From ca03e34c0f4b533093234d9a4204e46c5b8db537 Mon Sep 17 00:00:00 2001 From: Alexander Marx Date: Tue, 10 Jan 2017 14:56:39 +0100 Subject: [PATCH] BUG11278: enable creation from subnets of internal networks In firewallgroups it was not possible to create new networks that are subnets of IPFire internal networks. Now this is possible for all internal networks. Signed-off-by: Alexander Marx --- config/cfgroot/general-functions.pl | 8 ++++---- config/cfgroot/network-functions.pl | 13 +++++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 188bb7f8b..081e4e3df 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -553,10 +553,10 @@ sub check_net_internal{ $cidr=&iporsubtocidr($cidr); #check if we use one of ipfire's networks (green,orange,blue) &readhash("${General::swroot}/ethernet/settings", \%ownnet); - if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'GREEN_NETADDRESS'},&iporsubtodec($ownnet{'GREEN_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;} - if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'ORANGE_NETADDRESS'},&iporsubtodec($ownnet{'ORANGE_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;} - if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'BLUE_NETADDRESS'},&iporsubtodec($ownnet{'BLUE_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;} - if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'RED_NETADDRESS'},&iporsubtodec($ownnet{'RED_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;} + if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &Network::network_equal("$ownnet{'GREEN_NETADDRESS'}/$ownnet{'GREEN_NETMASK'}",$network)){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;} + if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &Network::network_equal("$ownnet{'ORANGE_NETADDRESS'}/$ownnet{'ORANGE_NETMASK'}",$network)){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;} + if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &Network::network_equal("$ownnet{'BLUE_NETADDRESS'}/$ownnet{'BLUE_NETMASK'}",$network)){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;} + if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &Network::network_equal("$ownnet{'RED_NETADDRESS'}/$ownnet{'RED_NETMASK'}",$network)){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;} } sub validport diff --git a/config/cfgroot/network-functions.pl b/config/cfgroot/network-functions.pl index 70fa5ed35..5559be514 100644 --- a/config/cfgroot/network-functions.pl +++ b/config/cfgroot/network-functions.pl @@ -102,6 +102,19 @@ sub bin2ip($) { return $address; } +#Takes two network addresses and compares them against each other +#returns true if equal or false if not +sub network_equal{ + my $network1 = shift; + my $network2 = shift; + my $bin1 = &network2bin($network1); + my $bin2 = &network2bin($network2); + if ($bin1 eq $bin2){ + return 1; + } + return 0; +} + # Takes a network in either a.b.c.d/a.b.c.d or a.b.c.d/e notation # and will return an 32 bit integer representing the start # address and an other one representing the network mask. -- 2.47.2