$input_errors[] = gettext("A valid IPv6 address must be specified.");
} else {
if (ip_in_subnet($_POST['ipaddrv6'], "fe80::/10")) {
$input_errors[] = gettext("IPv6 link local addresses cannot be configured as an interface IP.");
}
$where_ipaddr_configured = where_is_ipaddr_configured($_POST['ipaddrv6'], $if, true, true, $_POST['subnetv6']);
if (count($where_ipaddr_configured)) {
$subnet_conflict_text = sprintf(gettext("IPv6 address %s is being used by or overlaps with:"), $_POST['ipaddrv6'] . "/" . $_POST['subnetv6']);
foreach ($where_ipaddr_configured as $subnet_conflict) {
$subnet_conflict_text .= " " . convert_friendly_interface_to_friendly_descr($subnet_conflict['if']) . " (" . $subnet_conflict['ip_or_subnet'] . ")";
}
$input_errors[] = $subnet_conflict_text;
}
foreach ($staticroutes as $route_subnet) {
list($network, $subnet) = explode("/", $route_subnet);
if ($_POST['subnetv6'] == $subnet && $network == gen_subnetv6($_POST['ipaddrv6'], $_POST['subnetv6'])) {
$input_errors[] = gettext("This IPv6 address conflicts with a Static Route.");
break;
}
unset($network, $subnet);
}
}
}
if ($_POST['subnet'] && !is_numeric($_POST['subnet'])) {
$input_errors[] = gettext("A valid subnet bit count must be specified.");
}
if ($_POST['subnetv6'] && !is_numeric($_POST['subnetv6'])) {
$input_errors[] = gettext("A valid subnet bit count must be specified.");
}
if ($_POST['alias-address'] && !is_ipaddrv4($_POST['alias-address'])) {
$input_errors[] = gettext("A valid alias IP address must be specified.");
/* make sure no inbound NAT mappings reference this entry */
if (is_array($config['nat']['rule'])) {
foreach ($config['nat']['rule'] as $rule) {
if ($rule['destination']['address'] != "") {
if ($rule['destination']['address'] == $a_vip[$_GET['id']]['subnet']) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one NAT mapping.");
break;
}
}
}
}
if (is_ipaddrv6($a_vip[$_GET['id']]['subnet'])) {
$is_ipv6 = true;
$subnet = gen_subnetv6($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']);
$if_subnet_bits = get_interface_subnetv6($a_vip[$_GET['id']]['interface']);
$if_subnet = gen_subnetv6(get_interface_ipv6($a_vip[$_GET['id']]['interface']), $if_subnet_bits);
} else {
$is_ipv6 = false;
$subnet = gen_subnet($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']);
$if_subnet_bits = get_interface_subnet($a_vip[$_GET['id']]['interface']);
$if_subnet = gen_subnet(get_interface_ip($a_vip[$_GET['id']]['interface']), $if_subnet_bits);
}
$subnet .= "/" . $a_vip[$_GET['id']]['subnet_bits'];
$if_subnet .= "/" . $if_subnet_bits;
if (is_array($config['gateways']['gateway_item'])) {
foreach ($config['gateways']['gateway_item'] as $gateway) {
if ($a_vip[$_GET['id']]['interface'] != $gateway['interface']) {
continue;
}
if ($is_ipv6 && $gateway['ipprotocol'] == 'inet') {
continue;
if (strpos($_POST['interface'], '_vip')) {
$input_errors[] = gettext("A CARP parent interface can only be used with IP Alias type Virtual IPs.");
}
}
break;
case 'ipalias':
if (strstr($_POST['interface'], "_vip")) {
if (is_ipaddrv4($_POST['subnet'])) {
$parent_ip = get_interface_ip($_POST['interface']);
$parent_sn = get_interface_subnet($_POST['interface']);
$subnet = gen_subnet($parent_ip, $parent_sn);
} else {
if (is_ipaddrv6($_POST['subnet'])) {
$parent_ip = get_interface_ipv6($_POST['interface']);
$parent_sn = get_interface_subnetv6($_POST['interface']);
$subnet = gen_subnetv6($parent_ip, $parent_sn);
}
}
if (isset($parent_ip) && !ip_in_subnet($_POST['subnet'], "{$subnet}/{$parent_sn}") && !ip_in_interface_alias_subnet(link_carp_interface_to_parent($_POST['interface']), $_POST['subnet'])) {
$cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'];
$input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."), $cannot_find);
}
unset($parent_ip, $parent_sn, $subnet);
}
break;
default:
if ($_POST['interface'] == 'lo0') {
$input_errors[] = gettext("For this type of vip localhost is not allowed.");
} else {
if (strpos($_POST['interface'], '_vip')) {
$input_errors[] = gettext("A CARP parent interface can only be used with IP Alias type Virtual IPs.");
}
} else {
$old_targets[] = $oroute['network'];
}
}
$overlaps = array_intersect($current_targets, $new_targets);
$overlaps = array_diff($overlaps, $old_targets);
if (count($overlaps)) {
$input_errors[] = gettext("A route to these destination networks already exists") . ": " . implode(", ", $overlaps);
}
if (is_array($config['interfaces'])) {
foreach ($config['interfaces'] as $if) {
if (is_ipaddrv4($_POST['network']) && isset($if['ipaddr']) && isset($if['subnet']) && is_ipaddrv4($if['ipaddr']) && is_numeric($if['subnet']) && $_POST['network_subnet'] == $if['subnet'] && gen_subnet($_POST['network'], $_POST['network_subnet']) == gen_subnet($if['ipaddr'], $if['subnet'])) {
$input_errors[] = sprintf(gettext("This network conflicts with address configured on interface %s."), $if['descr']);
} else {
if (is_ipaddrv6($_POST['network']) && isset($if['ipaddrv6']) && isset($if['subnetv6']) && is_ipaddrv6($if['ipaddrv6']) && is_numeric($if['subnetv6']) && $_POST['network_subnet'] == $if['subnetv6'] && gen_subnetv6($_POST['network'], $_POST['network_subnet']) == gen_subnetv6($if['ipaddrv6'], $if['subnetv6'])) {
$input_errors[] = sprintf(gettext("This network conflicts with address configured on interface %s."), $if['descr']);
}
}
}
}
if (!$input_errors) {
$route = array();
$route['network'] = $osn;
$route['gateway'] = $_POST['gateway'];
$route['descr'] = $_POST['descr'];
if ($_POST['disabled']) {
$route['disabled'] = true;
} else {
unset($route['disabled']);
}
if ($_POST['network_subnet'] && !is_numeric($_POST['network_subnet'])) {
$input_errors[] = gettext("A valid destination network bit count must be specified.");
}
if ($_POST['gateway'] && is_ipaddr($_POST['network'])) {
if (!isset($a_gateways[$_POST['gateway']])) {
$input_errors[] = gettext("A valid gateway must be specified.");
}
if (!validate_address_family($_POST['network'], lookup_gateway_ip_by_name($_POST['gateway']))) {
$input_errors[] = gettext("The gateway '{$a_gateways[$_POST['gateway']]['gateway']}' is a different Address Family as network '{$_POST['network']}'.");
}
}
/* check for overlaps */
$current_targets = get_staticroutes(true);
$new_targets = array();
if (is_ipaddrv6($_POST['network'])) {
$osn = Net_IPv6::compress(gen_subnetv6($_POST['network'], $_POST['network_subnet'])) . "/" . $_POST['network_subnet'];
$new_targets[] = $osn;
}
if (is_ipaddr($_POST['network'])) {
if ($_POST['network_subnet'] > 32) {
$input_errors[] = gettext("A IPv4 subnet can not be over 32 bits.");
} else {
$osn = gen_subnet($_POST['network'], $_POST['network_subnet']) . "/" . $_POST['network_subnet'];
$new_targets[] = $osn;
}
} elseif (is_alias($_POST['network'])) {
$osn = $_POST['network'];
foreach (filter_expand_alias_array($_POST['network']) as $tgt) {
if (is_ipaddr($tgt)) {
$tgt .= "/32";
}
if (is_ipaddrv6($_POST['gateway'])) {
/* do not do a subnet match on a link local address, it's valid */
if (!is_linklocal($_POST['gateway'])) {
$parent_ip = get_interface_ipv6($_POST['interface']);
$parent_sn = get_interface_subnetv6($_POST['interface']);
if (empty($parent_ip) || empty($parent_sn)) {
$input_errors[] = gettext("Cannot add IPv6 Gateway Address because no IPv6 address could be found on the interface.");
} elseif (!isset($_POST["nonlocalgateway"])) {
$subnets = array(gen_subnetv6($parent_ip, $parent_sn) . "/" . $parent_sn);
$vips = link_interface_to_vips($_POST['interface']);
if (is_array($vips)) {
foreach ($vips as $vip) {
if (!is_ipaddrv6($vip['subnet'])) {
continue;
}
$subnets[] = gen_subnetv6($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'];
}
}
$found = false;
foreach ($subnets as $subnet) {
if (ip_in_subnet($_POST['gateway'], $subnet)) {
$found = true;
break;
}
}
if ($found === false) {
$input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within one of the chosen interface's subnets."), $_POST['gateway']);
}
}
}
}
break;
}
unset($network, $subnet);
}
}
}
if (!empty($pconfig['ipaddrv6'])) {
if (!is_ipaddrv6($pconfig['ipaddrv6'])) {
$input_errors[] = gettext("A valid IPv6 address must be specified.");
} else {
if (is_ipaddr_configured($pconfig['ipaddrv6'], $if, true)) {
$input_errors[] = gettext("This IPv6 address is being used by another interface or VIP.");
}
foreach ($staticroutes as $route_subnet) {
list($network, $subnet) = explode("/", $route_subnet);
if ($pconfig['subnetv6'] == $subnet && $network == gen_subnetv6($pconfig['ipaddrv6'], $pconfig['subnetv6'])) {
$input_errors[] = gettext("This IPv6 address conflicts with a Static Route.");
break;
}
unset($network, $subnet);
}
}
}
if (!empty($pconfig['subnet']) && !is_numeric($pconfig['subnet'])) {
$input_errors[] = gettext("A valid subnet bit count must be specified.");
}
if (!empty($pconfig['subnetv6']) && !is_numeric($pconfig['subnetv6'])) {
$input_errors[] = gettext("A valid subnet bit count must be specified.");
}
if (!empty($pconfig['alias-address']) && !is_ipaddrv4($pconfig['alias-address'])) {
$input_errors[] = gettext("A valid alias IP address must be specified.");
</td>
<td width="78%" class="vtable">
<?php
echo $ifcfgsn;
?>
bits
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?php
echo gettext("Available range");
?>
</td>
<td width="78%" class="vtable">
<?php
$range_from = gen_subnetv6($ifcfgip, $ifcfgsn);
$range_from++;
echo $range_from;
?>
-
<?php
$range_to = gen_subnetv6_max($ifcfgip, $ifcfgsn);
echo $range_to;
?>
</td>
</tr>
<?php
}
?>
<?php
print_info_box(gettext("The DHCPv6 Server can only be enabled on interfaces configured with a static IPv6 address. This system has none."), 'danger');
include "foot.inc";
exit;
}
$tab_array = array();
$tab_array[] = array(gettext("DHCPv6 Server"), true, "services_dhcpv6.php?if={$if}");
$tab_array[] = array(gettext("Router Advertisements"), false, "services_router_advertisements.php?if={$if}");
display_top_tabs($tab_array);
require_once 'classes/Form.class.php';
$form = new Form(new Form_Button('Submit', 'Save'));
$section = new Form_Section('DHCPv6 Options');
$section->addInput(new Form_Checkbox('enable', 'DHCPv6 Server', 'Enable DHCPv6 server on interface ' . $iflist[$if], $pconfig['enable']))->toggles('.form-group:not(:first-child)');
if (is_ipaddrv6($ifcfgip)) {
$section->addInput(new Form_StaticText('Subnet', gen_subnetv6($ifcfgip, $ifcfgsn)));
$section->addInput(new Form_StaticText('Subnet Mask', $ifcfgsn . ' bits'));
$section->addInput(new Form_StaticText('Available Range', $range_from = gen_subnetv6($ifcfgip, $ifcfgsn) . ' to ' . gen_subnetv6_max($ifcfgip, $ifcfgsn)));
}
if ($is_olsr_enabled) {
$section->addInput(new Form_Select('netmask', 'Subnetmask', $pconfig['netmask'], array_combine(range(128, 1, -1), range(128, 1, -1))));
}
$f1 = new Form_Input('range_from', null, 'text', $pconfig['range_from']);
$f1->setHelp('To');
$f2 = new Form_Input('range_to', null, 'text', $pconfig['range_to']);
$f2->setHelp('From');
$group = new Form_Group('Range');
$group->add($f1);
$group->add($f2);
$section->add($group);
$f1 = new Form_Input('prefix_from', null, 'text', $pconfig['prefix_from']);
$f1->setHelp('To');
$f2 = new Form_Input('prefix_to', null, 'text', $pconfig['prefix_to']);
}
}
$natiflist = get_configured_interface_with_descr();
foreach ($natiflist as $natif => $natdescr) {
if ($_POST['interface'] == $natif && (empty($config['interfaces'][$natif]['ipaddr']) && empty($config['interfaces'][$natif]['ipaddrv6']))) {
$input_errors[] = gettext("The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP.");
}
}
/* ipalias and carp should not use network or broadcast address */
if ($_POST['mode'] == "ipalias" || $_POST['mode'] == "carp") {
if (is_ipaddrv4($_POST['subnet']) && $_POST['subnet_bits'] != "32" && $_POST['subnet_bits'] != "31") {
$network_addr = gen_subnet($_POST['subnet'], $_POST['subnet_bits']);
$broadcast_addr = gen_subnet_max($_POST['subnet'], $_POST['subnet_bits']);
} else {
if (is_ipaddrv6($_POST['subnet']) && $_POST['subnet_bits'] != "128") {
$network_addr = gen_subnetv6($_POST['subnet'], $_POST['subnet_bits']);
$broadcast_addr = gen_subnetv6_max($_POST['subnet'], $_POST['subnet_bits']);
}
}
if (isset($network_addr) && $_POST['subnet'] == $network_addr) {
$input_errors[] = gettext("You cannot use the network address for this VIP");
} else {
if (isset($broadcast_addr) && $_POST['subnet'] == $broadcast_addr) {
$input_errors[] = gettext("You cannot use the broadcast address for this VIP");
}
}
}
/* make sure new ip is within the subnet of a valid ip
* on one of our interfaces (wan, lan optX)
*/
switch ($_POST['mode']) {
/**
* delete virtual ip
*/
function deleteVIPEntry($id)
{
global $config;
$input_errors = array();
$a_vip =& $config['virtualip']['vip'];
/* make sure no inbound NAT mappings reference this entry */
if (isset($config['nat']['rule'])) {
foreach ($config['nat']['rule'] as $rule) {
if (!empty($rule['destination']['address'])) {
if ($rule['destination']['address'] == $a_vip[$id]['subnet']) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one NAT mapping.");
break;
}
}
}
}
if (is_ipaddrv6($a_vip[$id]['subnet'])) {
$is_ipv6 = true;
$subnet = gen_subnetv6($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']);
$if_subnet_bits = get_interface_subnetv6($a_vip[$id]['interface']);
$if_subnet = gen_subnetv6(get_interface_ipv6($a_vip[$id]['interface']), $if_subnet_bits);
} else {
$is_ipv6 = false;
$subnet = gen_subnet($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']);
$if_subnet_bits = get_interface_subnet($a_vip[$id]['interface']);
$if_subnet = gen_subnet(get_interface_ip($a_vip[$id]['interface']), $if_subnet_bits);
}
$subnet .= "/" . $a_vip[$id]['subnet_bits'];
$if_subnet .= "/" . $if_subnet_bits;
if (isset($config['gateways']['gateway_item'])) {
foreach ($config['gateways']['gateway_item'] as $gateway) {
if ($a_vip[$id]['interface'] != $gateway['interface']) {
continue;
}
if ($is_ipv6 && $gateway['ipprotocol'] == 'inet') {
continue;
}
if (!$is_ipv6 && $gateway['ipprotocol'] == 'inet6') {
continue;
}
if (ip_in_subnet($gateway['gateway'], $if_subnet)) {
continue;
}
if (ip_in_subnet($gateway['gateway'], $subnet)) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one Gateway.");
break;
}
}
}
if ($a_vip[$id]['mode'] == "ipalias") {
$subnet = gen_subnet($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']) . "/" . $a_vip[$id]['subnet_bits'];
$found_if = false;
$found_carp = false;
$found_other_alias = false;
if ($subnet == $if_subnet) {
$found_if = true;
}
$vipiface = $a_vip[$id]['interface'];
foreach ($a_vip as $vip_id => $vip) {
if ($vip_id != $id) {
if ($vip['interface'] == $vipiface && ip_in_subnet($vip['subnet'], $subnet)) {
if ($vip['mode'] == "carp") {
$found_carp = true;
} else {
if ($vip['mode'] == "ipalias") {
$found_other_alias = true;
}
}
}
}
}
if ($found_carp === true && $found_other_alias === false && $found_if === false) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by a CARP IP with the description") . " {$vip['descr']}.";
}
}
if (count($input_errors) == 0) {
// Special case since every proxyarp vip is handled by the same daemon.
if ($a_vip[$id]['mode'] == "proxyarp") {
$viface = $a_vip[$id]['interface'];
unset($a_vip[$id]);
interface_proxyarp_configure($viface);
} else {
interface_vip_bring_down($a_vip[$id]);
unset($a_vip[$id]);
}
if (count($config['virtualip']['vip']) == 0) {
unset($config['virtualip']['vip']);
}
}
return $input_errors;
}
if ($dhcrelay_enabled) {
include "foot.inc";
exit;
}
$form = new Form();
$section = new Form_Section('DHCPv6 Options');
$section->addInput(new Form_Checkbox('enable', 'DHCPv6 Server', 'Enable DHCPv6 server on interface ' . $iflist[$if], $pconfig['enable']));
if (is_ipaddrv6($ifcfgip)) {
if ($ifcfgip == "::") {
$sntext = "Prefix Delegation";
} else {
$sntext = gen_subnetv6($ifcfgip, $ifcfgsn);
}
$section->addInput(new Form_StaticText('Subnet', $sntext));
$section->addInput(new Form_StaticText('Subnet Mask', $ifcfgsn . ' bits'));
$section->addInput(new Form_StaticText('Available Range', $range_from = gen_subnetv6($ifcfgip, $ifcfgsn) . ' to ' . gen_subnetv6_max($ifcfgip, $ifcfgsn)))->setHelp($trackifname ? 'Prefix Delegation subnet will be appended to the beginning of the defined range' : '');
}
if ($is_olsr_enabled) {
$section->addInput(new Form_Select('netmask', 'Subnet Mask', $pconfig['netmask'], array_combine(range(128, 1, -1), range(128, 1, -1))));
}
$f1 = new Form_Input('range_from', null, 'text', $pconfig['range_from']);
$f1->setHelp('From');
$f2 = new Form_Input('range_to', null, 'text', $pconfig['range_to']);
$f2->setHelp('To');
$group = new Form_Group('Range');
$group->add($f1);
$group->add($f2);
$section->add($group);
$f1 = new Form_Input('prefixrange_from', null, 'text', $pconfig['prefixrange_from']);
$f1->setHelp('From');
$f2 = new Form_Input('prefixrange_to', null, 'text', $pconfig['prefixrange_to']);
if (empty($_POST['password'])) {
$input_errors[] = gettext("You must specify a CARP password that is shared between the two VHID members.");
}
if (is_ipaddrv4($_POST['subnet'])) {
$parent_ip = get_interface_ip($_POST['interface']);
$parent_sn = get_interface_subnet($_POST['interface']);
if (!ip_in_subnet($_POST['subnet'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['interface'], $_POST['subnet'])) {
$cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'];
$input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."), $cannot_find);
}
}
if (is_ipaddrv6($_POST['subnet'])) {
$parent_ip = get_interface_ipv6($_POST['interface']);
$parent_sn = get_interface_subnetv6($_POST['interface']);
$subnet = gen_subnetv6($parent_ip, $parent_sn);
if (!ip_in_subnet($_POST['subnet'], gen_subnetv6($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['interface'], $_POST['subnet'])) {
$cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'];
$input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."), $cannot_find);
}
}
if (strstr($_POST['interface'], "_vip")) {
$input_errors[] = gettext("For this type of vip a carp parent is not allowed.");
}
break;
case "ipalias":
if (strstr($_POST['interface'], "_vip")) {
$parent_ip = get_interface_ip($_POST['interface']);
$parent_sn = get_interface_subnet($_POST['interface']);
if (!ip_in_subnet($_POST['subnet'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['interface'], $_POST['subnet'])) {
$cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'];
$input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."), $cannot_find);
} else {
$subnet = gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn;
if (!ip_in_subnet($_POST['gateway'], $subnet)) {
$input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within the chosen interface's subnet '%2\$s'."), $_POST['gateway'], $subnet);
}
}
}
if (is_ipaddrv6($_POST['gateway'])) {
/* do not do a subnet match on a link local address, it's valid */
if (!preg_match("/fe80::/", $_POST['gateway'])) {
$parent_ip = get_interface_ipv6($_POST['interface']);
$parent_sn = get_interface_subnetv6($_POST['interface']);
if (empty($parent_ip) || empty($parent_sn)) {
$input_errors[] = gettext("You can not use a IPv4 Gateway Address on a IPv6 only interface.");
} else {
$subnet = gen_subnetv6($parent_ip, $parent_sn) . "/" . $parent_sn;
if (!ip_in_subnet($_POST['gateway'], $subnet)) {
$input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within the chosen interface's subnet '%2\$s'."), $_POST['gateway'], $subnet);
}
}
}
}
if (!empty($config['interfaces'][$_POST['interface']]['ipaddr'])) {
if (is_ipaddr($config['interfaces'][$_POST['interface']]['ipaddr']) && (empty($_POST['gateway']) || $_POST['gateway'] == "dynamic")) {
$input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv4 configuration.");
}
}
if (!empty($config['interfaces'][$_POST['interface']]['ipaddrv6'])) {
if (is_ipaddr($config['interfaces'][$_POST['interface']]['ipaddrv6']) && (empty($_POST['gateway']) || $_POST['gateway'] == "dynamic")) {
$input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv6 configuration.");
}