From patchwork Thu Feb 15 06:35:22 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bernhard Held X-Patchwork-Id: 1665 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.i.ipfire.org (Postfix) with ESMTP id F2AF960C10 for ; Wed, 14 Feb 2018 20:36:04 +0100 (CET) X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 98489108B8B9; Wed, 14 Feb 2018 19:36:09 +0000 (GMT) Authentication-Results: mail01.ipfire.org; dmarc=none (p=none dis=none) header.from=gmx.de Authentication-Results: mail01.ipfire.org; spf=pass smtp.mailfrom=development-bounces@lists.ipfire.org X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 061FC1063DF9 for ; Wed, 14 Feb 2018 19:35:54 +0000 (GMT) Authentication-Results: mail01.ipfire.org; dmarc=none (p=none dis=none) header.from=gmx.de Authentication-Results: mail01.ipfire.org; spf=pass smtp.mailfrom=berny156@gmx.de Received: from quad.berny.local ([46.244.233.56]) by mail.gmx.com (mrgmx001 [212.227.17.190]) with ESMTPSA (Nemesis) id 0Lt2BW-1efwxa2J6w-012VIQ for ; Wed, 14 Feb 2018 20:35:32 +0100 From: Bernhard Held To: development@lists.ipfire.org Subject: [PATCH v3 4/4] proxy.cgi: fix subnet comparison for proxy.pac generation Date: Wed, 14 Feb 2018 20:35:22 +0100 Message-Id: <20180214193522.26880-5-berny156@gmx.de> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180214193522.26880-1-berny156@gmx.de> References: <20180214193522.26880-1-berny156@gmx.de> X-Provags-ID: V03:K0:Cuxg0fhiJKFbUeX339gC9gPWaF3/0NqULD10qUxhg3aDzsNMVST UVa7Fr8GjIVAqnSnUzrVcSaI6SaXk7UvA5srzTffbyUScgLoIKsEo4XxyjeV38bqEQIxdts ZCox2aPUB5t7Sw9dO8chKLXhOWm7OL9R00Uvj1IQi2P9v3nuoIUWTe4sZQ7uZ3J248rOZuG bhOlEnJlXc9oO/94+9/ow== X-UI-Out-Filterresults: notjunk:1; V01:K0:QQYJdDLz7Ls=:Dtb9qoj85OXQDPF6EriWBz sgb63bqZFCwW2PiJKMtcqGJfWUTBNWOlj5Ae9dYkKi7Jud+/JEvA/P0muv/M6ALr2BTBqm8We /kkVKggRxDN59RK9mJGDsXqKugYGFn3H2rLEK4obJMSaJZsnyfLCoL4PniujB0ffKAA0778II kh9WB8QhFVji0MJIcxBVonialnyT2734xOVmwikUFQgkssWv+cEQamqcA78nWa2dmEPH45m2j 0Cd1AbP0Zhx6FSfp/h5iyh/sjqojWsIrwJln7YB6IJVmDCwosgI1vWbvdzMwiPM5Ljvz+Dcdo 7Jr693ck3AJu+iPmphZ6qjhqPlkTYiByL5BBA7CiedSwNcyMCzC/CEpPvqAP19GXQi8yjgVns 1DHUg5XTJHjPRCcFcBsAfScbzQcLehdBuWUZPfoL8LDaEKbcOGB80NU1XTohA3tCTRxT0lJ1A 0lEFgwCZLrE3dLnFVHSIXaIpTXW2Nn+yMCsCdt+qQm4RmGRDDj0VaBp8dP+Peu5Sr8zmIudcp /hpI5Xn3G6vH11oGJlcMJXVx+/pqt7ZdyGIXOhFzWZq9UJkL1lXrUuPQU/BJjxYV+X6nuzJWQ TBG/SgYyUE/h9T5BMGIy4HHtYYVUiBYYYD4oLQdDWVV83jAiIJyLeyGIiOipl/HFN68F+gZVs CtgQiPsXOzIKSyqW+Ajr3KCGlxuEDr/VduQXcTScp9aPH/y7TPDal03DXFdd46/CT9Zq4j12D y8vktRm6QPSFtC5+YVZCiiZfqkijcHX1jICglNwm0hxmzThUomJ2T4l7dabd8GKRCXFdU37AW wLaPmAJZOUqJbmzWczw4w5XFU5Syw== X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" The logic of subnet comparison is broken. E.g. if the blue netmask is 255.255.255.0, it's impossible to add a VPN subnet with the same netmask. The fix simplifies the logic by using Network::network_equal. --- html/cgi-bin/proxy.cgi | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index d565ffbdc..d641c3df9 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3066,9 +3066,10 @@ END foreach (@templist) { @temp = split(/\//); - if ( - ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) && - ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'}) + unless ( + # GREEN or BLUE networks are already added to "DIRECT". Check if given network is different from these. + &Network::network_equal("$temp[0]/$temp[1]", "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}") || + &Network::network_equal("$temp[0]/$temp[1]", "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}") ) { print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))";