Changeset 870
- Timestamp:
- Apr 3, 2020, 12:30:49 AM (5 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Application/UpdateTrace.php
r869 r870 2102 2102 "VALUES (NULL , 'Omezení rychlosti', ".$DbRow['Id'].", '".$ActionId."', '1');"); 2103 2103 } 2104 } 2105 2106 function UpdateTo870($Manager) 2107 { 2108 $Manager->Execute('ALTER TABLE `NetworkSubnet`ADD COLUMN `MaskIPv6` INT(11) NOT NULL AFTER `AddressRangeIPv6`;'); 2109 $Manager->Execute('UPDATE `NetworkSubnet` SET `MaskIPv6`=64 WHERE `AddressRangeIPv6` != ""'); 2110 $Manager->Execute('UPDATE `NetworkSubnet` SET `AddressRangeIPv6` = REPLACE(`AddressRangeIPv6`, "/64", "")'); 2104 2111 } 2105 2112 … … 2203 2210 862 => array('Revision' => 867, 'Function' => 'UpdateTo867'), 2204 2211 867 => array('Revision' => 869, 'Function' => 'UpdateTo869'), 2212 869 => array('Revision' => 870, 'Function' => 'UpdateTo870'), 2205 2213 )); 2206 2214 } -
trunk/Application/Version.php
r869 r870 1 1 <?php 2 2 3 $Revision = 8 69; // Subversion revision4 $DatabaseRevision = 8 69; // SQL structure revision5 $ReleaseTime = strtotime('2020-0 3-31');3 $Revision = 870; // Subversion revision 4 $DatabaseRevision = 870; // SQL structure revision 5 $ReleaseTime = strtotime('2020-04-03'); -
trunk/Modules/Network/Network.php
r869 r870 268 268 'ExtMask' => array('Type' => 'String', 'Caption' => 'Vnější prefix', 'Default' => ''), 269 269 'AddressRangeIPv6' => array('Type' => 'String', 'Caption' => 'Rozsah adres IPv6', 'Default' => ''), 270 'MaskIPv6' => array('Type' => 'Integer', 'Caption' => 'Prefix IPv6', 'Default' => ''), 270 271 'Configure' => array('Type' => 'Boolean', 'Caption' => 'Nastavovat', 'Default' => ''), 271 272 'Interfaces' => array('Type' => 'TNetworkSubnetInterfaceList', 'Caption' => 'Rozhraní', 'Default' => ''), -
trunk/Modules/NetworkConfigRouterOS/Generators/Common.php
r790 r870 33 33 } 34 34 35 function InsertToAddressTree (&$Tree, $Address, $Name, $InterSubnets = false, $ForceMark = false)35 function InsertToAddressTreeIPv4(&$Tree, $Address, $Name, $InterSubnets = false, $ForceMark = false) 36 36 { 37 37 global $Config; … … 42 42 if($Node['Address']->Contain($Address)) 43 43 { 44 InsertToAddressTree ($Tree['Items'][$Index], $Address, $Name, true);44 InsertToAddressTreeIPv4($Tree['Items'][$Index], $Address, $Name, true); 45 45 $Found = true; 46 46 } … … 54 54 $NewAddress->Address = $Address->Address; 55 55 $NewAddress->ChangePrefix($Tree['Address']->Prefix + 1); 56 //echo('InsertToTree('.$NewAddress->AddressToString().'/'.$NewAddress->Prefix.')'."\n");57 56 $Tree['Items'][] = array('Address' => $NewAddress, 'Name' => $Name, 'Items' => array(), 'ForceMark' => false); 58 InsertToAddressTree ($Tree['Items'][count($Tree['Items']) - 1], $Address, $Name, true);57 InsertToAddressTreeIPv4($Tree['Items'][count($Tree['Items']) - 1], $Address, $Name, true); 59 58 } else 60 59 { 61 62 60 $NewNode = array('Address' => $Address, 'Name' => $Name, 'Items' => array(), 'ForceMark' => $ForceMark); 63 61 … … 69 67 ($Node['Address']->Prefix == $NewNode['Address']->Prefix)) $Found = true; 70 68 71 //echo($Index.','); 69 if($Address->Contain($Node['Address'])) 70 { 71 $NewNode['Items'][] = $Node; 72 unset($Tree['Items'][$Index]); 73 } 74 } 75 if($Found == false) $Tree['Items'][] = $NewNode; 76 } 77 } 78 } 79 80 function InsertToAddressTreeIPv6(&$Tree, $Address, $Name, $InterSubnets = false, $ForceMark = false) 81 { 82 global $Config; 83 84 $Found = false; 85 foreach($Tree['Items'] as $Index => $Node) 86 { 87 if($Node['Address']->Contain($Address)) 88 { 89 InsertToAddressTreeIPv6($Tree['Items'][$Index], $Address, $Name, true); 90 $Found = true; 91 } 92 } 93 if($Found == false) 94 { 95 if($InterSubnets and ($Tree['Address']->Prefix < $Config['MainRouter']['MangleRuleSubgroupMinPrefix']) and 96 ($Address->Prefix > ($Tree['Address']->Prefix + 1))) 97 { 98 $NewAddress = new NetworkAddressIPv6(); 99 $NewAddress->Address = $Address->Address; 100 $NewAddress->ChangePrefix($Tree['Address']->Prefix + 1); 101 $Tree['Items'][] = array('Address' => $NewAddress, 'Name' => $Name, 'Items' => array(), 'ForceMark' => false); 102 InsertToAddressTreeIPv6($Tree['Items'][count($Tree['Items']) - 1], $Address, $Name, true); 103 } else 104 { 105 $NewNode = array('Address' => $Address, 'Name' => $Name, 'Items' => array(), 'ForceMark' => $ForceMark); 106 107 // Should be existed items placed under new node? 108 $Found = false; 109 foreach($Tree['Items'] as $Index => $Node) 110 { 111 if(($Node['Address']->Address == $NewNode['Address']->Address) and 112 ($Node['Address']->Prefix == $NewNode['Address']->Prefix)) $Found = true; 113 72 114 if($Address->Contain($Node['Address'])) 73 115 { … … 89 131 } 90 132 } 91 92 /*93 function Test()94 {95 $SubnetTree = array('Address' => new NetworkAddressIPv4(), 'Items' => array());96 97 $NewAddress = new NetworkAddressIPv4();98 $NewAddress->AddressFromString('10.145.64.0');99 $NewAddress->Prefix = 24;100 InsertToAddressTree($SubnetTree, $NewAddress);101 $NewAddress = new NetworkAddressIPv4();102 $NewAddress->AddressFromString('10.145.64.0');103 $NewAddress->Prefix = 29;104 InsertToAddressTree($SubnetTree, $NewAddress);105 $NewAddress = new NetworkAddressIPv4();106 $NewAddress->AddressFromString('10.145.65.0');107 $NewAddress->Prefix = 24;108 InsertToAddressTree($SubnetTree, $NewAddress);109 $NewAddress = new NetworkAddressIPv4();110 $NewAddress->AddressFromString('10.145.65.156');111 $NewAddress->Prefix = 32;112 InsertToAddressTree($SubnetTree, $NewAddress);113 $NewAddress = new NetworkAddressIPv4();114 $NewAddress->AddressFromString('10.145.64.0');115 $NewAddress->Prefix = 20;116 InsertToAddressTree($SubnetTree, $NewAddress);117 118 119 ShowSubnetNode($SubnetTree);120 die();121 }122 */ -
trunk/Modules/NetworkConfigRouterOS/Generators/FirewallMangle.php
r811 r870 49 49 function Run() 50 50 { 51 $this->RunIPv4(); 52 $this->RunIPv6(); 53 } 54 55 function RunIPv4() 56 { 51 57 global $ItemsFirewall; 52 58 53 59 $PathFirewall = array('ip', 'firewall', 'mangle'); 54 60 … … 61 67 $InetInterface = $this->System->Config['MainRouter']['InetInterface']; 62 68 63 64 69 // Generate address tree 65 70 $AddressTree = array('Address' => new NetworkAddressIPv4(), 'Name' => 'main', 'Items' => array(), 'ForceMark' => false); … … 72 77 $NewAddress->AddressFromString($Subnet['AddressRange']); 73 78 $NewAddress->Prefix = $Subnet['Mask']; 74 InsertToAddressTree ($AddressTree, $NewAddress, 'subnet-'.RouterOSIdent($Subnet['Name']));79 InsertToAddressTreeIPv4($AddressTree, $NewAddress, 'subnet-'.RouterOSIdent($Subnet['Name'])); 75 80 } 76 81 … … 96 101 $NewAddress = new NetworkAddressIPv4(); 97 102 $NewAddress->AddressFromString($Interface['LocalIP']); 98 $NewAddress->Prefix = 32;99 InsertToAddressTree ($AddressTree, $NewAddress, $Name);103 $NewAddress->Prefix = IPV4_BIT_WIDTH; 104 InsertToAddressTreeIPv4($AddressTree, $NewAddress, $Name); 100 105 } 101 106 } 102 107 103 $DbResult2 = $this->Database->select('NetworkSubnet', '*', ' `Member`='.$Member['Id']);108 $DbResult2 = $this->Database->select('NetworkSubnet', '*', '(`Member`='.$Member['Id'].') AND (AddressRange != "")'); 104 109 while($Subnet = $DbResult2->fetch_assoc()) 105 110 { … … 112 117 else $ForceMark = false; 113 118 echo($ForceMark.', '); 114 InsertToAddressTree ($AddressTree, $NewAddress, $Subnet['Name'], false, $ForceMark);119 InsertToAddressTreeIPv4($AddressTree, $NewAddress, $Subnet['Name'], false, $ForceMark); 115 120 } 116 121 echo("\n"); … … 143 148 $Routerboard->ListUpdate($PathFirewall, array('chain', 'dst-address', 'in-interface', 'action', 'new-packet-mark', 'passthrough', 'comment', 'out-interface', 'src-address', 'jump-target'), $ItemsFirewall, array(), true); 144 149 } 150 151 function RunIPv6() 152 { 153 global $ItemsFirewall; 154 155 $PathFirewall = array('ipv6', 'firewall', 'mangle'); 156 157 $Routerboard = new Routerboard(); 158 $Routerboard->UserName = $this->System->Config['MainRouter']['UserName']; 159 $Routerboard->Timeout = $this->System->Config['MainRouter']['ConnectTimeout']; 160 $Routerboard->HostName = $this->System->Config['MainRouter']['HostName']; 161 $Routerboard->Debug = true; 162 163 $InetInterface = $this->System->Config['MainRouter']['InetInterface']; 164 165 // Generate address tree 166 $AddressTree = array('Address' => new NetworkAddressIPv4(), 'Name' => 'main', 'Items' => array(), 'ForceMark' => false); 167 168 // Divide rules by subnet number 169 $DbResult = $this->System->Database->query('SELECT `Id`, `Name`, `AddressRangeIPv6`, `MaskIPv6` FROM `NetworkSubnet` '. 170 'WHERE (`Member` IS NULL) AND (`AddressRangeIPv6` != "")'); 171 while($Subnet = $DbResult->fetch_assoc()) 172 { 173 $NewAddress = new NetworkAddressIPv6(); 174 $NewAddress->AddressFromString($Subnet['AddressRangeIPv6']); 175 $NewAddress->Prefix = $Subnet['MaskIPv6']; 176 InsertToAddressTreeIPv6($AddressTree, $NewAddress, 'subnet-'.RouterOSIdent($Subnet['Name'])); 177 } 178 179 // Process users 180 $DbResult = $this->System->Database->query('SELECT `Member`.*, `Subject`.`Name` FROM `Member` '. 181 'LEFT JOIN `Subject` ON `Subject`.`Id` = `Member`.`Subject` '. 182 'WHERE `Member`.`Blocked` = 0'); 183 while($Member = $DbResult->fetch_assoc()) 184 { 185 $Member['Name'] = RouterOSIdent($Member['Name'].'-'.$Member['Id'] ); 186 echo('Uživatel '.$Member['Name'].': '); 187 188 $DbResult2 = $this->System->Database->select('NetworkDevice', '*', '`Used` = 1 AND `Member` = '.$Member['Id']); 189 while($Device = $DbResult2->fetch_assoc()) 190 { 191 $DbResult3 = $this->Database->select('NetworkInterface', '*', '`Device` = '.$Device['Id'].' AND `IPv6` != ""'); 192 while($Interface = $DbResult3->fetch_assoc()) 193 { 194 $Name = $Device['Name']; 195 if($Interface['Name'] != '') $Name .= '-'.$Interface['Name']; 196 $Name = RouterOSIdent($Name); 197 echo($Name.', '); 198 $NewAddress = new NetworkAddressIPv6(); 199 $NewAddress->AddressFromString($Interface['IPv6']); 200 $NewAddress->Prefix = IPV6_BIT_WIDTH; 201 InsertToAddressTreeIPv6($AddressTree, $NewAddress, $Name); 202 } 203 } 204 205 $DbResult2 = $this->Database->select('NetworkSubnet', '*', '(`Member`='.$Member['Id'].') AND (AddressRangeIPv6 != "")'); 206 while($Subnet = $DbResult2->fetch_assoc()) 207 { 208 $Subnet['Name'] = RouterOSIdent('subnet-'.$Subnet['Name']); 209 echo($Subnet['Name'].', '); 210 $NewAddress = new NetworkAddressIPv6(); 211 $NewAddress->AddressFromString($Subnet['AddressRangeIPv6']); 212 $NewAddress->Prefix = $Subnet['MaskIPv6']; 213 if($Subnet['Member'] != 0) $ForceMark = true; 214 else $ForceMark = false; 215 echo($ForceMark.', '); 216 InsertToAddressTreeIPv6($AddressTree, $NewAddress, $Subnet['Name'], false, $ForceMark); 217 } 218 echo("\n"); 219 } 220 221 ShowSubnetNode($AddressTree); 222 223 // Generate firewall rules 224 $ItemsFirewall = array(); 225 226 // Root of tree and main limit 227 $ItemsFirewall[] = array('chain' => 'forward', 'out-interface' => $InetInterface, 'dst-address' => '!2a00:e580:244::/48', 228 'action' => 'jump', 'jump-target' => 'inet-1-out', 'comment' => 'main-out'); 229 $ItemsFirewall[] = array('chain' => 'forward', 'in-interface' => $InetInterface, 'src-address' => '!2a00:e580:244::/48', 230 'action' => 'jump', 'jump-target' => 'inet-1-in', 'comment' => 'main-in'); 231 232 $this->ProcessNode($AddressTree); 233 234 // Limited free internet 235 $PacketMark = GetMarkByComment('free-out'); 236 $ItemsFirewall[] = array('chain' => 'inet-1-out', 'out-interface' => $InetInterface, 237 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'comment' => 'free-out', 'passthrough' => 'yes'); 238 $PacketMark = GetMarkByComment('free-in'); 239 $ItemsFirewall[] = array('chain' => 'inet-1-in', 'in-interface' => $InetInterface, 240 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'comment' => 'free-in', 'passthrough' => 'no'); 241 // Unregistred clients add to address list 242 $ItemsFirewall[] = array('chain' => 'inet-1-out', 'out-interface' => $InetInterface, 'src-address' => '2a00:e580:244::/48', 243 'action' => 'add-src-to-address-list', 'address-list' => 'unregistred', 'address-list-timeout' => '1d', 244 'comment' => 'unregistred-clients'); 245 246 //print_r($ItemsFirewall); 247 $Routerboard->ListUpdate($PathFirewall, array('chain', 'dst-address', 'in-interface', 'action', 'new-packet-mark', 248 'passthrough', 'comment', 'out-interface', 'src-address', 'jump-target'), $ItemsFirewall, array(), true); 249 } 145 250 } -
trunk/Packages/Common/Common.php
r869 r870 21 21 include_once(dirname(__FILE__).'/Process.php'); 22 22 include_once(dirname(__FILE__).'/Generics.php'); 23 include_once(dirname(__FILE__).'/BigInt.php'); 24 include_once(dirname(__FILE__).'/Int128.php'); 23 25 24 26 class PackageCommon -
trunk/Packages/Common/NetworkAddress.php
r746 r870 1 1 <?php 2 3 define('IPV4_BIT_WIDTH', 32); 2 4 3 5 class NetworkAddressIPv4 … … 14 16 function GetNetMask() 15 17 { 16 return( 0xffffffff ^ ((1 << (32- $this->Prefix)) - 1));18 return(((1 << IPV4_BIT_WIDTH) - 1) ^ ((1 << (IPV4_BIT_WIDTH - $this->Prefix)) - 1)); 17 19 } 18 20 … … 32 34 $From = new NetworkAddressIPv4(); 33 35 $From->Address = $this->Address; 34 $From->Prefix = 32;36 $From->Prefix = IPV4_BIT_WIDTH; 35 37 $HostMask = 0xffffffff ^ $this->GetNetMask(); 36 38 $To = new NetworkAddressIPv4(); 37 39 $To->Address = $From->Address + $HostMask; 38 $To->Prefix = 32;40 $To->Prefix = IPV4_BIT_WIDTH; 39 41 return(array('From' => $From, 'To' => $To)); 40 42 } … … 43 45 { 44 46 $this->Prefix = $NewPrefix; 45 if($this->Prefix > 32) $this->Prefix = 32;47 if($this->Prefix > IPV4_BIT_WIDTH) $this->Prefix = IPV4_BIT_WIDTH; 46 48 if($this->Prefix < 0) $this->Prefix = 0; 47 49 $this->Address = $this->Address & $this->GetNetMask(); … … 53 55 if(($this->Prefix < $Address->Prefix) and (($Address->Address & $UpperNetmask) == ($this->Address & $UpperNetmask))) $Result = true; 54 56 else $Result = false; 55 //echo($Address->AddressToString().'/'.$Address->Prefix.' in '.$this->AddressToString().'/'.$this->Prefix.' '.$Result."\n");56 57 return($Result); 57 58 } 58 59 } 60 61 define('IPV6_BIT_WIDTH', 128); 59 62 60 63 class NetworkAddressIPv6 … … 69 72 } 70 73 74 function GetNetMask() 75 { 76 return(Int128Xor(Int128Sub(Int128Shl(IntToInt128(1), IntToInt128(IPV6_BIT_WIDTH)), IntToInt128(1)), 77 Int128Sub(Int128Shl(IntToInt128(1), IntToInt128(IPV6_BIT_WIDTH - $this->Prefix)), IntToInt128(1)))); 78 } 79 71 80 function AddressToString() 72 81 { … … 77 86 { 78 87 $this->Address = inet_pton($Value); 88 } 89 90 function ChangePrefix($NewPrefix) 91 { 92 $this->Prefix = $NewPrefix; 93 if($this->Prefix > IPV6_BIT_WIDTH) $this->Prefix = IPV6_BIT_WIDTH; 94 if($this->Prefix < 0) $this->Prefix = 0; 95 $this->Address = Int128And($this->Address, $this->GetNetMask()); 79 96 } 80 97 … … 107 124 } 108 125 126 function Contain($Address) 127 { 128 $UpperNetmask = $this->GetNetMask(); 129 if(($this->Prefix < $Address->Prefix) and ((Int128Equal(Int128And($Address->Address, $UpperNetmask), Int128And($this->Address, $UpperNetmask))))) $Result = true; 130 else $Result = false; 131 return($Result); 132 } 109 133 }
Note:
See TracChangeset
for help on using the changeset viewer.