diff options
author | Ermal Luçi <eri@pfsense.org> | 2008-07-23 16:09:33 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2008-07-23 16:09:33 +0000 |
commit | ead45104a4b9620a3aee2d6230718cc7c3473b93 (patch) | |
tree | 0e9528dd1c650dc599822bc8a0fcfc3e27559e85 /usr/local/www/interfaces_gre_edit.php | |
parent | af6f0a3aa9baa78b89c2f78a48a8138ebc08d6a2 (diff) | |
download | pfsense-ead45104a4b9620a3aee2d6230718cc7c3473b93.zip pfsense-ead45104a4b9620a3aee2d6230718cc7c3473b93.tar.gz |
Implement frontend for GRE/GIF tunnels.
GIF tunnels migh conflict with IPsec settings but I will resolve later by either renaming the ipsec interfaces to ipsec or renanming this tunnels to something else.
Diffstat (limited to 'usr/local/www/interfaces_gre_edit.php')
-rw-r--r-- | usr/local/www/interfaces_gre_edit.php | 220 |
1 files changed, 220 insertions, 0 deletions
diff --git a/usr/local/www/interfaces_gre_edit.php b/usr/local/www/interfaces_gre_edit.php new file mode 100644 index 0000000..69a71f4 --- /dev/null +++ b/usr/local/www/interfaces_gre_edit.php @@ -0,0 +1,220 @@ +<?php +/* $Id$ */ +/* + interfaces_gre_edit.php + + Copyright (C) 2008 Ermal Luçi + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['gres']['gre'])) + $config['gres']['gre'] = array(); + +$a_gres = &$config['gres']['gre']; + + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_gres[$id]) { + $pconfig['if'] = $a_gres[$id]['if']; + $pconfig['greif'] = $a_gres[$id]['greif']; + $pconfig['remote-addr'] = $a_gres[$id]['remote-addr']; + $pconfig['tunnel-remote-net'] = $a_gres[$id]['tunnel-remote-net']; + $pconfig['tunnel-local-addr'] = $a_gres[$id]['tunnel-local-addr']; + $pconfig['tunnel-remote-addr'] = $a_gres[$id]['tunnel-remote-addr']; + $pconfig['link1'] = isset($a_gres[$id]['link1']); + $pconfig['link2'] = isset($a_gres[$id]['link2']); + $pconfig['link0'] = isset($a_gres[$id]['link0']); + $pconfig['descr'] = $a_gres[$id]['descr']; +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "if tunnel-remote-addr tunnel-remote-net tunnel-local-addr"); + $reqdfieldsn = explode(",", "Parent interface,Local address, Remote tunnel address, Remote tunnel network, Local tunnel address"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if ((!is_ipaddr($_POST['tunnel-local-addr'])) || (!is_ipaddr($_POST['tunnel-remote-addr'])) || + (!is_ipaddr($_POST['remote-addr']))) { + $input_errors[] = "All fildes must have valid ip addresses."; + } + + foreach ($a_gres as $gre) { + if (isset($id) && ($a_gres[$id]) && ($a_gres[$id] === $gre)) + continue; + + if (($gre['if'] == $_POST['if']) && ($gre['tunnel-remote-net'] == $_POST['tunnel-remote-net'])) { + $input_errors[] = "A gre with the network {$gre['remote-network']} is already defined."; + break; + } + } + + if (!$input_errors) { + $gre = array(); + $gre['if'] = $_POST['if']; + $gre['tunnel-local-addr'] = $_POST['tunnel-local-addr']; + $gre['tunnel-remote-addr'] = $_POST['tunnel-remote-addr']; + $gre['tunnel-remote-net'] = $_POST['tunnel-remote-net']; + $gre['remote-addr'] = $_POST['remote-addr']; + $gre['descr'] = $_POST['descr']; + $gre['link1'] = isset($_POST['link1']); + $gre['link2'] = isset($_POST['link2']); + $gre['link0'] = isset($_POST['link0']); + $gre['greif'] = $_POST['greif']; + + $gre['greif'] = interface_gre_configure($gre); + if ($gre['greif'] == "" || !stristr($gre['greif'], "gre")) + $input_errors[] = "Error occured creating interface, please retry."; + else { + if (isset($id) && $a_gres[$id]) + $a_gres[$id] = $gre; + else + $a_gres[] = $gre; + + write_config(); + + header("Location: interfaces_gre.php"); + exit; + } + } +} + +$pgtitle = array("Firewall","GRE","Edit"); +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<?php if ($input_errors) print_input_errors($input_errors); ?> + <form action="interfaces_gre_edit.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width="22%" valign="top" class="vncellreq">Parent interface</td> + <td width="78%" class="vtable"> + <select name="if" class="formselect"> + <?php + $portlist = get_configured_interface_with_descr(); + foreach ($portlist as $ifn => $ifinfo) { + echo "<option value=\"{$ifn}\""; + if ($ifn == $pconfig['if']) + echo "selected"; + echo ">{$ifinfo}</option>"; + } + ?> + </select> + <br/> + <span class="vexpl">The interface here servers as the local address to be used for the GRE tunnel.</span></td> + </tr> + <tr> + <td valign="top" class="vncellreq">GRE remote address. </td> + <td class="vtable"> + <input name="remote-addr" type="text" class="formfld unknown" id="remote-addr" size="16" value="<?=$pconfig['remote-addr'];?>"> + <br> + <span class="vexpl">Peer address where encapsulated GRE packets will be sent. </span></td> + </tr> + <tr> + <td valign="top" class="vncellreq">GRE tunnel local address. </td> + <td class="vtable"> + <input name="tunnel-local-addr" type="text" class="formfld unknown" id="tunnel-local-addr" size="16" value="<?=$pconfig['tunnel-local-addr'];?>"> + <br> + <span class="vexpl">Local GRE tunnel endpoint. </span></td> + </tr> + <tr> + <td valign="top" class="vncellreq">GRE tunnel remote address. </td> + <td class="vtable"> + <input name="tunnel-remote-addr" type="text" class="formfld unknown" id="tunnel-remote-addr" size="16" value="<?=$pconfig['tunnel-remote-addr'];?>"> + <select name="tunnel-remote-net" class="formselect" id="tunnel-remote-net"> + <?php + for ($i = 32; $i > 0; $i--) { + if($i <> 31) { + echo "<option value=\"{$i}\" "; + if ($i == $pconfig['tunnel-remote-net']) echo "selected"; + echo ">" . $i . "</option>"; + } + } + ?> + </select> + <br/> + <span class="vexpl">Remote GRE address endpoint. The subnet part is used for the determinig the network that is tunneled.</span></td> + </tr> + <tr> + <td valign="top" class="vncellreq">Mobile tunnel. </td> + <td class="vtable"> + <input name="link0" type="checkbox" id="link0" <?if ($pconfig['link0']) echo "checked";?>> + <br> + <span class="vexpl">Specify which encapsulation method the tunnel should do. </span></td> + </tr> + <tr> + <td valign="top" class="vncellreq">Route search type. </td> + <td class="vtable"> + <input name="link1" type="checkbox" id="link1" <?if ($pconfig['link1']) echo "checked";?>> + <br> + <span class="vexpl"> + For correct operation, the gre device needs a route to the destination + that is less specific than the one over the tunnel. (Basically, there + needs to be a route to the decapsulating host that does not run over the + tunnel, as this would be a loop.) If the addresses are ambiguous, doing + the ifconfig tunnel step before the ifconfig(8) call to set the gre IP + addresses will help to find a route outside the tunnel. + </span></td> + </tr> + <tr> + <td valign="top" class="vncellreq">WCCP version. </td> + <td class="vtable"> + <input name="link2" type="checkbox" id="link2" <?if ($pconfig['link2']) echo "checked";?>> + <br> + <span class="vexpl">Specify which WCCP encapsulation(version 1 or 2) method the tunnel should do. </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Description</td> + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> + <br> <span class="vexpl">You may enter a description here + for your reference (not parsed).</span></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input type="hidden" name="greif" value="<?=$pconfig['greif']; ?>"> + <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" value="Cancel" onclick="history.back()"> + <?php if (isset($id) && $a_gres[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"> + <?php endif; ?> + </td> + </tr> + </table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> |