From: Peter Müller <peter.mueller@ipfire.org>
Date: Thu, 22 Apr 2021 20:20:00 +0000 (+0200)
Subject: fwhosts.cgi: properly fetch configured IPsec N2N subnets
X-Git-Tag: v2.27-core160~143
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6f36132e6890f4a423de2a0df14ccf3c720110c1;p=ipfire-2.x.git

fwhosts.cgi: properly fetch configured IPsec N2N subnets

Previously, the getcolor() function did not correctly process IPsec
N2N connections with more than one remote network configured, resulting
in networks mistakenly marked as being part of a VPN connection, or vice
versa.

Fixes: #11235

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---

diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
index 35611ac087..0da771a5a3 100644
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -1974,11 +1974,13 @@ sub getcolor
 		#Check if IP is part of a IPsec N2N network
 		foreach my $key (sort keys %ipsecconf){
 			if ($ipsecconf{$key}[11]){
-				my ($a,$b) = split("/",$ipsecconf{$key}[11]);
-				$b=&General::iporsubtodec($b);
-				if (&General::IpInSubnet($sip,$a,$b)){
-					$tdcolor="<font style='color: $Header::colourvpn;'>$c</font>";
-					return $tdcolor;
+				foreach my $ipsecsubitem (split(/\|/, $ipsecconf{$key}[11])) {
+					my ($a,$b) = split("/",$ipsecsubitem);
+					$b=&General::iporsubtodec($b);
+					if (&General::IpInSubnet($sip,$a,$b)){
+						$tdcolor="<font style='color: $Header::colourvpn;'>$c</font>";
+						return $tdcolor;
+					}
 				}
 			}
 		}