]>
Commit | Line | Data |
---|---|---|
1dcf513a FB |
1 | #!/usr/bin/perl |
2 | ############################################################################### | |
3 | # # | |
4 | # VLAN Management for IPFire # | |
5 | # Copyright (C) 2019 Florian Bührle <fbuehrle@ipfire.org> # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | use strict; | |
23 | use Scalar::Util qw(looks_like_number); | |
24 | ||
25 | require '/var/ipfire/general-functions.pl'; | |
26 | require "${General::swroot}/lang.pl"; | |
27 | require "${General::swroot}/header.pl"; | |
28 | ||
29 | my $css = <<END | |
30 | <style> | |
31 | table { | |
32 | width: 100%; | |
0ec8e31a FB |
33 | border-collapse: collapse; |
34 | table-layout: fixed; | |
1dcf513a FB |
35 | } |
36 | ||
37 | tr { | |
38 | height: 4em; | |
39 | } | |
40 | ||
0ec8e31a FB |
41 | tr.thin { |
42 | height: 3em; | |
43 | } | |
44 | ||
45 | td.narrow { | |
46 | width: 11em; | |
1dcf513a FB |
47 | } |
48 | ||
49 | td { | |
50 | padding: 5px; | |
51 | padding-left: 10px; | |
52 | padding-right: 10px; | |
53 | border: 0.5px solid black; | |
54 | } | |
55 | ||
1dcf513a FB |
56 | td.h { |
57 | background-color: grey; | |
58 | color: white; | |
59 | font-weight: 800; | |
60 | } | |
61 | ||
62 | td.green { | |
63 | background-color: $Header::colourgreen; | |
64 | } | |
65 | ||
66 | td.red { | |
67 | background-color: $Header::colourred; | |
68 | } | |
69 | ||
70 | td.blue { | |
71 | background-color: $Header::colourblue; | |
72 | } | |
73 | ||
74 | td.orange { | |
75 | background-color: $Header::colourorange; | |
76 | } | |
77 | ||
78 | td.topleft { | |
79 | background-color: white; | |
80 | border-top-style: none; | |
81 | border-left-style: none; | |
82 | } | |
83 | ||
84 | td.disabled { | |
85 | background-color: #cccccc; | |
86 | } | |
87 | ||
88 | td.textcenter { | |
89 | text-align: center; | |
90 | } | |
91 | ||
92 | #submit-container { | |
1dcf513a | 93 | width: 100%; |
0ec8e31a | 94 | padding-top: 20px; |
1d6bc7a0 | 95 | text-align: right; |
1dcf513a FB |
96 | } |
97 | ||
98 | #submit-container.input { | |
99 | margin-left: auto; | |
100 | } | |
101 | ||
102 | button { | |
103 | margin-top: 1em; | |
104 | } | |
1dcf513a FB |
105 | </style> |
106 | END | |
107 | ; | |
108 | ||
109 | my %ethsettings = (); | |
110 | my %vlansettings = (); | |
111 | my %cgiparams = (); | |
112 | ||
113 | &General::readhash("${General::swroot}/ethernet/settings",\%ethsettings); | |
114 | &General::readhash("${General::swroot}/ethernet/vlans",\%vlansettings); | |
115 | ||
116 | &Header::getcgihash(\%cgiparams); | |
117 | &Header::showhttpheaders(); | |
118 | ||
119 | # Define all zones we will check for NIC assignment | |
120 | my @zones = ("green", "red", "orange", "blue"); | |
121 | ||
122 | # Get all physical NICs present | |
123 | opendir(my $dh, "/sys/class/net/"); | |
124 | my @nics = (); | |
125 | ||
126 | while (my $nic = readdir($dh)) { | |
127 | if (-e "/sys/class/net/$nic/device") { # Indicates that the NIC is physical | |
128 | push(@nics, [&Network::get_nic_property($nic, "address"), $nic, 0]); | |
129 | } | |
130 | } | |
131 | ||
132 | closedir($dh); | |
133 | ||
134 | @nics = sort {$a->[0] cmp $b->[0]} @nics; # Sort nics by their MAC address | |
135 | ||
136 | # Name the physical NICs | |
137 | # Even though they may not be really named like this, we will name them ethX or wlanX | |
138 | my $ethcount = 0; | |
139 | my $wlancount = 0; | |
140 | ||
141 | foreach (@nics) { | |
142 | my $nic = $_->[1]; | |
143 | ||
144 | if (-e "/sys/class/net/$nic/wireless") { | |
145 | $_->[1] = "wlan$wlancount"; | |
146 | $_->[2] = 1; | |
147 | $wlancount++; | |
148 | } else { | |
149 | $_->[1] = "eth$ethcount"; | |
150 | $ethcount++; | |
151 | } | |
152 | } | |
153 | ||
154 | &Header::openpage($Lang::tr{"zoneconf title"}, 1, $css); | |
155 | &Header::openbigbox('100%', 'center'); | |
156 | ||
157 | ### Evaluate POST parameters ### | |
158 | ||
159 | if ($cgiparams{"ACTION"} eq $Lang::tr{"save"}) { | |
160 | my %VALIDATE_nic_check = (); | |
161 | my $VALIDATE_error = ""; | |
162 | ||
163 | foreach (@zones) { | |
164 | my $uc = uc $_; | |
165 | my $slave_string = ""; | |
166 | my $zone_mode = $cgiparams{"MODE $uc"}; | |
167 | my $VALIDATE_vlancount = 0; | |
f60b61e0 FB |
168 | my $VALIDATE_zoneslaves = 0; |
169 | ||
1dcf513a FB |
170 | $ethsettings{"${uc}_MACADDR"} = ""; |
171 | $ethsettings{"${uc}_MODE"} = ""; | |
172 | $ethsettings{"${uc}_SLAVES"} = ""; | |
173 | $vlansettings{"${uc}_PARENT_DEV"} = ""; | |
174 | $vlansettings{"${uc}_VLAN_ID"} = ""; | |
175 | $vlansettings{"${uc}_MAC_ADDRESS"} = ""; | |
176 | ||
177 | # If RED is not in DHCP or static mode, we only set its MACADDR property | |
178 | if ($uc eq "RED" && ! $cgiparams{"PPPACCESS"} eq "") { | |
179 | foreach (@nics) { | |
180 | my $mac = $_->[0]; | |
181 | ||
182 | if ($mac eq $cgiparams{"PPPACCESS"}) { | |
183 | $ethsettings{"${uc}_MACADDR"} = $mac; | |
184 | ||
185 | # Check if this interface is already accessed by any other zone | |
186 | # If this is the case, show an error message | |
187 | if ($VALIDATE_nic_check{"ACC $mac"}) { | |
188 | $VALIDATE_error = $Lang::tr{"zoneconf val ppp assignment error"}; | |
189 | } | |
190 | ||
191 | $VALIDATE_nic_check{"RESTRICT $mac"} = 1; | |
192 | last; | |
193 | } | |
194 | } | |
195 | ||
196 | next; | |
197 | } | |
198 | ||
199 | foreach (@nics) { | |
200 | my $mac = $_->[0]; | |
201 | my $nic_access = $cgiparams{"ACCESS $uc $mac"}; | |
202 | ||
a6695868 | 203 | if ($nic_access ne "NONE") { |
1dcf513a FB |
204 | if ($VALIDATE_nic_check{"RESTRICT $mac"}) { # If this interface is already assigned to RED in PPP mode, throw an error |
205 | $VALIDATE_error = $Lang::tr{"zoneconf val ppp assignment error"}; | |
f60b61e0 FB |
206 | last; |
207 | } | |
208 | ||
a6695868 | 209 | if ($zone_mode ne "BRIDGE" && $VALIDATE_zoneslaves > 0 && $nic_access ne "") { |
f60b61e0 FB |
210 | $VALIDATE_error = $Lang::tr{"zoneconf val zoneslave amount error"}; |
211 | last; | |
1dcf513a FB |
212 | } |
213 | ||
214 | $VALIDATE_nic_check{"ACC $mac"} = 1; | |
f60b61e0 | 215 | $VALIDATE_zoneslaves++; |
1dcf513a FB |
216 | } |
217 | ||
218 | if ($nic_access eq "NATIVE") { | |
219 | if ($VALIDATE_nic_check{"NATIVE $mac"}) { | |
220 | $VALIDATE_error = $Lang::tr{"zoneconf val native assignment error"}; | |
f60b61e0 | 221 | last; |
1dcf513a FB |
222 | } |
223 | ||
224 | $VALIDATE_nic_check{"NATIVE $mac"} = 1; | |
225 | ||
226 | if ($zone_mode eq "BRIDGE") { | |
227 | $slave_string = "${slave_string}${mac} "; | |
228 | } else { | |
229 | $ethsettings{"${uc}_MACADDR"} = $mac; | |
230 | } | |
231 | } elsif ($nic_access eq "VLAN") { | |
232 | my $vlan_tag = $cgiparams{"TAG $uc $mac"}; | |
233 | ||
234 | if ($VALIDATE_nic_check{"VLAN $mac $vlan_tag"}) { | |
235 | $VALIDATE_error = $Lang::tr{"zoneconf val vlan tag assignment error"}; | |
f60b61e0 | 236 | last; |
1dcf513a FB |
237 | } |
238 | ||
239 | $VALIDATE_nic_check{"VLAN $mac $vlan_tag"} = 1; | |
240 | ||
241 | if (! looks_like_number($vlan_tag)) { | |
f60b61e0 | 242 | last; |
1dcf513a FB |
243 | } |
244 | if ($vlan_tag < 1 || $vlan_tag > 4095) { | |
f60b61e0 | 245 | last; |
1dcf513a FB |
246 | } |
247 | ||
248 | my $rnd_mac = &Network::random_mac(); | |
249 | ||
250 | $vlansettings{"${uc}_PARENT_DEV"} = $mac; | |
251 | $vlansettings{"${uc}_VLAN_ID"} = $vlan_tag; | |
252 | $vlansettings{"${uc}_MAC_ADDRESS"} = $rnd_mac; | |
253 | ||
254 | if ($zone_mode eq "BRIDGE") { | |
255 | $slave_string = "${slave_string}${rnd_mac} "; | |
256 | } | |
257 | ||
258 | $VALIDATE_vlancount++; # We can't allow more than one VLAN per zone | |
259 | } | |
260 | } | |
261 | ||
262 | if ($VALIDATE_vlancount > 1) { | |
263 | $VALIDATE_error = $Lang::tr{"zoneconf val vlan amount assignment error"}; | |
f60b61e0 | 264 | last; |
1dcf513a FB |
265 | } |
266 | ||
267 | chop($slave_string); | |
268 | ||
269 | if ($zone_mode eq "BRIDGE") { | |
270 | $ethsettings{"${uc}_MODE"} = "bridge"; | |
271 | $ethsettings{"${uc}_SLAVES"} = $slave_string; | |
272 | } elsif ($zone_mode eq "MACVTAP") { | |
273 | $ethsettings{"${uc}_MODE"} = "macvtap"; | |
274 | } | |
275 | } | |
276 | ||
277 | if ($VALIDATE_error) { | |
278 | &Header::openbox('100%', 'left', $Lang::tr{"error"}); | |
279 | ||
280 | print "$VALIDATE_error<br><a href='/cgi-bin/zoneconf.cgi'><button>$Lang::tr{'ok'}</button></a>"; | |
281 | ||
282 | &Header::closebox(); | |
283 | &Header::closebigbox(); | |
284 | &Header::closepage(); | |
285 | ||
286 | exit 0; | |
287 | } | |
288 | ||
289 | &General::writehash("${General::swroot}/ethernet/settings",\%ethsettings); | |
290 | &General::writehash("${General::swroot}/ethernet/vlans",\%vlansettings); | |
291 | } | |
292 | ||
293 | &Header::openbox('100%', 'left', $Lang::tr{"zoneconf nic assignment"}); | |
294 | ||
295 | ### START OF TABLE ### | |
296 | ||
297 | print <<END | |
0ec8e31a FB |
298 | <form method='post' enctype='multipart/form-data'> |
299 | <table> | |
300 | <tr> | |
301 | <td class="h narrow topleft" /td> | |
1dcf513a FB |
302 | END |
303 | ; | |
304 | ||
0ec8e31a | 305 | # Fill the table header with all activated zones |
1dcf513a | 306 | foreach (@zones) { |
1dcf513a | 307 | my $uc = uc $_; |
0ec8e31a | 308 | my $dev_name = $ethsettings{"${uc}_DEV"}; |
1dcf513a | 309 | |
0ec8e31a FB |
310 | if ($dev_name eq "") { # If the zone is not activated, don't show it |
311 | next; | |
312 | } | |
f60b61e0 | 313 | |
0ec8e31a FB |
314 | # If the zone is in PPP mode, don't show a mode dropdown |
315 | if ($uc eq "RED") { | |
1dcf513a FB |
316 | my $red_type = $ethsettings{"RED_TYPE"}; |
317 | my $red_restricted = ($uc eq "RED" && ! ($red_type eq "STATIC" || $red_type eq "DHCP")); | |
318 | ||
1dcf513a | 319 | if ($red_restricted) { |
0ec8e31a | 320 | print "<td class='h textcenter $_'>$uc ($red_type)</td>"; |
1dcf513a | 321 | |
1dcf513a FB |
322 | next; # We're done here |
323 | } | |
324 | } | |
325 | ||
326 | my %mode_selected = (); | |
327 | my $zone_mode = $ethsettings{"${uc}_MODE"}; | |
328 | ||
329 | if ($zone_mode eq "") { | |
330 | $mode_selected{"DEFAULT"} = "selected"; | |
331 | } elsif ($zone_mode eq "bridge") { | |
332 | $mode_selected{"BRIDGE"} = "selected"; | |
333 | } elsif ($zone_mode eq "macvtap") { | |
334 | $mode_selected{"MACVTAP"} = "selected"; | |
335 | } | |
336 | ||
337 | print <<END | |
0ec8e31a | 338 | <td class='h textcenter $_'>$uc</br> |
1dcf513a FB |
339 | <select name="MODE $uc"> |
340 | <option value="DEFAULT" $mode_selected{"DEFAULT"}>$Lang::tr{"zoneconf nicmode default"}</option> | |
341 | <option value="BRIDGE" $mode_selected{"BRIDGE"}>$Lang::tr{"zoneconf nicmode bridge"}</option> | |
342 | <option value="MACVTAP" $mode_selected{"MACVTAP"}>$Lang::tr{"zoneconf nicmode macvtap"}</option> | |
343 | </select> | |
344 | </td> | |
345 | END | |
346 | ; | |
0ec8e31a FB |
347 | } |
348 | ||
349 | print "</tr>"; | |
350 | ||
351 | foreach (@nics) { | |
352 | my $mac = $_->[0]; | |
353 | my $nic = $_->[1]; | |
354 | my $wlan = $_->[2]; | |
355 | ||
356 | print "<tr><td class='h narrow textcenter'>$nic<br>$mac</td>"; | |
357 | ||
358 | # Iterate through all zones and check if the current NIC is assigned to it | |
359 | foreach (@zones) { | |
360 | my $uc = uc $_; | |
361 | my $dev_name = $ethsettings{"${uc}_DEV"}; | |
362 | ||
363 | if ($dev_name eq "") { # Again, skip the zone if it is not activated | |
364 | next; | |
365 | } | |
1dcf513a | 366 | |
0ec8e31a FB |
367 | if ($uc eq "RED") { |
368 | my $red_type = $ethsettings{"RED_TYPE"}; | |
369 | my $red_restricted = ($uc eq "RED" && ! ($red_type eq "STATIC" || $red_type eq "DHCP")); | |
1dcf513a | 370 | |
0ec8e31a FB |
371 | # VLANs/Bridging is not possible if the RED interface is set to PPP, PPPoE, VDSL, ... |
372 | if ($red_restricted) { | |
373 | my $checked = ""; | |
1dcf513a | 374 | |
0ec8e31a FB |
375 | if ($mac eq $ethsettings{"${uc}_MACADDR"}) { |
376 | $checked = "checked"; | |
377 | } | |
378 | ||
379 | print "<td class='textcenter'><input type='radio' id='PPPACCESS $mac' name='PPPACCESS' value='$mac' $checked></td>"; | |
380 | next; # We're done here | |
381 | } | |
382 | } | |
383 | ||
384 | my %access_selected = (); | |
385 | my $zone_mode = $ethsettings{"${uc}_MODE"}; | |
386 | my $zone_parent_dev = $vlansettings{"${uc}_PARENT_DEV"}; # ZONE_PARENT_DEV is set if this zone accesses any interface via a VLAN | |
387 | my $field_disabled = "disabled"; # Only enable the VLAN ID input field if the current access mode is VLAN | |
1dcf513a FB |
388 | my $zone_vlan_id = ""; |
389 | ||
0ec8e31a FB |
390 | # If ZONE_PARENT_DEV is set to a NICs name (e.g. green0 or eth0) instead of a MAC address, we have to find out this NICs MAC address |
391 | $zone_parent_dev = &Network::get_mac_by_name($zone_parent_dev); | |
392 | ||
393 | # If the current NIC is accessed by the current zone via a VLAN, the ZONE_PARENT_DEV option corresponds to the current NIC | |
394 | if ($mac eq $zone_parent_dev) { | |
1dcf513a FB |
395 | $access_selected{"VLAN"} = "selected"; |
396 | $field_disabled = ""; | |
397 | $zone_vlan_id = $vlansettings{"${uc}_VLAN_ID"}; | |
0ec8e31a | 398 | } elsif ($zone_mode eq "bridge") { # If the current zone is in bridge mode, all corresponding NICs (Native as well as VLAN) are set via the ZONE_SLAVES option |
1dcf513a FB |
399 | my @slaves = split(/ /, $ethsettings{"${uc}_SLAVES"}); |
400 | ||
401 | foreach (@slaves) { | |
402 | # Slaves can be set to a NICs name so we have to find out its MAC address | |
403 | $_ = &Network::get_mac_by_name($_); | |
404 | ||
405 | if ($_ eq $mac) { | |
406 | $access_selected{"NATIVE"} = "selected"; | |
407 | last; | |
408 | } | |
409 | } | |
0ec8e31a FB |
410 | } elsif ($mac eq $ethsettings{"${uc}_MACADDR"}) { # Native access via ZONE_MACADDR is only set if the zone does not access a NIC via a VLAN and the zone is not in bridge mode |
411 | $access_selected{"NATIVE"} = "selected"; | |
1dcf513a FB |
412 | } |
413 | ||
0ec8e31a | 414 | $access_selected{"NONE"} = ($access_selected{"NATIVE"} eq "") && ($access_selected{"VLAN"} eq "") ? "selected" : ""; |
1dcf513a FB |
415 | my $vlan_disabled = ($wlan) ? "disabled" : ""; |
416 | ||
0ec8e31a FB |
417 | print <<END |
418 | <td class="textcenter"> | |
419 | <select name="ACCESS $uc $mac" onchange="document.getElementById('TAG $uc $mac').disabled = (this.value === 'VLAN' ? false : true)"> | |
420 | <option value="NONE" $access_selected{"NONE"}>- $Lang::tr{"zoneconf access none"} -</option> | |
421 | <option value="NATIVE" $access_selected{"NATIVE"}>$Lang::tr{"zoneconf access native"}</option> | |
422 | <option value="VLAN" $access_selected{"VLAN"} $vlan_disabled>$Lang::tr{"zoneconf access vlan"}</option> | |
423 | </select> | |
424 | <input type="number" id="TAG $uc $mac" name="TAG $uc $mac" min="1" max="4095" value="$zone_vlan_id" $field_disabled> | |
425 | </td> | |
1dcf513a FB |
426 | END |
427 | ; | |
0ec8e31a | 428 | } |
1dcf513a | 429 | |
0ec8e31a | 430 | print "</tr>"; |
1dcf513a FB |
431 | } |
432 | ||
433 | print <<END | |
434 | </table> | |
1d6bc7a0 MT |
435 | |
436 | <div id="submit-container"> | |
437 | <input type="submit" name="ACTION" value="$Lang::tr{"save"}"> | |
438 | </div> | |
439 | </form> | |
1dcf513a FB |
440 | END |
441 | ; | |
442 | ||
443 | ### END OF TABLE ### | |
444 | ||
445 | &Header::closebox(); | |
446 | &Header::closebigbox(); | |
447 | &Header::closepage(); |