route: Don't allow creating routes with the gateway inside the routed network

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/functions/functions.ip b/src/functions/functions.ip
index f8ffff7044a170d610402f96b80659fdf14596ed..97750e36b2fc6c980c703458c8d9f79df3eff587 100644 (file)
--- a/src/functions/functions.ip
+++ b/src/functions/functions.ip
@@ -126,6 +126,12 @@ ip_get_network() {
        inetcalc -n $@ && return ${EXIT_OK} || return ${EXIT_ERROR}
 }
 
+ip_network_is_subset_of() {
+       assert [ $# -eq 2 ]
+
+       inetcalc -s $@ && return ${EXIT_TRUE} || return ${EXIT_FALSE}
+}
+
 ip_address_add() {
        local device=${1}
        local address=${2}

diff --git a/src/functions/functions.route b/src/functions/functions.route
index 026656c1c3e3f17d8c037015f019d414b53318a2..98c3e934babd2540bb570e05f646bc5dd20c8263 100644 (file)
--- a/src/functions/functions.route
+++ b/src/functions/functions.route
@@ -96,6 +96,12 @@ route_add() {
                        return ${EXIT_ERROR}
                fi
 
+               # Check if the gateway is part of the statically routed network
+               if ip_network_is_subset_of ${gateway} ${network}; then
+                       error "The gateway is in the routed network"
+                       return ${EXIT_ERROR}
+               fi
+
                local network_proto=$(ip_detect_protocol ${network})
                assert isset network_proto
 
@@ -309,6 +315,11 @@ route_parse_line() {
 
                # Must be a valid IP address.
                ip_is_valid ${gateway} || return ${EXIT_ERROR}
+
+               # Check if the gateway is part of the statically routed network
+               if ip_network_is_subset_of ${gateway} ${network}; then
+                       return ${EXIT_ERROR}
+               fi
        else
                # Check if exactly one of unreachable, prohibit or blackhole is set.
                local counter=$(list_count true ${unreachable} ${prohibit} ${blackhole})