From mboxrd@z Thu Jan  1 00:00:00 1970
From: Bernhard Held <berny156@gmx.de>
To: development@lists.ipfire.org
Subject:
 Re: [PATCH v3 4/4] proxy.cgi: fix subnet comparison for proxy.pac generation
Date: Thu, 15 Feb 2018 08:15:28 +0100
Message-ID: <1348368190.27730.1518678929352@communicator.strato.de>
In-Reply-To: <1518646445.6463.6.camel@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5432406400774186183=="
List-Id: <development.lists.ipfire.org>

--===============5432406400774186183==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

> Michael Tremer <michael.tremer(a)ipfire.org> hat am 14. Februar 2018 um 23:=
14 geschrieben:
> On Wed, 2018-02-14 at 20:35 +0100, Bernhard Held wrote:
> > The logic of subnet comparison is broken. E.g. if the blue netmask is
> > 255.255.255.0, it's impossible to add a VPN subnet with the same netmask.
> > The fix simplifies the logic by using Network::network_equal.
> > ---
> >  html/cgi-bin/proxy.cgi | 7 ++++---
> >  1 file changed, 4 insertions(+), 3 deletions(-)
> >=20
> > diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
> > index d565ffbdc..d641c3df9 100644
> > --- a/html/cgi-bin/proxy.cgi
> > +++ b/html/cgi-bin/proxy.cgi
> > @@ -3066,9 +3066,10 @@ END
> >  			foreach (@templist)
> >  			{
> >  				@temp =3D split(/\//);
> > -				if (
> > -					($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $net=
settings{'GREEN_NETMASK'}) &&
> > -					($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $nets=
ettings{'BLUE_NETMASK'})
> > +				unless (
> > +					# GREEN or BLUE networks are already added to "DIRECT". Check if gi=
ven network is different from these.
> > +					&Network::network_equal("$temp[0]/$temp[1]", "$netsettings{'GREEN_N=
ETADDRESS'}/$netsettings{'GREEN_NETMASK'}") ||
> > +					&Network::network_equal("$temp[0]/$temp[1]", "$netsettings{'BLUE_NE=
TADDRESS'}/$netsettings{'BLUE_NETMASK'}")
> >  					)
> >  				{
> >  					print FILE " ||\n     (isInNet(myIpAddress(), \"$temp[0]\", \"$temp=
[1]\"))";
>=20
> Strictly, this should be checking if the network in question is either
> the GREEN or BLUE network, or if it is a subnet of thereof. This might
> be a not so common use-case, but it would make the check more correct.

I'm sorry, that's beyond my mission. I'm just striving to get my 2.5 year old=
 bug report closed and that's it. I'm actually not even running a single IPFi=
re instance, thus I feel unable to invest time in any feature enhancement.

Regards,
Bernhard

--===============5432406400774186183==--