]>
git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/zoneconf.cgi
69a988bf2c676898b0a0d2aa43b8077c5dfbc4ca
2 ###############################################################################
4 # VLAN Management for IPFire #
5 # Copyright (C) 2019 Florian Bührle <fbuehrle@ipfire.org> #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
23 use Scalar
::Util
qw(looks_like_number);
25 require '/var/ipfire/general-functions.pl';
26 require "${General::swroot}/lang.pl";
27 require "${General::swroot}/header.pl";
47 border: 0.5px solid black;
51 border-collapse: collapse;
55 background-color: grey;
61 background-color: $Header::colourgreen;
65 background-color: $Header::colourred;
69 background-color: $Header::colourblue;
73 background-color: $Header::colourorange;
77 background-color: white;
78 border-top-style: none;
79 border-left-style: none;
83 background-color: #cccccc;
93 justify-content: space-between;
98 #submit-container.input {
110 my %ethsettings = ();
111 my %vlansettings = ();
114 &General
::readhash
("${General::swroot}/ethernet/settings",\
%ethsettings);
115 &General
::readhash
("${General::swroot}/ethernet/vlans",\
%vlansettings);
117 &Header
::getcgihash
(\
%cgiparams);
118 &Header
::showhttpheaders
();
120 # Define all zones we will check for NIC assignment
121 my @zones = ("green", "red", "orange", "blue");
123 # Get all physical NICs present
124 opendir(my $dh, "/sys/class/net/");
127 while (my $nic = readdir($dh)) {
128 if (-e
"/sys/class/net/$nic/device") { # Indicates that the NIC is physical
129 push(@nics, [&Network
::get_nic_property
($nic, "address"), $nic, 0]);
135 @nics = sort {$a->[0] cmp $b->[0]} @nics; # Sort nics by their MAC address
137 # Name the physical NICs
138 # Even though they may not be really named like this, we will name them ethX or wlanX
145 if (-e
"/sys/class/net/$nic/wireless") {
146 $_->[1] = "wlan$wlancount";
150 $_->[1] = "eth$ethcount";
155 &Header
::openpage
($Lang::tr
{"zoneconf title"}, 1, $css);
156 &Header
::openbigbox
('100%', 'center');
158 ### Evaluate POST parameters ###
160 if ($cgiparams{"ACTION"} eq $Lang::tr
{"save"}) {
161 my %VALIDATE_nic_check = ();
162 my $VALIDATE_error = "";
166 my $slave_string = "";
167 my $zone_mode = $cgiparams{"MODE $uc"};
168 my $VALIDATE_vlancount = 0;
170 $ethsettings{"${uc}_MACADDR"} = "";
171 $ethsettings{"${uc}_MODE"} = "";
172 $ethsettings{"${uc}_SLAVES"} = "";
173 $vlansettings{"${uc}_PARENT_DEV"} = "";
174 $vlansettings{"${uc}_VLAN_ID"} = "";
175 $vlansettings{"${uc}_MAC_ADDRESS"} = "";
177 # If RED is not in DHCP or static mode, we only set its MACADDR property
178 if ($uc eq "RED" && ! $cgiparams{"PPPACCESS"} eq "") {
182 if ($mac eq $cgiparams{"PPPACCESS"}) {
183 $ethsettings{"${uc}_MACADDR"} = $mac;
185 # Check if this interface is already accessed by any other zone
186 # If this is the case, show an error message
187 if ($VALIDATE_nic_check{"ACC $mac"}) {
188 $VALIDATE_error = $Lang::tr
{"zoneconf val ppp assignment error"};
191 $VALIDATE_nic_check{"RESTRICT $mac"} = 1;
201 my $nic_access = $cgiparams{"ACCESS $uc $mac"};
203 if (! ($nic_access eq "NONE")) {
204 if ($VALIDATE_nic_check{"RESTRICT $mac"}) { # If this interface is already assigned to RED in PPP mode, throw an error
205 $VALIDATE_error = $Lang::tr
{"zoneconf val ppp assignment error"};
209 $VALIDATE_nic_check{"ACC $mac"} = 1;
212 if ($nic_access eq "NATIVE") {
213 if ($VALIDATE_nic_check{"NATIVE $mac"}) {
214 $VALIDATE_error = $Lang::tr
{"zoneconf val native assignment error"};
218 $VALIDATE_nic_check{"NATIVE $mac"} = 1;
220 if ($zone_mode eq "BRIDGE") {
221 $slave_string = "${slave_string}${mac} ";
223 $ethsettings{"${uc}_MACADDR"} = $mac;
225 } elsif ($nic_access eq "VLAN") {
226 my $vlan_tag = $cgiparams{"TAG $uc $mac"};
228 if ($VALIDATE_nic_check{"VLAN $mac $vlan_tag"}) {
229 $VALIDATE_error = $Lang::tr
{"zoneconf val vlan tag assignment error"};
233 $VALIDATE_nic_check{"VLAN $mac $vlan_tag"} = 1;
235 if (! looks_like_number
($vlan_tag)) {
238 if ($vlan_tag < 1 || $vlan_tag > 4095) {
242 my $rnd_mac = &Network
::random_mac
();
244 $vlansettings{"${uc}_PARENT_DEV"} = $mac;
245 $vlansettings{"${uc}_VLAN_ID"} = $vlan_tag;
246 $vlansettings{"${uc}_MAC_ADDRESS"} = $rnd_mac;
248 if ($zone_mode eq "BRIDGE") {
249 $slave_string = "${slave_string}${rnd_mac} ";
252 $VALIDATE_vlancount++; # We can't allow more than one VLAN per zone
256 if ($VALIDATE_vlancount > 1) {
257 $VALIDATE_error = $Lang::tr
{"zoneconf val vlan amount assignment error"};
263 if ($zone_mode eq "BRIDGE") {
264 $ethsettings{"${uc}_MODE"} = "bridge";
265 $ethsettings{"${uc}_SLAVES"} = $slave_string;
266 } elsif ($zone_mode eq "MACVTAP") {
267 $ethsettings{"${uc}_MODE"} = "macvtap";
271 if ($VALIDATE_error) {
272 &Header
::openbox
('100%', 'left', $Lang::tr
{"error"});
274 print "$VALIDATE_error<br><a href='/cgi-bin/zoneconf.cgi'><button>$Lang::tr{'ok'}</button></a>";
277 &Header
::closebigbox
();
278 &Header
::closepage
();
283 &General
::writehash
("${General::swroot}/ethernet/settings",\
%ethsettings);
284 &General
::writehash
("${General::swroot}/ethernet/vlans",\
%vlansettings);
287 &Header
::openbox
('100%', 'left', $Lang::tr
{"zoneconf nic assignment"});
289 ### START OF TABLE ###
292 <form method='post' enctype='multipart/form-data'>
295 <td class="h topleft" /td>
299 # Fill the table header with all physical NICs
304 print "<td class='h textcenter'>$nic<br>$mac</td>";
313 my $dev_name = $ethsettings{"${uc}_DEV"};
315 if ($dev_name eq "") { # If the zone is not activated, color it light grey
316 print "<td class='h disabled'>$uc</td>";
319 print "<td class='disabled'/>";
327 my $red_type = $ethsettings{"RED_TYPE"};
328 my $red_restricted = ($uc eq "RED" && ! ($red_type eq "STATIC" || $red_type eq "DHCP"));
330 # VLANs/Bridging is not possible if the RED interface is set to PPP, PPPoE, VDSL, ...
331 if ($red_restricted) {
332 print "<td class='h $_'>$uc<br>($red_type)</td>";
338 if ($mac eq $ethsettings{"${uc}_MACADDR"}) {
339 $checked = "checked";
342 print "<td class='textcenter'><input type='radio' id='PPPACCESS $mac' name='PPPACCESS' value='$mac' $checked></td>";
346 next; # We're done here
350 my %mode_selected = ();
351 my $zone_mode = $ethsettings{"${uc}_MODE"};
353 if ($zone_mode eq "") {
354 $mode_selected{"DEFAULT"} = "selected";
355 } elsif ($zone_mode eq "bridge") {
356 $mode_selected{"BRIDGE"} = "selected";
357 } elsif ($zone_mode eq "macvtap") {
358 $mode_selected{"MACVTAP"} = "selected";
362 <td class='h $_'>$uc<br>
363 <select name="MODE $uc">
364 <option value="DEFAULT" $mode_selected{"DEFAULT"}>$Lang::tr{"zoneconf nicmode default"}</option>
365 <option value="BRIDGE" $mode_selected{"BRIDGE"}>$Lang::tr{"zoneconf nicmode bridge"}</option>
366 <option value="MACVTAP" $mode_selected{"MACVTAP"}>$Lang::tr{"zoneconf nicmode macvtap"}</option>
372 # ZONE_PARENT_DEV is set if this zone accesses any interface via a VLAN
373 my $zone_parent_dev = $vlansettings{"${uc}_PARENT_DEV"};
375 # If ZONE_PARENT_DEV is set to a NICs name (e.g. green0 or eth0) instead of a MAC address, we have to find out this NICs MAC address
376 $zone_parent_dev = &Network
::get_mac_by_name
($zone_parent_dev);
378 foreach (@nics) { # Check for all nics if they are assigned to the current zone
379 my %access_selected = ();
382 my $field_disabled = "disabled"; # Only enable the VLAN ID input field if the current access mode is VLAN
383 my $zone_vlan_id = "";
385 # If the current NIC is accessed by the current zone via a VLAN, the ZONE_PARENT_DEV option corresponds to the current NIC
386 if ($mac eq $zone_parent_dev) {
387 $access_selected{"VLAN"} = "selected";
388 $field_disabled = "";
389 $zone_vlan_id = $vlansettings{"${uc}_VLAN_ID"};
392 # If the current zone is in bridge mode, all corresponding NICs (Native as well as VLAN) are set via the ZONE_SLAVES option
393 if ($zone_mode eq "bridge") {
394 my @slaves = split(/ /, $ethsettings{"${uc}_SLAVES"});
397 # Slaves can be set to a NICs name so we have to find out its MAC address
398 $_ = &Network
::get_mac_by_name
($_);
401 $access_selected{"NATIVE"} = "selected";
405 } else { # Native access via ZONE_MACADDR is only set if the zone does not access a NIC via a VLAN and the zone is not in bridge mode
406 if ($mac eq $ethsettings{"${uc}_MACADDR"}) {
407 $access_selected{"NATIVE"} = "selected";
411 $access_selected{"NONE"} = ($access_selected{"NATIVE"} eq "") && ($access_selected{"VLAN"} eq "") ?
"selected" : "";
412 my $vlan_disabled = ($wlan) ?
"disabled" : "";
415 <td class="textcenter">
416 <select name="ACCESS $uc $mac" onchange="document.getElementById('TAG $uc $mac').disabled = (this.value === 'VLAN' ? false : true)">
417 <option value="NATIVE" $access_selected{"NATIVE"}>$Lang::tr{"zoneconf access native"}</option>
418 <option value="VLAN" $access_selected{"VLAN"} $vlan_disabled>$Lang::tr{"zoneconf access vlan"}</option>
419 <option value="NONE" $access_selected{"NONE"}>$Lang::tr{"zoneconf access none"}</option>
421 <input type="number" id="TAG $uc $mac" name="TAG $uc $mac" min="1" max="4095" value="$zone_vlan_id" $field_disabled>
432 <div id="submit-container">
433 <font color="red">$Lang::tr{"zoneconf warning incorrect configuration"}</font>
434 <input type="submit" name="ACTION" value="$Lang::tr{"save"}">
443 &Header
::closebigbox
();
444 &Header
::closepage
();