| Message ID | 20180214193522.26880-5-berny156@gmx.de |
|---|---|
| State | Dropped |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.i.ipfire.org (Postfix) with ESMTP id F2AF960C10 for <patchwork@web02.i.ipfire.org>; Wed, 14 Feb 2018 20:36:04 +0100 (CET) X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 98489108B8B9; Wed, 14 Feb 2018 19:36:09 +0000 (GMT) Authentication-Results: mail01.ipfire.org; dmarc=none (p=none dis=none) header.from=gmx.de Authentication-Results: mail01.ipfire.org; spf=pass smtp.mailfrom=development-bounces@lists.ipfire.org X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 061FC1063DF9 for <development@lists.ipfire.org>; Wed, 14 Feb 2018 19:35:54 +0000 (GMT) Authentication-Results: mail01.ipfire.org; dmarc=none (p=none dis=none) header.from=gmx.de Authentication-Results: mail01.ipfire.org; spf=pass smtp.mailfrom=berny156@gmx.de Received: from quad.berny.local ([46.244.233.56]) by mail.gmx.com (mrgmx001 [212.227.17.190]) with ESMTPSA (Nemesis) id 0Lt2BW-1efwxa2J6w-012VIQ for <development@lists.ipfire.org>; Wed, 14 Feb 2018 20:35:32 +0100 From: Bernhard Held <berny156@gmx.de> To: development@lists.ipfire.org Subject: [PATCH v3 4/4] proxy.cgi: fix subnet comparison for proxy.pac generation Date: Wed, 14 Feb 2018 20:35:22 +0100 Message-Id: <20180214193522.26880-5-berny156@gmx.de> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180214193522.26880-1-berny156@gmx.de> References: <20180214193522.26880-1-berny156@gmx.de> X-Provags-ID: V03:K0:Cuxg0fhiJKFbUeX339gC9gPWaF3/0NqULD10qUxhg3aDzsNMVST UVa7Fr8GjIVAqnSnUzrVcSaI6SaXk7UvA5srzTffbyUScgLoIKsEo4XxyjeV38bqEQIxdts ZCox2aPUB5t7Sw9dO8chKLXhOWm7OL9R00Uvj1IQi2P9v3nuoIUWTe4sZQ7uZ3J248rOZuG bhOlEnJlXc9oO/94+9/ow== X-UI-Out-Filterresults: notjunk:1; V01:K0:QQYJdDLz7Ls=:Dtb9qoj85OXQDPF6EriWBz sgb63bqZFCwW2PiJKMtcqGJfWUTBNWOlj5Ae9dYkKi7Jud+/JEvA/P0muv/M6ALr2BTBqm8We /kkVKggRxDN59RK9mJGDsXqKugYGFn3H2rLEK4obJMSaJZsnyfLCoL4PniujB0ffKAA0778II kh9WB8QhFVji0MJIcxBVonialnyT2734xOVmwikUFQgkssWv+cEQamqcA78nWa2dmEPH45m2j 0Cd1AbP0Zhx6FSfp/h5iyh/sjqojWsIrwJln7YB6IJVmDCwosgI1vWbvdzMwiPM5Ljvz+Dcdo 7Jr693ck3AJu+iPmphZ6qjhqPlkTYiByL5BBA7CiedSwNcyMCzC/CEpPvqAP19GXQi8yjgVns 1DHUg5XTJHjPRCcFcBsAfScbzQcLehdBuWUZPfoL8LDaEKbcOGB80NU1XTohA3tCTRxT0lJ1A 0lEFgwCZLrE3dLnFVHSIXaIpTXW2Nn+yMCsCdt+qQm4RmGRDDj0VaBp8dP+Peu5Sr8zmIudcp /hpI5Xn3G6vH11oGJlcMJXVx+/pqt7ZdyGIXOhFzWZq9UJkL1lXrUuPQU/BJjxYV+X6nuzJWQ TBG/SgYyUE/h9T5BMGIy4HHtYYVUiBYYYD4oLQdDWVV83jAiIJyLeyGIiOipl/HFN68F+gZVs CtgQiPsXOzIKSyqW+Ajr3KCGlxuEDr/VduQXcTScp9aPH/y7TPDal03DXFdd46/CT9Zq4j12D y8vktRm6QPSFtC5+YVZCiiZfqkijcHX1jICglNwm0hxmzThUomJ2T4l7dabd8GKRCXFdU37AW wLaPmAJZOUqJbmzWczw4w5XFU5Syw== X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <https://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
proxy.cgi fixes for bugzilla #10852
|
|
Commit Message
Bernhard Held
Feb. 15, 2018, 6:35 a.m. UTC
The logic of subnet comparison is broken. E.g. if the blue netmask is 255.255.255.0, it's impossible to add a VPN subnet with the same netmask. The fix simplifies the logic by using Network::network_equal. --- html/cgi-bin/proxy.cgi | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)
Comments
Hi, On Wed, 2018-02-14 at 20:35 +0100, Bernhard Held wrote: > The logic of subnet comparison is broken. E.g. if the blue netmask is > 255.255.255.0, it's impossible to add a VPN subnet with the same netmask. > The fix simplifies the logic by using Network::network_equal. > --- > html/cgi-bin/proxy.cgi | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > index d565ffbdc..d641c3df9 100644 > --- a/html/cgi-bin/proxy.cgi > +++ b/html/cgi-bin/proxy.cgi > @@ -3066,9 +3066,10 @@ END > foreach (@templist) > { > @temp = split(/\//); > - if ( > - ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) && > - ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'}) > + unless ( > + # GREEN or BLUE networks are already added to "DIRECT". Check if given network is different from these. > + &Network::network_equal("$temp[0]/$temp[1]", "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}") || > + &Network::network_equal("$temp[0]/$temp[1]", "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}") > ) > { > print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))"; Strictly, this should be checking if the network in question is either the GREEN or BLUE network, or if it is a subnet of thereof. This might be a not so common use-case, but it would make the check more correct. -Michael
> Michael Tremer <michael.tremer@ipfire.org> hat am 14. Februar 2018 um 23:14 geschrieben: > On Wed, 2018-02-14 at 20:35 +0100, Bernhard Held wrote: > > The logic of subnet comparison is broken. E.g. if the blue netmask is > > 255.255.255.0, it's impossible to add a VPN subnet with the same netmask. > > The fix simplifies the logic by using Network::network_equal. > > --- > > html/cgi-bin/proxy.cgi | 7 ++++--- > > 1 file changed, 4 insertions(+), 3 deletions(-) > > > > diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > > index d565ffbdc..d641c3df9 100644 > > --- a/html/cgi-bin/proxy.cgi > > +++ b/html/cgi-bin/proxy.cgi > > @@ -3066,9 +3066,10 @@ END > > foreach (@templist) > > { > > @temp = split(/\//); > > - if ( > > - ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) && > > - ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'}) > > + unless ( > > + # GREEN or BLUE networks are already added to "DIRECT". Check if given network is different from these. > > + &Network::network_equal("$temp[0]/$temp[1]", "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}") || > > + &Network::network_equal("$temp[0]/$temp[1]", "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}") > > ) > > { > > print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))"; > > Strictly, this should be checking if the network in question is either > the GREEN or BLUE network, or if it is a subnet of thereof. This might > be a not so common use-case, but it would make the check more correct. I'm sorry, that's beyond my mission. I'm just striving to get my 2.5 year old bug report closed and that's it. I'm actually not even running a single IPFire instance, thus I feel unable to invest time in any feature enhancement. Regards, Bernhard
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index d565ffbdc..d641c3df9 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3066,9 +3066,10 @@ END foreach (@templist) { @temp = split(/\//); - if ( - ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) && - ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'}) + unless ( + # GREEN or BLUE networks are already added to "DIRECT". Check if given network is different from these. + &Network::network_equal("$temp[0]/$temp[1]", "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}") || + &Network::network_equal("$temp[0]/$temp[1]", "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}") ) { print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))";