From patchwork Tue Feb 13 09:19:32 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bernhard Held X-Patchwork-Id: 1657 Return-Path: Received: from mail01.ipfire.org (mail01.ipfire.org [IPv6:2001:470:7183:25::1]) by web02.i.ipfire.org (Postfix) with ESMTP id AE80561921 for ; Mon, 12 Feb 2018 23:20:21 +0100 (CET) X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 90A011018AFF; Mon, 12 Feb 2018 22:20:23 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 mail01.ipfire.org 90A011018AFF Authentication-Results: mail01.ipfire.org; dmarc=none (p=none dis=none) header.from=gmx.de Authentication-Results: mail01.ipfire.org; spf=pass smtp.mailfrom=development-bounces@lists.ipfire.org X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id D8F3B1140A3D for ; Mon, 12 Feb 2018 22:19:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 mail01.ipfire.org D8F3B1140A3D Authentication-Results: mail01.ipfire.org; dmarc=none (p=none dis=none) header.from=gmx.de Authentication-Results: mail01.ipfire.org; spf=pass smtp.mailfrom=berny156@gmx.de Received: from quad.berny.local ([46.244.228.114]) by mail.gmx.com (mrgmx003 [212.227.17.190]) with ESMTPSA (Nemesis) id 0MLujU-1et3Xq0IFo-007hRe for ; Mon, 12 Feb 2018 23:19:38 +0100 From: Bernhard Held To: development@lists.ipfire.org Subject: [PATCH v2 4/4] proxy.cgi: fix subnet comparison for proxy.pac generation Date: Mon, 12 Feb 2018 23:19:32 +0100 Message-Id: <20180212221932.29122-5-berny156@gmx.de> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180212221932.29122-1-berny156@gmx.de> References: <20180212221932.29122-1-berny156@gmx.de> X-Provags-ID: V03:K0:7zO9ZWGM6SBLQPCahmUVPvLDrpWWAWG0cuHpilS1bGC09cc6ikx XE9Oo1GeGQ3JgapmiO3xtlEFPxMC+VjWffs2fgIiIBOF8HyCqrJrChUH0htDsMn+AIt3tgU 8WRXiFyeUGN9wIiRPWrryMhn9WbinjbjjgxY0XXsjXK2DO3uOby4F0N+KOwaxXi5EisdoDO tQ6eUyMmD7tsqJG3y2D4Q== X-UI-Out-Filterresults: notjunk:1; V01:K0:ktAWzCpBtzs=:Am7iEqGHdlTg5bBaYuUVg3 BcozFj3/Ef1KcxPXfdg8c16IDIfUvG9GmjC2xHaA7EziKoDoURQPzSjs8ACALnd3DBQ4fvHQb JmmvtchIkxFCi8kL6f4I77Rxc0Kvb9Fe0/W1LET5JgkMf7kyWpqJs4rHBVPWYNO4eMfKpfcEc vo/Ar0DTTiVsW0M41JP1LlA7kvy+0HGG5OzhOuzvMR2cePSuA6ZnF7gJuK4ss7q9VLjYziecr xDyBwKAmZpXgir0nL62Do5kgDmQ1tNhEuP1Pfk/+tnluG2vxGtE3URuOFD3rTWBdEWg7pEL4D Gvbx1+5F2Ch/N+cwx2tf8Yabop6psWv8+3xL7u+bzcMLhLEC7rFIi1PxrTeShgIxRbn0nHYBy h548CNaEAsdYC22/Va6zqv51AlHDRpbKIvhQsVJKiWoX8X7KMcVaZaWdQ6ruUJB/a/FcE5xTL jT2kjDUK+qPcIGLBYB/CAGAPZ6RO5Xluk9T15WVGrXz/RghOQTV0qDmTAzJy3R/UyGMB5IAWL 49Ef3O4IEhZu/kJpffWEG4zPTsktMI6ohnLBrIM77UGQTG426td53wzb3FEf4VtWr176oP4qa jtCM3rrj+YWS/AH77YlVKr2ul7jTp/+6LWMEOwKJnIeHSrdn2ja6BD/9sRFjPTQeO04oHuYLs bqv+S9bhMwTn5ZiUKSOSc/s/H++Aa+FGqoqx7bQ3FkV4I2GYqbha9SXLIwHJCSYQdpa4PLrVu /6cffUC8CiICHuo/HrNP+yfwqpFm4n3pKWbbj7e2MxaJ/cJwFEhzlEpAlWELdEevktPsQcpTo sNJp/iZ+EogwdzvOL7IMGT70IDtBA== X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" The logic of subnet comparison is broken. E.g. if the blue netmask is 255.255.255.0, it's impossible to add a VPN subnet with the same netmask. The fix simplifies the logic by using Network::network_equal. --- html/cgi-bin/proxy.cgi | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index ea3b41126..df436595b 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3065,9 +3065,10 @@ END { @temp = split(/\//); chomp $temp[1]; - if ( - ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) && - ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'}) + unless ( + # GREEN or BLUE networks are already added to "DIRECT". Check if given network is different from these. + &Network::network_equal("$temp[0]/$temp[1]", "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}") || + &Network::network_equal("$temp[0]/$temp[1]", "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}") ) { print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))";