From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH 2/2] proxy.cgi: fix subnet comparison Date: Sun, 11 Feb 2018 19:51:03 +0000 Message-ID: <1518378663.2498.7.camel@ipfire.org> In-Reply-To: <20180211185122.9243-3-berny156@gmx.de> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2638160503883982613==" List-Id: --===============2638160503883982613== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable I think you should better use &Network::equals() from /var/ipfire/network-functions.pl. This will take care of converting subnet masks to prefix notation and vice-versa. Best, -Michael On Sun, 2018-02-11 at 19:51 +0100, Bernhard Held wrote: > The logic of subnet comparison is broken. E.g. if the blue netmask is > 255.255.255.0, it's impossible to add a VPN subnet with the same netmask. > The proposed patch compares the subnets individually. > --- > html/cgi-bin/proxy.cgi | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) >=20 > diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > index ea3b41126..4993dde86 100644 > --- a/html/cgi-bin/proxy.cgi > +++ b/html/cgi-bin/proxy.cgi > @@ -3066,8 +3066,8 @@ END > @temp =3D split(/\//); > chomp $temp[1]; > if ( > - ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netse= ttings{'GREEN_NETMASK'}) && > - ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netset= tings{'BLUE_NETMASK'}) > + (($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) || ($temp[1] ne $nets= ettings{'GREEN_NETMASK'})) && > + (($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) || ($temp[1] ne $netse= ttings{'BLUE_NETMASK'})) > ) > { > print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1= ]\"))"; --===============2638160503883982613==--