BUG11278: enable creation from subnets of internal networks

In firewallgroups it was not possible to create new networks that are subnets of
IPFire internal networks. Now this is possible for all internal networks.

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index 188bb7f8b6455209fe3c90a33816429807305681..081e4e3df8b921daeeac7476439b36bfbff44029 100644 (file)
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -553,10 +553,10 @@ sub check_net_internal{
        $cidr=&iporsubtocidr($cidr);
        #check if we use one of ipfire's networks (green,orange,blue)
        &readhash("${General::swroot}/ethernet/settings", \%ownnet);
-       if (($ownnet{'GREEN_NETADDRESS'}        ne '' && $ownnet{'GREEN_NETADDRESS'}    ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'GREEN_NETADDRESS'},&iporsubtodec($ownnet{'GREEN_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;}
-       if (($ownnet{'ORANGE_NETADDRESS'}       ne '' && $ownnet{'ORANGE_NETADDRESS'}   ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'ORANGE_NETADDRESS'},&iporsubtodec($ownnet{'ORANGE_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;}
-       if (($ownnet{'BLUE_NETADDRESS'}         ne '' && $ownnet{'BLUE_NETADDRESS'}     ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'BLUE_NETADDRESS'},&iporsubtodec($ownnet{'BLUE_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;}
-       if (($ownnet{'RED_NETADDRESS'}          ne '' && $ownnet{'RED_NETADDRESS'}              ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'RED_NETADDRESS'},&iporsubtodec($ownnet{'RED_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;}
+       if (($ownnet{'GREEN_NETADDRESS'}        ne '' && $ownnet{'GREEN_NETADDRESS'}    ne '0.0.0.0') && &Network::network_equal("$ownnet{'GREEN_NETADDRESS'}/$ownnet{'GREEN_NETMASK'}",$network)){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;}
+       if (($ownnet{'ORANGE_NETADDRESS'}       ne '' && $ownnet{'ORANGE_NETADDRESS'}   ne '0.0.0.0') && &Network::network_equal("$ownnet{'ORANGE_NETADDRESS'}/$ownnet{'ORANGE_NETMASK'}",$network)){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;}
+       if (($ownnet{'BLUE_NETADDRESS'}         ne '' && $ownnet{'BLUE_NETADDRESS'}     ne '0.0.0.0') && &Network::network_equal("$ownnet{'BLUE_NETADDRESS'}/$ownnet{'BLUE_NETMASK'}",$network)){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;}
+       if (($ownnet{'RED_NETADDRESS'}          ne '' && $ownnet{'RED_NETADDRESS'}      ne '0.0.0.0') && &Network::network_equal("$ownnet{'RED_NETADDRESS'}/$ownnet{'RED_NETMASK'}",$network)){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;}
 }
 
 sub validport

diff --git a/config/cfgroot/network-functions.pl b/config/cfgroot/network-functions.pl
index 70fa5ed356c9024573ab3005f7d8a9fb2efe5ac0..5559be5143212604dd50705780a5208e77089f8f 100644 (file)
--- a/config/cfgroot/network-functions.pl
+++ b/config/cfgroot/network-functions.pl
@@ -102,6 +102,19 @@ sub bin2ip($) {
        return $address;
 }
 
+#Takes two network addresses and compares them against each other
+#returns true if equal or false if not
+sub network_equal{
+       my $network1 = shift;
+       my $network2 = shift;
+       my $bin1 = &network2bin($network1);
+       my $bin2 = &network2bin($network2);
+       if ($bin1 eq $bin2){
+               return 1;
+       }
+       return 0;
+}
+
 # Takes a network in either a.b.c.d/a.b.c.d or a.b.c.d/e notation
 # and will return an 32 bit integer representing the start
 # address and an other one representing the network mask.