require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
+require "${General::swroot}/network-functions.pl";
-my $css = <<END
+###--- HTML HEAD ---###
+my $extraHead = <<END
<style>
- table {
+ table#zoneconf {
width: 100%;
+ border-collapse: collapse;
+ border-style: hidden;
+ table-layout: fixed;
}
- tr {
+ /* row height */
+ #zoneconf tr {
height: 4em;
}
-
- td:first-child {
- width: 1px;
+ #zoneconf tr.half-height {
+ height: 2em;
+ }
+ #zoneconf tr.half-height > td {
+ padding: 2px 10px;
}
- td {
- padding: 5px;
- padding-left: 10px;
- padding-right: 10px;
- border: 0.5px solid black;
+ /* section separators */
+ #zoneconf tr.divider-top {
+ border-top: 2px solid $Header::bordercolour;
+ }
+ #zoneconf tr.divider-bottom {
+ border-bottom: 2px solid $Header::bordercolour;
}
- table {
- border-collapse: collapse;
+ /* table cells */
+ #zoneconf td {
+ padding: 5px 10px;
+ border-left: 0.5px solid $Header::bordercolour;
+ text-align: center;
}
- td.h {
- background-color: grey;
+ /* grey header cells */
+ #zoneconf td.heading {
+ background-color: lightgrey;
color: white;
- font-weight: 800;
+ }
+ #zoneconf td.heading.bold::first-line {
+ font-weight: bold;
+ line-height: 1.6;
}
- td.green {
+ /* narrow left column with background color */
+ #zoneconf tr > td:first-child {
+ width: 11em;
+ }
+ #zoneconf tr.nic-row > td:first-child {
+ background-color: darkgray;
+ }
+ #zoneconf tr.nic-row {
+ border-bottom: 0.5px solid $Header::bordercolour;
+ }
+ #zoneconf tr.option-row > td:first-child {
+ background-color: gray;
+ }
+
+ /* alternating row background color */
+ #zoneconf tr {
+ background-color: $Header::table2colour;
+ }
+ #zoneconf tr:nth-child(2n+3) {
+ background-color: $Header::table1colour;
+ }
+
+ /* special cell colors */
+ #zoneconf td.green {
background-color: $Header::colourgreen;
}
- td.red {
+ #zoneconf td.red {
background-color: $Header::colourred;
}
- td.blue {
+ #zoneconf td.blue {
background-color: $Header::colourblue;
}
- td.orange {
+ #zoneconf td.orange {
background-color: $Header::colourorange;
}
- td.topleft {
- background-color: white;
- border-top-style: none;
- border-left-style: none;
+ #zoneconf td.topleft {
+ background-color: $Header::pagecolour;
}
- td.disabled {
- background-color: #cccccc;
+ input.vlanid {
+ width: 4em;
}
-
- td.textcenter {
- text-align: center;
+ input.stp-priority {
+ width: 5em;
}
#submit-container {
- display: flex;
width: 100%;
- justify-content: space-between;
padding-top: 20px;
- text-align: left;
+ text-align: right;
+ color: red;
}
#submit-container.input {
margin-left: auto;
}
-
- button {
- margin-top: 1em;
- }
-
</style>
+
+<script src="/include/zoneconf.js"></script>
END
;
+###--- END HTML HEAD ---###
+### Read configuration ###
my %ethsettings = ();
my %vlansettings = ();
my %cgiparams = ();
+my $restart_notice = "";
+
&General::readhash("${General::swroot}/ethernet/settings",\%ethsettings);
&General::readhash("${General::swroot}/ethernet/vlans",\%vlansettings);
&Header::getcgihash(\%cgiparams);
&Header::showhttpheaders();
-# Define all zones we will check for NIC assignment
-my @zones = ("green", "red", "orange", "blue");
+# Get all network zones that are currently enabled
+my @zones = Network::get_available_network_zones();
# Get all physical NICs present
opendir(my $dh, "/sys/class/net/");
}
}
-&Header::openpage($Lang::tr{"zoneconf title"}, 1, $css);
+### START PAGE ###
+&Header::openpage($Lang::tr{"zoneconf title"}, 1, $extraHead);
&Header::openbigbox('100%', 'center');
### Evaluate POST parameters ###
if ($cgiparams{"ACTION"} eq $Lang::tr{"save"}) {
- my %VALIDATE_nic_check = ();
- my $VALIDATE_error = "";
+ my %VALIDATE_nic_check = (); # array of flags (assigned, restricted/pppoe, vlan, ...) per NIC
+ my $VALIDATE_error = ""; # contains an error message if the config validation failed
- foreach (@zones) {
+ # Loop trough all known zones to ensure a complete configuration file is created
+ foreach (@Network::known_network_zones) {
my $uc = uc $_;
- my $slave_string = "";
+ my $slave_string = ""; # list of interfaces attached to the bridge
my $zone_mode = $cgiparams{"MODE $uc"};
my $VALIDATE_vlancount = 0;
+ my $VALIDATE_zoneslaves = 0;
+
+ # Each zone can contain up to one bridge and up to one VLAN,
+ # cache their mac addresses to prevent unnecessary changes
+ my $bridge_mac = $ethsettings{"${uc}_MACADDR"};
+ my $vlan_mac = $vlansettings{"${uc}_MAC_ADDRESS"};
+ # Clear old configuration
$ethsettings{"${uc}_MACADDR"} = "";
$ethsettings{"${uc}_MODE"} = "";
$ethsettings{"${uc}_SLAVES"} = "";
}
}
+ # skip NIC/VLAN assignment and additional zone options for RED in PPP mode
next;
}
+ # Zone in bridge mode: Always assign a MAC to the bridge
+ if($zone_mode eq "BRIDGE") {
+ # Ensure that the bridge's cached MAC does not come from a real NIC
+ # (this could happen if the zone was in default mode before)
+ foreach (@nics) {
+ my $nic_mac = $_->[0];
+ if(Network::is_mac_equal($bridge_mac, $nic_mac)) {
+ $bridge_mac = "";
+ last;
+ }
+ }
+
+ # Generate random MAC if none was configured
+ if(! Network::valid_mac($bridge_mac)) {
+ $bridge_mac = Network::random_mac();
+ }
+
+ # Assign the address to the bridge
+ $ethsettings{"${uc}_MACADDR"} = $bridge_mac;
+ }
+
foreach (@nics) {
my $mac = $_->[0];
my $nic_access = $cgiparams{"ACCESS $uc $mac"};
- if (! ($nic_access eq "NONE")) {
+ next unless ($nic_access);
+
+ # This NIC is to be assigned: check preconditions
+ if ($nic_access ne "NONE") {
if ($VALIDATE_nic_check{"RESTRICT $mac"}) { # If this interface is already assigned to RED in PPP mode, throw an error
$VALIDATE_error = $Lang::tr{"zoneconf val ppp assignment error"};
- next;
+ last;
}
+ # Enforce bridge mode when you try to assign multiple NICs to a zone
+ if ($zone_mode ne "BRIDGE" && $VALIDATE_zoneslaves > 0 && $nic_access ne "") {
+ $VALIDATE_error = $Lang::tr{"zoneconf val zoneslave amount error"};
+ last;
+ }
+
+ # Mark this NIC as "accessed by zone"
$VALIDATE_nic_check{"ACC $mac"} = 1;
+ $VALIDATE_zoneslaves++;
}
if ($nic_access eq "NATIVE") {
if ($VALIDATE_nic_check{"NATIVE $mac"}) {
$VALIDATE_error = $Lang::tr{"zoneconf val native assignment error"};
- next;
+ last;
}
$VALIDATE_nic_check{"NATIVE $mac"} = 1;
+ # Zone in bridge mode: Add NIC to slave list. Otherwise access NIC directly
if ($zone_mode eq "BRIDGE") {
$slave_string = "${slave_string}${mac} ";
} else {
if ($VALIDATE_nic_check{"VLAN $mac $vlan_tag"}) {
$VALIDATE_error = $Lang::tr{"zoneconf val vlan tag assignment error"};
- next;
+ last;
}
$VALIDATE_nic_check{"VLAN $mac $vlan_tag"} = 1;
-
- if (! looks_like_number($vlan_tag)) {
- next;
- }
- if ($vlan_tag < 1 || $vlan_tag > 4095) {
- next;
+
+ # check VLAN tag range: 1..4094 (0, 4095 are reserved)
+ unless (looks_like_number($vlan_tag) && ($vlan_tag >= 1) && ($vlan_tag <= 4094)) {
+ $VALIDATE_error = $Lang::tr{"zoneconf val vlan tag range error"};
+ last;
}
- my $rnd_mac = &Network::random_mac();
+ # Generate random MAC if none was configured
+ if(! Network::valid_mac($vlan_mac)) {
+ $vlan_mac = Network::random_mac();
+ }
$vlansettings{"${uc}_PARENT_DEV"} = $mac;
$vlansettings{"${uc}_VLAN_ID"} = $vlan_tag;
- $vlansettings{"${uc}_MAC_ADDRESS"} = $rnd_mac;
+ $vlansettings{"${uc}_MAC_ADDRESS"} = $vlan_mac; # Generated MAC
+ # Zone in bridge mode: Add VLAN to slave list
if ($zone_mode eq "BRIDGE") {
- $slave_string = "${slave_string}${rnd_mac} ";
+ $slave_string = "${slave_string}${vlan_mac} ";
}
$VALIDATE_vlancount++; # We can't allow more than one VLAN per zone
if ($VALIDATE_vlancount > 1) {
$VALIDATE_error = $Lang::tr{"zoneconf val vlan amount assignment error"};
- next;
+ last;
}
chop($slave_string);
if ($zone_mode eq "BRIDGE") {
$ethsettings{"${uc}_MODE"} = "bridge";
$ethsettings{"${uc}_SLAVES"} = $slave_string;
- } elsif ($zone_mode eq "MACVTAP") {
- $ethsettings{"${uc}_MODE"} = "macvtap";
+ }
+
+ # STP options
+ # (this has already been skipped when RED is in PPP mode, so we don't need to check for PPP here)
+ $ethsettings{"${uc}_STP"} = "";
+ my $stp_enabled = $cgiparams{"STP-$uc"} eq "on";
+ my $stp_priority = $cgiparams{"STP-PRIORITY-$uc"};
+
+ if($stp_enabled) {
+ unless($ethsettings{"${uc}_MODE"} eq "bridge") { # STP is only available in bridge mode
+ $VALIDATE_error = $Lang::tr{"zoneconf val stp zone mode error"};
+ last;
+ }
+ unless (looks_like_number($stp_priority) && ($stp_priority >= 1) && ($stp_priority <= 65535)) { # STP bridge priority range: 1..65535
+ $VALIDATE_error = $Lang::tr{"zoneconf val stp priority range error"};
+ last;
+ }
+ $ethsettings{"${uc}_STP"} = "on"; # network-hotplug-bridges expects "on"
+ $ethsettings{"${uc}_STP_PRIORITY"} = $stp_priority;
}
}
+ # validation failed, show error message and exit
if ($VALIDATE_error) {
&Header::openbox('100%', 'left', $Lang::tr{"error"});
- print "$VALIDATE_error<br><a href='/cgi-bin/zoneconf.cgi'><button>$Lang::tr{'ok'}</button></a>";
+ print "$VALIDATE_error<br><br><a href='$ENV{'SCRIPT_NAME'}'>$Lang::tr{'back'}</a>\n";
&Header::closebox();
&Header::closebigbox();
exit 0;
}
+ # new settings are valid, write configuration files
&General::writehash("${General::swroot}/ethernet/settings",\%ethsettings);
&General::writehash("${General::swroot}/ethernet/vlans",\%vlansettings);
-}
-&Header::openbox('100%', 'left', $Lang::tr{"zoneconf nic assignment"});
+ $restart_notice = $Lang::tr{'zoneconf notice reboot'};
+}
### START OF TABLE ###
+&Header::openbox('100%', 'left', $Lang::tr{"zoneconf nic assignment"});
+
print <<END
- <form method='post' enctype='multipart/form-data'>
- <table>
- <tr>
- <td class="h topleft" /td>
+<form method='post' enctype='multipart/form-data'>
+ <table id="zoneconf">
+ <tr class="divider-bottom">
+ <td class="topleft"></td>
END
;
-# Fill the table header with all physical NICs
-foreach (@nics) {
- my $mac = $_->[0];
- my $nic = $_->[1];
-
- print "<td class='h textcenter'>$nic<br>$mac</td>";
-}
-
-print "</tr>";
-
+# Fill the table header with all activated zones
foreach (@zones) {
- print "<tr>";
my $uc = uc $_;
- my $dev_name = $ethsettings{"${uc}_DEV"};
-
- if ($dev_name eq "") { # If the zone is not activated, color it light grey
- print "<td class='h disabled'>$uc</td>";
-
- foreach (@nics) {
- print "<td class='disabled'/>";
- }
-
- print "</tr>";
- next;
- }
-
+ # If the red zone is in PPP mode, don't show a mode dropdown
if ($uc eq "RED") {
my $red_type = $ethsettings{"RED_TYPE"};
- my $red_restricted = ($uc eq "RED" && ! ($red_type eq "STATIC" || $red_type eq "DHCP"));
- # VLANs/Bridging is not possible if the RED interface is set to PPP, PPPoE, VDSL, ...
- if ($red_restricted) {
- print "<td class='h $_'>$uc<br>($red_type)</td>";
+ unless (Network::is_red_mode_ip()) {
+ print "\t\t<td class='heading bold $_'>$uc ($red_type)</td>\n";
- foreach (@nics) {
- my $mac = $_->[0];
- my $checked = "";
-
- if ($mac eq $ethsettings{"${uc}_MACADDR"}) {
- $checked = "checked";
- }
-
- print "<td class='textcenter'><input type='radio' id='PPPACCESS $mac' name='PPPACCESS' value='$mac' $checked></td>";
- }
-
- print "</tr>";
next; # We're done here
}
}
$mode_selected{"DEFAULT"} = "selected";
} elsif ($zone_mode eq "bridge") {
$mode_selected{"BRIDGE"} = "selected";
- } elsif ($zone_mode eq "macvtap") {
- $mode_selected{"MACVTAP"} = "selected";
}
print <<END
- <td class='h $_'>$uc<br>
- <select name="MODE $uc">
+ <td class='heading bold $_'>$uc<br>
+ <select name="MODE $uc" data-zone="$uc" onchange="changeZoneMode(this)">
<option value="DEFAULT" $mode_selected{"DEFAULT"}>$Lang::tr{"zoneconf nicmode default"}</option>
<option value="BRIDGE" $mode_selected{"BRIDGE"}>$Lang::tr{"zoneconf nicmode bridge"}</option>
- <option value="MACVTAP" $mode_selected{"MACVTAP"}>$Lang::tr{"zoneconf nicmode macvtap"}</option>
</select>
</td>
END
;
+}
- # ZONE_PARENT_DEV is set if this zone accesses any interface via a VLAN
- my $zone_parent_dev = $vlansettings{"${uc}_PARENT_DEV"};
+print "\t</tr>\n";
+
+# NIC assignment matrix
+foreach (@nics) {
+ my $mac = $_->[0];
+ my $nic = $_->[1];
+ my $wlan = $_->[2];
- # If ZONE_PARENT_DEV is set to a NICs name (e.g. green0 or eth0) instead of a MAC address, we have to find out this NICs MAC address
- $zone_parent_dev = &Network::get_mac_by_name($zone_parent_dev);
+ print "\t<tr class='nic-row'>\n";
+ print "\t\t<td class='heading bold'>$nic<br>$mac</td>\n";
+
+ # Iterate through all zones and check if the current NIC is assigned to it
+ foreach (@zones) {
+ my $uc = uc $_;
+ my $highlight = "";
+
+ if ($uc eq "RED") {
+ # VLANs/Bridging is not possible if the RED interface is set to PPP, PPPoE, VDSL, ...
+ unless (Network::is_red_mode_ip()) {
+ my $checked = "";
+
+ if ($mac eq $ethsettings{"${uc}_MACADDR"}) {
+ $checked = "checked";
+ $highlight = $_;
+ }
+
+ print <<END
+ <td class="$highlight">
+ <input type="radio" name="PPPACCESS" value="$mac" data-zone="RED" data-mac="$mac" onchange="highlightAccess(this)" $checked>
+ </td>
+END
+;
+ next; # We're done here
+ }
+ }
- foreach (@nics) { # Check for all nics if they are assigned to the current zone
my %access_selected = ();
- my $mac = $_->[0];
- my $wlan = $_->[2];
+ my $zone_mode = $ethsettings{"${uc}_MODE"};
+ my $zone_parent_dev = $vlansettings{"${uc}_PARENT_DEV"}; # ZONE_PARENT_DEV is set if this zone accesses any interface via a VLAN
my $field_disabled = "disabled"; # Only enable the VLAN ID input field if the current access mode is VLAN
my $zone_vlan_id = "";
+ # If ZONE_PARENT_DEV is set to a NICs name (e.g. green0 or eth0) instead of a MAC address, we have to find out this NICs MAC address
+ $zone_parent_dev = &Network::get_mac_by_name($zone_parent_dev);
+
# If the current NIC is accessed by the current zone via a VLAN, the ZONE_PARENT_DEV option corresponds to the current NIC
if ($mac eq $zone_parent_dev) {
$access_selected{"VLAN"} = "selected";
$field_disabled = "";
$zone_vlan_id = $vlansettings{"${uc}_VLAN_ID"};
- }
-
- # If the current zone is in bridge mode, all corresponding NICs (Native as well as VLAN) are set via the ZONE_SLAVES option
- if ($zone_mode eq "bridge") {
+ } elsif ($zone_mode eq "bridge") { # If the current zone is in bridge mode, all corresponding NICs (Native as well as VLAN) are set via the ZONE_SLAVES option
my @slaves = split(/ /, $ethsettings{"${uc}_SLAVES"});
foreach (@slaves) {
last;
}
}
- } else { # Native access via ZONE_MACADDR is only set if the zone does not access a NIC via a VLAN and the zone is not in bridge mode
- if ($mac eq $ethsettings{"${uc}_MACADDR"}) {
- $access_selected{"NATIVE"} = "selected";
- }
+ } elsif ($mac eq $ethsettings{"${uc}_MACADDR"}) { # Native access via ZONE_MACADDR is only set if the zone does not access a NIC via a VLAN and the zone is not in bridge mode
+ $access_selected{"NATIVE"} = "selected";
}
$access_selected{"NONE"} = ($access_selected{"NATIVE"} eq "") && ($access_selected{"VLAN"} eq "") ? "selected" : "";
my $vlan_disabled = ($wlan) ? "disabled" : "";
+ # If the interface is assigned, hightlight table cell
+ if ($access_selected{"NONE"} eq "") {
+ $highlight = $_;
+ }
+
print <<END
- <td class="textcenter">
- <select name="ACCESS $uc $mac" onchange="document.getElementById('TAG $uc $mac').disabled = (this.value === 'VLAN' ? false : true)">
- <option value="NONE" $access_selected{"NONE"}>- $Lang::tr{"zoneconf access none"} -</option>
- <option value="NATIVE" $access_selected{"NATIVE"}>$Lang::tr{"zoneconf access native"}</option>
- <option value="VLAN" $access_selected{"VLAN"} $vlan_disabled>$Lang::tr{"zoneconf access vlan"}</option>
- </select>
- <input type="number" id="TAG $uc $mac" name="TAG $uc $mac" min="1" max="4095" value="$zone_vlan_id" $field_disabled>
- </td>
+ <td class="$highlight">
+ <select name="ACCESS $uc $mac" data-zone="$uc" data-mac="$mac" onchange="highlightAccess(this)">
+ <option value="NONE" $access_selected{"NONE"}>- $Lang::tr{"zoneconf access none"} -</option>
+ <option value="NATIVE" $access_selected{"NATIVE"}>$Lang::tr{"zoneconf access native"}</option>
+ <option value="VLAN" $access_selected{"VLAN"} $vlan_disabled>$Lang::tr{"zoneconf access vlan"}</option>
+ </select>
+ <input type="number" class="vlanid" id="TAG-$uc-$mac" name="TAG $uc $mac" min="1" max="4094" value="$zone_vlan_id" required $field_disabled>
+ </td>
END
;
+ }
+
+ print "\t</tr>\n";
+}
+# STP options
+my @stp_html = (); # form fields buffer (two rows)
+
+foreach (@zones) { # load settings and prepare form elements for each zone
+ my $uc = uc $_;
+
+ # STP is not available if the RED interface is set to PPP, PPPoE, VDSL, ...
+ if ($uc eq "RED") {
+ unless (Network::is_red_mode_ip()) {
+ push(@stp_html, ["\t\t<td></td>\n", "\t\t<td></td>\n"]); # print empty cell
+ next;
+ }
}
- print "</tr>";
+
+ # load configuration
+ my $stp_available = $ethsettings{"${uc}_MODE"} eq "bridge"; # STP is only available in bridge mode
+ my $stp_enabled = $ethsettings{"${uc}_STP"} eq "on";
+ my $stp_priority = $ethsettings{"${uc}_STP_PRIORITY"};
+
+ # set priority to default value if no numerical value is configured
+ $stp_priority = 32768 unless looks_like_number($stp_priority);
+
+ # form element modifiers
+ my $checked = "";
+ my $disabled = "";
+ $checked = "checked" if ($stp_available && $stp_enabled);
+ $disabled = "disabled" unless $stp_available;
+
+ # enable checkbox HTML
+ my $row_1 = <<END
+ <td>
+ <input type="checkbox" id="STP-$uc" name="STP-$uc" data-zone="$uc" onchange="changeEnableSTP(this)" $disabled $checked>
+ </td>
+END
+;
+ $disabled = "disabled" unless $stp_enabled; # STP priority can't be entered if STP is disabled
+
+ # priority input box HTML
+ my $row_2 = <<END
+ <td>
+ <input type="number" class="stp-priority" id="STP-PRIORITY-$uc" name="STP-PRIORITY-$uc" min="1" max="65535" value="$stp_priority" required $disabled>
+ </td>
+END
+;
+ # add fields to buffer
+ push(@stp_html, [$row_1, $row_2]);
+}
+
+# print two rows of prepared form elements
+print <<END
+ <tr class="half-height divider-top option-row">
+ <td class="heading bold">$Lang::tr{"zoneconf stp enable"}</td>
+END
+;
+foreach (@stp_html) {
+ print $_->[0]; # row 1
+}
+print <<END
+ </tr>
+ <tr class="half-height option-row">
+ <td class="heading">$Lang::tr{"zoneconf stp priority"}</td>
+END
+;
+foreach (@stp_html) {
+ print $_->[1]; # row 2
}
+print "\t</tr>\n";
+# footer and submit button
print <<END
</table>
- <div id="submit-container">
- <font color="red">$Lang::tr{"zoneconf warning incorrect configuration"}</font>
- <input type="submit" name="ACTION" value="$Lang::tr{"save"}">
- </div>
- </form>
+
+ <div id="submit-container">
+ $restart_notice
+ <input type="submit" name="ACTION" value="$Lang::tr{"save"}">
+ </div>
+</form>
END
;
projects / people / pmueller / ipfire-2.x.git / blobdiff