Commit 0eef8441 authored by Ad Schellevis's avatar Ad Schellevis

(filter, plugins) add structure to interface plugins

Valid properties for interfaces currently are:

* enable (bool)
* virtual (bool)
* networks, list of networks (network, mask)
* if, device node
* descr, user friendly description
parent 0b635bd7
......@@ -763,8 +763,42 @@ function filter_generate_optcfg_array()
/* traverse interfaces */
foreach (legacy_config_get_interfaces(array("enable" => true)) as $if => $ifdetail) {
if (isset($ifdetail['internal_dynamic'])) {
// plugin is responsible for its own config
$FilterIflist[$if] = $ifdetail;
// transform plugin configuration
$oic = array();
$oic['internal_dynamic'] = true;
$oic['vips'] = array();
$oic['vips6'] = array();
$oic['descr'] = $ifdetail['descr'];
$oic['if'] = $ifdetail['if'];
if (isset($ifdetail['virtual'])) {
$oic['virtual'] = $ifdetail['virtual'];
}
if (!empty($ifdetail['networks'])) {
foreach (isset($ifdetail['networks'][0]) ? $ifdetail['networks'] : array($ifdetail['networks']) as $indx => $network) {
if (is_ipaddrv4($network['network'])) {
if ($indx == 0) {
$oic['sa'] = $network['network'];
$oic['sn'] = $network['mask'];
} else {
$vip = array();
$vip['sa'] = $network['network'];
$vip['sn'] = $network['mask'];
$oic['vips'][] = $vip;
}
} elseif (is_ipaddrv6($network['network'])) {
if ($indx == 0) {
$oic['sav6'] = $network['network'];
$oic['snv6'] = $network['mask'];
} else {
$vip = array();
$vip['sa'] = $network['network'];
$vip['sn'] = $network['mask'];
$oic['vips6'][] = $vip;
}
}
}
}
$FilterIflist[$if] = $oic;
} else {
// XXX needs cleanup, original content
$oic = array();
......@@ -980,7 +1014,12 @@ function filter_nat_rules_automatic_tonathosts(&$FilterIflist, $with_descr = fal
if (!empty($oc['sa'])) {
$tonathosts[] = "{$oc['sa']}/{$oc['sn']}";
$descriptions[] = $oc['descr'];
if (isset($oc['vips']) && is_array($oc['vips'])) {
if (!empty($oc['vips']) && !empty($oc['internal_dynamic'])) {
foreach ($oc['vips'] as $vip) {
$tonathosts[] = "{$vip['sa']}/{$vip['sn']}";
$descriptions[] = $oc['descr'];
}
} elseif (isset($oc['vips']) && is_array($oc['vips'])) {
$if_subnets = array("{$oc['sa']}/{$oc['sn']}");
foreach ($oc['vips'] as $vip) {
if (!is_ipaddrv4($vip['ip'])) {
......@@ -1002,41 +1041,6 @@ function filter_nat_rules_automatic_tonathosts(&$FilterIflist, $with_descr = fal
}
}
/* PPTP subnet */
if (($config['pptpd']['mode'] == "server" ) && is_private_ip($config['pptpd']['remoteip'])) {
if (isset($config['pptpd']['n_pptp_units']) && is_numeric($config['pptpd']['n_pptp_units'])) {
$pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'],
long2ip32(ip2long($config['pptpd']['remoteip'])+($config['pptpd']['n_pptp_units']-1)));
} else {
$pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'],
long2ip32(ip2long($config['pptpd']['remoteip'])));
}
foreach ($pptp_subnets as $subnet) {
$tonathosts[] = $subnet;
$descriptions[] = gettext("PPTP server");
}
}
/* PPPoE subnet */
if (isset($FilterIflist['pppoe']['item']) && is_array($FilterIflist['pppoe']['item'])) {
foreach ($FilterIflist['pppoe']['item'] as $pppoe) {
if (is_private_ip($pppoe['ip'])) {
$tonathosts[] = "{$pppoe['sa']}/{$pppoe['sn']}";
$descriptions[] = gettext("PPPoE server");
}
}
}
/* L2TP subnet */
if (isset($FilterIflist['l2tp']) && $FilterIflist['l2tp']['mode'] == "server") {
$l2tp_sa = $FilterIflist['l2tp']['sa'];
$l2tp_sn = $FilterIflist['l2tp']['sn'];
if (is_private_ip($l2tp_sa) && !empty($l2tp_sn)) {
$tonathosts[] = "{$l2tp_sa}/{$l2tp_sn}";
$descriptions[] = gettext("L2TP server");
}
}
/* add openvpn interfaces */
if (isset($config['openvpn']['openvpn-server'])) {
foreach ($config['openvpn']['openvpn-server'] as $ovpnsrv) {
......@@ -1920,7 +1924,7 @@ function filter_generate_address(&$FilterIflist, &$rule, $target = 'source', $is
if (is_subnet($src)) {
filter_address_add_vips_subnets($FilterIflist, $src, $rule[$target]['network'], isset($rule[$target]['not']));
}
} else if ($rule[$target]['address']) {
} elseif ($rule[$target]['address']) {
$expsrc = alias_expand($rule[$target]['address']);
if (isset($rule[$target]['not'])) {
$not = "!";
......
......@@ -35,6 +35,7 @@ function plugin_ifgroups_interface()
if (isset($config['ifgroups']['ifgroupentry'])) {
foreach($config['ifgroups']['ifgroupentry'] as $ifgen) {
$oc = array("enable" => true);
$oc['networks'] = array();
$oc['if'] = $ifgen['ifname'];
$oc['descr'] = $ifgen['ifname'];
$oc['virtual'] = true;
......
......@@ -38,6 +38,7 @@ function plugin_ipsec_interface()
$oic['descr'] = 'IPsec';
$oic['type'] = "none";
$oic['virtual'] = true;
$oic['networks'] = array();
$interfaces['enc0'] = $oic;
}
......
......@@ -38,6 +38,7 @@ function plugin_openvpn_interface()
$oic['descr'] = 'OpenVPN';
$oic['type'] = "none";
$oic['virtual'] = true;
$oic['networks'] = array();
$interfaces['openvpn'] = $oic;
}
......
......@@ -665,54 +665,49 @@ function vpn_interface()
if (isset($config['pptpd']['mode']) && $config['pptpd']['mode'] == 'server') {
$oic = array("enable" => true);
$oic['networks'] = array();
$oic['virtual'] = true;
$oic['if'] = 'pptp';
$oic['descr'] = 'pptp';
$oic['ip'] = $config['pptpd']['localip'];
$oic['sa'] = $config['pptpd']['remoteip'];
if (!empty($config['pptpd']['pptp_subnet'])) {
$oic['sn'] = $config['pptpd']['pptp_subnet'];
$mask = !empty($config['pptpd']['pptp_subnet']) ? $config['pptpd']['pptp_subnet'] : 32;
if (isset($config['pptpd']['n_pptp_units']) && is_numeric($config['pptpd']['n_pptp_units'])) {
$pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'],
long2ip32(ip2long($config['pptpd']['remoteip'])+($config['pptpd']['n_pptp_units']-1)));
} else {
$oic['sn'] = "32";
$pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'],
long2ip32(ip2long($config['pptpd']['remoteip'])));
}
foreach ($pptp_subnets as $pptp_subnet) {
$snparts = explode("/", $pptp_subnet);
$oic['networks'][] = array("network" => $snparts[0], "mask" => $snparts[1]);
}
$oic['mode'] = $config['pptpd']['mode'];
$oic['virtual'] = true;
$interfaces['pptp'] = $oic;
}
if (isset($config['l2tp']['mode']) && $config['l2tp']['mode'] == 'server') {
$oic = array("enable" => true);
$oic['virtual'] = true;
$oic['networks'] = array();
$oic['if'] = 'l2tp';
$oic['descr'] = 'L2TP';
$oic['ip'] = $config['l2tp']['localip'];
$oic['sa'] = $config['l2tp']['remoteip'];
if (!empty($config['l2tp']['l2tp_subnet'])) {
$oic['sn'] = $config['l2tp']['l2tp_subnet'];
} else {
$oic['sn'] = "32";
}
$oic['mode'] = $config['l2tp']['mode'];
$oic['virtual'] = true;
$mask = !empty($config['l2tp']['l2tp_subnet']) ? $config['l2tp']['l2tp_subnet'] : 32;
$oic['networks'][] = array("network" => gen_subnet($config['l2tp']['remoteip'], $mask), "mask" => $mask);
$interfaces['l2tp'] = $oic;
}
if (isset($config['pppoes']['pppoe'])) {
$pppoeifs = array('item' => array());
$pppoeifs = array('networks' => array());
foreach($config['pppoes']['pppoe'] as $pppoe) {
if ($pppoe['mode'] == "server") {
$item = array('ip' => $pppoe['localip'], 'sa' => $pppoe['remoteip']);
$item['sn'] = !empty($pppoe['pppoe_subnet']) ? $pppoe['pppoe_subnet'] : "32";
$pppoeifs['item'][] = $item;
$mask = !empty($pppoe['pppoe_subnet']) ? $pppoe['pppoe_subnet'] : 32;
$pppoeifs['networks'][] = array("network" => gen_subnet($pppoe['remoteip'], $mask), "mask" => $mask);
}
}
if (count($pppoeifs['item'])) {
if (count($pppoeifs['networks'])) {
$pppoeifs['enable'] = true;
$pppoeifs['virtual'] = true;
$pppoeifs['if'] = 'pppoe';
$pppoeifs['descr'] = 'pppoe';
$pppoeifs['ip'] = "";
$pppoeifs['sa'] = "";
$pppoeifs['sn'] = "32";
$pppoeifs['mode'] = "";
$pppoeifs['virtual'] = true;
$interfaces['pppoe'] = $pppoeifs;
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment