From: Leo-Andres Hofmann <hofmann@leo-andres.de>
To: development@lists.ipfire.org
Subject: [PATCH 2/2] zoneconf.cgi: Avoid unnecessary MAC address changes
Date: Wed, 24 Mar 2021 17:47:16 +0100 [thread overview]
Message-ID: <20210324164716.387-2-hofmann@leo-andres.de> (raw)
In-Reply-To: <20210324164716.387-1-hofmann@leo-andres.de>
[-- Attachment #1: Type: text/plain, Size: 4497 bytes --]
Ensure that a bridge always has a MAC address configured, to prevent
udev/network-hotplug-bridges assigning random addresses at each start.
Cache previously generated MAC addresses so that they are not
regenerated each time the configuration is saved by the user.
Add more comments to existing code.
Fixes: #12583
Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
---
html/cgi-bin/zoneconf.cgi | 47 ++++++++++++++++++++++++++++++++++-----
1 file changed, 41 insertions(+), 6 deletions(-)
diff --git a/html/cgi-bin/zoneconf.cgi b/html/cgi-bin/zoneconf.cgi
index c0d44764f..ad0ec85fa 100644
--- a/html/cgi-bin/zoneconf.cgi
+++ b/html/cgi-bin/zoneconf.cgi
@@ -195,17 +195,23 @@ foreach (@nics) {
### Evaluate POST parameters ###
if ($cgiparams{"ACTION"} eq $Lang::tr{"save"}) {
- my %VALIDATE_nic_check = ();
- my $VALIDATE_error = "";
+ my %VALIDATE_nic_check = (); # array of flags (assigned, restricted/pppoe, vlan, ...) per NIC
+ my $VALIDATE_error = ""; # contains an error message if the config validation failed
# Loop trough all known zones to ensure a complete configuration file is created
foreach (@Network::known_network_zones) {
my $uc = uc $_;
- my $slave_string = "";
+ my $slave_string = ""; # list of interfaces attached to the bridge
my $zone_mode = $cgiparams{"MODE $uc"};
my $VALIDATE_vlancount = 0;
my $VALIDATE_zoneslaves = 0;
+ # Each zone can contain up to one bridge and up to one VLAN,
+ # cache their mac addresses to prevent unnecessary changes
+ my $bridge_mac = $ethsettings{"${uc}_MACADDR"};
+ my $vlan_mac = $vlansettings{"${uc}_MAC_ADDRESS"};
+
+ # Clear old configuration
$ethsettings{"${uc}_MACADDR"} = "";
$ethsettings{"${uc}_MODE"} = "";
$ethsettings{"${uc}_SLAVES"} = "";
@@ -236,23 +242,47 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{"save"}) {
next;
}
+ # Zone in bridge mode: Always assign a MAC to the bridge
+ if($zone_mode eq "BRIDGE") {
+ # Ensure that the bridge's cached MAC does not come from a real NIC
+ # (this could happen if the zone was in default mode before)
+ foreach (@nics) {
+ my $nic_mac = $_->[0];
+ if(Network::is_mac_equal($bridge_mac, $nic_mac)) {
+ $bridge_mac = "";
+ last;
+ }
+ }
+
+ # Generate random MAC if none was configured
+ if(! Network::valid_mac($bridge_mac)) {
+ $bridge_mac = Network::random_mac();
+ }
+
+ # Assign the address to the bridge
+ $ethsettings{"${uc}_MACADDR"} = $bridge_mac;
+ }
+
foreach (@nics) {
my $mac = $_->[0];
my $nic_access = $cgiparams{"ACCESS $uc $mac"};
next unless ($nic_access);
+ # This NIC is to be assigned: check preconditions
if ($nic_access ne "NONE") {
if ($VALIDATE_nic_check{"RESTRICT $mac"}) { # If this interface is already assigned to RED in PPP mode, throw an error
$VALIDATE_error = $Lang::tr{"zoneconf val ppp assignment error"};
last;
}
+ # Enforce bridge mode when you try to assign multiple NICs to a zone
if ($zone_mode ne "BRIDGE" && $VALIDATE_zoneslaves > 0 && $nic_access ne "") {
$VALIDATE_error = $Lang::tr{"zoneconf val zoneslave amount error"};
last;
}
+ # Mark this NIC as "accessed by zone"
$VALIDATE_nic_check{"ACC $mac"} = 1;
$VALIDATE_zoneslaves++;
}
@@ -265,6 +295,7 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{"save"}) {
$VALIDATE_nic_check{"NATIVE $mac"} = 1;
+ # Zone in bridge mode: Add NIC to slave list. Otherwise access NIC directly
if ($zone_mode eq "BRIDGE") {
$slave_string = "${slave_string}${mac} ";
} else {
@@ -286,14 +317,18 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{"save"}) {
last;
}
- my $rnd_mac = &Network::random_mac();
+ # Generate random MAC if none was configured
+ if(! Network::valid_mac($vlan_mac)) {
+ $vlan_mac = Network::random_mac();
+ }
$vlansettings{"${uc}_PARENT_DEV"} = $mac;
$vlansettings{"${uc}_VLAN_ID"} = $vlan_tag;
- $vlansettings{"${uc}_MAC_ADDRESS"} = $rnd_mac;
+ $vlansettings{"${uc}_MAC_ADDRESS"} = $vlan_mac; # Generated MAC
+ # Zone in bridge mode: Add VLAN to slave list
if ($zone_mode eq "BRIDGE") {
- $slave_string = "${slave_string}${rnd_mac} ";
+ $slave_string = "${slave_string}${vlan_mac} ";
}
$VALIDATE_vlancount++; # We can't allow more than one VLAN per zone
--
2.27.0.windows.1
prev parent reply other threads:[~2021-03-24 16:47 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-24 16:47 [PATCH 1/2] network-functions.pl: Add MAC address compare function Leo-Andres Hofmann
2021-03-24 16:47 ` Leo-Andres Hofmann [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210324164716.387-2-hofmann@leo-andres.de \
--to=hofmann@leo-andres.de \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox