From patchwork Wed Jun 29 18:27:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 5707 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4LY91Z2TpKz3xG6 for ; Wed, 29 Jun 2022 18:27:46 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4LY91X0hHWz1Nm; Wed, 29 Jun 2022 18:27:44 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4LY91W6Ylpz2yXK; Wed, 29 Jun 2022 18:27:43 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4LY91W0ld5z2xQw for ; Wed, 29 Jun 2022 18:27:43 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4LY91V3Q5Mz1Nj; Wed, 29 Jun 2022 18:27:42 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1656527262; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=MNFKUzckyEm/1UrKdw1Jw63pyOwJuckxWpRvK2MNSy8=; b=xjy69aZ6YWW5RwqR5k2o6NjpithBMa26Yu2adxKFtijST6zMGBowBigevpbZ8TAVFDOSv4 fEUhXNDBZszdRBCA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1656527262; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=MNFKUzckyEm/1UrKdw1Jw63pyOwJuckxWpRvK2MNSy8=; b=GfXvBzZPU7nJTQclanUXZpJObCZI4xe8jnrQDppV/a3yB7M80W+rjXQZ3VXC5uEHF2oRIo ngGftiZRqHK4KZ1MPG7ivrSMyVL4F3mo9lQB7/yX91Z9aBTH6HRGWCBc5tXLZhzVIKq/0r hSiusbX4FXx+Q7ZiQcM5DMCunWH2vNVkz1zSnzNNCcLEfOxahAohGIpFozC3MU7/6E9nH8 UukCK7yFAKuzENRhERtaVw/bxHgFda0UTEY4i5qaM2yjyTFNmBrVoGy9YHecvkKNjn/z16 KWdt7nb1o/UCZP+xqtAADtdGz2d0DY8lwTvZerMWdtl/Hri+yESV0EiKXMw6IA== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 1/2] aliases: Add support to assign aliases to multiple RED interfaces Date: Wed, 29 Jun 2022 18:27:23 +0000 Message-Id: <20220629182724.392049-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This is a little patch which will extend the aliases page to offer an interface selection if there are more than one RED interfaces. This is a little hack to make configuration easier for users who have manually set up more than one RED interface (e.g. for load balancing or fail-over) and want to use the UI to configure firewall rules. As a little benefit on the side, I had to rewrite setaliases.c to use ip(8) instead of ifconfig(8). Signed-off-by: Michael Tremer Acked-by: Peter Müller --- config/cfgroot/network-functions.pl | 20 +++++++++ html/cgi-bin/aliases.cgi | 63 +++++++++++++++++++++++++---- langs/en/cgi-bin/en.pl | 1 + src/misc-progs/setaliases.c | 38 ++++++++++------- 4 files changed, 99 insertions(+), 23 deletions(-) diff --git a/config/cfgroot/network-functions.pl b/config/cfgroot/network-functions.pl index d50322823..4ac6d8670 100644 --- a/config/cfgroot/network-functions.pl +++ b/config/cfgroot/network-functions.pl @@ -332,6 +332,26 @@ sub setup_upstream_proxy() { } } +sub get_red_interfaces() { + my $default = &General::get_red_interface(); + + my @intfs = ( + $default, + ); + + opendir(INTERFACES, "/sys/class/net"); + + while (my $intf = readdir(INTERFACES)) { + if ($intf =~ m/^red[0-9]+$/) { + push(@intfs, $intf); + } + } + + closedir(INTERFACES); + + return &General::uniq(@intfs); +} + sub list_wireless_interfaces() { my %interfaces = (); diff --git a/html/cgi-bin/aliases.cgi b/html/cgi-bin/aliases.cgi index 7b80b3c84..def03ff9b 100644 --- a/html/cgi-bin/aliases.cgi +++ b/html/cgi-bin/aliases.cgi @@ -34,6 +34,7 @@ require '/var/ipfire/general-functions.pl'; # replace /var/ipcop with /var/ipcop require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; require "${General::swroot}/ids-functions.pl"; +require "${General::swroot}/network-functions.pl"; my $configfwdfw = "${General::swroot}/firewall/config"; my $configinput = "${General::swroot}/firewall/input"; @@ -52,6 +53,11 @@ undef (@dummy); my $setting = "${General::swroot}/ethernet/settings"; our $datafile = "${General::swroot}/ethernet/aliases"; +# Fetch the name of the main RED interface +my $RED_INTERFACE = &General::get_red_interface(); + +# Fetch all RED interfaces +my @RED_INTERFACES = &Network::get_red_interfaces(); our %settings=(); #Settings1 @@ -61,7 +67,8 @@ our %settings=(); $settings{'IP'} = ''; $settings{'ENABLED'} = 'off'; # Every check box must be set to off $settings{'NAME'} = ''; -my @nosaved=('IP','ENABLED','NAME'); # List here ALL setting2 fields. Mandatory +$settings{'INTERFACE'} = ''; +my @nosaved=('IP','ENABLED','NAME','INTERFACE'); # List here ALL setting2 fields. Mandatory $settings{'ACTION'} = ''; # add/edit/remove $settings{'KEY1'} = ''; # point record for ACTION @@ -215,10 +222,10 @@ if ($settings{'ACTION'} eq $Lang::tr{'add'}) { } unless ($errormessage) { if ($settings{'KEY1'} eq '') { #add or edit ? - unshift (@current, "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'}\n"); + unshift (@current, "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'},$settings{'INTERFACE'}\n"); &General::log($Lang::tr{'ip alias added'}); } else { - @current[$settings{'KEY1'}] = "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'}\n"; + @current[$settings{'KEY1'}] = "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'},$settings{'INTERFACE'}\n"; $settings{'KEY1'} = ''; # End edit mode &General::log($Lang::tr{'ip alias changed'}); } @@ -250,6 +257,7 @@ if ($settings{'ACTION'} eq $Lang::tr{'edit'}) { $settings{'IP'}=$temp[0]; # Prepare the screen for editing $settings{'ENABLED'}=$temp[1]; $settings{'NAME'}=$temp[2]; + $settings{'INTERFACE'}=$temp[3]; } if ($settings{'ACTION'} eq $Lang::tr{'remove'}) { @@ -295,6 +303,7 @@ if ($settings{'ACTION'} eq '' ) { # First launch from GUI &Header::openpage($Lang::tr{'external aliases configuration'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); my %checked =(); # Checkbox manipulations +my %selected = (); if ($errormessage) { &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); @@ -320,6 +329,11 @@ END # $checked{'ENABLED'}{'on'} = ($settings{'ENABLED'} eq 'on') ? "checked='checked'" : '' ; +$selected{'INTERFACE'} = (); +foreach my $intf (@RED_INTERFACES) { + $selected{'INTERFACE'}{$intf} = ($settings{'INTERFACE'} eq $intf) ? "selected" : ""; +} + my $buttontext = $Lang::tr{'add'}; if ($settings{'KEY1'} ne '') { $buttontext = $Lang::tr{'update'}; @@ -329,7 +343,7 @@ if ($settings{'KEY1'} ne '') { } #Edited line number (KEY1) passed until cleared by 'save' or 'remove' or 'new sort order' -print < @@ -340,6 +354,33 @@ print < $Lang::tr{'alias ip'}:  +END + +if (scalar @RED_INTERFACES >= 2) { + print <$Lang::tr{'interface'}: + + @@ -353,7 +394,7 @@ print < END -; + &Header::closebox(); # Add visual indicators to column headings to show sort order - EO @@ -419,9 +460,15 @@ foreach my $line (@current) { } print ""; + my $address = $temp[0]; + + if ($temp[3] ne "") { + $address .= " @ $temp[3]"; + } + print <$temp[2] -$temp[0] +$address
@@ -542,7 +589,7 @@ sub SortDataFile # The KEY,key record permits doublons. If removed, then F1 becomes the key without doublon permitted. - my @record = ('KEY',$key++,'IP',$temp[0],'ENABLED',$temp[1],'NAME',$temp[2]); + my @record = ('KEY',$key++,'IP',$temp[0],'ENABLED',$temp[1],'NAME',$temp[2],'INTERFACE',$temp[3]); my $record = {}; # create a reference to empty hash %{$record} = @record; # populate that hash with @record $entries{$record->{KEY}} = $record; # add this to a hash of hashes @@ -552,7 +599,7 @@ sub SortDataFile # Each field value is printed , with the newline ! Don't forget separator and order of them. foreach my $entry (sort fixedleasesort keys %entries) { - print FILE "$entries{$entry}->{IP},$entries{$entry}->{ENABLED},$entries{$entry}->{NAME}\n"; + print FILE "$entries{$entry}->{IP},$entries{$entry}->{ENABLED},$entries{$entry}->{NAME},$entries{$entry}->{INTERFACE}\n"; } close(FILE); diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index b4c24a535..eb3e5f14f 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -422,6 +422,7 @@ 'alcatelusb upload' => 'Upload Speedtouch USB firmware', 'alias ip' => 'Alias IP', 'aliases' => 'Aliases', +'aliases default interface' => '- Default Interface -', 'aliases not active' => 'Aliases will not be active unless your RED interface is STATIC', 'all' => 'All', 'all interfaces' => 'All Interfaces', diff --git a/src/misc-progs/setaliases.c b/src/misc-progs/setaliases.c index 4ba6816af..4d59aa0a8 100644 --- a/src/misc-progs/setaliases.c +++ b/src/misc-progs/setaliases.c @@ -28,6 +28,8 @@ struct keyvalue *kv = NULL; FILE *file = NULL; +#define SCOPE 128 + void exithandler(void) { if (kv) freekeyvalues(kv); @@ -45,6 +47,7 @@ int main(void) char *enabled; char *sptr; char *comment; + char* intf = NULL; int alias; int count; @@ -118,13 +121,12 @@ int main(void) exit(1); } - /* down the aliases in turn until ifconfig complains */ - alias=0; - do - { - memset(command, 0, STRING_SIZE); - snprintf(command, STRING_SIZE-1, "/sbin/ifconfig %s:%d down 2>/dev/null", red_dev, alias++); - } while (safe_system(command)==0); + // Flush all previous aliases + alias = 0; + do { + snprintf(command, STRING_SIZE - 1, + "ip addr flush dev red%d scope %d 2>/dev/null", alias++, SCOPE); + } while (safe_system(command) == 0); /* Now set up the new aliases from the config file */ if (!(file = fopen(CONFIG_ROOT "/ethernet/aliases", "r"))) @@ -144,15 +146,18 @@ int main(void) aliasip = NULL; enabled = NULL; comment = NULL; + intf = NULL; sptr = strtok(s, ","); while (sptr) { if (count == 0) aliasip = sptr; - if (count == 1) + else if (count == 1) enabled = sptr; - else + else if (count == 2) comment = sptr; + else if (count == 3) + intf = sptr; count++; sptr = strtok(NULL, ","); } @@ -175,15 +180,18 @@ int main(void) exit(1); } - memset(command, 0, STRING_SIZE); - snprintf(command, STRING_SIZE-1, - "/sbin/ifconfig %s:%d %s netmask %s up", - red_dev, alias, aliasip, red_netmask); + // Default to RED_DEV if intf isn't set + if (!intf) + intf = red_dev; + + snprintf(command, STRING_SIZE - 1, "ip addr add %s/%s dev %s scope %d", + aliasip, red_netmask, intf, SCOPE); safe_system(command); - memset(command, 0, STRING_SIZE); + + // Send an ARP broadcast snprintf(command, STRING_SIZE-1, "/usr/sbin/arping -q -c 1 -w 1 -i %s -S %s %s", - red_dev, aliasip, default_gateway); + intf, aliasip, default_gateway); safe_system(command); alias++; } From patchwork Wed Jun 29 18:27:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 5708 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4LY91b2gJVz40TS for ; Wed, 29 Jun 2022 18:27:47 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4LY91X64gvz1gC; Wed, 29 Jun 2022 18:27:44 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4LY91X07LDz302b; Wed, 29 Jun 2022 18:27:44 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4LY91W1NJZz2y2X for ; Wed, 29 Jun 2022 18:27:43 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4LY91W0HMbz1Nm; Wed, 29 Jun 2022 18:27:43 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1656527263; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5hSYl3Rjsg2sQtfWbcsihHi6xlCg0+6eefLmEGaQJxU=; b=OxhkFoa3rqOZIIyjGlzpCHqx8I+RGo28Qya14jWKAl2ugi9hw3McbFc4S8xML5u/Lnsbwu ffW78U1hyscH5eCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1656527263; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5hSYl3Rjsg2sQtfWbcsihHi6xlCg0+6eefLmEGaQJxU=; b=CQJ0+Z6hmmO/JYrDbwb9AuRv+zUQEbc0LyCcO/RfJgeRYiJkdAy+jcUnD/SR5/NlAWxJW+ JjJ0q71YTu30JOj9j7C2f0/psck8wgGTQykklPtl4SFysBEp3/ZC9DuE+e7003mFShHdxd lnhy1yei1ZhgTQhl9HvqcPXLi2a2p0pKE/7YSB70kXS9zGC2R3no1fzdxMu0zC1EMgrmy5 VUkx/owp+nXrogL2Ton4/lvDvCAltiY2mmRWqBVywCFRbKFwPj/tnkmNcstcj8zm+WPiPq jTHn7g0SNYqJsaLh/wc3Byd1P1TAPP2ycDLb38oJFoEPTDR84iZvECGe/OpiJw== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 2/2] aliases: Don't call arpping to announce new IP addresses Date: Wed, 29 Jun 2022 18:27:24 +0000 Message-Id: <20220629182724.392049-2-michael.tremer@ipfire.org> In-Reply-To: <20220629182724.392049-1-michael.tremer@ipfire.org> References: <20220629182724.392049-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" I am not sure what the rationale is here, but we should probably not do this. Other hosts on the network will be able to update their ARP caches properly. Signed-off-by: Michael Tremer Acked-by: Peter Müller --- src/misc-progs/setaliases.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/misc-progs/setaliases.c b/src/misc-progs/setaliases.c index 4d59aa0a8..a541a4fd2 100644 --- a/src/misc-progs/setaliases.c +++ b/src/misc-progs/setaliases.c @@ -188,11 +188,6 @@ int main(void) aliasip, red_netmask, intf, SCOPE); safe_system(command); - // Send an ARP broadcast - snprintf(command, STRING_SIZE-1, - "/usr/sbin/arping -q -c 1 -w 1 -i %s -S %s %s", - intf, aliasip, default_gateway); - safe_system(command); alias++; } return 0;