From 0eef844192ea2a7d0f87f0c5af74bf8ed87e5d3a Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Tue, 31 May 2016 14:24:12 +0200 Subject: [PATCH] (filter, plugins) add structure to interface plugins Valid properties for interfaces currently are: * enable (bool) * virtual (bool) * networks, list of networks (network, mask) * if, device node * descr, user friendly description --- src/etc/inc/filter.inc | 82 ++++++++++--------- src/etc/inc/plugins.inc.d/plugin_ifgroups.inc | 1 + src/etc/inc/plugins.inc.d/plugin_ipsec.inc | 1 + src/etc/inc/plugins.inc.d/plugin_openvpn.inc | 1 + src/etc/inc/plugins.inc.d/vpn.inc | 47 +++++------ 5 files changed, 67 insertions(+), 65 deletions(-) diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 62a180aa2..53319fd40 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -763,8 +763,42 @@ function filter_generate_optcfg_array() /* traverse interfaces */ foreach (legacy_config_get_interfaces(array("enable" => true)) as $if => $ifdetail) { if (isset($ifdetail['internal_dynamic'])) { - // plugin is responsible for its own config - $FilterIflist[$if] = $ifdetail; + // transform plugin configuration + $oic = array(); + $oic['internal_dynamic'] = true; + $oic['vips'] = array(); + $oic['vips6'] = array(); + $oic['descr'] = $ifdetail['descr']; + $oic['if'] = $ifdetail['if']; + if (isset($ifdetail['virtual'])) { + $oic['virtual'] = $ifdetail['virtual']; + } + if (!empty($ifdetail['networks'])) { + foreach (isset($ifdetail['networks'][0]) ? $ifdetail['networks'] : array($ifdetail['networks']) as $indx => $network) { + if (is_ipaddrv4($network['network'])) { + if ($indx == 0) { + $oic['sa'] = $network['network']; + $oic['sn'] = $network['mask']; + } else { + $vip = array(); + $vip['sa'] = $network['network']; + $vip['sn'] = $network['mask']; + $oic['vips'][] = $vip; + } + } elseif (is_ipaddrv6($network['network'])) { + if ($indx == 0) { + $oic['sav6'] = $network['network']; + $oic['snv6'] = $network['mask']; + } else { + $vip = array(); + $vip['sa'] = $network['network']; + $vip['sn'] = $network['mask']; + $oic['vips6'][] = $vip; + } + } + } + } + $FilterIflist[$if] = $oic; } else { // XXX needs cleanup, original content $oic = array(); @@ -980,7 +1014,12 @@ function filter_nat_rules_automatic_tonathosts(&$FilterIflist, $with_descr = fal if (!empty($oc['sa'])) { $tonathosts[] = "{$oc['sa']}/{$oc['sn']}"; $descriptions[] = $oc['descr']; - if (isset($oc['vips']) && is_array($oc['vips'])) { + if (!empty($oc['vips']) && !empty($oc['internal_dynamic'])) { + foreach ($oc['vips'] as $vip) { + $tonathosts[] = "{$vip['sa']}/{$vip['sn']}"; + $descriptions[] = $oc['descr']; + } + } elseif (isset($oc['vips']) && is_array($oc['vips'])) { $if_subnets = array("{$oc['sa']}/{$oc['sn']}"); foreach ($oc['vips'] as $vip) { if (!is_ipaddrv4($vip['ip'])) { @@ -1002,41 +1041,6 @@ function filter_nat_rules_automatic_tonathosts(&$FilterIflist, $with_descr = fal } } - /* PPTP subnet */ - if (($config['pptpd']['mode'] == "server" ) && is_private_ip($config['pptpd']['remoteip'])) { - if (isset($config['pptpd']['n_pptp_units']) && is_numeric($config['pptpd']['n_pptp_units'])) { - $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], - long2ip32(ip2long($config['pptpd']['remoteip'])+($config['pptpd']['n_pptp_units']-1))); - } else { - $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], - long2ip32(ip2long($config['pptpd']['remoteip']))); - } - foreach ($pptp_subnets as $subnet) { - $tonathosts[] = $subnet; - $descriptions[] = gettext("PPTP server"); - } - } - - /* PPPoE subnet */ - if (isset($FilterIflist['pppoe']['item']) && is_array($FilterIflist['pppoe']['item'])) { - foreach ($FilterIflist['pppoe']['item'] as $pppoe) { - if (is_private_ip($pppoe['ip'])) { - $tonathosts[] = "{$pppoe['sa']}/{$pppoe['sn']}"; - $descriptions[] = gettext("PPPoE server"); - } - } - } - - /* L2TP subnet */ - if (isset($FilterIflist['l2tp']) && $FilterIflist['l2tp']['mode'] == "server") { - $l2tp_sa = $FilterIflist['l2tp']['sa']; - $l2tp_sn = $FilterIflist['l2tp']['sn']; - if (is_private_ip($l2tp_sa) && !empty($l2tp_sn)) { - $tonathosts[] = "{$l2tp_sa}/{$l2tp_sn}"; - $descriptions[] = gettext("L2TP server"); - } - } - /* add openvpn interfaces */ if (isset($config['openvpn']['openvpn-server'])) { foreach ($config['openvpn']['openvpn-server'] as $ovpnsrv) { @@ -1920,7 +1924,7 @@ function filter_generate_address(&$FilterIflist, &$rule, $target = 'source', $is if (is_subnet($src)) { filter_address_add_vips_subnets($FilterIflist, $src, $rule[$target]['network'], isset($rule[$target]['not'])); } - } else if ($rule[$target]['address']) { + } elseif ($rule[$target]['address']) { $expsrc = alias_expand($rule[$target]['address']); if (isset($rule[$target]['not'])) { $not = "!"; diff --git a/src/etc/inc/plugins.inc.d/plugin_ifgroups.inc b/src/etc/inc/plugins.inc.d/plugin_ifgroups.inc index 8ae238392..1ae88dc96 100644 --- a/src/etc/inc/plugins.inc.d/plugin_ifgroups.inc +++ b/src/etc/inc/plugins.inc.d/plugin_ifgroups.inc @@ -35,6 +35,7 @@ function plugin_ifgroups_interface() if (isset($config['ifgroups']['ifgroupentry'])) { foreach($config['ifgroups']['ifgroupentry'] as $ifgen) { $oc = array("enable" => true); + $oc['networks'] = array(); $oc['if'] = $ifgen['ifname']; $oc['descr'] = $ifgen['ifname']; $oc['virtual'] = true; diff --git a/src/etc/inc/plugins.inc.d/plugin_ipsec.inc b/src/etc/inc/plugins.inc.d/plugin_ipsec.inc index 43cdefaf5..cb9fbd358 100644 --- a/src/etc/inc/plugins.inc.d/plugin_ipsec.inc +++ b/src/etc/inc/plugins.inc.d/plugin_ipsec.inc @@ -38,6 +38,7 @@ function plugin_ipsec_interface() $oic['descr'] = 'IPsec'; $oic['type'] = "none"; $oic['virtual'] = true; + $oic['networks'] = array(); $interfaces['enc0'] = $oic; } diff --git a/src/etc/inc/plugins.inc.d/plugin_openvpn.inc b/src/etc/inc/plugins.inc.d/plugin_openvpn.inc index ca8d9d83e..41b9d26d7 100644 --- a/src/etc/inc/plugins.inc.d/plugin_openvpn.inc +++ b/src/etc/inc/plugins.inc.d/plugin_openvpn.inc @@ -38,6 +38,7 @@ function plugin_openvpn_interface() $oic['descr'] = 'OpenVPN'; $oic['type'] = "none"; $oic['virtual'] = true; + $oic['networks'] = array(); $interfaces['openvpn'] = $oic; } diff --git a/src/etc/inc/plugins.inc.d/vpn.inc b/src/etc/inc/plugins.inc.d/vpn.inc index 0ec824c17..9e115604b 100644 --- a/src/etc/inc/plugins.inc.d/vpn.inc +++ b/src/etc/inc/plugins.inc.d/vpn.inc @@ -665,54 +665,49 @@ function vpn_interface() if (isset($config['pptpd']['mode']) && $config['pptpd']['mode'] == 'server') { $oic = array("enable" => true); + $oic['networks'] = array(); + $oic['virtual'] = true; $oic['if'] = 'pptp'; $oic['descr'] = 'pptp'; - $oic['ip'] = $config['pptpd']['localip']; - $oic['sa'] = $config['pptpd']['remoteip']; - if (!empty($config['pptpd']['pptp_subnet'])) { - $oic['sn'] = $config['pptpd']['pptp_subnet']; + $mask = !empty($config['pptpd']['pptp_subnet']) ? $config['pptpd']['pptp_subnet'] : 32; + if (isset($config['pptpd']['n_pptp_units']) && is_numeric($config['pptpd']['n_pptp_units'])) { + $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], + long2ip32(ip2long($config['pptpd']['remoteip'])+($config['pptpd']['n_pptp_units']-1))); } else { - $oic['sn'] = "32"; + $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], + long2ip32(ip2long($config['pptpd']['remoteip']))); + } + foreach ($pptp_subnets as $pptp_subnet) { + $snparts = explode("/", $pptp_subnet); + $oic['networks'][] = array("network" => $snparts[0], "mask" => $snparts[1]); } - $oic['mode'] = $config['pptpd']['mode']; - $oic['virtual'] = true; $interfaces['pptp'] = $oic; } if (isset($config['l2tp']['mode']) && $config['l2tp']['mode'] == 'server') { $oic = array("enable" => true); + $oic['virtual'] = true; + $oic['networks'] = array(); $oic['if'] = 'l2tp'; $oic['descr'] = 'L2TP'; - $oic['ip'] = $config['l2tp']['localip']; - $oic['sa'] = $config['l2tp']['remoteip']; - if (!empty($config['l2tp']['l2tp_subnet'])) { - $oic['sn'] = $config['l2tp']['l2tp_subnet']; - } else { - $oic['sn'] = "32"; - } - $oic['mode'] = $config['l2tp']['mode']; - $oic['virtual'] = true; + $mask = !empty($config['l2tp']['l2tp_subnet']) ? $config['l2tp']['l2tp_subnet'] : 32; + $oic['networks'][] = array("network" => gen_subnet($config['l2tp']['remoteip'], $mask), "mask" => $mask); $interfaces['l2tp'] = $oic; } if (isset($config['pppoes']['pppoe'])) { - $pppoeifs = array('item' => array()); + $pppoeifs = array('networks' => array()); foreach($config['pppoes']['pppoe'] as $pppoe) { if ($pppoe['mode'] == "server") { - $item = array('ip' => $pppoe['localip'], 'sa' => $pppoe['remoteip']); - $item['sn'] = !empty($pppoe['pppoe_subnet']) ? $pppoe['pppoe_subnet'] : "32"; - $pppoeifs['item'][] = $item; + $mask = !empty($pppoe['pppoe_subnet']) ? $pppoe['pppoe_subnet'] : 32; + $pppoeifs['networks'][] = array("network" => gen_subnet($pppoe['remoteip'], $mask), "mask" => $mask); } } - if (count($pppoeifs['item'])) { + if (count($pppoeifs['networks'])) { $pppoeifs['enable'] = true; + $pppoeifs['virtual'] = true; $pppoeifs['if'] = 'pppoe'; $pppoeifs['descr'] = 'pppoe'; - $pppoeifs['ip'] = ""; - $pppoeifs['sa'] = ""; - $pppoeifs['sn'] = "32"; - $pppoeifs['mode'] = ""; - $pppoeifs['virtual'] = true; $interfaces['pppoe'] = $pppoeifs; } }