From ff6cc71107ae50e913c87a9bc77b3af4b31ec932 Mon Sep 17 00:00:00 2001 From: Alexander Marx Date: Tue, 10 Jan 2017 15:13:58 +0100 Subject: [PATCH] BUG11278: enable creation from subnets of internal networks In firewallgroups it was not possible to create new networks that are subnets of IPFire internal networks. Now this is possible for all internal networks. Signed-off-by: Alexander Marx Signed-off-by: Michael Tremer --- config/cfgroot/general-functions.pl | 8 ++++---- config/cfgroot/network-functions.pl | 13 +++++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 188bb7f8b6..081e4e3df8 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -553,10 +553,10 @@ sub check_net_internal{ $cidr=&iporsubtocidr($cidr); #check if we use one of ipfire's networks (green,orange,blue) &readhash("${General::swroot}/ethernet/settings", \%ownnet); - if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'GREEN_NETADDRESS'},&iporsubtodec($ownnet{'GREEN_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;} - if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'ORANGE_NETADDRESS'},&iporsubtodec($ownnet{'ORANGE_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;} - if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'BLUE_NETADDRESS'},&iporsubtodec($ownnet{'BLUE_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;} - if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'RED_NETADDRESS'},&iporsubtodec($ownnet{'RED_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;} + if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &Network::network_equal("$ownnet{'GREEN_NETADDRESS'}/$ownnet{'GREEN_NETMASK'}",$network)){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;} + if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &Network::network_equal("$ownnet{'ORANGE_NETADDRESS'}/$ownnet{'ORANGE_NETMASK'}",$network)){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;} + if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &Network::network_equal("$ownnet{'BLUE_NETADDRESS'}/$ownnet{'BLUE_NETMASK'}",$network)){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;} + if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &Network::network_equal("$ownnet{'RED_NETADDRESS'}/$ownnet{'RED_NETMASK'}",$network)){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;} } sub validport diff --git a/config/cfgroot/network-functions.pl b/config/cfgroot/network-functions.pl index 70fa5ed356..5559be5143 100644 --- a/config/cfgroot/network-functions.pl +++ b/config/cfgroot/network-functions.pl @@ -102,6 +102,19 @@ sub bin2ip($) { return $address; } +#Takes two network addresses and compares them against each other +#returns true if equal or false if not +sub network_equal{ + my $network1 = shift; + my $network2 = shift; + my $bin1 = &network2bin($network1); + my $bin2 = &network2bin($network2); + if ($bin1 eq $bin2){ + return 1; + } + return 0; +} + # Takes a network in either a.b.c.d/a.b.c.d or a.b.c.d/e notation # and will return an 32 bit integer representing the start # address and an other one representing the network mask. -- 2.39.5