fwhosts.cgi: properly fetch configured IPsec N2N subnets
Commit Message
Previously, the getcolor() function did not correctly process IPsec
N2N connections with more than one remote network configured, resulting
in networks mistakenly marked as being part of a VPN connection, or vice
versa.
Fixes: #11235
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
html/cgi-bin/fwhosts.cgi | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
Comments
Hello Peter,
I've reviewed and tested your patch and it seems to fix the issue.
Thanks for working and submitting it.
Best regards,
-Stefan
Acked-by: Stefan Schantl <stefan.schantl@ipfire.org>
> Previously, the getcolor() function did not correctly process IPsec
> N2N connections with more than one remote network configured,
> resulting
> in networks mistakenly marked as being part of a VPN connection, or
> vice
> versa.
>
> Fixes: #11235
>
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> ---
> html/cgi-bin/fwhosts.cgi | 12 +++++++-----
> 1 file changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
> index 84b018459..648fc7c8e 100644
> --- a/html/cgi-bin/fwhosts.cgi
> +++ b/html/cgi-bin/fwhosts.cgi
> @@ -1974,11 +1974,13 @@ sub getcolor
> #Check if IP is part of a IPsec N2N network
> foreach my $key (sort keys %ipsecconf){
> if ($ipsecconf{$key}[11]){
> - my ($a,$b) =
> split("/",$ipsecconf{$key}[11]);
> - $b=&General::iporsubtodec($b);
> - if
> (&General::IpInSubnet($sip,$a,$b)){
> - $tdcolor="<font style='color:
> $Header::colourvpn;'>$c</font>";
> - return $tdcolor;
> + foreach my $ipsecsubitem (split(/\|/,
> $ipsecconf{$key}[11])) {
> + my ($a,$b) =
> split("/",$ipsecsubitem);
> + $b=&General::iporsubtodec($b)
> ;
> + if
> (&General::IpInSubnet($sip,$a,$b)){
> + $tdcolor="<font
> style='color: $Header::colourvpn;'>$c</font>";
> + return $tdcolor;
> + }
> }
> }
> }
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
> On 22 Apr 2021, at 21:20, Peter Müller <peter.mueller@ipfire.org> wrote:
>
> Previously, the getcolor() function did not correctly process IPsec
> N2N connections with more than one remote network configured, resulting
> in networks mistakenly marked as being part of a VPN connection, or vice
> versa.
>
> Fixes: #11235
>
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> ---
> html/cgi-bin/fwhosts.cgi | 12 +++++++-----
> 1 file changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
> index 84b018459..648fc7c8e 100644
> --- a/html/cgi-bin/fwhosts.cgi
> +++ b/html/cgi-bin/fwhosts.cgi
> @@ -1974,11 +1974,13 @@ sub getcolor
> #Check if IP is part of a IPsec N2N network
> foreach my $key (sort keys %ipsecconf){
> if ($ipsecconf{$key}[11]){
> - my ($a,$b) = split("/",$ipsecconf{$key}[11]);
> - $b=&General::iporsubtodec($b);
> - if (&General::IpInSubnet($sip,$a,$b)){
> - $tdcolor="<font style='color: $Header::colourvpn;'>$c</font>";
> - return $tdcolor;
> + foreach my $ipsecsubitem (split(/\|/, $ipsecconf{$key}[11])) {
> + my ($a,$b) = split("/",$ipsecsubitem);
> + $b=&General::iporsubtodec($b);
> + if (&General::IpInSubnet($sip,$a,$b)){
> + $tdcolor="<font style='color: $Header::colourvpn;'>$c</font>";
> + return $tdcolor;
> + }
> }
> }
> }
> --
> 2.26.2
@@ -1974,11 +1974,13 @@ sub getcolor
#Check if IP is part of a IPsec N2N network
foreach my $key (sort keys %ipsecconf){
if ($ipsecconf{$key}[11]){
- my ($a,$b) = split("/",$ipsecconf{$key}[11]);
- $b=&General::iporsubtodec($b);
- if (&General::IpInSubnet($sip,$a,$b)){
- $tdcolor="<font style='color: $Header::colourvpn;'>$c</font>";
- return $tdcolor;
+ foreach my $ipsecsubitem (split(/\|/, $ipsecconf{$key}[11])) {
+ my ($a,$b) = split("/",$ipsecsubitem);
+ $b=&General::iporsubtodec($b);
+ if (&General::IpInSubnet($sip,$a,$b)){
+ $tdcolor="<font style='color: $Header::colourvpn;'>$c</font>";
+ return $tdcolor;
+ }
}
}
}