Skip to content

O
OpnSense
Commit 747c671d authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

(legacy) refactor firewall_virtual_ip.php

parent 505db10b
Show whitespace changes
Inline Side-by-side
Showing with 331 additions and 264 deletions
src/www/firewall_virtual_ip.php
View file @ 747c671d
......@@ -33,54 +33,18 @@ require_once("guiconfig.inc");
require_once("interfaces.inc");
require_once("filter.inc");
if (!isset($config['virtualip']['vip'])) {
$config['virtualip']['vip'] = array();
}
$a_vip = &$config['virtualip']['vip'];
if ($_POST) {
$pconfig = $_POST;
if ($_POST['apply']) {
if (file_exists('/tmp/.firewall_virtual_ip.apply')) {
$toapplylist = unserialize(file_get_contents('/tmp/.firewall_virtual_ip.apply'));
foreach ($toapplylist as $vid => $ovip) {
if (!empty($ovip))
interface_vip_bring_down($ovip);
if ($a_vip[$vid]) {
switch ($a_vip[$vid]['mode']) {
case "ipalias":
interface_ipalias_configure($a_vip[$vid]);
break;
case "proxyarp":
interface_proxyarp_configure($a_vip[$vid]['interface']);
break;
case "carp":
interface_carp_configure($a_vip[$vid]);
break;
default:
break;
}
}
}
@unlink('/tmp/.firewall_virtual_ip.apply');
}
$retval = 0;
$retval |= filter_configure();
$savemsg = get_std_save_message();
clear_subsystem_dirty('vip');
}
}
if ($_GET['act'] == "del") {
if ($a_vip[$_GET['id']]) {
/**
* delete virtual ip
*/
function deleteVIPEntry($id) {
global $config;
$input_errors = array();
$a_vip = &$config['virtualip']['vip'];
/* make sure no inbound NAT mappings reference this entry */
if (is_array($config['nat']['rule'])) {
if (isset($config['nat']['rule'])) {
foreach ($config['nat']['rule'] as $rule) {
if($rule['destination']['address'] <> "") {
if ($rule['destination']['address'] == $a_vip[$_GET['id']]['subnet']) {
if(!empty($rule['destination']['address'])) {
if ($rule['destination']['address'] == $a_vip[$id]['subnet']) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one NAT mapping.");
break;
}
......@@ -88,24 +52,24 @@ if ($_GET['act'] == "del") {
}
}
if (is_ipaddrv6($a_vip[$_GET['id']]['subnet'])) {
if (is_ipaddrv6($a_vip[$id]['subnet'])) {
$is_ipv6 = true;
$subnet = gen_subnetv6($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']);
$if_subnet_bits = get_interface_subnetv6($a_vip[$_GET['id']]['interface']);
$if_subnet = gen_subnetv6(get_interface_ipv6($a_vip[$_GET['id']]['interface']), $if_subnet_bits);
$subnet = gen_subnetv6($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']);
$if_subnet_bits = get_interface_subnetv6($a_vip[$id]['interface']);
$if_subnet = gen_subnetv6(get_interface_ipv6($a_vip[$id]['interface']), $if_subnet_bits);
} else {
$is_ipv6 = false;
$subnet = gen_subnet($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']);
$if_subnet_bits = get_interface_subnet($a_vip[$_GET['id']]['interface']);
$if_subnet = gen_subnet(get_interface_ip($a_vip[$_GET['id']]['interface']), $if_subnet_bits);
$subnet = gen_subnet($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']);
$if_subnet_bits = get_interface_subnet($a_vip[$id]['interface']);
$if_subnet = gen_subnet(get_interface_ip($a_vip[$id]['interface']), $if_subnet_bits);
}
$subnet .= "/" . $a_vip[$_GET['id']]['subnet_bits'];
$subnet .= "/" . $a_vip[$id]['subnet_bits'];
$if_subnet .= "/" . $if_subnet_bits;
if (isset($config['gateways']['gateway_item'])) {
foreach($config['gateways']['gateway_item'] as $gateway) {
if ($a_vip[$_GET['id']]['interface'] != $gateway['interface'])
if ($a_vip[$id]['interface'] != $gateway['interface'])
continue;
if ($is_ipv6 && $gateway['ipprotocol'] == 'inet')
continue;
......@@ -121,8 +85,8 @@ if ($_GET['act'] == "del") {
}
}
if ($a_vip[$_GET['id']]['mode'] == "ipalias") {
$subnet = gen_subnet($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']) . "/" . $a_vip[$_GET['id']]['subnet_bits'];
if ($a_vip[$id]['mode'] == "ipalias") {
$subnet = gen_subnet($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']) . "/" . $a_vip[$id]['subnet_bits'];
$found_if = false;
$found_carp = false;
$found_other_alias = false;
......@@ -130,23 +94,43 @@ if ($_GET['act'] == "del") {
if ($subnet == $if_subnet)
$found_if = true;
$vipiface = $a_vip[$_GET['id']]['interface'];
$vipiface = $a_vip[$id]['interface'];
foreach ($a_vip as $vip_id => $vip) {
if ($vip_id == $_GET['id'])
continue;
if ($vip['interface'] == $vipiface && ip_in_subnet($vip['subnet'], $subnet))
if ($vip['mode'] == "carp")
if ($vip_id != $id) {
if ($vip['interface'] == $vipiface && ip_in_subnet($vip['subnet'], $subnet)) {
if ($vip['mode'] == "carp") {
$found_carp = true;
else if ($vip['mode'] == "ipalias")
} else if ($vip['mode'] == "ipalias") {
$found_other_alias = true;
}
if ($found_carp === true && $found_other_alias === false && $found_if === false)
}
}
}
if ($found_carp === true && $found_other_alias === false && $found_if === false) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by a CARP IP with the description") . " {$vip['descr']}.";
}
}
if (count($input_errors) == 0) {
// Special case since every proxyarp vip is handled by the same daemon.
if ($a_vip[$id]['mode'] == "proxyarp") {
$viface = $a_vip[$id]['interface'];
unset($a_vip[$id]);
interface_proxyarp_configure($viface);
} else {
interface_vip_bring_down($a_vip[$id]);
unset($a_vip[$id]);
}
if (count($config['virtualip']['vip']) == 0) {
unset($config['virtualip']['vip']);
}
}
return $input_errors;
}
if (!$input_errors) {
/**
* redirect user if config may not be saved.
*/
function redirectReadOnlyUser() {
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
......@@ -156,41 +140,118 @@ if ($_GET['act'] == "del") {
exit;
}
session_write_close();
}
// Special case since every proxyarp vip is handled by the same daemon.
if ($a_vip[$_GET['id']]['mode'] == "proxyarp") {
$viface = $a_vip[$_GET['id']]['interface'];
unset($a_vip[$_GET['id']]);
interface_proxyarp_configure($viface);
} else {
interface_vip_bring_down($a_vip[$_GET['id']]);
unset($a_vip[$_GET['id']]);
if (!isset($config['virtualip']['vip'])) {
$config['virtualip']['vip'] = array();
}
$a_vip = &$config['virtualip']['vip'];
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$pconfig = $_POST;
if (isset($pconfig['id']) && isset($a_vip[$pconfig['id']])) {
// id found and valid
$id = $pconfig['id'];
}
if (count($config['virtualip']['vip']) == 0)
unset($config['virtualip']['vip']);
if (isset($pconfig['apply'])) {
if (file_exists('/tmp/.firewall_virtual_ip.apply')) {
$toapplylist = unserialize(file_get_contents('/tmp/.firewall_virtual_ip.apply'));
foreach ($toapplylist as $vid => $ovip) {
if (!empty($ovip)) {
interface_vip_bring_down($ovip);
}
if (!empty($a_vip[$vid])) {
switch ($a_vip[$vid]['mode']) {
case "ipalias":
interface_ipalias_configure($a_vip[$vid]);
break;
case "proxyarp":
interface_proxyarp_configure($a_vip[$vid]['interface']);
break;
case "carp":
interface_carp_configure($a_vip[$vid]);
break;
default:
break;
}
}
}
@unlink('/tmp/.firewall_virtual_ip.apply');
}
filter_configure();
$savemsg = get_std_save_message();
clear_subsystem_dirty('vip');
} elseif (isset($pconfig['act']) && $pconfig['act'] == 'del' && isset($id)) {
redirectReadOnlyUser();
$input_errors = deleteVIPEntry($id);
if (count($input_errors) == 0) {
write_config();
header("Location: firewall_virtual_ip.php");
exit;
}
} elseif (isset($pconfig['act']) && $pconfig['act'] == 'move' && isset($pconfig['rule']) && count($pconfig['rule']) > 0) {
redirectReadOnlyUser();
// move selected rules
if (!isset($id)) {
// if rule not set/found, move to end
$id = count($a_nat);
}
$a_vip = legacy_move_config_list_items($a_vip, $id, $pconfig['rule']);
write_config();
header("Location: firewall_virtual_ip.php");
exit;
}
} else if ($_GET['changes'] == "mods" && is_numericint($_GET['id']))
$id = $_GET['id'];
}
$pgtitle = array(gettext("Firewall"),gettext("Virtual IP Addresses"));
include("head.inc");
$main_buttons = array(
array('href'=>'firewall_virtual_ip_edit.php', 'label'=>'Add'),
array('href'=>'firewall_virtual_ip_edit.php', 'label'=>gettext('Add')),
array('href'=>'system_hasync.php', 'label'=>gettext('CARP Settings'))
);
?>
<body>
<?php include("fbegin.inc"); ?>
<script type="text/javascript">
$( document ).ready(function() {
// link delete buttons
$(".act_delete").click(function(){
var id = $(this).attr("id").split('_').pop(-1);
// delete single
BootstrapDialog.show({
type:BootstrapDialog.TYPE_INFO,
title: "<?= gettext("Alias");?>",
message: "<?=gettext("Do you really want to delete this entry?");?>",
buttons: [{
label: "<?= gettext("No");?>",
action: function(dialogRef) {
dialogRef.close();
}}, {
label: "<?= gettext("Yes");?>",
action: function(dialogRef) {
$("#id").val(id);
$("#action").val("del");
$("#iform").submit()
}
}]
});
});
// link move buttons
$(".act_move").click(function(){
var id = $(this).attr("id").split('_').pop(-1);
$("#id").val(id);
$("#action").val("move");
$("#iform").submit();
});
});
</script>
<?php include("fbegin.inc"); ?>
<section class="page-content-main">
<div class="container-fluid">
<div class="row">
<?php
if (isset($input_errors) && count($input_errors) > 0)
print_input_errors($input_errors);
......@@ -201,77 +262,83 @@ $main_buttons = array(
if (is_subsystem_dirty('vip'))
print_info_box_np(gettext("The VIP configuration has been changed.")."<br />".gettext("You must apply the changes in order for them to take effect."));
?>
<section class="col-xs-12">
<?php
/* active tabs */
$tab_array = array();
$tab_array[] = array(gettext("Virtual IPs"), true, "firewall_virtual_ip.php");
$tab_array[] = array(gettext("CARP Settings"), false, "system_hasync.php");
display_top_tabs($tab_array);
?>
<div class="tab-content content-box col-xs-12">
<div class="content-box-main content-box">
<form action="firewall_virtual_ip.php" method="post" name="iform" id="iform">
<input type="hidden" id="id" name="id" value="<?php echo htmlspecialchars($id); ?>" />
<input type="hidden" id="id" name="id" value="" />
<input type="hidden" id="action" name="act" value="" />
<div class="table-responsive">
<table class="table table-striped table-sort">
<table class="table table-striped">
<thead>
<tr>
<td width="30%" class="listhdrr"><?=gettext("Virtual IP address");?></td>
<td width="10%" class="listhdrr"><?=gettext("Interface");?></td>
<td width="10%" class="listhdrr"><?=gettext("Type");?></td>
<td width="40%" class="listhdr"><?=gettext("Description");?></td>
<td width="10%" class="list"></td>
<td></td>
<td><?=gettext("Virtual IP address");?></td>
<td><?=gettext("Interface");?></td>
<td><?=gettext("Type");?></td>
<td><?=gettext("Description");?></td>
<td></td>
</tr>
</thead>
<tbody>
<?php
<?php
$interfaces = get_configured_interface_with_descr(false, true);
$interfaces['lo0'] = "Localhost";
?>
<?php $i = 0; foreach ($a_vip as $vipent): ?>
<?php if($vipent['subnet'] <> "" or $vipent['range'] <> "" or
$vipent['subnet_bits'] <> "" or (isset($vipent['range']['from']) && $vipent['range']['from'] <> "")): ?>
<tr>
<td class="listlr" ondblclick="document.location='firewall_virtual_ip_edit.php?id=<?=$i;?>';">
<?php if (($vipent['type'] == "single") || ($vipent['type'] == "network"))
if($vipent['subnet_bits'])
echo "{$vipent['subnet']}/{$vipent['subnet_bits']}";
if ($vipent['type'] == "range")
echo "{$vipent['range']['from']}-{$vipent['range']['to']}";
?>
<?php if($vipent['mode'] == "carp") echo " (vhid {$vipent['vhid']})"; ?>
$i = 0;
foreach ($a_vip as $vipent):
if(!empty($vipent['subnet']) || !empty($vipent['range']) || !empty($vipent['subnet_bits']) || (isset($vipent['range']['from']) && !empty($vipent['range']['from']))): ?>
<tr ondblclick="document.location='firewall_virtual_ip_edit.php?id=<?=$i;?>';">
<td>
<input type="checkbox" name="rule[]" value="<?=$i;?>" />
</td>
<td class="listr" ondblclick="document.location='firewall_virtual_ip_edit.php?id=<?=$i;?>';">
<?=htmlspecialchars($interfaces[$vipent['interface']]);?>&nbsp;
<td>
<?=($vipent['type'] == "single" || $vipent['type'] == "network") && !empty($vipent['subnet_bits']) ? $vipent['subnet']."/".$vipent['subnet_bits'] : "";?>
<?=$vipent['type'] == "range" ? $vipent['range']['from'] . "-" . $vipent['range']['to'] : "";?>
<?=$vipent['mode'] == "carp" ? " (vhid {$vipent['vhid']})" : "";?>
</td>
<td class="listr" align="center" ondblclick="document.location='firewall_virtual_ip_edit.php?id=<?=$i;?>';">
<?php if($vipent['mode'] == "proxyarp") echo "Proxy ARP"; elseif($vipent['mode'] == "carp") echo "CARP"; elseif($vipent['mode'] == "other") echo "Other"; elseif($vipent['mode'] == "ipalias") echo "IP Alias";?>
<td>
<?=htmlspecialchars($interfaces[$vipent['interface']]);?>
</td>
<td class="listbg" ondblclick="document.location='firewall_virtual_ip_edit.php?id=<?=$i;?>';">
<?=htmlspecialchars($vipent['descr']);?>&nbsp;
<td>
<?=$vipent['mode'] == "proxyarp" ? "Proxy ARP" : "";?>
<?=$vipent['mode'] == "carp" ? "CARP" : "";?>
<?=$vipent['mode'] == "other" ? "Other" : "";?>
<?=$vipent['mode'] == "ipalias" ? "IP Alias" :"";?>
</td>
<td class="list nowrap">
<table border="0" cellspacing="0" cellpadding="1" summary="icons">
<tr>
<td valign="middle">
<a href="firewall_virtual_ip_edit.php?id=<?=$i;?>" class="btn btn-default"><span class="glyphicon glyphicon-edit" title="<?=gettext("Edit");?>"></span></a>
<a href="firewall_virtual_ip.php?act=del&amp;tab=<?=$tab;?>&amp;id=<?=$i;?>" class="btn btn-default" onclick="return confirm('<?=gettext("Do you really want to delete this entry?");?>')"><span class="glyphicon glyphicon-remove"></span></a>
<td>
<?=htmlspecialchars($vipent['descr']);?>
</td>
<td>
<a id="move_<?=$i;?>" name="move_<?=$i;?>_x" data-toggle="tooltip" data-placement="left" title="<?=gettext("move selected alias before this rule");?>" class="act_move btn btn-default btn-xs">
<span class="glyphicon glyphicon-arrow-left"></span>
</a>
<a href="firewall_virtual_ip_edit.php?id=<?=$i;?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("edit this alias");?>" class="btn btn-default btn-xs">
<span class="glyphicon glyphicon-pencil"></span>
</a>
<a id="del_<?=$i;?>" title="<?=gettext("delete this alias"); ?>" data-toggle="tooltip" class="act_delete btn btn-default btn-xs">
<span class="glyphicon glyphicon-remove"></span>
</a>
<a href="firewall_virtual_ip_edit.php?dup=<?=$i;?>" class="btn btn-default btn-xs" data-toggle="tooltip" data-placement="left" title="<?=gettext("add new rule based on this one");?>">
<span class="glyphicon glyphicon-plus"></span>
</a>
</td>
</tr>
</table>
<?php
endif;
$i++;
endforeach;
?>
<?php ?>
<tr>
<td colspan="5"></td>
<td>
<a type="submit" id="move_<?=$i;?>" name="move_<?=$i;?>_x" data-toggle="tooltip" data-placement="left" title="<?=gettext("move selected rules to end");?>" class="act_move btn btn-default btn-xs">
<span class="glyphicon glyphicon-arrow-left"></span>
</a>
<a href="firewall_virtual_ip_edit.php" class="btn btn-default btn-xs" data-toggle="tooltip" data-placement="left" title="<?=gettext("add new rule");?>">
<span class="glyphicon glyphicon-plus"></span>
</a>
</td>
</tr>
<?php endif; ?>
<?php $i++; endforeach; ?>
</tbody>
</table>
</div>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023