From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 31 May 2017 17:47:14 +0000 (+0200)
Subject: route: Don't allow creating routes with the gateway inside the routed network
X-Git-Tag: 009~252
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4a7c3c0290bd98cab247f5d75ca8e2c73c3cc091;p=network.git

route: Don't allow creating routes with the gateway inside the routed network

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/functions/functions.ip b/src/functions/functions.ip
index f8ffff70..97750e36 100644
--- a/src/functions/functions.ip
+++ b/src/functions/functions.ip
@@ -126,6 +126,12 @@ ip_get_network() {
 	inetcalc -n $@ && return ${EXIT_OK} || return ${EXIT_ERROR}
 }
 
+ip_network_is_subset_of() {
+	assert [ $# -eq 2 ]
+
+	inetcalc -s $@ && return ${EXIT_TRUE} || return ${EXIT_FALSE}
+}
+
 ip_address_add() {
 	local device=${1}
 	local address=${2}
diff --git a/src/functions/functions.route b/src/functions/functions.route
index 026656c1..98c3e934 100644
--- a/src/functions/functions.route
+++ b/src/functions/functions.route
@@ -96,6 +96,12 @@ route_add() {
 			return ${EXIT_ERROR}
 		fi
 
+		# Check if the gateway is part of the statically routed network
+		if ip_network_is_subset_of ${gateway} ${network}; then
+			error "The gateway is in the routed network"
+			return ${EXIT_ERROR}
+		fi
+
 		local network_proto=$(ip_detect_protocol ${network})
 		assert isset network_proto
 
@@ -309,6 +315,11 @@ route_parse_line() {
 
 		# Must be a valid IP address.
 		ip_is_valid ${gateway} || return ${EXIT_ERROR}
+
+		# Check if the gateway is part of the statically routed network
+		if ip_network_is_subset_of ${gateway} ${network}; then
+			return ${EXIT_ERROR}
+		fi
 	else
 		# Check if exactly one of unreachable, prohibit or blackhole is set.
 		local counter=$(list_count true ${unreachable} ${prohibit} ${blackhole})