: none;
		border-left-style: none;
	}

	td.disabled {
		background-color: #cccccc;
	}

	td.textcenter {
		text-align: center;
	}

	#submit-container {
		width: 100%;
		padding-top: 20px;
		text-align: right;
	}

	#submit-container.input {
		margin-left: auto;
	}

	button {
		margin-top: 1em;
	}

</style>
END
;

my %ethsettings = ();
my %vlansettings = ();
my %cgiparams = ();

&General::readhash("${General::swroot}/ethernet/settings",\%ethsettings);
&General::readhash("${General::swroot}/ethernet/vlans",\%vlansettings);

&Header::getcgihash(\%cgiparams);
&Header::showhttpheaders();

# Define all zones we will check for NIC assignment
my @zones = ("green", "red", "orange", "blue");

# Get all physical NICs present
opendir(my $dh, "/sys/class/net/");
my @nics = ();

while (my $nic = readdir($dh)) {
	if (-e "/sys/class/net/$nic/device") { # Indicates that the NIC is physical
		push(@nics, [&Network::get_nic_property($nic, "address"), $nic, 0]);
	}
}

closedir($dh);

@nics = sort {$a->[0] cmp $b->[0]} @nics; # Sort nics by their MAC address

# Name the physical NICs
# Even though they may not be really named like this, we will name them ethX or wlanX
my $ethcount = 0;
my $wlancount = 0;

foreach (@nics) {
	my $nic = $_->[1];

	if (-e "/sys/class/net/$nic/wireless") {
		$_->[1] = "wlan$wlancount";
		$_->[2] = 1;
		$wlancount++;
	} else {
		$_->[1] = "eth$ethcount";
		$ethcount++;
	}
}

&Header::openpage($Lang::tr{"zoneconf title"}, 1, $css);
&Header::openbigbox('100%', 'center');

### Evaluate POST parameters ###

if ($cgiparams{"ACTION"} eq $Lang::tr{"save"}) {
	my %VALIDATE_nic_check = ();
	my $VALIDATE_error = "";

	foreach (@zones) {
		my $uc = uc $_;
		my $slave_string = "";
		my $zone_mode = $cgiparams{"MODE $uc"};
		my $VALIDATE_vlancount = 0;
		my $VALIDATE_zoneslaves = 0;

		if ($zone_mode eq "") { # If this zone is not activated, we don't check it
			next;
		}

		$ethsettings{"${uc}_MACADDR"} = "";
		$ethsettings{"${uc}_MODE"} = "";
		$ethsettings{"${uc}_SLAVES"} = "";
		$vlansettings{"${uc}_PARENT_DEV"} = "";
		$vlansettings{"${uc}_VLAN_ID"} = "";
		$vlansettings{"${uc}_MAC_ADDRESS"} = "";

		# If RED is not in DHCP or static mode, we only set its MACADDR property
		if ($uc eq "RED" && ! $cgiparams{"PPPACCESS"} eq "") {
			foreach (@nics) {
				my $mac = $_->[0];

				if ($mac eq $cgiparams{"PPPACCESS"}) {
					$ethsettings{"${uc}_MACADDR"} = $mac;

					# Check if this interface is already accessed by any other zone
					# If this is the case, show an error message
					if ($VALIDATE_nic_check{"ACC $mac"}) {
						$VALIDATE_error = $Lang::tr{"zoneconf val ppp assignment error"};
					}

					$VALIDATE_nic_check{"RESTRICT $mac"} = 1;
					last;
				}
			}

			next;
		}

		foreach (@nics) {
			my $mac = $_->[0];
			my $nic_access = $cgiparams{"ACCESS $uc $mac"};

			if (! ($nic_access eq "NONE")) {
				if ($VALIDATE_nic_check{"RESTRICT $mac"}) { # If this interface is already assigned to RED in PPP mode, throw an error
					$VALIDATE_error = $Lang::tr{"zoneconf val ppp assignment error"};
					last;
				}

				if ($zone_mode ne "BRIDGE" && $VALIDATE_zoneslaves > 0) {
					$VALIDATE_error = $Lang::tr{"zoneconf val zoneslave amount error"};
					last;
				}

				$VALIDATE_nic_check{"ACC $mac"} = 1;
				$VALIDATE_zoneslaves++;
			}

			if ($nic_access eq "NATIVE") {
				if ($VALIDATE_nic_check{"NATIVE $mac"}) {
					$VALIDATE_error = $Lang::tr{"zoneconf val native assignment error"};
					last;
				}

				$VALIDATE_nic_check{"NATIVE $mac"} = 1;

				if ($zone_mode eq "BRIDGE") {
					$slave_string = "${slave_string}${mac} ";
				} else {
					$ethsettings{"${uc}_MACADDR"} = $mac;
				}
			} elsif ($nic_access eq "VLAN") {
				my $vlan_tag = $cgiparams{"TAG $uc $mac"};

				if ($VALIDATE_nic_check{"VLAN $mac $vlan_tag"}) {
					$VALIDATE_error = $Lang::tr{"zoneconf val vlan tag assignment error"};
					last;
				}

				$VALIDATE_nic_check{"VLAN $mac $vlan_tag"} = 1;

				if (! looks_like_number($vlan_tag)) {
					last;
				}
				if ($vlan_tag < 1 || $vlan_tag > 4095) {
					last;
				}

				my $rnd_mac = &Network::random_mac();

				$vlansettings{"${uc}_PARENT_DEV"} = $mac;
				$vlansettings{"${uc}_VLAN_ID"} = $vlan_tag;
				$vlansettings{"${uc}_MAC_ADDRESS"} = $rnd_mac;

				if ($zone_mode eq "BRIDGE") {
					$slave_string = "${slave_string}${rnd_mac} ";
				}

				$VALIDATE_vlancount++; # We can't allow more than one VLAN per zone
			}
		}

		if ($VALIDATE_vlancount > 1) {
			$VALIDATE_error = $Lang::tr{"zoneconf val vlan amount assignment error"};
			last;
		}

		chop($slave_string);

		if ($zone_mode eq "BRIDGE") {
			$ethsettings{"${uc}_MODE"} = "bridge";
			$ethsettings{"${uc}_SLAVES"} = $slave_string;
		} elsif ($zone_mode eq "MACVTAP") {
			$ethsettings{"${uc}_MODE"} = "macvtap";
		}
	}

	if ($VALIDATE_error) {
		&Header::openbox('100%', 'left', $Lang::tr{"error"});

		print "$VALIDATE_error<br><a href='/cgi-bin/zoneconf.cgi'><button>$Lang::tr{'ok'}</button></a>";

		&Header::closebox();
		&Header::closebigbox();
		&Header::closepage();

		exit 0;
	}

	&General::writehash("${General::swroot}/ethernet/settings",\%ethsettings);
	&General::writehash("${General::swroot}/ethernet/vlans",\%vlansettings);
}

&Header::openbox('100%', 'left', $Lang::tr{"zoneconf nic assignment"});

### START OF TABLE ###

print <<END
	<form method='post' enctype='multipart/form-data'>
		<table>
			<tr>
			<td class="h topleft" /td>
END
;

# Fill the table header with all physical NICs
foreach (@nics) {
	my $mac = $_->[0];
	my $nic = $_->[1];

	print "<td class='h textcenter'>$nic<br>$mac</td>";
}

print "</tr>";

foreach (@zones) {
	my $uc = uc $_;
	my $dev_name = $ethsettings{"${uc}_DEV"};

	if ($dev_name eq "") { # If the zone is not activated, don't show it
		next;
	}

	print "<tr>";

	if ($uc eq "RED") {
		my $red_type = $ethsettings{"RED_TYPE"};
		my $red_restricted = ($uc eq "RED" && ! ($red_type eq "STATIC" || $red_type eq "DHCP"));

		# VLANs/Bridging is not possible if the RED interface is set to PPP, PPPoE, VDSL, ...
		if ($red_restricted) {
			print "<td class='h $_'>$uc<br>($red_type)</td>";

			foreach (@nics) {
				my $mac = $_->[0];
				my $checked = "";

				if ($mac eq $ethsettings{"${uc}_MACADDR"}) {
					$checked = "checked";
				}

				print "<td class='textcenter'><input type='radio' id='PPPACCESS $mac' name='PPPACCESS' value='$mac' $checked></td>";
			}

			print "</tr>";
			next; # We're done here
		}
	}

	my %mode_selected = ();
	my $zone_mode = $ethsettings{"${uc}_MODE"};

	if ($zone_mode eq "") {
		$mode_selected{"DEFAULT"} = "selected";
	} elsif ($zone_mode eq "bridge") {
		$mode_selected{"BRIDGE"} = "selected";
	} elsif ($zone_mode eq "macvtap") {
		$mode_selected{"MACVTAP"} = "selected";
	}

	print <<END
		<td class='h $_'>$uc<br>
			<select name="MODE $uc">
				<option value="DEFAULT" $mode_selected{"DEFAULT"}>$Lang::tr{"zoneconf nicmode default"}</option>
				<option value="BRIDGE" $mode_selected{"BRIDGE"}>$Lang::tr{"zoneconf nicmode bridge"}</option>
				<option value="MACVTAP" $mode_selected{"MACVTAP"}>$Lang::tr{"zoneconf nicmode macvtap"}</option>
			</select>
		</td>
END
;

	# ZONE_PARENT_DEV is set if this zone accesses any interface via a VLAN
	my $zone_parent_dev = $vlansettings{"${uc}_PARENT_DEV"};

	# If ZONE_PARENT_DEV is set to a NICs name (e.g. green0 or eth0) instead of a MAC address, we have to find out this NICs MAC address
	$zone_parent_dev = &Network::get_mac_by_name($zone_parent_dev);

	foreach (@nics) { # Check for all nics if they are assigned to the current zone
		my %access_selected = ();
		my $mac = $_->[0];
		my $wlan = $_->[2];
		my $field_disabled = "disabled"; # Only enable the VLAN ID input field if the current access mode is VLAN
		my $zone_vlan_id = "";

		# If the current NIC is accessed by the current zone via a VLAN, the ZONE_PARENT_DEV option corresponds to the current NIC
		if ($mac eq $zone_parent_dev) {
			$access_selected{"VLAN"} = "selected";
			$field_disabled = "";
			$zone_vlan_id = $vlansettings{"${uc}_VLAN_ID"};
		}

		# If the current zone is in bridge mode, all corresponding NICs (Native as well as VLAN) are set via the ZONE_SLAVES option
		if ($zone_mode eq "bridge") {
			my @slaves = split(/ /, $ethsettings{"${uc}_SLAVES"});

			foreach (@slaves) {
				# Slaves can be set to a NICs name so we have to find out its MAC address
				$_ = &Network::get_mac_by_name($_);

				if ($_ eq $mac) {
					$access_selected{"NATIVE"} = "selected";
					last;
				}
			}
		} else { # Native access via ZONE_MACADDR is only set if the zone does not access a NIC via a VLAN and the zone is not in bridge mode
			if ($mac eq $ethsettings{"${uc}_MACADDR"}) {
				$access_selected{"NATIVE"} = "selected";
			}
		}

		$access_selected{"NONE"} = ($access_selected{"NATIVE"} eq "") && ($access_selected{"VLAN"} eq "") ? "selected" : "";
		my $vlan_disabled = ($wlan) ? "disabled" : "";

		print <<END
			<td class="textcenter">
				<select name="ACCESS $uc $mac" onchange="document.getElementById('TAG $uc $mac').disabled = (this.value === 'VLAN' ? false : true)">
					<option value="NONE" $access_selected{"NONE"}>- $Lang::tr{"zoneconf access none"} -</option>
					<option value="NATIVE" $access_selected{"NATIVE"}>$Lang::tr{"zoneconf access native"}</option>
					<option value="VLAN" $access_selected{"VLAN"} $vlan_disabled>$Lang::tr{"zoneconf access vlan"}</option>
				</select>
				<input type="number" id="TAG $uc $mac" name="TAG $uc $mac" min="1" max="4095" value="$zone_vlan_id" $field_disabled>
			</td>
END
;

	}
	print "</tr>";
}

print <<END
	</table>

	<div id="submit-container">
		<input type="submit" name="ACTION" value="$Lang::tr{"save"}">
	</div>
</form>
END
;

### END OF TABLE ###

&Header::closebox();
&Header::closebigbox();
&Header::closepage();
Commit	Line	Data
1dcf513a FB	1	#!/usr/bin/perl
	2	###############################################################################
	3	# #
	4	# VLAN Management for IPFire #
	5	# Copyright (C) 2019 Florian Bührle <fbuehrle@ipfire.org> #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
	22	use strict;
	23	use Scalar::Util qw(looks_like_number);
	24
	25	require '/var/ipfire/general-functions.pl';
	26	require "${General::swroot}/lang.pl";
	27	require "${General::swroot}/header.pl";
	28
	29	my $css = <<END
	30	<style>
	31	table {
	32	width: 100%;
	33	}
	34
	35	tr {
	36	height: 4em;
	37	}
	38
	39	td:first-child {
	40	width: 1px;
	41	}
	42
	43	td {
	44	padding: 5px;
	45	padding-left: 10px;
	46	padding-right: 10px;
	47	border: 0.5px solid black;
	48	}
	49
	50	table {
	51	border-collapse: collapse;
	52	}
	53
	54	td.h {
	55	background-color: grey;
	56	color: white;
	57	font-weight: 800;
	58	}
	59
	60	td.green {
	61	background-color: $Header::colourgreen;
	62	}
	63
	64	td.red {
65	background-color: $Header::colourred;
66	}
67
68	td.blue {
69	background-color: $Header::colourblue;
70	}
71
72	td.orange {
73	background-color: $Header::colourorange;
74	}
75
76	td.topleft {
77	background-color: white;
78	border-top-style: none;
79	border-left-style: none;
80	}
81
82	td.disabled {
83	background-color: #cccccc;
84	}
85
86	td.textcenter {
87	text-align: center;
88	}
89
90	#submit-container {
1dcf513a	91	width: 100%;
1dcf513a	92	padding-top: 20px;
1d6bc7a0	93	text-align: right;
1dcf513a FB	94	}
	95
	96	#submit-container.input {
	97	margin-left: auto;
	98	}
	99
	100	button {
	101	margin-top: 1em;
	102	}
	103
	104	</style>
	105	END
	106	;
	107
	108	my %ethsettings = ();
	109	my %vlansettings = ();
	110	my %cgiparams = ();
	111
	112	&General::readhash("${General::swroot}/ethernet/settings",\%ethsettings);
	113	&General::readhash("${General::swroot}/ethernet/vlans",\%vlansettings);
	114
	115	&Header::getcgihash(\%cgiparams);
	116	&Header::showhttpheaders();
	117
	118	# Define all zones we will check for NIC assignment
	119	my @zones = ("green", "red", "orange", "blue");
	120
	121	# Get all physical NICs present
	122	opendir(my $dh, "/sys/class/net/");
	123	my @nics = ();
	124
	125	while (my $nic = readdir($dh)) {
	126	if (-e "/sys/class/net/$nic/device") { # Indicates that the NIC is physical
	127	push(@nics, [&Network::get_nic_property($nic, "address"), $nic, 0]);
	128	}
	129	}
	130
	131	closedir($dh);
	132
	133	@nics = sort {$a->[0] cmp $b->[0]} @nics; # Sort nics by their MAC address
	134
	135	# Name the physical NICs
	136	# Even though they may not be really named like this, we will name them ethX or wlanX
	137	my $ethcount = 0;
	138	my $wlancount = 0;
	139
	140	foreach (@nics) {
	141	my $nic = $_->[1];
	142
	143	if (-e "/sys/class/net/$nic/wireless") {
	144	$_->[1] = "wlan$wlancount";
	145	$_->[2] = 1;
	146	$wlancount++;
	147	} else {
	148	$_->[1] = "eth$ethcount";
	149	$ethcount++;
	150	}
	151	}
	152
	153	&Header::openpage($Lang::tr{"zoneconf title"}, 1, $css);
	154	&Header::openbigbox('100%', 'center');
	155
	156	### Evaluate POST parameters ###
	157
158	if ($cgiparams{"ACTION"} eq $Lang::tr{"save"}) {
159	my %VALIDATE_nic_check = ();
160	my $VALIDATE_error = "";
161
162	foreach (@zones) {
163	my $uc = uc $_;
164	my $slave_string = "";
165	my $zone_mode = $cgiparams{"MODE $uc"};
166	my $VALIDATE_vlancount = 0;
f60b61e0 FB	167	my $VALIDATE_zoneslaves = 0;
	168
	169	if ($zone_mode eq "") { # If this zone is not activated, we don't check it
	170	next;
	171	}
1dcf513a FB	172
	173	$ethsettings{"${uc}_MACADDR"} = "";
	174	$ethsettings{"${uc}_MODE"} = "";
	175	$ethsettings{"${uc}_SLAVES"} = "";
	176	$vlansettings{"${uc}_PARENT_DEV"} = "";
	177	$vlansettings{"${uc}_VLAN_ID"} = "";
	178	$vlansettings{"${uc}_MAC_ADDRESS"} = "";
	179
	180	# If RED is not in DHCP or static mode, we only set its MACADDR property
	181	if ($uc eq "RED" && ! $cgiparams{"PPPACCESS"} eq "") {
	182	foreach (@nics) {
	183	my $mac = $_->[0];
	184
	185	if ($mac eq $cgiparams{"PPPACCESS"}) {
	186	$ethsettings{"${uc}_MACADDR"} = $mac;
	187
	188	# Check if this interface is already accessed by any other zone
	189	# If this is the case, show an error message
	190	if ($VALIDATE_nic_check{"ACC $mac"}) {
	191	$VALIDATE_error = $Lang::tr{"zoneconf val ppp assignment error"};
	192	}
	193
	194	$VALIDATE_nic_check{"RESTRICT $mac"} = 1;
	195	last;
	196	}
	197	}
	198
	199	next;
	200	}
	201
	202	foreach (@nics) {
	203	my $mac = $_->[0];
	204	my $nic_access = $cgiparams{"ACCESS $uc $mac"};
	205
	206	if (! ($nic_access eq "NONE")) {
	207	if ($VALIDATE_nic_check{"RESTRICT $mac"}) { # If this interface is already assigned to RED in PPP mode, throw an error
	208	$VALIDATE_error = $Lang::tr{"zoneconf val ppp assignment error"};
f60b61e0 FB	209	last;
	210	}
	211
	212	if ($zone_mode ne "BRIDGE" && $VALIDATE_zoneslaves > 0) {
	213	$VALIDATE_error = $Lang::tr{"zoneconf val zoneslave amount error"};
	214	last;
1dcf513a FB	215	}
	216
	217	$VALIDATE_nic_check{"ACC $mac"} = 1;
f60b61e0	218	$VALIDATE_zoneslaves++;
1dcf513a FB	219	}
	220
	221	if ($nic_access eq "NATIVE") {
	222	if ($VALIDATE_nic_check{"NATIVE $mac"}) {
	223	$VALIDATE_error = $Lang::tr{"zoneconf val native assignment error"};
f60b61e0	224	last;
1dcf513a FB	225	}
	226
	227	$VALIDATE_nic_check{"NATIVE $mac"} = 1;
	228
	229	if ($zone_mode eq "BRIDGE") {
	230	$slave_string = "${slave_string}${mac} ";
	231	} else {
	232	$ethsettings{"${uc}_MACADDR"} = $mac;
	233	}
	234	} elsif ($nic_access eq "VLAN") {
	235	my $vlan_tag = $cgiparams{"TAG $uc $mac"};
	236
	237	if ($VALIDATE_nic_check{"VLAN $mac $vlan_tag"}) {
	238	$VALIDATE_error = $Lang::tr{"zoneconf val vlan tag assignment error"};
f60b61e0	239	last;
1dcf513a FB	240	}
	241
	242	$VALIDATE_nic_check{"VLAN $mac $vlan_tag"} = 1;
	243
	244	if (! looks_like_number($vlan_tag)) {
f60b61e0	245	last;
1dcf513a FB	246	}
1dcf513a FB	247	if ($vlan_tag < 1 \|\| $vlan_tag > 4095) {
f60b61e0	248	last;
1dcf513a FB	249	}
	250
	251	my $rnd_mac = &Network::random_mac();
	252
	253	$vlansettings{"${uc}_PARENT_DEV"} = $mac;
	254	$vlansettings{"${uc}_VLAN_ID"} = $vlan_tag;
	255	$vlansettings{"${uc}_MAC_ADDRESS"} = $rnd_mac;
	256
	257	if ($zone_mode eq "BRIDGE") {
	258	$slave_string = "${slave_string}${rnd_mac} ";
	259	}
	260
	261	$VALIDATE_vlancount++; # We can't allow more than one VLAN per zone
	262	}
	263	}
	264
	265	if ($VALIDATE_vlancount > 1) {
	266	$VALIDATE_error = $Lang::tr{"zoneconf val vlan amount assignment error"};
f60b61e0	267	last;
1dcf513a FB	268	}
	269
	270	chop($slave_string);
	271
	272	if ($zone_mode eq "BRIDGE") {
	273	$ethsettings{"${uc}_MODE"} = "bridge";
	274	$ethsettings{"${uc}_SLAVES"} = $slave_string;
	275	} elsif ($zone_mode eq "MACVTAP") {
	276	$ethsettings{"${uc}_MODE"} = "macvtap";
	277	}
	278	}
	279
	280	if ($VALIDATE_error) {
	281	&Header::openbox('100%', 'left', $Lang::tr{"error"});
	282
	283	print "$VALIDATE_error<br><a href='/cgi-bin/zoneconf.cgi'><button>$Lang::tr{'ok'}</button></a>";
	284
	285	&Header::closebox();
	286	&Header::closebigbox();
	287	&Header::closepage();
	288
	289	exit 0;
	290	}
	291
	292	&General::writehash("${General::swroot}/ethernet/settings",\%ethsettings);
	293	&General::writehash("${General::swroot}/ethernet/vlans",\%vlansettings);
	294	}
	295
	296	&Header::openbox('100%', 'left', $Lang::tr{"zoneconf nic assignment"});
	297
	298	### START OF TABLE ###
	299
	300	print <<END
	301	<form method='post' enctype='multipart/form-data'>
	302	<table>
	303	<tr>
	304	<td class="h topleft" /td>
	305	END
	306	;
	307
	308	# Fill the table header with all physical NICs
	309	foreach (@nics) {
	310	my $mac = $_->[0];
	311	my $nic = $_->[1];
	312
	313	print "<td class='h textcenter'>$nic<br>$mac</td>";
	314	}
	315
	316	print "</tr>";
	317
	318	foreach (@zones) {
1dcf513a	319	my $uc = uc $_;
1dcf513a FB	320	my $dev_name = $ethsettings{"${uc}_DEV"};
1dcf513a FB	321
f60b61e0	322	if ($dev_name eq "") { # If the zone is not activated, don't show it
1dcf513a FB	323	next;
	324	}
	325
f60b61e0 FB	326	print "<tr>";
f60b61e0 FB	327
1dcf513a FB	328	if ($uc eq "RED") {
	329	my $red_type = $ethsettings{"RED_TYPE"};
	330	my $red_restricted = ($uc eq "RED" && ! ($red_type eq "STATIC" \|\| $red_type eq "DHCP"));
	331
	332	# VLANs/Bridging is not possible if the RED interface is set to PPP, PPPoE, VDSL, ...
	333	if ($red_restricted) {
	334	print "<td class='h $_'>$uc<br>($red_type)</td>";
	335
	336	foreach (@nics) {
	337	my $mac = $_->[0];
	338	my $checked = "";
	339
	340	if ($mac eq $ethsettings{"${uc}_MACADDR"}) {
	341	$checked = "checked";
	342	}
	343
	344	print "<td class='textcenter'><input type='radio' id='PPPACCESS $mac' name='PPPACCESS' value='$mac' $checked></td>";
	345	}
	346
	347	print "</tr>";
	348	next; # We're done here
	349	}
	350	}
	351
	352	my %mode_selected = ();
	353	my $zone_mode = $ethsettings{"${uc}_MODE"};
	354
	355	if ($zone_mode eq "") {
	356	$mode_selected{"DEFAULT"} = "selected";
	357	} elsif ($zone_mode eq "bridge") {
	358	$mode_selected{"BRIDGE"} = "selected";
	359	} elsif ($zone_mode eq "macvtap") {
	360	$mode_selected{"MACVTAP"} = "selected";
	361	}
	362
	363	print <<END
	364	<td class='h $_'>$uc<br>
	365	<select name="MODE $uc">
	366	<option value="DEFAULT" $mode_selected{"DEFAULT"}>$Lang::tr{"zoneconf nicmode default"}</option>
	367	<option value="BRIDGE" $mode_selected{"BRIDGE"}>$Lang::tr{"zoneconf nicmode bridge"}</option>
	368	<option value="MACVTAP" $mode_selected{"MACVTAP"}>$Lang::tr{"zoneconf nicmode macvtap"}</option>
	369	</select>
	370	</td>
	371	END
	372	;
	373
	374	# ZONE_PARENT_DEV is set if this zone accesses any interface via a VLAN
	375	my $zone_parent_dev = $vlansettings{"${uc}_PARENT_DEV"};
	376
	377	# If ZONE_PARENT_DEV is set to a NICs name (e.g. green0 or eth0) instead of a MAC address, we have to find out this NICs MAC address
	378	$zone_parent_dev = &Network::get_mac_by_name($zone_parent_dev);
	379
	380	foreach (@nics) { # Check for all nics if they are assigned to the current zone
	381	my %access_selected = ();
	382	my $mac = $_->[0];
	383	my $wlan = $_->[2];
	384	my $field_disabled = "disabled"; # Only enable the VLAN ID input field if the current access mode is VLAN
	385	my $zone_vlan_id = "";
	386
	387	# If the current NIC is accessed by the current zone via a VLAN, the ZONE_PARENT_DEV option corresponds to the current NIC
	388	if ($mac eq $zone_parent_dev) {
	389	$access_selected{"VLAN"} = "selected";
	390	$field_disabled = "";
	391	$zone_vlan_id = $vlansettings{"${uc}_VLAN_ID"};
392	}
393
394	# If the current zone is in bridge mode, all corresponding NICs (Native as well as VLAN) are set via the ZONE_SLAVES option
395	if ($zone_mode eq "bridge") {
396	my @slaves = split(/ /, $ethsettings{"${uc}_SLAVES"});
397
398	foreach (@slaves) {
399	# Slaves can be set to a NICs name so we have to find out its MAC address
400	$_ = &Network::get_mac_by_name($_);
401
402	if ($_ eq $mac) {
403	$access_selected{"NATIVE"} = "selected";
404	last;
405	}
406	}
407	} else { # Native access via ZONE_MACADDR is only set if the zone does not access a NIC via a VLAN and the zone is not in bridge mode
408	if ($mac eq $ethsettings{"${uc}_MACADDR"}) {
409	$access_selected{"NATIVE"} = "selected";
410	}
411	}
412
413	$access_selected{"NONE"} = ($access_selected{"NATIVE"} eq "") && ($access_selected{"VLAN"} eq "") ? "selected" : "";
414	my $vlan_disabled = ($wlan) ? "disabled" : "";
415
416	print <<END
417	<td class="textcenter">
418	<select name="ACCESS $uc $mac" onchange="document.getElementById('TAG $uc $mac').disabled = (this.value === 'VLAN' ? false : true)">
03fd6855	419	<option value="NONE" $access_selected{"NONE"}>- $Lang::tr{"zoneconf access none"} -</option>
1dcf513a FB	420	<option value="NATIVE" $access_selected{"NATIVE"}>$Lang::tr{"zoneconf access native"}</option>
1dcf513a FB	421	<option value="VLAN" $access_selected{"VLAN"} $vlan_disabled>$Lang::tr{"zoneconf access vlan"}</option>
1dcf513a FB	422	</select>
	423	<input type="number" id="TAG $uc $mac" name="TAG $uc $mac" min="1" max="4095" value="$zone_vlan_id" $field_disabled>
	424	</td>
	425	END
	426	;
	427
	428	}
	429	print "</tr>";
	430	}
	431
	432	print <<END
	433	</table>
1d6bc7a0 MT	434
	435	<div id="submit-container">
	436	<input type="submit" name="ACTION" value="$Lang::tr{"save"}">
	437	</div>
	438	</form>
1dcf513a FB	439	END
	440	;
	441
	442	### END OF TABLE ###
	443
	444	&Header::closebox();
	445	&Header::closebigbox();
	446	&Header::closepage();