]> git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/zoneconf.cgi
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
zoneconf: Fix bug in NIC assignment; Change visibility of unused zones
[ipfire-2.x.git] / html / cgi-bin / zoneconf.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # VLAN Management for IPFire #
5 # Copyright (C) 2019 Florian Bührle <fbuehrle@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23 use Scalar::Util qw(looks_like_number);
24
25 require '/var/ipfire/general-functions.pl';
26 require "${General::swroot}/lang.pl";
27 require "${General::swroot}/header.pl";
28
29 my $css = <<END
30 <style>
31 table {
32 width: 100%;
33 }
34
35 tr {
36 height: 4em;
37 }
38
39 td:first-child {
40 width: 1px;
41 }
42
43 td {
44 padding: 5px;
45 padding-left: 10px;
46 padding-right: 10px;
47 border: 0.5px solid black;
48 }
49
50 table {
51 border-collapse: collapse;
52 }
53
54 td.h {
55 background-color: grey;
56 color: white;
57 font-weight: 800;
58 }
59
60 td.green {
61 background-color: $Header::colourgreen;
62 }
63
64 td.red {
65 background-color: $Header::colourred;
66 }
67
68 td.blue {
69 background-color: $Header::colourblue;
70 }
71
72 td.orange {
73 background-color: $Header::colourorange;
74 }
75
76 td.topleft {
77 background-color: white;
78 border-top-style: none;
79 border-left-style: none;
80 }
81
82 td.disabled {
83 background-color: #cccccc;
84 }
85
86 td.textcenter {
87 text-align: center;
88 }
89
90 #submit-container {
91 width: 100%;
92 padding-top: 20px;
93 text-align: right;
94 }
95
96 #submit-container.input {
97 margin-left: auto;
98 }
99
100 button {
101 margin-top: 1em;
102 }
103
104 </style>
105 END
106 ;
107
108 my %ethsettings = ();
109 my %vlansettings = ();
110 my %cgiparams = ();
111
112 &General::readhash("${General::swroot}/ethernet/settings",\%ethsettings);
113 &General::readhash("${General::swroot}/ethernet/vlans",\%vlansettings);
114
115 &Header::getcgihash(\%cgiparams);
116 &Header::showhttpheaders();
117
118 # Define all zones we will check for NIC assignment
119 my @zones = ("green", "red", "orange", "blue");
120
121 # Get all physical NICs present
122 opendir(my $dh, "/sys/class/net/");
123 my @nics = ();
124
125 while (my $nic = readdir($dh)) {
126 if (-e "/sys/class/net/$nic/device") { # Indicates that the NIC is physical
127 push(@nics, [&Network::get_nic_property($nic, "address"), $nic, 0]);
128 }
129 }
130
131 closedir($dh);
132
133 @nics = sort {$a->[0] cmp $b->[0]} @nics; # Sort nics by their MAC address
134
135 # Name the physical NICs
136 # Even though they may not be really named like this, we will name them ethX or wlanX
137 my $ethcount = 0;
138 my $wlancount = 0;
139
140 foreach (@nics) {
141 my $nic = $_->[1];
142
143 if (-e "/sys/class/net/$nic/wireless") {
144 $_->[1] = "wlan$wlancount";
145 $_->[2] = 1;
146 $wlancount++;
147 } else {
148 $_->[1] = "eth$ethcount";
149 $ethcount++;
150 }
151 }
152
153 &Header::openpage($Lang::tr{"zoneconf title"}, 1, $css);
154 &Header::openbigbox('100%', 'center');
155
156 ### Evaluate POST parameters ###
157
158 if ($cgiparams{"ACTION"} eq $Lang::tr{"save"}) {
159 my %VALIDATE_nic_check = ();
160 my $VALIDATE_error = "";
161
162 foreach (@zones) {
163 my $uc = uc $_;
164 my $slave_string = "";
165 my $zone_mode = $cgiparams{"MODE $uc"};
166 my $VALIDATE_vlancount = 0;
167 my $VALIDATE_zoneslaves = 0;
168
169 if ($zone_mode eq "") { # If this zone is not activated, we don't check it
170 next;
171 }
172
173 $ethsettings{"${uc}_MACADDR"} = "";
174 $ethsettings{"${uc}_MODE"} = "";
175 $ethsettings{"${uc}_SLAVES"} = "";
176 $vlansettings{"${uc}_PARENT_DEV"} = "";
177 $vlansettings{"${uc}_VLAN_ID"} = "";
178 $vlansettings{"${uc}_MAC_ADDRESS"} = "";
179
180 # If RED is not in DHCP or static mode, we only set its MACADDR property
181 if ($uc eq "RED" && ! $cgiparams{"PPPACCESS"} eq "") {
182 foreach (@nics) {
183 my $mac = $_->[0];
184
185 if ($mac eq $cgiparams{"PPPACCESS"}) {
186 $ethsettings{"${uc}_MACADDR"} = $mac;
187
188 # Check if this interface is already accessed by any other zone
189 # If this is the case, show an error message
190 if ($VALIDATE_nic_check{"ACC $mac"}) {
191 $VALIDATE_error = $Lang::tr{"zoneconf val ppp assignment error"};
192 }
193
194 $VALIDATE_nic_check{"RESTRICT $mac"} = 1;
195 last;
196 }
197 }
198
199 next;
200 }
201
202 foreach (@nics) {
203 my $mac = $_->[0];
204 my $nic_access = $cgiparams{"ACCESS $uc $mac"};
205
206 if (! ($nic_access eq "NONE")) {
207 if ($VALIDATE_nic_check{"RESTRICT $mac"}) { # If this interface is already assigned to RED in PPP mode, throw an error
208 $VALIDATE_error = $Lang::tr{"zoneconf val ppp assignment error"};
209 last;
210 }
211
212 if ($zone_mode ne "BRIDGE" && $VALIDATE_zoneslaves > 0) {
213 $VALIDATE_error = $Lang::tr{"zoneconf val zoneslave amount error"};
214 last;
215 }
216
217 $VALIDATE_nic_check{"ACC $mac"} = 1;
218 $VALIDATE_zoneslaves++;
219 }
220
221 if ($nic_access eq "NATIVE") {
222 if ($VALIDATE_nic_check{"NATIVE $mac"}) {
223 $VALIDATE_error = $Lang::tr{"zoneconf val native assignment error"};
224 last;
225 }
226
227 $VALIDATE_nic_check{"NATIVE $mac"} = 1;
228
229 if ($zone_mode eq "BRIDGE") {
230 $slave_string = "${slave_string}${mac} ";
231 } else {
232 $ethsettings{"${uc}_MACADDR"} = $mac;
233 }
234 } elsif ($nic_access eq "VLAN") {
235 my $vlan_tag = $cgiparams{"TAG $uc $mac"};
236
237 if ($VALIDATE_nic_check{"VLAN $mac $vlan_tag"}) {
238 $VALIDATE_error = $Lang::tr{"zoneconf val vlan tag assignment error"};
239 last;
240 }
241
242 $VALIDATE_nic_check{"VLAN $mac $vlan_tag"} = 1;
243
244 if (! looks_like_number($vlan_tag)) {
245 last;
246 }
247 if ($vlan_tag < 1 || $vlan_tag > 4095) {
248 last;
249 }
250
251 my $rnd_mac = &Network::random_mac();
252
253 $vlansettings{"${uc}_PARENT_DEV"} = $mac;
254 $vlansettings{"${uc}_VLAN_ID"} = $vlan_tag;
255 $vlansettings{"${uc}_MAC_ADDRESS"} = $rnd_mac;
256
257 if ($zone_mode eq "BRIDGE") {
258 $slave_string = "${slave_string}${rnd_mac} ";
259 }
260
261 $VALIDATE_vlancount++; # We can't allow more than one VLAN per zone
262 }
263 }
264
265 if ($VALIDATE_vlancount > 1) {
266 $VALIDATE_error = $Lang::tr{"zoneconf val vlan amount assignment error"};
267 last;
268 }
269
270 chop($slave_string);
271
272 if ($zone_mode eq "BRIDGE") {
273 $ethsettings{"${uc}_MODE"} = "bridge";
274 $ethsettings{"${uc}_SLAVES"} = $slave_string;
275 } elsif ($zone_mode eq "MACVTAP") {
276 $ethsettings{"${uc}_MODE"} = "macvtap";
277 }
278 }
279
280 if ($VALIDATE_error) {
281 &Header::openbox('100%', 'left', $Lang::tr{"error"});
282
283 print "$VALIDATE_error<br><a href='/cgi-bin/zoneconf.cgi'><button>$Lang::tr{'ok'}</button></a>";
284
285 &Header::closebox();
286 &Header::closebigbox();
287 &Header::closepage();
288
289 exit 0;
290 }
291
292 &General::writehash("${General::swroot}/ethernet/settings",\%ethsettings);
293 &General::writehash("${General::swroot}/ethernet/vlans",\%vlansettings);
294 }
295
296 &Header::openbox('100%', 'left', $Lang::tr{"zoneconf nic assignment"});
297
298 ### START OF TABLE ###
299
300 print <<END
301 <form method='post' enctype='multipart/form-data'>
302 <table>
303 <tr>
304 <td class="h topleft" /td>
305 END
306 ;
307
308 # Fill the table header with all physical NICs
309 foreach (@nics) {
310 my $mac = $_->[0];
311 my $nic = $_->[1];
312
313 print "<td class='h textcenter'>$nic<br>$mac</td>";
314 }
315
316 print "</tr>";
317
318 foreach (@zones) {
319 my $uc = uc $_;
320 my $dev_name = $ethsettings{"${uc}_DEV"};
321
322 if ($dev_name eq "") { # If the zone is not activated, don't show it
323 next;
324 }
325
326 print "<tr>";
327
328 if ($uc eq "RED") {
329 my $red_type = $ethsettings{"RED_TYPE"};
330 my $red_restricted = ($uc eq "RED" && ! ($red_type eq "STATIC" || $red_type eq "DHCP"));
331
332 # VLANs/Bridging is not possible if the RED interface is set to PPP, PPPoE, VDSL, ...
333 if ($red_restricted) {
334 print "<td class='h $_'>$uc<br>($red_type)</td>";
335
336 foreach (@nics) {
337 my $mac = $_->[0];
338 my $checked = "";
339
340 if ($mac eq $ethsettings{"${uc}_MACADDR"}) {
341 $checked = "checked";
342 }
343
344 print "<td class='textcenter'><input type='radio' id='PPPACCESS $mac' name='PPPACCESS' value='$mac' $checked></td>";
345 }
346
347 print "</tr>";
348 next; # We're done here
349 }
350 }
351
352 my %mode_selected = ();
353 my $zone_mode = $ethsettings{"${uc}_MODE"};
354
355 if ($zone_mode eq "") {
356 $mode_selected{"DEFAULT"} = "selected";
357 } elsif ($zone_mode eq "bridge") {
358 $mode_selected{"BRIDGE"} = "selected";
359 } elsif ($zone_mode eq "macvtap") {
360 $mode_selected{"MACVTAP"} = "selected";
361 }
362
363 print <<END
364 <td class='h $_'>$uc<br>
365 <select name="MODE $uc">
366 <option value="DEFAULT" $mode_selected{"DEFAULT"}>$Lang::tr{"zoneconf nicmode default"}</option>
367 <option value="BRIDGE" $mode_selected{"BRIDGE"}>$Lang::tr{"zoneconf nicmode bridge"}</option>
368 <option value="MACVTAP" $mode_selected{"MACVTAP"}>$Lang::tr{"zoneconf nicmode macvtap"}</option>
369 </select>
370 </td>
371 END
372 ;
373
374 # ZONE_PARENT_DEV is set if this zone accesses any interface via a VLAN
375 my $zone_parent_dev = $vlansettings{"${uc}_PARENT_DEV"};
376
377 # If ZONE_PARENT_DEV is set to a NICs name (e.g. green0 or eth0) instead of a MAC address, we have to find out this NICs MAC address
378 $zone_parent_dev = &Network::get_mac_by_name($zone_parent_dev);
379
380 foreach (@nics) { # Check for all nics if they are assigned to the current zone
381 my %access_selected = ();
382 my $mac = $_->[0];
383 my $wlan = $_->[2];
384 my $field_disabled = "disabled"; # Only enable the VLAN ID input field if the current access mode is VLAN
385 my $zone_vlan_id = "";
386
387 # If the current NIC is accessed by the current zone via a VLAN, the ZONE_PARENT_DEV option corresponds to the current NIC
388 if ($mac eq $zone_parent_dev) {
389 $access_selected{"VLAN"} = "selected";
390 $field_disabled = "";
391 $zone_vlan_id = $vlansettings{"${uc}_VLAN_ID"};
392 }
393
394 # If the current zone is in bridge mode, all corresponding NICs (Native as well as VLAN) are set via the ZONE_SLAVES option
395 if ($zone_mode eq "bridge") {
396 my @slaves = split(/ /, $ethsettings{"${uc}_SLAVES"});
397
398 foreach (@slaves) {
399 # Slaves can be set to a NICs name so we have to find out its MAC address
400 $_ = &Network::get_mac_by_name($_);
401
402 if ($_ eq $mac) {
403 $access_selected{"NATIVE"} = "selected";
404 last;
405 }
406 }
407 } else { # Native access via ZONE_MACADDR is only set if the zone does not access a NIC via a VLAN and the zone is not in bridge mode
408 if ($mac eq $ethsettings{"${uc}_MACADDR"}) {
409 $access_selected{"NATIVE"} = "selected";
410 }
411 }
412
413 $access_selected{"NONE"} = ($access_selected{"NATIVE"} eq "") && ($access_selected{"VLAN"} eq "") ? "selected" : "";
414 my $vlan_disabled = ($wlan) ? "disabled" : "";
415
416 print <<END
417 <td class="textcenter">
418 <select name="ACCESS $uc $mac" onchange="document.getElementById('TAG $uc $mac').disabled = (this.value === 'VLAN' ? false : true)">
419 <option value="NONE" $access_selected{"NONE"}>- $Lang::tr{"zoneconf access none"} -</option>
420 <option value="NATIVE" $access_selected{"NATIVE"}>$Lang::tr{"zoneconf access native"}</option>
421 <option value="VLAN" $access_selected{"VLAN"} $vlan_disabled>$Lang::tr{"zoneconf access vlan"}</option>
422 </select>
423 <input type="number" id="TAG $uc $mac" name="TAG $uc $mac" min="1" max="4095" value="$zone_vlan_id" $field_disabled>
424 </td>
425 END
426 ;
427
428 }
429 print "</tr>";
430 }
431
432 print <<END
433 </table>
434
435 <div id="submit-container">
436 <input type="submit" name="ACTION" value="$Lang::tr{"save"}">
437 </div>
438 </form>
439 END
440 ;
441
442 ### END OF TABLE ###
443
444 &Header::closebox();
445 &Header::closebigbox();
446 &Header::closepage();
IPFire 2.x development tree