system_advanced_network.php 14.3 KB
Newer Older
Ad Schellevis's avatar
Ad Schellevis committed
1
<?php
2

Ad Schellevis's avatar
Ad Schellevis committed
3
/*
4
	Copyright (C) 2014-2015 Deciso B.V.
Ad Schellevis's avatar
Ad Schellevis committed
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
	Copyright (C) 2005-2007 Scott Ullrich
	Copyright (C) 2008 Shrew Soft Inc
	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
	All rights reserved.

	Redistribution and use in source and binary forms, with or without
	modification, are permitted provided that the following conditions are met:

	1. Redistributions of source code must retain the above copyright notice,
	   this list of conditions and the following disclaimer.

	2. Redistributions in binary form must reproduce the above copyright
	   notice, this list of conditions and the following disclaimer in the
	   documentation and/or other materials provided with the distribution.

	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	POSSIBILITY OF SUCH DAMAGE.
*/

32
require_once("guiconfig.inc");
33
require_once("interfaces.inc");
Ad Schellevis's avatar
Ad Schellevis committed
34
require_once("filter.inc");
35
require_once("system.inc");
36
require_once("pfsense-utils.inc");
Ad Schellevis's avatar
Ad Schellevis committed
37

38 39
function system_enable_arp_wrong_if()
{
40 41 42 43
    set_sysctl(array(
        "net.link.ether.inet.log_arp_wrong_iface" => "1",
        "net.link.ether.inet.log_arp_movements" => "1"
    ));
44 45 46
}


47 48
if (isset($_POST) && count($_POST) > 0) {
    $input_errors = array();
Ad Schellevis's avatar
Ad Schellevis committed
49

50
    if (isset($_POST['ipv6nat_enable']) && !is_ipaddr($_POST['ipv6nat_ipaddr'])) {
51 52 53
        $input_errors[] = gettext("You must specify an IP address to NAT IPv6 packets.");
    }

54 55 56 57 58 59 60
    if (isset($_POST['ipv6nat_enable']) && $_POST['ipv6nat_enable'] == "yes") {
        $config['diag']['ipv6nat']['enable'] = true;
        $config['diag']['ipv6nat']['ipaddr'] = $_POST['ipv6nat_ipaddr'];
    } elseif (isset($config['diag']['ipv6nat'])) {
        unset($config['diag']['ipv6nat']['enable']);
        unset($config['diag']['ipv6nat']['ipaddr']);
    }
61

62 63 64 65 66
    if (isset($_POST['ipv6allow']) && $_POST['ipv6allow'] == "yes") {
        $config['system']['ipv6allow'] = true;
    } else {
        unset($config['system']['ipv6allow']);
    }
67

68 69 70 71 72
    if (isset($_POST['prefer_ipv4']) && $_POST['prefer_ipv4'] == "yes") {
        $config['system']['prefer_ipv4'] = true;
    } else {
        unset($config['system']['prefer_ipv4']);
    }
73

74 75 76 77 78
    if (isset($_POST['sharednet']) && $_POST['sharednet'] == "yes") {
        $config['system']['sharednet'] = true;
    } else {
        unset($config['system']['sharednet']);
    }
79

80 81 82 83 84
    if (isset($_POST['polling_enable']) && $_POST['polling_enable'] == "yes") {
        $config['system']['polling'] = true;
    } else {
        unset($config['system']['polling']);
    }
85

86 87 88 89 90
    if (isset($_POST['disablechecksumoffloading']) && $_POST['disablechecksumoffloading'] == "yes") {
        $config['system']['disablechecksumoffloading'] = true;
    } else {
        unset($config['system']['disablechecksumoffloading']);
    }
91

92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108
    if (isset($_POST['disablesegmentationoffloading']) && $_POST['disablesegmentationoffloading'] == "yes") {
        $config['system']['disablesegmentationoffloading'] = true;
    } else {
        unset($config['system']['disablesegmentationoffloading']);
    }

    if (isset($_POST['disablelargereceiveoffloading']) && $_POST['disablelargereceiveoffloading'] == "yes") {
        $config['system']['disablelargereceiveoffloading'] = true;
    } else {
        unset($config['system']['disablelargereceiveoffloading']);
    }

    if (isset($_POST['disablevlanhwfilter']) && $_POST['disablevlanhwfilter'] == "yes") {
        $config['system']['disablevlanhwfilter'] = true;
    } else {
        unset($config['system']['disablevlanhwfilter']);
    }
109

110 111 112 113 114
    // save when no errors are found
    if (count($input_errors) == 0) {
        setup_polling();
        if (isset($config['system']['sharednet'])) {
            system_disable_arp_wrong_if();
115
        } else {
116
            system_enable_arp_wrong_if();
117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132
        }
        setup_microcode();

        // Write out configuration (config.xml)
        write_config();

        // Set preferred protocol
        prefer_ipv4_or_ipv6();

        $retval = filter_configure();
        if (stristr($retval, "error") <> true) {
            $savemsg = get_std_save_message(gettext($retval));
        } else {
            $savemsg = gettext($retval);
        }
    }
Ad Schellevis's avatar
Ad Schellevis committed
133 134
}

135
$pgtitle = array(gettext("System"),gettext("Settings"),gettext("Networking"));
Ad Schellevis's avatar
Ad Schellevis committed
136 137 138 139
include("head.inc");

?>

140 141
<body>
    <?php include("fbegin.inc"); ?>
142

143 144
    <script type="text/javascript">
    //<![CDATA[
145

146
    function enable_change(enable_over) {
147 148 149 150
	if (document.iform.ipv6nat_enable.checked || enable_over)
		document.iform.ipv6nat_ipaddr.disabled = 0;
	else
		document.iform.ipv6nat_ipaddr.disabled = 1;
151
    }
152

153 154 155 156 157 158 159 160 161
    //]]>
    </script>


<!-- row -->
<section class="page-content-main">
	<div class="container-fluid">
        <div class="row">
            <?php
162
            if (isset($input_errors) && count($input_errors) > 0) {
163 164
                print_input_errors($input_errors);
            }
165
            if (isset($savemsg)) {
166 167
                print_info_box($savemsg);
            }
168 169
            ?>
            <section class="col-xs-12">
170
                <? include('system_advanced_tabs.inc'); ?>
171
                <div class="content-box tab-content">
172
					<form action="system_advanced_network.php" method="post" name="iform" id="iform">
173 174 175 176

						<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area" class="table table-striped">
							<thead>
								<tr>
177
									<th colspan="2" valign="top" class="listtopic"><?=gettext("IPv6 Options"); ?></th>
178 179 180
								</tr>
							</thead>
							<tbody>
181 182 183
								<tr>
									<td width="22%" valign="top" class="vncell"><?=gettext("Allow IPv6"); ?></td>
									<td width="78%" class="vtable">
184
										<input name="ipv6allow" type="checkbox" id="ipv6allow" value="yes" <?php if (isset($config['system']['ipv6allow'])) {
185 186
                                            echo "checked=\"checked\"";
} ?> onclick="enable_change(false)" />
187 188 189 190 191 192 193 194 195
										<strong><?=gettext("Allow IPv6"); ?></strong><br />
										<?=gettext("All IPv6 traffic will be blocked by the firewall unless this box is checked."); ?><br />
										<?=gettext("NOTE: This does not disable any IPv6 features on the firewall, it only blocks traffic."); ?><br />
										<br />
									</td>
								</tr>
								<tr>
									<td width="22%" valign="top" class="vncell"><?=gettext("IPv6 over IPv4 Tunneling"); ?></td>
									<td width="78%" class="vtable">
196
										<input name="ipv6nat_enable" type="checkbox" id="ipv6nat_enable" value="yes" <?php if (isset($config['diag']['ipv6nat']['enable'])) {
197 198
                                            echo "checked=\"checked\"";
} ?> onclick="enable_change(false)" />
199 200
										<strong><?=gettext("Enable IPv4 NAT encapsulation of IPv6 packets"); ?></strong><br />
										<?=gettext("This provides an RFC 2893 compatibility mechanism ".
201 202 203
                                        "that can be used to tunneling IPv6 packets over IPv4 ".
                                        "routing infrastructures. If enabled, don't forget to ".
                                        "add a firewall rule to permit IPv6 packets."); ?><br />
204 205
										<br />
										<?=gettext("IP address"); ?>&nbsp;:&nbsp;
206
										<input name="ipv6nat_ipaddr" type="text" class="formfld unknown" id="ipv6nat_ipaddr" size="20" value="<?=htmlspecialchars(isset($config['diag']['ipv6nat']['ipaddr']) ? $config['diag']['ipv6nat']['ipaddr']:"");?>" />
207 208 209 210 211
									</td>
								</tr>
								<tr>
									<td width="22%" valign="top" class="vncell"><?=gettext("Prefer IPv4 over IPv6"); ?></td>
									<td width="78%" class="vtable">
212
										<input name="prefer_ipv4" type="checkbox" id="prefer_ipv4" value="yes" <?php if (isset($config['system']['prefer_ipv4'])) {
213 214
                                            echo "checked=\"checked\"";
} ?> />
215 216
										<strong><?=gettext("Prefer to use IPv4 even if IPv6 is available"); ?></strong><br />
										<?=gettext("By default, if a hostname resolves IPv6 and IPv4 addresses ".
217 218
                                        "IPv6 will be used, if you check this option, IPv4 will be " .
                                        "used instead of IPv6."); ?><br />
219 220 221 222 223 224 225 226
									</td>
								</tr>
								<tr>
									<th colspan="2" valign="top" class="listtopic"><?=gettext("Network Interfaces"); ?></th>
								</tr>
								<tr>
									<td width="22%" valign="top" class="vncell"><?=gettext("Device polling"); ?></td>
									<td width="78%" class="vtable">
227
										<input name="polling_enable" type="checkbox" id="polling_enable" value="yes" <?php if (isset($config['system']['polling'])) {
228 229
                                            echo "checked=\"checked\"";
} ?> />
230 231 232 233 234 235 236
										<strong><?=gettext("Enable device polling"); ?></strong><br />
										<?php printf(gettext("Device polling is a technique that lets the system periodically poll network devices for new data instead of relying on interrupts. This prevents your webConfigurator, SSH, etc. from being inaccessible due to interrupt floods when under extreme load. Generally this is not recommended. Not all NICs support polling; see the %s homepage for a list of supported cards."), $g['product_name']); ?>
									</td>
								</tr>
								<tr>
									<td width="22%" valign="top" class="vncell"><?=gettext("Hardware Checksum Offloading"); ?></td>
									<td width="78%" class="vtable">
237 238 239
										<input name="disablechecksumoffloading" type="checkbox" id="disablechecksumoffloading" value="yes" <?php if (isset($config['system']['disablechecksumoffloading'])) {
                                            echo "checked=\"checked\"";
} ?> />
240 241 242 243 244 245 246 247 248 249
										<strong><?=gettext("Disable hardware checksum offload"); ?></strong><br />
										<?=gettext("Checking this option will disable hardware checksum offloading. Checksum offloading is broken in some hardware, particularly some Realtek cards. Rarely, drivers may have problems with checksum offloading and some specific NICs."); ?>
										<br />
										<span class="red"><strong><?=gettext("Note:");?>&nbsp;</strong></span>
										<?=gettext("This will take effect after you reboot the machine or re-configure each interface.");?>
									</td>
								</tr>
								<tr>
									<td width="22%" valign="top" class="vncell"><?=gettext("Hardware TCP Segmentation Offloading"); ?></td>
									<td width="78%" class="vtable">
250 251 252
										<input name="disablesegmentationoffloading" type="checkbox" id="disablesegmentationoffloading" value="yes" <?php if (isset($config['system']['disablesegmentationoffloading'])) {
                                            echo "checked=\"checked\"";
} ?> />
253 254 255 256 257 258 259 260 261 262
										<strong><?=gettext("Disable hardware TCP segmentation offload"); ?></strong><br />
										<?=gettext("Checking this option will disable hardware TCP segmentation offloading (TSO, TSO4, TSO6). This offloading is broken in some hardware drivers, and may impact performance with some specific NICs."); ?>
										<br />
										<span class="red"><strong><?=gettext("Note:");?>&nbsp;</strong></span>
										<?=gettext("This will take effect after you reboot the machine or re-configure each interface.");?>
									</td>
								</tr>
								<tr>
									<td width="22%" valign="top" class="vncell"><?=gettext("Hardware Large Receive Offloading"); ?></td>
									<td width="78%" class="vtable">
263 264 265
										<input name="disablelargereceiveoffloading" type="checkbox" id="disablelargereceiveoffloading" value="yes" <?php if (isset($config['system']['disablelargereceiveoffloading'])) {
                                            echo "checked=\"checked\"";
} ?> />
266 267 268 269 270 271 272
										<strong><?=gettext("Disable hardware large receive offload"); ?></strong><br />
										<?=gettext("Checking this option will disable hardware large receive offloading (LRO). This offloading is broken in some hardware drivers, and may impact performance with some specific NICs."); ?>
										<br />
										<span class="red"><strong><?=gettext("Note:");?>&nbsp;</strong></span>
										<?=gettext("This will take effect after you reboot the machine or re-configure each interface.");?>
									</td>
								</tr>
273 274 275 276 277 278 279 280 281 282 283 284 285
								<tr>
									<td width="22%" valign="top" class="vncell"><?=gettext("VLAN Hardware Filtering"); ?></td>
									<td width="78%" class="vtable">
										<input name="disablevlanhwfilter" type="checkbox" id="disablevlanhwfilter" value="yes" <?php if (isset($config['system']['disablevlanhwfilter'])) {
                                            echo "checked=\"checked\"";
} ?> />
										<strong><?=gettext("Disable VLAN Hardware Filtering"); ?></strong><br />
										<?=gettext("Checking this option will disable VLAN hardware filtering. This offloading is broken in some hardware drivers, and may impact performance with some specific NICs."); ?>
										<br />
										<span class="red"><strong><?=gettext("Note:");?>&nbsp;</strong></span>
										<?=gettext("This will take effect after you reboot the machine or re-configure each interface.");?>
									</td>
								</tr>
286 287 288
								<tr>
									<td width="22%" valign="top" class="vncell"><?=gettext("ARP Handling"); ?></td>
									<td width="78%" class="vtable">
289
										<input name="sharednet" type="checkbox" id="sharednet" value="yes" <?php if (isset($config['system']['sharednet'])) {
290 291
                                            echo "checked=\"checked\"";
} ?> />
292 293 294 295
										<strong><?=gettext("Suppress ARP messages"); ?></strong><br />
										<?=gettext("This option will suppress ARP log messages when multiple interfaces reside on the same broadcast domain"); ?>
									</td>
								</tr>
296
							<tr>
297 298
								<td width="22%" valign="top">&nbsp;</td>
								<td width="78%"><input name="Submit" type="submit" class="btn btn-primary" value="<?=gettext("Save");?>" /></td>
299
							</tr>
300 301 302
							</tbody>
						</table>
					</form>
303
				</div>
304 305
			</section>
		</div>
306 307 308
	</div>
</section>

309 310 311 312 313
<script type="text/javascript">
//<![CDATA[
	enable_change(false);
//]]>
</script>
Ad Schellevis's avatar
Ad Schellevis committed
314

315
<?php include("foot.inc");