From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 2/2] webif: Add a GUI for configuring VLAN interfaces Date: Wed, 08 May 2019 12:11:08 +0100 Message-ID: <1557313868-10327-2-git-send-email-michael.tremer@ipfire.org> In-Reply-To: <1557313868-10327-1-git-send-email-michael.tremer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============9001489853221243498==" List-Id: --===============9001489853221243498== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: Florian B=C3=BChrle This patch adds a new CGI file which allows users to edit the VLAN configuration as well as configuring zones as bridges. Signed-off-by: Michael Tremer --- config/cfgroot/network-functions.pl | 42 ++++ config/menu/30-network.menu | 5 + doc/language_issues.de | 13 ++ doc/language_issues.en | 1 + doc/language_issues.es | 1 + doc/language_issues.fr | 1 + doc/language_issues.it | 1 + doc/language_issues.nl | 1 + doc/language_issues.pl | 1 + doc/language_issues.ru | 1 + doc/language_issues.tr | 1 + doc/language_missings | 98 ++++++++ html/cgi-bin/zoneconf.cgi | 444 ++++++++++++++++++++++++++++++++++= ++ langs/de/cgi-bin/de.pl | 14 ++ langs/en/cgi-bin/en.pl | 14 ++ 15 files changed, 638 insertions(+) create mode 100644 html/cgi-bin/zoneconf.cgi diff --git a/config/cfgroot/network-functions.pl b/config/cfgroot/network-fun= ctions.pl index 2902aabb..8649d05 100644 --- a/config/cfgroot/network-functions.pl +++ b/config/cfgroot/network-functions.pl @@ -402,6 +402,48 @@ sub get_hardware_address($) { return $ret; } =20 +sub get_nic_property { + my $nicname =3D shift; + my $property =3D shift; + my $result; + + open(FILE, "/sys/class/net/$nicname/$property") or die("Could not read prop= erty"); + $result =3D ; + close(FILE); + + chomp($result); + + return $result; +} + +sub valid_mac($) { + my $mac =3D shift; + + return $mac =3D~ /^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$/; +} + +sub random_mac { + my $address =3D "02"; + + for my $i (0 .. 4) { + $address =3D sprintf("$address:%02x", int(rand(255))); + } + + return $address; +} + +sub get_mac_by_name($) { + my $mac =3D shift; + + if ((!&valid_mac($mac)) && ($mac ne "")) { + if (-e "/sys/class/net/$mac/") { + $mac =3D get_nic_property($mac, "address"); + } + } + + return $mac; +} + 1; =20 # Remove the next line to enable the testsuite diff --git a/config/menu/30-network.menu b/config/menu/30-network.menu index 9b27de8..6294117 100644 --- a/config/menu/30-network.menu +++ b/config/menu/30-network.menu @@ -3,6 +3,11 @@ 'title' =3D> "$Lang::tr{'net config'}", 'enabled' =3D> 0, }; + $subnetwork->{'11.zoneconf'} =3D {'caption' =3D> "$Lang::tr{'zoneconf title= '}", + 'uri' =3D> '/cgi-bin/zoneconf.cgi', + 'title' =3D> "$Lang::tr{'zoneconf title'}", + 'enabled' =3D> 1, + }; $subnetwork->{'20.proxy'} =3D {'caption' =3D> "$Lang::tr{'web proxy'}", 'uri' =3D> '/cgi-bin/proxy.cgi', 'title' =3D> "$Lang::tr{'web proxy'}", diff --git a/doc/language_issues.de b/doc/language_issues.de index 5f7bf7b5..b250a35 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -237,6 +237,7 @@ WARNING: translation string unused: err rs 1 WARNING: translation string unused: err rs 6 decrypt WARNING: translation string unused: err rs 7 untartst WARNING: translation string unused: err rs 8 untar +WARNING: translation string unused: error WARNING: translation string unused: error config WARNING: translation string unused: error external access WARNING: translation string unused: esp encryption @@ -734,6 +735,18 @@ WARNING: translation string unused: xtaccess all error WARNING: translation string unused: xtaccess bad transfert WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits +WARNING: translation string unused: zoneconf access native +WARNING: translation string unused: zoneconf access none +WARNING: translation string unused: zoneconf access vlan +WARNING: translation string unused: zoneconf nic assignment +WARNING: translation string unused: zoneconf nicmode bridge +WARNING: translation string unused: zoneconf nicmode default +WARNING: translation string unused: zoneconf nicmode macvtap +WARNING: translation string unused: zoneconf val native assignment error +WARNING: translation string unused: zoneconf val ppp assignment error +WARNING: translation string unused: zoneconf val vlan amount assignment error +WARNING: translation string unused: zoneconf val vlan tag assignment error +WARNING: translation string unused: zoneconf warning incorrect configuration WARNING: untranslated string: Scan for Songs =3D unknown string WARNING: untranslated string: addons =3D Addons WARNING: untranslated string: bytes =3D unknown string diff --git a/doc/language_issues.en b/doc/language_issues.en index 498bf40..f245519 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -2199,3 +2199,4 @@ WARNING: untranslated string: yes =3D Yes WARNING: untranslated string: you can only define one roadwarrior connection= when using pre-shared key authentication =3D You can only define one Roadwar= rior connection when using pre-shared key authentication.
Either you alr= eady have a Roadwarrior connection with pre-shared key authentication, or you= 're trying to add one now. WARNING: untranslated string: your department =3D Your department WARNING: untranslated string: your e-mail =3D Your e-mail address +WARNING: untranslated string: zoneconf title =3D Zone Configuration diff --git a/doc/language_issues.es b/doc/language_issues.es index f3b695f..41833da 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1371,3 +1371,4 @@ WARNING: untranslated string: wlanap management frame p= rotection =3D Management Fr WARNING: untranslated string: wlanap neighbor scan =3D Neighborhood scan WARNING: untranslated string: wlanap neighbor scan warning =3D Warning! Disa= bling may violate regulatory rules! WARNING: untranslated string: wlanap ssid =3D SSID +WARNING: untranslated string: zoneconf title =3D Zone Configuration diff --git a/doc/language_issues.fr b/doc/language_issues.fr index af1f15a..46780db 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -885,3 +885,4 @@ WARNING: untranslated string: wlanap broadcast ssid =3D B= roadcast SSID WARNING: untranslated string: wlanap client isolation =3D Client Isolation WARNING: untranslated string: wlanap management frame protection =3D Managem= ent Frame Protection (802.11w) WARNING: untranslated string: wlanap ssid =3D SSID +WARNING: untranslated string: zoneconf title =3D Zone Configuration diff --git a/doc/language_issues.it b/doc/language_issues.it index 5da8a8d..9d3e0e8 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -1038,3 +1038,4 @@ WARNING: untranslated string: wlanap management frame p= rotection =3D Management Fr WARNING: untranslated string: wlanap neighbor scan =3D Neighborhood scan WARNING: untranslated string: wlanap neighbor scan warning =3D Warning! Disa= bling may violate regulatory rules! WARNING: untranslated string: wlanap ssid =3D SSID +WARNING: untranslated string: zoneconf title =3D Zone Configuration diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 6be2cb6..69cefe1 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -1084,3 +1084,4 @@ WARNING: untranslated string: wlanap management frame p= rotection =3D Management Fr WARNING: untranslated string: wlanap neighbor scan =3D Neighborhood scan WARNING: untranslated string: wlanap neighbor scan warning =3D Warning! Disa= bling may violate regulatory rules! WARNING: untranslated string: wlanap ssid =3D SSID +WARNING: untranslated string: zoneconf title =3D Zone Configuration diff --git a/doc/language_issues.pl b/doc/language_issues.pl index f3b695f..41833da 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1371,3 +1371,4 @@ WARNING: untranslated string: wlanap management frame p= rotection =3D Management Fr WARNING: untranslated string: wlanap neighbor scan =3D Neighborhood scan WARNING: untranslated string: wlanap neighbor scan warning =3D Warning! Disa= bling may violate regulatory rules! WARNING: untranslated string: wlanap ssid =3D SSID +WARNING: untranslated string: zoneconf title =3D Zone Configuration diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 53a655c..b769c75 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1366,3 +1366,4 @@ WARNING: untranslated string: wlanap management frame p= rotection =3D Management Fr WARNING: untranslated string: wlanap neighbor scan =3D Neighborhood scan WARNING: untranslated string: wlanap neighbor scan warning =3D Warning! Disa= bling may violate regulatory rules! WARNING: untranslated string: wlanap ssid =3D SSID +WARNING: untranslated string: zoneconf title =3D Zone Configuration diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 88baad7..6a6893a 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -901,3 +901,4 @@ WARNING: untranslated string: wlanap management frame pro= tection =3D Management Fr WARNING: untranslated string: wlanap neighbor scan =3D Neighborhood scan WARNING: untranslated string: wlanap neighbor scan warning =3D Warning! Disa= bling may violate regulatory rules! WARNING: untranslated string: wlanap ssid =3D SSID +WARNING: untranslated string: zoneconf title =3D Zone Configuration diff --git a/doc/language_missings b/doc/language_missings index 354dbb3..0f3c2a7 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -273,6 +273,7 @@ < encryption < entropy < entropy graphs +< error < fifteen minutes < fireinfo ipfire version < fireinfo is disabled @@ -846,6 +847,19 @@ < wlan client wpa mode ccmp ccmp < wlan client wpa mode ccmp tkip < wlan client wpa mode tkip tkip +< zoneconf access native +< zoneconf access none +< zoneconf access vlan +< zoneconf nic assignment +< zoneconf nicmode bridge +< zoneconf nicmode default +< zoneconf nicmode macvtap +< zoneconf title +< zoneconf val native assignment error +< zoneconf val ppp assignment error +< zoneconf val vlan amount assignment error +< zoneconf val vlan tag assignment error +< zoneconf warning incorrect configuration ############################################################################ # Checking cgi-bin translations for language: fr # ############################################################################ @@ -865,6 +879,7 @@ < dnsforward dnssec disabled < dns forwarding dnssec disabled notice < emerging pro rules +< error < generate ptr < ids apply < ids apply ruleset changes @@ -912,6 +927,19 @@ < wlanap client isolation < wlanap management frame protection < wlanap ssid +< zoneconf access native +< zoneconf access none +< zoneconf access vlan +< zoneconf nic assignment +< zoneconf nicmode bridge +< zoneconf nicmode default +< zoneconf nicmode macvtap +< zoneconf title +< zoneconf val native assignment error +< zoneconf val ppp assignment error +< zoneconf val vlan amount assignment error +< zoneconf val vlan tag assignment error +< zoneconf warning incorrect configuration ############################################################################ # Checking cgi-bin translations for language: it # ############################################################################ @@ -1027,6 +1055,7 @@ < email tls < email usemail < emerging pro rules +< error < fifteen minutes < firewall graph country < firewall graph ip @@ -1189,6 +1218,19 @@ < wlan client password < wlan client tls cipher < wlan client tls version +< zoneconf access native +< zoneconf access none +< zoneconf access vlan +< zoneconf nic assignment +< zoneconf nicmode bridge +< zoneconf nicmode default +< zoneconf nicmode macvtap +< zoneconf title +< zoneconf val native assignment error +< zoneconf val ppp assignment error +< zoneconf val vlan amount assignment error +< zoneconf val vlan tag assignment error +< zoneconf warning incorrect configuration ############################################################################ # Checking cgi-bin translations for language: nl # ############################################################################ @@ -1322,6 +1364,7 @@ < email tls < email usemail < emerging pro rules +< error < fifteen minutes < firewall graph country < firewall graph ip @@ -1524,6 +1567,19 @@ < wlan client password < wlan client tls cipher < wlan client tls version +< zoneconf access native +< zoneconf access none +< zoneconf access vlan +< zoneconf nic assignment +< zoneconf nicmode bridge +< zoneconf nicmode default +< zoneconf nicmode macvtap +< zoneconf title +< zoneconf val native assignment error +< zoneconf val ppp assignment error +< zoneconf val vlan amount assignment error +< zoneconf val vlan tag assignment error +< zoneconf warning incorrect configuration ############################################################################ # Checking cgi-bin translations for language: pl # ############################################################################ @@ -1740,6 +1796,7 @@ < encryption < entropy < entropy graphs +< error < extrahd because there is already a device mounted < extrahd cant umount < extrahd install or load driver @@ -2299,6 +2356,19 @@ < wlan client wpa mode ccmp ccmp < wlan client wpa mode ccmp tkip < wlan client wpa mode tkip tkip +< zoneconf access native +< zoneconf access none +< zoneconf access vlan +< zoneconf nic assignment +< zoneconf nicmode bridge +< zoneconf nicmode default +< zoneconf nicmode macvtap +< zoneconf title +< zoneconf val native assignment error +< zoneconf val ppp assignment error +< zoneconf val vlan amount assignment error +< zoneconf val vlan tag assignment error +< zoneconf warning incorrect configuration ############################################################################ # Checking cgi-bin translations for language: ru # ############################################################################ @@ -2519,6 +2589,7 @@ < encryption < entropy < entropy graphs +< error < extrahd because there is already a device mounted < extrahd cant umount < extrahd install or load driver @@ -3081,6 +3152,19 @@ < wlan client wpa mode ccmp tkip < wlan client wpa mode tkip tkip < year-graph +< zoneconf access native +< zoneconf access none +< zoneconf access vlan +< zoneconf nic assignment +< zoneconf nicmode bridge +< zoneconf nicmode default +< zoneconf nicmode macvtap +< zoneconf title +< zoneconf val native assignment error +< zoneconf val ppp assignment error +< zoneconf val vlan amount assignment error +< zoneconf val vlan tag assignment error +< zoneconf warning incorrect configuration ############################################################################ # Checking cgi-bin translations for language: tr # ############################################################################ @@ -3103,6 +3187,7 @@ < dnsforward forward_servers < dns forwarding dnssec disabled notice < emerging pro rules +< error < fwdfw all subnets < generate ptr < ids apply @@ -3163,3 +3248,16 @@ < wlanap neighbor scan < wlanap neighbor scan warning < wlanap ssid +< zoneconf access native +< zoneconf access none +< zoneconf access vlan +< zoneconf nic assignment +< zoneconf nicmode bridge +< zoneconf nicmode default +< zoneconf nicmode macvtap +< zoneconf title +< zoneconf val native assignment error +< zoneconf val ppp assignment error +< zoneconf val vlan amount assignment error +< zoneconf val vlan tag assignment error +< zoneconf warning incorrect configuration diff --git a/html/cgi-bin/zoneconf.cgi b/html/cgi-bin/zoneconf.cgi new file mode 100644 index 0000000..69a988b --- /dev/null +++ b/html/cgi-bin/zoneconf.cgi @@ -0,0 +1,444 @@ +#!/usr/bin/perl +############################################################################= ### +# = # +# VLAN Management for IPFire = # +# Copyright (C) 2019 Florian B=C3=BChrle = # +# = # +# This program is free software: you can redistribute it and/or modify = # +# it under the terms of the GNU General Public License as published by = # +# the Free Software Foundation, either version 3 of the License, or = # +# (at your option) any later version. = # +# = # +# This program is distributed in the hope that it will be useful, = # +# but WITHOUT ANY WARRANTY; without even the implied warranty of = # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the = # +# GNU General Public License for more details. = # +# = # +# You should have received a copy of the GNU General Public License = # +# along with this program. If not, see . = # +# = # +############################################################################= ### + +use strict; +use Scalar::Util qw(looks_like_number); + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +my $css =3D < + table { + width: 100%; + } + + tr { + height: 4em; + } + + td:first-child { + width: 1px; + } + + td { + padding: 5px; + padding-left: 10px; + padding-right: 10px; + border: 0.5px solid black; + } + + table { + border-collapse: collapse; + } + + td.h { + background-color: grey; + color: white; + font-weight: 800; + } + + td.green { + background-color: $Header::colourgreen; + } + + td.red { + background-color: $Header::colourred; + } + + td.blue { + background-color: $Header::colourblue; + } + + td.orange { + background-color: $Header::colourorange; + } + + td.topleft { + background-color: white; + border-top-style: none; + border-left-style: none; + } + + td.disabled { + background-color: #cccccc; + } + + td.textcenter { + text-align: center; + } + + #submit-container { + display: flex; + width: 100%; + justify-content: space-between; + padding-top: 20px; + text-align: left; + } + + #submit-container.input { + margin-left: auto; + } + + button { + margin-top: 1em; + } + + +END +; + +my %ethsettings =3D (); +my %vlansettings =3D (); +my %cgiparams =3D (); + +&General::readhash("${General::swroot}/ethernet/settings",\%ethsettings); +&General::readhash("${General::swroot}/ethernet/vlans",\%vlansettings); + +&Header::getcgihash(\%cgiparams); +&Header::showhttpheaders(); + +# Define all zones we will check for NIC assignment +my @zones =3D ("green", "red", "orange", "blue"); + +# Get all physical NICs present +opendir(my $dh, "/sys/class/net/"); +my @nics =3D (); + +while (my $nic =3D readdir($dh)) { + if (-e "/sys/class/net/$nic/device") { # Indicates that the NIC is physical + push(@nics, [&Network::get_nic_property($nic, "address"), $nic, 0]); + } +} + +closedir($dh); + +(a)nics =3D sort {$a->[0] cmp $b->[0]} @nics; # Sort nics by their MAC addre= ss + +# Name the physical NICs +# Even though they may not be really named like this, we will name them ethX= or wlanX +my $ethcount =3D 0; +my $wlancount =3D 0; + +foreach (@nics) { + my $nic =3D $_->[1]; + + if (-e "/sys/class/net/$nic/wireless") { + $_->[1] =3D "wlan$wlancount"; + $_->[2] =3D 1; + $wlancount++; + } else { + $_->[1] =3D "eth$ethcount"; + $ethcount++; + } +} + +&Header::openpage($Lang::tr{"zoneconf title"}, 1, $css); +&Header::openbigbox('100%', 'center'); + +### Evaluate POST parameters ### + +if ($cgiparams{"ACTION"} eq $Lang::tr{"save"}) { + my %VALIDATE_nic_check =3D (); + my $VALIDATE_error =3D ""; + + foreach (@zones) { + my $uc =3D uc $_; + my $slave_string =3D ""; + my $zone_mode =3D $cgiparams{"MODE $uc"}; + my $VALIDATE_vlancount =3D 0; + + $ethsettings{"${uc}_MACADDR"} =3D ""; + $ethsettings{"${uc}_MODE"} =3D ""; + $ethsettings{"${uc}_SLAVES"} =3D ""; + $vlansettings{"${uc}_PARENT_DEV"} =3D ""; + $vlansettings{"${uc}_VLAN_ID"} =3D ""; + $vlansettings{"${uc}_MAC_ADDRESS"} =3D ""; + + # If RED is not in DHCP or static mode, we only set its MACADDR property + if ($uc eq "RED" && ! $cgiparams{"PPPACCESS"} eq "") { + foreach (@nics) { + my $mac =3D $_->[0]; + + if ($mac eq $cgiparams{"PPPACCESS"}) { + $ethsettings{"${uc}_MACADDR"} =3D $mac; + + # Check if this interface is already accessed by any other zone + # If this is the case, show an error message + if ($VALIDATE_nic_check{"ACC $mac"}) { + $VALIDATE_error =3D $Lang::tr{"zoneconf val ppp assignment error"}; + } + + $VALIDATE_nic_check{"RESTRICT $mac"} =3D 1; + last; + } + } + + next; + } + + foreach (@nics) { + my $mac =3D $_->[0]; + my $nic_access =3D $cgiparams{"ACCESS $uc $mac"}; + + if (! ($nic_access eq "NONE")) { + if ($VALIDATE_nic_check{"RESTRICT $mac"}) { # If this interface is alrea= dy assigned to RED in PPP mode, throw an error + $VALIDATE_error =3D $Lang::tr{"zoneconf val ppp assignment error"}; + next; + } + + $VALIDATE_nic_check{"ACC $mac"} =3D 1; + } + + if ($nic_access eq "NATIVE") { + if ($VALIDATE_nic_check{"NATIVE $mac"}) { + $VALIDATE_error =3D $Lang::tr{"zoneconf val native assignment error"}; + next; + } + + $VALIDATE_nic_check{"NATIVE $mac"} =3D 1; + + if ($zone_mode eq "BRIDGE") { + $slave_string =3D "${slave_string}${mac} "; + } else { + $ethsettings{"${uc}_MACADDR"} =3D $mac; + } + } elsif ($nic_access eq "VLAN") { + my $vlan_tag =3D $cgiparams{"TAG $uc $mac"}; + + if ($VALIDATE_nic_check{"VLAN $mac $vlan_tag"}) { + $VALIDATE_error =3D $Lang::tr{"zoneconf val vlan tag assignment error"}; + next; + } + + $VALIDATE_nic_check{"VLAN $mac $vlan_tag"} =3D 1; + + if (! looks_like_number($vlan_tag)) { + next; + } + if ($vlan_tag < 1 || $vlan_tag > 4095) { + next; + } + + my $rnd_mac =3D &Network::random_mac(); + + $vlansettings{"${uc}_PARENT_DEV"} =3D $mac; + $vlansettings{"${uc}_VLAN_ID"} =3D $vlan_tag; + $vlansettings{"${uc}_MAC_ADDRESS"} =3D $rnd_mac; + + if ($zone_mode eq "BRIDGE") { + $slave_string =3D "${slave_string}${rnd_mac} "; + } + + $VALIDATE_vlancount++; # We can't allow more than one VLAN per zone + } + } + + if ($VALIDATE_vlancount > 1) { + $VALIDATE_error =3D $Lang::tr{"zoneconf val vlan amount assignment error"= }; + next; + } + + chop($slave_string); + + if ($zone_mode eq "BRIDGE") { + $ethsettings{"${uc}_MODE"} =3D "bridge"; + $ethsettings{"${uc}_SLAVES"} =3D $slave_string; + } elsif ($zone_mode eq "MACVTAP") { + $ethsettings{"${uc}_MODE"} =3D "macvtap"; + } + } + + if ($VALIDATE_error) { + &Header::openbox('100%', 'left', $Lang::tr{"error"}); + + print "$VALIDATE_error
"; + + &Header::closebox(); + &Header::closebigbox(); + &Header::closepage(); + + exit 0; + } + + &General::writehash("${General::swroot}/ethernet/settings",\%ethsettings); + &General::writehash("${General::swroot}/ethernet/vlans",\%vlansettings); +} + +&Header::openbox('100%', 'left', $Lang::tr{"zoneconf nic assignment"}); + +### START OF TABLE ### + +print < + + + "; +} + +print ""; + +foreach (@zones) { + print ""; + my $uc =3D uc $_; + + my $dev_name =3D $ethsettings{"${uc}_DEV"}; + + if ($dev_name eq "") { # If the zone is not activated, color it light grey + print ""; + + foreach (@nics) { + print ""; + next; + } + + if ($uc eq "RED") { + my $red_type =3D $ethsettings{"RED_TYPE"}; + my $red_restricted =3D ($uc eq "RED" && ! ($red_type eq "STATIC" || $red_t= ype eq "DHCP")); + + # VLANs/Bridging is not possible if the RED interface is set to PPP, PPPoE= , VDSL, ... + if ($red_restricted) { + print ""; + + foreach (@nics) { + my $mac =3D $_->[0]; + my $checked =3D ""; + + if ($mac eq $ethsettings{"${uc}_MACADDR"}) { + $checked =3D "checked"; + } + + print ""; + } + + print ""; + next; # We're done here + } + } + + my %mode_selected =3D (); + my $zone_mode =3D $ethsettings{"${uc}_MODE"}; + + if ($zone_mode eq "") { + $mode_selected{"DEFAULT"} =3D "selected"; + } elsif ($zone_mode eq "bridge") { + $mode_selected{"BRIDGE"} =3D "selected"; + } elsif ($zone_mode eq "macvtap") { + $mode_selected{"MACVTAP"} =3D "selected"; + } + + print <$uc
+ + +END +; + + # ZONE_PARENT_DEV is set if this zone accesses any interface via a VLAN + my $zone_parent_dev =3D $vlansettings{"${uc}_PARENT_DEV"}; + + # If ZONE_PARENT_DEV is set to a NICs name (e.g. green0 or eth0) instead of= a MAC address, we have to find out this NICs MAC address + $zone_parent_dev =3D &Network::get_mac_by_name($zone_parent_dev); + + foreach (@nics) { # Check for all nics if they are assigned to the current = zone + my %access_selected =3D (); + my $mac =3D $_->[0]; + my $wlan =3D $_->[2]; + my $field_disabled =3D "disabled"; # Only enable the VLAN ID input field i= f the current access mode is VLAN + my $zone_vlan_id =3D ""; + + # If the current NIC is accessed by the current zone via a VLAN, the ZONE_= PARENT_DEV option corresponds to the current NIC + if ($mac eq $zone_parent_dev) { + $access_selected{"VLAN"} =3D "selected"; + $field_disabled =3D ""; + $zone_vlan_id =3D $vlansettings{"${uc}_VLAN_ID"}; + } + + # If the current zone is in bridge mode, all corresponding NICs (Native as= well as VLAN) are set via the ZONE_SLAVES option + if ($zone_mode eq "bridge") { + my @slaves =3D split(/ /, $ethsettings{"${uc}_SLAVES"}); + + foreach (@slaves) { + # Slaves can be set to a NICs name so we have to find out its MAC address + $_ =3D &Network::get_mac_by_name($_); + + if ($_ eq $mac) { + $access_selected{"NATIVE"} =3D "selected"; + last; + } + } + } else { # Native access via ZONE_MACADDR is only set if the zone does not= access a NIC via a VLAN and the zone is not in bridge mode + if ($mac eq $ethsettings{"${uc}_MACADDR"}) { + $access_selected{"NATIVE"} =3D "selected"; + } + } + + $access_selected{"NONE"} =3D ($access_selected{"NATIVE"} eq "") && ($acces= s_selected{"VLAN"} eq "") ? "selected" : ""; + my $vlan_disabled =3D ($wlan) ? "disabled" : ""; + + print < + + + +END +; + + } + print ""; +} + +print < +
+ $Lang::tr{"zoneconf warning incorrect configuration"}= + +
+ +END +; + +### END OF TABLE ### + +&Header::closebox(); +&Header::closebigbox(); +&Header::closepage(); diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 0fc1ecf..dec4a9f 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -961,6 +961,7 @@ 'err rs 6 decrypt' =3D> 'Fehler beim Entschl=C3=BCsseln des Archivs', 'err rs 7 untartst' =3D> 'Ung=C3=BCltiges entschl=C3=BCsseltes Archiv', 'err rs 8 untar' =3D> 'Fehler beim un-tar-en des Archivs', +'error' =3D> 'Fehler', 'error config' =3D> 'Kann /var/ipfire/ovpn/config/ZERINA.ovpn nicht =C3=B6ff= nen!', 'error external access' =3D> 'Kann /var/ipfire/xtaccess/config nicht =C3=B6f= fnen (external acccess could not be granted)!', 'error messages' =3D> 'Fehlermeldungen', @@ -2879,6 +2880,19 @@ 'you can only define one roadwarrior connection when using pre-shared key au= thentication' =3D> 'Sie k=C3=B6nnen nur eine Roadwarrior-Verbindung definiere= n, wenn die Pre-shared-Schl=C3=BCsselauthentifizierung verwendet wird.
En= tweder haben Sie bereits eine Roadwarrior-Verbindung mit Pre-shared-Schl=C3= =BCsselauthentifizierung, oder Sie versuchen gerade, eine hinzuzuf=C3=BCgen.', 'your department' =3D> 'Ihre Abteilung', 'your e-mail' =3D> 'Ihre E-Mail-Adresse', +'zoneconf access native' =3D> 'Nativ', +'zoneconf access none' =3D> 'Keine', +'zoneconf access vlan' =3D> 'VLAN', +'zoneconf nic assignment' =3D> 'Netzwerkkarten-Zuordnung', +'zoneconf nicmode bridge' =3D> 'Br=C3=BCcke', +'zoneconf nicmode default' =3D> 'Normal', +'zoneconf nicmode macvtap' =3D> 'Macvtap', +'zoneconf title' =3D> 'Zonen einrichten', +'zoneconf val native assignment error' =3D> 'Eine Netzwerkkarte kann nicht v= on mehreren Zonen nativ verwendet werden.', +'zoneconf val ppp assignment error' =3D> 'Die Netzwerkkarte, die von RED im = PPP-Modus verwendet wird, kann keiner anderen Zone zugeordnet werden.', +'zoneconf val vlan amount assignment error' =3D> 'Pro Zone kann nur ein VLAN= verwendet werden.', +'zoneconf val vlan tag assignment error' =3D> 'Pro Netzwerkkarte kann dersel= be VLAN-Tag nur einmal verwendet werden.', +'zoneconf warning incorrect configuration' =3D> 'Achtung: Fehlerhafte Einste= llungen k=C3=B6nnen dazu f=C3=BChren, dass diese Webseite nicht mehr erreichb= ar ist!', ); =20 #EOF diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index d14a860..005a352 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -991,6 +991,7 @@ 'err rs 6 decrypt' =3D> 'Error decrypting archive', 'err rs 7 untartst' =3D> 'Invalid decrypted archive', 'err rs 8 untar' =3D> 'Error untarring archive', +'error' =3D> 'Error', 'error config' =3D> 'Could not open /var/ipfire/ovpn/config/ZERINA.ovpn !', 'error external access' =3D> 'Could not open /var/ipfire/xtaccess/config (ex= ternal acccess could not be granted)!', 'error messages' =3D> 'Error messages', @@ -2928,6 +2929,19 @@ 'you can only define one roadwarrior connection when using pre-shared key au= thentication' =3D> 'You can only define one Roadwarrior connection when using= pre-shared key authentication.
Either you already have a Roadwarrior co= nnection with pre-shared key authentication, or you\'re trying to add one now= .', 'your department' =3D> 'Your department', 'your e-mail' =3D> 'Your e-mail address', +'zoneconf access native' =3D> 'Native', +'zoneconf access none' =3D> 'None', +'zoneconf access vlan' =3D> 'VLAN', +'zoneconf nic assignment' =3D> 'NIC Assignment', +'zoneconf nicmode bridge' =3D> 'Bridge', +'zoneconf nicmode default' =3D> 'Default', +'zoneconf nicmode macvtap' =3D> 'Macvtap', +'zoneconf title' =3D> 'Zone Configuration', +'zoneconf val native assignment error' =3D> 'A NIC can\'t be accessed native= ly by more than one zone.', +'zoneconf val ppp assignment error' =3D> 'The NIC used for RED in PPP mode c= an\'t be accessed by any other zone.', +'zoneconf val vlan amount assignment error' =3D> 'A zone can\'t have more th= an one VLAN assigned.', +'zoneconf val vlan tag assignment error' =3D> 'You can\'t use the same VLAN = tag more than once per NIC.', +'zoneconf warning incorrect configuration' =3D> 'Warning: Incorrect configur= ation may render this web interface unreachable!', ); =20 #EOF --=20 2.6.3 --===============9001489853221243498==--
+END +; + +# Fill the table header with all physical NICs +foreach (@nics) { + my $mac =3D $_->[0]; + my $nic =3D $_->[1]; + + print "$nic
$mac
$uc"; + } + + print "
$uc
($red_type)