From: Bernhard Held <berny156@gmx.de>
To: development@lists.ipfire.org
Subject: Re: [PATCH v3 4/4] proxy.cgi: fix subnet comparison for proxy.pac generation
Date: Thu, 15 Feb 2018 08:15:28 +0100 [thread overview]
Message-ID: <1348368190.27730.1518678929352@communicator.strato.de> (raw)
In-Reply-To: <1518646445.6463.6.camel@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 1958 bytes --]
> Michael Tremer <michael.tremer(a)ipfire.org> hat am 14. Februar 2018 um 23:14 geschrieben:
> On Wed, 2018-02-14 at 20:35 +0100, Bernhard Held wrote:
> > The logic of subnet comparison is broken. E.g. if the blue netmask is
> > 255.255.255.0, it's impossible to add a VPN subnet with the same netmask.
> > The fix simplifies the logic by using Network::network_equal.
> > ---
> > html/cgi-bin/proxy.cgi | 7 ++++---
> > 1 file changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
> > index d565ffbdc..d641c3df9 100644
> > --- a/html/cgi-bin/proxy.cgi
> > +++ b/html/cgi-bin/proxy.cgi
> > @@ -3066,9 +3066,10 @@ END
> > foreach (@templist)
> > {
> > @temp = split(/\//);
> > - if (
> > - ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) &&
> > - ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'})
> > + unless (
> > + # GREEN or BLUE networks are already added to "DIRECT". Check if given network is different from these.
> > + &Network::network_equal("$temp[0]/$temp[1]", "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}") ||
> > + &Network::network_equal("$temp[0]/$temp[1]", "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}")
> > )
> > {
> > print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))";
>
> Strictly, this should be checking if the network in question is either
> the GREEN or BLUE network, or if it is a subnet of thereof. This might
> be a not so common use-case, but it would make the check more correct.
I'm sorry, that's beyond my mission. I'm just striving to get my 2.5 year old bug report closed and that's it. I'm actually not even running a single IPFire instance, thus I feel unable to invest time in any feature enhancement.
Regards,
Bernhard
prev parent reply other threads:[~2018-02-15 7:15 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-14 19:35 [PATCH v3 0/4] proxy.cgi fixes for bugzilla #10852 Bernhard Held
2018-02-14 19:35 ` [PATCH v3 1/4] Network::network_equal: fix check if array is fully defined Bernhard Held
2018-02-14 22:11 ` Michael Tremer
2018-02-14 19:35 ` [PATCH v3 2/4] Network::network2bin: return an empty list in case of error Bernhard Held
2018-02-14 22:12 ` Michael Tremer
2018-02-14 22:59 ` Aw: " Bernhard Bitsch
2018-02-14 19:35 ` [PATCH v3 3/4] proxy.cgi: strip newline from subnet parameters Bernhard Held
2018-02-14 23:14 ` Aw: " Bernhard Bitsch
2018-02-15 6:38 ` Bernhard Held
2018-02-14 19:35 ` [PATCH v3 4/4] proxy.cgi: fix subnet comparison for proxy.pac generation Bernhard Held
2018-02-14 22:14 ` Michael Tremer
2018-02-15 7:15 ` Bernhard Held [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1348368190.27730.1518678929352@communicator.strato.de \
--to=berny156@gmx.de \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox